php-win-ext/openssl
1
0
Fork 0
mirror of https://github.com/php-win-ext/openssl.git synced 2026-03-24 00:52:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update to vanilla OpenSSL 1.1.1t

Browse Source
This commit is contained in:
Christoph M. Becker
2023-02-13 11:16:21 +01:00
parent f8dff2717c
commit 58bea78d5f
47 changed files with 1545 additions and 338 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
CHANGES
View File

@@ -7,11 +7,85 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]

18
Configure
View File

@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -1215,7 +1215,7 @@ $target{build_scheme} = [ $target{build_scheme} ]
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
foreach my $checker (($builder_platform."-".$config{build_file}."-checker.pm",
$builder_platform."-checker.pm")) {
my $checker_path = catfile($srcdir, "Configurations", $checker);
if (-f $checker_path) {
@@ -1712,8 +1712,8 @@ if ($builder eq "unified") {
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
my @build_file_template_names =
( $builder_platform."-".$target{build_file}.".tmpl",
$target{build_file}.".tmpl" );
( $builder_platform."-".$config{build_file}.".tmpl",
$config{build_file}.".tmpl" );
my @build_file_templates = ();
# First, look in the user provided directory, if given
@@ -1937,8 +1937,8 @@ if ($builder eq "unified") {
}
next if @skip && $skip[$#skip] <= 0;
push @rawlines, $_
if ($target_kind eq $target{build_file}
|| $target_kind eq $target{build_file}."(".$builder_platform.")");
if ($target_kind eq $config{build_file}
|| $target_kind eq $config{build_file}."(".$builder_platform.")");
}
},
qr/^\s*(?:#.*)?$/ => sub { },
@@ -2813,8 +2813,8 @@ if ($builder_platform eq 'unix') {
my %builders = (
unified => sub {
print 'Creating ',$target{build_file},"\n";
run_dofile(catfile($blddir, $target{build_file}),
print 'Creating ',$config{build_file},"\n";
run_dofile(catfile($blddir, $config{build_file}),
@{$config{build_file_templates}});
},
);
@@ -2868,7 +2868,7 @@ exit(0);
#
sub death_handler {
die @_ if $^S; # To prevent the added message in eval blocks
my $build_file = $target{build_file} // "build file";
my $build_file = $config{build_file} // "build file";
my @message = ( <<"_____", @_ );
Failure! $build_file wasn't produced.

7
NEWS
View File

@@ -5,6 +5,13 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
o Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215)
o Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450)
o Fixed Timing Oracle in RSA Decryption (CVE-2022-4304)
Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022]
o Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the

2
README
View File

@@ -1,5 +1,5 @@
OpenSSL 1.1.1s 1 Nov 2022
OpenSSL 1.1.1t 7 Feb 2023
Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

6
crypto/asn1/asn_mime.c
View File

@@ -489,6 +489,7 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
char eol;
int len;
char linebuf[MAX_SMLEN];
int ret;
/*
* Buffer output so we don't write one line at a time. This is useful
* when streaming as we don't end up with one OCTET STRING per line.
@@ -523,9 +524,12 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
BIO_write(out, "\r\n", 2);
}
}
(void)BIO_flush(out);
ret = BIO_flush(out);
BIO_pop(out);
BIO_free(bf);
if (ret <= 0)
return 0;
return 1;
}

4
crypto/asn1/bio_asn1.c
View File

@@ -172,7 +172,7 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
case ASN1_STATE_START:
if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER))
return 0;
return -1;
break;
/* Copy any pre data first */
@@ -189,7 +189,7 @@ static int asn1_bio_write(BIO *b, const char *in, int inl)
case ASN1_STATE_HEADER:
ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
if (!ossl_assert(ctx->buflen <= ctx->bufsize))
return 0;
return -1;
p = ctx->buf;
ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class);
ctx->copylen = inl;

41
crypto/asn1/bio_ndef.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -49,12 +49,19 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
void *parg);
/*
* On success, the returned BIO owns the input BIO as part of its BIO chain.
* On failure, NULL is returned and the input BIO is owned by the caller.
*
* Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream()
*/
BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
{
NDEF_SUPPORT *ndef_aux = NULL;
BIO *asn_bio = NULL;
const ASN1_AUX *aux = it->funcs;
ASN1_STREAM_ARG sarg;
BIO *pop_bio = NULL;
if (!aux || !aux->asn1_cb) {
ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
@@ -69,21 +76,39 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
out = BIO_push(asn_bio, out);
if (out == NULL)
goto err;
pop_bio = asn_bio;
BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0
|| BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0
|| BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
goto err;
/*
* Now let callback prepends any digest, cipher etc BIOs ASN1 structure
* needs.
* Now let the callback prepend any digest, cipher, etc., that the BIO's
* ASN1 structure needs.
*/
sarg.out = out;
sarg.ndef_bio = NULL;
sarg.boundary = NULL;
if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
/*
* The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
* middle of some partially built, but not returned BIO chain.
*/
if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) {
/*
* ndef_aux is now owned by asn_bio so we must not free it in the err
* clean up block
*/
ndef_aux = NULL;
goto err;
}
/*
* We must not fail now because the callback has prepended additional
* BIOs to the chain
*/
ndef_aux->val = val;
ndef_aux->it = it;
@@ -91,11 +116,11 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
ndef_aux->boundary = sarg.boundary;
ndef_aux->out = out;
BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
return sarg.ndef_bio;
err:
/* BIO_pop() is NULL safe */
(void)BIO_pop(pop_bio);
BIO_free(asn_bio);
OPENSSL_free(ndef_aux);
return NULL;

22
crypto/bio/b_print.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,6 +13,7 @@
#include "crypto/ctype.h"
#include "internal/numbers.h"
#include <openssl/bio.h>
#include <openssl/opensslconf.h>
/*
* Copyright Patrick Powell 1995
@@ -31,8 +32,10 @@ static int fmtstr(char **, char **, size_t *, size_t *,
const char *, int, int, int);
static int fmtint(char **, char **, size_t *, size_t *,
int64_t, int, int, int, int);
#ifndef OPENSSL_SYS_UEFI
static int fmtfp(char **, char **, size_t *, size_t *,
LDOUBLE, int, int, int, int);
#endif
static int doapr_outch(char **, char **, size_t *, size_t *, int);
static int _dopr(char **sbuffer, char **buffer,
size_t *maxlen, size_t *retlen, int *truncated,
@@ -88,7 +91,9 @@ _dopr(char **sbuffer,
{
char ch;
int64_t value;
#ifndef OPENSSL_SYS_UEFI
LDOUBLE fvalue;
#endif
char *strvalue;
int min;
int max;
@@ -259,6 +264,7 @@ _dopr(char **sbuffer,
min, max, flags))
return 0;
break;
#ifndef OPENSSL_SYS_UEFI
case 'f':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg(args, LDOUBLE);
@@ -292,6 +298,16 @@ _dopr(char **sbuffer,
flags, G_FORMAT))
return 0;
break;
#else
case 'f':
case 'E':
case 'e':
case 'G':
case 'g':
/* not implemented for UEFI */
ERR_raise(ERR_LIB_BIO, ERR_R_UNSUPPORTED);
return 0;
#endif
case 'c':
if (!doapr_outch(sbuffer, buffer, &currlen, maxlen,
va_arg(args, int)))
@@ -512,6 +528,8 @@ fmtint(char **sbuffer,
return 1;
}
#ifndef OPENSSL_SYS_UEFI
static LDOUBLE abs_val(LDOUBLE value)
{
LDOUBLE result = value;
@@ -803,6 +821,8 @@ fmtfp(char **sbuffer,
return 1;
}
#endif /* OPENSSL_SYS_UEFI */
#define BUFFER_INC 1024
static int

16
crypto/bn/bn_blind.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,20 +13,6 @@
#define BN_BLINDING_COUNTER 32
struct bn_blinding_st {
BIGNUM *A;
BIGNUM *Ai;
BIGNUM *e;
BIGNUM *mod; /* just a reference */
CRYPTO_THREAD_ID tid;
int counter;
unsigned long flags;
BN_MONT_CTX *m_ctx;
int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
CRYPTO_RWLOCK *lock;
};
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
{
BN_BLINDING *ret = NULL;

4
crypto/bn/bn_err.c
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -73,6 +73,8 @@ static const ERR_STRING_DATA BN_str_functs[] = {
{ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"},
{ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"},
{ERR_PACK(ERR_LIB_BN, BN_F_OSSL_BN_RSA_DO_UNBLIND, 0),
"ossl_bn_rsa_do_unblind"},
{0, NULL}
};

36
crypto/bn/bn_exp.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -37,6 +37,15 @@ extern unsigned int OPENSSL_sparcv9cap_P[];
/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE 32
/*
* Beyond this limit the constant time code is disabled due to
* the possible overflow in the computation of powerbufLen in
* BN_mod_exp_mont_consttime.
* When this limit is exceeded, the computation will be done using
* non-constant time code, but it will take very long.
*/
#define BN_CONSTTIME_SIZE_LIMIT (INT_MAX / BN_BYTES / 256)
/* this one works - simple but works */
int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
@@ -305,12 +314,6 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
BIGNUM *val[TABLE_SIZE];
BN_MONT_CTX *mont = NULL;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
}
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
@@ -319,6 +322,14 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
return 0;
}
if (m->top <= BN_CONSTTIME_SIZE_LIMIT
&& (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0)) {
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
@@ -618,6 +629,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
top = m->top;
if (top > BN_CONSTTIME_SIZE_LIMIT) {
/* Prevent overflowing the powerbufLen computation below */
return BN_mod_exp_mont(rr, a, p, m, ctx, in_mont);
}
/*
* Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak
* whether the top bits are zero.
@@ -697,7 +713,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
else
#endif
#if defined(OPENSSL_BN_ASM_MONT5)
if (window >= 5) {
if (window >= 5 && top <= BN_SOFT_LIMIT) {
window = 5; /* ~5% improvement for RSA2048 sign, and even
* for RSA4096 */
/* reserve space for mont->N.d[] copy */
@@ -758,6 +774,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
goto err;
if (top > BN_SOFT_LIMIT)
goto fallback;
#if defined(SPARC_T4_MONT)
if (t4) {
typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np,
@@ -1029,6 +1048,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
} else
#endif
{
fallback:
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))

36
crypto/bn/bn_local.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -35,6 +35,26 @@
/* #define BN_DEBUG */
/* #define BN_DEBUG_RAND */
/*
* This should limit the stack usage due to alloca to about 4K.
* BN_SOFT_LIMIT is a soft limit equivalent to 2*OPENSSL_RSA_MAX_MODULUS_BITS.
* Beyond that size bn_mul_mont is no longer used, and the constant time
* assembler code is disabled, due to the blatant alloca and bn_mul_mont usage.
* Note that bn_mul_mont does an alloca that is hidden away in assembly.
* It is not recommended to do computations with numbers exceeding this limit,
* since the result will be highly version dependent:
* While the current OpenSSL version will use non-optimized, but safe code,
* previous versions will use optimized code, that may crash due to unexpected
* stack overflow, and future versions may very well turn this into a hard
* limit.
* Note however, that it is possible to override the size limit using
* "./config -DBN_SOFT_LIMIT=<limit>" if necessary, and the O/S specific
* stack limit is known and taken into consideration.
*/
# ifndef BN_SOFT_LIMIT
# define BN_SOFT_LIMIT (4096 / BN_BYTES)
# endif
# ifndef OPENSSL_SMALL_FOOTPRINT
# define BN_MUL_COMBA
# define BN_SQR_COMBA
@@ -263,6 +283,20 @@ struct bn_gencb_st {
} cb;
};
struct bn_blinding_st {
BIGNUM *A;
BIGNUM *Ai;
BIGNUM *e;
BIGNUM *mod; /* just a reference */
CRYPTO_THREAD_ID tid;
int counter;
unsigned long flags;
BN_MONT_CTX *m_ctx;
int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
CRYPTO_RWLOCK *lock;
};
/*-
* BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
*

4
crypto/bn/bn_mont.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -42,7 +42,7 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
int num = mont->N.top;
#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
if (num > 1 && a->top == num && b->top == num) {
if (num > 1 && num <= BN_SOFT_LIMIT && a->top == num && b->top == num) {
if (bn_wexpand(r, num) == NULL)
return 0;
if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {

3
crypto/bn/build.info
View File

@@ -5,7 +5,8 @@ SOURCE[../../libcrypto]=\
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c \
{- $target{bn_asm_src} -} \
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c \
rsa_sup_mul.c
INCLUDE[bn_exp.o]=..

