diff options
Diffstat (limited to 'src')
177 files changed, 6374 insertions, 5512 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 6e41ee9..c1a6a37 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -76,6 +76,11 @@ if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.7.9 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wshadow") endif() +if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.8.99") OR + CMAKE_CXX_COMPILER_ID MATCHES "Clang") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c11 -D_XOPEN_SOURCE=700") +endif() + add_definitions(-DBORINGSSL_IMPLEMENTATION) if (BUILD_SHARED_LIBS) @@ -104,6 +109,8 @@ elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i686") set(ARCH "x86") elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm") set(ARCH "arm") +elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "armv6") + set(ARCH "arm") elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "armv7-a") set(ARCH "arm") elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64") @@ -116,7 +123,7 @@ if (ANDROID AND ${ARCH} STREQUAL "arm") # The Android-NDK CMake files somehow fail to set the -march flag for # assembly files. Without this flag, the compiler believes that it's # building for ARMv5. - set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -march=armv7-a") + set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -march=${CMAKE_SYSTEM_PROCESSOR}") endif() if (${ARCH} STREQUAL "x86" AND APPLE) diff --git a/src/LICENSE b/src/LICENSE new file mode 100644 index 0000000..8ae5e77 --- /dev/null +++ b/src/LICENSE @@ -0,0 +1,146 @@ +BoringSSL is a fork of OpenSSL. As such, large parts of it fall under OpenSSL +licensing. Files that are completely new have a Google copyright and an ISC +license. This license is reproduced at the bottom of this file. + +Contributors to BoringSSL are required to follow the CLA rules for Chromium: +https://cla.developers.google.com/clas + +The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the +OpenSSL License and the original SSLeay license apply to the toolkit. See below +for the actual license texts. Actually both licenses are BSD-style Open Source +licenses. In case of any license issues related to OpenSSL please contact +openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + + +ISC license used for completely new code in BoringSSL: + +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ diff --git a/src/crypto/CMakeLists.txt b/src/crypto/CMakeLists.txt index 6433dc6..6858cbb 100644 --- a/src/crypto/CMakeLists.txt +++ b/src/crypto/CMakeLists.txt @@ -145,15 +145,17 @@ add_library( crypto crypto.c + directory_posix.c + directory_win.c + ex_data.c mem.c + refcount_c11.c + refcount_lock.c thread.c thread_none.c thread_pthread.c thread_win.c - ex_data.c time_support.c - directory_posix.c - directory_win.c ${CRYPTO_ARCH_SOURCES} @@ -205,6 +207,8 @@ add_executable( constant_time_test constant_time_test.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(constant_time_test crypto) @@ -213,9 +217,19 @@ add_executable( thread_test thread_test.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(thread_test crypto) +add_executable( + refcount_test + + refcount_test.c +) + +target_link_libraries(refcount_test crypto) + perlasm(cpu-x86_64-asm.${ASM_EXT} cpu-x86_64-asm.pl) perlasm(cpu-x86-asm.${ASM_EXT} cpu-x86-asm.pl) diff --git a/src/crypto/aes/asm/bsaes-armv7.pl b/src/crypto/aes/asm/bsaes-armv7.pl index a5e4a98..273f0b9 100644 --- a/src/crypto/aes/asm/bsaes-armv7.pl +++ b/src/crypto/aes/asm/bsaes-armv7.pl @@ -1424,7 +1424,7 @@ bsaes_ctr32_encrypt_blocks: vld1.8 {@XMM[0]}, [$ctr] @ load counter #ifdef __APPLE__ - mov $ctr, #.LREVM0SR-.LM0 + mov $ctr, #:lower16:(.LREVM0SR-.LM0) add $ctr, $const, $ctr #else add $ctr, $const, #.LREVM0SR-.LM0 @ borrow $ctr @@ -1486,7 +1486,7 @@ bsaes_ctr32_encrypt_blocks: mov r5, $rounds @ pass rounds vstmia $fp, {@XMM[10]} @ save next counter #ifdef __APPLE__ - mov $const, #.LREVM0SR-.LSR + mov $const, #:lower16:(.LREVM0SR-.LSR) sub $const, $ctr, $const #else sub $const, $ctr, #.LREVM0SR-.LSR @ pass constants diff --git a/src/crypto/asn1/tasn_fre.c b/src/crypto/asn1/tasn_fre.c index c344ed7..d1317ae 100644 --- a/src/crypto/asn1/tasn_fre.c +++ b/src/crypto/asn1/tasn_fre.c @@ -143,7 +143,7 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: - if (asn1_do_lock(pval, -1, it) > 0) + if (!asn1_refcount_dec_and_test_zero(pval, it)) return; if (asn1_cb) { diff --git a/src/crypto/asn1/tasn_new.c b/src/crypto/asn1/tasn_new.c index 918aba7..6d69dcb 100644 --- a/src/crypto/asn1/tasn_new.c +++ b/src/crypto/asn1/tasn_new.c @@ -190,7 +190,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, if (!*pval) goto memerr; memset(*pval, 0, it->size); - asn1_do_lock(pval, 0, it); + asn1_refcount_set_one(pval, it); asn1_enc_init(pval, it); } for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) diff --git a/src/crypto/asn1/tasn_utl.c b/src/crypto/asn1/tasn_utl.c index 1b9de94..ff3764e 100644 --- a/src/crypto/asn1/tasn_utl.c +++ b/src/crypto/asn1/tasn_utl.c @@ -64,6 +64,8 @@ #include <openssl/err.h> #include <openssl/thread.h> +#include "../internal.h" + /* Utility functions for manipulating fields and offsets */ @@ -86,28 +88,32 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, return ret; } -/* Do reference counting. The value 'op' decides what to do. if it is +1 then - * the count is incremented. If op is 0 count is set to 1. If op is -1 count is - * decremented and the return value is the current refrence count or 0 if no - * reference count exists. */ -int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) { - const ASN1_AUX *aux; - int *lck, ret; +static CRYPTO_refcount_t *asn1_get_references(ASN1_VALUE **pval, + const ASN1_ITEM *it) { if (it->itype != ASN1_ITYPE_SEQUENCE && it->itype != ASN1_ITYPE_NDEF_SEQUENCE) { - return 0; + return NULL; } - aux = it->funcs; + const ASN1_AUX *aux = it->funcs; if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) { - return 0; + return NULL; } - lck = offset2ptr(*pval, aux->ref_offset); - if (op == 0) { - *lck = 1; - return 1; + return offset2ptr(*pval, aux->ref_offset); +} + +void asn1_refcount_set_one(ASN1_VALUE **pval, const ASN1_ITEM *it) { + CRYPTO_refcount_t *references = asn1_get_references(pval, it); + if (references != NULL) { + *references = 1; } - ret = CRYPTO_add(lck, op, aux->ref_lock); - return ret; +} + +int asn1_refcount_dec_and_test_zero(ASN1_VALUE **pval, const ASN1_ITEM *it) { + CRYPTO_refcount_t *references = asn1_get_references(pval, it); + if (references != NULL) { + return CRYPTO_refcount_dec_and_test_zero(references); + } + return 1; } static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) { diff --git a/src/crypto/base64/CMakeLists.txt b/src/crypto/base64/CMakeLists.txt index 8bc531a..42037a5 100644 --- a/src/crypto/base64/CMakeLists.txt +++ b/src/crypto/base64/CMakeLists.txt @@ -12,6 +12,8 @@ add_executable( base64_test base64_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(base64_test crypto) diff --git a/src/crypto/bio/CMakeLists.txt b/src/crypto/bio/CMakeLists.txt index f4122c4..dbf5951 100644 --- a/src/crypto/bio/CMakeLists.txt +++ b/src/crypto/bio/CMakeLists.txt @@ -22,6 +22,8 @@ add_executable( bio_test bio_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(bio_test crypto) diff --git a/src/crypto/bio/bio.c b/src/crypto/bio/bio.c index 694a11c..5ac5911 100644 --- a/src/crypto/bio/bio.c +++ b/src/crypto/bio/bio.c @@ -65,6 +65,8 @@ #include <openssl/mem.h> #include <openssl/thread.h> +#include "../internal.h" + /* BIO_set initialises a BIO structure to have the given type and sets the * reference count to one. It returns one on success or zero on error. */ @@ -104,8 +106,7 @@ int BIO_free(BIO *bio) { BIO *next_bio; for (; bio != NULL; bio = next_bio) { - int refs = CRYPTO_add(&bio->references, -1, CRYPTO_LOCK_BIO); - if (refs > 0) { + if (!CRYPTO_refcount_dec_and_test_zero(&bio->references)) { return 0; } @@ -128,7 +129,7 @@ int BIO_free(BIO *bio) { } BIO *BIO_up_ref(BIO *bio) { - CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO); + CRYPTO_refcount_inc(&bio->references); return bio; } @@ -507,7 +508,7 @@ static int bio_read_all(BIO *bio, uint8_t **out, size_t *out_len, done += n; if (len < max_len && len - done < kChunkSize / 2) { len += kChunkSize; - if (len > max_len) { + if (len < kChunkSize || len > max_len) { len = max_len; } uint8_t *new_buf = OPENSSL_realloc(*out, len); diff --git a/src/crypto/bio/bio_test.cc b/src/crypto/bio/bio_test.cc index e0193f8..4d7dfe2 100644 --- a/src/crypto/bio/bio_test.cc +++ b/src/crypto/bio/bio_test.cc @@ -371,6 +371,9 @@ static bool TestASN1() { kLargePayloadLen & 0xff}; ScopedOpenSSLBytes large(reinterpret_cast<uint8_t *>( OPENSSL_malloc(sizeof(kLargePrefix) + kLargePayloadLen))); + if (!large) { + return false; + } memset(large.get() + sizeof(kLargePrefix), 0, kLargePayloadLen); memcpy(large.get(), kLargePrefix, sizeof(kLargePrefix)); diff --git a/src/crypto/bio/printf.c b/src/crypto/bio/printf.c index 3638915..f51b396 100644 --- a/src/crypto/bio/printf.c +++ b/src/crypto/bio/printf.c @@ -64,6 +64,7 @@ #include <stdarg.h> #include <stdio.h> +#include <openssl/err.h> #include <openssl/mem.h> int BIO_printf(BIO *bio, const char *format, ...) { @@ -94,9 +95,8 @@ int BIO_printf(BIO *bio, const char *format, ...) { out = OPENSSL_malloc(requested_len + 1); out_malloced = 1; if (out == NULL) { - /* Unclear what can be done in this situation. OpenSSL has historically - * crashed and that seems better than producing the wrong output. */ - abort(); + OPENSSL_PUT_ERROR(BIO, BIO_printf, ERR_R_MALLOC_FAILURE); + return -1; } va_start(args, format); out_len = vsnprintf(out, requested_len + 1, format, args); diff --git a/src/crypto/bio/socket_helper.c b/src/crypto/bio/socket_helper.c index 197c737..b1cdd1a 100644 --- a/src/crypto/bio/socket_helper.c +++ b/src/crypto/bio/socket_helper.c @@ -51,7 +51,7 @@ int bio_ip_and_port_to_socket_and_addr(int *out_sock, ret = getaddrinfo(hostname, port_str, &hint, &result); if (ret != 0) { OPENSSL_PUT_ERROR(SYS, getaddrinfo, 0); - ERR_add_error_data(2, gai_strerror(ret)); + ERR_add_error_data(1, gai_strerror(ret)); return 0; } diff --git a/src/crypto/bn/CMakeLists.txt b/src/crypto/bn/CMakeLists.txt index 25663af..2e0cb45 100644 --- a/src/crypto/bn/CMakeLists.txt +++ b/src/crypto/bn/CMakeLists.txt @@ -4,7 +4,6 @@ if (${ARCH} STREQUAL "x86_64") set( BN_ARCH_SOURCES - asm/x86_64-gcc.c x86_64-mont.${ASM_EXT} x86_64-mont5.${ASM_EXT} rsaz-x86_64.${ASM_EXT} @@ -38,6 +37,7 @@ add_library( OBJECT add.c + asm/x86_64-gcc.c bn.c cmp.c convert.c @@ -70,6 +70,8 @@ add_executable( bn_test bn_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(bn_test crypto) diff --git a/src/crypto/bn/bn_test.cc b/src/crypto/bn/bn_test.cc index 9aa2bf5..6a7d48c 100644 --- a/src/crypto/bn/bn_test.cc +++ b/src/crypto/bn/bn_test.cc @@ -72,6 +72,7 @@ #define __STDC_FORMAT_MACROS #endif +#include <errno.h> #include <stdio.h> #include <string.h> @@ -83,6 +84,12 @@ #include "../crypto/test/scoped_types.h" +// This program tests the BIGNUM implementation. It takes an optional -bc +// argument to write a transcript compatible with the UNIX bc utility. +// +// TODO(davidben): Rather than generate random inputs and depend on bc to check +// the results, most of these tests should use known answers. + static const int num0 = 100; // number of tests static const int num1 = 50; // additional tests for some functions static const int num2 = 5; // number of tests for slow functions @@ -114,10 +121,7 @@ static bool test_bn2bin_padded(FILE *fp, BN_CTX *ctx); static bool test_dec2bn(FILE *fp, BN_CTX *ctx); static bool test_hex2bn(FILE *fp, BN_CTX *ctx); static bool test_asc2bn(FILE *fp, BN_CTX *ctx); - -// g_results can be set to true to cause the result of each computation to be -// printed. -static bool g_results = false; +static bool test_rand(); static const uint8_t kSample[] = "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" @@ -126,7 +130,15 @@ static const uint8_t kSample[] = // A wrapper around puts that takes its arguments in the same order as our *_fp // functions. static void puts_fp(FILE *out, const char *m) { - fputs(m, out); + if (out != nullptr) { + fputs(m, out); + } +} + +static void flush_fp(FILE *out) { + if (out != nullptr) { + fflush(out); + } } static void message(FILE *out, const char *m) { @@ -138,11 +150,24 @@ static void message(FILE *out, const char *m) { int main(int argc, char *argv[]) { CRYPTO_library_init(); + ScopedFILE bc_file; argc--; argv++; while (argc >= 1) { - if (strcmp(*argv, "-results") == 0) { - g_results = true; + if (strcmp(*argv, "-bc") == 0) { + if (argc < 2) { + fprintf(stderr, "Missing parameter to -bc\n"); + return 1; + } + bc_file.reset(fopen(argv[1], "w+")); + if (!bc_file) { + fprintf(stderr, "Failed to open %s: %s\n", argv[1], strerror(errno)); + } + argc--; + argv++; + } else { + fprintf(stderr, "Unknown option: %s\n", argv[0]); + return 1; } argc--; argv++; @@ -154,159 +179,167 @@ int main(int argc, char *argv[]) { return 1; } - if (!g_results) { - puts_fp(stdout, "obase=16\nibase=16\n"); - } + puts_fp(bc_file.get(), "/* This script, when run through the UNIX bc utility, " + "should produce a sequence of zeros. */\n"); + puts_fp(bc_file.get(), "/* tr a-f A-F < bn_test.out | sed s/BAsE/base/ | bc " + "| grep -v 0 */\n"); + puts_fp(bc_file.get(), "obase=16\nibase=16\n"); - message(stdout, "BN_add"); - if (!test_add(stdout)) { + message(bc_file.get(), "BN_add"); + if (!test_add(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_sub"); - if (!test_sub(stdout)) { + message(bc_file.get(), "BN_sub"); + if (!test_sub(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_lshift1"); - if (!test_lshift1(stdout)) { + message(bc_file.get(), "BN_lshift1"); + if (!test_lshift1(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_lshift (fixed)"); + message(bc_file.get(), "BN_lshift (fixed)"); ScopedBIGNUM sample(BN_bin2bn(kSample, sizeof(kSample) - 1, NULL)); if (!sample) { return 1; } - if (!test_lshift(stdout, ctx.get(), bssl::move(sample))) { + if (!test_lshift(bc_file.get(), ctx.get(), bssl::move(sample))) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_lshift"); - if (!test_lshift(stdout, ctx.get(), nullptr)) { + message(bc_file.get(), "BN_lshift"); + if (!test_lshift(bc_file.get(), ctx.get(), nullptr)) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_rshift1"); - if (!test_rshift1(stdout)) { + message(bc_file.get(), "BN_rshift1"); + if (!test_rshift1(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_rshift"); - if (!test_rshift(stdout, ctx.get())) { + message(bc_file.get(), "BN_rshift"); + if (!test_rshift(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_sqr"); - if (!test_sqr(stdout, ctx.get())) { + message(bc_file.get(), "BN_sqr"); + if (!test_sqr(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mul"); - if (!test_mul(stdout)) { + message(bc_file.get(), "BN_mul"); + if (!test_mul(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_div"); - if (!test_div(stdout, ctx.get())) { + message(bc_file.get(), "BN_div"); + if (!test_div(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_div_word"); - if (!test_div_word(stdout)) { + message(bc_file.get(), "BN_div_word"); + if (!test_div_word(bc_file.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mod"); - if (!test_mod(stdout, ctx.get())) { + message(bc_file.get(), "BN_mod"); + if (!test_mod(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mod_mul"); - if (!test_mod_mul(stdout, ctx.get())) { + message(bc_file.get(), "BN_mod_mul"); + if (!test_mod_mul(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mont"); - if (!test_mont(stdout, ctx.get())) { + message(bc_file.get(), "BN_mont"); + if (!test_mont(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mod_exp"); - if (!test_mod_exp(stdout, ctx.get())) { + message(bc_file.get(), "BN_mod_exp"); + if (!test_mod_exp(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_mod_exp_mont_consttime"); - if (!test_mod_exp_mont_consttime(stdout, ctx.get()) || - !test_mod_exp_mont5(stdout, ctx.get())) { + message(bc_file.get(), "BN_mod_exp_mont_consttime"); + if (!test_mod_exp_mont_consttime(bc_file.get(), ctx.get()) || + !test_mod_exp_mont5(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_exp"); - if (!test_exp(stdout, ctx.get()) || + message(bc_file.get(), "BN_exp"); + if (!test_exp(bc_file.get(), ctx.get()) || !test_exp_mod_zero()) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); + + message(bc_file.get(), "BN_mod_sqrt"); + if (!test_mod_sqrt(bc_file.get(), ctx.get())) { + return 1; + } + flush_fp(bc_file.get()); - message(stdout, "BN_mod_sqrt"); - if (!test_mod_sqrt(stdout, ctx.get())) { + message(bc_file.get(), "Small prime generation"); + if (!test_small_prime(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "Small prime generation"); - if (!test_small_prime(stdout, ctx.get())) { + message(bc_file.get(), "BN_sqrt"); + if (!test_sqrt(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_sqrt"); - if (!test_sqrt(stdout, ctx.get())) { + message(bc_file.get(), "BN_bn2bin_padded"); + if (!test_bn2bin_padded(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_bn2bin_padded"); - if (!test_bn2bin_padded(stdout, ctx.get())) { + message(bc_file.get(), "BN_dec2bn"); + if (!test_dec2bn(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_dec2bn"); - if (!test_dec2bn(stdout, ctx.get())) { + message(bc_file.get(), "BN_hex2bn"); + if (!test_hex2bn(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_hex2bn"); - if (!test_hex2bn(stdout, ctx.get())) { + message(bc_file.get(), "BN_asc2bn"); + if (!test_asc2bn(bc_file.get(), ctx.get())) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); - message(stdout, "BN_asc2bn"); - if (!test_asc2bn(stdout, ctx.get())) { + message(bc_file.get(), "BN_rand"); + if (!test_rand()) { return 1; } - fflush(stdout); + flush_fp(bc_file.get()); printf("PASS\n"); return 0; @@ -330,12 +363,10 @@ static bool test_add(FILE *fp) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " + "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " + "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -380,12 +411,10 @@ static bool test_sub(FILE *fp) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " - "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -428,21 +457,17 @@ static bool test_div(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " / "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " / "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, d.get()); puts_fp(fp, "\n"); - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " % "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -499,11 +524,9 @@ static bool test_lshift1(FILE *fp) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * 2"); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * 2"); + puts_fp(fp, " - "); BN_print_fp(fp, b.get()); puts_fp(fp, "\n"); } @@ -540,12 +563,10 @@ static bool test_rshift(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " / "); - BN_print_fp(fp, c.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " / "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); BN_print_fp(fp, b.get()); puts_fp(fp, "\n"); } @@ -575,11 +596,9 @@ static bool test_rshift1(FILE *fp) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " / 2"); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " / 2"); + puts_fp(fp, " - "); BN_print_fp(fp, b.get()); puts_fp(fp, "\n"); } @@ -620,12 +639,10 @@ static bool test_lshift(FILE *fp, BN_CTX *ctx, ScopedBIGNUM a) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, c.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); BN_print_fp(fp, b.get()); puts_fp(fp, "\n"); } @@ -676,12 +693,10 @@ static bool test_mul(FILE *fp) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -730,12 +745,10 @@ static bool test_sqr(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, a.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -758,12 +771,10 @@ static bool test_sqr(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, a.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -786,12 +797,10 @@ static bool test_sqr(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, a.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -846,21 +855,17 @@ static bool test_div_word(FILE *fp) { } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " / "); - print_word(fp, s); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " / "); + print_word(fp, s); + puts_fp(fp, " - "); BN_print_fp(fp, b.get()); puts_fp(fp, "\n"); - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " % "); - print_word(fp, s); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " % "); + print_word(fp, s); + puts_fp(fp, " - "); print_word(fp, r); puts_fp(fp, "\n"); } @@ -909,14 +914,12 @@ static bool test_mont(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " % "); - BN_print_fp(fp, &mont->N); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, &mont->N); + puts_fp(fp, " - "); BN_print_fp(fp, A.get()); puts_fp(fp, "\n"); } @@ -953,12 +956,10 @@ static bool test_mod(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " % "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, c.get()); puts_fp(fp, "\n"); } @@ -1000,22 +1001,20 @@ static bool test_mod_mul(FILE *fp, BN_CTX *ctx) { return false; } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " * "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " % "); + BN_print_fp(fp, a.get()); + puts_fp(fp, " * "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, c.get()); + if (a->neg != b->neg && !BN_is_zero(e.get())) { + // If (a*b) % c is negative, c must be added + // in order to obtain the normalized remainder + // (new with OpenSSL 0.9.7, previous versions of + // BN_mod_mul could generate negative results) + puts_fp(fp, " + "); BN_print_fp(fp, c.get()); - if (a->neg != b->neg && !BN_is_zero(e.get())) { - // If (a*b) % c is negative, c must be added - // in order to obtain the normalized remainder - // (new with OpenSSL 0.9.7, previous versions of - // BN_mod_mul could generate negative results) - puts_fp(fp, " + "); - BN_print_fp(fp, c.get()); - } - puts_fp(fp, " - "); } + puts_fp(fp, " - "); BN_print_fp(fp, e.get()); puts_fp(fp, "\n"); } @@ -1052,14 +1051,12 @@ static bool test_mod_exp(FILE *fp, BN_CTX *ctx) { } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " ^ "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " % "); - BN_print_fp(fp, c.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " ^ "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); BN_print_fp(fp, d.get()); puts_fp(fp, "\n"); } @@ -1095,14 +1092,12 @@ static bool test_mod_exp_mont_consttime(FILE *fp, BN_CTX *ctx) { } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " ^ "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " % "); - BN_print_fp(fp, c.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " ^ "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " % "); + BN_print_fp(fp, c.get()); + puts_fp(fp, " - "); BN_print_fp(fp, d.get()); puts_fp(fp, "\n"); } @@ -1203,12 +1198,10 @@ static bool test_exp(FILE *fp, BN_CTX *ctx) { } if (fp != NULL) { - if (!g_results) { - BN_print_fp(fp, a.get()); - puts_fp(fp, " ^ "); - BN_print_fp(fp, b.get()); - puts_fp(fp, " - "); - } + BN_print_fp(fp, a.get()); + puts_fp(fp, " ^ "); + BN_print_fp(fp, b.get()); + puts_fp(fp, " - "); BN_print_fp(fp, d.get()); puts_fp(fp, "\n"); } @@ -1247,32 +1240,15 @@ static bool test_exp_mod_zero(void) { } if (!BN_is_zero(r.get())) { - printf("1**0 mod 1 = "); - BN_print_fp(stdout, r.get()); - printf(", should be 0\n"); + fprintf(stderr, "1**0 mod 1 = "); + BN_print_fp(stderr, r.get()); + fprintf(stderr, ", should be 0\n"); return false; } return true; } -static int genprime_cb(int p, int n, BN_GENCB *arg) { - char c = '*'; - - if (p == 0) { - c = '.'; - } else if (p == 1) { - c = '+'; - } else if (p == 2) { - c = '*'; - } else if (p == 3) { - c = '\n'; - } - putc(c, stdout); - fflush(stdout); - return 1; -} - static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx) { ScopedBIGNUM a(BN_new()); ScopedBIGNUM p(BN_new()); @@ -1281,9 +1257,6 @@ static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx) { return false; } - BN_GENCB cb; - BN_GENCB_set(&cb, genprime_cb, NULL); - for (int i = 0; i < 16; i++) { if (i < 8) { const unsigned kPrimes[8] = {2, 3, 5, 7, 11, 13, 17, 19}; @@ -1293,10 +1266,9 @@ static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx) { } else { if (!BN_set_word(a.get(), 32) || !BN_set_word(r.get(), 2 * i + 1) || - !BN_generate_prime_ex(p.get(), 256, 0, a.get(), r.get(), &cb)) { + !BN_generate_prime_ex(p.get(), 256, 0, a.get(), r.get(), nullptr)) { return false; } - putc('\n', stdout); } p->neg = rand_neg(); @@ -1332,26 +1304,21 @@ static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx) { fprintf(stderr, "\n"); return false; } - - putc('.', stdout); - fflush(stdout); } - - putc('\n', stdout); - fflush(stderr); } return true; } static bool test_small_prime(FILE *fp, BN_CTX *ctx) { - static const int kBits = 10; + static const unsigned kBits = 10; ScopedBIGNUM r(BN_new()); - if (!r || !BN_generate_prime_ex(r.get(), kBits, 0, NULL, NULL, NULL)) { + if (!r || !BN_generate_prime_ex(r.get(), static_cast<int>(kBits), 0, NULL, + NULL, NULL)) { return false; } if (BN_num_bits(r.get()) != kBits) { - fprintf(fp, "Expected %d bit prime, got %d bit number\n", kBits, + fprintf(fp, "Expected %u bit prime, got %u bit number\n", kBits, BN_num_bits(r.get())); return false; } @@ -1617,3 +1584,47 @@ static bool test_asc2bn(FILE *fp, BN_CTX *ctx) { return true; } + +static bool test_rand() { + ScopedBIGNUM bn(BN_new()); + if (!bn) { + return false; + } + + // Test BN_rand accounts for degenerate cases with |top| and |bottom| + // parameters. + if (!BN_rand(bn.get(), 0, 0 /* top */, 0 /* bottom */) || + !BN_is_zero(bn.get())) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + if (!BN_rand(bn.get(), 0, 1 /* top */, 1 /* bottom */) || + !BN_is_zero(bn.get())) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + + if (!BN_rand(bn.get(), 1, 0 /* top */, 0 /* bottom */) || + !BN_is_word(bn.get(), 1)) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + if (!BN_rand(bn.get(), 1, 1 /* top */, 0 /* bottom */) || + !BN_is_word(bn.get(), 1)) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + if (!BN_rand(bn.get(), 1, -1 /* top */, 1 /* bottom */) || + !BN_is_word(bn.get(), 1)) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + + if (!BN_rand(bn.get(), 2, 1 /* top */, 0 /* bottom */) || + !BN_is_word(bn.get(), 3)) { + fprintf(stderr, "BN_rand gave a bad result.\n"); + return false; + } + + return true; +} diff --git a/src/crypto/bn/random.c b/src/crypto/bn/random.c index 3be7510..549ac48 100644 --- a/src/crypto/bn/random.c +++ b/src/crypto/bn/random.c @@ -144,7 +144,7 @@ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { } if (top != -1) { - if (top) { + if (top && bits > 1) { if (bit == 0) { buf[0] = 1; buf[1] |= 0x80; diff --git a/src/crypto/bn/shift.c b/src/crypto/bn/shift.c index 1e3b7c3..f143996 100644 --- a/src/crypto/bn/shift.c +++ b/src/crypto/bn/shift.c @@ -58,6 +58,8 @@ #include <string.h> +#include <openssl/err.h> + #include "internal.h" @@ -66,6 +68,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) { BN_ULONG *t, *f; BN_ULONG l; + if (n < 0) { + OPENSSL_PUT_ERROR(BN, BN_lshift, BN_R_NEGATIVE_NUMBER); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) { @@ -130,6 +137,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) { BN_ULONG *t, *f; BN_ULONG l, tmp; + if (n < 0) { + OPENSSL_PUT_ERROR(BN, BN_rshift, BN_R_NEGATIVE_NUMBER); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; diff --git a/src/crypto/bytestring/CMakeLists.txt b/src/crypto/bytestring/CMakeLists.txt index d1f0441..cbbacf2 100644 --- a/src/crypto/bytestring/CMakeLists.txt +++ b/src/crypto/bytestring/CMakeLists.txt @@ -14,6 +14,8 @@ add_executable( bytestring_test bytestring_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(bytestring_test crypto) diff --git a/src/crypto/bytestring/ber.c b/src/crypto/bytestring/ber.c index 2729fa1..e3b150c 100644 --- a/src/crypto/bytestring/ber.c +++ b/src/crypto/bytestring/ber.c @@ -43,7 +43,7 @@ static int cbs_find_ber(CBS *orig_in, char *ber_found, unsigned depth) { unsigned tag; size_t header_len; - if (!CBS_get_any_asn1_element(&in, &contents, &tag, &header_len)) { + if (!CBS_get_any_ber_asn1_element(&in, &contents, &tag, &header_len)) { return 0; } if (CBS_len(&contents) == header_len && @@ -74,7 +74,7 @@ static char is_primitive_type(unsigned tag) { } /* is_eoc returns true if |header_len| and |contents|, as returned by - * |CBS_get_any_asn1_element|, indicate an "end of contents" (EOC) value. */ + * |CBS_get_any_ber_asn1_element|, indicate an "end of contents" (EOC) value. */ static char is_eoc(size_t header_len, CBS *contents) { return header_len == 2 && CBS_len(contents) == 2 && memcmp(CBS_data(contents), "\x00\x00", 2) == 0; @@ -98,7 +98,7 @@ static int cbs_convert_ber(CBS *in, CBB *out, char squash_header, size_t header_len; CBB *out_contents, out_contents_storage; - if (!CBS_get_any_asn1_element(in, &contents, &tag, &header_len)) { + if (!CBS_get_any_ber_asn1_element(in, &contents, &tag, &header_len)) { return 0; } out_contents = out; @@ -129,8 +129,8 @@ static int cbs_convert_ber(CBS *in, CBB *out, char squash_header, size_t inner_header_len; CBS_init(&in_copy, CBS_data(in), CBS_len(in)); - if (!CBS_get_any_asn1_element(&in_copy, &inner_contents, &inner_tag, - &inner_header_len)) { + if (!CBS_get_any_ber_asn1_element(&in_copy, &inner_contents, + &inner_tag, &inner_header_len)) { return 0; } if (CBS_len(&inner_contents) > inner_header_len && @@ -209,7 +209,9 @@ int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len) { return 1; } - CBB_init(&cbb, CBS_len(in)); + if (!CBB_init(&cbb, CBS_len(in))) { + return 0; + } if (!cbs_convert_ber(in, &cbb, 0, 0, 0)) { CBB_cleanup(&cbb); return 0; diff --git a/src/crypto/bytestring/cbs.c b/src/crypto/bytestring/cbs.c index 10f1a99..b8caedd 100644 --- a/src/crypto/bytestring/cbs.c +++ b/src/crypto/bytestring/cbs.c @@ -157,8 +157,8 @@ int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) { return cbs_get_length_prefixed(cbs, out, 3); } -int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, - size_t *out_header_len) { +static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, + size_t *out_header_len, int ber_ok) { uint8_t tag, length_byte; CBS header = *cbs; CBS throwaway; @@ -193,9 +193,11 @@ int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, const size_t num_bytes = length_byte & 0x7f; uint32_t len32; - if ((tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) { + if (ber_ok && (tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) { /* indefinite length */ - *out_header_len = 2; + if (out_header_len != NULL) { + *out_header_len = 2; + } return CBS_get_bytes(cbs, out, 2); } @@ -227,6 +229,18 @@ int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, return CBS_get_bytes(cbs, out, len); } +int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, + size_t *out_header_len) { + return cbs_get_any_asn1_element(cbs, out, out_tag, out_header_len, + 0 /* DER only */); +} + +int CBS_get_any_ber_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag, + size_t *out_header_len) { + return cbs_get_any_asn1_element(cbs, out, out_tag, out_header_len, + 1 /* BER allowed */); +} + static int cbs_get_asn1(CBS *cbs, CBS *out, unsigned tag_value, int skip_header) { size_t header_len; @@ -238,12 +252,7 @@ static int cbs_get_asn1(CBS *cbs, CBS *out, unsigned tag_value, } if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) || - tag != tag_value || - (header_len > 0 && - /* This ensures that the tag is either zero length or - * indefinite-length. */ - CBS_len(out) == header_len && - CBS_data(out)[header_len - 1] == 0x80)) { + tag != tag_value) { return 0; } diff --git a/src/crypto/bytestring/internal.h b/src/crypto/bytestring/internal.h index b4ea7e5..391ad19 100644 --- a/src/crypto/bytestring/internal.h +++ b/src/crypto/bytestring/internal.h @@ -38,6 +38,14 @@ extern "C" { * It returns one on success and zero otherwise. */ OPENSSL_EXPORT int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len); +/* CBS_get_any_ber_asn1_element acts the same as |CBS_get_any_asn1_element| but + * also allows indefinite-length elements to be returned. In that case, + * |*out_header_len| and |CBS_len(out)| will both be two as only the header is + * returned. */ +OPENSSL_EXPORT int CBS_get_any_ber_asn1_element(CBS *cbs, CBS *out, + unsigned *out_tag, + size_t *out_header_len); + #if defined(__cplusplus) } /* extern C */ diff --git a/src/crypto/cipher/CMakeLists.txt b/src/crypto/cipher/CMakeLists.txt index f428e25..2775698 100644 --- a/src/crypto/cipher/CMakeLists.txt +++ b/src/crypto/cipher/CMakeLists.txt @@ -24,7 +24,8 @@ add_library( add_executable( cipher_test - cipher_test.c + cipher_test.cc + $<TARGET_OBJECTS:test_support> ) add_executable( diff --git a/src/crypto/cipher/cipher.c b/src/crypto/cipher/cipher.c index 1dcfd06..400c3f5 100644 --- a/src/crypto/cipher/cipher.c +++ b/src/crypto/cipher/cipher.c @@ -94,14 +94,13 @@ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { } int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) { - if (c->cipher != NULL && c->cipher->cleanup) { - c->cipher->cleanup(c); - } - - if (c->cipher_data) { + if (c->cipher != NULL) { + if (c->cipher->cleanup) { + c->cipher->cleanup(c); + } OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); - OPENSSL_free(c->cipher_data); } + OPENSSL_free(c->cipher_data); memset(c, 0, sizeof(EVP_CIPHER_CTX)); return 1; @@ -165,6 +164,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, if (ctx->cipher->ctx_size) { ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); if (!ctx->cipher_data) { + ctx->cipher = NULL; OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, ERR_R_MALLOC_FAILURE); return 0; } @@ -177,6 +177,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { + ctx->cipher = NULL; OPENSSL_PUT_ERROR(CIPHER, EVP_CipherInit_ex, CIPHER_R_INITIALIZATION_ERROR); return 0; } diff --git a/src/crypto/cipher/cipher_test.c b/src/crypto/cipher/cipher_test.c deleted file mode 100644 index 390262f..0000000 --- a/src/crypto/cipher/cipher_test.c +++ /dev/null @@ -1,423 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - -#include <stdlib.h> -#include <string.h> - -#include <openssl/cipher.h> -#include <openssl/crypto.h> -#include <openssl/err.h> - - -static void hexdump(FILE *f, const char *title, const uint8_t *s, int l) { - int n = 0; - - fprintf(f, "%s", title); - for (; n < l; ++n) { - if ((n % 16) == 0) { - fprintf(f, "\n%04x", n); - } - fprintf(f, " %02x", s[n]); - } - fprintf(f, "\n"); -} - -static int convert(uint8_t *s) { - uint8_t *d; - - for (d = s; *s; s += 2, ++d) { - unsigned int n; - - if (!s[1]) { - fprintf(stderr, "Odd number of hex digits!"); - exit(4); - } - sscanf((char *)s, "%2x", &n); - *d = (uint8_t)n; - } - return s - d; -} - -static char *sstrsep(char **string, const char *delim) { - char isdelim[256]; - char *token = *string; - - if (**string == 0) { - return NULL; - } - - memset(isdelim, 0, 256); - isdelim[0] = 1; - - while (*delim) { - isdelim[(uint8_t)(*delim)] = 1; - delim++; - } - - while (!isdelim[(uint8_t)(**string)]) { - (*string)++; - } - - if (**string) { - **string = 0; - (*string)++; - } - - return token; -} - -static uint8_t *ustrsep(char **p, const char *sep) { - return (uint8_t *)sstrsep(p, sep); -} - -static void test1(const char* cipher_name, const EVP_CIPHER *c, - const uint8_t *key, int kn, const uint8_t *iv, int in, - const uint8_t *plaintext, int pn, const uint8_t *ciphertext, - int cn, const uint8_t *aad, int an, const uint8_t *tag, - int tn, int encdec) { - EVP_CIPHER_CTX ctx; - uint8_t out[4096]; - int outl, outl2, mode; - - printf("Testing cipher %s%s\n", cipher_name, - (encdec == 1 ? "(encrypt)" - : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)"))); - hexdump(stdout, "Key", key, kn); - if (in) { - hexdump(stdout, "IV", iv, in); - } - hexdump(stdout, "Plaintext", plaintext, pn); - hexdump(stdout, "Ciphertext", ciphertext, cn); - if (an) { - hexdump(stdout, "AAD", aad, an); - } - if (tn) { - hexdump(stdout, "Tag", tag, tn); - } - mode = EVP_CIPHER_mode(c); - if (kn != EVP_CIPHER_key_length(c)) { - fprintf(stderr, "Key length doesn't match, got %d expected %lu\n", kn, - (unsigned long)EVP_CIPHER_key_length(c)); - exit(5); - } - EVP_CIPHER_CTX_init(&ctx); - if (encdec != 0) { - if (mode == EVP_CIPH_GCM_MODE) { - if (!EVP_EncryptInit_ex(&ctx, c, NULL, NULL, NULL)) { - fprintf(stderr, "EncryptInit failed\n"); - ERR_print_errors_fp(stderr); - exit(10); - } - if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, in, NULL)) { - fprintf(stderr, "IV length set failed\n"); - ERR_print_errors_fp(stderr); - exit(11); - } - if (!EVP_EncryptInit_ex(&ctx, NULL, NULL, key, iv)) { - fprintf(stderr, "Key/IV set failed\n"); - ERR_print_errors_fp(stderr); - exit(12); - } - if (an && !EVP_EncryptUpdate(&ctx, NULL, &outl, aad, an)) { - fprintf(stderr, "AAD set failed\n"); - ERR_print_errors_fp(stderr); - exit(13); - } - } else if (!EVP_EncryptInit_ex(&ctx, c, NULL, key, iv)) { - fprintf(stderr, "EncryptInit failed\n"); - ERR_print_errors_fp(stderr); - exit(10); - } - EVP_CIPHER_CTX_set_padding(&ctx, 0); - - if (!EVP_EncryptUpdate(&ctx, out, &outl, plaintext, pn)) { - fprintf(stderr, "Encrypt failed\n"); - ERR_print_errors_fp(stderr); - exit(6); - } - if (!EVP_EncryptFinal_ex(&ctx, out + outl, &outl2)) { - fprintf(stderr, "EncryptFinal failed\n"); - ERR_print_errors_fp(stderr); - exit(7); - } - - if (outl + outl2 != cn) { - fprintf(stderr, "Ciphertext length mismatch got %d expected %d\n", - outl + outl2, cn); - exit(8); - } - - if (memcmp(out, ciphertext, cn)) { - fprintf(stderr, "Ciphertext mismatch\n"); - hexdump(stderr, "Got", out, cn); - hexdump(stderr, "Expected", ciphertext, cn); - exit(9); - } - if (mode == EVP_CIPH_GCM_MODE) { - uint8_t rtag[16]; - /* Note: EVP_CTRL_CCM_GET_TAG has same value as - * EVP_CTRL_GCM_GET_TAG - */ - if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, tn, rtag)) { - fprintf(stderr, "Get tag failed\n"); - ERR_print_errors_fp(stderr); - exit(14); - } - if (memcmp(rtag, tag, tn)) { - fprintf(stderr, "Tag mismatch\n"); - hexdump(stderr, "Got", rtag, tn); - hexdump(stderr, "Expected", tag, tn); - exit(9); - } - } - } - - if (encdec <= 0) { - if (mode == EVP_CIPH_GCM_MODE) { - if (!EVP_DecryptInit_ex(&ctx, c, NULL, NULL, NULL)) { - fprintf(stderr, "EncryptInit failed\n"); - ERR_print_errors_fp(stderr); - exit(10); - } - if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, in, NULL)) { - fprintf(stderr, "IV length set failed\n"); - ERR_print_errors_fp(stderr); - exit(11); - } - if (!EVP_DecryptInit_ex(&ctx, NULL, NULL, key, iv)) { - fprintf(stderr, "Key/IV set failed\n"); - ERR_print_errors_fp(stderr); - exit(12); - } - if (!EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, tn, (void *)tag)) { - fprintf(stderr, "Set tag failed\n"); - ERR_print_errors_fp(stderr); - exit(14); - } - if (an && !EVP_DecryptUpdate(&ctx, NULL, &outl, aad, an)) { - fprintf(stderr, "AAD set failed\n"); - ERR_print_errors_fp(stderr); - exit(13); - } - } else if (!EVP_DecryptInit_ex(&ctx, c, NULL, key, iv)) { - fprintf(stderr, "DecryptInit failed\n"); - ERR_print_errors_fp(stderr); - exit(11); - } - EVP_CIPHER_CTX_set_padding(&ctx, 0); - - if (!EVP_DecryptUpdate(&ctx, out, &outl, ciphertext, cn)) { - fprintf(stderr, "Decrypt failed\n"); - ERR_print_errors_fp(stderr); - exit(6); - } - outl2 = 0; - if (!EVP_DecryptFinal_ex(&ctx, out + outl, &outl2)) { - fprintf(stderr, "DecryptFinal failed\n"); - ERR_print_errors_fp(stderr); - exit(7); - } - - if (outl + outl2 != pn) { - fprintf(stderr, "Plaintext length mismatch got %d expected %d\n", - outl + outl2, pn); - exit(8); - } - - if (memcmp(out, plaintext, pn)) { - fprintf(stderr, "Plaintext mismatch\n"); - hexdump(stderr, "Got", out, pn); - hexdump(stderr, "Expected", plaintext, pn); - exit(9); - } - } - - EVP_CIPHER_CTX_cleanup(&ctx); - - printf("\n"); -} - -static int test_cipher(const char *cipher, const uint8_t *key, int kn, - const uint8_t *iv, int in, const uint8_t *plaintext, - int pn, const uint8_t *ciphertext, int cn, - const uint8_t *aad, int an, const uint8_t *tag, int tn, - int encdec) { - const EVP_CIPHER *c; - - if (strcmp(cipher, "DES-CBC") == 0) { - c = EVP_des_cbc(); - } else if (strcmp(cipher, "DES-EDE3-CBC") == 0) { - c = EVP_des_ede3_cbc(); - } else if (strcmp(cipher, "RC4") == 0) { - c = EVP_rc4(); - } else if (strcmp(cipher, "AES-128-ECB") == 0) { - c = EVP_aes_128_ecb(); - } else if (strcmp(cipher, "AES-256-ECB") == 0) { - c = EVP_aes_256_ecb(); - } else if (strcmp(cipher, "AES-128-CBC") == 0) { - c = EVP_aes_128_cbc(); - } else if (strcmp(cipher, "AES-128-GCM") == 0) { - c = EVP_aes_128_gcm(); - } else if (strcmp(cipher, "AES-128-OFB") == 0) { - c = EVP_aes_128_ofb(); - } else if (strcmp(cipher, "AES-192-CBC") == 0) { - c = EVP_aes_192_cbc(); - } else if (strcmp(cipher, "AES-192-ECB") == 0) { - c = EVP_aes_192_ecb(); - } else if (strcmp(cipher, "AES-256-CBC") == 0) { - c = EVP_aes_256_cbc(); - } else if (strcmp(cipher, "AES-128-CTR") == 0) { - c = EVP_aes_128_ctr(); - } else if (strcmp(cipher, "AES-256-CTR") == 0) { - c = EVP_aes_256_ctr(); - } else if (strcmp(cipher, "AES-256-GCM") == 0) { - c = EVP_aes_256_gcm(); - } else if (strcmp(cipher, "AES-256-OFB") == 0) { - c = EVP_aes_256_ofb(); - } else { - fprintf(stderr, "Unknown cipher type %s\n", cipher); - return 0; - } - - test1(cipher, c, key, kn, iv, in, plaintext, pn, ciphertext, cn, aad, an, - tag, tn, encdec); - - return 1; -} - -int main(int argc, char **argv) { - const char *input_file; - FILE *f; - - CRYPTO_library_init(); - - if (argc != 2) { - fprintf(stderr, "%s <test file>\n", argv[0]); - return 1; - } - - input_file = argv[1]; - - f = fopen(input_file, "r"); - if (!f) { - perror(input_file); - return 2; - } - - ERR_load_crypto_strings(); - - for (;;) { - char line[4096]; - char *p; - char *cipher; - uint8_t *iv, *key, *plaintext, *ciphertext, *aad, *tag; - int encdec; - int kn, in, pn, cn; - int an = 0; - int tn = 0; - - if (!fgets((char *)line, sizeof line, f)) { - break; - } - if (line[0] == '#' || line[0] == '\n') { - continue; - } - p = line; - cipher = sstrsep(&p, ":"); - key = ustrsep(&p, ":"); - iv = ustrsep(&p, ":"); - plaintext = ustrsep(&p, ":"); - ciphertext = ustrsep(&p, ":"); - if (p[-1] == '\n') { - encdec = -1; - p[-1] = '\0'; - tag = aad = NULL; - an = tn = 0; - } else { - aad = ustrsep(&p, ":"); - tag = ustrsep(&p, ":"); - if (tag == NULL) { - p = (char *)aad; - tag = aad = NULL; - an = tn = 0; - } - if (p[-1] == '\n') { - encdec = -1; - p[-1] = '\0'; - } else { - encdec = atoi(sstrsep(&p, "\n")); - } - } - - kn = convert(key); - in = convert(iv); - pn = convert(plaintext); - cn = convert(ciphertext); - if (aad) { - an = convert(aad); - tn = convert(tag); - } - - if (!test_cipher(cipher, key, kn, iv, in, plaintext, pn, ciphertext, cn, - aad, an, tag, tn, encdec)) { - return 3; - } - } - fclose(f); - - printf("PASS\n"); - return 0; -} diff --git a/src/crypto/cipher/cipher_test.cc b/src/crypto/cipher/cipher_test.cc new file mode 100644 index 0000000..97a84e0 --- /dev/null +++ b/src/crypto/cipher/cipher_test.cc @@ -0,0 +1,262 @@ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include <stdlib.h> +#include <string.h> + +#include <string> +#include <vector> + +#include <openssl/cipher.h> +#include <openssl/crypto.h> +#include <openssl/err.h> + +#include "../test/file_test.h" +#include "../test/scoped_types.h" +#include "../test/stl_compat.h" + + +static const EVP_CIPHER *GetCipher(const std::string &name) { + if (name == "DES-CBC") { + return EVP_des_cbc(); + } else if (name == "DES-EDE3-CBC") { + return EVP_des_ede3_cbc(); + } else if (name == "RC4") { + return EVP_rc4(); + } else if (name == "AES-128-ECB") { + return EVP_aes_128_ecb(); + } else if (name == "AES-256-ECB") { + return EVP_aes_256_ecb(); + } else if (name == "AES-128-CBC") { + return EVP_aes_128_cbc(); + } else if (name == "AES-128-GCM") { + return EVP_aes_128_gcm(); + } else if (name == "AES-128-OFB") { + return EVP_aes_128_ofb(); + } else if (name == "AES-192-CBC") { + return EVP_aes_192_cbc(); + } else if (name == "AES-192-ECB") { + return EVP_aes_192_ecb(); + } else if (name == "AES-256-CBC") { + return EVP_aes_256_cbc(); + } else if (name == "AES-128-CTR") { + return EVP_aes_128_ctr(); + } else if (name == "AES-256-CTR") { + return EVP_aes_256_ctr(); + } else if (name == "AES-256-GCM") { + return EVP_aes_256_gcm(); + } else if (name == "AES-256-OFB") { + return EVP_aes_256_ofb(); + } + return nullptr; +} + +static bool TestOperation(FileTest *t, + const EVP_CIPHER *cipher, + bool encrypt, + const std::vector<uint8_t> &key, + const std::vector<uint8_t> &iv, + const std::vector<uint8_t> &plaintext, + const std::vector<uint8_t> &ciphertext, + const std::vector<uint8_t> &aad, + const std::vector<uint8_t> &tag) { + const std::vector<uint8_t> *in, *out; + if (encrypt) { + in = &plaintext; + out = &ciphertext; + } else { + in = &ciphertext; + out = &plaintext; + } + + bool is_aead = EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE; + + ScopedEVP_CIPHER_CTX ctx; + if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr, + encrypt ? 1 : 0)) { + return false; + } + if (t->HasAttribute("IV")) { + if (is_aead) { + if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, + iv.size(), 0)) { + return false; + } + } else if (iv.size() != (size_t)EVP_CIPHER_CTX_iv_length(ctx.get())) { + t->PrintLine("Bad IV length."); + return false; + } + } + if (is_aead && !encrypt && + !EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, tag.size(), + const_cast<uint8_t*>(bssl::vector_data(&tag)))) { + return false; + } + // The ciphers are run with no padding. For each of the ciphers we test, the + // output size matches the input size. + std::vector<uint8_t> result(in->size()); + if (in->size() != out->size()) { + t->PrintLine("Input/output size mismatch (%u vs %u).", (unsigned)in->size(), + (unsigned)out->size()); + return false; + } + // Note: the deprecated |EVP_CIPHER|-based AES-GCM API is sensitive to whether + // parameters are NULL, so it is important to skip the |in| and |aad| + // |EVP_CipherUpdate| calls when empty. + int unused, result_len1 = 0, result_len2; + if (!EVP_CIPHER_CTX_set_key_length(ctx.get(), key.size()) || + !EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, bssl::vector_data(&key), + bssl::vector_data(&iv), -1) || + (!aad.empty() && + !EVP_CipherUpdate(ctx.get(), nullptr, &unused, bssl::vector_data(&aad), + aad.size())) || + !EVP_CIPHER_CTX_set_padding(ctx.get(), 0) || + (!in->empty() && + !EVP_CipherUpdate(ctx.get(), bssl::vector_data(&result), &result_len1, + bssl::vector_data(in), in->size())) || + !EVP_CipherFinal_ex(ctx.get(), bssl::vector_data(&result) + result_len1, + &result_len2)) { + t->PrintLine("Operation failed."); + return false; + } + result.resize(result_len1 + result_len2); + if (!t->ExpectBytesEqual(bssl::vector_data(out), out->size(), + bssl::vector_data(&result), result.size())) { + return false; + } + if (encrypt && is_aead) { + uint8_t rtag[16]; + if (tag.size() > sizeof(rtag)) { + t->PrintLine("Bad tag length."); + return false; + } + if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, tag.size(), + rtag) || + !t->ExpectBytesEqual(bssl::vector_data(&tag), tag.size(), rtag, + tag.size())) { + return false; + } + } + return true; +} + +static bool TestCipher(FileTest *t, void *arg) { + std::string cipher_str; + if (!t->GetAttribute(&cipher_str, "Cipher")) { + return false; + } + const EVP_CIPHER *cipher = GetCipher(cipher_str); + if (cipher == nullptr) { + t->PrintLine("Unknown cipher: '%s'.", cipher_str.c_str()); + return false; + } + + std::vector<uint8_t> key, iv, plaintext, ciphertext, aad, tag; + if (!t->GetBytes(&key, "Key") || + !t->GetBytes(&plaintext, "Plaintext") || + !t->GetBytes(&ciphertext, "Ciphertext")) { + return false; + } + if (EVP_CIPHER_iv_length(cipher) > 0 && + !t->GetBytes(&iv, "IV")) { + return false; + } + if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) { + if (!t->GetBytes(&aad, "AAD") || + !t->GetBytes(&tag, "Tag")) { + return false; + } + } + + enum { + kEncrypt, + kDecrypt, + kBoth, + } operation = kBoth; + if (t->HasAttribute("Operation")) { + const std::string &str = t->GetAttributeOrDie("Operation"); + if (str == "ENCRYPT") { + operation = kEncrypt; + } else if (str == "DECRYPT") { + operation = kDecrypt; + } else { + t->PrintLine("Unknown operation: '%s'.", str.c_str()); + return false; + } + } + + // By default, both directions are run, unless overridden by the operation. + if (operation != kDecrypt && + !TestOperation(t, cipher, true /* encrypt */, key, iv, plaintext, + ciphertext, aad, tag)) { + return false; + } + if (operation != kEncrypt && + !TestOperation(t, cipher, false /* decrypt */, key, iv, plaintext, + ciphertext, aad, tag)) { + return false; + } + + return true; +} + +int main(int argc, char **argv) { + CRYPTO_library_init(); + + if (argc != 2) { + fprintf(stderr, "%s <test file>\n", argv[0]); + return 1; + } + + return FileTestMain(TestCipher, nullptr, argv[1]); +} diff --git a/src/crypto/cipher/e_aes.c b/src/crypto/cipher/e_aes.c index eacbd10..41d0aec 100644 --- a/src/crypto/cipher/e_aes.c +++ b/src/crypto/cipher/e_aes.c @@ -115,7 +115,7 @@ static char bsaes_capable(void) { (defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)) #include "../arm_arch.h" -#if defined(OPENSSL_ARM) && __ARM_ARCH__ >= 7 +#if defined(OPENSSL_ARM) && __ARM_MAX_ARCH__ >= 7 #define BSAES static char bsaes_capable(void) { return CRYPTO_is_NEON_capable(); diff --git a/src/crypto/cipher/internal.h b/src/crypto/cipher/internal.h index 605b8cb..b2a94f4 100644 --- a/src/crypto/cipher/internal.h +++ b/src/crypto/cipher/internal.h @@ -70,8 +70,6 @@ extern "C" { #define EVP_CIPH_MODE_MASK 0x3f -struct evp_aead_ctx_st; - /* EVP_AEAD represents a specific AEAD algorithm. */ struct evp_aead_st { uint8_t key_len; @@ -79,27 +77,25 @@ struct evp_aead_st { uint8_t overhead; uint8_t max_tag_len; - /* init initialises an |evp_aead_ctx_st|. If this call returns zero then + /* init initialises an |EVP_AEAD_CTX|. If this call returns zero then * |cleanup| will not be called for that context. */ - int (*init)(struct evp_aead_ctx_st *, const uint8_t *key, - size_t key_len, size_t tag_len); - int (*init_with_direction)(struct evp_aead_ctx_st *, const uint8_t *key, - size_t key_len, size_t tag_len, - enum evp_aead_direction_t dir); - void (*cleanup)(struct evp_aead_ctx_st *); - - int (*seal)(const struct evp_aead_ctx_st *ctx, uint8_t *out, - size_t *out_len, size_t max_out_len, const uint8_t *nonce, - size_t nonce_len, const uint8_t *in, size_t in_len, - const uint8_t *ad, size_t ad_len); - - int (*open)(const struct evp_aead_ctx_st *ctx, uint8_t *out, - size_t *out_len, size_t max_out_len, const uint8_t *nonce, - size_t nonce_len, const uint8_t *in, size_t in_len, - const uint8_t *ad, size_t ad_len); - - int (*get_rc4_state)(const struct evp_aead_ctx_st *ctx, - const RC4_KEY **out_key); + int (*init)(EVP_AEAD_CTX *, const uint8_t *key, size_t key_len, + size_t tag_len); + int (*init_with_direction)(EVP_AEAD_CTX *, const uint8_t *key, size_t key_len, + size_t tag_len, enum evp_aead_direction_t dir); + void (*cleanup)(EVP_AEAD_CTX *); + + int (*seal)(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, + size_t max_out_len, const uint8_t *nonce, size_t nonce_len, + const uint8_t *in, size_t in_len, const uint8_t *ad, + size_t ad_len); + + int (*open)(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, + size_t max_out_len, const uint8_t *nonce, size_t nonce_len, + const uint8_t *in, size_t in_len, const uint8_t *ad, + size_t ad_len); + + int (*get_rc4_state)(const EVP_AEAD_CTX *ctx, const RC4_KEY **out_key); }; diff --git a/src/crypto/cipher/test/cipher_test.txt b/src/crypto/cipher/test/cipher_test.txt index f3c6d35..93cb8f3 100644 --- a/src/crypto/cipher/test/cipher_test.txt +++ b/src/crypto/cipher/test/cipher_test.txt @@ -1,118 +1,537 @@ # RC4 tests (from rc4test) -RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 -RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 -RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a -RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 -RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf -RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61 +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0123456789abcdef +Ciphertext = 75b7878099e0c596 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 0000000000000000 +Ciphertext = 7494c2e7104b0879 + +Cipher = RC4 +Key = 00000000000000000000000000000000 +Plaintext = 0000000000000000 +Ciphertext = de188941a3375d3a + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 0000000000000000000000000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 + +Cipher = RC4 +Key = 0123456789abcdef0123456789abcdef +Plaintext = 123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678 +Ciphertext = 66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf + +Cipher = RC4 +Key = ef012345ef012345ef012345ef012345 +Plaintext = 00000000000000000000 +Ciphertext = d6a141a7ec3c38dfbd61 + # DES EDE3 CBC tests (from destest) -DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 +Cipher = DES-EDE3-CBC +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +IV = fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 + # AES 128 ECB tests (from FIPS-197 test vectors, encrypt) -AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1 +Cipher = AES-128-ECB +Key = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 69C4E0D86A7B0430D8CDB78070B4C55A + # AES 256 ECB tests (from FIPS-197 test vectors, encrypt) -AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1 +Cipher = AES-256-ECB +Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = 8EA2B7CA516745BFEAFC49904B496089 -# AES 128 CBC tests (from NIST test vectors, decrypt) # AES tests from NIST document SP800-38A # For all ECB encrypts and decrypts, the transformed sequence is # AES-bits-ECB:key::plaintext:ciphertext:encdec # ECB-AES128.Encrypt and ECB-AES128.Decrypt -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97 -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688 -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4 +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3AD77BB40D7A3660A89ECAF32466EF97 + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = F5D3D58503B9699DE785895A96FDBAAF + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 43B1CD7F598ECE23881B00E3ED030688 + +Cipher = AES-128-ECB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 7B0C785E27E8AD3F8223207104725DD4 + + # ECB-AES256.Encrypt and ECB-AES256.Decrypt -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8 -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870 -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7 +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = F3EED1BDB5D2A03C064B5A7E3DB181F8 + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 591CCB10D410ED26DC5BA74A31362870 + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = B6ED21B99CA6F4F9F153E7B1BEAFED1D + +Cipher = AES-256-ECB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 23304B7A39F9F3FF067D8D8F9E24ECC7 + + # For all CBC encrypts and decrypts, the transformed sequence is # AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec # CBC-AES128.Encrypt and CBC-AES128.Decrypt -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2 -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516 -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7 +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 7649ABAC8119B246CEE98E9B12E9197D + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 7649ABAC8119B246CEE98E9B12E9197D +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 5086CB9B507219EE95DB113A917678B2 + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 5086CB9B507219EE95DB113A917678B2 +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 73BED6B8E3C1743B7116E69E22229516 + +Cipher = AES-128-CBC +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 73BED6B8E3C1743B7116E69E22229516 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 3FF1CAA1681FAC09120ECA307586E1A7 + + # CBC-AES256.Encrypt and CBC-AES256.Decrypt -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6 -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = F58C4C04D6E5F1BA779EABFB5F7BFBD6 + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = F58C4C04D6E5F1BA779EABFB5F7BFBD6 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 9CFC4E967EDB808D679F777BC6702C7D + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 9CFC4E967EDB808D679F777BC6702C7D +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 39F23369A9D9BACFA530E26304231461 + +Cipher = AES-256-CBC +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 39F23369A9D9BACFA530E26304231461 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = B2EB05E2C39BE9FCDA6C19078C6A9D1B + # AES Counter test vectors from RFC3686 -AES-128-CTR:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1 -AES-128-CTR:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1 -AES-128-CTR:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1 +Cipher = AES-128-CTR +Key = AE6852F8121067CC4BF7A5765577F39E +IV = 00000030000000000000000000000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = E4095D4FB7A7B3792D6175A3261311B8 + +Cipher = AES-128-CTR +Key = 7E24067817FAE0D743D6CE1F32539163 +IV = 006CB6DBC0543B59DA48D90B00000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = 5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28 + +Cipher = AES-128-CTR +Key = 7691BE035E5020A8AC6E618529F9A0DC +IV = 00E0017B27777F3F4A1786F000000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F + +Cipher = AES-256-CTR +Key = 776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104 +IV = 00000060DB5672C97AA8F0B200000001 +Operation = ENCRYPT +Plaintext = 53696E676C6520626C6F636B206D7367 +Ciphertext = 145AD01DBF824EC7560863DC71E3E0C0 + +Cipher = AES-256-CTR +Key = F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884 +IV = 00FAAC24C1585EF15A43D87500000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F +Ciphertext = F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C + +Cipher = AES-256-CTR +Key = FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D +IV = 001CC5B751A51D70A1C1114800000001 +Operation = ENCRYPT +Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223 +Ciphertext = EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8 -AES-256-CTR:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1 -AES-256-CTR:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1 -AES-256-CTR:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1 # AES GCM test vectors from http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf -AES-128-GCM:00000000000000000000000000000000:000000000000000000000000::::58e2fccefa7e3061367f1d57a4e7455a -AES-128-GCM:00000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78::ab6e47d42cec13bdf53a67b21257bddf -AES-128-GCM:feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985::4d5c2af327cd64a62cf35abd2ba6fab4 -AES-128-GCM:feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091:feedfacedeadbeeffeedfacedeadbeefabaddad2:5bc94fbc3221a5db94fae95ae7121a47 -AES-128-GCM:feffe9928665731c6d6a8f9467308308:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598:feedfacedeadbeeffeedfacedeadbeefabaddad2:3612d2e79e3b0785561be14aaca2fccb -AES-128-GCM:feffe9928665731c6d6a8f9467308308:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5:feedfacedeadbeeffeedfacedeadbeefabaddad2:619cc5aefffe0bfa462af43c1699d050 -AES-256-GCM:0000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000::::530f8afbc74536b9a963b4f1c4cb738b -AES-256-GCM:0000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000:00000000000000000000000000000000:cea7403d4d606b6e074ec5d3baf39d18::d0d1c8a799996bf0265b98b5d48ab919 -AES-256-GCM:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255:522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad::b094dac5d93471bdec1a502270e3cc6c -AES-256-GCM:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbaddecaf888:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662:feedfacedeadbeeffeedfacedeadbeefabaddad2:76fc6ece0f4e1768cddf8853bb2d551b -AES-256-GCM:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:cafebabefacedbad:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f:feedfacedeadbeeffeedfacedeadbeefabaddad2:3a337dbf46a792c45e454913fe2ea8f2 -AES-256-GCM:feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308:9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b:d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39:5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f:feedfacedeadbeeffeedfacedeadbeefabaddad2:a44a8266ee1c8eb0c8b5d4cf5ae9f19a +Cipher = AES-128-GCM +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +Plaintext = +Ciphertext = +AAD = +Tag = 58e2fccefa7e3061367f1d57a4e7455a + +Cipher = AES-128-GCM +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +Plaintext = 00000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78 +AAD = +Tag = ab6e47d42cec13bdf53a67b21257bddf + +Cipher = AES-128-GCM +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985 +AAD = +Tag = 4d5c2af327cd64a62cf35abd2ba6fab4 + +Cipher = AES-128-GCM +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 5bc94fbc3221a5db94fae95ae7121a47 + +Cipher = AES-128-GCM +Key = feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbad +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 3612d2e79e3b0785561be14aaca2fccb + +Cipher = AES-128-GCM +Key = feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 619cc5aefffe0bfa462af43c1699d050 + +Cipher = AES-256-GCM +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +Plaintext = +Ciphertext = +AAD = +Tag = 530f8afbc74536b9a963b4f1c4cb738b + +Cipher = AES-256-GCM +Key = 0000000000000000000000000000000000000000000000000000000000000000 +IV = 000000000000000000000000 +Plaintext = 00000000000000000000000000000000 +Ciphertext = cea7403d4d606b6e074ec5d3baf39d18 +AAD = +Tag = d0d1c8a799996bf0265b98b5d48ab919 + +Cipher = AES-256-GCM +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255 +Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad +AAD = +Tag = b094dac5d93471bdec1a502270e3cc6c + +Cipher = AES-256-GCM +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbaddecaf888 +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662 +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 76fc6ece0f4e1768cddf8853bb2d551b + +Cipher = AES-256-GCM +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = cafebabefacedbad +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = 3a337dbf46a792c45e454913fe2ea8f2 + +Cipher = AES-256-GCM +Key = feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308 +IV = 9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b +Plaintext = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 +Ciphertext = 5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f +AAD = feedfacedeadbeeffeedfacedeadbeefabaddad2 +Tag = a44a8266ee1c8eb0c8b5d4cf5ae9f19a + # local add-ons, primarily streaming ghash tests # 128 bytes aad -AES-128-GCM:00000000000000000000000000000000:000000000000000000000000:::d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad:5fea793a2d6f974d37e68e0cb8ff9492 +Cipher = AES-128-GCM +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +Plaintext = +Ciphertext = +AAD = d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad +Tag = 5fea793a2d6f974d37e68e0cb8ff9492 + # 48 bytes plaintext -AES-128-GCM:00000000000000000000000000000000:000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0::9dd0a376b08e40eb00c35f29f9ea61a4 +Cipher = AES-128-GCM +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0 +AAD = +Tag = 9dd0a376b08e40eb00c35f29f9ea61a4 + # 80 bytes plaintext -AES-128-GCM:00000000000000000000000000000000:000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291::98885a3a22bd4742fe7b72172193b163 +Cipher = AES-128-GCM +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d5270291 +AAD = +Tag = 98885a3a22bd4742fe7b72172193b163 + # 128 bytes plaintext -AES-128-GCM:00000000000000000000000000000000:000000000000000000000000:0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40::cac45f60e31efd3b5a43b98a22ce1aa1 +Cipher = AES-128-GCM +Key = 00000000000000000000000000000000 +IV = 000000000000000000000000 +Plaintext = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 0388dace60b6a392f328c2b971b2fe78f795aaab494b5923f7fd89ff948bc1e0200211214e7394da2089b6acd093abe0c94da219118e297d7b7ebcbcc9c388f28ade7d85a8ee35616f7124a9d527029195b84d1b96c690ff2f2de30bf2ec89e00253786e126504f0dab90c48a30321de3345e6b0461e7c9e6c6b7afedde83f40 +AAD = +Tag = cac45f60e31efd3b5a43b98a22ce1aa1 + # 192 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF -AES-128-GCM:00000000000000000000000000000000:ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606::566f8ef683078bfdeeffa869d751a017 +Cipher = AES-128-GCM +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606 +AAD = +Tag = 566f8ef683078bfdeeffa869d751a017 + # 288 bytes plaintext, iv is chosen so that initial counter LSB is 0xFF -AES-128-GCM:00000000000000000000000000000000:ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c::8b307f6b33286d0ab026a9ed3fe1e85f +Cipher = AES-128-GCM +Key = 00000000000000000000000000000000 +IV = ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Plaintext = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ciphertext = 56b3373ca9ef6e4a2b64fe1e9a17b61425f10d47a75a5fce13efc6bc784af24f4141bdd48cf7c770887afd573cca5418a9aeffcd7c5ceddfc6a78397b9a85b499da558257267caab2ad0b23ca476a53cb17fb41c4b8b475cb4f3f7165094c229c9e8c4dc0a2a5ff1903e501511221376a1cdb8364c5061a20cae74bc4acd76ceb0abc9fd3217ef9f8c90be402ddf6d8697f4f880dff15bfb7a6b28241ec8fe183c2d59e3f9dfff653c7126f0acb9e64211f42bae12af462b1070bef1ab5e3606872ca10dee15b3249b1a1b958f23134c4bccb7d03200bce420a2f8eb66dcf3644d1423c1b5699003c13ecef4bf38a3b60eedc34033bac1902783dc6d89e2e774188a439c7ebcc0672dbda4ddcfb2794613b0be41315ef778708a70ee7d75165c +AAD = +Tag = 8b307f6b33286d0ab026a9ed3fe1e85f + # 80 bytes plaintext, submitted by Intel -AES-128-GCM:843ffcf5d2b72694d19ed01d01249412:dbcca32ebf9b804617c3aa9e:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f:6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5:00000000000000000000000000000000101112131415161718191a1b1c1d1e1f:3b629ccfbc1119b7319e1dce2cd6fd6d +Cipher = AES-128-GCM +Key = 843ffcf5d2b72694d19ed01d01249412 +IV = dbcca32ebf9b804617c3aa9e +Plaintext = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ciphertext = 6268c6fa2a80b2d137467f092f657ac04d89be2beaa623d61b5a868c8f03ff95d3dcee23ad2f1ab3a6c80eaf4b140eb05de3457f0fbc111a6b43d0763aa422a3013cf1dc37fe417d1fbfc449b75d4cc5 +AAD = 00000000000000000000000000000000101112131415161718191a1b1c1d1e1f +Tag = 3b629ccfbc1119b7319e1dce2cd6fd6d + # OFB tests from OpenSSL upstream. -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 + +# OFB-AES128.Encrypt +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 7789508D16918F03F53C52DAC54ED825 + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9740051E9C5FECF64344F7A82260EDCC + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 304C6528F659C77866A510D9C1D6AE5E + # OFB-AES128.Decrypt -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0 +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 3B3FD92EB72DAD20333449F8E83CFB4A + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = 50FE67CC996D32B6DA0937E99BAFEC60 +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 7789508D16918F03F53C52DAC54ED825 + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = D9A4DADA0892239F6B8B3D7680E15674 +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 9740051E9C5FECF64344F7A82260EDCC + +Cipher = AES-128-OFB +Key = 2B7E151628AED2A6ABF7158809CF4F3C +IV = A78819583F0308E7A6BF36B1386ABF23 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 304C6528F659C77866A510D9C1D6AE5E + # OFB-AES256.Encrypt -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1 +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = ENCRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = ENCRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = ENCRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = ENCRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0126141D67F37BE8538F5A8BE740E484 + + # OFB-AES256.Decrypt -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0 +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 000102030405060708090A0B0C0D0E0F +Operation = DECRYPT +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = DC7E84BFDA79164B7ECD8486985D3860 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = B7BF3A5DF43989DD97F0FA97EBCE2F4A +Operation = DECRYPT +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 4FEBDC6740D20B3AC88F6AD82A4FB08D + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = E1C656305ED1A7A6563805746FE03EDC +Operation = DECRYPT +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 71AB47A086E86EEDF39D1C5BBA97C408 + +Cipher = AES-256-OFB +Key = 603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4 +IV = 41635BE625B48AFC1666DD42A09D96E7 +Operation = DECRYPT +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 0126141D67F37BE8538F5A8BE740E484 + # AES-192 CBC-mode test from upstream OpenSSL. -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8 -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0 -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 000102030405060708090A0B0C0D0E0F +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = 4F021DB243BC633D7178183A9FA071E8 + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 4F021DB243BC633D7178183A9FA071E8 +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = B4D9ADA9AD7DEDF4E5E738763F69145A + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = B4D9ADA9AD7DEDF4E5E738763F69145A +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = 571B242012FB7AE07FA9BAAC3DF102E0 + +Cipher = AES-192-CBC +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +IV = 571B242012FB7AE07FA9BAAC3DF102E0 +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 08B0E27988598881D920A9E64F5615CD + # AES-192-ECB tests from FIPS-197 -AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1 +Cipher = AES-192-ECB +Key = 000102030405060708090A0B0C0D0E0F1011121314151617 +Operation = ENCRYPT +Plaintext = 00112233445566778899AABBCCDDEEFF +Ciphertext = DDA97CA4864CDFE06EAF70A0EC0D7191 + # AES-192-ECB tests from NIST document SP800-38A -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC:1 -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF:1 -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E:1 -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E:1 +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 6BC1BEE22E409F96E93D7E117393172A +Ciphertext = BD334F1D6E45F25FF712A214571FA5CC + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = AE2D8A571E03AC9C9EB76FAC45AF8E51 +Ciphertext = 974104846D0AD3AD7734ECB3ECEE4EEF + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = 30C81C46A35CE411E5FBC1191A0A52EF +Ciphertext = EF7AFD2270E2E60ADCE0BA2FACE6444E + +Cipher = AES-192-ECB +Key = 8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B +Plaintext = F69F2445DF4F9B17AD2B417BE66C3710 +Ciphertext = 9A4B41BA738D6C72FB16691603C18E0E diff --git a/src/crypto/des/des.c b/src/crypto/des/des.c index 56a2996..9cd75f5 100644 --- a/src/crypto/des/des.c +++ b/src/crypto/des/des.c @@ -762,3 +762,11 @@ void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, tin[0] = tin[1] = 0; } + +void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, + const DES_key_schedule *ks1, + const DES_key_schedule *ks2, + DES_cblock *ivec, + int enc) { + DES_ede3_cbc_encrypt(in, out, len, ks1, ks2, ks1, ivec, enc); +} diff --git a/src/crypto/dh/CMakeLists.txt b/src/crypto/dh/CMakeLists.txt index 9e487d5..d0c1da7 100644 --- a/src/crypto/dh/CMakeLists.txt +++ b/src/crypto/dh/CMakeLists.txt @@ -16,6 +16,8 @@ add_executable( dh_test dh_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(dh_test crypto) diff --git a/src/crypto/dh/dh.c b/src/crypto/dh/dh.c index ab7ed8b..96b85f3 100644 --- a/src/crypto/dh/dh.c +++ b/src/crypto/dh/dh.c @@ -116,7 +116,7 @@ void DH_free(DH *dh) { return; } - if (CRYPTO_add(&dh->references, -1, CRYPTO_LOCK_DH) > 0) { + if (!CRYPTO_refcount_dec_and_test_zero(&dh->references)) { return; } @@ -164,8 +164,10 @@ int DH_compute_key(unsigned char *out, const BIGNUM *peers_key, DH *dh) { int DH_size(const DH *dh) { return BN_num_bytes(dh->p); } -int DH_up_ref(DH *r) { - CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); +unsigned DH_num_bits(const DH *dh) { return BN_num_bits(dh->p); } + +int DH_up_ref(DH *dh) { + CRYPTO_refcount_inc(&dh->references); return 1; } diff --git a/src/crypto/digest/CMakeLists.txt b/src/crypto/digest/CMakeLists.txt index 8cab46a..816d116 100644 --- a/src/crypto/digest/CMakeLists.txt +++ b/src/crypto/digest/CMakeLists.txt @@ -13,6 +13,8 @@ add_executable( digest_test digest_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(digest_test crypto) diff --git a/src/crypto/digest/digest.c b/src/crypto/digest/digest.c index e32eafd..f09948b 100644 --- a/src/crypto/digest/digest.c +++ b/src/crypto/digest/digest.c @@ -189,7 +189,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *engine) { return 1; } - return ctx->digest->init(ctx); + ctx->digest->init(ctx); + return 1; } int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { @@ -198,26 +199,24 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) { } int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t len) { - return ctx->update(ctx, data, len); + ctx->update(ctx, data, len); + return 1; } int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, uint8_t *md_out, unsigned int *size) { - int ret; - assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); - ret = ctx->digest->final(ctx, md_out); + ctx->digest->final(ctx, md_out); if (size != NULL) { *size = ctx->digest->md_size; } OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); - - return ret; + return 1; } int EVP_DigestFinal(EVP_MD_CTX *ctx, uint8_t *md, unsigned int *size) { - int ret = EVP_DigestFinal_ex(ctx, md, size); + EVP_DigestFinal_ex(ctx, md, size); EVP_MD_CTX_cleanup(ctx); - return ret; + return 1; } int EVP_Digest(const void *data, size_t count, uint8_t *out_md, @@ -258,14 +257,6 @@ void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, uint32_t flags) { ctx->flags |= flags; } -void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, uint32_t flags) { - ctx->flags &= ~flags; -} - -uint32_t EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, uint32_t flags) { - return ctx->flags & flags; -} - int EVP_add_digest(const EVP_MD *digest) { return 1; } diff --git a/src/crypto/digest/digest_test.cc b/src/crypto/digest/digest_test.cc index dcb569c..6a6113d 100644 --- a/src/crypto/digest/digest_test.cc +++ b/src/crypto/digest/digest_test.cc @@ -233,6 +233,16 @@ static int TestDigest(const TestVector *test) { return true; } +static int TestGetters() { + if (EVP_get_digestbyname("RSA-SHA512") == NULL || + EVP_get_digestbyname("sha512WithRSAEncryption") == NULL || + EVP_get_digestbyname("nonsense") != NULL) { + return false; + } + + return true; +} + int main(void) { CRYPTO_library_init(); ERR_load_crypto_strings(); @@ -244,6 +254,10 @@ int main(void) { } } + if (!TestGetters()) { + return 1; + } + printf("PASS\n"); return 0; } diff --git a/src/crypto/digest/digests.c b/src/crypto/digest/digests.c index ac00ed3..f5eda36 100644 --- a/src/crypto/digest/digests.c +++ b/src/crypto/digest/digests.c @@ -56,6 +56,9 @@ #include <openssl/digest.h> +#include <assert.h> +#include <string.h> + #include <openssl/md4.h> #include <openssl/md5.h> #include <openssl/obj.h> @@ -63,15 +66,23 @@ #include "internal.h" +#if defined(NDEBUG) +#define CHECK(x) x +#else +#define CHECK(x) assert(x) +#endif + -static int md4_init(EVP_MD_CTX *ctx) { return MD4_Init(ctx->md_data); } +static void md4_init(EVP_MD_CTX *ctx) { + CHECK(MD4_Init(ctx->md_data)); +} -static int md4_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD4_Update(ctx->md_data, data, count); +static void md4_update(EVP_MD_CTX *ctx, const void *data, size_t count) { + CHECK(MD4_Update(ctx->md_data, data, count)); } -static int md4_final(EVP_MD_CTX *ctx, unsigned char *out) { - return MD4_Final(out, ctx->md_data); +static void md4_final(EVP_MD_CTX *ctx, uint8_t *out) { + CHECK(MD4_Final(out, ctx->md_data)); } static const EVP_MD md4_md = { @@ -82,14 +93,16 @@ static const EVP_MD md4_md = { const EVP_MD *EVP_md4(void) { return &md4_md; } -static int md5_init(EVP_MD_CTX *ctx) { return MD5_Init(ctx->md_data); } +static void md5_init(EVP_MD_CTX *ctx) { + CHECK(MD5_Init(ctx->md_data)); +} -static int md5_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return MD5_Update(ctx->md_data, data, count); +static void md5_update(EVP_MD_CTX *ctx, const void *data, size_t count) { + CHECK(MD5_Update(ctx->md_data, data, count)); } -static int md5_final(EVP_MD_CTX *ctx, unsigned char *out) { - return MD5_Final(out, ctx->md_data); +static void md5_final(EVP_MD_CTX *ctx, uint8_t *out) { + CHECK(MD5_Final(out, ctx->md_data)); } static const EVP_MD md5_md = { @@ -100,14 +113,16 @@ static const EVP_MD md5_md = { const EVP_MD *EVP_md5(void) { return &md5_md; } -static int sha1_init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } +static void sha1_init(EVP_MD_CTX *ctx) { + CHECK(SHA1_Init(ctx->md_data)); +} -static int sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA1_Update(ctx->md_data, data, count); +static void sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) { + CHECK(SHA1_Update(ctx->md_data, data, count)); } -static int sha1_final(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA1_Final(md, ctx->md_data); +static void sha1_final(EVP_MD_CTX *ctx, uint8_t *md) { + CHECK(SHA1_Final(md, ctx->md_data)); } static const EVP_MD sha1_md = { @@ -118,14 +133,16 @@ static const EVP_MD sha1_md = { const EVP_MD *EVP_sha1(void) { return &sha1_md; } -static int sha224_init(EVP_MD_CTX *ctx) { return SHA224_Init(ctx->md_data); } +static void sha224_init(EVP_MD_CTX *ctx) { + CHECK(SHA224_Init(ctx->md_data)); +} -static int sha224_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA224_Update(ctx->md_data, data, count); +static void sha224_update(EVP_MD_CTX *ctx, const void *data, size_t count) { + CHECK(SHA224_Update(ctx->md_data, data, count)); } -static int sha224_final(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA224_Final(md, ctx->md_data); +static void sha224_final(EVP_MD_CTX *ctx, uint8_t *md) { + CHECK(SHA224_Final(md, ctx->md_data)); } static const EVP_MD sha224_md = { @@ -137,14 +154,16 @@ static const EVP_MD sha224_md = { const EVP_MD *EVP_sha224(void) { return &sha224_md; } -static int sha256_init(EVP_MD_CTX *ctx) { return SHA256_Init(ctx->md_data); } +static void sha256_init(EVP_MD_CTX *ctx) { + CHECK(SHA256_Init(ctx->md_data)); +} -static int sha256_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA256_Update(ctx->md_data, data, count); +static void sha256_update(EVP_MD_CTX *ctx, const void *data, size_t count) { + CHECK(SHA256_Update(ctx->md_data, data, count)); } -static int sha256_final(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA256_Final(md, ctx->md_data); +static void sha256_final(EVP_MD_CTX *ctx, uint8_t *md) { + CHECK(SHA256_Final(md, ctx->md_data)); } static const EVP_MD sha256_md = { @@ -156,14 +175,16 @@ static const EVP_MD sha256_md = { const EVP_MD *EVP_sha256(void) { return &sha256_md; } -static int sha384_init(EVP_MD_CTX *ctx) { return SHA384_Init(ctx->md_data); } +static void sha384_init(EVP_MD_CTX *ctx) { + CHECK(SHA384_Init(ctx->md_data)); +} -static int sha384_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA384_Update(ctx->md_data, data, count); +static void sha384_update(EVP_MD_CTX *ctx, const void *data, size_t count) { + CHECK(SHA384_Update(ctx->md_data, data, count)); } -static int sha384_final(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA384_Final(md, ctx->md_data); +static void sha384_final(EVP_MD_CTX *ctx, uint8_t *md) { + CHECK(SHA384_Final(md, ctx->md_data)); } static const EVP_MD sha384_md = { @@ -175,14 +196,16 @@ static const EVP_MD sha384_md = { const EVP_MD *EVP_sha384(void) { return &sha384_md; } -static int sha512_init(EVP_MD_CTX *ctx) { return SHA512_Init(ctx->md_data); } +static void sha512_init(EVP_MD_CTX *ctx) { + CHECK(SHA512_Init(ctx->md_data)); +} -static int sha512_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - return SHA512_Update(ctx->md_data, data, count); +static void sha512_update(EVP_MD_CTX *ctx, const void *data, size_t count) { + CHECK(SHA512_Update(ctx->md_data, data, count)); } -static int sha512_final(EVP_MD_CTX *ctx, unsigned char *md) { - return SHA512_Final(md, ctx->md_data); +static void sha512_final(EVP_MD_CTX *ctx, uint8_t *md) { + CHECK(SHA512_Final(md, ctx->md_data)); } static const EVP_MD sha512_md = { @@ -199,23 +222,22 @@ typedef struct { SHA_CTX sha1; } MD5_SHA1_CTX; -static int md5_sha1_init(EVP_MD_CTX *md_ctx) { +static void md5_sha1_init(EVP_MD_CTX *md_ctx) { MD5_SHA1_CTX *ctx = md_ctx->md_data; - return MD5_Init(&ctx->md5) && SHA1_Init(&ctx->sha1); + CHECK(MD5_Init(&ctx->md5) && SHA1_Init(&ctx->sha1)); } -static int md5_sha1_update(EVP_MD_CTX *md_ctx, const void *data, size_t count) { +static void md5_sha1_update(EVP_MD_CTX *md_ctx, const void *data, + size_t count) { MD5_SHA1_CTX *ctx = md_ctx->md_data; - return MD5_Update(&ctx->md5, data, count) && SHA1_Update(&ctx->sha1, data, count); + CHECK(MD5_Update(&ctx->md5, data, count) && + SHA1_Update(&ctx->sha1, data, count)); } -static int md5_sha1_final(EVP_MD_CTX *md_ctx, unsigned char *out) { +static void md5_sha1_final(EVP_MD_CTX *md_ctx, uint8_t *out) { MD5_SHA1_CTX *ctx = md_ctx->md_data; - if (!MD5_Final(out, &ctx->md5) || - !SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1)) { - return 0; - } - return 1; + CHECK(MD5_Final(out, &ctx->md5) && + SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1)); } static const EVP_MD md5_sha1_md = { @@ -235,25 +257,33 @@ const EVP_MD *EVP_md5_sha1(void) { return &md5_sha1_md; } struct nid_to_digest { int nid; const EVP_MD* (*md_func)(void); + const char *short_name; + const char *long_name; }; static const struct nid_to_digest nid_to_digest_mapping[] = { - { NID_md5, EVP_md5 }, - { NID_sha1, EVP_sha1 }, - { NID_sha224, EVP_sha224 }, - { NID_sha256, EVP_sha256 }, - { NID_sha384, EVP_sha384 }, - { NID_sha512, EVP_sha512 }, - { NID_md5_sha1, EVP_md5_sha1 }, - { NID_dsaWithSHA, EVP_sha1 }, - { NID_dsaWithSHA1, EVP_sha1 }, - { NID_ecdsa_with_SHA1, EVP_sha1 }, - { NID_md5WithRSAEncryption, EVP_md5 }, - { NID_sha1WithRSAEncryption, EVP_sha1 }, - { NID_sha224WithRSAEncryption, EVP_sha224 }, - { NID_sha256WithRSAEncryption, EVP_sha256 }, - { NID_sha384WithRSAEncryption, EVP_sha384 }, - { NID_sha512WithRSAEncryption, EVP_sha512 }, + { NID_md5, EVP_md5, SN_md5, LN_md5 }, + { NID_sha1, EVP_sha1, SN_sha1, LN_sha1 }, + { NID_sha224, EVP_sha224, SN_sha224, LN_sha224 }, + { NID_sha256, EVP_sha256, SN_sha256, LN_sha256 }, + { NID_sha384, EVP_sha384, SN_sha384, LN_sha384 }, + { NID_sha512, EVP_sha512, SN_sha512, LN_sha512 }, + { NID_md5_sha1, EVP_md5_sha1, SN_md5_sha1, LN_md5_sha1 }, + { NID_dsaWithSHA, EVP_sha1, SN_dsaWithSHA, LN_dsaWithSHA }, + { NID_dsaWithSHA1, EVP_sha1, SN_dsaWithSHA1, LN_dsaWithSHA1 }, + { NID_ecdsa_with_SHA1, EVP_sha1, SN_ecdsa_with_SHA1, NULL }, + { NID_md5WithRSAEncryption, EVP_md5, SN_md5WithRSAEncryption, + LN_md5WithRSAEncryption }, + { NID_sha1WithRSAEncryption, EVP_sha1, SN_sha1WithRSAEncryption, + LN_sha1WithRSAEncryption }, + { NID_sha224WithRSAEncryption, EVP_sha224, SN_sha224WithRSAEncryption, + LN_sha224WithRSAEncryption }, + { NID_sha256WithRSAEncryption, EVP_sha256, SN_sha256WithRSAEncryption, + LN_sha256WithRSAEncryption }, + { NID_sha384WithRSAEncryption, EVP_sha384, SN_sha384WithRSAEncryption, + LN_sha384WithRSAEncryption }, + { NID_sha512WithRSAEncryption, EVP_sha512, SN_sha512WithRSAEncryption, + LN_sha512WithRSAEncryption }, }; const EVP_MD* EVP_get_digestbynid(int nid) { @@ -272,3 +302,19 @@ const EVP_MD* EVP_get_digestbynid(int nid) { const EVP_MD* EVP_get_digestbyobj(const ASN1_OBJECT *obj) { return EVP_get_digestbynid(OBJ_obj2nid(obj)); } + +const EVP_MD *EVP_get_digestbyname(const char *name) { + unsigned i; + + for (i = 0; i < sizeof(nid_to_digest_mapping) / sizeof(struct nid_to_digest); + i++) { + const char *short_name = nid_to_digest_mapping[i].short_name; + const char *long_name = nid_to_digest_mapping[i].long_name; + if ((short_name && strcmp(short_name, name) == 0) || + (long_name && strcmp(long_name, name) == 0)) { + return nid_to_digest_mapping[i].md_func(); + } + } + + return NULL; +} diff --git a/src/crypto/digest/internal.h b/src/crypto/digest/internal.h index 94dbfaa..1572fa8 100644 --- a/src/crypto/digest/internal.h +++ b/src/crypto/digest/internal.h @@ -75,15 +75,14 @@ struct env_md_st { /* flags contains the OR of |EVP_MD_FLAG_*| values. */ uint32_t flags; - /* init initialises the state in |ctx->md_data|. It returns one on success - * and zero otherwise. */ - int (*init)(EVP_MD_CTX *ctx); + /* init initialises the state in |ctx->md_data|. */ + void (*init)(EVP_MD_CTX *ctx); /* update hashes |len| bytes of |data| into the state in |ctx->md_data|. */ - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); + void (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); /* final completes the hash and writes |md_size| bytes of digest to |out|. */ - int (*final)(EVP_MD_CTX *ctx, uint8_t *out); + void (*final)(EVP_MD_CTX *ctx, uint8_t *out); /* block_size contains the hash's native block size. */ unsigned block_size; @@ -109,6 +108,17 @@ struct evp_md_pctx_ops { int (*begin_digest) (EVP_MD_CTX *ctx); }; +/* EVP_MD_CTX_set_flags ORs |flags| into the flags member of |ctx|. */ +OPENSSL_EXPORT void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, uint32_t flags); + +/* EVP_MD_CTX_FLAG_NO_INIT causes the |EVP_MD|'s |init| function not to be + * called, the |update| member not to be copied from the |EVP_MD| in + * |EVP_DigestInit_ex| and for |md_data| not to be initialised. + * + * TODO(davidben): This is an implementation detail of |EVP_PKEY_HMAC| and can + * be removed when it is gone. */ +#define EVP_MD_CTX_FLAG_NO_INIT 1 + #if defined(__cplusplus) } /* extern C */ diff --git a/src/crypto/digest/md32_common.h b/src/crypto/digest/md32_common.h index d7caba2..14607fb 100644 --- a/src/crypto/digest/md32_common.h +++ b/src/crypto/digest/md32_common.h @@ -147,11 +147,11 @@ extern "C" { * <appro@fy.chalmers.se> */ # if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) -# define ROTATE(a,n) ({ register unsigned int ret; \ +# define ROTATE(a,n) ({ register uint32_t ret; \ asm ( \ "roll %1,%0" \ : "=r"(ret) \ - : "I"(n), "0"((unsigned int)(a)) \ + : "I"(n), "0"((uint32_t)(a)) \ : "cc"); \ ret; \ }) @@ -173,28 +173,28 @@ extern "C" { * this trick on x86* platforms only, because these CPUs can fetch * unaligned data without raising an exception. */ -# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ +# define HOST_c2l(c,l) ({ uint32_t r=*((const uint32_t *)(c)); \ asm ("bswapl %0":"=r"(r):"0"(r)); \ (c)+=4; (l)=r; }) -# define HOST_l2c(l,c) ({ unsigned int r=(l); \ +# define HOST_l2c(l,c) ({ uint32_t r=(l); \ asm ("bswapl %0":"=r"(r):"0"(r)); \ - *((unsigned int *)(c))=r; (c)+=4; r; }) + *((uint32_t *)(c))=r; (c)+=4; r; }) # elif defined(__aarch64__) # if defined(__BYTE_ORDER__) # if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -# define HOST_c2l(c,l) ({ unsigned int r; \ +# define HOST_c2l(c,l) ({ uint32_t r; \ asm ("rev %w0,%w1" \ :"=r"(r) \ - :"r"(*((const unsigned int *)(c))));\ + :"r"(*((const uint32_t *)(c))));\ (c)+=4; (l)=r; }) -# define HOST_l2c(l,c) ({ unsigned int r; \ +# define HOST_l2c(l,c) ({ uint32_t r; \ asm ("rev %w0,%w1" \ :"=r"(r) \ - :"r"((unsigned int)(l)));\ - *((unsigned int *)(c))=r; (c)+=4; r; }) + :"r"((uint32_t)(l))); \ + *((uint32_t *)(c))=r; (c)+=4; r; }) # elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define HOST_c2l(c,l) (void)((l)=*((const unsigned int *)(c)), (c)+=4) -# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) +# define HOST_c2l(c,l) (void)((l)=*((const uint32_t *)(c)), (c)+=4) +# define HOST_l2c(l,c) (*((uint32_t *)(c))=(l), (c)+=4, (l)) # endif # endif # endif @@ -202,16 +202,16 @@ extern "C" { #endif #ifndef HOST_c2l -#define HOST_c2l(c,l) (void)(l =(((unsigned long)(*((c)++)))<<24), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++))) )) +#define HOST_c2l(c,l) (void)(l =(((uint32_t)(*((c)++)))<<24), \ + l|=(((uint32_t)(*((c)++)))<<16), \ + l|=(((uint32_t)(*((c)++)))<< 8), \ + l|=(((uint32_t)(*((c)++))) )) #endif #ifndef HOST_l2c -#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff), \ +#define HOST_l2c(l,c) (*((c)++)=(uint8_t)(((l)>>24)&0xff), \ + *((c)++)=(uint8_t)(((l)>>16)&0xff), \ + *((c)++)=(uint8_t)(((l)>> 8)&0xff), \ + *((c)++)=(uint8_t)(((l) )&0xff), \ l) #endif @@ -219,21 +219,21 @@ extern "C" { #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ -# define HOST_c2l(c,l) (void)((l)=*((const unsigned int *)(c)), (c)+=4) -# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) +# define HOST_c2l(c,l) (void)((l)=*((const uint32_t *)(c)), (c)+=4) +# define HOST_l2c(l,c) (*((uint32_t *)(c))=(l), (c)+=4, l) #endif #ifndef HOST_c2l -#define HOST_c2l(c,l) (void)(l =(((unsigned long)(*((c)++))) ), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24)) +#define HOST_c2l(c,l) (void)(l =(((uint32_t)(*((c)++))) ), \ + l|=(((uint32_t)(*((c)++)))<< 8), \ + l|=(((uint32_t)(*((c)++)))<<16), \ + l|=(((uint32_t)(*((c)++)))<<24)) #endif #ifndef HOST_l2c -#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ +#define HOST_l2c(l,c) (*((c)++)=(uint8_t)(((l) )&0xff), \ + *((c)++)=(uint8_t)(((l)>> 8)&0xff), \ + *((c)++)=(uint8_t)(((l)>>16)&0xff), \ + *((c)++)=(uint8_t)(((l)>>24)&0xff), \ l) #endif @@ -241,8 +241,8 @@ extern "C" { int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) { - const unsigned char *data=data_; - unsigned char *p; + const uint8_t *data=data_; + uint8_t *p; HASH_LONG l; size_t n; @@ -259,7 +259,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) n = c->num; if (n != 0) { - p=(unsigned char *)c->data; + p=(uint8_t *)c->data; if (len >= HASH_CBLOCK || len+n >= HASH_CBLOCK) { @@ -290,7 +290,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) if (len != 0) { - p = (unsigned char *)c->data; + p = (uint8_t *)c->data; c->num = (unsigned int)len; memcpy (p,data,len); } @@ -298,15 +298,15 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len) } -void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) +void HASH_TRANSFORM (HASH_CTX *c, const uint8_t *data) { HASH_BLOCK_DATA_ORDER (c,data,1); } -int HASH_FINAL (unsigned char *md, HASH_CTX *c) +int HASH_FINAL (uint8_t *md, HASH_CTX *c) { - unsigned char *p = (unsigned char *)c->data; + uint8_t *p = (uint8_t *)c->data; size_t n = c->num; p[n] = 0x80; /* there is always room for one */ @@ -342,10 +342,6 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c) return 1; } -#ifndef MD32_REG_T -#define MD32_REG_T int -#endif - #if defined(__cplusplus) } /* extern C */ diff --git a/src/crypto/dsa/CMakeLists.txt b/src/crypto/dsa/CMakeLists.txt index dab2c4c..1bb8b63 100644 --- a/src/crypto/dsa/CMakeLists.txt +++ b/src/crypto/dsa/CMakeLists.txt @@ -14,6 +14,8 @@ add_executable( dsa_test dsa_test.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(dsa_test crypto) diff --git a/src/crypto/dsa/dsa.c b/src/crypto/dsa/dsa.c index e8e3d73..65444b1 100644 --- a/src/crypto/dsa/dsa.c +++ b/src/crypto/dsa/dsa.c @@ -123,7 +123,7 @@ void DSA_free(DSA *dsa) { return; } - if (CRYPTO_add(&dsa->references, -1, CRYPTO_LOCK_DSA) > 0) { + if (!CRYPTO_refcount_dec_and_test_zero(&dsa->references)) { return; } @@ -146,7 +146,7 @@ void DSA_free(DSA *dsa) { } int DSA_up_ref(DSA *dsa) { - CRYPTO_add(&dsa->references, 1, CRYPTO_LOCK_DSA); + CRYPTO_refcount_inc(&dsa->references); return 1; } diff --git a/src/crypto/dsa/dsa_impl.c b/src/crypto/dsa/dsa_impl.c index b7e1fd8..2ab8ba8 100644 --- a/src/crypto/dsa/dsa_impl.c +++ b/src/crypto/dsa/dsa_impl.c @@ -501,12 +501,16 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, } ctx = BN_CTX_new(); + if (ctx == NULL) { + goto err; + } + BN_CTX_start(ctx); + mont = BN_MONT_CTX_new(); - if (ctx == NULL || mont == NULL) { + if (mont == NULL) { goto err; } - BN_CTX_start(ctx); r0 = BN_CTX_get(ctx); g = BN_CTX_get(ctx); W = BN_CTX_get(ctx); @@ -516,7 +520,7 @@ static int paramgen(DSA *ret, unsigned bits, const uint8_t *seed_in, p = BN_CTX_get(ctx); test = BN_CTX_get(ctx); - if (!BN_lshift(test, BN_value_one(), bits - 1)) { + if (test == NULL || !BN_lshift(test, BN_value_one(), bits - 1)) { goto err; } diff --git a/src/crypto/dsa/dsa_test.c b/src/crypto/dsa/dsa_test.c index 9b70dbe..8bdaaf4 100644 --- a/src/crypto/dsa/dsa_test.c +++ b/src/crypto/dsa/dsa_test.c @@ -238,8 +238,10 @@ static int test_generate(FILE *out) { goto end; } - DSA_generate_key(dsa); - DSA_sign(0, fips_digest, sizeof(fips_digest), sig, &siglen, dsa); + if (!DSA_generate_key(dsa) || + !DSA_sign(0, fips_digest, sizeof(fips_digest), sig, &siglen, dsa)) { + goto end; + } if (DSA_verify(0, fips_digest, sizeof(fips_digest), sig, siglen, dsa) == 1) { ok = 1; } else { diff --git a/src/crypto/ec/CMakeLists.txt b/src/crypto/ec/CMakeLists.txt index a218c0d..b5ebefa 100644 --- a/src/crypto/ec/CMakeLists.txt +++ b/src/crypto/ec/CMakeLists.txt @@ -20,12 +20,16 @@ add_executable( example_mul example_mul.c + + $<TARGET_OBJECTS:test_support> ) add_executable( ec_test ec_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(example_mul crypto) diff --git a/src/crypto/ec/ec.c b/src/crypto/ec/ec.c index 5e30730..f38eba6 100644 --- a/src/crypto/ec/ec.c +++ b/src/crypto/ec/ec.c @@ -289,6 +289,12 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) { + if (group->curve_name != NID_undef) { + /* |EC_GROUP_set_generator| should only be used with |EC_GROUP|s returned + * by |EC_GROUP_new_curve_GFp|. */ + return 0; + } + if (group->generator == NULL) { group->generator = EC_POINT_new(group); if (group->generator == NULL) { diff --git a/src/crypto/ec/ec_key.c b/src/crypto/ec/ec_key.c index 348ec46..e5cbfed 100644 --- a/src/crypto/ec/ec_key.c +++ b/src/crypto/ec/ec_key.c @@ -143,7 +143,7 @@ void EC_KEY_free(EC_KEY *r) { return; } - if (CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC)) { + if (!CRYPTO_refcount_dec_and_test_zero(&r->references)) { return; } @@ -234,7 +234,8 @@ EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) { } int EC_KEY_up_ref(EC_KEY *r) { - return CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC) > 1; + CRYPTO_refcount_inc(&r->references); + return 1; } int EC_KEY_is_opaque(const EC_KEY *key) { diff --git a/src/crypto/ec/ec_test.cc b/src/crypto/ec/ec_test.cc index 74685eb..5af42d5 100644 --- a/src/crypto/ec/ec_test.cc +++ b/src/crypto/ec/ec_test.cc @@ -125,6 +125,9 @@ bool Testd2i_ECPrivateKey() { } ScopedOpenSSLString x_hex(BN_bn2hex(x.get())); ScopedOpenSSLString y_hex(BN_bn2hex(y.get())); + if (!x_hex || !y_hex) { + return false; + } if (0 != strcmp( x_hex.get(), "c81561ecf2e54edefe6617db1c7a34a70744ddb261f269b83dacfcd2ade5a681") || diff --git a/src/crypto/ec/internal.h b/src/crypto/ec/internal.h index 0a8bf24..71062c1 100644 --- a/src/crypto/ec/internal.h +++ b/src/crypto/ec/internal.h @@ -72,6 +72,7 @@ #include <openssl/bn.h> #include <openssl/ex_data.h> +#include <openssl/thread.h> #if defined(__cplusplus) extern "C" { @@ -331,7 +332,7 @@ struct ec_key_st { unsigned int enc_flag; point_conversion_form_t conv_form; - int references; + CRYPTO_refcount_t references; int flags; ECDSA_METHOD *ecdsa_meth; diff --git a/src/crypto/ec/p256-64.c b/src/crypto/ec/p256-64.c index 8f824de..fdb942c 100644 --- a/src/crypto/ec/p256-64.c +++ b/src/crypto/ec/p256-64.c @@ -1601,7 +1601,6 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, /* Precomputation for the group generator. */ typedef struct { smallfelem g_pre_comp[2][16][3]; - int references; } NISTP256_PRE_COMP; /******************************************************************************/ diff --git a/src/crypto/ec/wnaf.c b/src/crypto/ec/wnaf.c index d87a7d9..ae0d73f 100644 --- a/src/crypto/ec/wnaf.c +++ b/src/crypto/ec/wnaf.c @@ -75,6 +75,7 @@ #include <openssl/thread.h> #include "internal.h" +#include "../internal.h" /* This file implements the wNAF-based interleaving multi-exponentation method @@ -91,7 +92,7 @@ typedef struct ec_pre_comp_st { EC_POINT **points; /* array with pre-calculated multiples of generator: * 'num' pointers to EC_POINT objects followed by a NULL */ size_t num; /* numblocks * 2^(w-1) */ - int references; + CRYPTO_refcount_t references; } EC_PRE_COMP; static EC_PRE_COMP *ec_pre_comp_new(void) { @@ -116,13 +117,13 @@ void *ec_pre_comp_dup(EC_PRE_COMP *pre_comp) { return NULL; } - CRYPTO_add(&pre_comp->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + CRYPTO_refcount_inc(&pre_comp->references); return pre_comp; } void ec_pre_comp_free(EC_PRE_COMP *pre_comp) { if (pre_comp == NULL || - CRYPTO_add(&pre_comp->references, -1, CRYPTO_LOCK_EC_PRE_COMP) > 0) { + !CRYPTO_refcount_dec_and_test_zero(&pre_comp->references)) { return; } diff --git a/src/crypto/ecdsa/CMakeLists.txt b/src/crypto/ecdsa/CMakeLists.txt index c8645d1..f431e59 100644 --- a/src/crypto/ecdsa/CMakeLists.txt +++ b/src/crypto/ecdsa/CMakeLists.txt @@ -14,6 +14,8 @@ add_executable( ecdsa_test ecdsa_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(ecdsa_test crypto) diff --git a/src/crypto/err/CMakeLists.txt b/src/crypto/err/CMakeLists.txt index 89f96bd..5215eec 100644 --- a/src/crypto/err/CMakeLists.txt +++ b/src/crypto/err/CMakeLists.txt @@ -44,6 +44,8 @@ add_executable( err_test err_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(err_test crypto) diff --git a/src/crypto/err/bio.errordata b/src/crypto/err/bio.errordata index cd7286a..9f2af02 100644 --- a/src/crypto/err/bio.errordata +++ b/src/crypto/err/bio.errordata @@ -3,6 +3,7 @@ BIO,function,101,BIO_ctrl BIO,function,102,BIO_new BIO,function,103,BIO_new_file BIO,function,104,BIO_new_mem_buf +BIO,function,118,BIO_printf BIO,function,105,BIO_zero_copy_get_read_buf BIO,function,106,BIO_zero_copy_get_read_buf_done BIO,function,107,BIO_zero_copy_get_write_buf diff --git a/src/crypto/err/bn.errordata b/src/crypto/err/bn.errordata index ab74073..6fd4968 100644 --- a/src/crypto/err/bn.errordata +++ b/src/crypto/err/bn.errordata @@ -8,6 +8,7 @@ BN,function,106,BN_div_recp BN,function,107,BN_exp BN,function,108,BN_generate_dsa_nonce BN,function,109,BN_generate_prime_ex +BN,function,125,BN_lshift BN,function,110,BN_mod_exp2_mont BN,function,111,BN_mod_exp_mont BN,function,112,BN_mod_exp_mont_consttime @@ -19,6 +20,7 @@ BN,function,117,BN_mod_sqrt BN,function,118,BN_new BN,function,119,BN_rand BN,function,120,BN_rand_range +BN,function,126,BN_rshift BN,function,121,BN_sqrt BN,function,122,BN_usub BN,function,123,bn_wexpand diff --git a/src/crypto/err/err.c b/src/crypto/err/err.c index b879a22..de1b4a7 100644 --- a/src/crypto/err/err.c +++ b/src/crypto/err/err.c @@ -333,6 +333,10 @@ int ERR_get_next_error_library(void) { return ret; } +void ERR_remove_state(unsigned long pid) { + ERR_clear_error(); +} + void ERR_clear_system_error(void) { errno = 0; } diff --git a/src/crypto/err/ssl.errordata b/src/crypto/err/ssl.errordata index afeaaeb..4ae0a51 100644 --- a/src/crypto/err/ssl.errordata +++ b/src/crypto/err/ssl.errordata @@ -1,3 +1,6 @@ +SSL,function,276,SSL_AEAD_CTX_new +SSL,function,277,SSL_AEAD_CTX_open +SSL,function,278,SSL_AEAD_CTX_seal SSL,function,100,SSL_CTX_check_private_key SSL,function,101,SSL_CTX_new SSL,function,272,SSL_CTX_set1_tls_channel_id @@ -72,8 +75,9 @@ SSL,function,161,dtls1_preprocess_fragment SSL,function,264,dtls1_process_fragment SSL,function,162,dtls1_process_record SSL,function,163,dtls1_read_bytes +SSL,function,279,dtls1_seal_record SSL,function,164,dtls1_send_hello_verify_request -SSL,function,165,dtls1_write_app_data_bytes +SSL,function,165,dtls1_write_app_data SSL,function,166,i2d_SSL_SESSION SSL,function,167,ssl3_accept SSL,function,169,ssl3_cert_verify_hash @@ -220,6 +224,7 @@ SSL,reason,145,DIGEST_CHECK_FAILED SSL,reason,146,DTLS_MESSAGE_TOO_BIG SSL,reason,147,ECC_CERT_NOT_FOR_SIGNING SSL,reason,148,EMPTY_SRTP_PROTECTION_PROFILE_LIST +SSL,reason,276,EMS_STATE_INCONSISTENT SSL,reason,149,ENCRYPTED_LENGTH_TOO_LONG SSL,reason,150,ERROR_IN_RECEIVED_CIPHER_LIST SSL,reason,151,EVP_DIGESTSIGNFINAL_FAILED @@ -272,6 +277,7 @@ SSL,reason,196,NULL_SSL_CTX SSL,reason,197,NULL_SSL_METHOD_PASSED SSL,reason,198,OLD_SESSION_CIPHER_NOT_RETURNED SSL,reason,273,OLD_SESSION_VERSION_NOT_RETURNED +SSL,reason,274,OUTPUT_ALIASES_INPUT SSL,reason,199,PACKET_LENGTH_TOO_LONG SSL,reason,200,PARSE_TLSEXT SSL,reason,201,PATH_TOO_LONG @@ -289,6 +295,8 @@ SSL,reason,212,RENEGOTIATE_EXT_TOO_LONG SSL,reason,213,RENEGOTIATION_ENCODING_ERR SSL,reason,214,RENEGOTIATION_MISMATCH SSL,reason,215,REQUIRED_CIPHER_MISSING +SSL,reason,275,RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION +SSL,reason,277,RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION SSL,reason,216,SCSV_RECEIVED_WHEN_RENEGOTIATING SSL,reason,217,SERVERHELLO_TLSEXT SSL,reason,218,SESSION_ID_CONTEXT_UNINITIALIZED diff --git a/src/crypto/evp/CMakeLists.txt b/src/crypto/evp/CMakeLists.txt index 6db9752..5769fa4 100644 --- a/src/crypto/evp/CMakeLists.txt +++ b/src/crypto/evp/CMakeLists.txt @@ -26,12 +26,15 @@ add_executable( evp_extra_test evp_extra_test.cc + + $<TARGET_OBJECTS:test_support> ) add_executable( evp_test evp_test.cc + $<TARGET_OBJECTS:test_support> ) @@ -39,6 +42,8 @@ add_executable( pbkdf_test pbkdf_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(evp_extra_test crypto) diff --git a/src/crypto/evp/evp.c b/src/crypto/evp/evp.c index 58fd9a9..0ad5c27 100644 --- a/src/crypto/evp/evp.c +++ b/src/crypto/evp/evp.c @@ -70,6 +70,7 @@ #include <openssl/thread.h> #include "internal.h" +#include "../internal.h" extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meth; @@ -106,7 +107,7 @@ void EVP_PKEY_free(EVP_PKEY *pkey) { return; } - if (CRYPTO_add(&pkey->references, -1, CRYPTO_LOCK_EVP_PKEY)) { + if (!CRYPTO_refcount_dec_and_test_zero(&pkey->references)) { return; } @@ -115,7 +116,7 @@ void EVP_PKEY_free(EVP_PKEY *pkey) { } EVP_PKEY *EVP_PKEY_up_ref(EVP_PKEY *pkey) { - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + CRYPTO_refcount_inc(&pkey->references); return pkey; } @@ -441,4 +442,8 @@ EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey) { void OpenSSL_add_all_algorithms(void) {} +void OpenSSL_add_all_ciphers(void) {} + +void OpenSSL_add_all_digests(void) {} + void EVP_cleanup(void) {} diff --git a/src/crypto/evp/p_hmac.c b/src/crypto/evp/p_hmac.c index 21703ed..7d3254a 100644 --- a/src/crypto/evp/p_hmac.c +++ b/src/crypto/evp/p_hmac.c @@ -64,6 +64,7 @@ #include <openssl/obj.h> #include "internal.h" +#include "../digest/internal.h" typedef struct { @@ -142,15 +143,14 @@ static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { return 1; } -static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { +static void int_update(EVP_MD_CTX *ctx, const void *data, size_t count) { HMAC_PKEY_CTX *hctx = ctx->pctx->data; - return HMAC_Update(&hctx->ctx, data, count); + HMAC_Update(&hctx->ctx, data, count); } static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) { - HMAC_PKEY_CTX *hctx = ctx->data; - - HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); + /* |mctx| gets repurposed as a hook to call |HMAC_Update|. Suppress the + * automatic setting of |mctx->update| and the rest of its initialization. */ EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); mctx->update = int_update; return 1; diff --git a/src/crypto/hkdf/CMakeLists.txt b/src/crypto/hkdf/CMakeLists.txt index f8dd748..66d680a 100644 --- a/src/crypto/hkdf/CMakeLists.txt +++ b/src/crypto/hkdf/CMakeLists.txt @@ -12,6 +12,8 @@ add_executable( hkdf_test hkdf_test.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(hkdf_test crypto) diff --git a/src/crypto/hmac/CMakeLists.txt b/src/crypto/hmac/CMakeLists.txt index 1a08c55..11d267f 100644 --- a/src/crypto/hmac/CMakeLists.txt +++ b/src/crypto/hmac/CMakeLists.txt @@ -13,6 +13,7 @@ add_executable( hmac_test hmac_test.cc + $<TARGET_OBJECTS:test_support> ) diff --git a/src/crypto/hmac/hmac.c b/src/crypto/hmac/hmac.c index b1b2623..556e7f9 100644 --- a/src/crypto/hmac/hmac.c +++ b/src/crypto/hmac/hmac.c @@ -172,6 +172,8 @@ int HMAC_Final(HMAC_CTX *ctx, uint8_t *out, unsigned int *out_len) { unsigned int i; uint8_t buf[EVP_MAX_MD_SIZE]; + /* TODO(davidben): The only thing that can officially fail here is + * |EVP_MD_CTX_copy_ex|, but even that should be impossible in this case. */ if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i) || !EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx) || !EVP_DigestUpdate(&ctx->md_ctx, buf, i) || @@ -198,12 +200,6 @@ int HMAC_CTX_copy_ex(HMAC_CTX *dest, const HMAC_CTX *src) { return 1; } -void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) { - EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); - EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); - EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); -} - int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md) { if (key && md) { HMAC_CTX_init(ctx); diff --git a/src/crypto/hmac/hmac_tests.txt b/src/crypto/hmac/hmac_tests.txt index 9caa3c9..012f593 100644 --- a/src/crypto/hmac/hmac_tests.txt +++ b/src/crypto/hmac/hmac_tests.txt @@ -100,3 +100,24 @@ HMAC = SHA512 Input = "Sample message for keylen=blocklen" Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 Output = D93EC8D2DE1AD2A9957CB9B83F14E76AD6B5E0CCE285079A127D3B14BCCB7AA7286D4AC0D4CE64215F2BC9E6870B33D97438BE4AAA20CDA5C5A912B48B8E27F3 + +# Additional HMAC tests from OpenSSL. +HMAC = SHA1 +Input = "My test data" +Key = +Output = 61afdecb95429ef494d61fdee15990cabf0826fc + +HMAC = SHA256 +Input = "My test data" +Key = +Output = 2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776 + +HMAC = SHA256 +Input = "My test data" +Key = "123456" +Output = bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd + +HMAC = SHA1 +Input = "My test data" +Key = "12345" +Output = 7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb diff --git a/src/crypto/internal.h b/src/crypto/internal.h index 42125db..59eddd0 100644 --- a/src/crypto/internal.h +++ b/src/crypto/internal.h @@ -354,6 +354,28 @@ typedef pthread_once_t CRYPTO_once_t; OPENSSL_EXPORT void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)); +/* Reference counting. */ + +/* CRYPTO_REFCOUNT_MAX is the value at which the reference count saturates. */ +#define CRYPTO_REFCOUNT_MAX 0xffffffff + +/* CRYPTO_refcount_inc atomically increments the value at |*count| unless the + * value would overflow. It's safe for multiple threads to concurrently call + * this or |CRYPTO_refcount_dec_and_test_zero| on the same + * |CRYPTO_refcount_t|. */ +OPENSSL_EXPORT void CRYPTO_refcount_inc(CRYPTO_refcount_t *count); + +/* CRYPTO_refcount_dec_and_test_zero tests the value at |*count|: + * if it's zero, it crashes the address space. + * if it's the maximum value, it returns zero. + * otherwise, it atomically decrements it and returns one iff the resulting + * value is zero. + * + * It's safe for multiple threads to concurrently call this or + * |CRYPTO_refcount_inc| on the same |CRYPTO_refcount_t|. */ +OPENSSL_EXPORT int CRYPTO_refcount_dec_and_test_zero(CRYPTO_refcount_t *count); + + /* Locks. * * Two types of locks are defined: |CRYPTO_MUTEX|, which can be used in @@ -387,37 +409,40 @@ struct CRYPTO_STATIC_MUTEX { /* CRYPTO_MUTEX_init initialises |lock|. If |lock| is a static variable, use a * |CRYPTO_STATIC_MUTEX|. */ -void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock); +OPENSSL_EXPORT void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock); /* CRYPTO_MUTEX_lock_read locks |lock| such that other threads may also have a * read lock, but none may have a write lock. (On Windows, read locks are * actually fully exclusive.) */ -void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock); +OPENSSL_EXPORT void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock); /* CRYPTO_MUTEX_lock_write locks |lock| such that no other thread has any type * of lock on it. */ -void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock); +OPENSSL_EXPORT void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock); /* CRYPTO_MUTEX_unlock unlocks |lock|. */ -void CRYPTO_MUTEX_unlock(CRYPTO_MUTEX *lock); +OPENSSL_EXPORT void CRYPTO_MUTEX_unlock(CRYPTO_MUTEX *lock); /* CRYPTO_MUTEX_cleanup releases all resources held by |lock|. */ -void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock); +OPENSSL_EXPORT void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock); /* CRYPTO_STATIC_MUTEX_lock_read locks |lock| such that other threads may also * have a read lock, but none may have a write lock. The |lock| variable does * not need to be initialised by any function, but must have been statically * initialised with |CRYPTO_STATIC_MUTEX_INIT|. */ -void CRYPTO_STATIC_MUTEX_lock_read(struct CRYPTO_STATIC_MUTEX *lock); +OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_lock_read( + struct CRYPTO_STATIC_MUTEX *lock); /* CRYPTO_STATIC_MUTEX_lock_write locks |lock| such that no other thread has * any type of lock on it. The |lock| variable does not need to be initialised * by any function, but must have been statically initialised with * |CRYPTO_STATIC_MUTEX_INIT|. */ -void CRYPTO_STATIC_MUTEX_lock_write(struct CRYPTO_STATIC_MUTEX *lock); +OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_lock_write( + struct CRYPTO_STATIC_MUTEX *lock); /* CRYPTO_STATIC_MUTEX_unlock unlocks |lock|. */ -void CRYPTO_STATIC_MUTEX_unlock(struct CRYPTO_STATIC_MUTEX *lock); +OPENSSL_EXPORT void CRYPTO_STATIC_MUTEX_unlock( + struct CRYPTO_STATIC_MUTEX *lock); /* Thread local storage. */ diff --git a/src/crypto/lhash/CMakeLists.txt b/src/crypto/lhash/CMakeLists.txt index 0eaabed..c71b8a1 100644 --- a/src/crypto/lhash/CMakeLists.txt +++ b/src/crypto/lhash/CMakeLists.txt @@ -12,6 +12,8 @@ add_executable( lhash_test lhash_test.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(lhash_test crypto) diff --git a/src/crypto/lhash/lhash_test.c b/src/crypto/lhash/lhash_test.c index cf5e99b..63748e7 100644 --- a/src/crypto/lhash/lhash_test.c +++ b/src/crypto/lhash/lhash_test.c @@ -123,6 +123,9 @@ int main(int argc, char **argv) { CRYPTO_library_init(); lh = lh_new(NULL, NULL); + if (lh == NULL) { + return 1; + } for (i = 0; i < 100000; i++) { unsigned action; diff --git a/src/crypto/md4/md4.c b/src/crypto/md4/md4.c index 6150b96..5ef9ae5 100644 --- a/src/crypto/md4/md4.c +++ b/src/crypto/md4/md4.c @@ -83,7 +83,7 @@ void md4_block_data_order (MD4_CTX *md4, const void *p, size_t num); #define HASH_FINAL MD4_Final #define HASH_MAKE_STRING(c, s) \ do { \ - unsigned long ll; \ + uint32_t ll; \ ll = (c)->A; \ (void) HOST_l2c(ll, (s)); \ ll = (c)->B; \ diff --git a/src/crypto/md5/md5.c b/src/crypto/md5/md5.c index e20b86b..5575efb 100644 --- a/src/crypto/md5/md5.c +++ b/src/crypto/md5/md5.c @@ -104,7 +104,7 @@ void md5_block_data_order(MD5_CTX *md5, const void *p, size_t num); #define HASH_FINAL MD5_Final #define HASH_MAKE_STRING(c, s) \ do { \ - unsigned long ll; \ + uint32_t ll; \ ll = (c)->A; \ (void) HOST_l2c(ll, (s)); \ ll = (c)->B; \ diff --git a/src/crypto/modes/CMakeLists.txt b/src/crypto/modes/CMakeLists.txt index d50e97b..ffb29b6 100644 --- a/src/crypto/modes/CMakeLists.txt +++ b/src/crypto/modes/CMakeLists.txt @@ -58,6 +58,8 @@ add_executable( gcm_test gcm_test.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(gcm_test crypto) diff --git a/src/crypto/modes/cbc.c b/src/crypto/modes/cbc.c index ba4805b..931b718 100644 --- a/src/crypto/modes/cbc.c +++ b/src/crypto/modes/cbc.c @@ -63,7 +63,8 @@ void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len, size_t n; const uint8_t *iv = ivec; - assert(in && out && key && ivec); + assert(key != NULL && ivec != NULL); + assert(len == 0 || (in != NULL && out != NULL)); if (STRICT_ALIGNMENT && ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { @@ -119,9 +120,17 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len, uint8_t c[16]; } tmp; - assert(in && out && key && ivec); + assert(key != NULL && ivec != NULL); + assert(len == 0 || (in != NULL && out != NULL)); - if (in != out) { + const uintptr_t inptr = (uintptr_t) in; + const uintptr_t outptr = (uintptr_t) out; + /* If |in| and |out| alias, |in| must be ahead. */ + assert(inptr >= outptr || inptr + len <= outptr); + + if ((inptr >= 32 && outptr <= inptr - 32) || inptr < outptr) { + /* If |out| is at least two blocks behind |in| or completely disjoint, there + * is no need to decrypt to a temporary block. */ const uint8_t *iv = ivec; if (STRICT_ALIGNMENT && @@ -152,6 +161,9 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len, } memcpy(ivec, iv, 16); } else { + /* |out| is less than two blocks behind |in|. Decrypting an input block + * directly to |out| would overwrite a ciphertext block before it is used as + * the next block's IV. Decrypt to a temporary block instead. */ if (STRICT_ALIGNMENT && ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { uint8_t c; diff --git a/src/crypto/modes/ctr.c b/src/crypto/modes/ctr.c index 306b6f7..64062b2 100644 --- a/src/crypto/modes/ctr.c +++ b/src/crypto/modes/ctr.c @@ -88,7 +88,8 @@ void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len, block128_f block) { unsigned int n; - assert(in && out && key && ecount_buf && num); + assert(key && ecount_buf && num); + assert(len == 0 || (in && out)); assert(*num < 16); assert((16 % sizeof(size_t)) == 0); diff --git a/src/crypto/modes/gcm_test.c b/src/crypto/modes/gcm_test.c index 3548c81..a8819ea 100644 --- a/src/crypto/modes/gcm_test.c +++ b/src/crypto/modes/gcm_test.c @@ -347,6 +347,9 @@ static int run_test_case(unsigned test_num, const struct test_case *test) { } out = OPENSSL_malloc(plaintext_len); + if (out == NULL) { + goto out; + } if (AES_set_encrypt_key(key, key_len*8, &aes_key)) { fprintf(stderr, "%u: AES_set_encrypt_key failed.\n", test_num); goto out; diff --git a/src/crypto/obj/obj.c b/src/crypto/obj/obj.c index 511aba3..bf16d17 100644 --- a/src/crypto/obj/obj.c +++ b/src/crypto/obj/obj.c @@ -167,18 +167,18 @@ int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) { return memcmp(a->data, b->data, a->length); } -/* nids_cmp is called to search the kNIDsInOIDOrder array. The |key| argument - * is an |ASN1_OBJECT|* that we're looking for and |element| is a pointer to an +/* obj_cmp is called to search the kNIDsInOIDOrder array. The |key| argument is + * an |ASN1_OBJECT|* that we're looking for and |element| is a pointer to an * unsigned int in the array. */ static int obj_cmp(const void *key, const void *element) { - int j; - unsigned nid = *((unsigned*) element); + unsigned nid = *((const unsigned*) element); const ASN1_OBJECT *a = key; const ASN1_OBJECT *b = &kObjects[nid]; - j = a->length - b->length; - if (j) { - return j; + if (a->length < b->length) { + return -1; + } else if (a->length > b->length) { + return 1; } return memcmp(a->data, b->data, a->length); } diff --git a/src/crypto/obj/obj_dat.h b/src/crypto/obj/obj_dat.h index 2584d87..517dc49 100644 --- a/src/crypto/obj/obj_dat.h +++ b/src/crypto/obj/obj_dat.h @@ -59,11 +59,11 @@ * [including the GNU Public Licence.] */ #define NUM_NID 948 -#define NUM_SN 941 -#define NUM_LN 941 -#define NUM_OBJ 883 +#define NUM_SN 940 +#define NUM_LN 940 +#define NUM_OBJ 882 -static const unsigned char lvalues[6182]={ +static const unsigned char lvalues[6176]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -160,787 +160,786 @@ static const unsigned char lvalues[6182]={ 0x2B,0x24,0x03,0x02,0x01, /* [597] OBJ_ripemd160 */ 0x2B,0x24,0x03,0x03,0x01,0x02, /* [602] OBJ_ripemd160WithRSA */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [608] OBJ_rc5_cbc */ -0x29,0x01,0x01,0x85,0x1A,0x01, /* [616] OBJ_rle_compression */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [622] OBJ_zlib_compression */ -0x55,0x1D,0x25, /* [633] OBJ_ext_key_usage */ -0x2B,0x06,0x01,0x05,0x05,0x07, /* [636] OBJ_id_pkix */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [642] OBJ_id_kp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [649] OBJ_server_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [657] OBJ_client_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [665] OBJ_code_sign */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [673] OBJ_email_protect */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [681] OBJ_time_stamp */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [689] OBJ_ms_code_ind */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [699] OBJ_ms_code_com */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [709] OBJ_ms_ctl_sign */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [719] OBJ_ms_sgc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [729] OBJ_ms_efs */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [739] OBJ_ns_sgc */ -0x55,0x1D,0x1B, /* [748] OBJ_delta_crl */ -0x55,0x1D,0x15, /* [751] OBJ_crl_reason */ -0x55,0x1D,0x18, /* [754] OBJ_invalidity_date */ -0x2B,0x65,0x01,0x04,0x01, /* [757] OBJ_sxnet */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [762] OBJ_pbe_WithSHA1And128BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [772] OBJ_pbe_WithSHA1And40BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [782] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [792] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [802] OBJ_pbe_WithSHA1And128BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [812] OBJ_pbe_WithSHA1And40BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [822] OBJ_keyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [833] OBJ_pkcs8ShroudedKeyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [844] OBJ_certBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [855] OBJ_crlBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [866] OBJ_secretBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [877] OBJ_safeContentsBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [888] OBJ_friendlyName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [897] OBJ_localKeyID */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [906] OBJ_x509Certificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [916] OBJ_sdsiCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [926] OBJ_x509Crl */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [936] OBJ_pbes2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [945] OBJ_pbmac1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [954] OBJ_hmacWithSHA1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [962] OBJ_id_qt_cps */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [970] OBJ_id_qt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [978] OBJ_SMIMECapabilities */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [987] OBJ_pbeWithMD2AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [996] OBJ_pbeWithMD5AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1005] OBJ_pbeWithSHA1AndDES_CBC */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1014] OBJ_ms_ext_req */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1024] OBJ_ext_req */ -0x55,0x04,0x29, /* [1033] OBJ_name */ -0x55,0x04,0x2E, /* [1036] OBJ_dnQualifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1039] OBJ_id_pe */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1046] OBJ_id_ad */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1053] OBJ_info_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1061] OBJ_ad_OCSP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1069] OBJ_ad_ca_issuers */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1077] OBJ_OCSP_sign */ -0x2A, /* [1085] OBJ_member_body */ -0x2A,0x86,0x48, /* [1086] OBJ_ISO_US */ -0x2A,0x86,0x48,0xCE,0x38, /* [1089] OBJ_X9_57 */ -0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1094] OBJ_X9cm */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1100] OBJ_pkcs1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1108] OBJ_pkcs5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1866] OBJ_md4 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1874] OBJ_id_pkix_mod */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1881] OBJ_id_qt */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1888] OBJ_id_it */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1895] OBJ_id_pkip */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1902] OBJ_id_alg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1909] OBJ_id_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1916] OBJ_id_on */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1923] OBJ_id_pda */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1930] OBJ_id_aca */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1937] OBJ_id_qcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1944] OBJ_id_cct */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1951] OBJ_id_pkix1_explicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1959] OBJ_id_pkix1_implicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1967] OBJ_id_pkix1_explicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1975] OBJ_id_pkix1_implicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1983] OBJ_id_mod_crmf */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1991] OBJ_id_mod_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1999] OBJ_id_mod_kea_profile_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2007] OBJ_id_mod_kea_profile_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2015] OBJ_id_mod_cmp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2023] OBJ_id_mod_qualified_cert_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2031] OBJ_id_mod_qualified_cert_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2039] OBJ_id_mod_attribute_cert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2047] OBJ_id_mod_timestamp_protocol */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2055] OBJ_id_mod_ocsp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2063] OBJ_id_mod_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2071] OBJ_id_mod_cmp2000 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2079] OBJ_biometricInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2087] OBJ_qcStatements */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2095] OBJ_ac_auditEntity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2103] OBJ_ac_targeting */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2111] OBJ_aaControls */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2119] OBJ_sbgp_ipAddrBlock */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2127] OBJ_sbgp_autonomousSysNum */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2135] OBJ_sbgp_routerIdentifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2143] OBJ_textNotice */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2151] OBJ_ipsecEndSystem */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2159] OBJ_ipsecTunnel */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2167] OBJ_ipsecUser */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2175] OBJ_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2183] OBJ_id_it_caProtEncCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2191] OBJ_id_it_signKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2199] OBJ_id_it_encKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2207] OBJ_id_it_preferredSymmAlg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2215] OBJ_id_it_caKeyUpdateInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2223] OBJ_id_it_currentCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2231] OBJ_id_it_unsupportedOIDs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2239] OBJ_id_it_subscriptionRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2247] OBJ_id_it_subscriptionResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2255] OBJ_id_it_keyPairParamReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2263] OBJ_id_it_keyPairParamRep */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2271] OBJ_id_it_revPassphrase */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2279] OBJ_id_it_implicitConfirm */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2287] OBJ_id_it_confirmWaitTime */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2295] OBJ_id_it_origPKIMessage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2303] OBJ_id_regCtrl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2311] OBJ_id_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2391] OBJ_id_alg_des40 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2399] OBJ_id_alg_noSignature */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2415] OBJ_id_alg_dh_pop */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2423] OBJ_id_cmc_statusInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2431] OBJ_id_cmc_identification */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2439] OBJ_id_cmc_identityProof */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2447] OBJ_id_cmc_dataReturn */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2455] OBJ_id_cmc_transactionId */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2463] OBJ_id_cmc_senderNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2471] OBJ_id_cmc_recipientNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2479] OBJ_id_cmc_addExtensions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2487] OBJ_id_cmc_encryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2495] OBJ_id_cmc_decryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2503] OBJ_id_cmc_lraPOPWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2511] OBJ_id_cmc_getCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2519] OBJ_id_cmc_getCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2527] OBJ_id_cmc_revokeRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2535] OBJ_id_cmc_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2543] OBJ_id_cmc_responseInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2551] OBJ_id_cmc_queryPending */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2559] OBJ_id_cmc_popLinkRandom */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2567] OBJ_id_cmc_popLinkWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2575] OBJ_id_cmc_confirmCertAcceptance */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2583] OBJ_id_on_personalData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2591] OBJ_id_pda_dateOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2599] OBJ_id_pda_placeOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2607] OBJ_id_pda_gender */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2615] OBJ_id_pda_countryOfCitizenship */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2623] OBJ_id_pda_countryOfResidence */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2631] OBJ_id_aca_authenticationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2639] OBJ_id_aca_accessIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2647] OBJ_id_aca_chargingIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2655] OBJ_id_aca_group */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2663] OBJ_id_aca_role */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2679] OBJ_id_cct_crs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2687] OBJ_id_cct_PKIData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2695] OBJ_id_cct_PKIResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2703] OBJ_ad_timeStamping */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2711] OBJ_ad_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */ -0x2B,0x0E,0x03,0x02, /* [2818] OBJ_algorithm */ -0x2B,0x0E,0x03,0x02,0x0B, /* [2822] OBJ_rsaSignature */ -0x55,0x08, /* [2827] OBJ_X500algorithms */ -0x2B, /* [2829] OBJ_org */ -0x2B,0x06, /* [2830] OBJ_dod */ -0x2B,0x06,0x01, /* [2832] OBJ_iana */ -0x2B,0x06,0x01,0x01, /* [2835] OBJ_Directory */ -0x2B,0x06,0x01,0x02, /* [2839] OBJ_Management */ -0x2B,0x06,0x01,0x03, /* [2843] OBJ_Experimental */ -0x2B,0x06,0x01,0x04, /* [2847] OBJ_Private */ -0x2B,0x06,0x01,0x05, /* [2851] OBJ_Security */ -0x2B,0x06,0x01,0x06, /* [2855] OBJ_SNMPv2 */ -0x2B,0x06,0x01,0x07, /* [2859] OBJ_Mail */ -0x2B,0x06,0x01,0x04,0x01, /* [2863] OBJ_Enterprises */ -0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */ -0x55,0x01,0x05, /* [2897] OBJ_selected_attribute_types */ -0x55,0x01,0x05,0x37, /* [2900] OBJ_clearance */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2904] OBJ_md4WithRSAEncryption */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2913] OBJ_ac_proxying */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2921] OBJ_sinfo_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2929] OBJ_id_aca_encAttrs */ -0x55,0x04,0x48, /* [2937] OBJ_role */ -0x55,0x1D,0x24, /* [2940] OBJ_policy_constraints */ -0x55,0x1D,0x37, /* [2943] OBJ_target_information */ -0x55,0x1D,0x38, /* [2946] OBJ_no_rev_avail */ -0x2A,0x86,0x48,0xCE,0x3D, /* [2949] OBJ_ansi_X9_62 */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2954] OBJ_X9_62_prime_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2961] OBJ_X9_62_characteristic_two_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2968] OBJ_X9_62_id_ecPublicKey */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2975] OBJ_X9_62_prime192v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2983] OBJ_X9_62_prime192v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2991] OBJ_X9_62_prime192v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2999] OBJ_X9_62_prime239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3007] OBJ_X9_62_prime239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3015] OBJ_X9_62_prime239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3023] OBJ_X9_62_prime256v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3031] OBJ_ecdsa_with_SHA1 */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3038] OBJ_ms_csp_name */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3047] OBJ_aes_128_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3056] OBJ_aes_128_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3065] OBJ_aes_128_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3074] OBJ_aes_128_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3083] OBJ_aes_192_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3092] OBJ_aes_192_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3101] OBJ_aes_192_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3110] OBJ_aes_192_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3119] OBJ_aes_256_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3128] OBJ_aes_256_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3137] OBJ_aes_256_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3146] OBJ_aes_256_cfb128 */ -0x55,0x1D,0x17, /* [3155] OBJ_hold_instruction_code */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3158] OBJ_hold_instruction_none */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3165] OBJ_hold_instruction_call_issuer */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3172] OBJ_hold_instruction_reject */ -0x09, /* [3179] OBJ_data */ -0x09,0x92,0x26, /* [3180] OBJ_pss */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3183] OBJ_ucl */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3190] OBJ_pilot */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3198] OBJ_pilotAttributeType */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3207] OBJ_pilotAttributeSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3216] OBJ_pilotObjectClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3225] OBJ_pilotGroups */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3234] OBJ_iA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3244] OBJ_caseIgnoreIA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3254] OBJ_pilotObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3264] OBJ_pilotPerson */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3274] OBJ_account */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3284] OBJ_document */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3294] OBJ_room */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3304] OBJ_documentSeries */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3314] OBJ_rFC822localPart */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3324] OBJ_dNSDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3334] OBJ_domainRelatedObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3344] OBJ_friendlyCountry */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3354] OBJ_simpleSecurityObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3364] OBJ_pilotOrganization */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3374] OBJ_pilotDSA */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3384] OBJ_qualityLabelledData */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3394] OBJ_userId */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3404] OBJ_textEncodedORAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3414] OBJ_rfc822Mailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3424] OBJ_info */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3434] OBJ_favouriteDrink */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3444] OBJ_roomNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3454] OBJ_photo */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3464] OBJ_userClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3474] OBJ_host */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3484] OBJ_manager */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3494] OBJ_documentIdentifier */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3504] OBJ_documentTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3514] OBJ_documentVersion */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3524] OBJ_documentAuthor */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3534] OBJ_documentLocation */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3544] OBJ_homeTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3554] OBJ_secretary */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3564] OBJ_otherMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3574] OBJ_lastModifiedTime */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3584] OBJ_lastModifiedBy */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3594] OBJ_aRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3604] OBJ_pilotAttributeType27 */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3614] OBJ_mXRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3624] OBJ_nSRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3634] OBJ_sOARecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3644] OBJ_cNAMERecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3654] OBJ_associatedDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3664] OBJ_associatedName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3674] OBJ_homePostalAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3684] OBJ_personalTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3694] OBJ_mobileTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3704] OBJ_pagerTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3714] OBJ_friendlyCountryName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3724] OBJ_organizationalStatus */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3734] OBJ_janetMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3744] OBJ_mailPreferenceOption */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3754] OBJ_buildingName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3764] OBJ_dSAQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3774] OBJ_singleLevelQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3784] OBJ_subtreeMinimumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3794] OBJ_subtreeMaximumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3804] OBJ_personalSignature */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3814] OBJ_dITRedirect */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3824] OBJ_audio */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3834] OBJ_documentPublisher */ -0x55,0x04,0x2D, /* [3844] OBJ_x500UniqueIdentifier */ -0x2B,0x06,0x01,0x07,0x01, /* [3847] OBJ_mime_mhs */ -0x2B,0x06,0x01,0x07,0x01,0x01, /* [3852] OBJ_mime_mhs_headings */ -0x2B,0x06,0x01,0x07,0x01,0x02, /* [3858] OBJ_mime_mhs_bodies */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3864] OBJ_id_hex_partial_message */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3871] OBJ_id_hex_multipart_message */ -0x55,0x04,0x2C, /* [3878] OBJ_generationQualifier */ -0x55,0x04,0x41, /* [3881] OBJ_pseudonym */ -0x67,0x2A, /* [3884] OBJ_id_set */ -0x67,0x2A,0x00, /* [3886] OBJ_set_ctype */ -0x67,0x2A,0x01, /* [3889] OBJ_set_msgExt */ -0x67,0x2A,0x03, /* [3892] OBJ_set_attr */ -0x67,0x2A,0x05, /* [3895] OBJ_set_policy */ -0x67,0x2A,0x07, /* [3898] OBJ_set_certExt */ -0x67,0x2A,0x08, /* [3901] OBJ_set_brand */ -0x67,0x2A,0x00,0x00, /* [3904] OBJ_setct_PANData */ -0x67,0x2A,0x00,0x01, /* [3908] OBJ_setct_PANToken */ -0x67,0x2A,0x00,0x02, /* [3912] OBJ_setct_PANOnly */ -0x67,0x2A,0x00,0x03, /* [3916] OBJ_setct_OIData */ -0x67,0x2A,0x00,0x04, /* [3920] OBJ_setct_PI */ -0x67,0x2A,0x00,0x05, /* [3924] OBJ_setct_PIData */ -0x67,0x2A,0x00,0x06, /* [3928] OBJ_setct_PIDataUnsigned */ -0x67,0x2A,0x00,0x07, /* [3932] OBJ_setct_HODInput */ -0x67,0x2A,0x00,0x08, /* [3936] OBJ_setct_AuthResBaggage */ -0x67,0x2A,0x00,0x09, /* [3940] OBJ_setct_AuthRevReqBaggage */ -0x67,0x2A,0x00,0x0A, /* [3944] OBJ_setct_AuthRevResBaggage */ -0x67,0x2A,0x00,0x0B, /* [3948] OBJ_setct_CapTokenSeq */ -0x67,0x2A,0x00,0x0C, /* [3952] OBJ_setct_PInitResData */ -0x67,0x2A,0x00,0x0D, /* [3956] OBJ_setct_PI_TBS */ -0x67,0x2A,0x00,0x0E, /* [3960] OBJ_setct_PResData */ -0x67,0x2A,0x00,0x10, /* [3964] OBJ_setct_AuthReqTBS */ -0x67,0x2A,0x00,0x11, /* [3968] OBJ_setct_AuthResTBS */ -0x67,0x2A,0x00,0x12, /* [3972] OBJ_setct_AuthResTBSX */ -0x67,0x2A,0x00,0x13, /* [3976] OBJ_setct_AuthTokenTBS */ -0x67,0x2A,0x00,0x14, /* [3980] OBJ_setct_CapTokenData */ -0x67,0x2A,0x00,0x15, /* [3984] OBJ_setct_CapTokenTBS */ -0x67,0x2A,0x00,0x16, /* [3988] OBJ_setct_AcqCardCodeMsg */ -0x67,0x2A,0x00,0x17, /* [3992] OBJ_setct_AuthRevReqTBS */ -0x67,0x2A,0x00,0x18, /* [3996] OBJ_setct_AuthRevResData */ -0x67,0x2A,0x00,0x19, /* [4000] OBJ_setct_AuthRevResTBS */ -0x67,0x2A,0x00,0x1A, /* [4004] OBJ_setct_CapReqTBS */ -0x67,0x2A,0x00,0x1B, /* [4008] OBJ_setct_CapReqTBSX */ -0x67,0x2A,0x00,0x1C, /* [4012] OBJ_setct_CapResData */ -0x67,0x2A,0x00,0x1D, /* [4016] OBJ_setct_CapRevReqTBS */ -0x67,0x2A,0x00,0x1E, /* [4020] OBJ_setct_CapRevReqTBSX */ -0x67,0x2A,0x00,0x1F, /* [4024] OBJ_setct_CapRevResData */ -0x67,0x2A,0x00,0x20, /* [4028] OBJ_setct_CredReqTBS */ -0x67,0x2A,0x00,0x21, /* [4032] OBJ_setct_CredReqTBSX */ -0x67,0x2A,0x00,0x22, /* [4036] OBJ_setct_CredResData */ -0x67,0x2A,0x00,0x23, /* [4040] OBJ_setct_CredRevReqTBS */ -0x67,0x2A,0x00,0x24, /* [4044] OBJ_setct_CredRevReqTBSX */ -0x67,0x2A,0x00,0x25, /* [4048] OBJ_setct_CredRevResData */ -0x67,0x2A,0x00,0x26, /* [4052] OBJ_setct_PCertReqData */ -0x67,0x2A,0x00,0x27, /* [4056] OBJ_setct_PCertResTBS */ -0x67,0x2A,0x00,0x28, /* [4060] OBJ_setct_BatchAdminReqData */ -0x67,0x2A,0x00,0x29, /* [4064] OBJ_setct_BatchAdminResData */ -0x67,0x2A,0x00,0x2A, /* [4068] OBJ_setct_CardCInitResTBS */ -0x67,0x2A,0x00,0x2B, /* [4072] OBJ_setct_MeAqCInitResTBS */ -0x67,0x2A,0x00,0x2C, /* [4076] OBJ_setct_RegFormResTBS */ -0x67,0x2A,0x00,0x2D, /* [4080] OBJ_setct_CertReqData */ -0x67,0x2A,0x00,0x2E, /* [4084] OBJ_setct_CertReqTBS */ -0x67,0x2A,0x00,0x2F, /* [4088] OBJ_setct_CertResData */ -0x67,0x2A,0x00,0x30, /* [4092] OBJ_setct_CertInqReqTBS */ -0x67,0x2A,0x00,0x31, /* [4096] OBJ_setct_ErrorTBS */ -0x67,0x2A,0x00,0x32, /* [4100] OBJ_setct_PIDualSignedTBE */ -0x67,0x2A,0x00,0x33, /* [4104] OBJ_setct_PIUnsignedTBE */ -0x67,0x2A,0x00,0x34, /* [4108] OBJ_setct_AuthReqTBE */ -0x67,0x2A,0x00,0x35, /* [4112] OBJ_setct_AuthResTBE */ -0x67,0x2A,0x00,0x36, /* [4116] OBJ_setct_AuthResTBEX */ -0x67,0x2A,0x00,0x37, /* [4120] OBJ_setct_AuthTokenTBE */ -0x67,0x2A,0x00,0x38, /* [4124] OBJ_setct_CapTokenTBE */ -0x67,0x2A,0x00,0x39, /* [4128] OBJ_setct_CapTokenTBEX */ -0x67,0x2A,0x00,0x3A, /* [4132] OBJ_setct_AcqCardCodeMsgTBE */ -0x67,0x2A,0x00,0x3B, /* [4136] OBJ_setct_AuthRevReqTBE */ -0x67,0x2A,0x00,0x3C, /* [4140] OBJ_setct_AuthRevResTBE */ -0x67,0x2A,0x00,0x3D, /* [4144] OBJ_setct_AuthRevResTBEB */ -0x67,0x2A,0x00,0x3E, /* [4148] OBJ_setct_CapReqTBE */ -0x67,0x2A,0x00,0x3F, /* [4152] OBJ_setct_CapReqTBEX */ -0x67,0x2A,0x00,0x40, /* [4156] OBJ_setct_CapResTBE */ -0x67,0x2A,0x00,0x41, /* [4160] OBJ_setct_CapRevReqTBE */ -0x67,0x2A,0x00,0x42, /* [4164] OBJ_setct_CapRevReqTBEX */ -0x67,0x2A,0x00,0x43, /* [4168] OBJ_setct_CapRevResTBE */ -0x67,0x2A,0x00,0x44, /* [4172] OBJ_setct_CredReqTBE */ -0x67,0x2A,0x00,0x45, /* [4176] OBJ_setct_CredReqTBEX */ -0x67,0x2A,0x00,0x46, /* [4180] OBJ_setct_CredResTBE */ -0x67,0x2A,0x00,0x47, /* [4184] OBJ_setct_CredRevReqTBE */ -0x67,0x2A,0x00,0x48, /* [4188] OBJ_setct_CredRevReqTBEX */ -0x67,0x2A,0x00,0x49, /* [4192] OBJ_setct_CredRevResTBE */ -0x67,0x2A,0x00,0x4A, /* [4196] OBJ_setct_BatchAdminReqTBE */ -0x67,0x2A,0x00,0x4B, /* [4200] OBJ_setct_BatchAdminResTBE */ -0x67,0x2A,0x00,0x4C, /* [4204] OBJ_setct_RegFormReqTBE */ -0x67,0x2A,0x00,0x4D, /* [4208] OBJ_setct_CertReqTBE */ -0x67,0x2A,0x00,0x4E, /* [4212] OBJ_setct_CertReqTBEX */ -0x67,0x2A,0x00,0x4F, /* [4216] OBJ_setct_CertResTBE */ -0x67,0x2A,0x00,0x50, /* [4220] OBJ_setct_CRLNotificationTBS */ -0x67,0x2A,0x00,0x51, /* [4224] OBJ_setct_CRLNotificationResTBS */ -0x67,0x2A,0x00,0x52, /* [4228] OBJ_setct_BCIDistributionTBS */ -0x67,0x2A,0x01,0x01, /* [4232] OBJ_setext_genCrypt */ -0x67,0x2A,0x01,0x03, /* [4236] OBJ_setext_miAuth */ -0x67,0x2A,0x01,0x04, /* [4240] OBJ_setext_pinSecure */ -0x67,0x2A,0x01,0x05, /* [4244] OBJ_setext_pinAny */ -0x67,0x2A,0x01,0x07, /* [4248] OBJ_setext_track2 */ -0x67,0x2A,0x01,0x08, /* [4252] OBJ_setext_cv */ -0x67,0x2A,0x05,0x00, /* [4256] OBJ_set_policy_root */ -0x67,0x2A,0x07,0x00, /* [4260] OBJ_setCext_hashedRoot */ -0x67,0x2A,0x07,0x01, /* [4264] OBJ_setCext_certType */ -0x67,0x2A,0x07,0x02, /* [4268] OBJ_setCext_merchData */ -0x67,0x2A,0x07,0x03, /* [4272] OBJ_setCext_cCertRequired */ -0x67,0x2A,0x07,0x04, /* [4276] OBJ_setCext_tunneling */ -0x67,0x2A,0x07,0x05, /* [4280] OBJ_setCext_setExt */ -0x67,0x2A,0x07,0x06, /* [4284] OBJ_setCext_setQualf */ -0x67,0x2A,0x07,0x07, /* [4288] OBJ_setCext_PGWYcapabilities */ -0x67,0x2A,0x07,0x08, /* [4292] OBJ_setCext_TokenIdentifier */ -0x67,0x2A,0x07,0x09, /* [4296] OBJ_setCext_Track2Data */ -0x67,0x2A,0x07,0x0A, /* [4300] OBJ_setCext_TokenType */ -0x67,0x2A,0x07,0x0B, /* [4304] OBJ_setCext_IssuerCapabilities */ -0x67,0x2A,0x03,0x00, /* [4308] OBJ_setAttr_Cert */ -0x67,0x2A,0x03,0x01, /* [4312] OBJ_setAttr_PGWYcap */ -0x67,0x2A,0x03,0x02, /* [4316] OBJ_setAttr_TokenType */ -0x67,0x2A,0x03,0x03, /* [4320] OBJ_setAttr_IssCap */ -0x67,0x2A,0x03,0x00,0x00, /* [4324] OBJ_set_rootKeyThumb */ -0x67,0x2A,0x03,0x00,0x01, /* [4329] OBJ_set_addPolicy */ -0x67,0x2A,0x03,0x02,0x01, /* [4334] OBJ_setAttr_Token_EMV */ -0x67,0x2A,0x03,0x02,0x02, /* [4339] OBJ_setAttr_Token_B0Prime */ -0x67,0x2A,0x03,0x03,0x03, /* [4344] OBJ_setAttr_IssCap_CVM */ -0x67,0x2A,0x03,0x03,0x04, /* [4349] OBJ_setAttr_IssCap_T2 */ -0x67,0x2A,0x03,0x03,0x05, /* [4354] OBJ_setAttr_IssCap_Sig */ -0x67,0x2A,0x03,0x03,0x03,0x01, /* [4359] OBJ_setAttr_GenCryptgrm */ -0x67,0x2A,0x03,0x03,0x04,0x01, /* [4365] OBJ_setAttr_T2Enc */ -0x67,0x2A,0x03,0x03,0x04,0x02, /* [4371] OBJ_setAttr_T2cleartxt */ -0x67,0x2A,0x03,0x03,0x05,0x01, /* [4377] OBJ_setAttr_TokICCsig */ -0x67,0x2A,0x03,0x03,0x05,0x02, /* [4383] OBJ_setAttr_SecDevSig */ -0x67,0x2A,0x08,0x01, /* [4389] OBJ_set_brand_IATA_ATA */ -0x67,0x2A,0x08,0x1E, /* [4393] OBJ_set_brand_Diners */ -0x67,0x2A,0x08,0x22, /* [4397] OBJ_set_brand_AmericanExpress */ -0x67,0x2A,0x08,0x23, /* [4401] OBJ_set_brand_JCB */ -0x67,0x2A,0x08,0x04, /* [4405] OBJ_set_brand_Visa */ -0x67,0x2A,0x08,0x05, /* [4409] OBJ_set_brand_MasterCard */ -0x67,0x2A,0x08,0xAE,0x7B, /* [4413] OBJ_set_brand_Novus */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4418] OBJ_des_cdmf */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4426] OBJ_rsaOAEPEncryptionSET */ -0x67, /* [4435] OBJ_international_organizations */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4436] OBJ_ms_smartcard_login */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4446] OBJ_ms_upn */ -0x55,0x04,0x09, /* [4456] OBJ_streetAddress */ -0x55,0x04,0x11, /* [4459] OBJ_postalCode */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4462] OBJ_id_ppl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4469] OBJ_proxyCertInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4477] OBJ_id_ppl_anyLanguage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4485] OBJ_id_ppl_inheritAll */ -0x55,0x1D,0x1E, /* [4493] OBJ_name_constraints */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4496] OBJ_Independent */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4504] OBJ_sha256WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4513] OBJ_sha384WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4522] OBJ_sha512WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4531] OBJ_sha224WithRSAEncryption */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4540] OBJ_sha256 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4549] OBJ_sha384 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4558] OBJ_sha512 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4567] OBJ_sha224 */ -0x2B, /* [4576] OBJ_identified_organization */ -0x2B,0x81,0x04, /* [4577] OBJ_certicom_arc */ -0x67,0x2B, /* [4580] OBJ_wap */ -0x67,0x2B,0x01, /* [4582] OBJ_wap_wsg */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4585] OBJ_X9_62_id_characteristic_two_basis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4593] OBJ_X9_62_onBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4602] OBJ_X9_62_tpBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4611] OBJ_X9_62_ppBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4620] OBJ_X9_62_c2pnb163v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4628] OBJ_X9_62_c2pnb163v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4636] OBJ_X9_62_c2pnb163v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4644] OBJ_X9_62_c2pnb176v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4652] OBJ_X9_62_c2tnb191v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4660] OBJ_X9_62_c2tnb191v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4668] OBJ_X9_62_c2tnb191v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4676] OBJ_X9_62_c2onb191v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4684] OBJ_X9_62_c2onb191v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4692] OBJ_X9_62_c2pnb208w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4700] OBJ_X9_62_c2tnb239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4708] OBJ_X9_62_c2tnb239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4716] OBJ_X9_62_c2tnb239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4724] OBJ_X9_62_c2onb239v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4732] OBJ_X9_62_c2onb239v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4740] OBJ_X9_62_c2pnb272w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4748] OBJ_X9_62_c2pnb304w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4756] OBJ_X9_62_c2tnb359v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4764] OBJ_X9_62_c2pnb368w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4772] OBJ_X9_62_c2tnb431r1 */ -0x2B,0x81,0x04,0x00,0x06, /* [4780] OBJ_secp112r1 */ -0x2B,0x81,0x04,0x00,0x07, /* [4785] OBJ_secp112r2 */ -0x2B,0x81,0x04,0x00,0x1C, /* [4790] OBJ_secp128r1 */ -0x2B,0x81,0x04,0x00,0x1D, /* [4795] OBJ_secp128r2 */ -0x2B,0x81,0x04,0x00,0x09, /* [4800] OBJ_secp160k1 */ -0x2B,0x81,0x04,0x00,0x08, /* [4805] OBJ_secp160r1 */ -0x2B,0x81,0x04,0x00,0x1E, /* [4810] OBJ_secp160r2 */ -0x2B,0x81,0x04,0x00,0x1F, /* [4815] OBJ_secp192k1 */ -0x2B,0x81,0x04,0x00,0x20, /* [4820] OBJ_secp224k1 */ -0x2B,0x81,0x04,0x00,0x21, /* [4825] OBJ_secp224r1 */ -0x2B,0x81,0x04,0x00,0x0A, /* [4830] OBJ_secp256k1 */ -0x2B,0x81,0x04,0x00,0x22, /* [4835] OBJ_secp384r1 */ -0x2B,0x81,0x04,0x00,0x23, /* [4840] OBJ_secp521r1 */ -0x2B,0x81,0x04,0x00,0x04, /* [4845] OBJ_sect113r1 */ -0x2B,0x81,0x04,0x00,0x05, /* [4850] OBJ_sect113r2 */ -0x2B,0x81,0x04,0x00,0x16, /* [4855] OBJ_sect131r1 */ -0x2B,0x81,0x04,0x00,0x17, /* [4860] OBJ_sect131r2 */ -0x2B,0x81,0x04,0x00,0x01, /* [4865] OBJ_sect163k1 */ -0x2B,0x81,0x04,0x00,0x02, /* [4870] OBJ_sect163r1 */ -0x2B,0x81,0x04,0x00,0x0F, /* [4875] OBJ_sect163r2 */ -0x2B,0x81,0x04,0x00,0x18, /* [4880] OBJ_sect193r1 */ -0x2B,0x81,0x04,0x00,0x19, /* [4885] OBJ_sect193r2 */ -0x2B,0x81,0x04,0x00,0x1A, /* [4890] OBJ_sect233k1 */ -0x2B,0x81,0x04,0x00,0x1B, /* [4895] OBJ_sect233r1 */ -0x2B,0x81,0x04,0x00,0x03, /* [4900] OBJ_sect239k1 */ -0x2B,0x81,0x04,0x00,0x10, /* [4905] OBJ_sect283k1 */ -0x2B,0x81,0x04,0x00,0x11, /* [4910] OBJ_sect283r1 */ -0x2B,0x81,0x04,0x00,0x24, /* [4915] OBJ_sect409k1 */ -0x2B,0x81,0x04,0x00,0x25, /* [4920] OBJ_sect409r1 */ -0x2B,0x81,0x04,0x00,0x26, /* [4925] OBJ_sect571k1 */ -0x2B,0x81,0x04,0x00,0x27, /* [4930] OBJ_sect571r1 */ -0x67,0x2B,0x01,0x04,0x01, /* [4935] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x01,0x04,0x03, /* [4940] OBJ_wap_wsg_idm_ecid_wtls3 */ -0x67,0x2B,0x01,0x04,0x04, /* [4945] OBJ_wap_wsg_idm_ecid_wtls4 */ -0x67,0x2B,0x01,0x04,0x05, /* [4950] OBJ_wap_wsg_idm_ecid_wtls5 */ -0x67,0x2B,0x01,0x04,0x06, /* [4955] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x01,0x04,0x07, /* [4960] OBJ_wap_wsg_idm_ecid_wtls7 */ -0x67,0x2B,0x01,0x04,0x08, /* [4965] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x01,0x04,0x09, /* [4970] OBJ_wap_wsg_idm_ecid_wtls9 */ -0x67,0x2B,0x01,0x04,0x0A, /* [4975] OBJ_wap_wsg_idm_ecid_wtls10 */ -0x67,0x2B,0x01,0x04,0x0B, /* [4980] OBJ_wap_wsg_idm_ecid_wtls11 */ -0x67,0x2B,0x01,0x04,0x0C, /* [4985] OBJ_wap_wsg_idm_ecid_wtls12 */ -0x55,0x1D,0x20,0x00, /* [4990] OBJ_any_policy */ -0x55,0x1D,0x21, /* [4994] OBJ_policy_mappings */ -0x55,0x1D,0x36, /* [4997] OBJ_inhibit_any_policy */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5000] OBJ_camellia_128_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5011] OBJ_camellia_192_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5022] OBJ_camellia_256_cbc */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5033] OBJ_camellia_128_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5041] OBJ_camellia_192_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5049] OBJ_camellia_256_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5057] OBJ_camellia_128_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5065] OBJ_camellia_192_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5073] OBJ_camellia_256_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5081] OBJ_camellia_128_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5089] OBJ_camellia_192_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5097] OBJ_camellia_256_ofb128 */ -0x55,0x1D,0x09, /* [5105] OBJ_subject_directory_attributes */ -0x55,0x1D,0x1C, /* [5108] OBJ_issuing_distribution_point */ -0x55,0x1D,0x1D, /* [5111] OBJ_certificate_issuer */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5114] OBJ_kisa */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5120] OBJ_seed_ecb */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5128] OBJ_seed_cbc */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5136] OBJ_seed_ofb128 */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5144] OBJ_seed_cfb128 */ -0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5152] OBJ_hmac_md5 */ -0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5160] OBJ_hmac_sha1 */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5168] OBJ_id_PasswordBasedMAC */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5177] OBJ_id_DHBasedMac */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5186] OBJ_id_it_suppLangTags */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5194] OBJ_caRepository */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5202] OBJ_id_smime_ct_compressedData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5213] OBJ_id_ct_asciiTextWithCRLF */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5224] OBJ_id_aes128_wrap */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5233] OBJ_id_aes192_wrap */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5242] OBJ_id_aes256_wrap */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5251] OBJ_ecdsa_with_Recommended */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5258] OBJ_ecdsa_with_Specified */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5265] OBJ_ecdsa_with_SHA224 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5273] OBJ_ecdsa_with_SHA256 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5281] OBJ_ecdsa_with_SHA384 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5289] OBJ_ecdsa_with_SHA512 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5297] OBJ_hmacWithMD5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5305] OBJ_hmacWithSHA224 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5313] OBJ_hmacWithSHA256 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5321] OBJ_hmacWithSHA384 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5329] OBJ_hmacWithSHA512 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5337] OBJ_dsa_with_SHA224 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5346] OBJ_dsa_with_SHA256 */ -0x28,0xCF,0x06,0x03,0x00,0x37, /* [5355] OBJ_whirlpool */ -0x2A,0x85,0x03,0x02,0x02, /* [5361] OBJ_cryptopro */ -0x2A,0x85,0x03,0x02,0x09, /* [5366] OBJ_cryptocom */ -0x2A,0x85,0x03,0x02,0x02,0x03, /* [5371] OBJ_id_GostR3411_94_with_GostR3410_2001 */ -0x2A,0x85,0x03,0x02,0x02,0x04, /* [5377] OBJ_id_GostR3411_94_with_GostR3410_94 */ -0x2A,0x85,0x03,0x02,0x02,0x09, /* [5383] OBJ_id_GostR3411_94 */ -0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5389] OBJ_id_HMACGostR3411_94 */ -0x2A,0x85,0x03,0x02,0x02,0x13, /* [5395] OBJ_id_GostR3410_2001 */ -0x2A,0x85,0x03,0x02,0x02,0x14, /* [5401] OBJ_id_GostR3410_94 */ -0x2A,0x85,0x03,0x02,0x02,0x15, /* [5407] OBJ_id_Gost28147_89 */ -0x2A,0x85,0x03,0x02,0x02,0x16, /* [5413] OBJ_id_Gost28147_89_MAC */ -0x2A,0x85,0x03,0x02,0x02,0x17, /* [5419] OBJ_id_GostR3411_94_prf */ -0x2A,0x85,0x03,0x02,0x02,0x62, /* [5425] OBJ_id_GostR3410_2001DH */ -0x2A,0x85,0x03,0x02,0x02,0x63, /* [5431] OBJ_id_GostR3410_94DH */ -0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5437] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ -0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5444] OBJ_id_Gost28147_89_None_KeyMeshing */ -0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5451] OBJ_id_GostR3411_94_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5458] OBJ_id_GostR3411_94_CryptoProParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5465] OBJ_id_Gost28147_89_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5472] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5479] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5486] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5493] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5500] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5507] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5514] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5521] OBJ_id_GostR3410_94_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5528] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5535] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5542] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5549] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5556] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5563] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5570] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5577] OBJ_id_GostR3410_2001_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5584] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5591] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5598] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5605] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5612] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5619] OBJ_id_GostR3410_94_a */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5626] OBJ_id_GostR3410_94_aBis */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5633] OBJ_id_GostR3410_94_b */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5640] OBJ_id_GostR3410_94_bBis */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5647] OBJ_id_Gost28147_89_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5655] OBJ_id_GostR3410_94_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5663] OBJ_id_GostR3410_2001_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5671] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5679] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5687] OBJ_id_GostR3410_2001_ParamSet_cc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5695] OBJ_LocalKeySet */ -0x55,0x1D,0x2E, /* [5704] OBJ_freshest_crl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5707] OBJ_id_on_permanentIdentifier */ -0x55,0x04,0x0E, /* [5715] OBJ_searchGuide */ -0x55,0x04,0x0F, /* [5718] OBJ_businessCategory */ -0x55,0x04,0x10, /* [5721] OBJ_postalAddress */ -0x55,0x04,0x12, /* [5724] OBJ_postOfficeBox */ -0x55,0x04,0x13, /* [5727] OBJ_physicalDeliveryOfficeName */ -0x55,0x04,0x14, /* [5730] OBJ_telephoneNumber */ -0x55,0x04,0x15, /* [5733] OBJ_telexNumber */ -0x55,0x04,0x16, /* [5736] OBJ_teletexTerminalIdentifier */ -0x55,0x04,0x17, /* [5739] OBJ_facsimileTelephoneNumber */ -0x55,0x04,0x18, /* [5742] OBJ_x121Address */ -0x55,0x04,0x19, /* [5745] OBJ_internationaliSDNNumber */ -0x55,0x04,0x1A, /* [5748] OBJ_registeredAddress */ -0x55,0x04,0x1B, /* [5751] OBJ_destinationIndicator */ -0x55,0x04,0x1C, /* [5754] OBJ_preferredDeliveryMethod */ -0x55,0x04,0x1D, /* [5757] OBJ_presentationAddress */ -0x55,0x04,0x1E, /* [5760] OBJ_supportedApplicationContext */ -0x55,0x04,0x1F, /* [5763] OBJ_member */ -0x55,0x04,0x20, /* [5766] OBJ_owner */ -0x55,0x04,0x21, /* [5769] OBJ_roleOccupant */ -0x55,0x04,0x22, /* [5772] OBJ_seeAlso */ -0x55,0x04,0x23, /* [5775] OBJ_userPassword */ -0x55,0x04,0x24, /* [5778] OBJ_userCertificate */ -0x55,0x04,0x25, /* [5781] OBJ_cACertificate */ -0x55,0x04,0x26, /* [5784] OBJ_authorityRevocationList */ -0x55,0x04,0x27, /* [5787] OBJ_certificateRevocationList */ -0x55,0x04,0x28, /* [5790] OBJ_crossCertificatePair */ -0x55,0x04,0x2F, /* [5793] OBJ_enhancedSearchGuide */ -0x55,0x04,0x30, /* [5796] OBJ_protocolInformation */ -0x55,0x04,0x31, /* [5799] OBJ_distinguishedName */ -0x55,0x04,0x32, /* [5802] OBJ_uniqueMember */ -0x55,0x04,0x33, /* [5805] OBJ_houseIdentifier */ -0x55,0x04,0x34, /* [5808] OBJ_supportedAlgorithms */ -0x55,0x04,0x35, /* [5811] OBJ_deltaRevocationList */ -0x55,0x04,0x36, /* [5814] OBJ_dmdName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5817] OBJ_id_alg_PWRI_KEK */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5828] OBJ_aes_128_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5837] OBJ_aes_128_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5846] OBJ_id_aes128_wrap_pad */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5855] OBJ_aes_192_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5864] OBJ_aes_192_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5873] OBJ_id_aes192_wrap_pad */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5882] OBJ_aes_256_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5891] OBJ_aes_256_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5900] OBJ_id_aes256_wrap_pad */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5909] OBJ_id_camellia128_wrap */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5920] OBJ_id_camellia192_wrap */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5931] OBJ_id_camellia256_wrap */ -0x55,0x1D,0x25,0x00, /* [5942] OBJ_anyExtendedKeyUsage */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5946] OBJ_mgf1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5955] OBJ_rsassaPss */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5964] OBJ_rsaesOaep */ -0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5973] OBJ_dhpublicnumber */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5980] OBJ_brainpoolP160r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5989] OBJ_brainpoolP160t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [5998] OBJ_brainpoolP192r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6007] OBJ_brainpoolP192t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6016] OBJ_brainpoolP224r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6025] OBJ_brainpoolP224t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6034] OBJ_brainpoolP256r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6043] OBJ_brainpoolP256t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6052] OBJ_brainpoolP320r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6061] OBJ_brainpoolP320t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6070] OBJ_brainpoolP384r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6079] OBJ_brainpoolP384t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6088] OBJ_brainpoolP512r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6097] OBJ_brainpoolP512t1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6106] OBJ_pSpecified */ -0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6115] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6124] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6130] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6136] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6142] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ -0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6148] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6157] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6163] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6169] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6175] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [616] OBJ_zlib_compression */ +0x55,0x1D,0x25, /* [627] OBJ_ext_key_usage */ +0x2B,0x06,0x01,0x05,0x05,0x07, /* [630] OBJ_id_pkix */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [636] OBJ_id_kp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [643] OBJ_server_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [651] OBJ_client_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [659] OBJ_code_sign */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [667] OBJ_email_protect */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [675] OBJ_time_stamp */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [683] OBJ_ms_code_ind */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [693] OBJ_ms_code_com */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [703] OBJ_ms_ctl_sign */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [713] OBJ_ms_sgc */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [723] OBJ_ms_efs */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [733] OBJ_ns_sgc */ +0x55,0x1D,0x1B, /* [742] OBJ_delta_crl */ +0x55,0x1D,0x15, /* [745] OBJ_crl_reason */ +0x55,0x1D,0x18, /* [748] OBJ_invalidity_date */ +0x2B,0x65,0x01,0x04,0x01, /* [751] OBJ_sxnet */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [756] OBJ_pbe_WithSHA1And128BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [766] OBJ_pbe_WithSHA1And40BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [776] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [786] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [796] OBJ_pbe_WithSHA1And128BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [806] OBJ_pbe_WithSHA1And40BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [816] OBJ_keyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [827] OBJ_pkcs8ShroudedKeyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [838] OBJ_certBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [849] OBJ_crlBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [860] OBJ_secretBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [871] OBJ_safeContentsBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [882] OBJ_friendlyName */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [891] OBJ_localKeyID */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [900] OBJ_x509Certificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [910] OBJ_sdsiCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [920] OBJ_x509Crl */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [930] OBJ_pbes2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [939] OBJ_pbmac1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [948] OBJ_hmacWithSHA1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [956] OBJ_id_qt_cps */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [964] OBJ_id_qt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [972] OBJ_SMIMECapabilities */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [981] OBJ_pbeWithMD2AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [990] OBJ_pbeWithMD5AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [999] OBJ_pbeWithSHA1AndDES_CBC */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1008] OBJ_ms_ext_req */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1018] OBJ_ext_req */ +0x55,0x04,0x29, /* [1027] OBJ_name */ +0x55,0x04,0x2E, /* [1030] OBJ_dnQualifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1033] OBJ_id_pe */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1040] OBJ_id_ad */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1047] OBJ_info_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1055] OBJ_ad_OCSP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1063] OBJ_ad_ca_issuers */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1071] OBJ_OCSP_sign */ +0x2A, /* [1079] OBJ_member_body */ +0x2A,0x86,0x48, /* [1080] OBJ_ISO_US */ +0x2A,0x86,0x48,0xCE,0x38, /* [1083] OBJ_X9_57 */ +0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1088] OBJ_X9cm */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1094] OBJ_pkcs1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1102] OBJ_pkcs5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1110] OBJ_SMIME */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1119] OBJ_id_smime_mod */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1129] OBJ_id_smime_ct */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1139] OBJ_id_smime_aa */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1149] OBJ_id_smime_alg */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1159] OBJ_id_smime_cd */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1169] OBJ_id_smime_spq */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1179] OBJ_id_smime_cti */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1189] OBJ_id_smime_mod_cms */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1200] OBJ_id_smime_mod_ess */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1211] OBJ_id_smime_mod_oid */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1222] OBJ_id_smime_mod_msg_v3 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1233] OBJ_id_smime_mod_ets_eSignature_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1244] OBJ_id_smime_mod_ets_eSignature_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1255] OBJ_id_smime_mod_ets_eSigPolicy_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1266] OBJ_id_smime_mod_ets_eSigPolicy_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1277] OBJ_id_smime_ct_receipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1288] OBJ_id_smime_ct_authData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1299] OBJ_id_smime_ct_publishCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1310] OBJ_id_smime_ct_TSTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1321] OBJ_id_smime_ct_TDTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1332] OBJ_id_smime_ct_contentInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1343] OBJ_id_smime_ct_DVCSRequestData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1354] OBJ_id_smime_ct_DVCSResponseData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1365] OBJ_id_smime_aa_receiptRequest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1376] OBJ_id_smime_aa_securityLabel */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1387] OBJ_id_smime_aa_mlExpandHistory */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1398] OBJ_id_smime_aa_contentHint */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1409] OBJ_id_smime_aa_msgSigDigest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1420] OBJ_id_smime_aa_encapContentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1431] OBJ_id_smime_aa_contentIdentifier */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1442] OBJ_id_smime_aa_macValue */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1453] OBJ_id_smime_aa_equivalentLabels */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1464] OBJ_id_smime_aa_contentReference */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1475] OBJ_id_smime_aa_encrypKeyPref */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1486] OBJ_id_smime_aa_signingCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1497] OBJ_id_smime_aa_smimeEncryptCerts */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1508] OBJ_id_smime_aa_timeStampToken */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1519] OBJ_id_smime_aa_ets_sigPolicyId */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1530] OBJ_id_smime_aa_ets_commitmentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1541] OBJ_id_smime_aa_ets_signerLocation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1552] OBJ_id_smime_aa_ets_signerAttr */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1563] OBJ_id_smime_aa_ets_otherSigCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1574] OBJ_id_smime_aa_ets_contentTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1585] OBJ_id_smime_aa_ets_CertificateRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1596] OBJ_id_smime_aa_ets_RevocationRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1607] OBJ_id_smime_aa_ets_certValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1618] OBJ_id_smime_aa_ets_revocationValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1629] OBJ_id_smime_aa_ets_escTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1640] OBJ_id_smime_aa_ets_certCRLTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1651] OBJ_id_smime_aa_ets_archiveTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1662] OBJ_id_smime_aa_signatureType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1673] OBJ_id_smime_aa_dvcs_dvc */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1684] OBJ_id_smime_alg_ESDHwith3DES */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1695] OBJ_id_smime_alg_ESDHwithRC2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1706] OBJ_id_smime_alg_3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1717] OBJ_id_smime_alg_RC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1728] OBJ_id_smime_alg_ESDH */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1739] OBJ_id_smime_alg_CMS3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1750] OBJ_id_smime_alg_CMSRC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1761] OBJ_id_smime_cd_ldap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1772] OBJ_id_smime_spq_ets_sqt_uri */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1783] OBJ_id_smime_spq_ets_sqt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1794] OBJ_id_smime_cti_ets_proofOfOrigin */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1805] OBJ_id_smime_cti_ets_proofOfReceipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1816] OBJ_id_smime_cti_ets_proofOfDelivery */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1827] OBJ_id_smime_cti_ets_proofOfSender */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1838] OBJ_id_smime_cti_ets_proofOfApproval */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1849] OBJ_id_smime_cti_ets_proofOfCreation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1860] OBJ_md4 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1868] OBJ_id_pkix_mod */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1875] OBJ_id_qt */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1882] OBJ_id_it */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1889] OBJ_id_pkip */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1896] OBJ_id_alg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1903] OBJ_id_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1910] OBJ_id_on */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1917] OBJ_id_pda */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1924] OBJ_id_aca */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1931] OBJ_id_qcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1938] OBJ_id_cct */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1945] OBJ_id_pkix1_explicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1953] OBJ_id_pkix1_implicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1961] OBJ_id_pkix1_explicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1969] OBJ_id_pkix1_implicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1977] OBJ_id_mod_crmf */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1985] OBJ_id_mod_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1993] OBJ_id_mod_kea_profile_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2001] OBJ_id_mod_kea_profile_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2009] OBJ_id_mod_cmp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2017] OBJ_id_mod_qualified_cert_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2025] OBJ_id_mod_qualified_cert_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2033] OBJ_id_mod_attribute_cert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2041] OBJ_id_mod_timestamp_protocol */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2049] OBJ_id_mod_ocsp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2057] OBJ_id_mod_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2065] OBJ_id_mod_cmp2000 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2073] OBJ_biometricInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2081] OBJ_qcStatements */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2089] OBJ_ac_auditEntity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2097] OBJ_ac_targeting */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2105] OBJ_aaControls */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2113] OBJ_sbgp_ipAddrBlock */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2121] OBJ_sbgp_autonomousSysNum */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2129] OBJ_sbgp_routerIdentifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2137] OBJ_textNotice */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2145] OBJ_ipsecEndSystem */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2153] OBJ_ipsecTunnel */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2161] OBJ_ipsecUser */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2169] OBJ_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2177] OBJ_id_it_caProtEncCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2185] OBJ_id_it_signKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2193] OBJ_id_it_encKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2201] OBJ_id_it_preferredSymmAlg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2209] OBJ_id_it_caKeyUpdateInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2217] OBJ_id_it_currentCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2225] OBJ_id_it_unsupportedOIDs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2233] OBJ_id_it_subscriptionRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2241] OBJ_id_it_subscriptionResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2249] OBJ_id_it_keyPairParamReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2257] OBJ_id_it_keyPairParamRep */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2265] OBJ_id_it_revPassphrase */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2273] OBJ_id_it_implicitConfirm */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2281] OBJ_id_it_confirmWaitTime */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2289] OBJ_id_it_origPKIMessage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2297] OBJ_id_regCtrl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2305] OBJ_id_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2313] OBJ_id_regCtrl_regToken */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2322] OBJ_id_regCtrl_authenticator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2331] OBJ_id_regCtrl_pkiPublicationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2340] OBJ_id_regCtrl_pkiArchiveOptions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2349] OBJ_id_regCtrl_oldCertID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2358] OBJ_id_regCtrl_protocolEncrKey */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2367] OBJ_id_regInfo_utf8Pairs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2376] OBJ_id_regInfo_certReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2385] OBJ_id_alg_des40 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2393] OBJ_id_alg_noSignature */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2401] OBJ_id_alg_dh_sig_hmac_sha1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2409] OBJ_id_alg_dh_pop */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2417] OBJ_id_cmc_statusInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2425] OBJ_id_cmc_identification */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2433] OBJ_id_cmc_identityProof */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2441] OBJ_id_cmc_dataReturn */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2449] OBJ_id_cmc_transactionId */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2457] OBJ_id_cmc_senderNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2465] OBJ_id_cmc_recipientNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2473] OBJ_id_cmc_addExtensions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2481] OBJ_id_cmc_encryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2489] OBJ_id_cmc_decryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2497] OBJ_id_cmc_lraPOPWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2505] OBJ_id_cmc_getCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2513] OBJ_id_cmc_getCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2521] OBJ_id_cmc_revokeRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2529] OBJ_id_cmc_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2537] OBJ_id_cmc_responseInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2545] OBJ_id_cmc_queryPending */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2553] OBJ_id_cmc_popLinkRandom */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2561] OBJ_id_cmc_popLinkWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2569] OBJ_id_cmc_confirmCertAcceptance */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2577] OBJ_id_on_personalData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2585] OBJ_id_pda_dateOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2593] OBJ_id_pda_placeOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2601] OBJ_id_pda_gender */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2609] OBJ_id_pda_countryOfCitizenship */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2617] OBJ_id_pda_countryOfResidence */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2625] OBJ_id_aca_authenticationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2633] OBJ_id_aca_accessIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2641] OBJ_id_aca_chargingIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2649] OBJ_id_aca_group */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2657] OBJ_id_aca_role */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2665] OBJ_id_qcs_pkixQCSyntax_v1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2673] OBJ_id_cct_crs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2681] OBJ_id_cct_PKIData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2689] OBJ_id_cct_PKIResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2697] OBJ_ad_timeStamping */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2705] OBJ_ad_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2713] OBJ_id_pkix_OCSP_basic */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2722] OBJ_id_pkix_OCSP_Nonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2731] OBJ_id_pkix_OCSP_CrlID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2740] OBJ_id_pkix_OCSP_acceptableResponses */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2749] OBJ_id_pkix_OCSP_noCheck */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2758] OBJ_id_pkix_OCSP_archiveCutoff */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2767] OBJ_id_pkix_OCSP_serviceLocator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2776] OBJ_id_pkix_OCSP_extendedStatus */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2785] OBJ_id_pkix_OCSP_valid */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2794] OBJ_id_pkix_OCSP_path */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2803] OBJ_id_pkix_OCSP_trustRoot */ +0x2B,0x0E,0x03,0x02, /* [2812] OBJ_algorithm */ +0x2B,0x0E,0x03,0x02,0x0B, /* [2816] OBJ_rsaSignature */ +0x55,0x08, /* [2821] OBJ_X500algorithms */ +0x2B, /* [2823] OBJ_org */ +0x2B,0x06, /* [2824] OBJ_dod */ +0x2B,0x06,0x01, /* [2826] OBJ_iana */ +0x2B,0x06,0x01,0x01, /* [2829] OBJ_Directory */ +0x2B,0x06,0x01,0x02, /* [2833] OBJ_Management */ +0x2B,0x06,0x01,0x03, /* [2837] OBJ_Experimental */ +0x2B,0x06,0x01,0x04, /* [2841] OBJ_Private */ +0x2B,0x06,0x01,0x05, /* [2845] OBJ_Security */ +0x2B,0x06,0x01,0x06, /* [2849] OBJ_SNMPv2 */ +0x2B,0x06,0x01,0x07, /* [2853] OBJ_Mail */ +0x2B,0x06,0x01,0x04,0x01, /* [2857] OBJ_Enterprises */ +0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2862] OBJ_dcObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2871] OBJ_domainComponent */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2881] OBJ_Domain */ +0x55,0x01,0x05, /* [2891] OBJ_selected_attribute_types */ +0x55,0x01,0x05,0x37, /* [2894] OBJ_clearance */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2898] OBJ_md4WithRSAEncryption */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2907] OBJ_ac_proxying */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2915] OBJ_sinfo_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2923] OBJ_id_aca_encAttrs */ +0x55,0x04,0x48, /* [2931] OBJ_role */ +0x55,0x1D,0x24, /* [2934] OBJ_policy_constraints */ +0x55,0x1D,0x37, /* [2937] OBJ_target_information */ +0x55,0x1D,0x38, /* [2940] OBJ_no_rev_avail */ +0x2A,0x86,0x48,0xCE,0x3D, /* [2943] OBJ_ansi_X9_62 */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2948] OBJ_X9_62_prime_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2955] OBJ_X9_62_characteristic_two_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2962] OBJ_X9_62_id_ecPublicKey */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2969] OBJ_X9_62_prime192v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2977] OBJ_X9_62_prime192v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2985] OBJ_X9_62_prime192v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2993] OBJ_X9_62_prime239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3001] OBJ_X9_62_prime239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3009] OBJ_X9_62_prime239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3017] OBJ_X9_62_prime256v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3025] OBJ_ecdsa_with_SHA1 */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3032] OBJ_ms_csp_name */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3041] OBJ_aes_128_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3050] OBJ_aes_128_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3059] OBJ_aes_128_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3068] OBJ_aes_128_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3077] OBJ_aes_192_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3086] OBJ_aes_192_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3095] OBJ_aes_192_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3104] OBJ_aes_192_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3113] OBJ_aes_256_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3122] OBJ_aes_256_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3131] OBJ_aes_256_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3140] OBJ_aes_256_cfb128 */ +0x55,0x1D,0x17, /* [3149] OBJ_hold_instruction_code */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3152] OBJ_hold_instruction_none */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3159] OBJ_hold_instruction_call_issuer */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3166] OBJ_hold_instruction_reject */ +0x09, /* [3173] OBJ_data */ +0x09,0x92,0x26, /* [3174] OBJ_pss */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3177] OBJ_ucl */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3184] OBJ_pilot */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3192] OBJ_pilotAttributeType */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3201] OBJ_pilotAttributeSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3210] OBJ_pilotObjectClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3219] OBJ_pilotGroups */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3228] OBJ_iA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3238] OBJ_caseIgnoreIA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3248] OBJ_pilotObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3258] OBJ_pilotPerson */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3268] OBJ_account */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3278] OBJ_document */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3288] OBJ_room */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3298] OBJ_documentSeries */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3308] OBJ_rFC822localPart */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3318] OBJ_dNSDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3328] OBJ_domainRelatedObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3338] OBJ_friendlyCountry */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3348] OBJ_simpleSecurityObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3358] OBJ_pilotOrganization */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3368] OBJ_pilotDSA */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3378] OBJ_qualityLabelledData */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3388] OBJ_userId */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3398] OBJ_textEncodedORAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3408] OBJ_rfc822Mailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3418] OBJ_info */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3428] OBJ_favouriteDrink */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3438] OBJ_roomNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3448] OBJ_photo */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3458] OBJ_userClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3468] OBJ_host */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3478] OBJ_manager */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3488] OBJ_documentIdentifier */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3498] OBJ_documentTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3508] OBJ_documentVersion */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3518] OBJ_documentAuthor */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3528] OBJ_documentLocation */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3538] OBJ_homeTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3548] OBJ_secretary */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3558] OBJ_otherMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3568] OBJ_lastModifiedTime */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3578] OBJ_lastModifiedBy */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3588] OBJ_aRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3598] OBJ_pilotAttributeType27 */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3608] OBJ_mXRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3618] OBJ_nSRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3628] OBJ_sOARecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3638] OBJ_cNAMERecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3648] OBJ_associatedDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3658] OBJ_associatedName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3668] OBJ_homePostalAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3678] OBJ_personalTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3688] OBJ_mobileTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3698] OBJ_pagerTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3708] OBJ_friendlyCountryName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3718] OBJ_organizationalStatus */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3728] OBJ_janetMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3738] OBJ_mailPreferenceOption */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3748] OBJ_buildingName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3758] OBJ_dSAQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3768] OBJ_singleLevelQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3778] OBJ_subtreeMinimumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3788] OBJ_subtreeMaximumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3798] OBJ_personalSignature */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3808] OBJ_dITRedirect */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3818] OBJ_audio */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3828] OBJ_documentPublisher */ +0x55,0x04,0x2D, /* [3838] OBJ_x500UniqueIdentifier */ +0x2B,0x06,0x01,0x07,0x01, /* [3841] OBJ_mime_mhs */ +0x2B,0x06,0x01,0x07,0x01,0x01, /* [3846] OBJ_mime_mhs_headings */ +0x2B,0x06,0x01,0x07,0x01,0x02, /* [3852] OBJ_mime_mhs_bodies */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3858] OBJ_id_hex_partial_message */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3865] OBJ_id_hex_multipart_message */ +0x55,0x04,0x2C, /* [3872] OBJ_generationQualifier */ +0x55,0x04,0x41, /* [3875] OBJ_pseudonym */ +0x67,0x2A, /* [3878] OBJ_id_set */ +0x67,0x2A,0x00, /* [3880] OBJ_set_ctype */ +0x67,0x2A,0x01, /* [3883] OBJ_set_msgExt */ +0x67,0x2A,0x03, /* [3886] OBJ_set_attr */ +0x67,0x2A,0x05, /* [3889] OBJ_set_policy */ +0x67,0x2A,0x07, /* [3892] OBJ_set_certExt */ +0x67,0x2A,0x08, /* [3895] OBJ_set_brand */ +0x67,0x2A,0x00,0x00, /* [3898] OBJ_setct_PANData */ +0x67,0x2A,0x00,0x01, /* [3902] OBJ_setct_PANToken */ +0x67,0x2A,0x00,0x02, /* [3906] OBJ_setct_PANOnly */ +0x67,0x2A,0x00,0x03, /* [3910] OBJ_setct_OIData */ +0x67,0x2A,0x00,0x04, /* [3914] OBJ_setct_PI */ +0x67,0x2A,0x00,0x05, /* [3918] OBJ_setct_PIData */ +0x67,0x2A,0x00,0x06, /* [3922] OBJ_setct_PIDataUnsigned */ +0x67,0x2A,0x00,0x07, /* [3926] OBJ_setct_HODInput */ +0x67,0x2A,0x00,0x08, /* [3930] OBJ_setct_AuthResBaggage */ +0x67,0x2A,0x00,0x09, /* [3934] OBJ_setct_AuthRevReqBaggage */ +0x67,0x2A,0x00,0x0A, /* [3938] OBJ_setct_AuthRevResBaggage */ +0x67,0x2A,0x00,0x0B, /* [3942] OBJ_setct_CapTokenSeq */ +0x67,0x2A,0x00,0x0C, /* [3946] OBJ_setct_PInitResData */ +0x67,0x2A,0x00,0x0D, /* [3950] OBJ_setct_PI_TBS */ +0x67,0x2A,0x00,0x0E, /* [3954] OBJ_setct_PResData */ +0x67,0x2A,0x00,0x10, /* [3958] OBJ_setct_AuthReqTBS */ +0x67,0x2A,0x00,0x11, /* [3962] OBJ_setct_AuthResTBS */ +0x67,0x2A,0x00,0x12, /* [3966] OBJ_setct_AuthResTBSX */ +0x67,0x2A,0x00,0x13, /* [3970] OBJ_setct_AuthTokenTBS */ +0x67,0x2A,0x00,0x14, /* [3974] OBJ_setct_CapTokenData */ +0x67,0x2A,0x00,0x15, /* [3978] OBJ_setct_CapTokenTBS */ +0x67,0x2A,0x00,0x16, /* [3982] OBJ_setct_AcqCardCodeMsg */ +0x67,0x2A,0x00,0x17, /* [3986] OBJ_setct_AuthRevReqTBS */ +0x67,0x2A,0x00,0x18, /* [3990] OBJ_setct_AuthRevResData */ +0x67,0x2A,0x00,0x19, /* [3994] OBJ_setct_AuthRevResTBS */ +0x67,0x2A,0x00,0x1A, /* [3998] OBJ_setct_CapReqTBS */ +0x67,0x2A,0x00,0x1B, /* [4002] OBJ_setct_CapReqTBSX */ +0x67,0x2A,0x00,0x1C, /* [4006] OBJ_setct_CapResData */ +0x67,0x2A,0x00,0x1D, /* [4010] OBJ_setct_CapRevReqTBS */ +0x67,0x2A,0x00,0x1E, /* [4014] OBJ_setct_CapRevReqTBSX */ +0x67,0x2A,0x00,0x1F, /* [4018] OBJ_setct_CapRevResData */ +0x67,0x2A,0x00,0x20, /* [4022] OBJ_setct_CredReqTBS */ +0x67,0x2A,0x00,0x21, /* [4026] OBJ_setct_CredReqTBSX */ +0x67,0x2A,0x00,0x22, /* [4030] OBJ_setct_CredResData */ +0x67,0x2A,0x00,0x23, /* [4034] OBJ_setct_CredRevReqTBS */ +0x67,0x2A,0x00,0x24, /* [4038] OBJ_setct_CredRevReqTBSX */ +0x67,0x2A,0x00,0x25, /* [4042] OBJ_setct_CredRevResData */ +0x67,0x2A,0x00,0x26, /* [4046] OBJ_setct_PCertReqData */ +0x67,0x2A,0x00,0x27, /* [4050] OBJ_setct_PCertResTBS */ +0x67,0x2A,0x00,0x28, /* [4054] OBJ_setct_BatchAdminReqData */ +0x67,0x2A,0x00,0x29, /* [4058] OBJ_setct_BatchAdminResData */ +0x67,0x2A,0x00,0x2A, /* [4062] OBJ_setct_CardCInitResTBS */ +0x67,0x2A,0x00,0x2B, /* [4066] OBJ_setct_MeAqCInitResTBS */ +0x67,0x2A,0x00,0x2C, /* [4070] OBJ_setct_RegFormResTBS */ +0x67,0x2A,0x00,0x2D, /* [4074] OBJ_setct_CertReqData */ +0x67,0x2A,0x00,0x2E, /* [4078] OBJ_setct_CertReqTBS */ +0x67,0x2A,0x00,0x2F, /* [4082] OBJ_setct_CertResData */ +0x67,0x2A,0x00,0x30, /* [4086] OBJ_setct_CertInqReqTBS */ +0x67,0x2A,0x00,0x31, /* [4090] OBJ_setct_ErrorTBS */ +0x67,0x2A,0x00,0x32, /* [4094] OBJ_setct_PIDualSignedTBE */ +0x67,0x2A,0x00,0x33, /* [4098] OBJ_setct_PIUnsignedTBE */ +0x67,0x2A,0x00,0x34, /* [4102] OBJ_setct_AuthReqTBE */ +0x67,0x2A,0x00,0x35, /* [4106] OBJ_setct_AuthResTBE */ +0x67,0x2A,0x00,0x36, /* [4110] OBJ_setct_AuthResTBEX */ +0x67,0x2A,0x00,0x37, /* [4114] OBJ_setct_AuthTokenTBE */ +0x67,0x2A,0x00,0x38, /* [4118] OBJ_setct_CapTokenTBE */ +0x67,0x2A,0x00,0x39, /* [4122] OBJ_setct_CapTokenTBEX */ +0x67,0x2A,0x00,0x3A, /* [4126] OBJ_setct_AcqCardCodeMsgTBE */ +0x67,0x2A,0x00,0x3B, /* [4130] OBJ_setct_AuthRevReqTBE */ +0x67,0x2A,0x00,0x3C, /* [4134] OBJ_setct_AuthRevResTBE */ +0x67,0x2A,0x00,0x3D, /* [4138] OBJ_setct_AuthRevResTBEB */ +0x67,0x2A,0x00,0x3E, /* [4142] OBJ_setct_CapReqTBE */ +0x67,0x2A,0x00,0x3F, /* [4146] OBJ_setct_CapReqTBEX */ +0x67,0x2A,0x00,0x40, /* [4150] OBJ_setct_CapResTBE */ +0x67,0x2A,0x00,0x41, /* [4154] OBJ_setct_CapRevReqTBE */ +0x67,0x2A,0x00,0x42, /* [4158] OBJ_setct_CapRevReqTBEX */ +0x67,0x2A,0x00,0x43, /* [4162] OBJ_setct_CapRevResTBE */ +0x67,0x2A,0x00,0x44, /* [4166] OBJ_setct_CredReqTBE */ +0x67,0x2A,0x00,0x45, /* [4170] OBJ_setct_CredReqTBEX */ +0x67,0x2A,0x00,0x46, /* [4174] OBJ_setct_CredResTBE */ +0x67,0x2A,0x00,0x47, /* [4178] OBJ_setct_CredRevReqTBE */ +0x67,0x2A,0x00,0x48, /* [4182] OBJ_setct_CredRevReqTBEX */ +0x67,0x2A,0x00,0x49, /* [4186] OBJ_setct_CredRevResTBE */ +0x67,0x2A,0x00,0x4A, /* [4190] OBJ_setct_BatchAdminReqTBE */ +0x67,0x2A,0x00,0x4B, /* [4194] OBJ_setct_BatchAdminResTBE */ +0x67,0x2A,0x00,0x4C, /* [4198] OBJ_setct_RegFormReqTBE */ +0x67,0x2A,0x00,0x4D, /* [4202] OBJ_setct_CertReqTBE */ +0x67,0x2A,0x00,0x4E, /* [4206] OBJ_setct_CertReqTBEX */ +0x67,0x2A,0x00,0x4F, /* [4210] OBJ_setct_CertResTBE */ +0x67,0x2A,0x00,0x50, /* [4214] OBJ_setct_CRLNotificationTBS */ +0x67,0x2A,0x00,0x51, /* [4218] OBJ_setct_CRLNotificationResTBS */ +0x67,0x2A,0x00,0x52, /* [4222] OBJ_setct_BCIDistributionTBS */ +0x67,0x2A,0x01,0x01, /* [4226] OBJ_setext_genCrypt */ +0x67,0x2A,0x01,0x03, /* [4230] OBJ_setext_miAuth */ +0x67,0x2A,0x01,0x04, /* [4234] OBJ_setext_pinSecure */ +0x67,0x2A,0x01,0x05, /* [4238] OBJ_setext_pinAny */ +0x67,0x2A,0x01,0x07, /* [4242] OBJ_setext_track2 */ +0x67,0x2A,0x01,0x08, /* [4246] OBJ_setext_cv */ +0x67,0x2A,0x05,0x00, /* [4250] OBJ_set_policy_root */ +0x67,0x2A,0x07,0x00, /* [4254] OBJ_setCext_hashedRoot */ +0x67,0x2A,0x07,0x01, /* [4258] OBJ_setCext_certType */ +0x67,0x2A,0x07,0x02, /* [4262] OBJ_setCext_merchData */ +0x67,0x2A,0x07,0x03, /* [4266] OBJ_setCext_cCertRequired */ +0x67,0x2A,0x07,0x04, /* [4270] OBJ_setCext_tunneling */ +0x67,0x2A,0x07,0x05, /* [4274] OBJ_setCext_setExt */ +0x67,0x2A,0x07,0x06, /* [4278] OBJ_setCext_setQualf */ +0x67,0x2A,0x07,0x07, /* [4282] OBJ_setCext_PGWYcapabilities */ +0x67,0x2A,0x07,0x08, /* [4286] OBJ_setCext_TokenIdentifier */ +0x67,0x2A,0x07,0x09, /* [4290] OBJ_setCext_Track2Data */ +0x67,0x2A,0x07,0x0A, /* [4294] OBJ_setCext_TokenType */ +0x67,0x2A,0x07,0x0B, /* [4298] OBJ_setCext_IssuerCapabilities */ +0x67,0x2A,0x03,0x00, /* [4302] OBJ_setAttr_Cert */ +0x67,0x2A,0x03,0x01, /* [4306] OBJ_setAttr_PGWYcap */ +0x67,0x2A,0x03,0x02, /* [4310] OBJ_setAttr_TokenType */ +0x67,0x2A,0x03,0x03, /* [4314] OBJ_setAttr_IssCap */ +0x67,0x2A,0x03,0x00,0x00, /* [4318] OBJ_set_rootKeyThumb */ +0x67,0x2A,0x03,0x00,0x01, /* [4323] OBJ_set_addPolicy */ +0x67,0x2A,0x03,0x02,0x01, /* [4328] OBJ_setAttr_Token_EMV */ +0x67,0x2A,0x03,0x02,0x02, /* [4333] OBJ_setAttr_Token_B0Prime */ +0x67,0x2A,0x03,0x03,0x03, /* [4338] OBJ_setAttr_IssCap_CVM */ +0x67,0x2A,0x03,0x03,0x04, /* [4343] OBJ_setAttr_IssCap_T2 */ +0x67,0x2A,0x03,0x03,0x05, /* [4348] OBJ_setAttr_IssCap_Sig */ +0x67,0x2A,0x03,0x03,0x03,0x01, /* [4353] OBJ_setAttr_GenCryptgrm */ +0x67,0x2A,0x03,0x03,0x04,0x01, /* [4359] OBJ_setAttr_T2Enc */ +0x67,0x2A,0x03,0x03,0x04,0x02, /* [4365] OBJ_setAttr_T2cleartxt */ +0x67,0x2A,0x03,0x03,0x05,0x01, /* [4371] OBJ_setAttr_TokICCsig */ +0x67,0x2A,0x03,0x03,0x05,0x02, /* [4377] OBJ_setAttr_SecDevSig */ +0x67,0x2A,0x08,0x01, /* [4383] OBJ_set_brand_IATA_ATA */ +0x67,0x2A,0x08,0x1E, /* [4387] OBJ_set_brand_Diners */ +0x67,0x2A,0x08,0x22, /* [4391] OBJ_set_brand_AmericanExpress */ +0x67,0x2A,0x08,0x23, /* [4395] OBJ_set_brand_JCB */ +0x67,0x2A,0x08,0x04, /* [4399] OBJ_set_brand_Visa */ +0x67,0x2A,0x08,0x05, /* [4403] OBJ_set_brand_MasterCard */ +0x67,0x2A,0x08,0xAE,0x7B, /* [4407] OBJ_set_brand_Novus */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4412] OBJ_des_cdmf */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4420] OBJ_rsaOAEPEncryptionSET */ +0x67, /* [4429] OBJ_international_organizations */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4430] OBJ_ms_smartcard_login */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4440] OBJ_ms_upn */ +0x55,0x04,0x09, /* [4450] OBJ_streetAddress */ +0x55,0x04,0x11, /* [4453] OBJ_postalCode */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4456] OBJ_id_ppl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4463] OBJ_proxyCertInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4471] OBJ_id_ppl_anyLanguage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4479] OBJ_id_ppl_inheritAll */ +0x55,0x1D,0x1E, /* [4487] OBJ_name_constraints */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4490] OBJ_Independent */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4498] OBJ_sha256WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4507] OBJ_sha384WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4516] OBJ_sha512WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4525] OBJ_sha224WithRSAEncryption */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4534] OBJ_sha256 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4543] OBJ_sha384 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4552] OBJ_sha512 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4561] OBJ_sha224 */ +0x2B, /* [4570] OBJ_identified_organization */ +0x2B,0x81,0x04, /* [4571] OBJ_certicom_arc */ +0x67,0x2B, /* [4574] OBJ_wap */ +0x67,0x2B,0x01, /* [4576] OBJ_wap_wsg */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4579] OBJ_X9_62_id_characteristic_two_basis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4587] OBJ_X9_62_onBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4596] OBJ_X9_62_tpBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4605] OBJ_X9_62_ppBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4614] OBJ_X9_62_c2pnb163v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4622] OBJ_X9_62_c2pnb163v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4630] OBJ_X9_62_c2pnb163v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4638] OBJ_X9_62_c2pnb176v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4646] OBJ_X9_62_c2tnb191v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4654] OBJ_X9_62_c2tnb191v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4662] OBJ_X9_62_c2tnb191v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4670] OBJ_X9_62_c2onb191v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4678] OBJ_X9_62_c2onb191v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4686] OBJ_X9_62_c2pnb208w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4694] OBJ_X9_62_c2tnb239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4702] OBJ_X9_62_c2tnb239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4710] OBJ_X9_62_c2tnb239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4718] OBJ_X9_62_c2onb239v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4726] OBJ_X9_62_c2onb239v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4734] OBJ_X9_62_c2pnb272w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4742] OBJ_X9_62_c2pnb304w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4750] OBJ_X9_62_c2tnb359v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4758] OBJ_X9_62_c2pnb368w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4766] OBJ_X9_62_c2tnb431r1 */ +0x2B,0x81,0x04,0x00,0x06, /* [4774] OBJ_secp112r1 */ +0x2B,0x81,0x04,0x00,0x07, /* [4779] OBJ_secp112r2 */ +0x2B,0x81,0x04,0x00,0x1C, /* [4784] OBJ_secp128r1 */ +0x2B,0x81,0x04,0x00,0x1D, /* [4789] OBJ_secp128r2 */ +0x2B,0x81,0x04,0x00,0x09, /* [4794] OBJ_secp160k1 */ +0x2B,0x81,0x04,0x00,0x08, /* [4799] OBJ_secp160r1 */ +0x2B,0x81,0x04,0x00,0x1E, /* [4804] OBJ_secp160r2 */ +0x2B,0x81,0x04,0x00,0x1F, /* [4809] OBJ_secp192k1 */ +0x2B,0x81,0x04,0x00,0x20, /* [4814] OBJ_secp224k1 */ +0x2B,0x81,0x04,0x00,0x21, /* [4819] OBJ_secp224r1 */ +0x2B,0x81,0x04,0x00,0x0A, /* [4824] OBJ_secp256k1 */ +0x2B,0x81,0x04,0x00,0x22, /* [4829] OBJ_secp384r1 */ +0x2B,0x81,0x04,0x00,0x23, /* [4834] OBJ_secp521r1 */ +0x2B,0x81,0x04,0x00,0x04, /* [4839] OBJ_sect113r1 */ +0x2B,0x81,0x04,0x00,0x05, /* [4844] OBJ_sect113r2 */ +0x2B,0x81,0x04,0x00,0x16, /* [4849] OBJ_sect131r1 */ +0x2B,0x81,0x04,0x00,0x17, /* [4854] OBJ_sect131r2 */ +0x2B,0x81,0x04,0x00,0x01, /* [4859] OBJ_sect163k1 */ +0x2B,0x81,0x04,0x00,0x02, /* [4864] OBJ_sect163r1 */ +0x2B,0x81,0x04,0x00,0x0F, /* [4869] OBJ_sect163r2 */ +0x2B,0x81,0x04,0x00,0x18, /* [4874] OBJ_sect193r1 */ +0x2B,0x81,0x04,0x00,0x19, /* [4879] OBJ_sect193r2 */ +0x2B,0x81,0x04,0x00,0x1A, /* [4884] OBJ_sect233k1 */ +0x2B,0x81,0x04,0x00,0x1B, /* [4889] OBJ_sect233r1 */ +0x2B,0x81,0x04,0x00,0x03, /* [4894] OBJ_sect239k1 */ +0x2B,0x81,0x04,0x00,0x10, /* [4899] OBJ_sect283k1 */ +0x2B,0x81,0x04,0x00,0x11, /* [4904] OBJ_sect283r1 */ +0x2B,0x81,0x04,0x00,0x24, /* [4909] OBJ_sect409k1 */ +0x2B,0x81,0x04,0x00,0x25, /* [4914] OBJ_sect409r1 */ +0x2B,0x81,0x04,0x00,0x26, /* [4919] OBJ_sect571k1 */ +0x2B,0x81,0x04,0x00,0x27, /* [4924] OBJ_sect571r1 */ +0x67,0x2B,0x01,0x04,0x01, /* [4929] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x01,0x04,0x03, /* [4934] OBJ_wap_wsg_idm_ecid_wtls3 */ +0x67,0x2B,0x01,0x04,0x04, /* [4939] OBJ_wap_wsg_idm_ecid_wtls4 */ +0x67,0x2B,0x01,0x04,0x05, /* [4944] OBJ_wap_wsg_idm_ecid_wtls5 */ +0x67,0x2B,0x01,0x04,0x06, /* [4949] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x01,0x04,0x07, /* [4954] OBJ_wap_wsg_idm_ecid_wtls7 */ +0x67,0x2B,0x01,0x04,0x08, /* [4959] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x01,0x04,0x09, /* [4964] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x67,0x2B,0x01,0x04,0x0A, /* [4969] OBJ_wap_wsg_idm_ecid_wtls10 */ +0x67,0x2B,0x01,0x04,0x0B, /* [4974] OBJ_wap_wsg_idm_ecid_wtls11 */ +0x67,0x2B,0x01,0x04,0x0C, /* [4979] OBJ_wap_wsg_idm_ecid_wtls12 */ +0x55,0x1D,0x20,0x00, /* [4984] OBJ_any_policy */ +0x55,0x1D,0x21, /* [4988] OBJ_policy_mappings */ +0x55,0x1D,0x36, /* [4991] OBJ_inhibit_any_policy */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [4994] OBJ_camellia_128_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5005] OBJ_camellia_192_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5016] OBJ_camellia_256_cbc */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5027] OBJ_camellia_128_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5035] OBJ_camellia_192_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5043] OBJ_camellia_256_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5051] OBJ_camellia_128_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5059] OBJ_camellia_192_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5067] OBJ_camellia_256_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5075] OBJ_camellia_128_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5083] OBJ_camellia_192_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5091] OBJ_camellia_256_ofb128 */ +0x55,0x1D,0x09, /* [5099] OBJ_subject_directory_attributes */ +0x55,0x1D,0x1C, /* [5102] OBJ_issuing_distribution_point */ +0x55,0x1D,0x1D, /* [5105] OBJ_certificate_issuer */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5108] OBJ_kisa */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5114] OBJ_seed_ecb */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5122] OBJ_seed_cbc */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5130] OBJ_seed_ofb128 */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5138] OBJ_seed_cfb128 */ +0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5146] OBJ_hmac_md5 */ +0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5154] OBJ_hmac_sha1 */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5162] OBJ_id_PasswordBasedMAC */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5171] OBJ_id_DHBasedMac */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5180] OBJ_id_it_suppLangTags */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5188] OBJ_caRepository */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5196] OBJ_id_smime_ct_compressedData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5207] OBJ_id_ct_asciiTextWithCRLF */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5218] OBJ_id_aes128_wrap */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5227] OBJ_id_aes192_wrap */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5236] OBJ_id_aes256_wrap */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5245] OBJ_ecdsa_with_Recommended */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5252] OBJ_ecdsa_with_Specified */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5259] OBJ_ecdsa_with_SHA224 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5267] OBJ_ecdsa_with_SHA256 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5275] OBJ_ecdsa_with_SHA384 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5283] OBJ_ecdsa_with_SHA512 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5291] OBJ_hmacWithMD5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5299] OBJ_hmacWithSHA224 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5307] OBJ_hmacWithSHA256 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5315] OBJ_hmacWithSHA384 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5323] OBJ_hmacWithSHA512 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5331] OBJ_dsa_with_SHA224 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5340] OBJ_dsa_with_SHA256 */ +0x28,0xCF,0x06,0x03,0x00,0x37, /* [5349] OBJ_whirlpool */ +0x2A,0x85,0x03,0x02,0x02, /* [5355] OBJ_cryptopro */ +0x2A,0x85,0x03,0x02,0x09, /* [5360] OBJ_cryptocom */ +0x2A,0x85,0x03,0x02,0x02,0x03, /* [5365] OBJ_id_GostR3411_94_with_GostR3410_2001 */ +0x2A,0x85,0x03,0x02,0x02,0x04, /* [5371] OBJ_id_GostR3411_94_with_GostR3410_94 */ +0x2A,0x85,0x03,0x02,0x02,0x09, /* [5377] OBJ_id_GostR3411_94 */ +0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5383] OBJ_id_HMACGostR3411_94 */ +0x2A,0x85,0x03,0x02,0x02,0x13, /* [5389] OBJ_id_GostR3410_2001 */ +0x2A,0x85,0x03,0x02,0x02,0x14, /* [5395] OBJ_id_GostR3410_94 */ +0x2A,0x85,0x03,0x02,0x02,0x15, /* [5401] OBJ_id_Gost28147_89 */ +0x2A,0x85,0x03,0x02,0x02,0x16, /* [5407] OBJ_id_Gost28147_89_MAC */ +0x2A,0x85,0x03,0x02,0x02,0x17, /* [5413] OBJ_id_GostR3411_94_prf */ +0x2A,0x85,0x03,0x02,0x02,0x62, /* [5419] OBJ_id_GostR3410_2001DH */ +0x2A,0x85,0x03,0x02,0x02,0x63, /* [5425] OBJ_id_GostR3410_94DH */ +0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5431] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ +0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5438] OBJ_id_Gost28147_89_None_KeyMeshing */ +0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5445] OBJ_id_GostR3411_94_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5452] OBJ_id_GostR3411_94_CryptoProParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5459] OBJ_id_Gost28147_89_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5466] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5473] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5480] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5487] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5494] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5501] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5508] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5515] OBJ_id_GostR3410_94_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5522] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5529] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5536] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5543] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5550] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5557] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5564] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5571] OBJ_id_GostR3410_2001_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5578] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5585] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5592] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5599] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5606] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5613] OBJ_id_GostR3410_94_a */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5620] OBJ_id_GostR3410_94_aBis */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5627] OBJ_id_GostR3410_94_b */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5634] OBJ_id_GostR3410_94_bBis */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5641] OBJ_id_Gost28147_89_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5649] OBJ_id_GostR3410_94_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5657] OBJ_id_GostR3410_2001_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5665] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5673] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5681] OBJ_id_GostR3410_2001_ParamSet_cc */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5689] OBJ_LocalKeySet */ +0x55,0x1D,0x2E, /* [5698] OBJ_freshest_crl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5701] OBJ_id_on_permanentIdentifier */ +0x55,0x04,0x0E, /* [5709] OBJ_searchGuide */ +0x55,0x04,0x0F, /* [5712] OBJ_businessCategory */ +0x55,0x04,0x10, /* [5715] OBJ_postalAddress */ +0x55,0x04,0x12, /* [5718] OBJ_postOfficeBox */ +0x55,0x04,0x13, /* [5721] OBJ_physicalDeliveryOfficeName */ +0x55,0x04,0x14, /* [5724] OBJ_telephoneNumber */ +0x55,0x04,0x15, /* [5727] OBJ_telexNumber */ +0x55,0x04,0x16, /* [5730] OBJ_teletexTerminalIdentifier */ +0x55,0x04,0x17, /* [5733] OBJ_facsimileTelephoneNumber */ +0x55,0x04,0x18, /* [5736] OBJ_x121Address */ +0x55,0x04,0x19, /* [5739] OBJ_internationaliSDNNumber */ +0x55,0x04,0x1A, /* [5742] OBJ_registeredAddress */ +0x55,0x04,0x1B, /* [5745] OBJ_destinationIndicator */ +0x55,0x04,0x1C, /* [5748] OBJ_preferredDeliveryMethod */ +0x55,0x04,0x1D, /* [5751] OBJ_presentationAddress */ +0x55,0x04,0x1E, /* [5754] OBJ_supportedApplicationContext */ +0x55,0x04,0x1F, /* [5757] OBJ_member */ +0x55,0x04,0x20, /* [5760] OBJ_owner */ +0x55,0x04,0x21, /* [5763] OBJ_roleOccupant */ +0x55,0x04,0x22, /* [5766] OBJ_seeAlso */ +0x55,0x04,0x23, /* [5769] OBJ_userPassword */ +0x55,0x04,0x24, /* [5772] OBJ_userCertificate */ +0x55,0x04,0x25, /* [5775] OBJ_cACertificate */ +0x55,0x04,0x26, /* [5778] OBJ_authorityRevocationList */ +0x55,0x04,0x27, /* [5781] OBJ_certificateRevocationList */ +0x55,0x04,0x28, /* [5784] OBJ_crossCertificatePair */ +0x55,0x04,0x2F, /* [5787] OBJ_enhancedSearchGuide */ +0x55,0x04,0x30, /* [5790] OBJ_protocolInformation */ +0x55,0x04,0x31, /* [5793] OBJ_distinguishedName */ +0x55,0x04,0x32, /* [5796] OBJ_uniqueMember */ +0x55,0x04,0x33, /* [5799] OBJ_houseIdentifier */ +0x55,0x04,0x34, /* [5802] OBJ_supportedAlgorithms */ +0x55,0x04,0x35, /* [5805] OBJ_deltaRevocationList */ +0x55,0x04,0x36, /* [5808] OBJ_dmdName */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5811] OBJ_id_alg_PWRI_KEK */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5822] OBJ_aes_128_gcm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5831] OBJ_aes_128_ccm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5840] OBJ_id_aes128_wrap_pad */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5849] OBJ_aes_192_gcm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5858] OBJ_aes_192_ccm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5867] OBJ_id_aes192_wrap_pad */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5876] OBJ_aes_256_gcm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5885] OBJ_aes_256_ccm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5894] OBJ_id_aes256_wrap_pad */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5903] OBJ_id_camellia128_wrap */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5914] OBJ_id_camellia192_wrap */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5925] OBJ_id_camellia256_wrap */ +0x55,0x1D,0x25,0x00, /* [5936] OBJ_anyExtendedKeyUsage */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5940] OBJ_mgf1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5949] OBJ_rsassaPss */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5958] OBJ_rsaesOaep */ +0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5967] OBJ_dhpublicnumber */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5974] OBJ_brainpoolP160r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5983] OBJ_brainpoolP160t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [5992] OBJ_brainpoolP192r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6001] OBJ_brainpoolP192t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6010] OBJ_brainpoolP224r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6019] OBJ_brainpoolP224t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6028] OBJ_brainpoolP256r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6037] OBJ_brainpoolP256t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6046] OBJ_brainpoolP320r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6055] OBJ_brainpoolP320t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6064] OBJ_brainpoolP384r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6073] OBJ_brainpoolP384t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6082] OBJ_brainpoolP512r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6091] OBJ_brainpoolP512t1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6100] OBJ_pSpecified */ +0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6109] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6118] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6124] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6130] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6136] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ +0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6142] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6151] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6157] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6163] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6169] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ }; static const ASN1_OBJECT kObjects[NUM_NID]={ @@ -1110,880 +1109,880 @@ static const ASN1_OBJECT kObjects[NUM_NID]={ {"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0}, {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, -{"RLE","run length compression",NID_rle_compression,6,&(lvalues[616]),0}, -{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[622]),0}, +{NULL,NULL,NID_undef,0,NULL,0}, +{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[616]),0}, {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, - &(lvalues[633]),0}, -{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[636]),0}, -{"id-kp","id-kp",NID_id_kp,7,&(lvalues[642]),0}, + &(lvalues[627]),0}, +{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[630]),0}, +{"id-kp","id-kp",NID_id_kp,7,&(lvalues[636]),0}, {"serverAuth","TLS Web Server Authentication",NID_server_auth,8, - &(lvalues[649]),0}, + &(lvalues[643]),0}, {"clientAuth","TLS Web Client Authentication",NID_client_auth,8, - &(lvalues[657]),0}, -{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[665]),0}, + &(lvalues[651]),0}, +{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[659]),0}, {"emailProtection","E-mail Protection",NID_email_protect,8, - &(lvalues[673]),0}, -{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[681]),0}, + &(lvalues[667]),0}, +{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[675]),0}, {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, - &(lvalues[689]),0}, + &(lvalues[683]),0}, {"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, - &(lvalues[699]),0}, + &(lvalues[693]),0}, {"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, - &(lvalues[709]),0}, -{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[719]),0}, + &(lvalues[703]),0}, +{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[713]),0}, {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, - &(lvalues[729]),0}, -{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[739]),0}, + &(lvalues[723]),0}, +{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[733]),0}, {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, - &(lvalues[748]),0}, -{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[751]),0}, + &(lvalues[742]),0}, +{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[745]),0}, {"invalidityDate","Invalidity Date",NID_invalidity_date,3, - &(lvalues[754]),0}, -{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[757]),0}, + &(lvalues[748]),0}, +{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[751]),0}, {"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4", - NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[762]),0}, + NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[756]),0}, {"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4", - NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[772]),0}, + NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[766]),0}, {"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC", - NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[782]),0}, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[776]),0}, {"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC", - NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[792]),0}, + NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[786]),0}, {"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC", - NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[802]),0}, + NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[796]),0}, {"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC", - NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[812]),0}, -{"keyBag","keyBag",NID_keyBag,11,&(lvalues[822]),0}, + NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[806]),0}, +{"keyBag","keyBag",NID_keyBag,11,&(lvalues[816]),0}, {"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag, - 11,&(lvalues[833]),0}, -{"certBag","certBag",NID_certBag,11,&(lvalues[844]),0}, -{"crlBag","crlBag",NID_crlBag,11,&(lvalues[855]),0}, -{"secretBag","secretBag",NID_secretBag,11,&(lvalues[866]),0}, + 11,&(lvalues[827]),0}, +{"certBag","certBag",NID_certBag,11,&(lvalues[838]),0}, +{"crlBag","crlBag",NID_crlBag,11,&(lvalues[849]),0}, +{"secretBag","secretBag",NID_secretBag,11,&(lvalues[860]),0}, {"safeContentsBag","safeContentsBag",NID_safeContentsBag,11, - &(lvalues[877]),0}, -{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[888]),0}, -{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[897]),0}, + &(lvalues[871]),0}, +{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[882]),0}, +{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[891]),0}, {"x509Certificate","x509Certificate",NID_x509Certificate,10, - &(lvalues[906]),0}, + &(lvalues[900]),0}, {"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, - &(lvalues[916]),0}, -{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[926]),0}, -{"PBES2","PBES2",NID_pbes2,9,&(lvalues[936]),0}, -{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[945]),0}, -{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[954]),0}, -{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[962]),0}, + &(lvalues[910]),0}, +{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[920]),0}, +{"PBES2","PBES2",NID_pbes2,9,&(lvalues[930]),0}, +{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[939]),0}, +{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[948]),0}, +{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[956]),0}, {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, - &(lvalues[970]),0}, + &(lvalues[964]),0}, {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, - &(lvalues[978]),0}, + &(lvalues[972]),0}, {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, - &(lvalues[987]),0}, + &(lvalues[981]),0}, {"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9, - &(lvalues[996]),0}, + &(lvalues[990]),0}, {"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9, - &(lvalues[1005]),0}, + &(lvalues[999]),0}, {"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10, - &(lvalues[1014]),0}, -{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1024]),0}, -{"name","name",NID_name,3,&(lvalues[1033]),0}, -{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1036]),0}, -{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1039]),0}, -{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1046]),0}, + &(lvalues[1008]),0}, +{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1018]),0}, +{"name","name",NID_name,3,&(lvalues[1027]),0}, +{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1030]),0}, +{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1033]),0}, +{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1040]),0}, {"authorityInfoAccess","Authority Information Access",NID_info_access, - 8,&(lvalues[1053]),0}, -{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1061]),0}, -{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1069]),0}, -{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1077]),0}, + 8,&(lvalues[1047]),0}, +{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1055]),0}, +{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1063]),0}, +{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1071]),0}, {"ISO","iso",NID_iso,0,NULL,0}, -{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0}, -{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0}, -{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0}, -{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0}, -{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0}, -{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0}, -{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0}, -{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0}, -{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0}, -{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0}, -{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0}, -{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0}, -{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0}, -{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0}, +{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1079]),0}, +{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1080]),0}, +{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1083]),0}, +{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1088]),0}, +{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1094]),0}, +{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1102]),0}, +{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1110]),0}, +{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1119]),0}, +{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1129]),0}, +{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1139]),0}, +{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1149]),0}, +{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1159]),0}, +{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1169]),0}, +{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1179]),0}, {"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11, - &(lvalues[1195]),0}, + &(lvalues[1189]),0}, {"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11, - &(lvalues[1206]),0}, + &(lvalues[1200]),0}, {"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11, - &(lvalues[1217]),0}, + &(lvalues[1211]),0}, {"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3, - 11,&(lvalues[1228]),0}, + 11,&(lvalues[1222]),0}, {"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88", - NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0}, + NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1233]),0}, {"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97", - NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0}, + NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1244]),0}, {"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88", - NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0}, + NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1255]),0}, {"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97", - NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0}, + NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1266]),0}, {"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt, - 11,&(lvalues[1283]),0}, + 11,&(lvalues[1277]),0}, {"id-smime-ct-authData","id-smime-ct-authData", - NID_id_smime_ct_authData,11,&(lvalues[1294]),0}, + NID_id_smime_ct_authData,11,&(lvalues[1288]),0}, {"id-smime-ct-publishCert","id-smime-ct-publishCert", - NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0}, + NID_id_smime_ct_publishCert,11,&(lvalues[1299]),0}, {"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo, - 11,&(lvalues[1316]),0}, + 11,&(lvalues[1310]),0}, {"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo, - 11,&(lvalues[1327]),0}, + 11,&(lvalues[1321]),0}, {"id-smime-ct-contentInfo","id-smime-ct-contentInfo", - NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0}, + NID_id_smime_ct_contentInfo,11,&(lvalues[1332]),0}, {"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData", - NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0}, + NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1343]),0}, {"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData", - NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0}, + NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1354]),0}, {"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest", - NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0}, + NID_id_smime_aa_receiptRequest,11,&(lvalues[1365]),0}, {"id-smime-aa-securityLabel","id-smime-aa-securityLabel", - NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0}, + NID_id_smime_aa_securityLabel,11,&(lvalues[1376]),0}, {"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory", - NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0}, + NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1387]),0}, {"id-smime-aa-contentHint","id-smime-aa-contentHint", - NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0}, + NID_id_smime_aa_contentHint,11,&(lvalues[1398]),0}, {"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest", - NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0}, + NID_id_smime_aa_msgSigDigest,11,&(lvalues[1409]),0}, {"id-smime-aa-encapContentType","id-smime-aa-encapContentType", - NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0}, + NID_id_smime_aa_encapContentType,11,&(lvalues[1420]),0}, {"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier", - NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0}, + NID_id_smime_aa_contentIdentifier,11,&(lvalues[1431]),0}, {"id-smime-aa-macValue","id-smime-aa-macValue", - NID_id_smime_aa_macValue,11,&(lvalues[1448]),0}, + NID_id_smime_aa_macValue,11,&(lvalues[1442]),0}, {"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels", - NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0}, + NID_id_smime_aa_equivalentLabels,11,&(lvalues[1453]),0}, {"id-smime-aa-contentReference","id-smime-aa-contentReference", - NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0}, + NID_id_smime_aa_contentReference,11,&(lvalues[1464]),0}, {"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref", - NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0}, + NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1475]),0}, {"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate", - NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0}, + NID_id_smime_aa_signingCertificate,11,&(lvalues[1486]),0}, {"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts", - NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0}, + NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1497]),0}, {"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken", - NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0}, + NID_id_smime_aa_timeStampToken,11,&(lvalues[1508]),0}, {"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId", - NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0}, + NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1519]),0}, {"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType", - NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0}, + NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1530]),0}, {"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation", - NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0}, + NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1541]),0}, {"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr", - NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0}, + NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1552]),0}, {"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert", - NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0}, + NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1563]),0}, {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", - NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0}, + NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1574]),0}, {"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs", - NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0}, + NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1585]),0}, {"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs", - NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0}, + NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1596]),0}, {"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues", - NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0}, + NID_id_smime_aa_ets_certValues,11,&(lvalues[1607]),0}, {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", - NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0}, + NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1618]),0}, {"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp", - NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0}, + NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1629]),0}, {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", - NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0}, + NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1640]),0}, {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", - NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0}, + NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1651]),0}, {"id-smime-aa-signatureType","id-smime-aa-signatureType", - NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0}, + NID_id_smime_aa_signatureType,11,&(lvalues[1662]),0}, {"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc", - NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0}, + NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1673]),0}, {"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES", - NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0}, + NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1684]),0}, {"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2", - NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0}, + NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1695]),0}, {"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap", - NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0}, + NID_id_smime_alg_3DESwrap,11,&(lvalues[1706]),0}, {"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap", - NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0}, + NID_id_smime_alg_RC2wrap,11,&(lvalues[1717]),0}, {"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11, - &(lvalues[1734]),0}, + &(lvalues[1728]),0}, {"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap", - NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0}, + NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1739]),0}, {"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap", - NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0}, + NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1750]),0}, {"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11, - &(lvalues[1767]),0}, + &(lvalues[1761]),0}, {"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri", - NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0}, + NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1772]),0}, {"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice", - NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0}, + NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1783]),0}, {"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin", - NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0}, + NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1794]),0}, {"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt", - NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0}, + NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1805]),0}, {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", - NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0}, + NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1816]),0}, {"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender", - NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0}, + NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1827]),0}, {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", - NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0}, + NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1838]),0}, {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", - NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0}, -{"MD4","md4",NID_md4,8,&(lvalues[1866]),0}, -{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0}, -{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0}, -{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0}, -{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0}, -{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0}, -{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0}, -{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0}, -{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0}, -{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0}, -{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0}, -{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0}, + NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1849]),0}, +{"MD4","md4",NID_md4,8,&(lvalues[1860]),0}, +{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1868]),0}, +{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1875]),0}, +{"id-it","id-it",NID_id_it,7,&(lvalues[1882]),0}, +{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1889]),0}, +{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1896]),0}, +{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1903]),0}, +{"id-on","id-on",NID_id_on,7,&(lvalues[1910]),0}, +{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1917]),0}, +{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1924]),0}, +{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1931]),0}, +{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1938]),0}, {"id-pkix1-explicit-88","id-pkix1-explicit-88", - NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0}, + NID_id_pkix1_explicit_88,8,&(lvalues[1945]),0}, {"id-pkix1-implicit-88","id-pkix1-implicit-88", - NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0}, + NID_id_pkix1_implicit_88,8,&(lvalues[1953]),0}, {"id-pkix1-explicit-93","id-pkix1-explicit-93", - NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0}, + NID_id_pkix1_explicit_93,8,&(lvalues[1961]),0}, {"id-pkix1-implicit-93","id-pkix1-implicit-93", - NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0}, -{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0}, -{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0}, + NID_id_pkix1_implicit_93,8,&(lvalues[1969]),0}, +{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1977]),0}, +{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1985]),0}, {"id-mod-kea-profile-88","id-mod-kea-profile-88", - NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0}, + NID_id_mod_kea_profile_88,8,&(lvalues[1993]),0}, {"id-mod-kea-profile-93","id-mod-kea-profile-93", - NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0}, -{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0}, + NID_id_mod_kea_profile_93,8,&(lvalues[2001]),0}, +{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2009]),0}, {"id-mod-qualified-cert-88","id-mod-qualified-cert-88", - NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0}, + NID_id_mod_qualified_cert_88,8,&(lvalues[2017]),0}, {"id-mod-qualified-cert-93","id-mod-qualified-cert-93", - NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0}, + NID_id_mod_qualified_cert_93,8,&(lvalues[2025]),0}, {"id-mod-attribute-cert","id-mod-attribute-cert", - NID_id_mod_attribute_cert,8,&(lvalues[2039]),0}, + NID_id_mod_attribute_cert,8,&(lvalues[2033]),0}, {"id-mod-timestamp-protocol","id-mod-timestamp-protocol", - NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0}, -{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0}, -{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0}, + NID_id_mod_timestamp_protocol,8,&(lvalues[2041]),0}, +{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2049]),0}, +{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2057]),0}, {"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8, - &(lvalues[2071]),0}, -{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0}, -{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0}, + &(lvalues[2065]),0}, +{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2073]),0}, +{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2081]),0}, {"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8, - &(lvalues[2095]),0}, -{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0}, -{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0}, + &(lvalues[2089]),0}, +{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2097]),0}, +{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2105]),0}, {"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, - &(lvalues[2119]),0}, + &(lvalues[2113]),0}, {"sbgp-autonomousSysNum","sbgp-autonomousSysNum", - NID_sbgp_autonomousSysNum,8,&(lvalues[2127]),0}, + NID_sbgp_autonomousSysNum,8,&(lvalues[2121]),0}, {"sbgp-routerIdentifier","sbgp-routerIdentifier", - NID_sbgp_routerIdentifier,8,&(lvalues[2135]),0}, -{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0}, + NID_sbgp_routerIdentifier,8,&(lvalues[2129]),0}, +{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2137]),0}, {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, - &(lvalues[2151]),0}, -{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0}, -{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0}, -{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0}, + &(lvalues[2145]),0}, +{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2153]),0}, +{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2161]),0}, +{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2169]),0}, {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, - 8,&(lvalues[2183]),0}, + 8,&(lvalues[2177]),0}, {"id-it-signKeyPairTypes","id-it-signKeyPairTypes", - NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0}, + NID_id_it_signKeyPairTypes,8,&(lvalues[2185]),0}, {"id-it-encKeyPairTypes","id-it-encKeyPairTypes", - NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0}, + NID_id_it_encKeyPairTypes,8,&(lvalues[2193]),0}, {"id-it-preferredSymmAlg","id-it-preferredSymmAlg", - NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0}, + NID_id_it_preferredSymmAlg,8,&(lvalues[2201]),0}, {"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo", - NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0}, + NID_id_it_caKeyUpdateInfo,8,&(lvalues[2209]),0}, {"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8, - &(lvalues[2223]),0}, + &(lvalues[2217]),0}, {"id-it-unsupportedOIDs","id-it-unsupportedOIDs", - NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0}, + NID_id_it_unsupportedOIDs,8,&(lvalues[2225]),0}, {"id-it-subscriptionRequest","id-it-subscriptionRequest", - NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0}, + NID_id_it_subscriptionRequest,8,&(lvalues[2233]),0}, {"id-it-subscriptionResponse","id-it-subscriptionResponse", - NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0}, + NID_id_it_subscriptionResponse,8,&(lvalues[2241]),0}, {"id-it-keyPairParamReq","id-it-keyPairParamReq", - NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0}, + NID_id_it_keyPairParamReq,8,&(lvalues[2249]),0}, {"id-it-keyPairParamRep","id-it-keyPairParamRep", - NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0}, + NID_id_it_keyPairParamRep,8,&(lvalues[2257]),0}, {"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase, - 8,&(lvalues[2271]),0}, + 8,&(lvalues[2265]),0}, {"id-it-implicitConfirm","id-it-implicitConfirm", - NID_id_it_implicitConfirm,8,&(lvalues[2279]),0}, + NID_id_it_implicitConfirm,8,&(lvalues[2273]),0}, {"id-it-confirmWaitTime","id-it-confirmWaitTime", - NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0}, + NID_id_it_confirmWaitTime,8,&(lvalues[2281]),0}, {"id-it-origPKIMessage","id-it-origPKIMessage", - NID_id_it_origPKIMessage,8,&(lvalues[2295]),0}, -{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0}, -{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0}, + NID_id_it_origPKIMessage,8,&(lvalues[2289]),0}, +{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2297]),0}, +{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2305]),0}, {"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken, - 9,&(lvalues[2319]),0}, + 9,&(lvalues[2313]),0}, {"id-regCtrl-authenticator","id-regCtrl-authenticator", - NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0}, + NID_id_regCtrl_authenticator,9,&(lvalues[2322]),0}, {"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo", - NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0}, + NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2331]),0}, {"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions", - NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0}, + NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2340]),0}, {"id-regCtrl-oldCertID","id-regCtrl-oldCertID", - NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0}, + NID_id_regCtrl_oldCertID,9,&(lvalues[2349]),0}, {"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey", - NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0}, + NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2358]),0}, {"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs", - NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0}, + NID_id_regInfo_utf8Pairs,9,&(lvalues[2367]),0}, {"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9, - &(lvalues[2382]),0}, -{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0}, + &(lvalues[2376]),0}, +{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2385]),0}, {"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8, - &(lvalues[2399]),0}, + &(lvalues[2393]),0}, {"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1", - NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0}, -{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0}, + NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2401]),0}, +{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2409]),0}, {"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8, - &(lvalues[2423]),0}, + &(lvalues[2417]),0}, {"id-cmc-identification","id-cmc-identification", - NID_id_cmc_identification,8,&(lvalues[2431]),0}, + NID_id_cmc_identification,8,&(lvalues[2425]),0}, {"id-cmc-identityProof","id-cmc-identityProof", - NID_id_cmc_identityProof,8,&(lvalues[2439]),0}, + NID_id_cmc_identityProof,8,&(lvalues[2433]),0}, {"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8, - &(lvalues[2447]),0}, + &(lvalues[2441]),0}, {"id-cmc-transactionId","id-cmc-transactionId", - NID_id_cmc_transactionId,8,&(lvalues[2455]),0}, + NID_id_cmc_transactionId,8,&(lvalues[2449]),0}, {"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8, - &(lvalues[2463]),0}, + &(lvalues[2457]),0}, {"id-cmc-recipientNonce","id-cmc-recipientNonce", - NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0}, + NID_id_cmc_recipientNonce,8,&(lvalues[2465]),0}, {"id-cmc-addExtensions","id-cmc-addExtensions", - NID_id_cmc_addExtensions,8,&(lvalues[2479]),0}, + NID_id_cmc_addExtensions,8,&(lvalues[2473]),0}, {"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP, - 8,&(lvalues[2487]),0}, + 8,&(lvalues[2481]),0}, {"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP, - 8,&(lvalues[2495]),0}, + 8,&(lvalues[2489]),0}, {"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness", - NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0}, + NID_id_cmc_lraPOPWitness,8,&(lvalues[2497]),0}, {"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8, - &(lvalues[2511]),0}, -{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0}, + &(lvalues[2505]),0}, +{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2513]),0}, {"id-cmc-revokeRequest","id-cmc-revokeRequest", - NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0}, + NID_id_cmc_revokeRequest,8,&(lvalues[2521]),0}, {"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8, - &(lvalues[2535]),0}, + &(lvalues[2529]),0}, {"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo, - 8,&(lvalues[2543]),0}, + 8,&(lvalues[2537]),0}, {"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending, - 8,&(lvalues[2551]),0}, + 