Skip to content

Commit

Permalink
Import OpenSSL 3.4.1
Browse files Browse the repository at this point in the history
  • Loading branch information
@schwabe
schwabe committed Feb 12, 2025
1 parent 0dc00aa commit bd11619
Show file tree
Hide file tree
Showing 129 changed files with 1,319 additions and 772 deletions.
5 changes: 3 additions & 2 deletions apps/asn1parse.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv)
dump = strtol(opt_arg(), NULL, 0);
break;
case OPT_STRPARSE:
sk_OPENSSL_STRING_push(osk, opt_arg());
if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0)
goto end;
break;
case OPT_GENSTR:
genstr = opt_arg();
Expand Down
39 changes: 28 additions & 11 deletions apps/cms.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -505,13 +505,15 @@ int cms_main(int argc, char **argv)
if (rr_from == NULL
&& (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(rr_from, opt_arg());
if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0)
goto end;
break;
case OPT_RR_TO:
if (rr_to == NULL
&& (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(rr_to, opt_arg());
if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0)
goto end;
break;
case OPT_PRINT:
noout = print = 1;
Expand Down Expand Up @@ -588,13 +590,15 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (keyfile == NULL)
keyfile = signerfile;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
keyfile = NULL;
}
signerfile = opt_arg();
Expand All @@ -612,12 +616,14 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
signerfile = NULL;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
}
keyfile = opt_arg();
break;
Expand Down Expand Up @@ -671,7 +677,8 @@ int cms_main(int argc, char **argv)
key_param->next = nparam;
key_param = nparam;
}
sk_OPENSSL_STRING_push(key_param->param, opt_arg());
if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0)
goto end;
break;
case OPT_V_CASES:
if (!opt_verify(o, vpm))
Expand Down Expand Up @@ -758,12 +765,14 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (keyfile == NULL)
keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
}
if (sksigners == NULL) {
BIO_printf(bio_err, "No signer certificate specified\n");
Expand Down Expand Up @@ -1045,8 +1054,15 @@ int cms_main(int argc, char **argv)
pwri_tmp = NULL;
}
if (!(flags & CMS_STREAM)) {
if (!CMS_final(cms, in, NULL, flags))
if (!CMS_final(cms, in, NULL, flags)) {
if (originator != NULL
&& ERR_GET_REASON(ERR_peek_error())
== CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) {
BIO_printf(bio_err, "Cannot use originator for encryption\n");
goto end;
}
goto end;
}
}
} else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
Expand Down Expand Up @@ -1297,6 +1313,7 @@ int cms_main(int argc, char **argv)
X509_free(cert);
X509_free(recip);
X509_free(signer);
X509_free(originator);
EVP_PKEY_free(key);
EVP_CIPHER_free(cipher);
EVP_CIPHER_free(wrap_cipher);
Expand Down
8 changes: 5 additions & 3 deletions apps/engine.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -352,10 +352,12 @@ int engine_main(int argc, char **argv)
test_avail++;
break;
case OPT_PRE:
sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0)
goto end;
break;
case OPT_POST:
sk_OPENSSL_STRING_push(post_cmds, opt_arg());
if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0)
goto end;
break;
}
}
Expand Down
24 changes: 22 additions & 2 deletions apps/lib/s_cb.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,10 +243,10 @@ static const char *get_sigtype(int nid)
return "ECDSA";

case NID_ED25519:
return "Ed25519";
return "ed25519";

case NID_ED448:
return "Ed448";
return "ed448";

case NID_id_GostR3410_2001:
return "gost2001";
Expand Down Expand Up @@ -292,6 +292,26 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared)
SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
if (i)
BIO_puts(out, ":");
switch (rsign | rhash << 8) {
case 0x0809:
BIO_puts(out, "rsa_pss_pss_sha256");
continue;
case 0x080a:
BIO_puts(out, "rsa_pss_pss_sha384");
continue;
case 0x080b:
BIO_puts(out, "rsa_pss_pss_sha512");
continue;
case 0x081a:
BIO_puts(out, "ecdsa_brainpoolP256r1_sha256");
continue;
case 0x081b:
BIO_puts(out, "ecdsa_brainpoolP384r1_sha384");
continue;
case 0x081c:
BIO_puts(out, "ecdsa_brainpoolP512r1_sha512");
continue;
}
sstr = get_sigtype(sign_nid);
if (sstr)
BIO_printf(out, "%s", sstr);
Expand Down
13 changes: 10 additions & 3 deletions apps/lib/s_socket.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -410,6 +410,12 @@ int do_server(int *accept_sock, const char *host, const char *port,
BIO_closesocket(asock);
break;
}

if (naccept != -1)
naccept--;
if (naccept == 0)
BIO_closesocket(asock);