614
crypto/bn/rsa_sup_mul.c Normal file
View File

@@ -0,0 +1,614 @@
#include <openssl/e_os2.h>
#include <stddef.h>
#include <sys/types.h>
#include <string.h>
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsaerr.h>
#include "internal/numbers.h"
#include "internal/constant_time.h"
#include "bn_local.h"
# if BN_BYTES == 8
typedef uint64_t limb_t;
# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16
/* nonstandard; implemented by gcc on 64-bit platforms */
typedef __uint128_t limb2_t;
# define HAVE_LIMB2_T
# endif
# define LIMB_BIT_SIZE 64
# define LIMB_BYTE_SIZE 8
# elif BN_BYTES == 4
typedef uint32_t limb_t;
typedef uint64_t limb2_t;
# define LIMB_BIT_SIZE 32
# define LIMB_BYTE_SIZE 4
# define HAVE_LIMB2_T
# else
# error "Not supported"
# endif
/*
* For multiplication we're using schoolbook multiplication,
* so if we have two numbers, each with 6 "digits" (words)
* the multiplication is calculated as follows:
* A B C D E F
* x I J K L M N
* --------------
* N*F
* N*E
* N*D
* N*C
* N*B
* N*A
* M*F
* M*E
* M*D
* M*C
* M*B
* M*A
* L*F
* L*E
* L*D
* L*C
* L*B
* L*A
* K*F
* K*E
* K*D
* K*C
* K*B
* K*A
* J*F
* J*E
* J*D
* J*C
* J*B
* J*A
* I*F
* I*E
* I*D
* I*C
* I*B
* + I*A
* ==========================
* N*B N*D N*F
* + N*A N*C N*E
* + M*B M*D M*F
* + M*A M*C M*E
* + L*B L*D L*F
* + L*A L*C L*E
* + K*B K*D K*F
* + K*A K*C K*E
* + J*B J*D J*F
* + J*A J*C J*E
* + I*B I*D I*F
* + I*A I*C I*E
*
* 1+1 1+3 1+5
* 1+0 1+2 1+4
* 0+1 0+3 0+5
* 0+0 0+2 0+4
*
* 0 1 2 3 4 5 6
* which requires n^2 multiplications and 2n full length additions
* as we can keep every other result of limb multiplication in two separate
* limbs
*/
#if defined HAVE_LIMB2_T
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
{
limb2_t t;
/*
* this is idiomatic code to tell compiler to use the native mul
* those three lines will actually compile to single instruction
*/
t = (limb2_t)a * b;
*hi = t >> LIMB_BIT_SIZE;
*lo = (limb_t)t;
}
#elif (BN_BYTES == 8) && (defined _MSC_VER)
/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */
#pragma intrinsic(_umul128)
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
{
*lo = _umul128(a, b, hi);
}
#else
/*
* if the compiler doesn't have either a 128bit data type nor a "return
* high 64 bits of multiplication"
*/
static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b)
{
limb_t a_low = (limb_t)(uint32_t)a;
limb_t a_hi = a >> 32;
limb_t b_low = (limb_t)(uint32_t)b;
limb_t b_hi = b >> 32;
limb_t p0 = a_low * b_low;
limb_t p1 = a_low * b_hi;
limb_t p2 = a_hi * b_low;
limb_t p3 = a_hi * b_hi;
uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32);
*lo = p0 + (p1 << 32) + (p2 << 32);
*hi = p3 + (p1 >> 32) + (p2 >> 32) + cy;
}
#endif
/* add two limbs with carry in, return carry out */
static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry)
{
limb_t carry1, carry2, t;
/*
* `c = a + b; if (c < a)` is idiomatic code that makes compilers
* use add with carry on assembly level
*/
*ret = a + carry;
if (*ret < a)
carry1 = 1;
else
carry1 = 0;
t = *ret;
*ret = t + b;
if (*ret < t)
carry2 = 1;
else
carry2 = 0;
return carry1 + carry2;
}
/*
* add two numbers of the same size, return overflow
*
* add a to b, place result in ret; all arrays need to be n limbs long
* return overflow from addition (0 or 1)
*/
static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n)
{
limb_t c = 0;
ossl_ssize_t i;
for(i = n - 1; i > -1; i--)
c = _add_limb(&ret[i], a[i], b[i], c);
return c;
}
/*
* return number of limbs necessary for temporary values
* when multiplying numbers n limbs large
*/
static ossl_inline size_t mul_limb_numb(size_t n)
{
return 2 * n * 2;
}
/*
* multiply two numbers of the same size
*
* multiply a by b, place result in ret; a and b need to be n limbs long
* ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs
* long
*/
static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp)
{
limb_t *r_odd, *r_even;
size_t i, j, k;
r_odd = tmp;
r_even = &tmp[2 * n];
memset(ret, 0, 2 * n * sizeof(limb_t));
for (i = 0; i < n; i++) {
for (k = 0; k < i + n + 1; k++) {
r_even[k] = 0;
r_odd[k] = 0;
}
for (j = 0; j < n; j++) {
/*
* place results from even and odd limbs in separate arrays so that
* we don't have to calculate overflow every time we get individual
* limb multiplication result
*/
if (j % 2 == 0)
_mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]);
else
_mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]);
}
/*
* skip the least significant limbs when adding multiples of
* more significant limbs (they're zero anyway)
*/
add(ret, ret, r_even, n + i + 1);
add(ret, ret, r_odd, n + i + 1);
}
}
/* modifies the value in place by performing a right shift by one bit */
static ossl_inline void rshift1(limb_t *val, size_t n)
{
limb_t shift_in = 0, shift_out = 0;
size_t i;
for (i = 0; i < n; i++) {
shift_out = val[i] & 1;
val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1);
shift_in = shift_out;
}
}
/* extend the LSB of flag to all bits of limb */
static ossl_inline limb_t mk_mask(limb_t flag)
{
flag |= flag << 1;
flag |= flag << 2;
flag |= flag << 4;
flag |= flag << 8;
flag |= flag << 16;
#if (LIMB_BYTE_SIZE == 8)
flag |= flag << 32;
#endif
return flag;
}
/*
* copy from either a or b to ret based on flag
* when flag == 0, then copies from b
* when flag == 1, then copies from a
*/
static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n)
{
/*
* would be more efficient with non volatile mask, but then gcc
* generates code with jumps
*/
volatile limb_t mask;
size_t i;
mask = mk_mask(flag);
for (i = 0; i < n; i++) {
#if (LIMB_BYTE_SIZE == 8)
ret[i] = constant_time_select_64(mask, a[i], b[i]);
#else
ret[i] = constant_time_select_32(mask, a[i], b[i]);
#endif
}
}
static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow)
{
limb_t borrow1, borrow2, t;
/*
* while it doesn't look constant-time, this is idiomatic code
* to tell compilers to use the carry bit from subtraction
*/
*ret = a - borrow;
if (*ret > a)
borrow1 = 1;
else
borrow1 = 0;
t = *ret;
*ret = t - b;
if (*ret > t)
borrow2 = 1;
else
borrow2 = 0;
return borrow1 + borrow2;
}
/*
* place the result of a - b into ret, return the borrow bit.
* All arrays need to be n limbs long
*/
static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n)
{
limb_t borrow = 0;
ossl_ssize_t i;
for (i = n - 1; i > -1; i--)
borrow = _sub_limb(&ret[i], a[i], b[i], borrow);
return borrow;
}
/* return the number of limbs necessary to allocate for the mod() tmp operand */
static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum)
{
return (anum + modnum) * 3;
}
/*
* calculate a % mod, place the result in ret
* size of a is defined by anum, size of ret and mod is modnum,
* size of tmp is returned by mod_limb_numb()
*/
static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
size_t modnum, limb_t *tmp)
{
limb_t *atmp, *modtmp, *rettmp;
limb_t res;
size_t i;
memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE);
atmp = tmp;
modtmp = &tmp[anum + modnum];
rettmp = &tmp[(anum + modnum) * 2];
for (i = modnum; i <modnum + anum; i++)
atmp[i] = a[i-modnum];
for (i = 0; i < modnum; i++)
modtmp[i] = mod[i];
for (i = 0; i < anum * LIMB_BIT_SIZE; i++) {
rshift1(modtmp, anum + modnum);
res = sub(rettmp, atmp, modtmp, anum+modnum);
cselect(res, atmp, atmp, rettmp, anum+modnum);
}
memcpy(ret, &atmp[anum], sizeof(limb_t) * modnum);
}
/* necessary size of tmp for a _mul_add_limb() call with provided anum */
static ossl_inline size_t _mul_add_limb_numb(size_t anum)
{
return 2 * (anum + 1);
}
/* multiply a by m, add to ret, return carry */
static limb_t _mul_add_limb(limb_t *ret, limb_t *a, size_t anum,
limb_t m, limb_t *tmp)
{
limb_t carry = 0;
limb_t *r_odd, *r_even;
size_t i;
memset(tmp, 0, sizeof(limb_t) * (anum + 1) * 2);
r_odd = tmp;
r_even = &tmp[anum + 1];
for (i = 0; i < anum; i++) {
/*
* place the results from even and odd limbs in separate arrays
* so that we have to worry about carry just once
*/
if (i % 2 == 0)
_mul_limb(&r_even[i], &r_even[i + 1], a[i], m);
else
_mul_limb(&r_odd[i], &r_odd[i + 1], a[i], m);
}
/* assert: add() carry here will be equal zero */
add(r_even, r_even, r_odd, anum + 1);
/*
* while here it will not overflow as the max value from multiplication
* is -2 while max overflow from addition is 1, so the max value of
* carry is -1 (i.e. max int)
*/
carry = add(ret, ret, &r_even[1], anum) + r_even[0];
return carry;
}
static ossl_inline size_t mod_montgomery_limb_numb(size_t modnum)
{
return modnum * 2 + _mul_add_limb_numb(modnum);
}
/*
* calculate a % mod, place result in ret
* assumes that a is in Montgomery form with the R (Montgomery modulus) being
* smallest power of two big enough to fit mod and that's also a power
* of the count of number of bits in limb_t (B).
* For calculation, we also need n', such that mod * n' == -1 mod B.
* anum must be <= 2 * modnum
* ret needs to be modnum words long
* tmp needs to be mod_montgomery_limb_numb(modnum) limbs long
*/
static void mod_montgomery(limb_t *ret, limb_t *a, size_t anum, limb_t *mod,
size_t modnum, limb_t ni0, limb_t *tmp)
{
limb_t carry, v;
limb_t *res, *rp, *tmp2;
ossl_ssize_t i;
res = tmp;
/*
* for intermediate result we need an integer twice as long as modulus
* but keep the input in the least significant limbs
*/
memset(res, 0, sizeof(limb_t) * (modnum * 2));
memcpy(&res[modnum * 2 - anum], a, sizeof(limb_t) * anum);
rp = &res[modnum];
tmp2 = &res[modnum * 2];
carry = 0;
/* add multiples of the modulus to the value until R divides it cleanly */
for (i = modnum; i > 0; i--, rp--) {
v = _mul_add_limb(rp, mod, modnum, rp[modnum - 1] * ni0, tmp2);
v = v + carry + rp[-1];
carry |= (v != rp[-1]);
carry &= (v <= rp[-1]);
rp[-1] = v;
}
/* perform the final reduction by mod... */
carry -= sub(ret, rp, mod, modnum);
/* ...conditionally */
cselect(carry, ret, rp, ret, modnum);
}
/* allocated buffer should be freed afterwards */
static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs)
{
int i;
int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
limb_t *ptr = buf + (limbs - real_limbs);
for (i = 0; i < real_limbs; i++)
ptr[i] = bn->d[real_limbs - i - 1];
}
#if LIMB_BYTE_SIZE == 8
static ossl_inline uint64_t be64(uint64_t host)
{
const union {
long one;
char little;
} is_endian = { 1 };
if (is_endian.little) {
uint64_t big = 0;
big |= (host & 0xff00000000000000) >> 56;
big |= (host & 0x00ff000000000000) >> 40;
big |= (host & 0x0000ff0000000000) >> 24;
big |= (host & 0x000000ff00000000) >> 8;
big |= (host & 0x00000000ff000000) << 8;
big |= (host & 0x0000000000ff0000) << 24;
big |= (host & 0x000000000000ff00) << 40;
big |= (host & 0x00000000000000ff) << 56;
return big;
} else {
return host;
}
}
#else
/* Not all platforms have htobe32(). */
static ossl_inline uint32_t be32(uint32_t host)
{
const union {
long one;
char little;
} is_endian = { 1 };
if (is_endian.little) {
uint32_t big = 0;
big |= (host & 0xff000000) >> 24;
big |= (host & 0x00ff0000) >> 8;
big |= (host & 0x0000ff00) << 8;
big |= (host & 0x000000ff) << 24;
return big;
} else {
return host;
}
}
#endif
/*
* We assume that intermediate, possible_arg2, blinding, and ctx are used
* similar to BN_BLINDING_invert_ex() arguments.
* to_mod is RSA modulus.
* buf and num is the serialization buffer and its length.
*
* Here we use classic/Montgomery multiplication and modulo. After the calculation finished
* we serialize the new structure instead of BIGNUMs taking endianness into account.
*/
int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
const BN_BLINDING *blinding,
const BIGNUM *possible_arg2,
const BIGNUM *to_mod, BN_CTX *ctx,
unsigned char *buf, int num)
{
limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL;
limb_t *l_ret = NULL, *l_tmp = NULL, l_buf;
size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0;
size_t l_tmp_count = 0;
int ret = 0;
size_t i;
unsigned char *tmp;
const BIGNUM *arg1 = intermediate;
const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2;
l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE;
l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count;
l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE);
l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE);
if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL))
goto err;
BN_to_limb(arg1, l_im, l_size);
BN_to_limb(arg2, l_mul, l_size);
BN_to_limb(to_mod, l_mod, l_mod_count);
l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE);
if (blinding->m_ctx != NULL) {
l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ?
mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count);
l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
} else {
l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ?
mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count);
l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE);
}
if ((l_ret == NULL) || (l_tmp == NULL))
goto err;
if (blinding->m_ctx != NULL) {
limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count,
blinding->m_ctx->n0[0], l_tmp);
} else {
limb_mul(l_ret, l_im, l_mul, l_size, l_tmp);
mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp);
}
/* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */
if (num < BN_num_bytes(to_mod)) {
BNerr(BN_F_OSSL_BN_RSA_DO_UNBLIND, ERR_R_PASSED_INVALID_ARGUMENT);
goto err;
}
memset(buf, 0, num);
tmp = buf + num - BN_num_bytes(to_mod);
for (i = 0; i < l_mod_count; i++) {
#if LIMB_BYTE_SIZE == 8
l_buf = be64(l_ret[i]);
#else
l_buf = be32(l_ret[i]);
#endif
if (i == 0) {
int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num);
memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta);
tmp += delta;
} else {
memcpy(tmp, &l_buf, LIMB_BYTE_SIZE);
tmp += LIMB_BYTE_SIZE;
}
}
ret = num;
err:
OPENSSL_free(l_im);
OPENSSL_free(l_mul);
OPENSSL_free(l_mod);
OPENSSL_free(l_tmp);
OPENSSL_free(l_ret);
return ret;
}