8,&(lvalues[2545]),0}, {"id-cmc-popLinkRandom","id-cmc-popLinkRandom", - NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0}, + NID_id_cmc_popLinkRandom,8,&(lvalues[2553]),0}, {"id-cmc-popLinkWitness","id-cmc-popLinkWitness", - NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0}, + NID_id_cmc_popLinkWitness,8,&(lvalues[2561]),0}, {"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance", - NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0}, + NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2569]),0}, {"id-on-personalData","id-on-personalData",NID_id_on_personalData,8, - &(lvalues[2583]),0}, + &(lvalues[2577]),0}, {"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8, - &(lvalues[2591]),0}, + &(lvalues[2585]),0}, {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, - 8,&(lvalues[2599]),0}, + 8,&(lvalues[2593]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0}, +{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2601]),0}, {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", - NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0}, + NID_id_pda_countryOfCitizenship,8,&(lvalues[2609]),0}, {"id-pda-countryOfResidence","id-pda-countryOfResidence", - NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0}, + NID_id_pda_countryOfResidence,8,&(lvalues[2617]),0}, {"id-aca-authenticationInfo","id-aca-authenticationInfo", - NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0}, + NID_id_aca_authenticationInfo,8,&(lvalues[2625]),0}, {"id-aca-accessIdentity","id-aca-accessIdentity", - NID_id_aca_accessIdentity,8,&(lvalues[2639]),0}, + NID_id_aca_accessIdentity,8,&(lvalues[2633]),0}, {"id-aca-chargingIdentity","id-aca-chargingIdentity", - NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0}, -{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0}, -{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0}, + NID_id_aca_chargingIdentity,8,&(lvalues[2641]),0}, +{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2649]),0}, +{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2657]),0}, {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", - NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0}, -{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0}, + NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2665]),0}, +{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2673]),0}, {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, - &(lvalues[2687]),0}, + &(lvalues[2681]),0}, {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, - &(lvalues[2695]),0}, + &(lvalues[2689]),0}, {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, - &(lvalues[2703]),0}, -{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0}, + &(lvalues[2697]),0}, +{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2705]),0}, {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, - &(lvalues[2719]),0}, -{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0}, -{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0}, + &(lvalues[2713]),0}, +{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2722]),0}, +{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2731]),0}, {"acceptableResponses","Acceptable OCSP Responses", - NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0}, -{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0}, + NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2740]),0}, +{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2749]),0}, {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, - 9,&(lvalues[2764]),0}, + 9,&(lvalues[2758]),0}, {"serviceLocator","OCSP Service Locator", - NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0}, + NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2767]),0}, {"extendedStatus","Extended OCSP Status", - NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0}, -{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0}, -{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0}, + NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2776]),0}, +{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2785]),0}, +{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2794]),0}, {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, - &(lvalues[2809]),0}, -{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0}, -{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0}, + &(lvalues[2803]),0}, +{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2812]),0}, +{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2816]),0}, {"X500algorithms","directory services - algorithms", - NID_X500algorithms,2,&(lvalues[2827]),0}, -{"ORG","org",NID_org,1,&(lvalues[2829]),0}, -{"DOD","dod",NID_dod,2,&(lvalues[2830]),0}, -{"IANA","iana",NID_iana,3,&(lvalues[2832]),0}, -{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0}, -{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0}, -{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0}, -{"private","Private",NID_Private,4,&(lvalues[2847]),0}, -{"security","Security",NID_Security,4,&(lvalues[2851]),0}, -{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0}, -{"Mail","Mail",NID_Mail,4,&(lvalues[2859]),0}, -{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0}, -{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0}, -{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0}, -{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0}, + NID_X500algorithms,2,&(lvalues[2821]),0}, +{"ORG","org",NID_org,1,&(lvalues[2823]),0}, +{"DOD","dod",NID_dod,2,&(lvalues[2824]),0}, +{"IANA","iana",NID_iana,3,&(lvalues[2826]),0}, +{"directory","Directory",NID_Directory,4,&(lvalues[2829]),0}, +{"mgmt","Management",NID_Management,4,&(lvalues[2833]),0}, +{"experimental","Experimental",NID_Experimental,4,&(lvalues[2837]),0}, +{"private","Private",NID_Private,4,&(lvalues[2841]),0}, +{"security","Security",NID_Security,4,&(lvalues[2845]),0}, +{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2849]),0}, +{"Mail","Mail",NID_Mail,4,&(lvalues[2853]),0}, +{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2857]),0}, +{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2862]),0}, +{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2871]),0}, +{"domain","Domain",NID_Domain,10,&(lvalues[2881]),0}, {"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0}, {"selected-attribute-types","Selected Attribute Types", - NID_selected_attribute_types,3,&(lvalues[2897]),0}, -{"clearance","clearance",NID_clearance,4,&(lvalues[2900]),0}, + NID_selected_attribute_types,3,&(lvalues[2891]),0}, +{"clearance","clearance",NID_clearance,4,&(lvalues[2894]),0}, {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, - &(lvalues[2904]),0}, -{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2913]),0}, + &(lvalues[2898]),0}, +{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2907]),0}, {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, - &(lvalues[2921]),0}, + &(lvalues[2915]),0}, {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, - &(lvalues[2929]),0}, -{"role","role",NID_role,3,&(lvalues[2937]),0}, + &(lvalues[2923]),0}, +{"role","role",NID_role,3,&(lvalues[2931]),0}, {"policyConstraints","X509v3 Policy Constraints", - NID_policy_constraints,3,&(lvalues[2940]),0}, + NID_policy_constraints,3,&(lvalues[2934]),0}, {"targetInformation","X509v3 AC Targeting",NID_target_information,3, - &(lvalues[2943]),0}, + &(lvalues[2937]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, - &(lvalues[2946]),0}, + &(lvalues[2940]),0}, {"NULL","NULL",NID_ccitt,0,NULL,0}, -{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2949]),0}, -{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2954]),0}, +{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2943]),0}, +{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2948]),0}, {"characteristic-two-field","characteristic-two-field", - NID_X9_62_characteristic_two_field,7,&(lvalues[2961]),0}, + NID_X9_62_characteristic_two_field,7,&(lvalues[2955]),0}, {"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, - &(lvalues[2968]),0}, -{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2975]),0}, -{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2983]),0}, -{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2991]),0}, -{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2999]),0}, -{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3007]),0}, -{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3015]),0}, -{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3023]),0}, + &(lvalues[2962]),0}, +{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2969]),0}, +{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2977]),0}, +{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2985]),0}, +{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2993]),0}, +{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3001]),0}, +{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3009]),0}, +{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3017]),0}, {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, - &(lvalues[3031]),0}, -{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3038]),0}, -{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3047]),0}, -{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3056]),0}, -{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3065]),0}, -{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3074]),0}, -{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3083]),0}, -{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3092]),0}, -{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3101]),0}, -{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3110]),0}, -{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3119]),0}, -{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3128]),0}, -{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3137]),0}, -{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3146]),0}, + &(lvalues[3025]),0}, +{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3032]),0}, +{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3041]),0}, +{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3050]),0}, +{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3059]),0}, +{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3068]),0}, +{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3077]),0}, +{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3086]),0}, +{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3095]),0}, +{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3104]),0}, +{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3113]),0}, +{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3122]),0}, +{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3131]),0}, +{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3140]),0}, {"holdInstructionCode","Hold Instruction Code", - NID_hold_instruction_code,3,&(lvalues[3155]),0}, + NID_hold_instruction_code,3,&(lvalues[3149]),0}, {"holdInstructionNone","Hold Instruction None", - NID_hold_instruction_none,7,&(lvalues[3158]),0}, + NID_hold_instruction_none,7,&(lvalues[3152]),0}, {"holdInstructionCallIssuer","Hold Instruction Call Issuer", - NID_hold_instruction_call_issuer,7,&(lvalues[3165]),0}, + NID_hold_instruction_call_issuer,7,&(lvalues[3159]),0}, {"holdInstructionReject","Hold Instruction Reject", - NID_hold_instruction_reject,7,&(lvalues[3172]),0}, -{"data","data",NID_data,1,&(lvalues[3179]),0}, -{"pss","pss",NID_pss,3,&(lvalues[3180]),0}, -{"ucl","ucl",NID_ucl,7,&(lvalues[3183]),0}, -{"pilot","pilot",NID_pilot,8,&(lvalues[3190]),0}, + NID_hold_instruction_reject,7,&(lvalues[3166]),0}, +{"data","data",NID_data,1,&(lvalues[3173]),0}, +{"pss","pss",NID_pss,3,&(lvalues[3174]),0}, +{"ucl","ucl",NID_ucl,7,&(lvalues[3177]),0}, +{"pilot","pilot",NID_pilot,8,&(lvalues[3184]),0}, {"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, - &(lvalues[3198]),0}, + &(lvalues[3192]),0}, {"pilotAttributeSyntax","pilotAttributeSyntax", - NID_pilotAttributeSyntax,9,&(lvalues[3207]),0}, + NID_pilotAttributeSyntax,9,&(lvalues[3201]),0}, {"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, - &(lvalues[3216]),0}, -{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3225]),0}, + &(lvalues[3210]),0}, +{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3219]),0}, {"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, - &(lvalues[3234]),0}, + &(lvalues[3228]),0}, {"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", - NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3244]),0}, -{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3254]),0}, -{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3264]),0}, -{"account","account",NID_account,10,&(lvalues[3274]),0}, -{"document","document",NID_document,10,&(lvalues[3284]),0}, -{"room","room",NID_room,10,&(lvalues[3294]),0}, + NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3238]),0}, +{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3248]),0}, +{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3258]),0}, +{"account","account",NID_account,10,&(lvalues[3268]),0}, +{"document","document",NID_document,10,&(lvalues[3278]),0}, +{"room","room",NID_room,10,&(lvalues[3288]),0}, {"documentSeries","documentSeries",NID_documentSeries,10, - &(lvalues[3304]),0}, + &(lvalues[3298]),0}, {"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, - &(lvalues[3314]),0}, -{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3324]),0}, + &(lvalues[3308]),0}, +{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3318]),0}, {"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, - 10,&(lvalues[3334]),0}, + 10,&(lvalues[3328]),0}, {"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, - &(lvalues[3344]),0}, + &(lvalues[3338]),0}, {"simpleSecurityObject","simpleSecurityObject", - NID_simpleSecurityObject,10,&(lvalues[3354]),0}, + NID_simpleSecurityObject,10,&(lvalues[3348]),0}, {"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, - &(lvalues[3364]),0}, -{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3374]),0}, + &(lvalues[3358]),0}, +{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3368]),0}, {"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, - 10,&(lvalues[3384]),0}, -{"UID","userId",NID_userId,10,&(lvalues[3394]),0}, + 10,&(lvalues[3378]),0}, +{"UID","userId",NID_userId,10,&(lvalues[3388]),0}, {"textEncodedORAddress","textEncodedORAddress", - NID_textEncodedORAddress,10,&(lvalues[3404]),0}, -{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3414]),0}, -{"info","info",NID_info,10,&(lvalues[3424]),0}, + NID_textEncodedORAddress,10,&(lvalues[3398]),0}, +{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3408]),0}, +{"info","info",NID_info,10,&(lvalues[3418]),0}, {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, - &(lvalues[3434]),0}, -{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3444]),0}, -{"photo","photo",NID_photo,10,&(lvalues[3454]),0}, -{"userClass","userClass",NID_userClass,10,&(lvalues[3464]),0}, -{"host","host",NID_host,10,&(lvalues[3474]),0}, -{"manager","manager",NID_manager,10,&(lvalues[3484]),0}, + &(lvalues[3428]),0}, +{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3438]),0}, +{"photo","photo",NID_photo,10,&(lvalues[3448]),0}, +{"userClass","userClass",NID_userClass,10,&(lvalues[3458]),0}, +{"host","host",NID_host,10,&(lvalues[3468]),0}, +{"manager","manager",NID_manager,10,&(lvalues[3478]),0}, {"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, - &(lvalues[3494]),0}, -{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3504]),0}, + &(lvalues[3488]),0}, +{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3498]),0}, {"documentVersion","documentVersion",NID_documentVersion,10, - &(lvalues[3514]),0}, + &(lvalues[3508]),0}, {"documentAuthor","documentAuthor",NID_documentAuthor,10, - &(lvalues[3524]),0}, + &(lvalues[3518]),0}, {"documentLocation","documentLocation",NID_documentLocation,10, - &(lvalues[3534]),0}, + &(lvalues[3528]),0}, {"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, - 10,&(lvalues[3544]),0}, -{"secretary","secretary",NID_secretary,10,&(lvalues[3554]),0}, -{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3564]),0}, + 10,&(lvalues[3538]),0}, +{"secretary","secretary",NID_secretary,10,&(lvalues[3548]),0}, +{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3558]),0}, {"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, - &(lvalues[3574]),0}, + &(lvalues[3568]),0}, {"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, - &(lvalues[3584]),0}, -{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3594]),0}, + &(lvalues[3578]),0}, +{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3588]),0}, {"pilotAttributeType27","pilotAttributeType27", - NID_pilotAttributeType27,10,&(lvalues[3604]),0}, -{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3614]),0}, -{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3624]),0}, -{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3634]),0}, -{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3644]),0}, + NID_pilotAttributeType27,10,&(lvalues[3598]),0}, +{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3608]),0}, +{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3618]),0}, +{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3628]),0}, +{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3638]),0}, {"associatedDomain","associatedDomain",NID_associatedDomain,10, - &(lvalues[3654]),0}, + &(lvalues[3648]),0}, {"associatedName","associatedName",NID_associatedName,10, - &(lvalues[3664]),0}, + &(lvalues[3658]),0}, {"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, - &(lvalues[3674]),0}, -{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3684]),0}, + &(lvalues[3668]),0}, +{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3678]),0}, {"mobileTelephoneNumber","mobileTelephoneNumber", - NID_mobileTelephoneNumber,10,&(lvalues[3694]),0}, + NID_mobileTelephoneNumber,10,&(lvalues[3688]),0}, {"pagerTelephoneNumber","pagerTelephoneNumber", - NID_pagerTelephoneNumber,10,&(lvalues[3704]),0}, + NID_pagerTelephoneNumber,10,&(lvalues[3698]),0}, {"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, - 10,&(lvalues[3714]),0}, + 10,&(lvalues[3708]),0}, {"organizationalStatus","organizationalStatus", - NID_organizationalStatus,10,&(lvalues[3724]),0}, -{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3734]),0}, + NID_organizationalStatus,10,&(lvalues[3718]),0}, +{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3728]),0}, {"mailPreferenceOption","mailPreferenceOption", - NID_mailPreferenceOption,10,&(lvalues[3744]),0}, -{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3754]),0}, -{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3764]),0}, + NID_mailPreferenceOption,10,&(lvalues[3738]),0}, +{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3748]),0}, +{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3758]),0}, {"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, - &(lvalues[3774]),0}, + &(lvalues[3768]),0}, {"subtreeMinimumQuality","subtreeMinimumQuality", - NID_subtreeMinimumQuality,10,&(lvalues[3784]),0}, + NID_subtreeMinimumQuality,10,&(lvalues[3778]),0}, {"subtreeMaximumQuality","subtreeMaximumQuality", - NID_subtreeMaximumQuality,10,&(lvalues[3794]),0}, + NID_subtreeMaximumQuality,10,&(lvalues[3788]),0}, {"personalSignature","personalSignature",NID_personalSignature,10, - &(lvalues[3804]),0}, -{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3814]),0}, -{"audio","audio",NID_audio,10,&(lvalues[3824]),0}, + &(lvalues[3798]),0}, +{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3808]),0}, +{"audio","audio",NID_audio,10,&(lvalues[3818]),0}, {"documentPublisher","documentPublisher",NID_documentPublisher,10, - &(lvalues[3834]),0}, + &(lvalues[3828]),0}, {"x500UniqueIdentifier","x500UniqueIdentifier", - NID_x500UniqueIdentifier,3,&(lvalues[3844]),0}, -{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3847]),0}, + NID_x500UniqueIdentifier,3,&(lvalues[3838]),0}, +{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3841]),0}, {"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6, - &(lvalues[3852]),0}, + &(lvalues[3846]),0}, {"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6, - &(lvalues[3858]),0}, + &(lvalues[3852]),0}, {"id-hex-partial-message","id-hex-partial-message", - NID_id_hex_partial_message,7,&(lvalues[3864]),0}, + NID_id_hex_partial_message,7,&(lvalues[3858]),0}, {"id-hex-multipart-message","id-hex-multipart-message", - NID_id_hex_multipart_message,7,&(lvalues[3871]),0}, + NID_id_hex_multipart_message,7,&(lvalues[3865]),0}, {"generationQualifier","generationQualifier",NID_generationQualifier, - 3,&(lvalues[3878]),0}, -{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3881]),0}, + 3,&(lvalues[3872]),0}, +{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3875]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {"id-set","Secure Electronic Transactions",NID_id_set,2, - &(lvalues[3884]),0}, -{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3886]),0}, -{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3889]),0}, -{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3892]),0}, -{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3895]),0}, + &(lvalues[3878]),0}, +{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3880]),0}, +{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3883]),0}, +{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3886]),0}, +{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3889]),0}, {"set-certExt","certificate extensions",NID_set_certExt,3, - &(lvalues[3898]),0}, -{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3901]),0}, -{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3904]),0}, + &(lvalues[3892]),0}, +{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3895]),0}, +{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3898]),0}, {"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, - &(lvalues[3908]),0}, -{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3912]),0}, -{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3916]),0}, -{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3920]),0}, -{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3924]),0}, + &(lvalues[3902]),0}, +{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3906]),0}, +{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3910]),0}, +{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3914]),0}, +{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3918]),0}, {"setct-PIDataUnsigned","setct-PIDataUnsigned", - NID_setct_PIDataUnsigned,4,&(lvalues[3928]),0}, + NID_setct_PIDataUnsigned,4,&(lvalues[3922]),0}, {"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, - &(lvalues[3932]),0}, + &(lvalues[3926]),0}, {"setct-AuthResBaggage","setct-AuthResBaggage", - NID_setct_AuthResBaggage,4,&(lvalues[3936]),0}, + NID_setct_AuthResBaggage,4,&(lvalues[3930]),0}, {"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", - NID_setct_AuthRevReqBaggage,4,&(lvalues[3940]),0}, + NID_setct_AuthRevReqBaggage,4,&(lvalues[3934]),0}, {"setct-AuthRevResBaggage","setct-AuthRevResBaggage", - NID_setct_AuthRevResBaggage,4,&(lvalues[3944]),0}, + NID_setct_AuthRevResBaggage,4,&(lvalues[3938]),0}, {"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, - &(lvalues[3948]),0}, + &(lvalues[3942]),0}, {"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, - &(lvalues[3952]),0}, -{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3956]),0}, + &(lvalues[3946]),0}, +{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3950]),0}, {"setct-PResData","setct-PResData",NID_setct_PResData,4, - &(lvalues[3960]),0}, + &(lvalues[3954]),0}, {"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, - &(lvalues[3964]),0}, + &(lvalues[3958]),0}, {"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, - &(lvalues[3968]),0}, + &(lvalues[3962]),0}, {"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, - &(lvalues[3972]),0}, + &(lvalues[3966]),0}, {"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, - &(lvalues[3976]),0}, + &(lvalues[3970]),0}, {"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, - &(lvalues[3980]),0}, + &(lvalues[3974]),0}, {"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, - &(lvalues[3984]),0}, + &(lvalues[3978]),0}, {"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", - NID_setct_AcqCardCodeMsg,4,&(lvalues[3988]),0}, + NID_setct_AcqCardCodeMsg,4,&(lvalues[3982]),0}, {"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, - 4,&(lvalues[3992]),0}, + 4,&(lvalues[3986]),0}, {"setct-AuthRevResData","setct-AuthRevResData", - NID_setct_AuthRevResData,4,&(lvalues[3996]),0}, + NID_setct_AuthRevResData,4,&(lvalues[3990]),0}, {"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, - 4,&(lvalues[4000]),0}, + 4,&(lvalues[3994]),0}, {"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, - &(lvalues[4004]),0}, + &(lvalues[3998]),0}, {"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, - &(lvalues[4008]),0}, + &(lvalues[4002]),0}, {"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, - &(lvalues[4012]),0}, + &(lvalues[4006]),0}, {"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, - &(lvalues[4016]),0}, + &(lvalues[4010]),0}, {"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, - 4,&(lvalues[4020]),0}, + 4,&(lvalues[4014]),0}, {"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, - 4,&(lvalues[4024]),0}, + 4,&(lvalues[4018]),0}, {"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, - &(lvalues[4028]),0}, + &(lvalues[4022]),0}, {"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, - &(lvalues[4032]),0}, + &(lvalues[4026]),0}, {"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, - &(lvalues[4036]),0}, + &(lvalues[4030]),0}, {"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, - 4,&(lvalues[4040]),0}, + 4,&(lvalues[4034]),0}, {"setct-CredRevReqTBSX","setct-CredRevReqTBSX", - NID_setct_CredRevReqTBSX,4,&(lvalues[4044]),0}, + NID_setct_CredRevReqTBSX,4,&(lvalues[4038]),0}, {"setct-CredRevResData","setct-CredRevResData", - NID_setct_CredRevResData,4,&(lvalues[4048]),0}, + NID_setct_CredRevResData,4,&(lvalues[4042]),0}, {"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, - &(lvalues[4052]),0}, + &(lvalues[4046]),0}, {"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, - &(lvalues[4056]),0}, + &(lvalues[4050]),0}, {"setct-BatchAdminReqData","setct-BatchAdminReqData", - NID_setct_BatchAdminReqData,4,&(lvalues[4060]),0}, + NID_setct_BatchAdminReqData,4,&(lvalues[4054]),0}, {"setct-BatchAdminResData","setct-BatchAdminResData", - NID_setct_BatchAdminResData,4,&(lvalues[4064]),0}, + NID_setct_BatchAdminResData,4,&(lvalues[4058]),0}, {"setct-CardCInitResTBS","setct-CardCInitResTBS", - NID_setct_CardCInitResTBS,4,&(lvalues[4068]),0}, + NID_setct_CardCInitResTBS,4,&(lvalues[4062]),0}, {"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", - NID_setct_MeAqCInitResTBS,4,&(lvalues[4072]),0}, + NID_setct_MeAqCInitResTBS,4,&(lvalues[4066]),0}, {"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, - 4,&(lvalues[4076]),0}, + 4,&(lvalues[4070]),0}, {"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, - &(lvalues[4080]),0}, + &(lvalues[4074]),0}, {"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, - &(lvalues[4084]),0}, + &(lvalues[4078]),0}, {"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, - &(lvalues[4088]),0}, + &(lvalues[4082]),0}, {"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, - 4,&(lvalues[4092]),0}, + 4,&(lvalues[4086]),0}, {"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, - &(lvalues[4096]),0}, + &(lvalues[4090]),0}, {"setct-PIDualSignedTBE","setct-PIDualSignedTBE", - NID_setct_PIDualSignedTBE,4,&(lvalues[4100]),0}, + NID_setct_PIDualSignedTBE,4,&(lvalues[4094]),0}, {"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, - 4,&(lvalues[4104]),0}, + 4,&(lvalues[4098]),0}, {"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, - &(lvalues[4108]),0}, + &(lvalues[4102]),0}, {"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, - &(lvalues[4112]),0}, + &(lvalues[4106]),0}, {"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, - &(lvalues[4116]),0}, + &(lvalues[4110]),0}, {"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, - &(lvalues[4120]),0}, + &(lvalues[4114]),0}, {"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, - &(lvalues[4124]),0}, + &(lvalues[4118]),0}, {"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, - &(lvalues[4128]),0}, + &(lvalues[4122]),0}, {"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", - NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4132]),0}, + NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4126]),0}, {"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, - 4,&(lvalues[4136]),0}, + 4,&(lvalues[4130]),0}, {"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, - 4,&(lvalues[4140]),0}, + 4,&(lvalues[4134]),0}, {"setct-AuthRevResTBEB","setct-AuthRevResTBEB", - NID_setct_AuthRevResTBEB,4,&(lvalues[4144]),0}, + NID_setct_AuthRevResTBEB,4,&(lvalues[4138]),0}, {"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, - &(lvalues[4148]),0}, + &(lvalues[4142]),0}, {"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, - &(lvalues[4152]),0}, + &(lvalues[4146]),0}, {"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, - &(lvalues[4156]),0}, + &(lvalues[4150]),0}, {"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, - &(lvalues[4160]),0}, + &(lvalues[4154]),0}, {"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, - 4,&(lvalues[4164]),0}, + 4,&(lvalues[4158]),0}, {"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, - &(lvalues[4168]),0}, + &(lvalues[4162]),0}, {"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, - &(lvalues[4172]),0}, + &(lvalues[4166]),0}, {"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, - &(lvalues[4176]),0}, + &(lvalues[4170]),0}, {"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, - &(lvalues[4180]),0}, + &(lvalues[4174]),0}, {"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, - 4,&(lvalues[4184]),0}, + 4,&(lvalues[4178]),0}, {"setct-CredRevReqTBEX","setct-CredRevReqTBEX", - NID_setct_CredRevReqTBEX,4,&(lvalues[4188]),0}, + NID_setct_CredRevReqTBEX,4,&(lvalues[4182]),0}, {"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, - 4,&(lvalues[4192]),0}, + 4,&(lvalues[4186]),0}, {"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", - NID_setct_BatchAdminReqTBE,4,&(lvalues[4196]),0}, + NID_setct_BatchAdminReqTBE,4,&(lvalues[4190]),0}, {"setct-BatchAdminResTBE","setct-BatchAdminResTBE", - NID_setct_BatchAdminResTBE,4,&(lvalues[4200]),0}, + NID_setct_BatchAdminResTBE,4,&(lvalues[4194]),0}, {"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, - 4,&(lvalues[4204]),0}, + 4,&(lvalues[4198]),0}, {"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, - &(lvalues[4208]),0}, + &(lvalues[4202]),0}, {"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, - &(lvalues[4212]),0}, + &(lvalues[4206]),0}, {"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, - &(lvalues[4216]),0}, + &(lvalues[4210]),0}, {"setct-CRLNotificationTBS","setct-CRLNotificationTBS", - NID_setct_CRLNotificationTBS,4,&(lvalues[4220]),0}, + NID_setct_CRLNotificationTBS,4,&(lvalues[4214]),0}, {"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", - NID_setct_CRLNotificationResTBS,4,&(lvalues[4224]),0}, + NID_setct_CRLNotificationResTBS,4,&(lvalues[4218]),0}, {"setct-BCIDistributionTBS","setct-BCIDistributionTBS", - NID_setct_BCIDistributionTBS,4,&(lvalues[4228]),0}, + NID_setct_BCIDistributionTBS,4,&(lvalues[4222]),0}, {"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, - &(lvalues[4232]),0}, + &(lvalues[4226]),0}, {"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, - &(lvalues[4236]),0}, + &(lvalues[4230]),0}, {"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, - &(lvalues[4240]),0}, -{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4244]),0}, -{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4248]),0}, + &(lvalues[4234]),0}, +{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4238]),0}, +{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4242]),0}, {"setext-cv","additional verification",NID_setext_cv,4, - &(lvalues[4252]),0}, + &(lvalues[4246]),0}, {"set-policy-root","set-policy-root",NID_set_policy_root,4, - &(lvalues[4256]),0}, + &(lvalues[4250]),0}, {"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, - &(lvalues[4260]),0}, + &(lvalues[4254]),0}, {"setCext-certType","setCext-certType",NID_setCext_certType,4, - &(lvalues[4264]),0}, + &(lvalues[4258]),0}, {"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, - &(lvalues[4268]),0}, + &(lvalues[4262]),0}, {"setCext-cCertRequired","setCext-cCertRequired", - NID_setCext_cCertRequired,4,&(lvalues[4272]),0}, + NID_setCext_cCertRequired,4,&(lvalues[4266]),0}, {"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, - &(lvalues[4276]),0}, + &(lvalues[4270]),0}, {"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, - &(lvalues[4280]),0}, + &(lvalues[4274]),0}, {"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, - &(lvalues[4284]),0}, + &(lvalues[4278]),0}, {"setCext-PGWYcapabilities","setCext-PGWYcapabilities", - NID_setCext_PGWYcapabilities,4,&(lvalues[4288]),0}, + NID_setCext_PGWYcapabilities,4,&(lvalues[4282]),0}, {"setCext-TokenIdentifier","setCext-TokenIdentifier", - NID_setCext_TokenIdentifier,4,&(lvalues[4292]),0}, + NID_setCext_TokenIdentifier,4,&(lvalues[4286]),0}, {"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, - &(lvalues[4296]),0}, + &(lvalues[4290]),0}, {"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, - &(lvalues[4300]),0}, + &(lvalues[4294]),0}, {"setCext-IssuerCapabilities","setCext-IssuerCapabilities", - NID_setCext_IssuerCapabilities,4,&(lvalues[4304]),0}, -{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4308]),0}, + NID_setCext_IssuerCapabilities,4,&(lvalues[4298]),0}, +{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4302]),0}, {"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, - 4,&(lvalues[4312]),0}, + 4,&(lvalues[4306]),0}, {"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, - &(lvalues[4316]),0}, + &(lvalues[4310]),0}, {"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, - &(lvalues[4320]),0}, + &(lvalues[4314]),0}, {"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, - &(lvalues[4324]),0}, -{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4329]),0}, + &(lvalues[4318]),0}, +{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4323]),0}, {"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, - &(lvalues[4334]),0}, + &(lvalues[4328]),0}, {"setAttr-Token-B0Prime","setAttr-Token-B0Prime", - NID_setAttr_Token_B0Prime,5,&(lvalues[4339]),0}, + NID_setAttr_Token_B0Prime,5,&(lvalues[4333]),0}, {"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, - &(lvalues[4344]),0}, + &(lvalues[4338]),0}, {"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, - &(lvalues[4349]),0}, + &(lvalues[4343]),0}, {"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, - &(lvalues[4354]),0}, + &(lvalues[4348]),0}, {"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, - 6,&(lvalues[4359]),0}, + 6,&(lvalues[4353]),0}, {"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, - &(lvalues[4365]),0}, + &(lvalues[4359]),0}, {"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, - &(lvalues[4371]),0}, + &(lvalues[4365]),0}, {"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, - &(lvalues[4377]),0}, + &(lvalues[4371]),0}, {"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, - 6,&(lvalues[4383]),0}, + 6,&(lvalues[4377]),0}, {"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, - &(lvalues[4389]),0}, + &(lvalues[4383]),0}, {"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, - &(lvalues[4393]),0}, + &(lvalues[4387]),0}, {"set-brand-AmericanExpress","set-brand-AmericanExpress", - NID_set_brand_AmericanExpress,4,&(lvalues[4397]),0}, -{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4401]),0}, + NID_set_brand_AmericanExpress,4,&(lvalues[4391]),0}, +{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4395]),0}, {"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, - &(lvalues[4405]),0}, + &(lvalues[4399]),0}, {"set-brand-MasterCard","set-brand-MasterCard", - NID_set_brand_MasterCard,4,&(lvalues[4409]),0}, + NID_set_brand_MasterCard,4,&(lvalues[4403]),0}, {"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, - &(lvalues[4413]),0}, -{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4418]),0}, + &(lvalues[4407]),0}, +{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4412]),0}, {"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", - NID_rsaOAEPEncryptionSET,9,&(lvalues[4426]),0}, + NID_rsaOAEPEncryptionSET,9,&(lvalues[4420]),0}, {"ITU-T","itu-t",NID_itu_t,0,NULL,0}, {"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0}, {"international-organizations","International Organizations", - NID_international_organizations,1,&(lvalues[4435]),0}, + NID_international_organizations,1,&(lvalues[4429]),0}, {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, - 10,&(lvalues[4436]),0}, + 10,&(lvalues[4430]),0}, {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, - &(lvalues[4446]),0}, + &(lvalues[4440]),0}, {"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, {"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, {"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, @@ -1994,138 +1993,138 @@ static const ASN1_OBJECT kObjects[NUM_NID]={ {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, -{"street","streetAddress",NID_streetAddress,3,&(lvalues[4456]),0}, -{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4459]),0}, -{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4462]),0}, +{"street","streetAddress",NID_streetAddress,3,&(lvalues[4450]),0}, +{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4453]),0}, +{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4456]),0}, {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, - &(lvalues[4469]),0}, + &(lvalues[4463]),0}, {"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, - &(lvalues[4477]),0}, + &(lvalues[4471]),0}, {"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, - &(lvalues[4485]),0}, + &(lvalues[4479]),0}, {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, - &(lvalues[4493]),0}, -{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4496]),0}, + &(lvalues[4487]),0}, +{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4490]),0}, {"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9, - &(lvalues[4504]),0}, + &(lvalues[4498]),0}, {"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9, - &(lvalues[4513]),0}, + &(lvalues[4507]),0}, {"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9, - &(lvalues[4522]),0}, + &(lvalues[4516]),0}, {"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9, - &(lvalues[4531]),0}, -{"SHA256","sha256",NID_sha256,9,&(lvalues[4540]),0}, -{"SHA384","sha384",NID_sha384,9,&(lvalues[4549]),0}, -{"SHA512","sha512",NID_sha512,9,&(lvalues[4558]),0}, -{"SHA224","sha224",NID_sha224,9,&(lvalues[4567]),0}, + &(lvalues[4525]),0}, +{"SHA256","sha256",NID_sha256,9,&(lvalues[4534]),0}, +{"SHA384","sha384",NID_sha384,9,&(lvalues[4543]),0}, +{"SHA512","sha512",NID_sha512,9,&(lvalues[4552]),0}, +{"SHA224","sha224",NID_sha224,9,&(lvalues[4561]),0}, {"identified-organization","identified-organization", - NID_identified_organization,1,&(lvalues[4576]),0}, -{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4577]),0}, -{"wap","wap",NID_wap,2,&(lvalues[4580]),0}, -{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4582]),0}, + NID_identified_organization,1,&(lvalues[4570]),0}, +{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4571]),0}, +{"wap","wap",NID_wap,2,&(lvalues[4574]),0}, +{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4576]),0}, {"id-characteristic-two-basis","id-characteristic-two-basis", - NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4585]),0}, -{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4593]),0}, -{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4602]),0}, -{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4611]),0}, -{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4620]),0}, -{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4628]),0}, -{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4636]),0}, -{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4644]),0}, -{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4652]),0}, -{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4660]),0}, -{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4668]),0}, -{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4676]),0}, -{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4684]),0}, -{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4692]),0}, -{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4700]),0}, -{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4708]),0}, -{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4716]),0}, -{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4724]),0}, -{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4732]),0}, -{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4740]),0}, -{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4748]),0}, -{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4756]),0}, -{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4764]),0}, -{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4772]),0}, -{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4780]),0}, -{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4785]),0}, -{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4790]),0}, -{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4795]),0}, -{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4800]),0}, -{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4805]),0}, -{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4810]),0}, -{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4815]),0}, -{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4820]),0}, -{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4825]),0}, -{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4830]),0}, -{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4835]),0}, -{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4840]),0}, -{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4845]),0}, -{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4850]),0}, -{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4855]),0}, -{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4860]),0}, -{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4865]),0}, -{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4870]),0}, -{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4875]),0}, -{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4880]),0}, -{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4885]),0}, -{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4890]),0}, -{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4895]),0}, -{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4900]),0}, -{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4905]),0}, -{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4910]),0}, -{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4915]),0}, -{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4920]),0}, -{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4925]),0}, -{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4930]),0}, + NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4579]),0}, +{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4587]),0}, +{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4596]),0}, +{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4605]),0}, +{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4614]),0}, +{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4622]),0}, +{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4630]),0}, +{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4638]),0}, +{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4646]),0}, +{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4654]),0}, +{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4662]),0}, +{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4670]),0}, +{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4678]),0}, +{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4686]),0}, +{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4694]),0}, +{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4702]),0}, +{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4710]),0}, +{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4718]),0}, +{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4726]),0}, +{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4734]),0}, +{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4742]),0}, +{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4750]),0}, +{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4758]),0}, +{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4766]),0}, +{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4774]),0}, +{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4779]),0}, +{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4784]),0}, +{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4789]),0}, +{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4794]),0}, +{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4799]),0}, +{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4804]),0}, +{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4809]),0}, +{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4814]),0}, +{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4819]),0}, +{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4824]),0}, +{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4829]),0}, +{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4834]),0}, +{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4839]),0}, +{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4844]),0}, +{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4849]),0}, +{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4854]),0}, +{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4859]),0}, +{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4864]),0}, +{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4869]),0}, +{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4874]),0}, +{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4879]),0}, +{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4884]),0}, +{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4889]),0}, +{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4894]),0}, +{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4899]),0}, +{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4904]),0}, +{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4909]),0}, +{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4914]),0}, +{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4919]),0}, +{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4924]),0}, {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", - NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4935]),0}, + NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4929]),0}, {"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3", - NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4940]),0}, + NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4934]),0}, {"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4", - NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4945]),0}, + NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4939]),0}, {"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5", - NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4950]),0}, + NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4944]),0}, {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", - NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4955]),0}, + NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4949]),0}, {"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7", - NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4960]),0}, + NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4954]),0}, {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", - NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4965]),0}, + NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4959]),0}, {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", - NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4970]),0}, + NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4964]),0}, {"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10", - NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4975]),0}, + NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4969]),0}, {"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11", - NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4980]),0}, + NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4974]),0}, {"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12", - NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4985]),0}, -{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4990]),0}, + NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4979]),0}, +{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4984]),0}, {"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, - &(lvalues[4994]),0}, + &(lvalues[4988]),0}, {"inhibitAnyPolicy","X509v3 Inhibit Any Policy", - NID_inhibit_any_policy,3,&(lvalues[4997]),0}, + NID_inhibit_any_policy,3,&(lvalues[4991]),0}, {"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, {"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, {"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11, - &(lvalues[5000]),0}, + &(lvalues[4994]),0}, {"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11, - &(lvalues[5011]),0}, + &(lvalues[5005]),0}, {"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11, - &(lvalues[5022]),0}, + &(lvalues[5016]),0}, {"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8, - &(lvalues[5033]),0}, + &(lvalues[5027]),0}, {"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8, - &(lvalues[5041]),0}, + &(lvalues[5035]),0}, {"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8, - &(lvalues[5049]),0}, + &(lvalues[5043]),0}, {"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8, - &(lvalues[5057]),0}, + &(lvalues[5051]),0}, {"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8, - &(lvalues[5065]),0}, + &(lvalues[5059]),0}, {"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8, - &(lvalues[5073]),0}, + &(lvalues[5067]),0}, {"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0}, {"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0}, {"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0}, @@ -2133,284 +2132,284 @@ static const ASN1_OBJECT kObjects[NUM_NID]={ {"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0}, {"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0}, {"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8, - &(lvalues[5081]),0}, + &(lvalues[5075]),0}, {"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8, - &(lvalues[5089]),0}, + &(lvalues[5083]),0}, {"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8, - &(lvalues[5097]),0}, + &(lvalues[5091]),0}, {"subjectDirectoryAttributes","X509v3 Subject Directory Attributes", - NID_subject_directory_attributes,3,&(lvalues[5105]),0}, -{"issuingDistributionPoint","X509v3 Issuing Distrubution Point", - NID_issuing_distribution_point,3,&(lvalues[5108]),0}, + NID_subject_directory_attributes,3,&(lvalues[5099]),0}, +{"issuingDistributionPoint","X509v3 Issuing Distribution Point", + NID_issuing_distribution_point,3,&(lvalues[5102]),0}, {"certificateIssuer","X509v3 Certificate Issuer", - NID_certificate_issuer,3,&(lvalues[5111]),0}, + NID_certificate_issuer,3,&(lvalues[5105]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"KISA","kisa",NID_kisa,6,&(lvalues[5114]),0}, +{"KISA","kisa",NID_kisa,6,&(lvalues[5108]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5120]),0}, -{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5128]),0}, -{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5136]),0}, -{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5144]),0}, -{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5152]),0}, -{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5160]),0}, +{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5114]),0}, +{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5122]),0}, +{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5130]),0}, +{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5138]),0}, +{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5146]),0}, +{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5154]),0}, {"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9, - &(lvalues[5168]),0}, + &(lvalues[5162]),0}, {"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9, - &(lvalues[5177]),0}, + &(lvalues[5171]),0}, {"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8, - &(lvalues[5186]),0}, -{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5194]),0}, + &(lvalues[5180]),0}, +{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5188]),0}, {"id-smime-ct-compressedData","id-smime-ct-compressedData", - NID_id_smime_ct_compressedData,11,&(lvalues[5202]),0}, + NID_id_smime_ct_compressedData,11,&(lvalues[5196]),0}, {"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF", - NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5213]),0}, + NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5207]),0}, {"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9, - &(lvalues[5224]),0}, + &(lvalues[5218]),0}, {"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9, - &(lvalues[5233]),0}, + &(lvalues[5227]),0}, {"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9, - &(lvalues[5242]),0}, + &(lvalues[5236]),0}, {"ecdsa-with-Recommended","ecdsa-with-Recommended", - NID_ecdsa_with_Recommended,7,&(lvalues[5251]),0}, + NID_ecdsa_with_Recommended,7,&(lvalues[5245]),0}, {"ecdsa-with-Specified","ecdsa-with-Specified", - NID_ecdsa_with_Specified,7,&(lvalues[5258]),0}, + NID_ecdsa_with_Specified,7,&(lvalues[5252]),0}, {"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8, - &(lvalues[5265]),0}, + &(lvalues[5259]),0}, {"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8, - &(lvalues[5273]),0}, + &(lvalues[5267]),0}, {"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8, - &(lvalues[5281]),0}, + &(lvalues[5275]),0}, {"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8, - &(lvalues[5289]),0}, -{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5297]),0}, + &(lvalues[5283]),0}, +{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5291]),0}, {"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8, - &(lvalues[5305]),0}, + &(lvalues[5299]),0}, {"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8, - &(lvalues[5313]),0}, + &(lvalues[5307]),0}, {"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8, - &(lvalues[5321]),0}, + &(lvalues[5315]),0}, {"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8, - &(lvalues[5329]),0}, + &(lvalues[5323]),0}, {"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9, - &(lvalues[5337]),0}, + &(lvalues[5331]),0}, {"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9, - &(lvalues[5346]),0}, -{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5355]),0}, -{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5361]),0}, -{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5366]),0}, + &(lvalues[5340]),0}, +{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5349]),0}, +{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5355]),0}, +{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5360]),0}, {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", - NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5371]),0}, + NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5365]),0}, {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", - NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5377]),0}, -{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5383]),0}, + NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5371]),0}, +{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5377]),0}, {"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6, - &(lvalues[5389]),0}, + &(lvalues[5383]),0}, {"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6, - &(lvalues[5395]),0}, -{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5401]),0}, -{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5407]),0}, + &(lvalues[5389]),0}, +{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5395]),0}, +{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5401]),0}, {"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0}, {"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6, - &(lvalues[5413]),0}, + &(lvalues[5407]),0}, {"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6, - &(lvalues[5419]),0}, + &(lvalues[5413]),0}, {"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH, - 6,&(lvalues[5425]),0}, + 6,&(lvalues[5419]),0}, {"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6, - &(lvalues[5431]),0}, + &(lvalues[5425]),0}, {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", - NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5437]),0}, + NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5431]),0}, {"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing", - NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5444]),0}, + NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5438]),0}, {"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet", - NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5451]),0}, + NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5445]),0}, {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", - NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5458]),0}, + NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5452]),0}, {"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet", - NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5465]),0}, + NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5459]),0}, {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", - NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5472]),0}, + NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5466]),0}, {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", - NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5479]),0}, + NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5473]),0}, {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", - NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5486]),0}, + NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5480]),0}, {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", - NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5493]),0}, + NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5487]),0}, {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", - NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5500]), + NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5494]), 0}, {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", - NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5507]), + NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5501]), 0}, {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", - NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5514]),0}, + NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5508]),0}, {"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet", - NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5521]),0}, + NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5515]),0}, {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", - NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5528]),0}, + NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5522]),0}, {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", - NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5535]),0}, + NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5529]),0}, {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", - NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5542]),0}, + NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5536]),0}, {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", - NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5549]),0}, + NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5543]),0}, {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5556]),0}, + NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5550]),0}, {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5563]),0}, + NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5557]),0}, {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5570]),0}, + NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5564]),0}, {"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet", - NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5577]),0}, + NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5571]),0}, {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", - NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5584]),0}, + NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5578]),0}, {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", - NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5591]),0}, + NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5585]),0}, {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", - NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5598]),0}, + NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5592]),0}, {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", - NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5605]),0}, + NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5599]),0}, {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", - NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5612]),0}, + NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5606]),0}, {"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7, - &(lvalues[5619]),0}, + &(lvalues[5613]),0}, {"id-GostR3410-94-aBis","id-GostR3410-94-aBis", - NID_id_GostR3410_94_aBis,7,&(lvalues[5626]),0}, + NID_id_GostR3410_94_aBis,7,&(lvalues[5620]),0}, {"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7, - &(lvalues[5633]),0}, + &(lvalues[5627]),0}, {"id-GostR3410-94-bBis","id-GostR3410-94-bBis", - NID_id_GostR3410_94_bBis,7,&(lvalues[5640]),0}, + NID_id_GostR3410_94_bBis,7,&(lvalues[5634]),0}, {"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet", - NID_id_Gost28147_89_cc,8,&(lvalues[5647]),0}, + NID_id_Gost28147_89_cc,8,&(lvalues[5641]),0}, {"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8, - &(lvalues[5655]),0}, + &(lvalues[5649]),0}, {"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8, - &(lvalues[5663]),0}, + &(lvalues[5657]),0}, {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", - NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5671]),0}, + NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5665]),0}, {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", - NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5679]),0}, + NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5673]),0}, {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", - NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5687]),0}, + NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5681]),0}, {"HMAC","hmac",NID_hmac,0,NULL,0}, {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9, - &(lvalues[5695]),0}, + &(lvalues[5689]),0}, {"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3, - &(lvalues[5704]),0}, + &(lvalues[5698]),0}, {"id-on-permanentIdentifier","Permanent