BIO_set_tcp_ndelay(sock, 1);
i = (*cb)(sock, type, protocol, context);

Expand Down Expand Up @@ -440,11 +446,12 @@ int do_server(int *accept_sock, const char *host, const char *port,

BIO_closesocket(sock);
} else {
if (naccept != -1)
naccept--;

i = (*cb)(asock, type, protocol, context);
}

if (naccept != -1)
naccept--;
if (i < 0 || naccept == 0) {
BIO_closesocket(asock);
ret = i;
Expand Down
11 changes: 9 additions & 2 deletions apps/pkcs12.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -328,7 +328,8 @@ int pkcs12_main(int argc, char **argv)
if (canames == NULL
&& (canames = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(canames, opt_arg());
if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0)
goto end;
break;
case OPT_IN:
infile = opt_arg();
Expand Down Expand Up @@ -829,6 +830,12 @@ int pkcs12_main(int argc, char **argv)
const ASN1_OBJECT *macobj;

PKCS12_get0_mac(NULL, &macalgid, NULL, NULL, p12);

if (macalgid == NULL) {
BIO_printf(bio_err, "Warning: MAC is absent!\n");
goto dump;
}

X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);

if (OBJ_obj2nid(macobj) != NID_pbmac1) {
Expand Down
28 changes: 20 additions & 8 deletions apps/pkeyutl.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -65,7 +65,7 @@ const OPTIONS pkeyutl_options[] = {
{"verify", OPT_VERIFY, '-', "Verify with public key"},
{"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
{"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
{"derive", OPT_DERIVE, '-', "Derive shared secret"},
{"derive", OPT_DERIVE, '-', "Derive shared secret from own and peer (EC)DH keys"},
{"decap", OPT_DECAP, '-', "Decapsulate shared secret"},
{"encap", OPT_ENCAP, '-', "Encapsulate shared secret"},
OPT_CONFIG_OPTION,
Expand All @@ -86,10 +86,11 @@ const OPTIONS pkeyutl_options[] = {
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"secret", OPT_SECOUT, '>', "File to store secret on encapsulation"},
{"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
{"asn1parse", OPT_ASN1PARSE, '-',
"parse the output as ASN.1 data to check its DER encoding and print errors"},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
{"verifyrecover", OPT_VERIFYRECOVER, '-',
"Verify with public key, recover original data"},
"Verify RSA signature, recovering original signature input data"},

OPT_SECTION("Signing/Derivation/Encapsulation"),
{"digest", OPT_DIGEST, 's',
Expand Down Expand Up @@ -309,7 +310,11 @@ int pkeyutl_main(int argc, char **argv)
goto opthelp;
} else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) {
BIO_printf(bio_err,
"%s: no peer key given (-peerkey parameter).\n", prog);
"%s: -peerkey option not allowed without -derive.\n", prog);
goto opthelp;
} else if (peerkey == NULL && pkey_op == EVP_PKEY_OP_DERIVE) {
BIO_printf(bio_err,
"%s: missing -peerkey option for -derive operation.\n", prog);
goto opthelp;
}

Expand Down Expand Up @@ -705,9 +710,10 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
ENGINE *e)
{
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
EVP_PKEY *peer = NULL;
ENGINE *engine = NULL;
int ret;
int ret = 1;

if (peerform == FORMAT_ENGINE)
engine = e;
Expand All @@ -716,8 +722,14 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
BIO_printf(bio_err, "Error reading peer key %s\n", file);
return 0;
}

ret = EVP_PKEY_derive_set_peer(ctx, peer) > 0;
if (strcmp(EVP_PKEY_get0_type_name(peer), EVP_PKEY_get0_type_name(pkey)) != 0) {
BIO_printf(bio_err,
"Type of peer public key: %s does not match type of private key: %s\n",
EVP_PKEY_get0_type_name(peer), EVP_PKEY_get0_type_name(pkey));
ret = 0;
} else {
ret = EVP_PKEY_derive_set_peer(ctx, peer) > 0;
}

EVP_PKEY_free(peer);
return ret;
Expand Down
20 changes: 13 additions & 7 deletions apps/smime.c
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -315,13 +315,15 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (keyfile == NULL)
keyfile = signerfile;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
keyfile = NULL;
}
signerfile = opt_arg();
Expand All @@ -346,12 +348,14 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
signerfile = NULL;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
}
keyfile = opt_arg();
break;
Expand Down Expand Up @@ -424,12 +428,14 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (!keyfile)
keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
}
if (sksigners == NULL) {
BIO_printf(bio_err, "No signer certificate specified\n");
Expand Down
Loading

0 comments on commit bd11619

Please sign in to comment.