5
crypto/cms/cms_enc.c
View File

@@ -68,7 +68,12 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
if (enc) {
int ivlen;
calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
if (calg->algorithm == NULL) {
CMSerr(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
goto err;
}
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {

2
crypto/cms/cms_err.c
View File

@@ -264,6 +264,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
"unsupported compression algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM),
"unsupported content encryption algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE),
"unsupported content type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM),

5
crypto/err/openssl.txt
View File

@@ -1,4 +1,4 @@
# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -232,6 +232,7 @@ BN_F_BN_RSHIFT:146:BN_rshift
BN_F_BN_SET_WORDS:144:bn_set_words
BN_F_BN_STACK_PUSH:148:BN_STACK_push
BN_F_BN_USUB:115:BN_usub
BN_F_OSSL_BN_RSA_DO_UNBLIND:151:ossl_bn_rsa_do_unblind
BUF_F_BUF_MEM_GROW:100:BUF_MEM_grow
BUF_F_BUF_MEM_GROW_CLEAN:105:BUF_MEM_grow_clean
BUF_F_BUF_MEM_NEW:101:BUF_MEM_new
@@ -2023,6 +2024,8 @@ CMS_R_UNKNOWN_CIPHER:148:unknown cipher
CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm
CMS_R_UNKNOWN_ID:150:unknown id
CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm
CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM:194:\
unsupported content encryption algorithm
CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type
CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm
CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\

9
crypto/evp/bio_enc.c
View File

@@ -299,6 +299,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
int i;
EVP_CIPHER_CTX **c_ctx;
BIO *next;
int pend;
ctx = BIO_get_data(b);
next = BIO_next(b);
@@ -334,8 +335,14 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
/* do a final write */
again:
while (ctx->buf_len != ctx->buf_off) {
pend = ctx->buf_len - ctx->buf_off;
i = enc_write(b, NULL, 0);
if (i < 0)
/*
* i should never be > 0 here because we didn't ask to write any
* new data. We stop if we get an error or we failed to make any
* progress writing pending data.
*/
if (i < 0 || (ctx->buf_len - ctx->buf_off) == pend)
return i;
}

8
crypto/pem/pem_lib.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -791,7 +791,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
{
BIO *tmp = *header;
char *linebuf, *p;
int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
int len, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
/* 0 if not seen (yet), 1 if reading header, 2 if finished header */
enum header_status got_header = MAYBE_HEADER;
unsigned int flags_mask;
@@ -805,7 +805,7 @@ static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
return 0;
}
for (line = 0; ; line++) {
for (;;) {
flags_mask = ~0u;
len = BIO_gets(bp, linebuf, LINESIZE);
if (len <= 0) {
@@ -957,7 +957,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
*data = pem_malloc(len, flags);
if (*header == NULL || *data == NULL) {
pem_free(*header, flags, 0);
*header = NULL;
pem_free(*data, flags, 0);
*data = NULL;
goto end;
}
BIO_read(headerB, *header, headerlen);

1
crypto/rsa/rsa_ameth.c
View File

@@ -172,6 +172,7 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
strtype, str, rk, rklen)) {
RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(str);
OPENSSL_clear_free(rk, rklen);
return 0;
}

19
crypto/rsa/rsa_ossl.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -465,11 +465,20 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
BN_free(d);
}
if (blinding)
if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
if (blinding) {
/*
* ossl_bn_rsa_do_unblind() combines blinding inversion and
* 0-padded BN BE serialization
*/
j = ossl_bn_rsa_do_unblind(ret, blinding, unblind, rsa->n, ctx,
buf, num);
if (j == 0)
goto err;
j = BN_bn2binpad(ret, buf, num);
} else {
j = BN_bn2binpad(ret, buf, num);
if (j < 0)
goto err;
}
switch (padding) {
case RSA_PKCS1_PADDING:

4
crypto/txt_db/txt_db.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -21,7 +21,6 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
{
TXT_DB *ret = NULL;
int esc = 0;
long ln = 0;
int i, add, n;
int size = BUFSIZE;
int offset = 0;
@@ -61,7 +60,6 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
}
buf->data[offset] = '\0';
BIO_gets(in, &(buf->data[offset]), size - offset);
ln++;
if (buf->data[offset] == '\0')
break;
if ((offset == 0) && (buf->data[0] == '#'))

18
crypto/x509/by_dir.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -332,9 +332,13 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
X509_STORE_unlock(xl->store_ctx);
/* If a CRL, update the last file suffix added for this */
if (type == X509_LU_CRL) {
/*
* If a CRL, update the last file suffix added for this.
* We don't need to add an entry if k is 0 as this is the initial value.
* This avoids the need for a write lock and sort operation in the
* simple case where no CRL is present for a hash.
*/
if (type == X509_LU_CRL && k > 0) {
CRYPTO_THREAD_write_lock(ctx->lock);
/*
* Look for entry again in case another thread added an entry
@@ -362,6 +366,12 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
ok = 0;
goto finish;
}
/*
* Ensure stack is sorted so that subsequent sk_BY_DIR_HASH_find
* will not mutate the stack and therefore require a write lock.
*/
sk_BY_DIR_HASH_sort(ent->hashes);
} else if (hent->suffix < k) {
hent->suffix = k;
}

8
crypto/x509/x_name.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -493,9 +493,7 @@ int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
{
char *s, *c, *b;
int l, i;
l = 80 - 2 - obase;
int i;
b = X509_NAME_oneline(name, NULL, 0);
if (!b)
@@ -521,12 +519,10 @@ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
if (BIO_write(bp, ", ", 2) != 2)
goto err;
}
l--;
}
if (*s == '\0')
break;
s++;
l--;
}
OPENSSL_free(b);