Identifier", - NID_id_on_permanentIdentifier,8,&(lvalues[5707]),0}, -{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5715]),0}, + NID_id_on_permanentIdentifier,8,&(lvalues[5701]),0}, +{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5709]),0}, {"businessCategory","businessCategory",NID_businessCategory,3, - &(lvalues[5718]),0}, -{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5721]),0}, -{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5724]),0}, + &(lvalues[5712]),0}, +{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5715]),0}, +{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5718]),0}, {"physicalDeliveryOfficeName","physicalDeliveryOfficeName", - NID_physicalDeliveryOfficeName,3,&(lvalues[5727]),0}, + NID_physicalDeliveryOfficeName,3,&(lvalues[5721]),0}, {"telephoneNumber","telephoneNumber",NID_telephoneNumber,3, - &(lvalues[5730]),0}, -{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5733]),0}, + &(lvalues[5724]),0}, +{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5727]),0}, {"teletexTerminalIdentifier","teletexTerminalIdentifier", - NID_teletexTerminalIdentifier,3,&(lvalues[5736]),0}, + NID_teletexTerminalIdentifier,3,&(lvalues[5730]),0}, {"facsimileTelephoneNumber","facsimileTelephoneNumber", - NID_facsimileTelephoneNumber,3,&(lvalues[5739]),0}, -{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5742]),0}, + NID_facsimileTelephoneNumber,3,&(lvalues[5733]),0}, +{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5736]),0}, {"internationaliSDNNumber","internationaliSDNNumber", - NID_internationaliSDNNumber,3,&(lvalues[5745]),0}, + NID_internationaliSDNNumber,3,&(lvalues[5739]),0}, {"registeredAddress","registeredAddress",NID_registeredAddress,3, - &(lvalues[5748]),0}, + &(lvalues[5742]),0}, {"destinationIndicator","destinationIndicator", - NID_destinationIndicator,3,&(lvalues[5751]),0}, + NID_destinationIndicator,3,&(lvalues[5745]),0}, {"preferredDeliveryMethod","preferredDeliveryMethod", - NID_preferredDeliveryMethod,3,&(lvalues[5754]),0}, + NID_preferredDeliveryMethod,3,&(lvalues[5748]),0}, {"presentationAddress","presentationAddress",NID_presentationAddress, - 3,&(lvalues[5757]),0}, + 3,&(lvalues[5751]),0}, {"supportedApplicationContext","supportedApplicationContext", - NID_supportedApplicationContext,3,&(lvalues[5760]),0}, -{"member","member",NID_member,3,&(lvalues[5763]),0}, -{"owner","owner",NID_owner,3,&(lvalues[5766]),0}, -{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5769]),0}, -{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5772]),0}, -{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5775]),0}, + NID_supportedApplicationContext,3,&(lvalues[5754]),0}, +{"member","member",NID_member,3,&(lvalues[5757]),0}, +{"owner","owner",NID_owner,3,&(lvalues[5760]),0}, +{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5763]),0}, +{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5766]),0}, +{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5769]),0}, {"userCertificate","userCertificate",NID_userCertificate,3, - &(lvalues[5778]),0}, -{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5781]),0}, + &(lvalues[5772]),0}, +{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5775]),0}, {"authorityRevocationList","authorityRevocationList", - NID_authorityRevocationList,3,&(lvalues[5784]),0}, + NID_authorityRevocationList,3,&(lvalues[5778]),0}, {"certificateRevocationList","certificateRevocationList", - NID_certificateRevocationList,3,&(lvalues[5787]),0}, + NID_certificateRevocationList,3,&(lvalues[5781]),0}, {"crossCertificatePair","crossCertificatePair", - NID_crossCertificatePair,3,&(lvalues[5790]),0}, + NID_crossCertificatePair,3,&(lvalues[5784]),0}, {"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide, - 3,&(lvalues[5793]),0}, + 3,&(lvalues[5787]),0}, {"protocolInformation","protocolInformation",NID_protocolInformation, - 3,&(lvalues[5796]),0}, + 3,&(lvalues[5790]),0}, {"distinguishedName","distinguishedName",NID_distinguishedName,3, - &(lvalues[5799]),0}, -{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5802]),0}, + &(lvalues[5793]),0}, +{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5796]),0}, {"houseIdentifier","houseIdentifier",NID_houseIdentifier,3, - &(lvalues[5805]),0}, + &(lvalues[5799]),0}, {"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms, - 3,&(lvalues[5808]),0}, + 3,&(lvalues[5802]),0}, {"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList, - 3,&(lvalues[5811]),0}, -{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5814]),0}, + 3,&(lvalues[5805]),0}, +{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5808]),0}, {"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11, - &(lvalues[5817]),0}, + &(lvalues[5811]),0}, {"CMAC","cmac",NID_cmac,0,NULL,0}, -{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5828]),0}, -{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5837]),0}, +{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5822]),0}, +{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5831]),0}, {"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9, - &(lvalues[5846]),0}, -{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5855]),0}, -{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5864]),0}, + &(lvalues[5840]),0}, +{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5849]),0}, +{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5858]),0}, {"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9, - &(lvalues[5873]),0}, -{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5882]),0}, -{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5891]),0}, + &(lvalues[5867]),0}, +{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5876]),0}, +{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5885]),0}, {"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9, - &(lvalues[5900]),0}, + &(lvalues[5894]),0}, {"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0}, {"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0}, {"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0}, {"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap, - 11,&(lvalues[5909]),0}, + 11,&(lvalues[5903]),0}, {"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap, - 11,&(lvalues[5920]),0}, + 11,&(lvalues[5914]),0}, {"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap, - 11,&(lvalues[5931]),0}, + 11,&(lvalues[5925]),0}, {"anyExtendedKeyUsage","Any Extended Key Usage", - NID_anyExtendedKeyUsage,4,&(lvalues[5942]),0}, -{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5946]),0}, -{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5955]),0}, + NID_anyExtendedKeyUsage,4,&(lvalues[5936]),0}, +{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5940]),0}, +{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5949]),0}, {"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0}, {"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0}, {"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0}, @@ -2420,67 +2419,67 @@ static const ASN1_OBJECT kObjects[NUM_NID]={ NID_aes_192_cbc_hmac_sha1,0,NULL,0}, {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1,0,NULL,0}, -{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, -{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5973]),0}, +{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5958]),0}, +{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5967]),0}, {"brainpoolP160r1","brainpoolP160r1",NID_brainpoolP160r1,9, - &(lvalues[5980]),0}, + &(lvalues[5974]),0}, {"brainpoolP160t1","brainpoolP160t1",NID_brainpoolP160t1,9, - &(lvalues[5989]),0}, + &(lvalues[5983]),0}, {"brainpoolP192r1","brainpoolP192r1",NID_brainpoolP192r1,9, - &(lvalues[5998]),0}, + &(lvalues[5992]),0}, {"brainpoolP192t1","brainpoolP192t1",NID_brainpoolP192t1,9, - &(lvalues[6007]),0}, + &(lvalues[6001]),0}, {"brainpoolP224r1","brainpoolP224r1",NID_brainpoolP224r1,9, - &(lvalues[6016]),0}, + &(lvalues[6010]),0}, {"brainpoolP224t1","brainpoolP224t1",NID_brainpoolP224t1,9, - &(lvalues[6025]),0}, + &(lvalues[6019]),0}, {"brainpoolP256r1","brainpoolP256r1",NID_brainpoolP256r1,9, - &(lvalues[6034]),0}, + &(lvalues[6028]),0}, {"brainpoolP256t1","brainpoolP256t1",NID_brainpoolP256t1,9, - &(lvalues[6043]),0}, + &(lvalues[6037]),0}, {"brainpoolP320r1","brainpoolP320r1",NID_brainpoolP320r1,9, - &(lvalues[6052]),0}, + &(lvalues[6046]),0}, {"brainpoolP320t1","brainpoolP320t1",NID_brainpoolP320t1,9, - &(lvalues[6061]),0}, + &(lvalues[6055]),0}, {"brainpoolP384r1","brainpoolP384r1",NID_brainpoolP384r1,9, - &(lvalues[6070]),0}, + &(lvalues[6064]),0}, {"brainpoolP384t1","brainpoolP384t1",NID_brainpoolP384t1,9, - &(lvalues[6079]),0}, + &(lvalues[6073]),0}, {"brainpoolP512r1","brainpoolP512r1",NID_brainpoolP512r1,9, - &(lvalues[6088]),0}, + &(lvalues[6082]),0}, {"brainpoolP512t1","brainpoolP512t1",NID_brainpoolP512t1,9, - &(lvalues[6097]),0}, -{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6106]),0}, + &(lvalues[6091]),0}, +{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6100]),0}, {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", - NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6115]),0}, + NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6109]),0}, {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", - NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6124]),0}, + NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6118]),0}, {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", - NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6130]),0}, + NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6124]),0}, {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", - NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6136]),0}, + NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6130]),0}, {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", - NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6142]),0}, + NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6136]),0}, {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", - NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6148]),0}, + NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6142]),0}, {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", - NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6157]),0}, + NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6151]),0}, {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", - NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6163]),0}, + NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6157]),0}, {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", - NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6169]),0}, + NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6163]),0}, {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", - NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6175]),0}, + NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6169]),0}, {"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0}, {"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0}, }; @@ -2636,7 +2635,6 @@ static const unsigned int kNIDsInShortNameOrder[NUM_SN]={ 121, /* "RC5-ECB" */ 123, /* "RC5-OFB" */ 117, /* "RIPEMD160" */ -124, /* "RLE" */ 19, /* "RSA" */ 7, /* "RSA-MD2" */ 396, /* "RSA-MD4" */ @@ -3553,7 +3551,7 @@ static const unsigned int kNIDsInLongNameOrder[NUM_LN]={ 857, /* "X509v3 Freshest CRL" */ 748, /* "X509v3 Inhibit Any Policy" */ 86, /* "X509v3 Issuer Alternative Name" */ -770, /* "X509v3 Issuing Distrubution Point" */ +770, /* "X509v3 Issuing Distribution Point" */ 83, /* "X509v3 Key Usage" */ 666, /* "X509v3 Name Constraints" */ 403, /* "X509v3 No Revocation Available" */ @@ -4147,7 +4145,6 @@ static const unsigned int kNIDsInLongNameOrder[NUM_LN]={ 377, /* "rsaSignature" */ 919, /* "rsaesOaep" */ 912, /* "rsassaPss" */ -124, /* "run length compression" */ 482, /* "sOARecord" */ 155, /* "safeContentsBag" */ 291, /* "sbgp-autonomousSysNum" */ @@ -4681,7 +4678,6 @@ static const unsigned int kNIDsInOIDOrder[NUM_OBJ]={ 744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ 745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ 804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ -124, /* OBJ_rle_compression 1 1 1 1 666 1 */ 773, /* OBJ_kisa 1 2 410 200004 */ 807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ 808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ diff --git a/src/crypto/obj/objects.txt b/src/crypto/obj/objects.txt index aeffc6c..2757c4f 100644 --- a/src/crypto/obj/objects.txt +++ b/src/crypto/obj/objects.txt @@ -748,7 +748,7 @@ id-ce 24 : invalidityDate : Invalidity Date !Cname delta-crl id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator !Cname issuing-distribution-point -id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distrubution Point +id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distribution Point !Cname certificate-issuer id-ce 29 : certificateIssuer : X509v3 Certificate Issuer !Cname name-constraints @@ -838,9 +838,7 @@ mime-mhs 2 : mime-mhs-bodies : mime-mhs-bodies mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message -# What the hell are these OIDs, really? -!Cname rle-compression -1 1 1 1 666 1 : RLE : run length compression +# RFC 3274 !Cname zlib-compression id-smime-alg 8 : ZLIB : zlib compression diff --git a/src/crypto/pem/pem_lib.c b/src/crypto/pem/pem_lib.c index 48e3297..5201467 100644 --- a/src/crypto/pem/pem_lib.c +++ b/src/crypto/pem/pem_lib.c @@ -331,8 +331,9 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, if (kstr == NULL) { klen = 0; - if (callback) - klen=(*callback)(buf,PEM_BUFSIZE,1,u); + if (!callback) + callback = PEM_def_callback; + klen=(*callback)(buf,PEM_BUFSIZE,1,u); if (klen <= 0) { OPENSSL_PUT_ERROR(PEM, PEM_ASN1_write_bio, PEM_R_READ_KEY); @@ -403,8 +404,8 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, if (cipher->cipher == NULL) return(1); klen = 0; - if (callback) - klen=callback(buf,PEM_BUFSIZE,0,u); + if (!callback) callback = PEM_def_callback; + klen=callback(buf,PEM_BUFSIZE,0,u); if (klen <= 0) { OPENSSL_PUT_ERROR(PEM, PEM_do_header, PEM_R_BAD_PASSWORD_READ); @@ -811,3 +812,17 @@ int pem_check_suffix(const char *pem_str, const char *suffix) return p - pem_str; } +int PEM_def_callback(char *buf, int size, int rwflag, void *userdata) + { + if (!buf || !userdata) + { + return 0; + } + size_t len = strlen((char *) userdata); + if (len >= (size_t) size) + { + return 0; + } + strcpy(buf, (char *) userdata); + return len; + } diff --git a/src/crypto/pem/pem_pk8.c b/src/crypto/pem/pem_pk8.c index 383a524..035038e 100644 --- a/src/crypto/pem/pem_pk8.c +++ b/src/crypto/pem/pem_pk8.c @@ -124,8 +124,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER if(enc || (nid != -1)) { if(!kstr) { klen = 0; - if (cb) - klen = cb(buf, PEM_BUFSIZE, 1, u); + if (!cb) cb = PEM_def_callback; + klen = cb(buf, PEM_BUFSIZE, 1, u); if(klen <= 0) { OPENSSL_PUT_ERROR(PEM, do_pk8pkey, PEM_R_READ_KEY); PKCS8_PRIV_KEY_INFO_free(p8inf); @@ -160,8 +160,8 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo if(!p8) return NULL; klen = 0; - if (cb) - klen=cb(psbuf,PEM_BUFSIZE,0,u); + if (!cb) cb = PEM_def_callback; + klen=cb(psbuf,PEM_BUFSIZE,0,u); if (klen <= 0) { OPENSSL_PUT_ERROR(PEM, d2i_PKCS8PrivateKey_bio, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); diff --git a/src/crypto/pem/pem_pkey.c b/src/crypto/pem/pem_pkey.c index c0aba51..fe58558 100644 --- a/src/crypto/pem/pem_pkey.c +++ b/src/crypto/pem/pem_pkey.c @@ -106,7 +106,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo if(!p8) goto p8err; klen = 0; - if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); + if (!cb) cb = PEM_def_callback; + klen=cb(psbuf,PEM_BUFSIZE,0,u); if (klen <= 0) { OPENSSL_PUT_ERROR(PEM, PEM_read_bio_PrivateKey, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); @@ -309,4 +310,3 @@ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) return(ret); } #endif - diff --git a/src/crypto/pkcs8/CMakeLists.txt b/src/crypto/pkcs8/CMakeLists.txt index c0f2746..4426f1e 100644 --- a/src/crypto/pkcs8/CMakeLists.txt +++ b/src/crypto/pkcs8/CMakeLists.txt @@ -15,6 +15,8 @@ add_executable( pkcs12_test pkcs12_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(pkcs12_test crypto) diff --git a/src/crypto/rand/rand.c b/src/crypto/rand/rand.c index ae30edb..a647b6a 100644 --- a/src/crypto/rand/rand.c +++ b/src/crypto/rand/rand.c @@ -14,6 +14,7 @@ #include <openssl/rand.h> +#include <limits.h> #include <string.h> #include <openssl/mem.h> @@ -95,6 +96,7 @@ int RAND_bytes(uint8_t *buf, size_t len) { return 1; } + memset(state->partial_block, 0, sizeof(state->partial_block)); state->calls_used = kMaxCallsPerRefresh; } @@ -149,6 +151,16 @@ int RAND_pseudo_bytes(uint8_t *buf, size_t len) { void RAND_seed(const void *buf, int num) {} +int RAND_load_file(const char *path, long num) { + if (num < 0) { /* read the "whole file" */ + return 1; + } else if (num <= INT_MAX) { + return (int) num; + } else { + return INT_MAX; + } +} + void RAND_add(const void *buf, int num, double entropy) {} int RAND_poll(void) { diff --git a/src/crypto/rc4/rc4.c b/src/crypto/rc4/rc4.c index 2a98fd0..aa19dc2 100644 --- a/src/crypto/rc4/rc4.c +++ b/src/crypto/rc4/rc4.c @@ -141,37 +141,6 @@ void RC4(RC4_KEY *key, size_t len, const uint8_t *in, uint8_t *out) { in += sizeof(RC4_CHUNK); out += sizeof(RC4_CHUNK); } - if (len) { - RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk; - - ichunk = *(RC4_CHUNK *)in; - ochunk = *(RC4_CHUNK *)out; - otp = 0; - i = BESHFT(0); - mask <<= (sizeof(RC4_CHUNK) - len) << 3; - switch (len & (sizeof(RC4_CHUNK) - 1)) { - case 7: - otp = RC4_STEP << i, i -= 8; - case 6: - otp |= RC4_STEP << i, i -= 8; - case 5: - otp |= RC4_STEP << i, i -= 8; - case 4: - otp |= RC4_STEP << i, i -= 8; - case 3: - otp |= RC4_STEP << i, i -= 8; - case 2: - otp |= RC4_STEP << i, i -= 8; - case 1: - otp |= RC4_STEP << i, i -= 8; - } - ochunk &= ~mask; - ochunk |= (otp ^ ichunk) & mask; - *(RC4_CHUNK *)out = ochunk; - } - key->x = x; - key->y = y; - return; } else { /* LITTLE-ENDIAN CASE */ #define LESHFT(c) (((c) * 8) & (sizeof(RC4_CHUNK) * 8 - 1)) for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) { @@ -190,37 +159,6 @@ void RC4(RC4_KEY *key, size_t len, const uint8_t *in, uint8_t *out) { in += sizeof(RC4_CHUNK); out += sizeof(RC4_CHUNK); } - if (len) { - RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk; - - ichunk = *(RC4_CHUNK *)in; - ochunk = *(RC4_CHUNK *)out; - otp = 0; - i = 0; - mask >>= (sizeof(RC4_CHUNK) - len) << 3; - switch (len & (sizeof(RC4_CHUNK) - 1)) { - case 7: - otp = RC4_STEP, i += 8; - case 6: - otp |= RC4_STEP << i, i += 8; - case 5: - otp |= RC4_STEP << i, i += 8; - case 4: - otp |= RC4_STEP << i, i += 8; - case 3: - otp |= RC4_STEP << i, i += 8; - case 2: - otp |= RC4_STEP << i, i += 8; - case 1: - otp |= RC4_STEP << i, i += 8; - } - ochunk &= ~mask; - ochunk |= (otp ^ ichunk) & mask; - *(RC4_CHUNK *)out = ochunk; - } - key->x = x; - key->y = y; - return; } } #define LOOP(in, out) \ diff --git a/src/crypto/refcount_c11.c b/src/crypto/refcount_c11.c new file mode 100644 index 0000000..fbc0343 --- /dev/null +++ b/src/crypto/refcount_c11.c @@ -0,0 +1,67 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "internal.h" + + +#if defined(OPENSSL_C11_ATOMIC) + +#include <assert.h> +#include <stdalign.h> +#include <stdatomic.h> +#include <stdlib.h> + +#include <openssl/type_check.h> + + +/* See comment above the typedef of CRYPTO_refcount_t about these tests. */ +static_assert(alignof(CRYPTO_refcount_t) == alignof(_Atomic CRYPTO_refcount_t), + "_Atomic alters the needed alignment of a reference count"); +static_assert(sizeof(CRYPTO_refcount_t) == sizeof(_Atomic CRYPTO_refcount_t), + "_Atomic alters the size of a reference count"); + +static_assert((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX, + "CRYPTO_REFCOUNT_MAX is incorrect"); + +void CRYPTO_refcount_inc(CRYPTO_refcount_t *in_count) { + _Atomic CRYPTO_refcount_t *count = (_Atomic CRYPTO_refcount_t *) in_count; + uint32_t expected = atomic_load(count); + + while (expected != CRYPTO_REFCOUNT_MAX) { + uint32_t new_value = expected + 1; + if (atomic_compare_exchange_weak(count, &expected, new_value)) { + break; + } + } +} + +int CRYPTO_refcount_dec_and_test_zero(CRYPTO_refcount_t *in_count) { + _Atomic CRYPTO_refcount_t *count = (_Atomic CRYPTO_refcount_t *)in_count; + uint32_t expected = atomic_load(count); + + for (;;) { + if (expected == 0) { + abort(); + } else if (expected == CRYPTO_REFCOUNT_MAX) { + return 0; + } else { + const uint32_t new_value = expected - 1; + if (atomic_compare_exchange_weak(count, &expected, new_value)) { + return new_value == 0; + } + } + } +} + +#endif /* OPENSSL_C11_ATOMIC */ diff --git a/src/crypto/refcount_lock.c b/src/crypto/refcount_lock.c new file mode 100644 index 0000000..bb8ef86 --- /dev/null +++ b/src/crypto/refcount_lock.c @@ -0,0 +1,53 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "internal.h" + +#include <stdlib.h> + +#include <openssl/type_check.h> + + +#if !defined(OPENSSL_C11_ATOMIC) + +OPENSSL_COMPILE_ASSERT((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX, + CRYPTO_REFCOUNT_MAX_is_incorrect); + +static struct CRYPTO_STATIC_MUTEX g_refcount_lock = CRYPTO_STATIC_MUTEX_INIT; + +void CRYPTO_refcount_inc(CRYPTO_refcount_t *count) { + CRYPTO_STATIC_MUTEX_lock_write(&g_refcount_lock); + if (*count < CRYPTO_REFCOUNT_MAX) { + (*count)++; + } + CRYPTO_STATIC_MUTEX_unlock(&g_refcount_lock); +} + +int CRYPTO_refcount_dec_and_test_zero(CRYPTO_refcount_t *count) { + int ret; + + CRYPTO_STATIC_MUTEX_lock_write(&g_refcount_lock); + if (*count == 0) { + abort(); + } + if (*count < CRYPTO_REFCOUNT_MAX) { + (*count)--; + } + ret = (*count == 0); + CRYPTO_STATIC_MUTEX_unlock(&g_refcount_lock); + + return ret; +} + +#endif /* OPENSSL_C11_ATOMIC */ diff --git a/src/crypto/refcount_test.c b/src/crypto/refcount_test.c new file mode 100644 index 0000000..97bfbd6 --- /dev/null +++ b/src/crypto/refcount_test.c @@ -0,0 +1,59 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "internal.h" + +#include <stdio.h> + +#include <openssl/type_check.h> + + +int main(int argc, char **argv) { + CRYPTO_refcount_t count = 0; + + CRYPTO_refcount_inc(&count); + if (count != 1) { + fprintf(stderr, "Incrementing reference count did not work.\n"); + return 1; + } + if (!CRYPTO_refcount_dec_and_test_zero(&count) || count != 0) { + fprintf(stderr, "Decrementing reference count to zero did not work.\n"); + return 1; + } + + count = CRYPTO_REFCOUNT_MAX; + CRYPTO_refcount_inc(&count); + if (count != CRYPTO_REFCOUNT_MAX) { + fprintf(stderr, "Count did not saturate correctly when incrementing.\n"); + return 1; + } + if (CRYPTO_refcount_dec_and_test_zero(&count) || + count != CRYPTO_REFCOUNT_MAX) { + fprintf(stderr, "Count did not saturate correctly when decrementing.\n"); + return 1; + } + + count = 2; + if (CRYPTO_refcount_dec_and_test_zero(&count)) { + fprintf(stderr, "Decrementing two resulted in zero!\n"); + return 1; + } + if (count != 1) { + fprintf(stderr, "Decrementing two did not produce one!"); + return 1; + } + + printf("PASS\n"); + return 0; +} diff --git a/src/crypto/rsa/CMakeLists.txt b/src/crypto/rsa/CMakeLists.txt index c438e1d..0ea12c8 100644 --- a/src/crypto/rsa/CMakeLists.txt +++ b/src/crypto/rsa/CMakeLists.txt @@ -16,6 +16,8 @@ add_executable( rsa_test rsa_test.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(rsa_test crypto) diff --git a/src/crypto/rsa/rsa.c b/src/crypto/rsa/rsa.c index 5cc48ed..17059b0 100644 --- a/src/crypto/rsa/rsa.c +++ b/src/crypto/rsa/rsa.c @@ -121,7 +121,7 @@ void RSA_free(RSA *rsa) { return; } - if (CRYPTO_add(&rsa->references, -1, CRYPTO_LOCK_RSA) > 0) { + if (!CRYPTO_refcount_dec_and_test_zero(&rsa->references)) { return; } @@ -150,7 +150,7 @@ void RSA_free(RSA *rsa) { } int RSA_up_ref(RSA *rsa) { - CRYPTO_add(&rsa->references, 1, CRYPTO_LOCK_RSA); + CRYPTO_refcount_inc(&rsa->references); return 1; } diff --git a/src/crypto/sha/asm/sha256-armv4.pl b/src/crypto/sha/asm/sha256-armv4.pl index 778c3d9..df71676 100644 --- a/src/crypto/sha/asm/sha256-armv4.pl +++ b/src/crypto/sha/asm/sha256-armv4.pl @@ -479,7 +479,7 @@ sha256_block_data_order_neon: stmdb sp!,{r4-r12,lr} sub $H,sp,#16*4+16 - adr $Ktbl,K256 + adrl $Ktbl,K256 bic $H,$H,#15 @ align for 128-bit stores mov $t2,sp mov sp,$H @ alloca diff --git a/src/crypto/sha/sha1.c b/src/crypto/sha/sha1.c index 60d09f6..c03e608 100644 --- a/src/crypto/sha/sha1.c +++ b/src/crypto/sha/sha1.c @@ -101,7 +101,7 @@ uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t *out) { #define HASH_CBLOCK 64 #define HASH_MAKE_STRING(c, s) \ do { \ - unsigned long ll; \ + uint32_t ll; \ ll = (c)->h0; \ (void) HOST_l2c(ll, (s)); \ ll = (c)->h1; \ @@ -188,8 +188,8 @@ void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); #if !defined(SHA1_ASM) static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) { const uint8_t *data = p; - register unsigned MD32_REG_T A, B, C, D, E, T, l; - unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, + register uint32_t A, B, C, D, E, T, l; + uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; A = c->h0; diff --git a/src/crypto/sha/sha256.c b/src/crypto/sha/sha256.c index 8d4106e..8276bbb 100644 --- a/src/crypto/sha/sha256.c +++ b/src/crypto/sha/sha256.c @@ -144,10 +144,13 @@ int SHA224_Final(uint8_t *md, SHA256_CTX *ctx) { * to truncate to amount of bytes not divisible by 4. I bet not, but if it is, * then default: case shall be extended. For reference. Idea behind separate * cases for pre-defined lenghts is to let the compiler decide if it's - * appropriate to unroll small loops. */ + * appropriate to unroll small loops. + * + * TODO(davidben): The small |md_len| case is one of the few places a low-level + * hash 'final' function can fail. This should never happen. */ #define HASH_MAKE_STRING(c, s) \ do { \ - unsigned long ll; \ + uint32_t ll; \ unsigned int nn; \ switch ((c)->md_len) { \ case SHA224_DIGEST_LENGTH: \ @@ -163,8 +166,9 @@ int SHA224_Final(uint8_t *md, SHA256_CTX *ctx) { } \ break; \ default: \ - if ((c)->md_len > SHA256_DIGEST_LENGTH) \ + if ((c)->md_len > SHA256_DIGEST_LENGTH) { \ return 0; \ + } \ for (nn = 0; nn < (c)->md_len / 4; nn++) { \ ll = (c)->h[nn]; \ (void) HOST_l2c(ll, (s)); \ @@ -232,7 +236,7 @@ static const HASH_LONG K256[64] = { static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num) { - unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1; + uint32_t a, b, c, d, e, f, g, h, s0, s1, T1; HASH_LONG X[16]; int i; const uint8_t *data = in; diff --git a/src/crypto/sha/sha512.c b/src/crypto/sha/sha512.c index 2acefb1..57c96ab 100644 --- a/src/crypto/sha/sha512.c +++ b/src/crypto/sha/sha512.c @@ -166,7 +166,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); -int SHA384_Final(unsigned char *md, SHA512_CTX *sha) { +int SHA384_Final(uint8_t *md, SHA512_CTX *sha) { return SHA512_Final(md, sha); } @@ -174,7 +174,7 @@ int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len) { return SHA512_Update(sha, data, len); } -void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) { +void SHA512_Transform(SHA512_CTX *c, const uint8_t *data) { #ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA if ((size_t)data % sizeof(c->u.d[0]) != 0) { memcpy(c->u.p, data, sizeof(c->u.p)); @@ -244,7 +244,7 @@ int SHA512_Update(SHA512_CTX *c, const void *in_data, size_t len) { return 1; } -int SHA512_Final(unsigned char *md, SHA512_CTX *sha) { +int SHA512_Final(uint8_t *md, SHA512_CTX *sha) { uint8_t *p = (uint8_t *)sha->u.p; size_t n = sha->num; @@ -276,7 +276,9 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *sha) { sha512_block_data_order(sha, p, 1); - if (md == 0) { + if (md == NULL) { + /* TODO(davidben): This NULL check is absent in other low-level hash 'final' + * functions and is one of the few places one can fail. */ return 0; } @@ -312,6 +314,8 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *sha) { break; /* ... as well as make sure md_len is not abused. */ default: + /* TODO(davidben): This bad |md_len| case is one of the few places a + * low-level hash 'final' function can fail. This should never happen. */ return 0; } @@ -415,7 +419,7 @@ static uint64_t __fastcall __pull64be(const void *x) { #ifndef PULL64 #define B(x, j) \ - (((uint64_t)(*(((const unsigned char *)(&x)) + j))) << ((7 - j) * 8)) + (((uint64_t)(*(((const uint8_t *)(&x)) + j))) << ((7 - j) * 8)) #define PULL64(x) \ (B(x, 0) | B(x, 1) | B(x, 2) | B(x, 3) | B(x, 4) | B(x, 5) | B(x, 6) | \ B(x, 7)) diff --git a/src/crypto/test/CMakeLists.txt b/src/crypto/test/CMakeLists.txt index 0d5ca81..84a6174 100644 --- a/src/crypto/test/CMakeLists.txt +++ b/src/crypto/test/CMakeLists.txt @@ -4,4 +4,5 @@ add_library( OBJECT file_test.cc + malloc.cc ) diff --git a/src/crypto/test/file_test.cc b/src/crypto/test/file_test.cc index 12405f2..8df6f9a 100644 --- a/src/crypto/test/file_test.cc +++ b/src/crypto/test/file_test.cc @@ -17,6 +17,7 @@ #include <ctype.h> #include <errno.h> #include <stdarg.h> +#include <stdlib.h> #include <string.h> #include <openssl/err.h> diff --git a/src/ssl/test/malloc.cc b/src/crypto/test/malloc.cc index 2ec5582..9ffdf01 100644 --- a/src/ssl/test/malloc.cc +++ b/src/crypto/test/malloc.cc @@ -15,17 +15,23 @@ #include <openssl/base.h> #if defined(__has_feature) -#if __has_feature(address_sanitizer) +#if __has_feature(address_sanitizer) || __has_feature(memory_sanitizer) #define OPENSSL_ASAN #endif #endif +#if defined(__GLIBC__) && !defined(__UCLIBC__) +#define OPENSSL_GLIBC +#endif + // This file isn't built on ARM or Aarch64 because we link statically in those -// builds and trying to override malloc in a static link doesn't work. It's also -// disabled on ASan builds as this interferes with ASan's malloc interceptor. +// builds and trying to override malloc in a static link doesn't work. It also +// requires glibc. It's also disabled on ASan builds as this interferes with +// ASan's malloc interceptor. // -// TODO(davidben): See if this and ASan's interceptors can be made to coexist. -#if defined(__linux__) && !defined(OPENSSL_ARM) && \ +// TODO(davidben): See if this and ASan's and MSan's interceptors can be made to +// coexist. +#if defined(__linux__) && defined(OPENSSL_GLIBC) && !defined(OPENSSL_ARM) && \ !defined(OPENSSL_AARCH64) && !defined(OPENSSL_ASAN) #include <stdint.h> @@ -136,4 +142,4 @@ void *realloc(void *ptr, size_t size) { } // extern "C" -#endif /* defined(linux) && !ARM && !AARCH64 && !ASAN */ +#endif /* defined(linux) && GLIBC && !ARM && !AARCH64 && !ASAN */ diff --git a/src/crypto/test/scoped_types.h b/src/crypto/test/scoped_types.h index eb04c18..c5c8cfe 100644 --- a/src/crypto/test/scoped_types.h +++ b/src/crypto/test/scoped_types.h @@ -16,6 +16,7 @@ #define OPENSSL_HEADER_CRYPTO_TEST_SCOPED_TYPES_H #include <stdint.h> +#include <stdio.h> #include <openssl/bio.h> #include <openssl/bn.h> @@ -57,6 +58,12 @@ struct OpenSSLFree { } }; +struct FileCloser { + void operator()(FILE *file) { + fclose(file); + } +}; + template<typename T, void (*func)(T*)> using ScopedOpenSSLType = bssl::unique_ptr<T, OpenSSLDeleter<T, func>>; @@ -108,6 +115,9 @@ using ScopedX509_ALGOR = ScopedOpenSSLType<X509_ALGOR, X509_ALGOR_free>; using ScopedX509Stack = ScopedOpenSSLStack<STACK_OF(X509), X509, X509_free>; +using ScopedEVP_CIPHER_CTX = ScopedOpenSSLContext<EVP_CIPHER_CTX, int, + EVP_CIPHER_CTX_init, + EVP_CIPHER_CTX_cleanup>; using ScopedEVP_MD_CTX = ScopedOpenSSLContext<EVP_MD_CTX, int, EVP_MD_CTX_init, EVP_MD_CTX_cleanup>; using ScopedHMAC_CTX = ScopedOpenSSLContext<HMAC_CTX, void, HMAC_CTX_init, @@ -116,5 +126,6 @@ using ScopedHMAC_CTX = ScopedOpenSSLContext<HMAC_CTX, void, HMAC_CTX_init, using ScopedOpenSSLBytes = bssl::unique_ptr<uint8_t, OpenSSLFree<uint8_t>>; using ScopedOpenSSLString = bssl::unique_ptr<char, OpenSSLFree<char>>; +using ScopedFILE = bssl::unique_ptr<FILE, FileCloser>; #endif // OPENSSL_HEADER_CRYPTO_TEST_SCOPED_TYPES_H diff --git a/src/crypto/thread.c b/src/crypto/thread.c index abc8b6f..8837115 100644 --- a/src/crypto/thread.c +++ b/src/crypto/thread.c @@ -69,40 +69,16 @@ #include <openssl/mem.h> -#define CRYPTO_LOCK_ITEM(x) #x - -/* lock_names contains the names of all the locks defined in thread.h. */ -static const char *const lock_names[] = { - CRYPTO_LOCK_LIST -}; - -#undef CRYPTO_LOCK_ITEM - -#define CRYPTO_NUM_LOCKS (sizeof(lock_names) / sizeof(lock_names[0])) - -static void (*locking_callback)(int mode, int lock_num, const char *file, - int line) = 0; -static int (*add_lock_callback)(int *pointer, int amount, int lock_num, - const char *file, int line) = 0; - -int CRYPTO_num_locks(void) { return CRYPTO_NUM_LOCKS; } +int CRYPTO_num_locks(void) { return 1; } void CRYPTO_set_locking_callback(void (*func)(int mode, int lock_num, - const char *file, int line)) { - locking_callback = func; -} + const char *file, int line)) {} void CRYPTO_set_add_lock_callback(int (*func)(int *num, int mount, int lock_num, - const char *file, int line)) { - add_lock_callback = func; -} + const char *file, int line)) {} const char *CRYPTO_get_lock_name(int lock_num) { - if (lock_num >= 0 && lock_num < CRYPTO_NUM_LOCKS) { - return lock_names[lock_num]; - } else { - return "ERROR"; - } + return "No old-style OpenSSL locks anymore"; } int CRYPTO_THREADID_set_callback(void (*func)(CRYPTO_THREADID *)) { return 1; } @@ -113,38 +89,6 @@ void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) {} void CRYPTO_THREADID_current(CRYPTO_THREADID *id) {} -void (*CRYPTO_get_locking_callback(void))(int mode, int lock_num, - const char *file, int line) { - return locking_callback; -} - -int (*CRYPTO_get_add_lock_callback(void))(int *num, int mount, int lock_num, - const char *file, int line) { - return add_lock_callback; -} - -void CRYPTO_lock(int mode, int lock_num, const char *file, int line) { - if (locking_callback != NULL) { - locking_callback(mode, lock_num, file, line); - } -} - -int CRYPTO_add_lock(int *pointer, int amount, int lock_num, const char *file, - int line) { - int ret = 0; - - if (add_lock_callback != NULL) { - ret = add_lock_callback(pointer, amount, lock_num, file, line); - } else { - CRYPTO_lock(CRYPTO_LOCK | CRYPTO_WRITE, lock_num, file, line); - ret = *pointer + amount; - *pointer = ret; - CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_WRITE, lock_num, file, line); - } - - return ret; -} - void CRYPTO_set_id_callback(unsigned long (*func)(void)) {} void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *( diff --git a/src/crypto/x509/CMakeLists.txt b/src/crypto/x509/CMakeLists.txt index 96cf35c..3bb5704 100644 --- a/src/crypto/x509/CMakeLists.txt +++ b/src/crypto/x509/CMakeLists.txt @@ -59,6 +59,8 @@ add_executable( pkcs7_test pkcs7_test.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(pkcs7_test crypto) diff --git a/src/crypto/x509/by_dir.c b/src/crypto/x509/by_dir.c index 098c1bd..34bb1e4 100644 --- a/src/crypto/x509/by_dir.c +++ b/src/crypto/x509/by_dir.c @@ -66,6 +66,8 @@ #include <openssl/thread.h> #include <openssl/x509.h> +#include "../internal.h" + typedef struct lookup_dir_hashes_st { @@ -262,6 +264,10 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) return 1; } +/* g_ent_hashes_lock protects the |hashes| member of all |BY_DIR_ENTRY| + * objects. */ +static struct CRYPTO_STATIC_MUTEX g_ent_hashes_lock = CRYPTO_STATIC_MUTEX_INIT; + static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, X509_OBJECT *ret) { @@ -337,7 +343,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, if (type == X509_LU_CRL && ent->hashes) { htmp.hash = h; - CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_STATIC_MUTEX_lock_read(&g_ent_hashes_lock); if (sk_BY_DIR_HASH_find(ent->hashes, &idx, &htmp)) { hent = sk_BY_DIR_HASH_value(ent->hashes, idx); @@ -348,7 +354,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, hent = NULL; k=0; } - CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_STATIC_MUTEX_unlock(&g_ent_hashes_lock); } else { @@ -418,19 +424,19 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, /* we have added it to the cache so now pull * it out again */ - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&xl->store_ctx->objs_lock); tmp = NULL; if (sk_X509_OBJECT_find(xl->store_ctx->objs, &idx, &stmp)) { tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,idx); } - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&xl->store_ctx->objs_lock); /* If a CRL, update the last file suffix added for this */ if (type == X509_LU_CRL) { - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_STATIC_MUTEX_lock_write(&g_ent_hashes_lock); /* Look for entry again in case another thread added * an entry first. */ @@ -445,7 +451,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); if (hent == NULL) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_STATIC_MUTEX_unlock(&g_ent_hashes_lock); ok = 0; goto finish; } @@ -453,7 +459,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, hent->suffix = k; if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_STATIC_MUTEX_unlock(&g_ent_hashes_lock); OPENSSL_free(hent); ok = 0; goto finish; @@ -462,8 +468,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, else if (hent->suffix < k) hent->suffix = k; - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - + CRYPTO_STATIC_MUTEX_unlock(&g_ent_hashes_lock); } if (tmp != NULL) diff --git a/src/crypto/x509/x509_lu.c b/src/crypto/x509/x509_lu.c index 34ef26e..a662305 100644 --- a/src/crypto/x509/x509_lu.c +++ b/src/crypto/x509/x509_lu.c @@ -64,6 +64,8 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "../internal.h" + X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { @@ -186,6 +188,7 @@ X509_STORE *X509_STORE_new(void) return NULL; memset(ret, 0, sizeof(*ret)); ret->objs = sk_X509_OBJECT_new(x509_object_cmp); + CRYPTO_MUTEX_init(&ret->objs_lock); ret->cache = 1; ret->get_cert_methods = sk_X509_LOOKUP_new_null(); @@ -228,7 +231,6 @@ static void cleanup(X509_OBJECT *a) void X509_STORE_free(X509_STORE *vfy) { - int i; size_t j; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; @@ -236,18 +238,11 @@ void X509_STORE_free(X509_STORE *vfy) if (vfy == NULL) return; - i=CRYPTO_add(&vfy->references,-1,CRYPTO_LOCK_X509_STORE); -#ifdef REF_PRINT - REF_PRINT("X509_STORE",vfy); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"X509_STORE_free, bad reference count\n"); - abort(); /* ok */ - } -#endif + if (!CRYPTO_refcount_dec_and_test_zero(&vfy->references)) { + return; + } + + CRYPTO_MUTEX_cleanup(&vfy->objs_lock); sk=vfy->get_cert_methods; for (j=0; j<sk_X509_LOOKUP_num(sk); j++) @@ -304,9 +299,9 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, X509_OBJECT stmp,*tmp; int i,j; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->objs_lock); tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->objs_lock); if (tmp == NULL || type == X509_LU_CRL) { @@ -356,7 +351,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) obj->type=X509_LU_X509; obj->data.x509=x; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->objs_lock); X509_OBJECT_up_ref_count(obj); @@ -369,7 +364,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) } else sk_X509_OBJECT_push(ctx->objs, obj); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->objs_lock); return ret; } @@ -389,7 +384,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) obj->type=X509_LU_CRL; obj->data.crl=x; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->objs_lock); X509_OBJECT_up_ref_count(obj); @@ -402,7 +397,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) } else sk_X509_OBJECT_push(ctx->objs, obj); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->objs_lock); return ret; } @@ -415,7 +410,7 @@ void X509_OBJECT_up_ref_count(X509_OBJECT *a) X509_up_ref(a->data.x509); break; case X509_LU_CRL: - CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); + CRYPTO_refcount_inc(&a->data.crl->references); break; } } @@ -503,7 +498,7 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) X509 *x; X509_OBJECT *obj; sk = sk_X509_new_null(); - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { @@ -511,18 +506,18 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) * objects to cache */ X509_OBJECT xobj; - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) { sk_X509_free(sk); return NULL; } X509_OBJECT_free_contents(&xobj); - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt); if (idx < 0) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); sk_X509_free(sk); return NULL; } @@ -533,13 +528,13 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) x = obj->data.x509; if (!sk_X509_push(sk, X509_up_ref(x))) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); X509_free(x); sk_X509_pop_free(sk, X509_free); return NULL; } } - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); return sk; } @@ -551,24 +546,24 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) X509_CRL *x; X509_OBJECT *obj, xobj; sk = sk_X509_CRL_new_null(); - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); /* Check cache first */ idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); /* Always do lookup to possibly add new CRLs to cache */ - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) { sk_X509_CRL_free(sk); return NULL; } X509_OBJECT_free_contents(&xobj); - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt); if (idx < 0) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); sk_X509_CRL_free(sk); return NULL; } @@ -577,16 +572,16 @@ STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) { obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); x = obj->data.crl; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); + CRYPTO_refcount_inc(&x->references); if (!sk_X509_CRL_push(sk, x)) { - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); X509_CRL_free(x); sk_X509_CRL_pop_free(sk, X509_CRL_free); return NULL; } } - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); return sk; } @@ -667,7 +662,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) /* Else find index of first cert accepted by 'check_issued' */ ret = 0; - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_lock_write(&ctx->ctx->objs_lock); idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); if (idx != -1) /* should be true as we've had at least one match */ { @@ -689,7 +684,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } } } - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_MUTEX_unlock(&ctx->ctx->objs_lock); return ret; } diff --git a/src/crypto/x509/x509_vfy.c b/src/crypto/x509/x509_vfy.c index a0cd9fc..2ba9c84 100644 --- a/src/crypto/x509/x509_vfy.c +++ b/src/crypto/x509/x509_vfy.c @@ -273,7 +273,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx) OPENSSL_PUT_ERROR(X509, X509_verify_cert, ERR_R_MALLOC_FAILURE); goto end; } - CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); + CRYPTO_refcount_inc(&xtmp->references); (void)sk_X509_delete_ptr(sktmp,xtmp); ctx->last_untrusted++; x=xtmp; @@ -990,7 +990,7 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, *pissuer = best_crl_issuer; *pscore = best_score; *preasons = best_reasons; - CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); + CRYPTO_refcount_inc(&best_crl->references); if (*pdcrl) { X509_CRL_free(*pdcrl); @@ -1097,7 +1097,7 @@ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, { if (check_crl_time(ctx, delta, 0)) *pscore |= CRL_SCORE_TIME_DELTA; - CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); + CRYPTO_refcount_inc(&delta->references); *dcrl = delta; return; } diff --git a/src/crypto/x509/x_crl.c b/src/crypto/x509/x_crl.c index aa92fa9..2f41bb1 100644 --- a/src/crypto/x509/x_crl.c +++ b/src/crypto/x509/x_crl.c @@ -65,6 +65,9 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "../internal.h" + + /* Method to handle CRL access. * In general a CRL could be very large (several Mb) and can consume large * amounts of resources if stored in memory by multiple processes. @@ -370,7 +373,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); } -ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { +ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) @@ -463,6 +466,8 @@ static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, } +static struct CRYPTO_STATIC_MUTEX g_crl_sort_lock = CRYPTO_STATIC_MUTEX_INIT; + static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer) { @@ -471,13 +476,22 @@ static int def_crl_lookup(X509_CRL *crl, rtmp.serialNumber = serial; /* Sort revoked into serial number order if not already sorted. * Do this under a lock to avoid race condition. - */ - if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) + */ + + CRYPTO_STATIC_MUTEX_lock_read(&g_crl_sort_lock); + const int is_sorted = sk_X509_REVOKED_is_sorted(crl->crl->revoked); + CRYPTO_STATIC_MUTEX_unlock(&g_crl_sort_lock); + + if (!is_sorted) { - CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); - sk_X509_REVOKED_sort(crl->crl->revoked); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); + CRYPTO_STATIC_MUTEX_lock_write(&g_crl_sort_lock); + if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) + { + sk_X509_REVOKED_sort(crl->crl->revoked); + } + CRYPTO_STATIC_MUTEX_unlock(&g_crl_sort_lock); } + if (!sk_X509_REVOKED_find(crl->crl->revoked, &idx, &rtmp)) return 0; /* Need to look for matching name */ diff --git a/src/crypto/x509/x_info.c b/src/crypto/x509/x_info.c index 6807b24..f9e9ab8 100644 --- a/src/crypto/x509/x_info.c +++ b/src/crypto/x509/x_info.c @@ -77,7 +77,6 @@ X509_INFO *X509_INFO_new(void) ret->enc_len=0; ret->enc_data=NULL; - ret->references=1; ret->x509=NULL; ret->crl=NULL; ret->x_pkey=NULL; @@ -86,23 +85,8 @@ X509_INFO *X509_INFO_new(void) void X509_INFO_free(X509_INFO *x) { - int i; - if (x == NULL) return; - i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO); -#ifdef REF_PRINT - REF_PRINT("X509_INFO",x); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"X509_INFO_free, bad reference count\n"); - abort(); - } -#endif - if (x->x509 != NULL) X509_free(x->x509); if (x->crl != NULL) X509_CRL_free(x->crl); if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey); diff --git a/src/crypto/x509/x_pkey.c b/src/crypto/x509/x_pkey.c index 5acbe5b..5bc6415 100644 --- a/src/crypto/x509/x_pkey.c +++ b/src/crypto/x509/x_pkey.c @@ -73,7 +73,6 @@ X509_PKEY *X509_PKEY_new(void) goto err; } memset(ret, 0, sizeof(X509_PKEY)); - ret->references=1; ret->enc_algor = X509_ALGOR_new(); if (ret->enc_algor == NULL) @@ -91,13 +90,8 @@ err: void X509_PKEY_free(X509_PKEY *x) { - int i; - if (x == NULL) return; - i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY); - if (i > 0) return; - if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor); if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey); if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey); diff --git a/src/crypto/x509/x_pubkey.c b/src/crypto/x509/x_pubkey.c index d6512ae..c2e0863 100644 --- a/src/crypto/x509/x_pubkey.c +++ b/src/crypto/x509/x_pubkey.c @@ -64,6 +64,7 @@ #include <openssl/x509.h> #include "../evp/internal.h" +#include "../internal.h" /* Minor tweak to operation: free up EVP_PKEY */ @@ -126,16 +127,25 @@ error: return 0; } +/* g_pubkey_lock is used to protect the initialisation of the |pkey| member of + * |X509_PUBKEY| objects. Really |X509_PUBKEY| should have a |CRYPTO_once_t| + * inside it for this, but |CRYPTO_once_t| is private and |X509_PUBKEY| is + * not. */ +static struct CRYPTO_STATIC_MUTEX g_pubkey_lock = CRYPTO_STATIC_MUTEX_INIT; + EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) { EVP_PKEY *ret=NULL; if (key == NULL) goto error; + CRYPTO_STATIC_MUTEX_lock_read(&g_pubkey_lock); if (key->pkey != NULL) { + CRYPTO_STATIC_MUTEX_unlock(&g_pubkey_lock); return EVP_PKEY_up_ref(key->pkey); } + CRYPTO_STATIC_MUTEX_unlock(&g_pubkey_lock); if (key->public_key == NULL) goto error; @@ -166,17 +176,17 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) } /* Check to see if another thread set key->pkey first */ - CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_STATIC_MUTEX_lock_write(&g_pubkey_lock); if (key->pkey) { - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_STATIC_MUTEX_unlock(&g_pubkey_lock); EVP_PKEY_free(ret); ret = key->pkey; } else { key->pkey = ret; - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); + CRYPTO_STATIC_MUTEX_unlock(&g_pubkey_lock); } return EVP_PKEY_up_ref(ret); diff --git a/src/crypto/x509/x_req.c b/src/crypto/x509/x_req.c index 8bf4613..3d30129 100644 --- a/src/crypto/x509/x_req.c +++ b/src/crypto/x509/x_req.c @@ -102,7 +102,7 @@ ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) -ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = { +ASN1_SEQUENCE_ref(X509_REQ, 0) = { ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) diff --git a/src/crypto/x509/x_x509.c b/src/crypto/x509/x_x509.c index 234494d..c975dd3 100644 --- a/src/crypto/x509/x_x509.c +++ b/src/crypto/x509/x_x509.c @@ -131,7 +131,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, } -ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { +ASN1_SEQUENCE_ref(X509, x509_cb) = { ASN1_SIMPLE(X509, cert_info, X509_CINF), ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) @@ -142,7 +142,7 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509) X509 *X509_up_ref(X509 *x) { - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + CRYPTO_refcount_inc(&x->references); return x; } diff --git a/src/crypto/x509v3/CMakeLists.txt b/src/crypto/x509v3/CMakeLists.txt index ffa5a4a..c7e6054 100644 --- a/src/crypto/x509v3/CMakeLists.txt +++ b/src/crypto/x509v3/CMakeLists.txt @@ -47,6 +47,8 @@ add_executable( v3name_test v3nametest.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(v3name_test crypto) @@ -55,6 +57,8 @@ add_executable( tab_test tabtest.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(tab_test crypto) diff --git a/src/crypto/x509v3/pcy_cache.c b/src/crypto/x509v3/pcy_cache.c index 5d59c00..08f20aa 100644 --- a/src/crypto/x509v3/pcy_cache.c +++ b/src/crypto/x509v3/pcy_cache.c @@ -60,6 +60,7 @@ #include <openssl/x509v3.h> #include "pcy_int.h" +#include "../internal.h" static int policy_data_cmp(const X509_POLICY_DATA **a, @@ -243,18 +244,30 @@ void policy_cache_free(X509_POLICY_CACHE *cache) OPENSSL_free(cache); } +/* g_x509_policy_cache_lock is used to protect against concurrent calls to + * |policy_cache_new|. Ideally this would be done with a |CRYPTO_once_t| + * in the |X509| structure, but |CRYPTO_once_t| isn't public. */ +static struct CRYPTO_STATIC_MUTEX g_x509_policy_cache_lock = + CRYPTO_STATIC_MUTEX_INIT; + const X509_POLICY_CACHE *policy_cache_set(X509 *x) { + X509_POLICY_CACHE *cache; - if (x->policy_cache == NULL) - { - CRYPTO_w_lock(CRYPTO_LOCK_X509); - policy_cache_new(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); - } + CRYPTO_STATIC_MUTEX_lock_read(&g_x509_policy_cache_lock); + cache = x->policy_cache; + CRYPTO_STATIC_MUTEX_unlock(&g_x509_policy_cache_lock); + + if (cache != NULL) + return cache; - return x->policy_cache; + CRYPTO_STATIC_MUTEX_lock_write(&g_x509_policy_cache_lock); + if (x->policy_cache == NULL) + policy_cache_new(x); + cache = x->policy_cache; + CRYPTO_STATIC_MUTEX_unlock(&g_x509_policy_cache_lock); + return cache; } X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, diff --git a/src/crypto/x509v3/v3_purp.c b/src/crypto/x509v3/v3_purp.c index 3f175c9..8ae8a06 100644 --- a/src/crypto/x509v3/v3_purp.c +++ b/src/crypto/x509v3/v3_purp.c @@ -67,6 +67,8 @@ #include <openssl/x509_vfy.h> #include <openssl/x509v3.h> +#include "../internal.h" + static void x509v3_cache_extensions(X509 *x); @@ -114,9 +116,7 @@ int X509_check_purpose(X509 *x, int id, int ca) int idx; const X509_PURPOSE *pt; if(!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); } if(id == -1) return 1; idx = X509_PURPOSE_get_by_id(id); @@ -367,6 +367,15 @@ static void setup_crldp(X509 *x) setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); } +/* g_x509_cache_extensions_lock is used to protect against concurrent calls to + * |x509v3_cache_extensions|. Ideally this would be done with a |CRYPTO_once_t| + * in the |X509| structure, but |CRYPTO_once_t| isn't public. + * + * Note: it's not entirely clear whether this lock is needed. Not all paths to + * this function took a lock in OpenSSL. */ +static struct CRYPTO_STATIC_MUTEX g_x509_cache_extensions_lock = + CRYPTO_STATIC_MUTEX_INIT; + static void x509v3_cache_extensions(X509 *x) { BASIC_CONSTRAINTS *bs; @@ -377,7 +386,15 @@ static void x509v3_cache_extensions(X509 *x) X509_EXTENSION *ex; size_t i; int j; - if(x->ex_flags & EXFLAG_SET) return; + + CRYPTO_STATIC_MUTEX_lock_write(&g_x509_cache_extensions_lock); + + if(x->ex_flags & EXFLAG_SET) + { + CRYPTO_STATIC_MUTEX_unlock(&g_x509_cache_extensions_lock); + return; + } + X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); /* V1 should mean no extensions ... */ if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; @@ -501,6 +518,8 @@ static void x509v3_cache_extensions(X509 *x) } } x->ex_flags |= EXFLAG_SET; + + CRYPTO_STATIC_MUTEX_unlock(&g_x509_cache_extensions_lock); } /* CA checks common to all purposes @@ -544,9 +563,7 @@ static int check_ca(const X509 *x) int X509_check_ca(X509 *x) { if(!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); - CRYPTO_w_unlock(CRYPTO_LOCK_X509); } return check_ca(x); diff --git a/src/crypto/x509v3/v3_utl.c b/src/crypto/x509v3/v3_utl.c index 27a91ff..14a2f3b 100644 --- a/src/crypto/x509v3/v3_utl.c +++ b/src/crypto/x509v3/v3_utl.c @@ -263,7 +263,10 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) /* We are going to modify the line so copy it first */ linebuf = BUF_strdup(line); if (linebuf == NULL) + { + OPENSSL_PUT_ERROR(X509V3, X509V3_parse_list, ERR_R_MALLOC_FAILURE); goto err; + } state = HDR_NAME; ntmp = NULL; /* Go through all characters */ @@ -751,7 +754,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, if (p[i] == '*') { int atstart = (state & LABEL_START); - int atend = (i == len - 1 || p[i+i] == '.'); + int atend = (i == len - 1 || p[i+1] == '.'); /* * At most one wildcard per pattern. * No wildcards in IDNA labels. diff --git a/src/include/openssl/asn1t.h b/src/include/openssl/asn1t.h index 6c91134..0f2560b 100644 --- a/src/include/openssl/asn1t.h +++ b/src/include/openssl/asn1t.h @@ -149,19 +149,19 @@ extern "C" { ASN1_SEQUENCE_cb(tname, cb) #define ASN1_SEQUENCE_cb(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_BROKEN_SEQUENCE(tname) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0}; \ ASN1_SEQUENCE(tname) -#define ASN1_SEQUENCE_ref(tname, cb, lck) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ +#define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), cb, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_SEQUENCE_enc(tname, enc, cb) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, offsetof(tname, enc)}; \ ASN1_SEQUENCE(tname) #define ASN1_NDEF_SEQUENCE_END(tname) \ @@ -233,7 +233,7 @@ extern "C" { static const ASN1_TEMPLATE tname##_ch_tt[] #define ASN1_CHOICE_cb(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ ASN1_CHOICE(tname) #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) @@ -670,7 +670,6 @@ typedef struct ASN1_AUX_st { void *app_data; int flags; int ref_offset; /* Offset of reference value */ - int ref_lock; /* Lock type to use */ ASN1_aux_cb *asn1_cb; int enc_offset; /* Offset of ASN1_ENCODING structure */ } ASN1_AUX; @@ -894,7 +893,8 @@ ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr); -int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); +void asn1_refcount_set_one(ASN1_VALUE **pval, const ASN1_ITEM *it); +int asn1_refcount_dec_and_test_zero(ASN1_VALUE **pval, const ASN1_ITEM *it); void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); diff --git a/src/include/openssl/bio.h b/src/include/openssl/bio.h index a37077c..8724657 100644 --- a/src/include/openssl/bio.h +++ b/src/include/openssl/bio.h @@ -64,6 +64,7 @@ #include <openssl/err.h> /* for ERR_print_errors_fp */ #include <openssl/ex_data.h> #include <openssl/stack.h> +#include <openssl/thread.h> #if defined(__cplusplus) extern "C" { @@ -799,7 +800,7 @@ struct bio_st { /* num is a BIO-specific value. For example, in fd BIOs it's used to store a * file descriptor. */ int num; - int references; + CRYPTO_refcount_t references; void *ptr; /* next_bio points to the next |BIO| in a chain. This |BIO| owns a reference * to |next_bio|. */ @@ -887,6 +888,7 @@ struct bio_st { #define BIO_F_file_ctrl 115 #define BIO_F_file_read 116 #define BIO_F_mem_write 117 +#define BIO_F_BIO_printf 118 #define BIO_R_BAD_FOPEN_MODE 100 #define BIO_R_BROKEN_PIPE 101 #define BIO_R_CONNECT_ERROR 102 diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h index 2cd0224..ec1c8ff 100644 --- a/src/include/openssl/bn.h +++ b/src/include/openssl/bn.h @@ -548,15 +548,15 @@ OPENSSL_EXPORT BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, /* Random and prime number generation. */ -/* BN_rand sets |rnd| to a random number of length |bits|. If |top| is zero, - * the most-significant bit will be set. If |top| is one, the two most - * significant bits will be set. +/* BN_rand sets |rnd| to a random number of length |bits|. If |top| is zero, the + * most-significant bit, if any, will be set. If |top| is one, the two most + * significant bits, if any, will be set. * * If |top| is -1 then no extra action will be taken and |BN_num_bits(rnd)| may * not equal |bits| if the most significant bits randomly ended up as zeros. * - * If |bottom| is non-zero, the least-significant bit will be set. The function - * returns one on success or zero otherwise. */ + * If |bottom| is non-zero, the least-significant bit, if any, will be set. The + * function returns one on success or zero otherwise. */ OPENSSL_EXPORT int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); /* BN_pseudo_rand is an alias for |BN_rand|. */ @@ -852,6 +852,8 @@ OPENSSL_EXPORT BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); #define BN_F_BN_usub 122 #define BN_F_bn_wexpand 123 #define BN_F_mod_exp_recp 124 +#define BN_F_BN_lshift 125 +#define BN_F_BN_rshift 126 #define BN_R_ARG2_LT_ARG3 100 #define BN_R_BAD_RECIPROCAL 101 #define BN_R_BIGNUM_TOO_LONG 102 diff --git a/src/include/openssl/buffer.h b/src/include/openssl/buffer.h new file mode 100644 index 0000000..c6b721c --- /dev/null +++ b/src/include/openssl/buffer.h @@ -0,0 +1,18 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +/* This header is provided in order to make compiling against code that expects + OpenSSL easier. */ + +#include "buf.h" diff --git a/src/include/openssl/bytestring.h b/src/include/openssl/bytestring.h index e10621a..9963426 100644 --- a/src/include/openssl/bytestring.h +++ b/src/include/openssl/bytestring.h @@ -150,10 +150,8 @@ OPENSSL_EXPORT int CBS_peek_asn1_tag(const CBS *cbs, unsigned tag_value); /* CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to - * the tag number and |*out_header_len| to the length of the ASN.1 header. If - * the element has indefinite length then |*out| will only contain the - * header. Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore - * the value. + * the tag number and |*out_header_len| to the length of the ASN.1 header. Each + * of |out|, |out_tag|, and |out_header_len| may be NULL to ignore the value. * * Tag numbers greater than 30 are not supported (i.e. short form only). */ OPENSSL_EXPORT int CBS_get_any_asn1_element(CBS *cbs, CBS *out, diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h index f1469a0..7f5fe04 100644 --- a/src/include/openssl/cipher.h +++ b/src/include/openssl/cipher.h @@ -520,6 +520,9 @@ struct evp_cipher_st { int (*cipher)(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t inl); + /* cleanup, if non-NULL, releases memory associated with the context. It is + * called if |EVP_CTRL_INIT| succeeds. Note that |init| may not have been + * called at this point. */ void (*cleanup)(EVP_CIPHER_CTX *); int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); diff --git a/src/include/openssl/des.h b/src/include/openssl/des.h index f3804c3..6e1b0cf 100644 --- a/src/include/openssl/des.h +++ b/src/include/openssl/des.h @@ -131,6 +131,16 @@ OPENSSL_EXPORT void DES_ede3_cbc_encrypt(const uint8_t *in, uint8_t *out, const DES_key_schedule *ks3, DES_cblock *ivec, int enc); +/* DES_ede2_cbc_encrypt encrypts (or decrypts, if |enc| is |DES_DECRYPT|) |len| + * bytes from |in| to |out| with 3DES in CBC mode. With this keying option, the + * first and third 3DES keys are identical. Thus, this function takes only two + * different |DES_key_schedule|s. */ +OPENSSL_EXPORT void DES_ede2_cbc_encrypt(const uint8_t *in, uint8_t *out, + size_t len, + const DES_key_schedule *ks1, + const DES_key_schedule *ks2, + DES_cblock *ivec, int enc); + #if defined(__cplusplus) } /* extern C */ diff --git a/src/include/openssl/dh.h b/src/include/openssl/dh.h index 60a030d..17574d5 100644 --- a/src/include/openssl/dh.h +++ b/src/include/openssl/dh.h @@ -137,6 +137,10 @@ OPENSSL_EXPORT int DH_compute_key(uint8_t *out, const BIGNUM *peers_key, /* DH_size returns the number of bytes in the DH group's prime. */ OPENSSL_EXPORT int DH_size(const DH *dh); +/* DH_num_bits returns the minimum number of bits needed to represent the + * absolute value of the DH group's prime. */ +OPENSSL_EXPORT unsigned DH_num_bits(const DH *dh); + #define DH_CHECK_P_NOT_PRIME 0x01 #define DH_CHECK_P_NOT_SAFE_PRIME 0x02 #define DH_CHECK_UNABLE_TO_CHECK_GENERATOR 0x04 @@ -249,7 +253,7 @@ struct dh_st { BIGNUM *counter; int flags; - int references; + CRYPTO_refcount_t references; CRYPTO_EX_DATA ex_data; }; diff --git a/src/include/openssl/digest.h b/src/include/openssl/digest.h index 8285dce..2ea4ec4 100644 --- a/src/include/openssl/digest.h +++ b/src/include/openssl/digest.h @@ -134,7 +134,7 @@ OPENSSL_EXPORT int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, OPENSSL_EXPORT int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); /* EVP_DigestUpdate hashes |len| bytes from |data| into the hashing operation - * in |ctx|. It returns one on success and zero otherwise. */ + * in |ctx|. It returns one. */ OPENSSL_EXPORT int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t len); @@ -144,10 +144,9 @@ OPENSSL_EXPORT int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, /* EVP_DigestFinal_ex finishes the digest in |ctx| and writes the output to * |md_out|. At most |EVP_MAX_MD_SIZE| bytes are written. If |out_size| is not - * NULL then |*out_size| is set to the number of bytes written. It returns one - * on success and zero otherwise. After this call, the hash cannot be updated - * or finished again until |EVP_DigestInit_ex| is called to start another - * hashing operation. */ + * NULL then |*out_size| is set to the number of bytes written. It returns one. + * After this call, the hash cannot be updated or finished again until + * |EVP_DigestInit_ex| is called to start another hashing operation. */ OPENSSL_EXPORT int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, uint8_t *md_out, unsigned int *out_size); @@ -205,6 +204,10 @@ OPENSSL_EXPORT int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); * compatibility with OpenSSL. */ OPENSSL_EXPORT int EVP_add_digest(const EVP_MD *digest); +/* EVP_get_cipherbyname returns an |EVP_MD| given a human readable name in + * |name|, or NULL if the name is unknown. */ +OPENSSL_EXPORT const EVP_MD *EVP_get_digestbyname(const char *); + /* Digest operation accessors. */ @@ -225,18 +228,6 @@ OPENSSL_EXPORT unsigned EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); * |ctx|. */ OPENSSL_EXPORT int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); -/* EVP_MD_CTX_set_flags ORs |flags| into the flags member of |ctx|. */ -OPENSSL_EXPORT void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, uint32_t flags); - -/* EVP_MD_CTX_clear_flags clears any bits from the flags member of |ctx| that - * are set in |flags|. */ -OPENSSL_EXPORT void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, uint32_t flags); - -/* EVP_MD_CTX_test_flags returns the AND of |flags| and the flags member of - * |ctx|. */ -OPENSSL_EXPORT uint32_t EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, - uint32_t flags); - struct evp_md_pctx_ops; @@ -251,7 +242,7 @@ struct env_md_ctx_st { /* update is usually copied from |digest->update| but can differ in some * cases, i.e. HMAC. * TODO(davidben): Remove this hook once |EVP_PKEY_HMAC| is gone. */ - int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); + void (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); /* pctx is an opaque (at this layer) pointer to additional context that * EVP_PKEY functions may store in this object. */ @@ -262,11 +253,6 @@ struct env_md_ctx_st { const struct evp_md_pctx_ops *pctx_ops; } /* EVP_MD_CTX */; -/* EVP_MD_CTX_FLAG_NO_INIT causes the |EVP_MD|'s |init| function not to be - * called, the |update| member not to be copied from the |EVP_MD| in - * |EVP_DigestInit_ex| and for |md_data| not to be initialised. */ -#define EVP_MD_CTX_FLAG_NO_INIT 1 - #if defined(__cplusplus) } /* extern C */ diff --git a/src/include/openssl/dsa.h b/src/include/openssl/dsa.h index 2271915..7274e4c 100644 --- a/src/include/openssl/dsa.h +++ b/src/include/openssl/dsa.h @@ -354,7 +354,7 @@ struct dsa_st { /* Normally used to cache montgomery values */ CRYPTO_MUTEX method_mont_p_lock; BN_MONT_CTX *method_mont_p; - int references; + CRYPTO_refcount_t references; CRYPTO_EX_DATA ex_data; DSA_METHOD *meth; /* functional reference if 'meth' is ENGINE-provided */ diff --git a/src/include/openssl/ec.h b/src/include/openssl/ec.h index 617cb19..25b4551 100644 --- a/src/include/openssl/ec.h +++ b/src/include/openssl/ec.h @@ -288,7 +288,11 @@ OPENSSL_EXPORT int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, /* EC_GROUP_new_curve_GFp creates a new, arbitrary elliptic curve group based * on the equation y² = x³ + a·x + b. It returns the new group or NULL on - * error. */ + * error. + * + * |EC_GROUP|s returned by this function will always compare as unequal via + * |EC_GROUP_cmp| (even to themselves). |EC_GROUP_get_curve_name| will always + * return |NID_undef|. */ OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); diff --git a/src/include/openssl/engine.h b/src/include/openssl/engine.h index da242f6..d3d278a 100644 --- a/src/include/openssl/engine.h +++ b/src/include/openssl/engine.h @@ -93,7 +93,7 @@ void METHOD_unref(void *method); /* openssl_method_common_st contains the common part of all method structures. * This must be the first member of all method structures. */ struct openssl_method_common_st { - int references; + int references; /* dummy – not used. */ char is_static; }; diff --git a/src/include/openssl/err.h b/src/include/openssl/err.h index e591534..30dc4af 100644 --- a/src/include/openssl/err.h +++ b/src/include/openssl/err.h @@ -269,11 +269,11 @@ OPENSSL_EXPORT void ERR_print_errors_fp(FILE *file); OPENSSL_EXPORT void ERR_clear_error(void); /* ERR_remove_thread_state clears the error queue for the current thread if - * |tid| is NULL. Otherwise it does nothing because it's no longer possible to - * delete the error queue for other threads. + * |tid| is NULL. Otherwise it calls |assert(0)|, because it's no longer + * possible to delete the error queue for other threads. * * Error queues are thread-local data and are deleted automatically. You do not - * need to call this function. See |ERR_clear_error|. */ + * need to call this function. Use |ERR_clear_error|. */ OPENSSL_EXPORT void ERR_remove_thread_state(const CRYPTO_THREADID *tid); @@ -285,6 +285,12 @@ OPENSSL_EXPORT void ERR_remove_thread_state(const CRYPTO_THREADID *tid); OPENSSL_EXPORT int ERR_get_next_error_library(void); +/* Deprecated functions. */ + +/* |ERR_remove_state| calls |ERR_clear_error|. */ +OPENSSL_EXPORT void ERR_remove_state(unsigned long pid); + + /* Private functions. */ /* ERR_clear_system_error clears the system's error value (i.e. errno). */ @@ -496,15 +502,6 @@ enum { #define OPENSSL_DECLARE_ERROR_FUNCTION(lib, function_name) -/* Android compatibility section. - * - * These functions are declared, temporarily, for Android because - * wpa_supplicant will take a little time to sync with upstream. Outside of - * Android they'll have no definition. */ - -OPENSSL_EXPORT void ERR_remove_state(unsigned long pid); - - #if defined(__cplusplus) } /* extern C */ #endif diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h index 54ad4be..490a951 100644 --- a/src/include/openssl/evp.h +++ b/src/include/openssl/evp.h @@ -59,6 +59,8 @@ #include <openssl/base.h> +#include <openssl/thread.h> + /* OpenSSL included digest and cipher functions in this header so we include * them for users that still expect that. * @@ -239,8 +241,7 @@ OPENSSL_EXPORT int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, EVP_PKEY *pkey); /* EVP_DigestSignUpdate appends |len| bytes from |data| to the data which will - * be signed in |EVP_DigestSignFinal|. It returns one on success and zero - * otherwise. */ + * be signed in |EVP_DigestSignFinal|. It returns one. */ OPENSSL_EXPORT int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t len); @@ -291,8 +292,7 @@ OPENSSL_EXPORT int EVP_DigestVerifyInitFromAlgorithm(EVP_MD_CTX *ctx, EVP_PKEY *pkey); /* EVP_DigestVerifyUpdate appends |len| bytes from |data| to the data which - * will be verified by |EVP_DigestVerifyFinal|. It returns one on success and - * zero otherwise. */ + * will be verified by |EVP_DigestVerifyFinal|. It returns one. */ OPENSSL_EXPORT int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t len); @@ -664,6 +664,12 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey); /* OpenSSL_add_all_algorithms does nothing. */ OPENSSL_EXPORT void OpenSSL_add_all_algorithms(void); +/* OpenSSL_add_all_ciphers does nothing. */ +OPENSSL_EXPORT void OpenSSL_add_all_ciphers(void); + +/* OpenSSL_add_all_digests does nothing. */ +OPENSSL_EXPORT void OpenSSL_add_all_digests(void); + /* EVP_cleanup does nothing. */ OPENSSL_EXPORT void EVP_cleanup(void); @@ -678,7 +684,7 @@ OPENSSL_EXPORT const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str( ENGINE **pengine, const char *name, size_t len); struct evp_pkey_st { - int references; + CRYPTO_refcount_t references; /* type contains one of the EVP_PKEY_* values or NID_undef and determines * which element (if any) of the |pkey| union is valid. */ diff --git a/src/include/openssl/hmac.h b/src/include/openssl/hmac.h index 89cdf8f..e521212 100644 --- a/src/include/openssl/hmac.h +++ b/src/include/openssl/hmac.h @@ -106,7 +106,7 @@ OPENSSL_EXPORT int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len, const EVP_MD *md, ENGINE *impl); /* HMAC_Update hashes |data_len| bytes from |data| into the current HMAC - * operation in |ctx|. It returns one on success and zero on error. */ + * operation in |ctx|. It returns one. */ OPENSSL_EXPORT int HMAC_Update(HMAC_CTX *ctx, const uint8_t *data, size_t data_len); @@ -129,13 +129,6 @@ OPENSSL_EXPORT size_t HMAC_size(const HMAC_CTX *ctx); * on error. */ OPENSSL_EXPORT int HMAC_CTX_copy_ex(HMAC_CTX *dest, const HMAC_CTX *src); -/* HMAC_CTX_set_flags ORs |flags| into the flags of the underlying digests of - * |ctx|, which must have been setup by a call to |HMAC_Init_ex|. See - * |EVP_MD_CTX_set_flags|. - * - * TODO(fork): remove? */ -OPENSSL_EXPORT void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); - /* Deprecated functions. */ diff --git a/src/include/openssl/obj_mac.h b/src/include/openssl/obj_mac.h index b028c00..55e1cba 100644 --- a/src/include/openssl/obj_mac.h +++ b/src/include/openssl/obj_mac.h @@ -2351,7 +2351,7 @@ #define OBJ_delta_crl OBJ_id_ce,27L #define SN_issuing_distribution_point "issuingDistributionPoint" -#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" #define NID_issuing_distribution_point 770 #define OBJ_issuing_distribution_point OBJ_id_ce,28L @@ -2576,11 +2576,6 @@ #define NID_id_hex_multipart_message 508 #define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L -#define SN_rle_compression "RLE" -#define LN_rle_compression "run length compression" -#define NID_rle_compression 124 -#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L - #define SN_zlib_compression "ZLIB" #define LN_zlib_compression "zlib compression" #define NID_zlib_compression 125 diff --git a/src/include/openssl/opensslv.h b/src/include/openssl/opensslv.h index 22f7e25..a3555d4 100644 --- a/src/include/openssl/opensslv.h +++ b/src/include/openssl/opensslv.h @@ -15,4 +15,4 @@ /* This header is provided in order to make compiling against code that expects OpenSSL easier. */ -#include "ssl.h" +#include "crypto.h" diff --git a/src/include/openssl/pem.h b/src/include/openssl/pem.h index adc8d86..7756e45 100644 --- a/src/include/openssl/pem.h +++ b/src/include/openssl/pem.h @@ -381,13 +381,8 @@ OPENSSL_EXPORT int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, DECLARE_PEM_read(name, type) \ DECLARE_PEM_write_cb(name, type) -#if 1 /* "userdata": new with OpenSSL 0.9.4 */ typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); -#else -/* OpenSSL 0.9.3, 0.9.3a */ -typedef int pem_password_cb(char *buf, int size, int rwflag); -#endif OPENSSL_EXPORT int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); OPENSSL_EXPORT int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, pem_password_cb *callback,void *u); @@ -415,7 +410,12 @@ OPENSSL_EXPORT void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); OPENSSL_EXPORT void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); OPENSSL_EXPORT int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey); -OPENSSL_EXPORT int PEM_def_callback(char *buf, int num, int w, void *key); +/* |PEM_def_callback| treats |userdata| as a string and copies it into |buf|, + * assuming its |size| is sufficient. Returns the length of the string, or 0 + * if there is not enough room. If either |buf| or |userdata| is NULL, 0 is + * returned. Note that this is different from OpenSSL, which prompts for a + * password. */ +OPENSSL_EXPORT int PEM_def_callback(char *buf, int size, int rwflag, void *userdata); OPENSSL_EXPORT void PEM_proc_type(char *buf, int type); OPENSSL_EXPORT void PEM_dek_info(char *buf, const char *type, int len, char *str); diff --git a/src/include/openssl/rand.h b/src/include/openssl/rand.h index 01ef4f8..300bf42 100644 --- a/src/include/openssl/rand.h +++ b/src/include/openssl/rand.h @@ -41,6 +41,9 @@ OPENSSL_EXPORT int RAND_pseudo_bytes(uint8_t *buf, size_t len); /* RAND_seed does nothing. */ OPENSSL_EXPORT void RAND_seed(const void *buf, int num); +/* RAND_load_file returns a nonnegative number. */ +OPENSSL_EXPORT int RAND_load_file(const char *path, long num); + /* RAND_add does nothing. */ OPENSSL_EXPORT void RAND_add(const void *buf, int num, double entropy); diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h index 2e24231..9b415d7 100644 --- a/src/include/openssl/rsa.h +++ b/src/include/openssl/rsa.h @@ -475,7 +475,7 @@ struct rsa_st { BIGNUM *iqmp; /* be careful using this if the RSA structure is shared */ CRYPTO_EX_DATA ex_data; - int references; + CRYPTO_refcount_t references; int flags; CRYPTO_MUTEX lock; diff --git a/src/include/openssl/sha.h b/src/include/openssl/sha.h index 0e37c45..ac2ab75 100644 --- a/src/include/openssl/sha.h +++ b/src/include/openssl/sha.h @@ -120,7 +120,8 @@ OPENSSL_EXPORT int SHA224_Init(SHA256_CTX *sha); OPENSSL_EXPORT int SHA224_Update(SHA256_CTX *sha, const void *data, size_t len); /* SHA224_Final adds the final padding to |sha| and writes the resulting digest - * to |md|, which must have at least |SHA224_DIGEST_LENGTH| bytes of space. */ + * to |md|, which must have at least |SHA224_DIGEST_LENGTH| bytes of space. It + * returns one on success and zero on programmer error. */ OPENSSL_EXPORT int SHA224_Final(uint8_t *md, SHA256_CTX *sha); /* SHA224 writes the digest of |len| bytes from |data| to |out| and returns @@ -144,7 +145,8 @@ OPENSSL_EXPORT int SHA256_Init(SHA256_CTX *sha); OPENSSL_EXPORT int SHA256_Update(SHA256_CTX *sha, const void *data, size_t len); /* SHA256_Final adds the final padding to |sha| and writes the resulting digest - * to |md|, which must have at least |SHA256_DIGEST_LENGTH| bytes of space. */ + * to |md|, which must have at least |SHA256_DIGEST_LENGTH| bytes of space. It + * returns one on success and zero on programmer error. */ OPENSSL_EXPORT int SHA256_Final(uint8_t *md, SHA256_CTX *sha); /* SHA256 writes the digest of |len| bytes from |data| to |out| and returns @@ -179,7 +181,8 @@ OPENSSL_EXPORT int SHA384_Init(SHA512_CTX *sha); OPENSSL_EXPORT int SHA384_Update(SHA512_CTX *sha, const void *data, size_t len); /* SHA384_Final adds the final padding to |sha| and writes the resulting digest - * to |md|, which must have at least |SHA384_DIGEST_LENGTH| bytes of space. */ + * to |md|, which must have at least |SHA384_DIGEST_LENGTH| bytes of space. It + * returns one on success and zero on programmer error. */ OPENSSL_EXPORT int SHA384_Final(uint8_t *md, SHA512_CTX *sha); /* SHA384 writes the digest of |len| bytes from |data| to |out| and returns @@ -207,7 +210,8 @@ OPENSSL_EXPORT int SHA512_Init(SHA512_CTX *sha); OPENSSL_EXPORT int SHA512_Update(SHA512_CTX *sha, const void *data, size_t len); /* SHA512_Final adds the final padding to |sha| and writes the resulting digest - * to |md|, which must have at least |SHA512_DIGEST_LENGTH| bytes of space. */ + * to |md|, which must have at least |SHA512_DIGEST_LENGTH| bytes of space. It + * returns one on success and zero on programmer error. */ OPENSSL_EXPORT int SHA512_Final(uint8_t *md, SHA512_CTX *sha); /* SHA512 writes the digest of |len| bytes from |data| to |out| and returns diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index b746007..217dbaf 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -150,15 +150,13 @@ #include <openssl/hmac.h> #include <openssl/lhash.h> #include <openssl/pem.h> +#include <openssl/thread.h> #include <openssl/x509.h> #if !defined(OPENSSL_WINDOWS) #include <sys/time.h> #endif -/* Some code expected to get the threading functions by including ssl.h. */ -#include <openssl/thread.h> - /* wpa_supplicant expects to get the version functions from ssl.h */ #include <openssl/crypto.h> @@ -181,28 +179,6 @@ extern "C" { OPENSSL_EXPORT int SSL_library_init(void); -/* Protocol version constants */ - -#define SSL3_VERSION 0x0300 -#define SSL3_VERSION_MAJOR 0x03 -#define SSL3_VERSION_MINOR 0x00 - -#define TLS1_2_VERSION 0x0303 -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 - -#define TLS1_1_VERSION 0x0302 -#define TLS1_1_VERSION_MAJOR 0x03 -#define TLS1_1_VERSION_MINOR 0x02 - -#define TLS1_VERSION 0x0301 -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 - -#define DTLS1_VERSION 0xFEFF -#define DTLS1_2_VERSION 0xFEFD - - /* Cipher suites. */ /* An SSL_CIPHER represents a cipher suite. */ @@ -263,8 +239,9 @@ OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher); /* SSL_CIPHER_get_rfc_name returns a newly-allocated string with the standard - * name for |cipher|. For example, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". The - * caller is responsible for calling |OPENSSL_free| on the result. */ + * name for |cipher| or NULL on error. For example, + * "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". The caller is responsible for + * calling |OPENSSL_free| on the result. */ OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher); /* SSL_CIPHER_get_bits returns the strength, in bits, of |cipher|. If @@ -274,6 +251,273 @@ OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits); +/* SSL contexts. */ + +/* An SSL_METHOD selects whether to use TLS or DTLS. */ +typedef struct ssl_method_st SSL_METHOD; + +/* TLS_method is the |SSL_METHOD| used for TLS (and SSLv3) connections. */ +OPENSSL_EXPORT const SSL_METHOD *TLS_method(void); + +/* DTLS_method is the |SSL_METHOD| used for DTLS connections. */ +OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void); + +/* SSL_CTX_new returns a newly-allocated |SSL_CTX| with default settings or NULL + * on error. An |SSL_CTX| manages shared state and configuration between + * multiple TLS or DTLS connections. */ +OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); + +/* SSL_CTX_free releases memory associated with |ctx|. */ +OPENSSL_EXPORT void SSL_CTX_free(SSL_CTX *ctx); + + +/* SSL connections. */ + +/* SSL_new returns a newly-allocated |SSL| using |ctx| or NULL on error. An + * |SSL| object represents a single TLS or DTLS connection. It inherits settings + * from |ctx| at the time of creation. Settings may also be individually + * configured on the connection. + * + * On creation, an |SSL| is not configured to be either a client or server. Call + * |SSL_set_connect_state| or |SSL_set_accept_state| to set this. */ +OPENSSL_EXPORT SSL *SSL_new(SSL_CTX *ctx); + +/* SSL_free releases memory associated with |ssl|. */ +OPENSSL_EXPORT void SSL_free(SSL *ssl); + +/* SSL_set_connect_state configures |ssl| to be a client. */ +OPENSSL_EXPORT void SSL_set_connect_state(SSL *ssl); + +/* SSL_set_accept_state configures |ssl| to be a server. */ +OPENSSL_EXPORT void SSL_set_accept_state(SSL *ssl); + + +/* Protocol versions. */ + +#define SSL3_VERSION_MAJOR 0x03 + +#define SSL3_VERSION 0x0300 +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 +#define TLS1_2_VERSION 0x0303 + +#define DTLS1_VERSION 0xfeff +#define DTLS1_2_VERSION 0xfefd + +/* SSL_CTX_set_min_version sets the minimum protocol version for |ctx| to + * |version|. */ +OPENSSL_EXPORT void SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version); + +/* SSL_CTX_set_max_version sets the maximum protocol version for |ctx| to + * |version|. */ +OPENSSL_EXPORT void SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version); + +/* SSL_set_min_version sets the minimum protocol version for |ssl| to + * |version|. */ +OPENSSL_EXPORT void SSL_set_min_version(SSL *ssl, uint16_t version); + +/* SSL_set_max_version sets the maximum protocol version for |ssl| to + * |version|. */ +OPENSSL_EXPORT void SSL_set_max_version(SSL *ssl, uint16_t version); + + +/* Options. + * + * Options configure protocol behavior. */ + +/* SSL_OP_LEGACY_SERVER_CONNECT allows initial connections to servers that don't + * support the renegotiation_info extension (RFC 5746). It is on by default. */ +#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L + +/* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER allows for record sizes |SSL3_RT_MAX_EXTRA| + * bytes above the maximum record size. */ +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L + +/* SSL_OP_TLS_D5_BUG accepts an RSAClientKeyExchange in TLS encoded as in SSL3 + * (i.e. without a length prefix). */ +#define SSL_OP_TLS_D5_BUG 0x00000100L + +/* SSL_OP_ALL enables the above bug workarounds that are enabled by many + * consumers. + * TODO(davidben): Determine which of the remaining may be removed now. */ +#define SSL_OP_ALL 0x00000BFFL + +/* SSL_OP_NO_QUERY_MTU, in DTLS, disables querying the MTU from the underlying + * |BIO|. Instead, the MTU is configured with |SSL_set_mtu|. */ +#define SSL_OP_NO_QUERY_MTU 0x00001000L + +/* SSL_OP_NO_TICKET disables session ticket support (RFC 4507). */ +#define SSL_OP_NO_TICKET 0x00004000L + +/* SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION permits unsafe legacy renegotiation + * without renegotiation_info (RFC 5746) support. */ +#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L + +/* SSL_OP_CIPHER_SERVER_PREFERENCE configures servers to select ciphers and + * ECDHE curves according to the server's preferences instead of the + * client's. */ +#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L + +/* The following flags toggle individual protocol versions. This is deprecated. + * Use |SSL_CTX_set_min_version| and |SSL_CTX_set_max_version| instead. */ +#define SSL_OP_NO_SSLv3 0x02000000L +#define SSL_OP_NO_TLSv1 0x04000000L +#define SSL_OP_NO_TLSv1_2 0x08000000L +#define SSL_OP_NO_TLSv1_1 0x10000000L +#define SSL_OP_NO_DTLSv1 SSL_OP_NO_TLSv1 +#define SSL_OP_NO_DTLSv1_2 SSL_OP_NO_TLSv1_2 + +/* The following flags do nothing and are included only to make it easier to + * compile code with BoringSSL. */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0 +#define SSL_OP_MICROSOFT_SESS_ID_BUG 0 +#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0 +#define SSL_OP_NO_COMPRESSION 0 +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0 +#define SSL_OP_NO_SSLv2 0 +#define SSL_OP_SINGLE_DH_USE 0 +#define SSL_OP_SINGLE_ECDH_USE 0 +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0 +#define SSL_OP_TLS_BLOCK_PADDING_BUG 0 +#define SSL_OP_TLS_ROLLBACK_BUG 0 + +/* SSL_CTX_set_options enables all options set in |options| (which should be one + * or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a + * bitmask representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options); + +/* SSL_CTX_clear_options disables all options set in |options| (which should be + * one or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a + * bitmask representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options); + +/* SSL_CTX_get_options returns a bitmask of |SSL_OP_*| values that represent all + * the options enabled for |ctx|. */ +OPENSSL_EXPORT uint32_t SSL_CTX_get_options(const SSL_CTX *ctx); + +/* SSL_set_options enables all options set in |options| (which should be one or + * more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a bitmask + * representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_set_options(SSL *ssl, uint32_t options); + +/* SSL_clear_options disables all options set in |options| (which should be one + * or more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a + * bitmask representing the resulting enabled options. */ +OPENSSL_EXPORT uint32_t SSL_clear_options(SSL *ssl, uint32_t options); + +/* SSL_get_options returns a bitmask of |SSL_OP_*| values that represent all the + * options enabled for |ssl|. */ +OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl); + + +/* Modes. + * + * Modes configure API behavior. */ + +/* SSL_MODE_ENABLE_PARTIAL_WRITE allows |SSL_write| to complete with a partial + * result when the only part of the input was written in a single record. */ +#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L + +/* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER allows retrying an incomplete |SSL_write| + * with a different buffer. However, |SSL_write| still assumes the buffer + * contents are unchanged. This is not the default to avoid the misconception + * that non-blocking |SSL_write| behaves like non-blocking |write|. */ +#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L + +/* SSL_MODE_NO_AUTO_CHAIN disables automatically building a certificate chain + * before sending certificates to the peer. + * TODO(davidben): Remove this behavior. https://crbug.com/486295. */ +#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L + +/* SSL_MODE_ENABLE_FALSE_START allows clients to send application data before + * receipt of CCS and Finished. This mode enables full-handshakes to 'complete' + * in one RTT. See draft-bmoeller-tls-falsestart-01. */ +#define SSL_MODE_ENABLE_FALSE_START 0x00000080L + +/* Deprecated: SSL_MODE_HANDSHAKE_CUTTHROUGH is the same as + * SSL_MODE_ENABLE_FALSE_START. */ +#define SSL_MODE_HANDSHAKE_CUTTHROUGH SSL_MODE_ENABLE_FALSE_START + +/* SSL_MODE_CBC_RECORD_SPLITTING causes multi-byte CBC records in SSL 3.0 and + * TLS 1.0 to be split in two: the first record will contain a single byte and + * the second will contain the remainder. This effectively randomises the IV and + * prevents BEAST attacks. */ +#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L + +/* SSL_MODE_NO_SESSION_CREATION will cause any attempts to create a session to + * fail with SSL_R_SESSION_MAY_NOT_BE_CREATED. This can be used to enforce that + * session resumption is used for a given SSL*. */ +#define SSL_MODE_NO_SESSION_CREATION 0x00000200L + +/* SSL_MODE_SEND_FALLBACK_SCSV sends TLS_FALLBACK_SCSV in the ClientHello. + * To be set only by applications that reconnect with a downgraded protocol + * version; see https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-05 + * for details. + * + * DO NOT ENABLE THIS if your application attempts a normal handshake. Only use + * this in explicit fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-05. */ +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L + +/* The following flags do nothing and are included only to make it easier to + * compile code with BoringSSL. */ +#define SSL_MODE_AUTO_RETRY 0 +#define SSL_MODE_RELEASE_BUFFERS 0 +#define SSL_MODE_SEND_CLIENTHELLO_TIME 0 +#define SSL_MODE_SEND_SERVERHELLO_TIME 0 + +/* SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more + * of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a bitmask + * representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode); + +/* SSL_CTX_clear_mode disables all modes set in |mode| (which should be one or + * more of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a + * bitmask representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode); + +/* SSL_CTX_get_mode returns a bitmask of |SSL_MODE_*| values that represent all + * the modes enabled for |ssl|. */ +OPENSSL_EXPORT uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx); + +/* SSL_set_mode enables all modes set in |mode| (which should be one or more of + * the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask + * representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_set_mode(SSL *ssl, uint32_t mode); + +/* SSL_clear_mode disables all modes set in |mode| (which should be one or more + * of the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask + * representing the resulting enabled modes. */ +OPENSSL_EXPORT uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode); + +/* SSL_get_mode returns a bitmask of |SSL_MODE_*| values that represent all the + * modes enabled for |ssl|. */ +OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl); + + +/* Connection information. */ + +/* SSL_get_tls_unique writes at most |max_out| bytes of the tls-unique value + * for |ssl| to |out| and sets |*out_len| to the number of bytes written. It + * returns one on success or zero on error. In general |max_out| should be at + * least 12. + * + * This function will always fail if the initial handshake has not completed. + * The tls-unique value will change after a renegotiation but, since + * renegotiations can be initiated by the server at any point, the higher-level + * protocol must either leave them disabled or define states in which the + * tls-unique value can be read. + * + * The tls-unique value is defined by + * https://tools.ietf.org/html/rfc5929#section-3.1. Due to a weakness in the + * TLS protocol, tls-unique is broken for resumed connections unless the + * Extended Master Secret extension is negotiated. Thus this function will + * return zero if |ssl| performed session resumption unless EMS was used when + * negotiating the original session. */ +OPENSSL_EXPORT int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, + size_t *out_len, size_t max_out); + + /* Underdocumented functions. * * Functions below here haven't been touched up and may be underdocumented. */ @@ -366,7 +610,6 @@ OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 #define SSL_FILETYPE_PEM X509_FILETYPE_PEM -typedef struct ssl_method_st SSL_METHOD; typedef struct ssl_protocol_method_st SSL_PROTOCOL_METHOD; typedef struct ssl_session_st SSL_SESSION; typedef struct tls_sigalgs_st TLS_SIGALGS; @@ -414,7 +657,7 @@ struct ssl_session_st { * not ok, we must remember the error for session reuse: */ long verify_result; /* only for servers */ - int references; + CRYPTO_refcount_t references; long timeout; long time; @@ -424,7 +667,7 @@ struct ssl_session_st { /* These are used to make removal of session-ids more efficient and to * implement a maximum cache size. */ - struct ssl_session_st *prev, *next; + SSL_SESSION *prev, *next; char *tlsext_hostname; /* RFC4507 info */ uint8_t *tlsext_tick; /* Session ticket */ @@ -454,86 +697,6 @@ struct ssl_session_st { char extended_master_secret; }; -/* SSL_OP_LEGACY_SERVER_CONNECT allows initial connection to servers that don't - * support RI */ -#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L - -/* SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER allows for record sizes SSL3_RT_MAX_EXTRA - * bytes above the maximum record size. */ -#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L - -/* SSL_OP_TLS_D5_BUG accepts an RSAClientKeyExchange in TLS encoded as SSL3, - * without a length prefix. */ -#define SSL_OP_TLS_D5_BUG 0x00000100L - -/* SSL_OP_ALL enables the above bug workarounds that should be rather harmless. - * */ -#define SSL_OP_ALL 0x00000BFFL - -/* DTLS options */ -#define SSL_OP_NO_QUERY_MTU 0x00001000L -/* Don't use RFC4507 ticket extension */ -#define SSL_OP_NO_TICKET 0x00004000L - -/* As server, disallow session resumption on renegotiation */ -#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L -/* Don't use compression even if supported */ -#define SSL_OP_NO_COMPRESSION 0x00020000L -/* Permit unsafe legacy renegotiation */ -#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L -/* SSL_OP_SINGLE_ECDH_USE does nothing. */ -#define SSL_OP_SINGLE_ECDH_USE 0x00080000L -/* SSL_OP_SINGLE_DH_USE does nothing. */ -#define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set on servers to choose the cipher according to the server's preferences */ -#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L -/* SSL_OP_TLS_ROLLBACK_BUG does nothing. */ -#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L - -/* Deprecated: Use SSL_CTX_set_min_version and SSL_CTX_set_max_version - * instead. */ -#define SSL_OP_NO_SSLv2 0x01000000L -#define SSL_OP_NO_SSLv3 0x02000000L -#define SSL_OP_NO_TLSv1 0x04000000L -#define SSL_OP_NO_TLSv1_2 0x08000000L -#define SSL_OP_NO_TLSv1_1 0x10000000L - -#define SSL_OP_NO_DTLSv1 SSL_OP_NO_TLSv1 -#define SSL_OP_NO_DTLSv1_2 SSL_OP_NO_TLSv1_2 - -#define SSL_OP_NO_SSL_MASK \ - (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | \ - SSL_OP_NO_TLSv1_2) - -/* The following flags do nothing and are included only to make it easier to - * compile code with BoringSSL. */ -#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0 -#define SSL_OP_MICROSOFT_SESS_ID_BUG 0 -#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0 -#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0 -#define SSL_OP_TLS_BLOCK_PADDING_BUG 0 - -/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success when - * just a single record has been written): */ -#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L -/* Make it possible to retry SSL_write() with changed buffer location (buffer - * contents must stay the same!); this is not the default to avoid the - * misconception that non-blocking SSL_write() behaves like non-blocking - * write(): */ -#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L -/* Don't attempt to automatically build certificate chain */ -#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L - -/* The following flags do nothing and are included only to make it easier to - * compile code with BoringSSL. */ -#define SSL_MODE_AUTO_RETRY 0 -#define SSL_MODE_RELEASE_BUFFERS 0 - -/* Send the current time in the Random fields of the ClientHello and - * ServerHello records for compatibility with hypothetical implementations that - * require it. */ -#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L -#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L /* Cert related flags */ /* Many implementations ignore some aspects of the TLS standards such as @@ -552,92 +715,6 @@ struct ssl_session_st { /* Clear verification errors from queue */ #define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 -/* SSL_MODE_ENABLE_FALSE_START allows clients to send application data before - * receipt of CCS and Finished. This mode enables full-handshakes to 'complete' - * in one RTT. See draft-bmoeller-tls-falsestart-01. */ -#define SSL_MODE_ENABLE_FALSE_START 0x00000080L - -/* Deprecated: SSL_MODE_HANDSHAKE_CUTTHROUGH is the same as - * SSL_MODE_ENABLE_FALSE_START. */ -#define SSL_MODE_HANDSHAKE_CUTTHROUGH SSL_MODE_ENABLE_FALSE_START - -/* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two: - * the first record will contain a single byte and the second will contain the - * rest of the bytes. This effectively randomises the IV and prevents BEAST - * attacks. */ -#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L - -/* SSL_MODE_NO_SESSION_CREATION will cause any attempts to create a session to - * fail with SSL_R_SESSION_MAY_NOT_BE_CREATED. This can be used to enforce that - * session resumption is used for a given SSL*. */ -#define SSL_MODE_NO_SESSION_CREATION 0x00000200L - -/* SSL_MODE_SEND_FALLBACK_SCSV sends TLS_FALLBACK_SCSV in the ClientHello. - * To be set only by applications that reconnect with a downgraded protocol - * version; see https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-05 - * for details. - * - * DO NOT ENABLE THIS if your application attempts a normal handshake. Only use - * this in explicit fallback retries, following the guidance in - * draft-ietf-tls-downgrade-scsv-05. */ -#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L - -/* SSL_CTX_set_options enables all options set in |options| (which should be one - * or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a - * bitmask representing the resulting enabled options. */ -OPENSSL_EXPORT uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options); - -/* SSL_CTX_clear_options disables all options set in |options| (which should be - * one or more of the |SSL_OP_*| values, ORed together) in |ctx|. It returns a - * bitmask representing the resulting enabled options. */ -OPENSSL_EXPORT uint32_t SSL_CTX_clear_options(SSL_CTX *ctx, uint32_t options); - -/* SSL_CTX_get_options returns a bitmask of |SSL_OP_*| values that represent all - * the options enabled for |ctx|. */ -OPENSSL_EXPORT uint32_t SSL_CTX_get_options(const SSL_CTX *ctx); - -/* SSL_set_options enables all options set in |options| (which should be one or - * more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a bitmask - * representing the resulting enabled options. */ -OPENSSL_EXPORT uint32_t SSL_set_options(SSL *ssl, uint32_t options); - -/* SSL_clear_options disables all options set in |options| (which should be one - * or more of the |SSL_OP_*| values, ORed together) in |ssl|. It returns a - * bitmask representing the resulting enabled options. */ -OPENSSL_EXPORT uint32_t SSL_clear_options(SSL *ssl, uint32_t options); - -/* SSL_get_options returns a bitmask of |SSL_OP_*| values that represent all the - * options enabled for |ssl|. */ -OPENSSL_EXPORT uint32_t SSL_get_options(const SSL *ssl); - -/* SSL_CTX_set_mode enables all modes set in |mode| (which should be one or more - * of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a bitmask - * representing the resulting enabled modes. */ -OPENSSL_EXPORT uint32_t SSL_CTX_set_mode(SSL_CTX *ctx, uint32_t mode); - -/* SSL_CTX_clear_mode disables all modes set in |mode| (which should be one or - * more of the |SSL_MODE_*| values, ORed together) in |ctx|. It returns a - * bitmask representing the resulting enabled modes. */ -OPENSSL_EXPORT uint32_t SSL_CTX_clear_mode(SSL_CTX *ctx, uint32_t mode); - -/* SSL_CTX_get_mode returns a bitmask of |SSL_MODE_*| values that represent all - * the modes enabled for |ssl|. */ -OPENSSL_EXPORT uint32_t SSL_CTX_get_mode(const SSL_CTX *ctx); - -/* SSL_set_mode enables all modes set in |mode| (which should be one or more of - * the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask - * representing the resulting enabled modes. */ -OPENSSL_EXPORT uint32_t SSL_set_mode(SSL *ssl, uint32_t mode); - -/* SSL_clear_mode disables all modes set in |mode| (which should be one or more - * of the |SSL_MODE_*| values, ORed together) in |ssl|. It returns a bitmask - * representing the resulting enabled modes. */ -OPENSSL_EXPORT uint32_t SSL_clear_mode(SSL *ssl, uint32_t mode); - -/* SSL_get_mode returns a bitmask of |SSL_MODE_*| values that represent all the - * modes enabled for |ssl|. */ -OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl); - /* SSL_set_mtu sets the |ssl|'s MTU in DTLS to |mtu|. It returns one on success * and zero on failure. */ OPENSSL_EXPORT int SSL_set_mtu(SSL *ssl, unsigned mtu); @@ -646,22 +723,6 @@ OPENSSL_EXPORT int SSL_set_mtu(SSL *ssl, unsigned mtu); * renegotiation (RFC 5746) and zero otherwise. */ OPENSSL_EXPORT int SSL_get_secure_renegotiation_support(const SSL *ssl); -/* SSL_CTX_set_min_version sets the minimum protocol version for |ctx| to - * |version|. */ -OPENSSL_EXPORT void SSL_CTX_set_min_version(SSL_CTX *ctx, uint16_t version); - -/* SSL_CTX_set_max_version sets the maximum protocol version for |ctx| to - * |version|. */ -OPENSSL_EXPORT void SSL_CTX_set_max_version(SSL_CTX *ctx, uint16_t version); - -/* SSL_set_min_version sets the minimum protocol version for |ssl| to - * |version|. */ -OPENSSL_EXPORT void SSL_set_min_version(SSL *ssl, uint16_t version); - -/* SSL_set_max_version sets the maximum protocol version for |ssl| to - * |version|. */ -OPENSSL_EXPORT void SSL_set_max_version(SSL *ssl, uint16_t version); - /* SSL_CTX_set_msg_callback installs |cb| as the message callback for |ctx|. * This callback will be called when sending or receiving low-level record * headers, complete handshake messages, ChangeCipherSpec, and alerts. @@ -690,7 +751,7 @@ OPENSSL_EXPORT void SSL_set_msg_callback( SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); -/* set_msg_callback_arg sets the |arg| parameter of the message callback. */ +/* SSL_set_msg_callback_arg sets the |arg| parameter of the message callback. */ OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL *ssl, void *arg); /* SSL_CTX_set_keylog_bio sets configures all SSL objects attached to |ctx| to @@ -762,7 +823,7 @@ struct ssl_comp_st { }; DECLARE_STACK_OF(SSL_COMP) -DECLARE_LHASH_OF(SSL_SESSION); +DECLARE_LHASH_OF(SSL_SESSION) /* ssl_cipher_preference_list_st contains a list of SSL_CIPHERs with * equal-preference groups. For TLS clients, the groups are moot because the @@ -803,6 +864,9 @@ struct ssl_cipher_preference_list_st { struct ssl_ctx_st { const SSL_PROTOCOL_METHOD *method; + /* lock is used to protect various operations on this object. */ + CRYPTO_MUTEX lock; + /* max_version is the maximum acceptable protocol version. If zero, the * maximum supported version, currently (D)TLS 1.2, is used. */ uint16_t max_version; @@ -819,13 +883,13 @@ struct ssl_ctx_st { * number is known at connect time and so the cipher list can be set then. */ struct ssl_cipher_preference_list_st *cipher_list_tls11; - struct x509_store_st /* X509_STORE */ *cert_store; + X509_STORE *cert_store; LHASH_OF(SSL_SESSION) *sessions; /* Most session-ids that will be cached, default is * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ unsigned long session_cache_size; - struct ssl_session_st *session_cache_head; - struct ssl_session_st *session_cache_tail; + SSL_SESSION *session_cache_head; + SSL_SESSION *session_cache_tail; /* handshakes_since_cache_flush is the number of successful handshakes since * the last cache flush. */ @@ -849,12 +913,12 @@ struct ssl_ctx_st { * remove_session_cb is not null, it will be called when a session-id is * removed from the cache. After the call, OpenSSL will SSL_SESSION_free() * it. */ - int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); - void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); - SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, uint8_t *data, int len, + int (*new_session_cb)(SSL *ssl, SSL_SESSION *sess); + void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *sess); + SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *data, int len, int *copy); - int references; + CRYPTO_refcount_t references; /* if defined, these override the X509_verify_cert() calls */ int (*app_verify_callback)(X509_STORE_CTX *, void *); @@ -896,7 +960,6 @@ struct ssl_ctx_st { uint32_t max_cert_list; struct cert_st /* CERT */ *cert; - int read_ahead; /* callback that allows applications to peek at protocol messages */ void (*msg_callback)(int write_p, int version, int content_type, @@ -1038,20 +1101,20 @@ OPENSSL_EXPORT LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); OPENSSL_EXPORT size_t SSL_CTX_sess_number(const SSL_CTX *ctx); OPENSSL_EXPORT void SSL_CTX_sess_set_new_cb( - SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess)); -OPENSSL_EXPORT int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + SSL_CTX *ctx, int (*new_session_cb)(SSL *ssl, SSL_SESSION *sess)); +OPENSSL_EXPORT int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess); OPENSSL_EXPORT void SSL_CTX_sess_set_remove_cb( SSL_CTX *ctx, - void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess)); + void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *sess)); OPENSSL_EXPORT void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))( - struct ssl_ctx_st *ctx, SSL_SESSION *sess); + SSL_CTX *ctx, SSL_SESSION *sess); OPENSSL_EXPORT void SSL_CTX_sess_set_get_cb( SSL_CTX *ctx, - SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, uint8_t *data, int len, + SSL_SESSION *(*get_session_cb)(SSL *ssl, uint8_t *data, int len, int *copy)); OPENSSL_EXPORT SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))( - struct ssl_st *ssl, uint8_t *Data, int len, int *copy); + SSL *ssl, uint8_t *data, int len, int *copy); /* SSL_magic_pending_session_ptr returns a magic SSL_SESSION* which indicates * that the session isn't currently unavailable. SSL_get_error will then return * SSL_ERROR_PENDING_SESSION and the handshake can be retried later when the @@ -1076,16 +1139,16 @@ OPENSSL_EXPORT void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, /* SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end * of a connection) to request SCTs from the server. See - * https://tools.ietf.org/html/rfc6962. Returns 1 on success. */ + * https://tools.ietf.org/html/rfc6962. It returns one. */ OPENSSL_EXPORT int SSL_enable_signed_cert_timestamps(SSL *ssl); /* SSL_CTX_enable_signed_cert_timestamps enables SCT requests on all client SSL * objects created from |ctx|. */ OPENSSL_EXPORT void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx); -/* SSL_enable_signed_cert_timestamps causes |ssl| (which must be the client end - * of a connection) to request a stapled OCSP response from the server. Returns - * 1 on success. */ +/* SSL_enable_ocsp_stapling causes |ssl| (which must be the client end of a + * connection) to request a stapled OCSP response from the server. It returns + * one. */ OPENSSL_EXPORT int SSL_enable_ocsp_stapling(SSL *ssl); /* SSL_CTX_enable_ocsp_stapling enables OCSP stapling on all client SSL objects @@ -1165,7 +1228,8 @@ OPENSSL_EXPORT void SSL_enable_fastradio_padding(SSL *ssl, char on_off); /* SSL_set_reject_peer_renegotiations controls whether renegotiation attempts by * the peer are rejected. It may be set at any point in a connection's lifetime - * to disallow future renegotiations programmatically. */ + * to control future renegotiations programmatically. By default, renegotiations + * are rejected. (Renegotiations requested by a client are always rejected.) */ OPENSSL_EXPORT void SSL_set_reject_peer_renegotiations(SSL *ssl, int reject); /* the maximum length of the buffer given to callbacks containing the resulting @@ -1198,8 +1262,6 @@ OPENSSL_EXPORT int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, OPENSSL_EXPORT int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); OPENSSL_EXPORT const char *SSL_get_psk_identity_hint(const SSL *s); OPENSSL_EXPORT const char *SSL_get_psk_identity(const SSL *s); -OPENSSL_EXPORT void ssl_update_cache(SSL *s, int mode); -OPENSSL_EXPORT int ssl_get_new_session(SSL *s, int session); #define SSL_NOTHING 1 #define SSL_WRITING 2 @@ -1267,12 +1329,6 @@ struct ssl_st { * the side is not determined. In this state, server is always false. */ int server; - - /* Generate a new session or reuse an old one. NB: For servers, the 'new' - * session may actually be a previously cached session or even the previous - * session unless SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ - int new_session; - /* quiet_shutdown is true if the connection should not send a close_notify on * shutdown. */ int quiet_shutdown; @@ -1295,9 +1351,6 @@ struct ssl_st { struct ssl3_state_st *s3; /* SSLv3 variables */ struct dtls1_state_st *d1; /* DTLSv1 variables */ - int read_ahead; /* Read as many input bytes as possible - * (for non-blocking reads) */ - /* callback that allows applications to peek at protocol messages */ void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); @@ -1415,18 +1468,14 @@ struct ssl_st { uint8_t *alpn_client_proto_list; unsigned alpn_client_proto_list_len; - int renegotiate; /* 1 if we are renegotiating. - * 2 if we are a server and are inside a handshake - * (i.e. not just sending a HelloRequest) */ - /* fastradio_padding, if true, causes ClientHellos to be padded to 1024 * bytes. This ensures that the cellular radio is fast forwarded to DCH (high * data rate) state in 3G networks. */ char fastradio_padding; - /* reject_peer_renegotiations, if one, causes causes renegotiation attempts - * from the peer to be rejected with a fatal error. */ - char reject_peer_renegotiations; + /* accept_peer_renegotiations, if one, accepts renegotiation attempts from the + * peer. Otherwise, they will be rejected with a fatal error. */ + char accept_peer_renegotiations; /* These fields are always NULL and exist only to keep wpa_supplicant happy * about the change to EVP_AEAD. They are only needed for EAP-FAST, which we @@ -1455,7 +1504,6 @@ struct ssl_st { #define SSL_ST_ACCEPT 0x2000 #define SSL_ST_MASK 0x0FFF #define SSL_ST_INIT (SSL_ST_CONNECT | SSL_ST_ACCEPT) -#define SSL_ST_BEFORE 0x4000 #define SSL_ST_OK 0x03 #define SSL_ST_RENEGOTIATE (0x04 | SSL_ST_INIT) @@ -1477,7 +1525,6 @@ struct ssl_st { #define SSL_get_state(a) SSL_state(a) #define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) #define SSL_in_init(a) (SSL_state(a) & SSL_ST_INIT) -#define SSL_in_before(a) (SSL_state(a) & SSL_ST_BEFORE) #define SSL_in_connect_init(a) (SSL_state(a) & SSL_ST_CONNECT) #define SSL_in_accept_init(a) (SSL_state(a) & SSL_ST_ACCEPT) @@ -1504,6 +1551,7 @@ OPENSSL_EXPORT size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t coun #define SSL_VERIFY_NONE 0x00 #define SSL_VERIFY_PEER 0x01 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +/* SSL_VERIFY_CLIENT_ONCE does nothing. */ #define SSL_VERIFY_CLIENT_ONCE 0x04 #define SSL_VERIFY_PEER_IF_NO_OBC 0x08 @@ -1804,24 +1852,22 @@ OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); OPENSSL_EXPORT int SSL_CTX_set_cipher_list_tls11(SSL_CTX *, const char *str); -OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); -OPENSSL_EXPORT void SSL_CTX_free(SSL_CTX *); OPENSSL_EXPORT long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); OPENSSL_EXPORT long SSL_CTX_get_timeout(const SSL_CTX *ctx); OPENSSL_EXPORT X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); OPENSSL_EXPORT void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); OPENSSL_EXPORT int SSL_want(const SSL *s); -OPENSSL_EXPORT int SSL_clear(SSL *s); OPENSSL_EXPORT void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); +/* SSL_get_current_cipher returns the cipher used in the current outgoing + * connection state, or NULL if the null cipher is active. */ OPENSSL_EXPORT const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); OPENSSL_EXPORT int SSL_get_fd(const SSL *s); OPENSSL_EXPORT int SSL_get_rfd(const SSL *s); OPENSSL_EXPORT int SSL_get_wfd(const SSL *s); OPENSSL_EXPORT const char *SSL_get_cipher_list(const SSL *s, int n); -OPENSSL_EXPORT int SSL_get_read_ahead(const SSL *s); OPENSSL_EXPORT int SSL_pending(const SSL *s); OPENSSL_EXPORT int SSL_set_fd(SSL *s, int fd); OPENSSL_EXPORT int SSL_set_rfd(SSL *s, int fd); @@ -1830,7 +1876,6 @@ OPENSSL_EXPORT void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); OPENSSL_EXPORT BIO *SSL_get_rbio(const SSL *s); OPENSSL_EXPORT BIO *SSL_get_wbio(const SSL *s); OPENSSL_EXPORT int SSL_set_cipher_list(SSL *s, const char *str); -OPENSSL_EXPORT void SSL_set_read_ahead(SSL *s, int yes); OPENSSL_EXPORT int SSL_get_verify_mode(const SSL *s); OPENSSL_EXPORT int SSL_get_verify_depth(const SSL *s); OPENSSL_EXPORT int (*SSL_get_verify_callback(const SSL *s))(int, @@ -1984,7 +2029,6 @@ OPENSSL_EXPORT int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const uint8_t *sid_ctx, unsigned int sid_ctx_len); -OPENSSL_EXPORT SSL *SSL_new(SSL_CTX *ctx); OPENSSL_EXPORT int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx, unsigned int sid_ctx_len); @@ -2000,7 +2044,6 @@ OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); OPENSSL_EXPORT X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); OPENSSL_EXPORT void SSL_certs_clear(SSL *s); -OPENSSL_EXPORT void SSL_free(SSL *ssl); OPENSSL_EXPORT int SSL_accept(SSL *ssl); OPENSSL_EXPORT int SSL_connect(SSL *ssl); OPENSSL_EXPORT int SSL_read(SSL *ssl, void *buf, int num); @@ -2017,17 +2060,14 @@ OPENSSL_EXPORT const char *SSL_get_version(const SSL *s); * |sess|. For example, "TLSv1.2" or "SSLv3". */ OPENSSL_EXPORT const char *SSL_SESSION_get_version(const SSL_SESSION *sess); -/* TLS_method is the SSL_METHOD used for TLS (and SSLv3) connections. */ -OPENSSL_EXPORT const SSL_METHOD *TLS_method(void); - -/* DTLS_method is the SSL_METHOD used for DTLS connections. */ -OPENSSL_EXPORT const SSL_METHOD *DTLS_method(void); - OPENSSL_EXPORT STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); OPENSSL_EXPORT int SSL_do_handshake(SSL *s); -OPENSSL_EXPORT int SSL_renegotiate(SSL *s); -OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *s); + +/* SSL_renegotiate_pending returns one if |ssl| is in the middle of a + * renegotiation. */ +OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl); + OPENSSL_EXPORT int SSL_shutdown(SSL *s); OPENSSL_EXPORT const char *SSL_alert_type_string_long(int value); @@ -2045,16 +2085,12 @@ OPENSSL_EXPORT STACK_OF(X509_NAME) * OPENSSL_EXPORT int SSL_add_client_CA(SSL *ssl, X509 *x); OPENSSL_EXPORT int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); -OPENSSL_EXPORT void SSL_set_connect_state(SSL *s); -OPENSSL_EXPORT void SSL_set_accept_state(SSL *s); - OPENSSL_EXPORT long SSL_get_default_timeout(const SSL *s); OPENSSL_EXPORT STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); OPENSSL_EXPORT X509 *SSL_get_certificate(const SSL *ssl); -OPENSSL_EXPORT /* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey( - const SSL *ssl); +OPENSSL_EXPORT EVP_PKEY *SSL_get_privatekey(const SSL *ssl); OPENSSL_EXPORT X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); OPENSSL_EXPORT EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); @@ -2082,7 +2118,6 @@ OPENSSL_EXPORT void SSL_set_info_callback(SSL *ssl, OPENSSL_EXPORT void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val); OPENSSL_EXPORT int SSL_state(const SSL *ssl); -OPENSSL_EXPORT void SSL_set_state(SSL *ssl, int state); OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long v); OPENSSL_EXPORT long SSL_get_verify_result(const SSL *ssl); @@ -2116,7 +2151,7 @@ OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void); OPENSSL_EXPORT unsigned long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, unsigned long size); -/* SSL_CTX_sess_set_cache_size returns the maximum size of |ctx|'s session +/* SSL_CTX_sess_get_cache_size returns the maximum size of |ctx|'s session * cache. */ OPENSSL_EXPORT unsigned long SSL_CTX_sess_get_cache_size(const SSL_CTX *ctx); @@ -2140,11 +2175,6 @@ OPENSSL_EXPORT int SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode); * |ctx| */ OPENSSL_EXPORT int SSL_CTX_get_session_cache_mode(const SSL_CTX *ctx); -/* TODO(davidben): Deprecate read_ahead functions after https://crbug.com/447431 - * is resolved. */ -OPENSSL_EXPORT int SSL_CTX_get_read_ahead(const SSL_CTX *ctx); -OPENSSL_EXPORT void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); - /* SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer * certificate chain accepted by |ctx|. */ OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx); @@ -2310,6 +2340,13 @@ OPENSSL_EXPORT const SSL_METHOD *DTLSv1_client_method(void); OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_server_method(void); OPENSSL_EXPORT const SSL_METHOD *DTLSv1_2_client_method(void); +/* SSL_clear resets |ssl| to allow another connection and returns one on success + * or zero on failure. It returns most configuration state but releases memory + * associated with the current connection. + * + * Free |ssl| and create a new one instead. */ +OPENSSL_EXPORT int SSL_clear(SSL *ssl); + /* SSL_CTX_set_tmp_rsa_callback does nothing. */ OPENSSL_EXPORT void SSL_CTX_set_tmp_rsa_callback( SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export, int keylength)); @@ -2370,6 +2407,24 @@ OPENSSL_EXPORT int SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, const RSA *rsa); /* SSL_set_tmp_rsa returns one. */ OPENSSL_EXPORT int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa); +/* SSL_CTX_get_read_head returns zero. */ +OPENSSL_EXPORT int SSL_CTX_get_read_ahead(const SSL_CTX *ctx); + +/* SSL_CTX_set_read_ahead does nothing. */ +OPENSSL_EXPORT void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); + +/* SSL_get_read_head returns zero. */ +OPENSSL_EXPORT int SSL_get_read_ahead(const SSL *s); + +/* SSL_set_read_ahead does nothing. */ +OPENSSL_EXPORT void SSL_set_read_ahead(SSL *s, int yes); + +/* SSL_renegotiate put an error on the error queue and returns zero. */ +OPENSSL_EXPORT int SSL_renegotiate(SSL *ssl); + +/* SSL_set_state does nothing. */ +OPENSSL_EXPORT void SSL_set_state(SSL *ssl, int state); + /* Android compatibility section. * @@ -2581,7 +2636,7 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused); #define SSL_F_dtls1_process_record 162 #define SSL_F_dtls1_read_bytes 163 #define SSL_F_dtls1_send_hello_verify_request 164 -#define SSL_F_dtls1_write_app_data_bytes 165 +#define SSL_F_dtls1_write_app_data 165 #define SSL_F_i2d_SSL_SESSION 166 #define SSL_F_ssl3_accept 167 #define SSL_F_ssl3_cert_verify_hash 169 @@ -2688,6 +2743,10 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused); #define SSL_F_SSL_set1_tls_channel_id 273 #define SSL_F_SSL_set_tlsext_host_name 274 #define SSL_F_ssl3_output_cert_chain 275 +#define SSL_F_SSL_AEAD_CTX_new 276 +#define SSL_F_SSL_AEAD_CTX_open 277 +#define SSL_F_SSL_AEAD_CTX_seal 278 +#define SSL_F_dtls1_seal_record 279 #define SSL_R_APP_DATA_IN_HANDSHAKE 100 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101 #define SSL_R_BAD_ALERT 102 @@ -2862,6 +2921,10 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused); #define SSL_R_FRAGMENT_MISMATCH 271 #define SSL_R_BUFFER_TOO_SMALL 272 #define SSL_R_OLD_SESSION_VERSION_NOT_RETURNED 273 +#define SSL_R_OUTPUT_ALIASES_INPUT 274 +#define SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION 275 +#define SSL_R_EMS_STATE_INCONSISTENT 276 +#define SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION 277 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 diff --git a/src/include/openssl/ssl3.h b/src/include/openssl/ssl3.h index 96f00cf..640a228 100644 --- a/src/include/openssl/ssl3.h +++ b/src/include/openssl/ssl3.h @@ -313,13 +313,23 @@ OPENSSL_COMPILE_ASSERT( #define SSL3_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ typedef struct ssl3_record_st { - /*r */ int type; /* type of record */ - /*rw*/ unsigned int length; /* How many bytes available */ - /*r */ unsigned int off; /* read/write offset into 'buf' */ - /*rw*/ uint8_t *data; /* pointer to the record data */ - /*rw*/ uint8_t *input; /* where the decode bytes are */ - /*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ - /*r */ uint8_t seq_num[8]; /* sequence number, needed by DTLS1 */ + /* type is the record type. */ + uint8_t type; + /* length is the number of unconsumed bytes of |data|. */ + uint16_t length; + /* off is the number of consumed bytes of |data|. */ + uint16_t off; + /* data is a non-owning pointer to the record contents. The total length of + * the buffer is |off| + |length|. */ + uint8_t *data; + /* epoch, in DTLS, is the epoch number of the record. */ + uint16_t epoch; + /* seq_num, in DTLS, is the sequence number of the record. The top two bytes + * are always zero. + * + * TODO(davidben): This is confusing. They should include the epoch or the + * field should be six bytes. */ + uint8_t seq_num[8]; } SSL3_RECORD; typedef struct ssl3_buffer_st { @@ -366,6 +376,10 @@ typedef struct ssl3_state_st { * the version has not been negotiated yet. */ char have_version; + /* initial_handshake_complete is true if the initial handshake has + * completed. */ + char initial_handshake_complete; + /* sniff_buffer is used by the server in the initial handshake to read a * V2ClientHello before the record layer is initialized. */ BUF_MEM *sniff_buffer; @@ -375,7 +389,6 @@ typedef struct ssl3_state_st { SSL3_BUFFER wbuf; /* write IO goes into here */ SSL3_RECORD rrec; /* each decoded record goes in here */ - SSL3_RECORD wrec; /* goes out from here */ /* storage for Handshake protocol data received but not yet processed by * ssl3_read_bytes: */ @@ -405,9 +418,6 @@ typedef struct ssl3_state_st { int alert_dispatch; uint8_t send_alert[2]; - /* This flag is set when we should renegotiate ASAP, basically when there is - * no more data in the read or write buffers */ - int renegotiate; int total_renegotiations; /* State pertaining to the pending handshake. diff --git a/src/include/openssl/thread.h b/src/include/openssl/thread.h index f6e7529..568a858 100644 --- a/src/include/openssl/thread.h +++ b/src/include/openssl/thread.h @@ -90,56 +90,42 @@ typedef union crypto_mutex_st { } CRYPTO_MUTEX; #endif - -/* Functions to support multithreading. - * - * OpenSSL can safely be used in multi-threaded applications provided that at - * least |CRYPTO_set_locking_callback| is set. +/* CRYPTO_refcount_t is the type of a reference count. * - * The locking callback performs mutual exclusion. Rather than using a single - * lock for all, shared data-structures, OpenSSL requires that the locking - * callback support a fixed (at run-time) number of different locks, given by - * |CRYPTO_num_locks|. */ + * Since some platforms use C11 atomics to access this, it should have the + * _Atomic qualifier. However, this header is included by C++ programs as well + * as C code that might not set -std=c11. So, in practice, it's not possible to + * do that. Instead we statically assert that the size and native alignment of + * a plain uint32_t and an _Atomic uint32_t are equal in refcount_c11.c. */ +typedef uint32_t CRYPTO_refcount_t; -/* CRYPTO_num_locks returns the number of static locks that the callback - * function passed to |CRYPTO_set_locking_callback| must be able to handle. */ +/* Deprecated functions */ + +/* These defines do nothing but are provided to make old code easier to + * compile. */ +#define CRYPTO_LOCK 1 +#define CRYPTO_UNLOCK 2 +#define CRYPTO_READ 4 +#define CRYPTO_WRITE 8 + +/* CRYPTO_num_locks returns one. (This is non-zero that callers who allocate + * sizeof(lock) times this value don't get zero and then fail because malloc(0) + * returned NULL.) */ OPENSSL_EXPORT int CRYPTO_num_locks(void); -/* CRYPTO_set_locking_callback sets a callback function that implements locking - * on behalf of OpenSSL. The callback is called whenever OpenSSL needs to lock - * or unlock a lock, and locks are specified as a number between zero and - * |CRYPTO_num_locks()-1|. - * - * The mode argument to the callback is a bitwise-OR of either CRYPTO_LOCK or - * CRYPTO_UNLOCK, to denote the action, and CRYPTO_READ or CRYPTO_WRITE, to - * indicate the type of lock. The |file| and |line| arguments give the location - * in the OpenSSL source where the locking action originated. */ +/* CRYPTO_set_locking_callback does nothing. */ OPENSSL_EXPORT void CRYPTO_set_locking_callback( void (*func)(int mode, int lock_num, const char *file, int line)); -/* CRYPTO_set_add_lock_callback sets an optional callback which is used when - * OpenSSL needs to add a fixed amount to an integer. For example, this is used - * when maintaining reference counts. Normally the reference counts are - * maintained by performing the addition under a lock but, if this callback - * has been set, the application is free to implement the operation using - * faster methods (i.e. atomic operations). - * - * The callback is given a pointer to the integer to be altered (|num|), the - * amount to add to the integer (|amount|, which may be negative), the number - * of the lock which would have been taken to protect the operation and the - * position in the OpenSSL code where the operation originated. */ +/* CRYPTO_set_add_lock_callback does nothing. */ OPENSSL_EXPORT void CRYPTO_set_add_lock_callback(int (*func)( int *num, int amount, int lock_num, const char *file, int line)); -/* CRYPTO_get_lock_name returns the name of the lock given by |lock_num|. This - * can be used in a locking callback for debugging purposes. */ +/* CRYPTO_get_lock_name returns a fixed, dummy string. */ OPENSSL_EXPORT const char *CRYPTO_get_lock_name(int lock_num); - -/* Deprecated functions */ - -/* CRYPTO_THREADID_set_callback does nothing. */ +/* CRYPTO_THREADID_set_callback returns one. */ OPENSSL_EXPORT int CRYPTO_THREADID_set_callback( void (*threadid_func)(CRYPTO_THREADID *threadid)); @@ -154,81 +140,6 @@ OPENSSL_EXPORT void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); OPENSSL_EXPORT void CRYPTO_THREADID_current(CRYPTO_THREADID *id); -/* Private functions: */ - -/* CRYPTO_get_locking_callback returns the callback, if any, that was most - * recently set using |CRYPTO_set_locking_callback|. */ -void (*CRYPTO_get_locking_callback(void))(int mode, int lock_num, - const char *file, int line); - -/* CRYPTO_get_add_lock_callback returns the callback, if any, that was most - * recently set using |CRYPTO_set_add_lock_callback|. */ -int (*CRYPTO_get_add_lock_callback(void))(int *num, int amount, int lock_num, - const char *file, int line); - -/* CRYPTO_lock locks or unlocks the lock specified by |lock_num| (one of - * |CRYPTO_LOCK_*|). Don't call this directly, rather use one of the - * CRYPTO_[rw]_(un)lock macros. */ -OPENSSL_EXPORT void CRYPTO_lock(int mode, int lock_num, const char *file, - int line); - -/* CRYPTO_add_lock adds |amount| to |*pointer|, protected by the lock specified - * by |lock_num|. It returns the new value of |*pointer|. Don't call this - * function directly, rather use the |CRYPTO_add| macro. */ -OPENSSL_EXPORT int CRYPTO_add_lock(int *pointer, int amount, int lock_num, - const char *file, int line); - -/* Lock IDs start from 1. CRYPTO_LOCK_INVALID_LOCK is an unused placeholder - * used to ensure no lock has ID 0. */ -#define CRYPTO_LOCK_LIST \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_INVALID_LOCK), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_BIO), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_DH), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_DSA), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EC), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EC_PRE_COMP), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_ERR), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EVP_PKEY), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_EX_DATA), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_OBJ), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RAND), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_READDIR), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RSA), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_RSA_BLINDING), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_SSL_CTX), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_SSL_SESSION), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_INFO), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_PKEY), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_CRL), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_REQ), \ - CRYPTO_LOCK_ITEM(CRYPTO_LOCK_X509_STORE), \ - -#define CRYPTO_LOCK_ITEM(x) x - -enum { - CRYPTO_LOCK_LIST -}; - -#undef CRYPTO_LOCK_ITEM - -#define CRYPTO_LOCK 1 -#define CRYPTO_UNLOCK 2 -#define CRYPTO_READ 4 -#define CRYPTO_WRITE 8 - -#define CRYPTO_w_lock(lock_num) \ - CRYPTO_lock(CRYPTO_LOCK | CRYPTO_WRITE, lock_num, __FILE__, __LINE__) -#define CRYPTO_w_unlock(lock_num) \ - CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_WRITE, lock_num, __FILE__, __LINE__) -#define CRYPTO_r_lock(lock_num) \ - CRYPTO_lock(CRYPTO_LOCK | CRYPTO_READ, lock_num, __FILE__, __LINE__) -#define CRYPTO_r_unlock(lock_num) \ - CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_READ, lock_num, __FILE__, __LINE__) -#define CRYPTO_add(addr, amount, lock_num) \ - CRYPTO_add_lock(addr, amount, lock_num, __FILE__, __LINE__) - - /* Private functions. * * Some old code calls these functions and so no-op implementations are diff --git a/src/include/openssl/type_check.h b/src/include/openssl/type_check.h index dd59151..674913a 100644 --- a/src/include/openssl/type_check.h +++ b/src/include/openssl/type_check.h @@ -76,8 +76,12 @@ extern "C" { * was a pointer to |type|. */ #define CHECKED_PTR_OF(type, p) CHECKED_CAST(void*, type*, (p)) +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L +#define OPENSSL_COMPILE_ASSERT(cond, msg) _Static_assert(cond, #msg) +#else #define OPENSSL_COMPILE_ASSERT(cond, msg) \ typedef char OPENSSL_COMPILE_ASSERT_##msg[((cond) ? 