4
crypto/x509v3/v3_genn.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
return -1;
switch (a->type) {
case GEN_X400:
result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
break;
case GEN_EDIPARTY:

4
engines/asm/e_padlock-x86.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -116,6 +116,8 @@ $chunk="ebx";
&function_begin_B("padlock_key_bswap");
&mov ("edx",&wparam(0));
&mov ("ecx",&DWP(240,"edx"));
&inc ("ecx");
&shl ("ecx",2);
&set_label("bswap_loop");
&mov ("eax",&DWP(0,"edx"));
&bswap ("eax");

4
engines/asm/e_padlock-x86_64.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -92,6 +92,8 @@ padlock_capability:
.align 16
padlock_key_bswap:
mov 240($arg1),%edx
inc %edx
shl \$2,%edx
.Lbswap_loop:
mov ($arg1),%eax
bswap %eax

7
include/crypto/bn.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -86,5 +86,10 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
const BIGNUM *d, BN_CTX *ctx);
int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate,
const BN_BLINDING *blinding,
const BIGNUM *possible_arg2,
const BIGNUM *to_mod, BN_CTX *ctx,
unsigned char *buf, int num);
#endif

3
include/openssl/bnerr.h
View File

@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -72,6 +72,7 @@ int ERR_load_BN_strings(void);
# define BN_F_BN_SET_WORDS 144
# define BN_F_BN_STACK_PUSH 148
# define BN_F_BN_USUB 115
# define BN_F_OSSL_BN_RSA_DO_UNBLIND 151
/*
* BN reason codes.

1
include/openssl/cmserr.h
View File

@@ -187,6 +187,7 @@ int ERR_load_CMS_strings(void);
# define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149
# define CMS_R_UNKNOWN_ID 150
# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
# define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM 194
# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179

4
include/openssl/opensslv.h
View File

@@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x1010113fL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1s 1 Nov 2022"
# define OPENSSL_VERSION_NUMBER 0x1010114fL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)

4
include/openssl/x509v3.h
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -136,7 +136,7 @@ typedef struct GENERAL_NAME_st {
OTHERNAME *otherName; /* otherName */
ASN1_IA5STRING *rfc822Name;
ASN1_IA5STRING *dNSName;
ASN1_TYPE *x400Address;
ASN1_STRING *x400Address;
X509_NAME *directoryName;
EDIPARTYNAME *ediPartyName;
ASN1_IA5STRING *uniformResourceIdentifier;

17
ssl/record/rec_layer_s3.c
View File

@@ -16,6 +16,7 @@
#include <openssl/rand.h>
#include "record_local.h"
#include "../packet_local.h"
#include "internal/cryptlib.h"
#if defined(OPENSSL_SMALL_FOOTPRINT) || \
!( defined(AESNI_ASM) && ( \
@@ -983,11 +984,14 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
}
/*
* Reserve some bytes for any growth that may occur during encryption.
* This will be at most one cipher block or the tag length if using
* AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case.
*/
if (!WPACKET_reserve_bytes(thispkt, SSL_RT_MAX_CIPHER_BLOCK_SIZE,
* Reserve some bytes for any growth that may occur during encryption. If
* we are adding the MAC independently of the cipher algorithm, then the
* max encrypted overhead does not need to include an allocation for that
* MAC
*/
if (!WPACKET_reserve_bytes(thispkt,
SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
- mac_size,
NULL)
/*
* We also need next the amount of bytes written to this
@@ -1037,6 +1041,9 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
/* Allocate bytes for the encryption overhead */
if (!WPACKET_get_length(thispkt, &origlen)
/* Check we allowed enough room for the encryption growth */
|| !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
- mac_size >= thiswr->length)
/* Encryption should never shrink the data! */
|| origlen > thiswr->length
|| (thiswr->length > origlen

9
ssl/record/ssl3_buffer.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -97,11 +97,16 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
#endif
len = ssl_get_max_send_fragment(s)
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align
+ SSL_RT_MAX_CIPHER_BLOCK_SIZE /* Explicit IV allowance */;
#ifndef OPENSSL_NO_COMP
if (ssl_allow_compression(s))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
/*
* We don't need to add an allowance for eivlen here since empty
* fragments only occur when we don't have an explicit IV
*/
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
}

43
test/certs/ee-ed25519.pem
View File

@@ -1,9 +1,38 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6197312946105598768 (0x5601474a2a8dc330)
Signature Algorithm: ED25519
Issuer: CN = IETF Test Demo
Validity
Not Before: Aug 1 12:19:24 2016 GMT
Not After : Nov 11 16:34:03 2121 GMT
Subject: CN = IETF Test Demo
Subject Public Key Info:
Public Key Algorithm: X25519
X25519 Public-Key:
pub:
85:20:f0:09:89:30:a7:54:74:8b:7d:dc:b4:3e:f7:
5a:0d:bf:3a:0d:26:38:1a:f4:eb:a4:a9:8e:aa:9b:
4e:6a
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Key Agreement
X509v3 Subject Key Identifier:
9B:1F:5E:ED:ED:04:33:85:E4:F7:BC:62:3C:59:75:B9:0B:C8:BB:3B
Signature Algorithm: ED25519
72:b4:22:9c:d5:7b:85:10:ff:7c:28:59:e5:bb:1e:e8:b6:5f:
74:39:94:dd:2f:8a:3d:6c:f3:23:28:d1:5e:3c:d1:56:e7:0a:
ea:99:ff:62:5c:48:0f:1c:24:24:35:98:1a:bb:ae:96:b9:93:
b3:cb:8e:45:e3:c0:ef:2e:5c:07
-----BEGIN CERTIFICATE-----
MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX
N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD
DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj
ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg
BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v
/BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg
w1AH9efZBw==
MIIBLjCB4aADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBU
ZXN0IERlbW8wIBcNMTYwODAxMTIxOTI0WhgPMjEyMTExMTExNjM0MDNaMBkxFzAV
BgNVBAMMDklFVEYgVGVzdCBEZW1vMCowBQYDK2VuAyEAhSDwCYkwp1R0i33ctD73
Wg2/Og0mOBr066SpjqqbTmqjRTBDMA8GA1UdEwEB/wQFMAMBAQAwDgYDVR0PAQEA
BAQDAgMIMCAGA1UdDgEBAAQWBBSbH17t7QQzheT3vGI8WXW5C8i7OzAFBgMrZXAD
QQBytCKc1XuFEP98KFnlux7otl90OZTdL4o9bPMjKNFePNFW5wrqmf9iXEgPHCQk
NZgau66WuZOzy45F48DvLlwH
-----END CERTIFICATE-----

45
test/certs/root-ed25519.pem
View File

@@ -1,9 +1,40 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
84:f1:08:3d:1c:e3:2d:95
Signature Algorithm: ED25519
Issuer: CN = IETF Test Demo
Validity
Not Before: Apr 19 21:36:39 2017 GMT
Not After : Nov 11 15:37:05 2122 GMT
Subject: CN = IETF Test Demo
Subject Public Key Info:
Public Key Algorithm: ED25519
ED25519 Public-Key:
pub:
19:bf:44:09:69:84:cd:fe:85:41:ba:c1:67:dc:3b:
96:c8:50:86:aa:30:b6:b6:cb:0c:5c:38:ad:70:31:
66:e1
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:8C:C1:F8:6E:59:60:D3:E0:3A:E7:5C:96:2C:97:A8:D4:48:29:3C
X509v3 Authority Key Identifier:
keyid:A2:8C:C1:F8:6E:59:60:D3:E0:3A:E7:5C:96:2C:97:A8:D4:48:29:3C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: ED25519
08:f9:fc:49:37:0c:03:64:ed:90:70:89:eb:f1:69:ca:75:3b:
71:15:8f:eb:80:45:00:db:88:9b:66:46:9c:a4:e1:50:c5:59:
43:98:66:37:6d:b7:59:51:5d:b4:9d:1d:89:25:b4:f6:87:43:
b7:d3:3b:85:b9:8e:e1:a8:46:04
-----BEGIN CERTIFICATE-----
MIIBODCB66ADAgECAgkAhPEIPRzjLZUwBQYDK2VwMBkxFzAVBgNVBAMMDklFVEYg
VGVzdCBEZW1vMB4XDTE3MDQxOTIxMzYzOVoXDTQxMDIxMjIxMzYzOVowGTEXMBUG
A1UEAwwOSUVURiBUZXN0IERlbW8wKjAFBgMrZXADIQAZv0QJaYTN/oVBusFn3DuW
yFCGqjC2tssMXDitcDFm4aNQME4wHQYDVR0OBBYEFKKMwfhuWWDT4DrnXJYsl6jU
SCk8MB8GA1UdIwQYMBaAFKKMwfhuWWDT4DrnXJYsl6jUSCk8MAwGA1UdEwQFMAMB
Af8wBQYDK2VwA0EAa6iEoQZBWB1MhCzASv5HuFM7fR5Nz2/KM7GxYjQWsfvK2Ds1
jaPSG7Lx4uywIndMafp5CoPoFr6yLBkt+NZLAg==
MIIBOjCB7aADAgECAgkAhPEIPRzjLZUwBQYDK2VwMBkxFzAVBgNVBAMMDklFVEYg
VGVzdCBEZW1vMCAXDTE3MDQxOTIxMzYzOVoYDzIxMjIxMTExMTUzNzA1WjAZMRcw
FQYDVQQDDA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlcAMhABm/RAlphM3+hUG6wWfc
O5bIUIaqMLa2ywxcOK1wMWbho1AwTjAdBgNVHQ4EFgQUoozB+G5ZYNPgOudcliyX
qNRIKTwwHwYDVR0jBBgwFoAUoozB+G5ZYNPgOudcliyXqNRIKTwwDAYDVR0TBAUw
AwEB/zAFBgMrZXADQQAI+fxJNwwDZO2QcInr8WnKdTtxFY/rgEUA24ibZkacpOFQ
xVlDmGY3bbdZUV20nR2JJbT2h0O30zuFuY7hqEYE
-----END CERTIFICATE-----

94
test/certs/rootCA.pem
View File

@@ -1,21 +1,79 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
88:43:29:cb:c2:eb:15:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootCA
Validity
Not Before: Jul 2 13:15:11 2015 GMT
Not After : Jul 2 17:50:05 2122 GMT
Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootCA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:f1:6b:77:88:ac:35:df:fb:73:53:2f:92:80:
2f:74:16:32:4d:f5:10:20:6f:6c:3a:8e:d1:dc:6b:
e1:2e:3e:c3:04:0f:bf:9b:c4:c9:12:d1:e4:0b:45:
97:e5:06:cd:66:3a:e1:e0:e2:2b:df:a2:c4:ec:7b:
d3:3d:3c:8a:ff:5e:74:a0:ab:a7:03:6a:16:5b:5e:
92:c4:7e:5b:79:8a:69:d4:bc:83:5e:ae:42:92:74:
a5:2b:e7:00:c1:a9:dc:d5:b1:53:07:0f:73:f7:8e:
ad:14:3e:25:9e:e5:1e:e6:cc:91:cd:95:0c:80:44:
20:c3:fd:17:cf:91:3d:63:10:1c:14:5b:fb:c3:a8:
c1:88:b2:77:ff:9c:db:fc:6a:44:44:44:f7:85:ec:
08:2c:d4:df:81:a3:79:c9:fe:1e:9b:93:16:53:b7:
97:ab:be:4f:1a:a5:e2:fa:46:05:e4:0d:9c:2a:a4:
cc:b9:1e:21:a0:6c:c4:ab:59:b0:40:39:bb:f9:88:
ad:fd:df:8d:b4:0b:af:7e:41:e0:21:3c:c8:33:45:
49:84:2f:93:06:ee:fd:4f:ed:4f:f3:bc:9b:de:fc:
25:5e:55:d5:75:d4:c5:7b:3a:40:35:06:9f:c4:84:
b4:6c:93:0c:af:37:5a:af:b6:41:4d:26:23:1c:b8:
02:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
85:56:89:35:E2:9F:00:1A:E1:86:03:0B:4B:AF:76:12:6B:33:6D:FD
X509v3 Authority Key Identifier:
keyid:85:56:89:35:E2:9F:00:1A:E1:86:03:0B:4B:AF:76:12:6B:33:6D:FD
Signature Algorithm: sha256WithRSAEncryption
b9:5c:c3:39:31:e9:c1:63:f9:f1:29:2c:c6:84:80:ed:33:e5:
72:3c:2c:e8:93:1f:07:03:65:cd:bb:04:ed:10:29:00:5f:ea:
91:08:19:df:10:88:e9:00:5c:2e:eb:b5:af:98:70:c8:c4:8b:
53:c4:26:c5:a1:d8:46:b9:9f:7d:48:e0:26:74:2c:61:b8:c1:
89:06:b6:e5:b5:ba:6b:75:2b:16:ad:ca:88:26:25:73:9b:15:
22:59:6a:94:dc:61:34:88:28:58:9f:de:fd:71:1e:37:af:90:
74:7b:cf:bb:93:1c:73:24:15:26:7a:33:8c:5d:5b:81:97:14:
62:01:7e:17:76:fb:aa:7a:4d:ed:81:2b:bd:d9:f3:12:69:86:
01:b3:91:0a:8d:6b:bd:71:41:a9:93:63:c2:a1:ab:0d:48:05:
99:7d:9e:a2:a4:ac:9f:73:0d:5b:5c:05:3a:52:64:fe:17:79:
2a:27:51:d7:5b:af:dc:10:d5:23:6b:2c:62:51:00:c9:67:17:
2d:29:a3:21:88:fd:14:48:0d:99:8c:d8:f8:c8:c7:ec:d2:83:
3d:ba:d4:94:7b:df:39:61:4b:e3:7c:b9:ea:77:09:01:bc:ec:
db:1c:fa:42:1b:6d:1d:b1:51:5f:e4:87:dd:41:24:00:a2:52:
e0:1a:c0:1c
-----BEGIN CERTIFICATE-----
MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
MIIDgTCCAmmgAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa
Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0
YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM
BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf
+3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i
xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO
rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU
34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL
r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2
QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf
ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w
DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0
mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ
WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI
qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0
GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT
JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ=
aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAgFw0xNTA3MDIxMzE1MTFa
GA8yMTIyMDcwMjE3NTAwNVowVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUt
U3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UE
AwwGcm9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPFrd4is
Nd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/m8TJEtHkC0WX5QbNZjrh4OIr
36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyDXq5CknSlK+cAwanc1bFTBw9z
946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7w6jBiLJ3/5zb/GpERET3hewI
LNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTMuR4hoGzEq1mwQDm7+Yit/d+N
tAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXVddTFezpANQafxIS0bJMMrzda
r7ZBTSYjHLgCswIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBSFVok1
4p8AGuGGAwtLr3YSazNt/TAfBgNVHSMEGDAWgBSFVok14p8AGuGGAwtLr3YSazNt
/TANBgkqhkiG9w0BAQsFAAOCAQEAuVzDOTHpwWP58SksxoSA7TPlcjws6JMfBwNl
zbsE7RApAF/qkQgZ3xCI6QBcLuu1r5hwyMSLU8QmxaHYRrmffUjgJnQsYbjBiQa2
5bW6a3UrFq3KiCYlc5sVIllqlNxhNIgoWJ/e/XEeN6+QdHvPu5MccyQVJnozjF1b
gZcUYgF+F3b7qnpN7YErvdnzEmmGAbORCo1rvXFBqZNjwqGrDUgFmX2eoqSsn3MN
W1wFOlJk/hd5KidR11uv3BDVI2ssYlEAyWcXLSmjIYj9FEgNmYzY+MjH7NKDPbrU
lHvfOWFL43y56ncJAbzs2xz6QhttHbFRX+SH3UEkAKJS4BrAHA==
-----END CERTIFICATE-----

33
test/exptest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -49,7 +49,8 @@ static int test_mod_exp_zero(void)
BIGNUM *r = NULL;
BN_ULONG one_word = 1;
BN_CTX *ctx = BN_CTX_new();
int ret = 1, failed = 0;
int ret = 0, failed = 0;
BN_MONT_CTX *mont = NULL;
if (!TEST_ptr(m = BN_new())
|| !TEST_ptr(a = BN_new())
@@ -94,6 +95,33 @@ static int test_mod_exp_zero(void)
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
failed = 1;
if (!TEST_ptr(mont = BN_MONT_CTX_new()))
goto err;
ERR_set_mark();
/* mont is not set but passed in */
if (!TEST_false(BN_mod_exp_mont_consttime(r, p, a, m, ctx, mont)))
goto err;
if (!TEST_false(BN_mod_exp_mont(r, p, a, m, ctx, mont)))
goto err;
ERR_pop_to_mark();
if (!TEST_true(BN_MONT_CTX_set(mont, m, ctx)))
goto err;
/* we compute 0 ** a mod 1 here, to execute code that uses mont */
if (!TEST_true(BN_mod_exp_mont_consttime(r, p, a, m, ctx, mont)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
failed = 1;
if (!TEST_true(BN_mod_exp_mont(r, p, a, m, ctx, mont)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont", r, a)))
failed = 1;
/*
* A different codepath exists for single word multiplication
* in non-constant-time only.
@@ -114,6 +142,7 @@ static int test_mod_exp_zero(void)
BN_free(a);
BN_free(p);
BN_free(m);
BN_MONT_CTX_free(mont);
BN_CTX_free(ctx);
return ret;

32
test/pemtest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -83,9 +83,39 @@ static int test_invalid(void)
return 1;
}
static int test_empty_payload(void)
{
BIO *b;
static char *emptypay =
"-----BEGIN CERTIFICATE-----\n"
"-\n" /* Base64 EOF character */
"-----END CERTIFICATE-----";
char *name = NULL, *header = NULL;
unsigned char *data = NULL;
long len;
int ret = 0;
b = BIO_new_mem_buf(emptypay, strlen(emptypay));
if (!TEST_ptr(b))
return 0;
/* Expected to fail because the payload is empty */
if (!TEST_false(PEM_read_bio_ex(b, &name, &header, &data, &len, 0)))
goto err;
ret = 1;
err:
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(data);
BIO_free(b);
return ret;
}
int setup_tests(void)
{
ADD_ALL_TESTS(test_b64, OSSL_NELEM(b64_pem_data));
ADD_TEST(test_invalid);
ADD_TEST(test_empty_payload);
return 1;
}

17
test/recipes/80-test_cms.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -13,7 +13,7 @@ use warnings;
use POSIX;
use File::Spec::Functions qw/catfile/;
use File::Compare qw/compare_text/;
use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file with/;
use OpenSSL::Test::Utils;
setup("test_cms");
@@ -27,7 +27,7 @@ my $smcont = srctop_file("test", "smcont.txt");
my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
= disabled qw/des dh dsa ec ec2m rc2 zlib/;
plan tests => 6;
plan tests => 7;
my @smime_pkcs7_tests = (
@@ -584,3 +584,14 @@ sub check_availability {
return "";
}
# Check that we get the expected failure return code
with({ exit_checker => sub { return shift == 6; } },
sub {
ok(run(app(['openssl', 'cms', '-encrypt',
'-in', srctop_file("test", "smcont.txt"),
'-stream', '-recip',
srctop_file("test/smime-certs", "badrsa.pem"),
])),
"Check failure during BIO setup with -stream is handled correctly");
});

10
test/recipes/95-test_external_pyca_data/cryptography.sh
View File

@@ -1,6 +1,6 @@
#!/bin/sh
#
# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
@@ -42,19 +42,17 @@ python -m venv venv-cryptography
cd pyca-cryptography
pip install .[test]
pip install -e vectors
echo "------------------------------------------------------------------"
echo "Building cryptography"
echo "------------------------------------------------------------------"
CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pip install .
LDFLAGS="-L$O_LIB" CFLAGS="-I$O_BINC -I$O_SINC" pip install .[test]
pip install -e vectors
echo "------------------------------------------------------------------"
echo "Running tests"
echo "------------------------------------------------------------------"
CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pytest -n auto tests --wycheproof-root=../wycheproof
pytest -n auto tests --wycheproof-root=../wycheproof
cd ../
deactivate

18
test/smime-certs/badrsa.pem Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIDbTCCAlWgAwIBAgIToTV4Z0iuK08vZP20oTh//hC8BDANBgkqhkiG9w0BAQ0FADAtMSswKQYD
VfcDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY
DzIwNTIwOTI3MDY1NDE4WjAZMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw
I2juwdRrjFBmXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A
/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6s
yTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0
zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSxgCAwEAAaOBlzCB
lDAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww
CgYIKwYBBQUHAwQwDwYDVR0PAQH/BAUDAwfAADAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm
ZnMwHwYDVR0jBBgwFoAUeF8OWnjYa+RUcD2z3ez38fL6wEcwDQYJKoZIhvcNAQENBQADggEBABbW
eonR6TMTckehDKNOabwaCIcekahAIL6l9tTzUX5ew6ufiAPlC6I/zQlmUaU0iSyFDG1NW14kNbFt
5CAokyLhMtE4ASHBIHbiOp/ZSbUBTVYJZB61ot7w1/ol5QECSs08b8zrxIncf+t2DHGuVEy/Qq1d
rBz8d4ay8zpqAE1tUyL5Da6ZiKUfWwZQXSI/JlbjQFzYQqTRDnzHWrg1xPeMTO1P2/cplFaseTiv
yk4cYwOp/W9UAWymOZXF8WcJYCIUXkdcG/nEZxr057KlScrJmFXOoh7Y+8ON4iWYYcAfiNgpUFo/
j8BAwrKKaFvdlZS9k1Ypb2+UQY75mKJE9Bg=
-----END CERTIFICATE-----

154
test/sslapitest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -794,6 +794,157 @@ static int test_large_message_dtls(void)
}
#endif
/*
* Test we can successfully send the maximum amount of application data. We
* test each protocol version individually, each with and without EtM enabled.
* TLSv1.3 doesn't use EtM so technically it is redundant to test both but it is
* simpler this way. We also test all combinations with and without the
* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option which affects the size of the
* underlying buffer.
*/
static int test_large_app_data(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0, prot;
unsigned char *msg, *buf = NULL;
size_t written, readbytes;
const SSL_METHOD *smeth = TLS_server_method();
const SSL_METHOD *cmeth = TLS_client_method();
switch (tst >> 2) {
case 0:
#ifndef OPENSSL_NO_TLS1_3
prot = TLS1_3_VERSION;
break;
#else
return 1;
#endif
case 1:
#ifndef OPENSSL_NO_TLS1_2
prot = TLS1_2_VERSION;
break;
#else
return 1;
#endif
case 2:
#ifndef OPENSSL_NO_TLS1_1
prot = TLS1_1_VERSION;
break;
#else
return 1;
#endif
case 3:
#ifndef OPENSSL_NO_TLS1
prot = TLS1_VERSION;
break;
#else
return 1;
#endif
case 4:
#ifndef OPENSSL_NO_SSL3
prot = SSL3_VERSION;
break;
#else
return 1;
#endif
case 5:
#ifndef OPENSSL_NO_DTLS1_2
prot = DTLS1_2_VERSION;
smeth = DTLS_server_method();
cmeth = DTLS_client_method();
break;
#else
return 1;
#endif
case 6:
#ifndef OPENSSL_NO_DTLS1
prot = DTLS1_VERSION;
smeth = DTLS_server_method();
cmeth = DTLS_client_method();
break;
#else
return 1;
#endif
default:
/* Shouldn't happen */
return 0;
}
/* Maximal sized message of zeros */
msg = OPENSSL_zalloc(SSL3_RT_MAX_PLAIN_LENGTH);
if (!TEST_ptr(msg))
goto end;
buf = OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH + 1);
if (!TEST_ptr(buf))
goto end;
/* Set whole buffer to all bits set */
memset(buf, 0xff, SSL3_RT_MAX_PLAIN_LENGTH + 1);
if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, prot, prot, &sctx, &cctx,
cert, privkey)))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL)))
goto end;
if ((tst & 1) != 0) {
/* Setting this option gives us a minimally sized underlying buffer */
if (!TEST_true(SSL_set_options(serverssl,
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
|| !TEST_true(SSL_set_options(clientssl,
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)))
goto end;
}
if ((tst & 2) != 0) {
/*
* Setting this option means the MAC is added before encryption
* giving us a larger record for the encryption process
*/
if (!TEST_true(SSL_set_options(serverssl, SSL_OP_NO_ENCRYPT_THEN_MAC))
|| !TEST_true(SSL_set_options(clientssl,
SSL_OP_NO_ENCRYPT_THEN_MAC)))
goto end;
}
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
if (!TEST_true(SSL_write_ex(clientssl, msg, SSL3_RT_MAX_PLAIN_LENGTH,
&written))
|| !TEST_size_t_eq(written, SSL3_RT_MAX_PLAIN_LENGTH))
goto end;
/* We provide a buffer slightly larger than what we are actually expecting */
if (!TEST_true(SSL_read_ex(serverssl, buf, SSL3_RT_MAX_PLAIN_LENGTH + 1,
&readbytes)))
goto end;
if (!TEST_mem_eq(msg, written, buf, readbytes))
goto end;
testresult = 1;
end:
OPENSSL_free(msg);
OPENSSL_free(buf);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#ifndef OPENSSL_NO_OCSP
static int ocsp_server_cb(SSL *s, void *arg)
{
@@ -7175,6 +7326,7 @@ int setup_tests(void)
#ifndef OPENSSL_NO_DTLS
ADD_TEST(test_large_message_dtls);
#endif
ADD_ALL_TESTS(test_large_app_data, 28);
#ifndef OPENSSL_NO_OCSP
ADD_TEST(test_tlsext_status_type);
#endif

398
test/test_test.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -33,19 +33,19 @@ static int test_case(int expected, const char *test, int result)
static int test_int(void)
{
if (!TEST(1, TEST_int_eq(1, 1))
| !TEST(0, TEST_int_eq(1, -1))
| !TEST(1, TEST_int_ne(1, 2))
| !TEST(0, TEST_int_ne(3, 3))
| !TEST(1, TEST_int_lt(4, 9))
| !TEST(0, TEST_int_lt(9, 4))
| !TEST(1, TEST_int_le(4, 9))
| !TEST(1, TEST_int_le(5, 5))
| !TEST(0, TEST_int_le(9, 4))
| !TEST(1, TEST_int_gt(8, 5))
| !TEST(0, TEST_int_gt(5, 8))
| !TEST(1, TEST_int_ge(8, 5))
| !TEST(1, TEST_int_ge(6, 6))
| !TEST(0, TEST_int_ge(5, 8)))
|| !TEST(0, TEST_int_eq(1, -1))
|| !TEST(1, TEST_int_ne(1, 2))
|| !TEST(0, TEST_int_ne(3, 3))
|| !TEST(1, TEST_int_lt(4, 9))
|| !TEST(0, TEST_int_lt(9, 4))
|| !TEST(1, TEST_int_le(4, 9))
|| !TEST(1, TEST_int_le(5, 5))
|| !TEST(0, TEST_int_le(9, 4))
|| !TEST(1, TEST_int_gt(8, 5))
|| !TEST(0, TEST_int_gt(5, 8))
|| !TEST(1, TEST_int_ge(8, 5))
|| !TEST(1, TEST_int_ge(6, 6))
|| !TEST(0, TEST_int_ge(5, 8)))
goto err;
return 1;
@@ -56,19 +56,19 @@ err:
static int test_uint(void)
{
if (!TEST(1, TEST_uint_eq(3u, 3u))
| !TEST(0, TEST_uint_eq(3u, 5u))
| !TEST(1, TEST_uint_ne(4u, 2u))
| !TEST(0, TEST_uint_ne(6u, 6u))
| !TEST(1, TEST_uint_lt(5u, 9u))
| !TEST(0, TEST_uint_lt(9u, 5u))
| !TEST(1, TEST_uint_le(5u, 9u))
| !TEST(1, TEST_uint_le(7u, 7u))
| !TEST(0, TEST_uint_le(9u, 5u))
| !TEST(1, TEST_uint_gt(11u, 1u))
| !TEST(0, TEST_uint_gt(1u, 11u))
| !TEST(1, TEST_uint_ge(11u, 1u))
| !TEST(1, TEST_uint_ge(6u, 6u))
| !TEST(0, TEST_uint_ge(1u, 11u)))
|| !TEST(0, TEST_uint_eq(3u, 5u))
|| !TEST(1, TEST_uint_ne(4u, 2u))
|| !TEST(0, TEST_uint_ne(6u, 6u))
|| !TEST(1, TEST_uint_lt(5u, 9u))
|| !TEST(0, TEST_uint_lt(9u, 5u))
|| !TEST(1, TEST_uint_le(5u, 9u))
|| !TEST(1, TEST_uint_le(7u, 7u))
|| !TEST(0, TEST_uint_le(9u, 5u))
|| !TEST(1, TEST_uint_gt(11u, 1u))
|| !TEST(0, TEST_uint_gt(1u, 11u))
|| !TEST(1, TEST_uint_ge(11u, 1u))
|| !TEST(1, TEST_uint_ge(6u, 6u))
|| !TEST(0, TEST_uint_ge(1u, 11u)))
goto err;
return 1;
@@ -79,19 +79,19 @@ err:
static int test_char(void)
{
if (!TEST(1, TEST_char_eq('a', 'a'))
| !TEST(0, TEST_char_eq('a', 'A'))
| !TEST(1, TEST_char_ne('a', 'c'))
| !TEST(0, TEST_char_ne('e', 'e'))
| !TEST(1, TEST_char_lt('i', 'x'))
| !TEST(0, TEST_char_lt('x', 'i'))
| !TEST(1, TEST_char_le('i', 'x'))
| !TEST(1, TEST_char_le('n', 'n'))
| !TEST(0, TEST_char_le('x', 'i'))
| !TEST(1, TEST_char_gt('w', 'n'))
| !TEST(0, TEST_char_gt('n', 'w'))
| !TEST(1, TEST_char_ge('w', 'n'))
| !TEST(1, TEST_char_ge('p', 'p'))
| !TEST(0, TEST_char_ge('n', 'w')))
|| !TEST(0, TEST_char_eq('a', 'A'))
|| !TEST(1, TEST_char_ne('a', 'c'))
|| !TEST(0, TEST_char_ne('e', 'e'))
|| !TEST(1, TEST_char_lt('i', 'x'))
|| !TEST(0, TEST_char_lt('x', 'i'))
|| !TEST(1, TEST_char_le('i', 'x'))
|| !TEST(1, TEST_char_le('n', 'n'))
|| !TEST(0, TEST_char_le('x', 'i'))
|| !TEST(1, TEST_char_gt('w', 'n'))
|| !TEST(0, TEST_char_gt('n', 'w'))
|| !TEST(1, TEST_char_ge('w', 'n'))
|| !TEST(1, TEST_char_ge('p', 'p'))
|| !TEST(0, TEST_char_ge('n', 'w')))
goto err;
return 1;
@@ -102,19 +102,19 @@ err:
static int test_uchar(void)
{
if (!TEST(1, TEST_uchar_eq(49, 49))
| !TEST(0, TEST_uchar_eq(49, 60))
| !TEST(1, TEST_uchar_ne(50, 2))
| !TEST(0, TEST_uchar_ne(66, 66))
| !TEST(1, TEST_uchar_lt(60, 80))
| !TEST(0, TEST_uchar_lt(80, 60))
| !TEST(1, TEST_uchar_le(60, 80))
| !TEST(1, TEST_uchar_le(78, 78))
| !TEST(0, TEST_uchar_le(80, 60))
| !TEST(1, TEST_uchar_gt(88, 37))
| !TEST(0, TEST_uchar_gt(37, 88))
| !TEST(1, TEST_uchar_ge(88, 37))
| !TEST(1, TEST_uchar_ge(66, 66))
| !TEST(0, TEST_uchar_ge(37, 88)))
|| !TEST(0, TEST_uchar_eq(49, 60))
|| !TEST(1, TEST_uchar_ne(50, 2))
|| !TEST(0, TEST_uchar_ne(66, 66))
|| !TEST(1, TEST_uchar_lt(60, 80))
|| !TEST(0, TEST_uchar_lt(80, 60))
|| !TEST(1, TEST_uchar_le(60, 80))
|| !TEST(1, TEST_uchar_le(78, 78))
|| !TEST(0, TEST_uchar_le(80, 60))
|| !TEST(1, TEST_uchar_gt(88, 37))
|| !TEST(0, TEST_uchar_gt(37, 88))
|| !TEST(1, TEST_uchar_ge(88, 37))
|| !TEST(1, TEST_uchar_ge(66, 66))
|| !TEST(0, TEST_uchar_ge(37, 88)))
goto err;
return 1;
@@ -125,19 +125,19 @@ err:
static int test_long(void)
{
if (!TEST(1, TEST_long_eq(123l, 123l))
| !TEST(0, TEST_long_eq(123l, -123l))
| !TEST(1, TEST_long_ne(123l, 500l))
| !TEST(0, TEST_long_ne(1000l, 1000l))
| !TEST(1, TEST_long_lt(-8923l, 102934563l))
| !TEST(0, TEST_long_lt(102934563l, -8923l))
| !TEST(1, TEST_long_le(-8923l, 102934563l))
| !TEST(1, TEST_long_le(12345l, 12345l))
| !TEST(0, TEST_long_le(102934563l, -8923l))
| !TEST(1, TEST_long_gt(84325677l, 12345l))
| !TEST(0, TEST_long_gt(12345l, 84325677l))
| !TEST(1, TEST_long_ge(84325677l, 12345l))
| !TEST(1, TEST_long_ge(465869l, 465869l))
| !TEST(0, TEST_long_ge(12345l, 84325677l)))
|| !TEST(0, TEST_long_eq(123l, -123l))
|| !TEST(1, TEST_long_ne(123l, 500l))
|| !TEST(0, TEST_long_ne(1000l, 1000l))
|| !TEST(1, TEST_long_lt(-8923l, 102934563l))
|| !TEST(0, TEST_long_lt(102934563l, -8923l))
|| !TEST(1, TEST_long_le(-8923l, 102934563l))
|| !TEST(1, TEST_long_le(12345l, 12345l))
|| !TEST(0, TEST_long_le(102934563l, -8923l))
|| !TEST(1, TEST_long_gt(84325677l, 12345l))
|| !TEST(0, TEST_long_gt(12345l, 84325677l))
|| !TEST(1, TEST_long_ge(84325677l, 12345l))
|| !TEST(1, TEST_long_ge(465869l, 465869l))
|| !TEST(0, TEST_long_ge(12345l, 84325677l)))
goto err;
return 1;
@@ -148,19 +148,19 @@ err:
static int test_ulong(void)
{
if (!TEST(1, TEST_ulong_eq(919ul, 919ul))
| !TEST(0, TEST_ulong_eq(919ul, 10234ul))
| !TEST(1, TEST_ulong_ne(8190ul, 66ul))
| !TEST(0, TEST_ulong_ne(10555ul, 10555ul))
| !TEST(1, TEST_ulong_lt(10234ul, 1000000ul))
| !TEST(0, TEST_ulong_lt(1000000ul, 10234ul))
| !TEST(1, TEST_ulong_le(10234ul, 1000000ul))
| !TEST(1, TEST_ulong_le(100000ul, 100000ul))
| !TEST(0, TEST_ulong_le(1000000ul, 10234ul))
| !TEST(1, TEST_ulong_gt(100000000ul, 22ul))
| !TEST(0, TEST_ulong_gt(22ul, 100000000ul))
| !TEST(1, TEST_ulong_ge(100000000ul, 22ul))
| !TEST(1, TEST_ulong_ge(10555ul, 10555ul))
| !TEST(0, TEST_ulong_ge(22ul, 100000000ul)))
|| !TEST(0, TEST_ulong_eq(919ul, 10234ul))
|| !TEST(1, TEST_ulong_ne(8190ul, 66ul))
|| !TEST(0, TEST_ulong_ne(10555ul, 10555ul))
|| !TEST(1, TEST_ulong_lt(10234ul, 1000000ul))
|| !TEST(0, TEST_ulong_lt(1000000ul, 10234ul))
|| !TEST(1, TEST_ulong_le(10234ul, 1000000ul))
|| !TEST(1, TEST_ulong_le(100000ul, 100000ul))
|| !TEST(0, TEST_ulong_le(1000000ul, 10234ul))
|| !TEST(1, TEST_ulong_gt(100000000ul, 22ul))
|| !TEST(0, TEST_ulong_gt(22ul, 100000000ul))
|| !TEST(1, TEST_ulong_ge(100000000ul, 22ul))
|| !TEST(1, TEST_ulong_ge(10555ul, 10555ul))
|| !TEST(0, TEST_ulong_ge(22ul, 100000000ul)))
goto err;
return 1;
@@ -171,19 +171,19 @@ err:
static int test_size_t(void)
{
if (!TEST(1, TEST_size_t_eq((size_t)10, (size_t)10))
| !TEST(0, TEST_size_t_eq((size_t)10, (size_t)12))
| !TEST(1, TEST_size_t_ne((size_t)10, (size_t)12))
| !TEST(0, TEST_size_t_ne((size_t)24, (size_t)24))
| !TEST(1, TEST_size_t_lt((size_t)30, (size_t)88))
| !TEST(0, TEST_size_t_lt((size_t)88, (size_t)30))
| !TEST(1, TEST_size_t_le((size_t)30, (size_t)88))
| !TEST(1, TEST_size_t_le((size_t)33, (size_t)33))
| !TEST(0, TEST_size_t_le((size_t)88, (size_t)30))
| !TEST(1, TEST_size_t_gt((size_t)52, (size_t)33))
| !TEST(0, TEST_size_t_gt((size_t)33, (size_t)52))
| !TEST(1, TEST_size_t_ge((size_t)52, (size_t)33))
| !TEST(1, TEST_size_t_ge((size_t)38, (size_t)38))
| !TEST(0, TEST_size_t_ge((size_t)33, (size_t)52)))
|| !TEST(0, TEST_size_t_eq((size_t)10, (size_t)12))
|| !TEST(1, TEST_size_t_ne((size_t)10, (size_t)12))
|| !TEST(0, TEST_size_t_ne((size_t)24, (size_t)24))
|| !TEST(1, TEST_size_t_lt((size_t)30, (size_t)88))
|| !TEST(0, TEST_size_t_lt((size_t)88, (size_t)30))
|| !TEST(1, TEST_size_t_le((size_t)30, (size_t)88))
|| !TEST(1, TEST_size_t_le((size_t)33, (size_t)33))
|| !TEST(0, TEST_size_t_le((size_t)88, (size_t)30))
|| !TEST(1, TEST_size_t_gt((size_t)52, (size_t)33))
|| !TEST(0, TEST_size_t_gt((size_t)33, (size_t)52))
|| !TEST(1, TEST_size_t_ge((size_t)52, (size_t)33))
|| !TEST(1, TEST_size_t_ge((size_t)38, (size_t)38))
|| !TEST(0, TEST_size_t_ge((size_t)33, (size_t)52)))
goto err;
return 1;
@@ -194,19 +194,19 @@ err:
static int test_time_t(void)
{
if (!TEST(1, TEST_time_t_eq((time_t)10, (time_t)10))
| !TEST(0, TEST_time_t_eq((time_t)10, (time_t)12))
| !TEST(1, TEST_time_t_ne((time_t)10, (time_t)12))
| !TEST(0, TEST_time_t_ne((time_t)24, (time_t)24))
| !TEST(1, TEST_time_t_lt((time_t)30, (time_t)88))
| !TEST(0, TEST_time_t_lt((time_t)88, (time_t)30))
| !TEST(1, TEST_time_t_le((time_t)30, (time_t)88))
| !TEST(1, TEST_time_t_le((time_t)33, (time_t)33))
| !TEST(0, TEST_time_t_le((time_t)88, (time_t)30))
| !TEST(1, TEST_time_t_gt((time_t)52, (time_t)33))
| !TEST(0, TEST_time_t_gt((time_t)33, (time_t)52))
| !TEST(1, TEST_time_t_ge((time_t)52, (time_t)33))
| !TEST(1, TEST_time_t_ge((time_t)38, (time_t)38))
| !TEST(0, TEST_time_t_ge((time_t)33, (time_t)52)))
|| !TEST(0, TEST_time_t_eq((time_t)10, (time_t)12))
|| !TEST(1, TEST_time_t_ne((time_t)10, (time_t)12))
|| !TEST(0, TEST_time_t_ne((time_t)24, (time_t)24))
|| !TEST(1, TEST_time_t_lt((time_t)30, (time_t)88))
|| !TEST(0, TEST_time_t_lt((time_t)88, (time_t)30))
|| !TEST(1, TEST_time_t_le((time_t)30, (time_t)88))
|| !TEST(1, TEST_time_t_le((time_t)33, (time_t)33))
|| !TEST(0, TEST_time_t_le((time_t)88, (time_t)30))
|| !TEST(1, TEST_time_t_gt((time_t)52, (time_t)33))
|| !TEST(0, TEST_time_t_gt((time_t)33, (time_t)52))
|| !TEST(1, TEST_time_t_ge((time_t)52, (time_t)33))
|| !TEST(1, TEST_time_t_ge((time_t)38, (time_t)38))
|| !TEST(0, TEST_time_t_ge((time_t)33, (time_t)52)))
goto err;
return 1;
@@ -220,19 +220,19 @@ static int test_pointer(void)
char y = 1;
if (!TEST(1, TEST_ptr(&y))
| !TEST(0, TEST_ptr(NULL))
| !TEST(0, TEST_ptr_null(&y))
| !TEST(1, TEST_ptr_null(NULL))
| !TEST(1, TEST_ptr_eq(NULL, NULL))
| !TEST(0, TEST_ptr_eq(NULL, &y))
| !TEST(0, TEST_ptr_eq(&y, NULL))
| !TEST(0, TEST_ptr_eq(&y, &x))
| !TEST(1, TEST_ptr_eq(&x, &x))
| !TEST(0, TEST_ptr_ne(NULL, NULL))
| !TEST(1, TEST_ptr_ne(NULL, &y))
| !TEST(1, TEST_ptr_ne(&y, NULL))
| !TEST(1, TEST_ptr_ne(&y, &x))
| !TEST(0, TEST_ptr_ne(&x, &x)))
|| !TEST(0, TEST_ptr(NULL))
|| !TEST(0, TEST_ptr_null(&y))
|| !TEST(1, TEST_ptr_null(NULL))
|| !TEST(1, TEST_ptr_eq(NULL, NULL))
|| !TEST(0, TEST_ptr_eq(NULL, &y))
|| !TEST(0, TEST_ptr_eq(&y, NULL))
|| !TEST(0, TEST_ptr_eq(&y, &x))
|| !TEST(1, TEST_ptr_eq(&x, &x))
|| !TEST(0, TEST_ptr_ne(NULL, NULL))
|| !TEST(1, TEST_ptr_ne(NULL, &y))
|| !TEST(1, TEST_ptr_ne(&y, NULL))
|| !TEST(1, TEST_ptr_ne(&y, &x))
|| !TEST(0, TEST_ptr_ne(&x, &x)))
goto err;
return 1;
@@ -243,9 +243,9 @@ err:
static int test_bool(void)
{
if (!TEST(0, TEST_true(0))
| !TEST(1, TEST_true(1))
| !TEST(1, TEST_false(0))
| !TEST(0, TEST_false(1)))
|| !TEST(1, TEST_true(1))
|| !TEST(1, TEST_false(0))
|| !TEST(0, TEST_false(1)))
goto err;
return 1;
@@ -258,19 +258,19 @@ static int test_string(void)
static char buf[] = "abc";
if (!TEST(1, TEST_str_eq(NULL, NULL))
| !TEST(1, TEST_str_eq("abc", buf))
| !TEST(0, TEST_str_eq("abc", NULL))
| !TEST(0, TEST_str_eq("abc", ""))
| !TEST(0, TEST_str_eq(NULL, buf))
| !TEST(0, TEST_str_ne(NULL, NULL))
| !TEST(0, TEST_str_eq("", NULL))
| !TEST(0, TEST_str_eq(NULL, ""))
| !TEST(0, TEST_str_ne("", ""))
| !TEST(0, TEST_str_eq("\1\2\3\4\5", "\1x\3\6\5"))
| !TEST(0, TEST_str_ne("abc", buf))
| !TEST(1, TEST_str_ne("abc", NULL))
| !TEST(1, TEST_str_ne(NULL, buf))
| !TEST(0, TEST_str_eq("abcdef", "abcdefghijk")))
|| !TEST(1, TEST_str_eq("abc", buf))
|| !TEST(0, TEST_str_eq("abc", NULL))
|| !TEST(0, TEST_str_eq("abc", ""))
|| !TEST(0, TEST_str_eq(NULL, buf))
|| !TEST(0, TEST_str_ne(NULL, NULL))
|| !TEST(0, TEST_str_eq("", NULL))
|| !TEST(0, TEST_str_eq(NULL, ""))
|| !TEST(0, TEST_str_ne("", ""))
|| !TEST(0, TEST_str_eq("\1\2\3\4\5", "\1x\3\6\5"))
|| !TEST(0, TEST_str_ne("abc", buf))
|| !TEST(1, TEST_str_ne("abc", NULL))
|| !TEST(1, TEST_str_ne(NULL, buf))
|| !TEST(0, TEST_str_eq("abcdef", "abcdefghijk")))
goto err;
return 1;
@@ -283,16 +283,16 @@ static int test_memory(void)
static char buf[] = "xyz";
if (!TEST(1, TEST_mem_eq(NULL, 0, NULL, 0))
| !TEST(1, TEST_mem_eq(NULL, 1, NULL, 2))
| !TEST(0, TEST_mem_eq(NULL, 0, "xyz", 3))
| !TEST(0, TEST_mem_eq(NULL, 7, "abc", 3))
| !TEST(0, TEST_mem_ne(NULL, 0, NULL, 0))
| !TEST(0, TEST_mem_eq(NULL, 0, "", 0))
| !TEST(0, TEST_mem_eq("", 0, NULL, 0))
| !TEST(0, TEST_mem_ne("", 0, "", 0))
| !TEST(0, TEST_mem_eq("xyz", 3, NULL, 0))
| !TEST(0, TEST_mem_eq("xyz", 3, buf, sizeof(buf)))
| !TEST(1, TEST_mem_eq("xyz", 4, buf, sizeof(buf))))
|| !TEST(1, TEST_mem_eq(NULL, 1, NULL, 2))
|| !TEST(0, TEST_mem_eq(NULL, 0, "xyz", 3))
|| !TEST(0, TEST_mem_eq(NULL, 7, "abc", 3))
|| !TEST(0, TEST_mem_ne(NULL, 0, NULL, 0))
|| !TEST(0, TEST_mem_eq(NULL, 0, "", 0))
|| !TEST(0, TEST_mem_eq("", 0, NULL, 0))
|| !TEST(0, TEST_mem_ne("", 0, "", 0))
|| !TEST(0, TEST_mem_eq("xyz", 3, NULL, 0))
|| !TEST(0, TEST_mem_eq("xyz", 3, buf, sizeof(buf)))
|| !TEST(1, TEST_mem_eq("xyz", 4, buf, sizeof(buf))))
goto err;
return 1;
@@ -315,61 +315,61 @@ static int test_bignum(void)
int r = 0;
if (!TEST(1, TEST_int_eq(BN_dec2bn(&a, "0"), 1))
| !TEST(1, TEST_BN_eq_word(a, 0))
| !TEST(0, TEST_BN_eq_word(a, 30))
| !TEST(1, TEST_BN_abs_eq_word(a, 0))
| !TEST(0, TEST_BN_eq_one(a))
| !TEST(1, TEST_BN_eq_zero(a))
| !TEST(0, TEST_BN_ne_zero(a))
| !TEST(1, TEST_BN_le_zero(a))
| !TEST(0, TEST_BN_lt_zero(a))
| !TEST(1, TEST_BN_ge_zero(a))
| !TEST(0, TEST_BN_gt_zero(a))
| !TEST(1, TEST_BN_even(a))
| !TEST(0, TEST_BN_odd(a))
| !TEST(1, TEST_BN_eq(b, c))
| !TEST(0, TEST_BN_eq(a, b))
| !TEST(0, TEST_BN_ne(NULL, c))
| !TEST(1, TEST_int_eq(BN_dec2bn(&b, "1"), 1))
| !TEST(1, TEST_BN_eq_word(b, 1))
| !TEST(1, TEST_BN_eq_one(b))
| !TEST(0, TEST_BN_abs_eq_word(b, 0))
| !TEST(1, TEST_BN_abs_eq_word(b, 1))
| !TEST(0, TEST_BN_eq_zero(b))
| !TEST(1, TEST_BN_ne_zero(b))
| !TEST(0, TEST_BN_le_zero(b))
| !TEST(0, TEST_BN_lt_zero(b))
| !TEST(1, TEST_BN_ge_zero(b))
| !TEST(1, TEST_BN_gt_zero(b))
| !TEST(0, TEST_BN_even(b))
| !TEST(1, TEST_BN_odd(b))
| !TEST(1, TEST_int_eq(BN_dec2bn(&c, "-334739439"), 10))
| !TEST(0, TEST_BN_eq_word(c, 334739439))
| !TEST(1, TEST_BN_abs_eq_word(c, 334739439))
| !TEST(0, TEST_BN_eq_zero(c))
| !TEST(1, TEST_BN_ne_zero(c))
| !TEST(1, TEST_BN_le_zero(c))
| !TEST(1, TEST_BN_lt_zero(c))
| !TEST(0, TEST_BN_ge_zero(c))
| !TEST(0, TEST_BN_gt_zero(c))
| !TEST(0, TEST_BN_even(c))
| !TEST(1, TEST_BN_odd(c))
| !TEST(1, TEST_BN_eq(a, a))
| !TEST(0, TEST_BN_ne(a, a))
| !TEST(0, TEST_BN_eq(a, b))
| !TEST(1, TEST_BN_ne(a, b))
| !TEST(0, TEST_BN_lt(a, c))
| !TEST(1, TEST_BN_lt(c, b))
| !TEST(0, TEST_BN_lt(b, c))
| !TEST(0, TEST_BN_le(a, c))
| !TEST(1, TEST_BN_le(c, b))
| !TEST(0, TEST_BN_le(b, c))
| !TEST(1, TEST_BN_gt(a, c))
| !TEST(0, TEST_BN_gt(c, b))
| !TEST(1, TEST_BN_gt(b, c))
| !TEST(1, TEST_BN_ge(a, c))
| !TEST(0, TEST_BN_ge(c, b))
| !TEST(1, TEST_BN_ge(b, c)))
|| !TEST(1, TEST_BN_eq_word(a, 0))
|| !TEST(0, TEST_BN_eq_word(a, 30))
|| !TEST(1, TEST_BN_abs_eq_word(a, 0))
|| !TEST(0, TEST_BN_eq_one(a))
|| !TEST(1, TEST_BN_eq_zero(a))
|| !TEST(0, TEST_BN_ne_zero(a))
|| !TEST(1, TEST_BN_le_zero(a))
|| !TEST(0, TEST_BN_lt_zero(a))
|| !TEST(1, TEST_BN_ge_zero(a))
|| !TEST(0, TEST_BN_gt_zero(a))
|| !TEST(1, TEST_BN_even(a))
|| !TEST(0, TEST_BN_odd(a))
|| !TEST(1, TEST_BN_eq(b, c))
|| !TEST(0, TEST_BN_eq(a, b))
|| !TEST(0, TEST_BN_ne(NULL, c))
|| !TEST(1, TEST_int_eq(BN_dec2bn(&b, "1"), 1))
|| !TEST(1, TEST_BN_eq_word(b, 1))
|| !TEST(1, TEST_BN_eq_one(b))
|| !TEST(0, TEST_BN_abs_eq_word(b, 0))
|| !TEST(1, TEST_BN_abs_eq_word(b, 1))
|| !TEST(0, TEST_BN_eq_zero(b))
|| !TEST(1, TEST_BN_ne_zero(b))
|| !TEST(0, TEST_BN_le_zero(b))
|| !TEST(0, TEST_BN_lt_zero(b))
|| !TEST(1, TEST_BN_ge_zero(b))
|| !TEST(1, TEST_BN_gt_zero(b))
|| !TEST(0, TEST_BN_even(b))
|| !TEST(1, TEST_BN_odd(b))
|| !TEST(1, TEST_int_eq(BN_dec2bn(&c, "-334739439"), 10))
|| !TEST(0, TEST_BN_eq_word(c, 334739439))
|| !TEST(1, TEST_BN_abs_eq_word(c, 334739439))
|| !TEST(0, TEST_BN_eq_zero(c))
|| !TEST(1, TEST_BN_ne_zero(c))
|| !TEST(1, TEST_BN_le_zero(c))
|| !TEST(1, TEST_BN_lt_zero(c))
|| !TEST(0, TEST_BN_ge_zero(c))
|| !TEST(0, TEST_BN_gt_zero(c))
|| !TEST(0, TEST_BN_even(c))
|| !TEST(1, TEST_BN_odd(c))
|| !TEST(1, TEST_BN_eq(a, a))
|| !TEST(0, TEST_BN_ne(a, a))
|| !TEST(0, TEST_BN_eq(a, b))
|| !TEST(1, TEST_BN_ne(a, b))
|| !TEST(0, TEST_BN_lt(a, c))
|| !TEST(1, TEST_BN_lt(c, b))
|| !TEST(0, TEST_BN_lt(b, c))
|| !TEST(0, TEST_BN_le(a, c))
|| !TEST(1, TEST_BN_le(c, b))
|| !TEST(0, TEST_BN_le(b, c))
|| !TEST(1, TEST_BN_gt(a, c))
|| !TEST(0, TEST_BN_gt(c, b))
|| !TEST(1, TEST_BN_gt(b, c))
|| !TEST(1, TEST_BN_ge(a, c))
|| !TEST(0, TEST_BN_ge(c, b))
|| !TEST(1, TEST_BN_ge(b, c)))
goto err;
r = 1;

4
test/testutil/driver.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -99,7 +99,7 @@ static int gcd(int a, int b)
return a;
}
void setup_test_framework()
void setup_test_framework(void)
{
char *TAP_levels = getenv("HARNESS_OSSL_LEVEL");
char *test_seed = getenv("OPENSSL_TEST_RAND_ORDER");

10
test/v3nametest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -646,6 +646,14 @@ static struct gennamedata {
0xb7, 0x09, 0x02, 0x02
},
15
}, {
/*
* Regression test for CVE-2023-0286.
*/
{
0xa3, 0x00
},
2
}
};