1 : -1)] +#endif #if defined(__cplusplus) diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h index ef1d7fb..69c7da6 100644 --- a/src/include/openssl/x509.h +++ b/src/include/openssl/x509.h @@ -73,13 +73,14 @@ #include <openssl/cipher.h> #include <openssl/dh.h> #include <openssl/dsa.h> -#include <openssl/ec.h> #include <openssl/ecdh.h> #include <openssl/ecdsa.h> +#include <openssl/ec.h> #include <openssl/evp.h> #include <openssl/rsa.h> #include <openssl/sha.h> #include <openssl/stack.h> +#include <openssl/thread.h> #ifdef __cplusplus extern "C" { @@ -204,7 +205,7 @@ typedef struct X509_req_st X509_REQ_INFO *req_info; X509_ALGOR *sig_alg; ASN1_BIT_STRING *signature; - int references; + CRYPTO_refcount_t references; } X509_REQ; typedef struct x509_cinf_st @@ -243,7 +244,7 @@ struct x509_st X509_ALGOR *sig_alg; ASN1_BIT_STRING *signature; int valid; - int references; + CRYPTO_refcount_t references; char *name; CRYPTO_EX_DATA ex_data; /* These contain copies of various extension values */ @@ -420,7 +421,7 @@ struct X509_crl_st X509_CRL_INFO *crl; X509_ALGOR *sig_alg; ASN1_BIT_STRING *signature; - int references; + CRYPTO_refcount_t references; int flags; /* Copies of various extensions */ AUTHORITY_KEYID *akid; @@ -457,8 +458,6 @@ typedef struct private_key_st /* expanded version of 'enc_algor' */ EVP_CIPHER_INFO cipher; - - int references; } X509_PKEY; #ifndef OPENSSL_NO_EVP @@ -472,7 +471,6 @@ typedef struct X509_info_st int enc_len; char *enc_data; - int references; } X509_INFO; DECLARE_STACK_OF(X509_INFO) diff --git a/src/include/openssl/x509_vfy.h b/src/include/openssl/x509_vfy.h index 299cad7..146e047 100644 --- a/src/include/openssl/x509_vfy.h +++ b/src/include/openssl/x509_vfy.h @@ -67,6 +67,7 @@ #include <openssl/bio.h> #include <openssl/lhash.h> +#include <openssl/thread.h> #ifdef __cplusplus extern "C" { @@ -183,6 +184,7 @@ struct x509_store_st /* The following is a cache of trusted certs */ int cache; /* if true, stash any hits */ STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ + CRYPTO_MUTEX objs_lock; /* These are external lookup methods */ STACK_OF(X509_LOOKUP) *get_cert_methods; @@ -202,7 +204,7 @@ struct x509_store_st STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup)(X509_STORE_CTX *ctx); - int references; + CRYPTO_refcount_t references; } /* X509_STORE */; OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth); diff --git a/src/ssl/CMakeLists.txt b/src/ssl/CMakeLists.txt index 9cc6de4..cf5a29d 100644 --- a/src/ssl/CMakeLists.txt +++ b/src/ssl/CMakeLists.txt @@ -19,6 +19,7 @@ add_library( s3_meth.c s3_pkt.c s3_srvr.c + ssl_aead_ctx.c ssl_algs.c ssl_asn1.c ssl_cert.c @@ -39,6 +40,8 @@ add_executable( ssl_test ssl_test.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(ssl_test ssl crypto) diff --git a/src/ssl/d1_both.c b/src/ssl/d1_both.c index 662f518..ac35a66 100644 --- a/src/ssl/d1_both.c +++ b/src/ssl/d1_both.c @@ -259,11 +259,10 @@ static void dtls1_hm_fragment_mark(hm_fragment *frag, size_t start, /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or * SSL3_RT_CHANGE_CIPHER_SPEC) */ -int dtls1_do_write(SSL *s, int type) { +int dtls1_do_write(SSL *s, int type, enum dtls1_use_epoch_t use_epoch) { int ret; int curr_mtu; unsigned int len, frag_off; - size_t max_overhead = 0; /* AHA! Figure out the MTU, and stick to the right size */ if (s->d1->mtu < dtls1_min_mtu() && @@ -286,12 +285,7 @@ int dtls1_do_write(SSL *s, int type) { } /* Determine the maximum overhead of the current cipher. */ - if (s->aead_write_ctx != NULL) { - max_overhead = EVP_AEAD_max_overhead(s->aead_write_ctx->ctx.aead); - if (s->aead_write_ctx->variable_nonce_included_in_record) { - max_overhead += s->aead_write_ctx->variable_nonce_len; - } - } + size_t max_overhead = SSL_AEAD_CTX_max_overhead(s->aead_write_ctx); frag_off = 0; while (s->init_num) { @@ -356,7 +350,8 @@ int dtls1_do_write(SSL *s, int type) { len = s->init_num; } - ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len); + ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, + use_epoch); if (ret < 0) { return -1; } @@ -409,8 +404,7 @@ static int dtls1_discard_fragment_body(SSL *s, size_t frag_len) { uint8_t discard[256]; while (frag_len > 0) { size_t chunk = frag_len < sizeof(discard) ? frag_len : sizeof(discard); - int ret = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, discard, chunk, - 0); + int ret = dtls1_read_bytes(s, SSL3_RT_HANDSHAKE, discard, chunk, 0); if (ret != chunk) { return 0; } @@ -485,8 +479,8 @@ static int dtls1_process_fragment(SSL *s) { * body across two records. Change this interface to consume the fragment in * one pass. */ uint8_t header[DTLS1_HM_HEADER_LENGTH]; - int ret = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, header, - DTLS1_HM_HEADER_LENGTH, 0); + int ret = dtls1_read_bytes(s, SSL3_RT_HANDSHAKE, header, + DTLS1_HM_HEADER_LENGTH, 0); if (ret <= 0) { return ret; } @@ -538,8 +532,8 @@ static int dtls1_process_fragment(SSL *s) { assert(msg_len > 0); /* Read the body of the fragment. */ - ret = s->method->ssl_read_bytes( - s, SSL3_RT_HANDSHAKE, frag->fragment + frag_off, frag_len, 0); + ret = dtls1_read_bytes(s, SSL3_RT_HANDSHAKE, frag->fragment + frag_off, + frag_len, 0); if (ret != frag_len) { OPENSSL_PUT_ERROR(SSL, dtls1_process_fragment, SSL_R_UNEXPECTED_MESSAGE); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); @@ -690,7 +684,7 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) { } /* SSL3_ST_CW_CHANGE_B */ - return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC); + return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC, dtls1_use_current_epoch); } int dtls1_read_failed(SSL *s, int code) { @@ -730,7 +724,6 @@ static int dtls1_retransmit_message(SSL *s, hm_fragment *frag) { int ret; /* XDTLS: for now assuming that read/writes are blocking */ unsigned long header_length; - uint8_t save_write_sequence[8]; /* assert(s->init_num == 0); assert(s->init_off == 0); */ @@ -749,45 +742,18 @@ static int dtls1_retransmit_message(SSL *s, hm_fragment *frag) { frag->msg_header.msg_len, frag->msg_header.seq, 0, frag->msg_header.frag_len); - /* Save current state. */ - SSL_AEAD_CTX *aead_write_ctx = s->aead_write_ctx; - uint16_t epoch = s->d1->w_epoch; - /* DTLS renegotiation is unsupported, so only epochs 0 (NULL cipher) and 1 * (negotiated cipher) exist. */ - assert(epoch == 0 || epoch == 1); - assert(frag->msg_header.epoch <= epoch); - const int fragment_from_previous_epoch = (epoch == 1 && - frag->msg_header.epoch == 0); - if (fragment_from_previous_epoch) { - /* Rewind to the previous epoch. - * - * TODO(davidben): Instead of swapping out connection-global state, this - * logic should pass a "use previous epoch" parameter down to lower-level - * functions. */ - s->d1->w_epoch = frag->msg_header.epoch; - s->aead_write_ctx = NULL; - memcpy(save_write_sequence, s->s3->write_sequence, - sizeof(s->s3->write_sequence)); - memcpy(s->s3->write_sequence, s->d1->last_write_sequence, - sizeof(s->s3->write_sequence)); - } else { - /* Otherwise the messages must be from the same epoch. */ - assert(frag->msg_header.epoch == epoch); + assert(s->d1->w_epoch == 0 || s->d1->w_epoch == 1); + assert(frag->msg_header.epoch <= s->d1->w_epoch); + enum dtls1_use_epoch_t use_epoch = dtls1_use_current_epoch; + if (s->d1->w_epoch == 1 && frag->msg_header.epoch == 0) { + use_epoch = dtls1_use_previous_epoch; } ret = dtls1_do_write(s, frag->msg_header.is_ccs ? SSL3_RT_CHANGE_CIPHER_SPEC - : SSL3_RT_HANDSHAKE); - - if (fragment_from_previous_epoch) { - /* Restore the current epoch. */ - s->aead_write_ctx = aead_write_ctx; - s->d1->w_epoch = epoch; - memcpy(s->d1->last_write_sequence, s->s3->write_sequence, - sizeof(s->s3->write_sequence)); - memcpy(s->s3->write_sequence, save_write_sequence, - sizeof(s->s3->write_sequence)); - } + : SSL3_RT_HANDSHAKE, + use_epoch); (void)BIO_flush(SSL_get_wbio(s)); return ret; @@ -917,9 +883,3 @@ void dtls1_get_message_header(uint8_t *data, n2l3(data, msg_hdr->frag_off); n2l3(data, msg_hdr->frag_len); } - -int dtls1_shutdown(SSL *s) { - int ret; - ret = ssl3_shutdown(s); - return ret; -} diff --git a/src/ssl/d1_clnt.c b/src/ssl/d1_clnt.c index 1827a67..92fb8f6 100644 --- a/src/ssl/d1_clnt.c +++ b/src/ssl/d1_clnt.c @@ -155,12 +155,7 @@ int dtls1_connect(SSL *s) { state = s->state; switch (s->state) { - case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; - s->state = SSL_ST_CONNECT; - /* break */ case SSL_ST_CONNECT: - case SSL_ST_BEFORE | SSL_ST_CONNECT: if (cb != NULL) { cb(s, SSL_CB_HANDSHAKE_START, 1); } @@ -472,8 +467,7 @@ int dtls1_connect(SSL *s) { ssl_free_wbio_buffer(s); s->init_num = 0; - s->renegotiate = 0; - s->new_session = 0; + s->s3->initial_handshake_complete = 1; ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); diff --git a/src/ssl/d1_lib.c b/src/ssl/d1_lib.c index e53156f..ef7a9c9 100644 --- a/src/ssl/d1_lib.c +++ b/src/ssl/d1_lib.c @@ -151,14 +151,9 @@ void dtls1_free(SSL *s) { s->d1 = NULL; } -const SSL_CIPHER *dtls1_get_cipher(size_t i) { - const SSL_CIPHER *ciph = ssl3_get_cipher(i); +int dtls1_supports_cipher(const SSL_CIPHER *cipher) { /* DTLS does not support stream ciphers. */ - if (ciph == NULL || ciph->algorithm_enc == SSL_RC4) { - return NULL; - } - - return ciph; + return cipher->algorithm_enc != SSL_RC4; } void dtls1_start_timer(SSL *s) { @@ -338,5 +333,5 @@ int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) { } int dtls1_handshake_write(SSL *s) { - return dtls1_do_write(s, SSL3_RT_HANDSHAKE); + return dtls1_do_write(s, SSL3_RT_HANDSHAKE, dtls1_use_current_epoch); } diff --git a/src/ssl/d1_meth.c b/src/ssl/d1_meth.c index a11fbdd..d90f75b 100644 --- a/src/ssl/d1_meth.c +++ b/src/ssl/d1_meth.c @@ -64,21 +64,14 @@ static const SSL_PROTOCOL_METHOD DTLS_protocol_method = { dtls1_free, dtls1_accept, dtls1_connect, - ssl3_read, - ssl3_peek, - ssl3_write, - dtls1_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, dtls1_get_message, - dtls1_read_bytes, - dtls1_write_app_data_bytes, + dtls1_read_app_data, + dtls1_read_close_notify, + dtls1_write_app_data, dtls1_dispatch_alert, ssl3_ctrl, ssl3_ctx_ctrl, - ssl3_pending, - ssl3_num_ciphers, - dtls1_get_cipher, + dtls1_supports_cipher, DTLS1_HM_HEADER_LENGTH, dtls1_set_handshake_header, dtls1_handshake_write, diff --git a/src/ssl/d1_pkt.c b/src/ssl/d1_pkt.c index 9e056ac..553499f 100644 --- a/src/ssl/d1_pkt.c +++ b/src/ssl/d1_pkt.c @@ -185,25 +185,11 @@ static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); static int dtls1_process_record(SSL *s); static int do_dtls1_write(SSL *s, int type, const uint8_t *buf, - unsigned int len); + unsigned int len, enum dtls1_use_epoch_t use_epoch); static int dtls1_process_record(SSL *s) { int al; - SSL3_RECORD *rr; - - rr = &(s->s3->rrec); - - /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, and - * we have that many bytes in s->packet. */ - rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]); - - /* ok, we can now read from 's->packet' data into 'rr' rr->input points at - * rr->length bytes, which need to be copied into rr->data by either the - * decryption or by the decompression When the data is 'copied' into the - * rr->data buffer, rr->input will be pointed at the new buffer */ - - /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length bytes - * of encrypted compressed stuff. */ + SSL3_RECORD *rr = &s->s3->rrec; /* check is not needed I believe */ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { @@ -213,10 +199,23 @@ static int dtls1_process_record(SSL *s) { goto f_err; } - /* decrypt in place in 'rr->input' */ - rr->data = rr->input; + /* |rr->data| points to |rr->length| bytes of ciphertext in |s->packet|. */ + rr->data = &s->packet[DTLS1_RT_HEADER_LENGTH]; + + uint8_t seq[8]; + seq[0] = rr->epoch >> 8; + seq[1] = rr->epoch & 0xff; + memcpy(&seq[2], &rr->seq_num[2], 6); - if (!s->enc_method->enc(s, 0)) { + /* Decrypt the packet in-place. Note it is important that |SSL_AEAD_CTX_open| + * not write beyond |rr->length|. There may be another record in the packet. + * + * TODO(davidben): This assumes |s->version| is the same as the record-layer + * version which isn't always true, but it only differs with the NULL cipher + * which ignores the parameter. */ + size_t plaintext_len; + if (!SSL_AEAD_CTX_open(s->aead_read_ctx, rr->data, &plaintext_len, rr->length, + rr->type, s->version, seq, rr->data, rr->length)) { /* Bad packets are silently dropped in DTLS. Clear the error queue of any * errors decryption may have added. */ ERR_clear_error(); @@ -225,19 +224,20 @@ static int dtls1_process_record(SSL *s) { goto err; } - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { + if (plaintext_len > SSL3_RT_MAX_PLAIN_LENGTH) { al = SSL_AD_RECORD_OVERFLOW; OPENSSL_PUT_ERROR(SSL, dtls1_process_record, SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } + assert(plaintext_len < (1u << 16)); + rr->length = plaintext_len; rr->off = 0; /* So at this point the following is true * ssl->s3->rrec.type is the type of record * ssl->s3->rrec.length == number of bytes in record * ssl->s3->rrec.off == offset to first valid byte - * ssl->s3->rrec.data == where to take bytes from, increment - * after use :-). */ + * ssl->s3->rrec.data == the first byte of the record body. */ /* we have pulled in a full packet so zero things */ s->packet_length = 0; @@ -260,11 +260,11 @@ err: * * used only by dtls1_read_bytes */ int dtls1_get_record(SSL *s) { - int ssl_major, ssl_minor; - int i, n; + uint8_t ssl_major, ssl_minor; + int n; SSL3_RECORD *rr; - unsigned char *p = NULL; - unsigned short version; + uint8_t *p = NULL; + uint16_t version; rr = &(s->s3->rrec); @@ -298,7 +298,7 @@ again: rr->type = *(p++); ssl_major = *(p++); ssl_minor = *(p++); - version = (ssl_major << 8) | ssl_minor; + version = (((uint16_t)ssl_major) << 8) | ssl_minor; /* sequence number is 64 bits, with top 2 bytes = epoch */ n2s(p, rr->epoch); @@ -344,14 +344,9 @@ again: if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) { /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ - i = rr->length; - n = ssl3_read_n(s, i, 1); - if (n <= 0) { - return n; /* error or non-blocking io */ - } - - /* this packet contained a partial record, dump it */ - if (n != i) { + n = ssl3_read_n(s, rr->length, 1); + /* This packet contained a partial record, dump it. */ + if (n != rr->length) { rr->length = 0; s->packet_length = 0; goto again; @@ -393,6 +388,14 @@ again: return 1; } +int dtls1_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek) { + return dtls1_read_bytes(ssl, SSL3_RT_APPLICATION_DATA, buf, len, peek); +} + +void dtls1_read_close_notify(SSL *ssl) { + dtls1_read_bytes(ssl, 0, NULL, 0, 0); +} + /* Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * @@ -674,7 +677,7 @@ err: return -1; } -int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) { +int dtls1_write_app_data(SSL *s, const void *buf_, int len) { int i; if (SSL_in_init(s) && !s->in_handshake) { @@ -683,130 +686,133 @@ int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) { return i; } if (i == 0) { - OPENSSL_PUT_ERROR(SSL, dtls1_write_app_data_bytes, - SSL_R_SSL_HANDSHAKE_FAILURE); + OPENSSL_PUT_ERROR(SSL, dtls1_write_app_data, SSL_R_SSL_HANDSHAKE_FAILURE); return -1; } } if (len > SSL3_RT_MAX_PLAIN_LENGTH) { - OPENSSL_PUT_ERROR(SSL, dtls1_write_app_data_bytes, - SSL_R_DTLS_MESSAGE_TOO_BIG); + OPENSSL_PUT_ERROR(SSL, dtls1_write_app_data, SSL_R_DTLS_MESSAGE_TOO_BIG); return -1; } - i = dtls1_write_bytes(s, type, buf_, len); + i = dtls1_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf_, len, + dtls1_use_current_epoch); return i; } /* Call this to write data in records of type 'type' It will return <= 0 if not * all data has been sent or non-blocking IO. */ -int dtls1_write_bytes(SSL *s, int type, const void *buf, int len) { +int dtls1_write_bytes(SSL *s, int type, const void *buf, int len, + enum dtls1_use_epoch_t use_epoch) { int i; assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); s->rwstate = SSL_NOTHING; - i = do_dtls1_write(s, type, buf, len); + i = do_dtls1_write(s, type, buf, len, use_epoch); return i; } -static int do_dtls1_write(SSL *s, int type, const uint8_t *buf, - unsigned int len) { - uint8_t *p, *pseq; - int i; - int prefix_len = 0; - int eivlen = 0; - SSL3_RECORD *wr; - SSL3_BUFFER *wb; - - /* ssl3_write_pending drops the write if |BIO_write| fails in DTLS, so there - * is never pending data. */ - assert(s->s3->wbuf.left == 0); - - /* If we have an alert to send, lets send it */ - if (s->s3->alert_dispatch) { - i = s->method->ssl_dispatch_alert(s); - if (i <= 0) { - return i; - } - /* if it went, fall through and send more stuff */ +/* dtls1_seal_record seals a new record of type |type| and plaintext |in| and + * writes it to |out|. At most |max_out| bytes will be written. It returns one + * on success and zero on error. On success, it updates the write sequence + * number. */ +static int dtls1_seal_record(SSL *s, uint8_t *out, size_t *out_len, + size_t max_out, uint8_t type, const uint8_t *in, + size_t in_len, enum dtls1_use_epoch_t use_epoch) { + if (max_out < DTLS1_RT_HEADER_LENGTH) { + OPENSSL_PUT_ERROR(SSL, dtls1_seal_record, SSL_R_BUFFER_TOO_SMALL); + return 0; } - if (len == 0) { - return 0; + /* Determine the parameters for the current epoch. */ + uint16_t epoch = s->d1->w_epoch; + SSL_AEAD_CTX *aead = s->aead_write_ctx; + uint8_t *seq = s->s3->write_sequence; + if (use_epoch == dtls1_use_previous_epoch) { + /* DTLS renegotiation is unsupported, so only epochs 0 (NULL cipher) and 1 + * (negotiated cipher) exist. */ + assert(s->d1->w_epoch == 1); + epoch = s->d1->w_epoch - 1; + aead = NULL; + seq = s->d1->last_write_sequence; } - wr = &(s->s3->wrec); - wb = &(s->s3->wbuf); + out[0] = type; - if (wb->buf == NULL && !ssl3_setup_write_buffer(s)) { - return -1; - } - p = wb->buf + prefix_len; + uint16_t wire_version = s->s3->have_version ? s->version : DTLS1_VERSION; + out[1] = wire_version >> 8; + out[2] = wire_version & 0xff; - /* write the header */ + out[3] = epoch >> 8; + out[4] = epoch & 0xff; + memcpy(&out[5], &seq[2], 6); - *(p++) = type & 0xff; - wr->type = type; - /* Special case: for hello verify request, client version 1.0 and - * we haven't decided which version to use yet send back using - * version 1.0 header: otherwise some clients will ignore it. - */ - if (!s->s3->have_version) { - *(p++) = DTLS1_VERSION >> 8; - *(p++) = DTLS1_VERSION & 0xff; - } else { - *(p++) = s->version >> 8; - *(p++) = s->version & 0xff; + size_t ciphertext_len; + if (!SSL_AEAD_CTX_seal(aead, out + DTLS1_RT_HEADER_LENGTH, &ciphertext_len, + max_out - DTLS1_RT_HEADER_LENGTH, type, wire_version, + &out[3] /* seq */, in, in_len) || + !ssl3_record_sequence_update(&seq[2], 6)) { + return 0; + } + + if (ciphertext_len >= 1 << 16) { + OPENSSL_PUT_ERROR(SSL, dtls1_seal_record, ERR_R_OVERFLOW); + return 0; } + out[11] = ciphertext_len >> 8; + out[12] = ciphertext_len & 0xff; - /* field where we are to write out packet epoch, seq num and len */ - pseq = p; - p += 10; + *out_len = DTLS1_RT_HEADER_LENGTH + ciphertext_len; - /* Leave room for the variable nonce for AEADs which specify it explicitly. */ - if (s->aead_write_ctx != NULL && - s->aead_write_ctx->variable_nonce_included_in_record) { - eivlen = s->aead_write_ctx->variable_nonce_len; + if (s->msg_callback) { + s->msg_callback(1 /* write */, 0, SSL3_RT_HEADER, out, + DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); } - /* Assemble the input for |s->enc_method->enc|. The input is the plaintext - * with |eivlen| bytes of space prepended for the explicit nonce. */ - wr->input = p; - wr->length = eivlen + len; - memcpy(p + eivlen, buf, len); + return 1; +} - /* Encrypt in-place, so the output also goes into |p|. */ - wr->data = p; +static int do_dtls1_write(SSL *s, int type, const uint8_t *buf, + unsigned int len, enum dtls1_use_epoch_t use_epoch) { + SSL3_BUFFER *wb = &s->s3->wbuf; - if (!s->enc_method->enc(s, 1)) { - goto err; - } + /* ssl3_write_pending drops the write if |BIO_write| fails in DTLS, so there + * is never pending data. */ + assert(s->s3->wbuf.left == 0); - /* there's only one epoch between handshake and app data */ - s2n(s->d1->w_epoch, pseq); + /* If we have an alert to send, lets send it */ + if (s->s3->alert_dispatch) { + int ret = s->method->ssl_dispatch_alert(s); + if (ret <= 0) { + return ret; + } + /* if it went, fall through and send more stuff */ + } - memcpy(pseq, &(s->s3->write_sequence[2]), 6); - pseq += 6; - s2n(wr->length, pseq); + if (wb->buf == NULL && !ssl3_setup_write_buffer(s)) { + return -1; + } - if (s->msg_callback) { - s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH, - DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg); + if (len == 0) { + return 0; } - /* we should now have wr->data pointing to the encrypted data, which is - * wr->length long */ - wr->type = type; /* not needed but helps for debugging */ - wr->length += DTLS1_RT_HEADER_LENGTH; + /* Align the output so the ciphertext is aligned to |SSL3_ALIGN_PAYLOAD|. */ + uintptr_t align = (uintptr_t)wb->buf + DTLS1_RT_HEADER_LENGTH; + align = (0 - align) & (SSL3_ALIGN_PAYLOAD - 1); + uint8_t *out = wb->buf + align; + wb->offset = align; + size_t max_out = wb->len - wb->offset; - if (!ssl3_record_sequence_update(&s->s3->write_sequence[2], 6)) { - goto err; + size_t ciphertext_len; + if (!dtls1_seal_record(s, out, &ciphertext_len, max_out, type, buf, len, + use_epoch)) { + return -1; } /* now let's set up wb */ - wb->left = prefix_len + wr->length; - wb->offset = 0; + wb->left = ciphertext_len; /* memorize arguments so that ssl3_write_pending can detect bad write retries * later */ @@ -817,9 +823,6 @@ static int do_dtls1_write(SSL *s, int type, const uint8_t *buf, /* we now just need to write the buffer */ return ssl3_write_pending(s, type, buf, len); - -err: - return -1; } static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) { @@ -877,7 +880,8 @@ int dtls1_dispatch_alert(SSL *s) { *ptr++ = s->s3->send_alert[0]; *ptr++ = s->s3->send_alert[1]; - i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf)); + i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), + dtls1_use_current_epoch); if (i <= 0) { s->s3->alert_dispatch = 1; } else { diff --git a/src/ssl/d1_srvr.c b/src/ssl/d1_srvr.c index e314910..e49a3f0 100644 --- a/src/ssl/d1_srvr.c +++ b/src/ssl/d1_srvr.c @@ -159,12 +159,7 @@ int dtls1_accept(SSL *s) { state = s->state; switch (s->state) { - case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; - /* s->state=SSL_ST_ACCEPT; */ - case SSL_ST_ACCEPT: - case SSL_ST_BEFORE | SSL_ST_ACCEPT: if (cb != NULL) { cb(s, SSL_CB_HANDSHAKE_START, 1); } @@ -181,49 +176,18 @@ int dtls1_accept(SSL *s) { s->init_num = 0; - if (s->state != SSL_ST_RENEGOTIATE) { - if (!ssl_init_wbio_buffer(s, 1)) { - ret = -1; - goto end; - } - - if (!ssl3_init_finished_mac(s)) { - OPENSSL_PUT_ERROR(SSL, dtls1_accept, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - - s->state = SSL3_ST_SR_CLNT_HELLO_A; - } else { - /* s->state == SSL_ST_RENEGOTIATE, * we will just send a - * HelloRequest */ - s->state = SSL3_ST_SW_HELLO_REQ_A; - } - - break; - - case SSL3_ST_SW_HELLO_REQ_A: - case SSL3_ST_SW_HELLO_REQ_B: - s->shutdown = 0; - dtls1_clear_record_buffer(s); - dtls1_start_timer(s); - ret = ssl3_send_hello_request(s); - if (ret <= 0) { + if (!ssl_init_wbio_buffer(s, 1)) { + ret = -1; goto end; } - s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; - s->state = SSL3_ST_SW_FLUSH; - s->init_num = 0; if (!ssl3_init_finished_mac(s)) { OPENSSL_PUT_ERROR(SSL, dtls1_accept, ERR_R_INTERNAL_ERROR); ret = -1; goto end; } - break; - case SSL3_ST_SW_HELLO_REQ_C: - s->state = SSL_ST_OK; + s->state = SSL3_ST_SR_CLNT_HELLO_A; break; case SSL3_ST_SR_CLNT_HELLO_A: @@ -242,7 +206,6 @@ int dtls1_accept(SSL *s) { case SSL3_ST_SW_SRVR_HELLO_A: case SSL3_ST_SW_SRVR_HELLO_B: - s->renegotiate = 2; dtls1_start_timer(s); ret = ssl3_send_server_hello(s); if (ret <= 0) { @@ -310,29 +273,17 @@ int dtls1_accept(SSL *s) { case SSL3_ST_SW_CERT_REQ_A: case SSL3_ST_SW_CERT_REQ_B: - if (/* don't request cert unless asked for it: */ - !(s->verify_mode & SSL_VERIFY_PEER) || - /* if SSL_VERIFY_CLIENT_ONCE is set, - * don't request cert during re-negotiation: */ - ((s->session->peer != NULL) && - (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - /* With normal PSK Certificates and - * Certificate Requests are omitted */ - (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { - /* no cert request */ - skip = 1; - s->s3->tmp.cert_request = 0; - s->state = SSL3_ST_SW_SRVR_DONE_A; - } else { - s->s3->tmp.cert_request = 1; + if (s->s3->tmp.cert_request) { dtls1_start_timer(s); ret = ssl3_send_certificate_request(s); if (ret <= 0) { goto end; } - s->state = SSL3_ST_SW_SRVR_DONE_A; - s->init_num = 0; + } else { + skip = 1; } + s->state = SSL3_ST_SW_SRVR_DONE_A; + s->init_num = 0; break; case SSL3_ST_SW_SRVR_DONE_A: @@ -470,17 +421,12 @@ int dtls1_accept(SSL *s) { ssl_free_wbio_buffer(s); s->init_num = 0; + s->s3->initial_handshake_complete = 1; - if (s->renegotiate == 2) { - /* skipped if we just sent a HelloRequest */ - s->renegotiate = 0; - s->new_session = 0; + ssl_update_cache(s, SSL_SESS_CACHE_SERVER); - ssl_update_cache(s, SSL_SESS_CACHE_SERVER); - - if (cb != NULL) { - cb(s, SSL_CB_HANDSHAKE_DONE, 1); - } + if (cb != NULL) { + cb(s, SSL_CB_HANDSHAKE_DONE, 1); } ret = 1; diff --git a/src/ssl/internal.h b/src/ssl/internal.h index 3bd749d..7d9a5ad 100644 --- a/src/ssl/internal.h +++ b/src/ssl/internal.h @@ -215,19 +215,6 @@ * one, update the table in ssl_cipher.c. */ #define SSL_MAX_DIGEST 4 -#define TLS1_PRF_DGST_MASK (0xff << TLS1_PRF_DGST_SHIFT) - -#define TLS1_PRF_DGST_SHIFT 10 -#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT) -#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1) - -/* SSL_CIPHER_ALGORITHM2_AEAD is a flag in SSL_CIPHER.algorithm2 which - * indicates that the cipher is implemented via an EVP_AEAD. */ -#define SSL_CIPHER_ALGORITHM2_AEAD (1 << 23) - /* SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD is a flag in * SSL_CIPHER.algorithm2 which indicates that the variable part of the nonce is * included as a prefix of the record. (AES-GCM, for example, does with with an @@ -273,6 +260,9 @@ ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, #define SSL_PKEY_ECC 2 #define SSL_PKEY_NUM 3 +/* ssl_cipher_get_value returns the cipher suite id of |cipher|. */ +uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher); + /* ssl_cipher_get_cert_index returns the |SSL_PKEY_*| value corresponding to the * certificate type of |cipher| or -1 if there is none. */ int ssl_cipher_get_cert_index(const SSL_CIPHER *cipher); @@ -291,6 +281,75 @@ int ssl_cipher_has_server_public_key(const SSL_CIPHER *cipher); int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher); +/* Encryption layer. */ + +/* SSL_AEAD_CTX contains information about an AEAD that is being used to encrypt + * an SSL connection. */ +struct ssl_aead_ctx_st { + const SSL_CIPHER *cipher; + EVP_AEAD_CTX ctx; + /* fixed_nonce contains any bytes of the nonce that are fixed for all + * records. */ + uint8_t fixed_nonce[8]; + uint8_t fixed_nonce_len, variable_nonce_len; + /* variable_nonce_included_in_record is non-zero if the variable nonce + * for a record is included as a prefix before the ciphertext. */ + char variable_nonce_included_in_record; + /* random_variable_nonce is non-zero if the variable nonce is + * randomly generated, rather than derived from the sequence + * number. */ + char random_variable_nonce; + /* omit_length_in_ad is non-zero if the length should be omitted in the + * AEAD's ad parameter. */ + char omit_length_in_ad; + /* omit_version_in_ad is non-zero if the version should be omitted + * in the AEAD's ad parameter. */ + char omit_version_in_ad; +} /* SSL_AEAD_CTX */; + +/* SSL_AEAD_CTX_new creates a newly-allocated |SSL_AEAD_CTX| using the supplied + * key material. It returns NULL on error. Only one of |SSL_AEAD_CTX_open| or + * |SSL_AEAD_CTX_seal| may be used with the resulting object, depending on + * |direction|. |version| is the normalized protocol version, so DTLS 1.0 is + * represented as 0x0301, not 0xffef. */ +SSL_AEAD_CTX *SSL_AEAD_CTX_new(enum evp_aead_direction_t direction, + uint16_t version, const SSL_CIPHER *cipher, + const uint8_t *enc_key, size_t enc_key_len, + const uint8_t *mac_key, size_t mac_key_len, + const uint8_t *fixed_iv, size_t fixed_iv_len); + +/* SSL_AEAD_CTX_free frees |ctx|. */ +void SSL_AEAD_CTX_free(SSL_AEAD_CTX *ctx); + +/* SSL_AEAD_CTX_explicit_nonce_len returns the length of the explicit nonce for + * |ctx|, if any. |ctx| may be NULL to denote the null cipher. */ +size_t SSL_AEAD_CTX_explicit_nonce_len(SSL_AEAD_CTX *ctx); + +/* SSL_AEAD_CTX_max_overhead returns the maximum overhead of calling + * |SSL_AEAD_CTX_seal|. |ctx| may be NULL to denote the null cipher. */ +size_t SSL_AEAD_CTX_max_overhead(SSL_AEAD_CTX *ctx); + +/* SSL_AEAD_CTX_open authenticates and decrypts |in_len| bytes from |in| and + * writes the result to |out|. It returns one on success and zero on + * error. |ctx| may be NULL to denote the null cipher. + * + * If |in| and |out| alias then |out| must be <= |in| + |explicit_nonce_len|. */ +int SSL_AEAD_CTX_open(SSL_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, + size_t max_out, uint8_t type, uint16_t wire_version, + const uint8_t seqnum[8], const uint8_t *in, + size_t in_len); + +/* SSL_AEAD_CTX_seal encrypts and authenticates |in_len| bytes from |in| and + * writes the result to |out|. It returns one on success and zero on + * error. |ctx| may be NULL to denote the null cipher. + * + * If |in| and |out| alias then |out| + |explicit_nonce_len| must be <= |in| */ +int SSL_AEAD_CTX_seal(SSL_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, + size_t max_out, uint8_t type, uint16_t wire_version, + const uint8_t seqnum[8], const uint8_t *in, + size_t in_len); + + /* Underdocumented functions. * * Functions below here haven't been touched up and may be underdocumented. */ @@ -568,23 +627,18 @@ struct ssl_protocol_method_st { void (*ssl_free)(SSL *s); int (*ssl_accept)(SSL *s); int (*ssl_connect)(SSL *s); - int (*ssl_read)(SSL *s, void *buf, int len); - int (*ssl_peek)(SSL *s, void *buf, int len); - int (*ssl_write)(SSL *s, const void *buf, int len); - int (*ssl_shutdown)(SSL *s); - int (*ssl_renegotiate)(SSL *s); - int (*ssl_renegotiate_check)(SSL *s); long (*ssl_get_message)(SSL *s, int header_state, int body_state, int msg_type, long max, enum ssl_hash_message_t hash_message, int *ok); - int (*ssl_read_bytes)(SSL *s, int type, uint8_t *buf, int len, int peek); - int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); + int (*ssl_read_app_data)(SSL *s, uint8_t *buf, int len, int peek); + void (*ssl_read_close_notify)(SSL *s); + int (*ssl_write_app_data)(SSL *s, const void *buf_, int len); int (*ssl_dispatch_alert)(SSL *s); long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg); long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg); - int (*ssl_pending)(const SSL *s); - size_t (*num_ciphers)(void); - const SSL_CIPHER *(*get_cipher)(size_t i); + /* supports_cipher returns one if |cipher| is supported by this protocol and + * zero otherwise. */ + int (*supports_cipher)(const SSL_CIPHER *cipher); /* Handshake header length */ unsigned int hhlen; /* Set the handshake header */ @@ -596,7 +650,6 @@ struct ssl_protocol_method_st { /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit * of a mess of functions, but hell, think of it as an opaque structure. */ struct ssl3_enc_method { - int (*enc)(SSL *, int); int (*prf)(SSL *, uint8_t *, size_t, const uint8_t *, size_t, const char *, size_t, const uint8_t *, size_t, const uint8_t *, size_t); int (*setup_key_block)(SSL *); @@ -634,29 +687,6 @@ struct ssl3_enc_method { * may apply to others in future. */ #define SSL_ENC_FLAG_TLS1_2_CIPHERS 0x8 -/* ssl_aead_ctx_st contains information about an AEAD that is being used to - * encrypt an SSL connection. */ -struct ssl_aead_ctx_st { - EVP_AEAD_CTX ctx; - /* fixed_nonce contains any bytes of the nonce that are fixed for all - * records. */ - uint8_t fixed_nonce[8]; - uint8_t fixed_nonce_len, variable_nonce_len, tag_len; - /* variable_nonce_included_in_record is non-zero if the variable nonce - * for a record is included as a prefix before the ciphertext. */ - char variable_nonce_included_in_record; - /* random_variable_nonce is non-zero if the variable nonce is - * randomly generated, rather than derived from the sequence - * number. */ - char random_variable_nonce; - /* omit_length_in_ad is non-zero if the length should be omitted in the - * AEAD's ad parameter. */ - char omit_length_in_ad; - /* omit_version_in_ad is non-zero if the version should be omitted - * in the AEAD's ad parameter. */ - char omit_version_in_ad; -}; - /* lengths of messages */ #define DTLS1_COOKIE_LENGTH 256 @@ -757,8 +787,6 @@ typedef struct dtls1_state_st { unsigned int change_cipher_spec_ok; } DTLS1_STATE; -extern const SSL_CIPHER ssl3_ciphers[]; - extern const SSL3_ENC_METHOD TLSv1_enc_data; extern const SSL3_ENC_METHOD TLSv1_1_enc_data; extern const SSL3_ENC_METHOD TLSv1_2_enc_data; @@ -773,9 +801,8 @@ void ssl_cert_free(CERT *c); SESS_CERT *ssl_sess_cert_new(void); void ssl_sess_cert_free(SESS_CERT *sc); int ssl_set_peer_cert_type(SESS_CERT *c, int type); +int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx); -int ssl_cipher_id_cmp(const void *in_a, const void *in_b); -int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs); int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p); struct ssl_cipher_preference_list_st *ssl_cipher_preference_list_dup( @@ -799,6 +826,7 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags); int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref); CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c); +void ssl_update_cache(SSL *s, int mode); int ssl_cert_type(EVP_PKEY *pkey); /* ssl_get_compatible_server_ciphers determines the key exchange and @@ -810,10 +838,11 @@ void ssl_get_compatible_server_ciphers(SSL *s, uint32_t *out_mask_k, STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); int ssl_verify_alarm_type(long type); -int ssl_fill_hello_random(SSL *s, int server, uint8_t *field, size_t len); -const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); -uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c); +/* ssl_fill_hello_random fills a client_random or server_random field of length + * |len|. It returns one on success and zero on failure. */ +int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server); + int ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); int ssl3_send_new_session_ticket(SSL *s); @@ -845,13 +874,13 @@ int ssl3_cert_verify_hash(SSL *s, uint8_t *out, size_t *out_len, const EVP_MD **out_md, EVP_PKEY *pkey); int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen); -size_t ssl3_num_ciphers(void); -const SSL_CIPHER *ssl3_get_cipher(size_t i); -int ssl3_renegotiate(SSL *ssl); -int ssl3_renegotiate_check(SSL *ssl); +int ssl3_supports_cipher(const SSL_CIPHER *cipher); int ssl3_dispatch_alert(SSL *s); int ssl3_expect_change_cipher_spec(SSL *s); +int ssl3_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek); +void ssl3_read_close_notify(SSL *ssl); int ssl3_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek); +int ssl3_write_app_data(SSL *ssl, const void *buf, int len); int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); int ssl3_final_finish_mac(SSL *s, const char *sender, int slen, uint8_t *p); int ssl3_cert_verify_mac(SSL *s, int md_nid, uint8_t *p); @@ -876,13 +905,8 @@ int ssl3_new(SSL *s); void ssl3_free(SSL *s); int ssl3_accept(SSL *s); int ssl3_connect(SSL *s); -int ssl3_read(SSL *s, void *buf, int len); -int ssl3_peek(SSL *s, void *buf, int len); -int ssl3_write(SSL *s, const void *buf, int len); -int ssl3_shutdown(SSL *s); long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg); long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg); -int ssl3_pending(const SSL *s); /* ssl3_record_sequence_update increments the sequence number in |seq|. It * returns one on success and zero on wraparound. */ @@ -893,16 +917,24 @@ int ssl3_do_change_cipher_spec(SSL *ssl); int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len); int ssl3_handshake_write(SSL *s); -int dtls1_do_write(SSL *s, int type); +enum dtls1_use_epoch_t { + dtls1_use_previous_epoch, + dtls1_use_current_epoch, +}; + +int dtls1_do_write(SSL *s, int type, enum dtls1_use_epoch_t use_epoch); int ssl3_read_n(SSL *s, int n, int extend); +int dtls1_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek); +void dtls1_read_close_notify(SSL *ssl); int dtls1_read_bytes(SSL *s, int type, uint8_t *buf, int len, int peek); int ssl3_write_pending(SSL *s, int type, const uint8_t *buf, unsigned int len); void dtls1_set_message_header(SSL *s, uint8_t mt, unsigned long len, unsigned short seq_num, unsigned long frag_off, unsigned long frag_len); -int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len); -int dtls1_write_bytes(SSL *s, int type, const void *buf, int len); +int dtls1_write_app_data(SSL *s, const void *buf, int len); +int dtls1_write_bytes(SSL *s, int type, const void *buf, int len, + enum dtls1_use_epoch_t use_epoch); int dtls1_send_change_cipher_spec(SSL *s, int a, int b); int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen); @@ -917,7 +949,7 @@ int dtls1_check_timeout_num(SSL *s); int dtls1_set_handshake_header(SSL *s, int type, unsigned long len); int dtls1_handshake_write(SSL *s); -const SSL_CIPHER *dtls1_get_cipher(size_t i); +int dtls1_supports_cipher(const SSL_CIPHER *cipher); void dtls1_start_timer(SSL *s); void dtls1_stop_timer(SSL *s); int dtls1_is_timer_expired(SSL *s); @@ -949,7 +981,6 @@ int ssl3_get_initial_bytes(SSL *s); int ssl3_get_v2_client_hello(SSL *s); int ssl3_get_client_hello(SSL *s); int ssl3_send_server_hello(SSL *s); -int ssl3_send_hello_request(SSL *s); int ssl3_send_server_key_exchange(SSL *s); int ssl3_send_certificate_request(SSL *s); int ssl3_send_server_done(SSL *s); @@ -963,7 +994,6 @@ int dtls1_new(SSL *s); int dtls1_accept(SSL *s); int dtls1_connect(SSL *s); void dtls1_free(SSL *s); -int dtls1_shutdown(SSL *s); long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, enum ssl_hash_message_t hash_message, int *ok); @@ -985,7 +1015,6 @@ int tls1_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, int tls1_change_cipher_state(SSL *s, int which); int tls1_setup_key_block(SSL *s); -int tls1_enc(SSL *s, int snd); int tls1_handshake_digest(SSL *s, uint8_t *out, size_t out_len); int tls1_final_finish_mac(SSL *s, const char *str, int slen, uint8_t *p); int tls1_cert_verify_mac(SSL *s, int md_nid, uint8_t *p); @@ -997,7 +1026,6 @@ int tls1_export_keying_material(SSL *s, uint8_t *out, size_t out_len, int use_context); int tls1_alert_code(int code); int ssl3_alert_code(int code); -int ssl_ok(SSL *s); int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); diff --git a/src/ssl/pqueue/CMakeLists.txt b/src/ssl/pqueue/CMakeLists.txt index 9f14020..53d2a8b 100644 --- a/src/ssl/pqueue/CMakeLists.txt +++ b/src/ssl/pqueue/CMakeLists.txt @@ -12,6 +12,8 @@ add_executable( pqueue_test pqueue_test.c + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(pqueue_test ssl crypto) diff --git a/src/ssl/pqueue/pqueue_test.c b/src/ssl/pqueue/pqueue_test.c index cb688f7..5a68fc4 100644 --- a/src/ssl/pqueue/pqueue_test.c +++ b/src/ssl/pqueue/pqueue_test.c @@ -72,7 +72,7 @@ static int fixed_random(void) { for (i = 0; i < NUM_ITEMS; i++) { priority[7] = ordering[i]; item = pitem_new(priority, &ordering[i]); - if (pqueue_insert(q, item) != item) { + if (item == NULL || pqueue_insert(q, item) != item) { return 0; } } @@ -82,7 +82,7 @@ static int fixed_random(void) { for (i = 0; i < NUM_ITEMS; i++) { priority[7] = ordering[i]; item = pitem_new(priority, &ordering[i]); - if (pqueue_insert(q, item) != NULL) { + if (item == NULL || pqueue_insert(q, item) != NULL) { return 0; } pitem_free(item); diff --git a/src/ssl/s3_both.c b/src/ssl/s3_both.c index b78f6d3..06338b7 100644 --- a/src/ssl/s3_both.c +++ b/src/ssl/s3_both.c @@ -195,8 +195,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) { return ssl_do_write(s); } -/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to - * far. */ +/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen + * so far. */ static void ssl3_take_mac(SSL *s) { const char *sender; int slen; @@ -357,8 +357,8 @@ long ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type, for (;;) { while (s->init_num < 4) { - int bytes_read = s->method->ssl_read_bytes( - s, SSL3_RT_HANDSHAKE, &p[s->init_num], 4 - s->init_num, 0); + int bytes_read = ssl3_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num], + 4 - s->init_num, 0); if (bytes_read <= 0) { *ok = 0; return bytes_read; @@ -413,8 +413,8 @@ long ssl3_get_message(SSL *s, int header_state, int body_state, int msg_type, p = s->init_msg; n = s->s3->tmp.message_size - s->init_num; while (n > 0) { - int bytes_read = - s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num], n, 0); + int bytes_read = ssl3_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num], n, + 0); if (bytes_read <= 0) { s->rwstate = SSL_READING; *ok = 0; @@ -667,20 +667,10 @@ int ssl3_release_read_buffer(SSL *s) { return 1; } -/* ssl_fill_hello_random fills a client_random or server_random field of length - * |len|. Returns 0 on failure or 1 on success. */ -int ssl_fill_hello_random(SSL *s, int server, uint8_t *result, size_t len) { - int send_time = 0; - - if (server) { - send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; - } else { - send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; - } - - if (send_time) { +int ssl_fill_hello_random(uint8_t *out, size_t len, int is_server) { + if (is_server) { const uint32_t current_time = time(NULL); - uint8_t *p = result; + uint8_t *p = out; if (len < 4) { return 0; @@ -691,6 +681,6 @@ int ssl_fill_hello_random(SSL *s, int server, uint8_t *result, size_t len) { p[3] = current_time; return RAND_bytes(p + 4, len - 4); } else { - return RAND_bytes(result, len); + return RAND_bytes(out, len); } } diff --git a/src/ssl/s3_clnt.c b/src/ssl/s3_clnt.c index d01acae..159e2d7 100644 --- a/src/ssl/s3_clnt.c +++ b/src/ssl/s3_clnt.c @@ -193,25 +193,11 @@ int ssl3_connect(SSL *s) { state = s->state; switch (s->state) { - case SSL_ST_RENEGOTIATE: - s->renegotiate = 1; - s->state = SSL_ST_CONNECT; - /* fallthrough */ case SSL_ST_CONNECT: - case SSL_ST_BEFORE | SSL_ST_CONNECT: if (cb != NULL) { cb(s, SSL_CB_HANDSHAKE_START, 1); } - if ((s->version >> 8) != 3) { - /* TODO(davidben): Some consumers clear |s->version| to break the - * handshake in a callback. Remove this when they're using proper - * APIs. */ - OPENSSL_PUT_ERROR(SSL, ssl3_connect, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - if (s->init_buf == NULL) { buf = BUF_MEM_new(); if (buf == NULL || @@ -457,7 +443,7 @@ int ssl3_connect(SSL *s) { ssl3_can_false_start(s) && /* No False Start on renegotiation (would complicate the state * machine). */ - s->s3->previous_server_finished_len == 0) { + !s->s3->initial_handshake_complete) { s->s3->tmp.next_state = SSL3_ST_FALSE_START; } else { /* Allow NewSessionTicket if ticket expected */ @@ -551,9 +537,8 @@ int ssl3_connect(SSL *s) { ssl_free_wbio_buffer(s); s->init_num = 0; - s->renegotiate = 0; - s->new_session = 0; s->s3->tmp.in_false_start = 0; + s->s3->initial_handshake_complete = 1; ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); @@ -625,7 +610,8 @@ int ssl3_send_client_hello(SSL *s) { /* If resending the ClientHello in DTLS after a HelloVerifyRequest, don't * renegerate the client_random. The random must be reused. */ if ((!SSL_IS_DTLS(s) || !s->d1->send_cookie) && - !ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random))) { + !ssl_fill_hello_random(p, sizeof(s->s3->client_random), + 0 /* client */)) { goto err; } @@ -666,7 +652,8 @@ int ssl3_send_client_hello(SSL *s) { p += SSL3_RANDOM_SIZE; /* Session ID */ - if (s->new_session || s->session == NULL) { + if (s->s3->initial_handshake_complete || s->session == NULL) { + /* Renegotiations do not participate in session resumption. */ i = 0; } else { i = s->session->session_id_length; @@ -778,6 +765,7 @@ int ssl3_get_server_hello(SSL *s) { goto f_err; } + assert(s->s3->have_version == s->s3->initial_handshake_complete); if (!s->s3->have_version) { if (!ssl3_is_version_enabled(s, server_version)) { OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, SSL_R_UNSUPPORTED_PROTOCOL); @@ -804,8 +792,9 @@ int ssl3_get_server_hello(SSL *s) { memcpy(s->s3->server_random, CBS_data(&server_random), SSL3_RANDOM_SIZE); assert(s->session == NULL || s->session->session_id_length > 0); - if (s->session != NULL && CBS_mem_equal(&session_id, s->session->session_id, - s->session->session_id_length)) { + if (!s->s3->initial_handshake_complete && s->session != NULL && + CBS_mem_equal(&session_id, s->session->session_id, + s->session->session_id_length)) { if (s->sid_ctx_length != s->session->sid_ctx_length || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { /* actually a client application bug */ @@ -827,7 +816,7 @@ int ssl3_get_server_hello(SSL *s) { memcpy(s->session->session_id, CBS_data(&session_id), CBS_len(&session_id)); } - c = ssl3_get_cipher_by_value(cipher_suite); + c = SSL_get_cipher_by_value(cipher_suite); if (c == NULL) { /* unknown cipher */ al = SSL_AD_ILLEGAL_PARAMETER; @@ -876,9 +865,10 @@ int ssl3_get_server_hello(SSL *s) { } s->s3->tmp.new_cipher = c; - /* Don't digest cached records if no sigalgs: we may need them for client - * authentication. */ - if (!SSL_USE_SIGALGS(s) && + /* If doing a full handshake with TLS 1.2, the server may request a client + * certificate which requires hashing the handshake transcript under a + * different hash. Otherwise, release the handshake buffer. */ + if ((!SSL_USE_SIGALGS(s) || s->hit) && !ssl3_digest_cached_records(s, free_handshake_buffer)) { goto f_err; } @@ -905,6 +895,19 @@ int ssl3_get_server_hello(SSL *s) { goto f_err; } + if (s->hit && + s->s3->tmp.extended_master_secret != s->session->extended_master_secret) { + al = SSL_AD_HANDSHAKE_FAILURE; + if (s->session->extended_master_secret) { + OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, + SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION); + } else { + OPENSSL_PUT_ERROR(SSL, ssl3_get_server_hello, + SSL_R_RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION); + } + goto f_err; + } + return 1; f_err: @@ -1185,7 +1188,7 @@ int ssl3_get_server_key_exchange(SSL *s) { goto err; } - if (DH_size(dh) < 512 / 8) { + if (DH_num_bits(dh) < 1024) { OPENSSL_PUT_ERROR(SSL, ssl3_get_server_key_exchange, SSL_R_BAD_DH_P_LENGTH); goto err; @@ -2128,6 +2131,13 @@ int ssl3_send_client_certificate(SSL *s) { return 1; } else { s->s3->tmp.cert_req = 2; + /* There is no client certificate, so the handshake buffer may be + * released. */ + if (s->s3->handshake_buffer && + !ssl3_digest_cached_records(s, free_handshake_buffer)) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + return -1; + } } } diff --git a/src/ssl/s3_lib.c b/src/ssl/s3_lib.c index 92c923e..1c28a73 100644 --- a/src/ssl/s3_lib.c +++ b/src/ssl/s3_lib.c @@ -160,327 +160,7 @@ #include "internal.h" -#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) - -/* list of available SSLv3 ciphers (sorted by id) */ -const SSL_CIPHER ssl3_ciphers[] = { - /* The RSA ciphers */ - /* Cipher 04 */ - { - SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA, - SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher 05 */ - { - SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA, - SSL_RC4, SSL_SHA1, SSL_SSLV3, SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher 0A */ - { - SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA, - SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 112, 168, - }, - - - /* New AES ciphersuites */ - - /* Cipher 2F */ - { - TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA, - SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher 33 */ - { - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher 35 */ - { - TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA, - SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, - }, - - /* Cipher 39 */ - { - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, - }, - - - /* TLS v1.2 ciphersuites */ - - /* Cipher 3C */ - { - TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, - SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, - }, - - /* Cipher 3D */ - { - TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256, - SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256, SSL_TLSV1_2, - SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, - }, - - /* Cipher 67 */ - { - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128, - SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, - }, - - /* Cipher 6B */ - { - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256, - SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256, - }, - - /* Cipher 8A */ - { - TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK, - SSL_aPSK, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher 8C */ - { - TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA, - SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher 8D */ - { - TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA, - SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, - }, - - - /* GCM ciphersuites from RFC5288 */ - - /* Cipher 9C */ - { - TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM, - SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 128, 128, - }, - - /* Cipher 9D */ - { - TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM, - SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 256, 256, - }, - - /* Cipher 9E */ - { - TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM, - SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 128, 128, - }, - - /* Cipher 9F */ - { - TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM, - SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 256, 256, - }, - - /* Cipher C007 */ - { - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4, - SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, - 128, - }, - - /* Cipher C009 */ - { - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA, - SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher C00A */ - { - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA, - SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, - }, - - /* Cipher C011 */ - { - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher C013 */ - { - TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128, - SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128, - }, - - /* Cipher C014 */ - { - TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256, - SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256, - }, - - - /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ - - /* Cipher C023 */ - { - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA, - SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, - }, - - /* Cipher C024 */ - { - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA, - SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, - }, - - /* Cipher C027 */ - { - TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128, - SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128, - }, - - /* Cipher C028 */ - { - TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256, - SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256, - }, - - - /* GCM based TLS v1.2 ciphersuites from RFC5289 */ - - /* Cipher C02B */ - { - TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA, - SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 128, 128, - }, - - /* Cipher C02C */ - { - TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA, - SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 256, 256, - }, - - /* Cipher C02F */ - { - TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA, - SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 128, 128, - }, - - /* Cipher C030 */ - { - TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA, - SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 256, 256, - }, - - - /* ECDH PSK ciphersuites */ - - /* Cipher CAFE */ -#if !defined(ANDROID) - { - TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256, - TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aPSK, - SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, - 128, 128, - }, - - { - TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA, - SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD, - 256, 0, - }, - - { - TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, - TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA, - SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD, - 256, 0, - }, - - { - TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, - TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kDHE, SSL_aRSA, - SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, - SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD, - 256, 0, - }, -#endif -}; - const SSL3_ENC_METHOD SSLv3_enc_data = { - tls1_enc, ssl3_prf, tls1_setup_key_block, tls1_generate_master_secret, @@ -494,23 +174,8 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { 0, }; -size_t ssl3_num_ciphers(void) { return SSL3_NUM_CIPHERS; } - -const SSL_CIPHER *ssl3_get_cipher(size_t i) { - if (i >= SSL3_NUM_CIPHERS) { - return NULL; - } - - return &ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - i]; -} - -int ssl3_pending(const SSL *s) { - if (s->rstate == SSL_ST_READ_BODY) { - return 0; - } - - return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length - : 0; +int ssl3_supports_cipher(const SSL_CIPHER *cipher) { + return 1; } int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) { @@ -535,7 +200,6 @@ int ssl3_new(SSL *s) { } memset(s3, 0, sizeof *s3); memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); - memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); s->s3 = s3; @@ -948,27 +612,6 @@ int SSL_CTX_set_tlsext_ticket_key_cb( return 1; } -/* ssl3_get_cipher_by_value returns the SSL_CIPHER with value |value| or NULL - * if none exists. - * - * This function needs to check if the ciphers required are actually - * available. */ -const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value) { - SSL_CIPHER c; - - c.id = 0x03000000L | value; - return bsearch(&c, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER), - ssl_cipher_id_cmp); -} - -/* ssl3_get_cipher_by_value returns the cipher value of |c|. */ -uint16_t ssl3_get_cipher_value(const SSL_CIPHER *c) { - uint32_t id = c->id; - /* All ciphers are SSLv3 now. */ - assert((id & 0xff000000) == 0x03000000); - return id & 0xffff; -} - struct ssl_cipher_preference_list_st *ssl_get_cipher_preferences(SSL *s) { if (s->cipher_list != NULL) { return s->cipher_list; @@ -1121,106 +764,14 @@ static int ssl3_set_req_cert_type(CERT *c, const uint8_t *p, size_t len) { return 1; } -int ssl3_shutdown(SSL *s) { - int ret; - - /* Do nothing if configured not to send a close_notify. */ - if (s->quiet_shutdown) { - s->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN; - return 1; - } - - if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { - s->shutdown |= SSL_SENT_SHUTDOWN; - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); - - /* our shutdown alert has been sent now, and if it still needs to be - * written, s->s3->alert_dispatch will be true */ - if (s->s3->alert_dispatch) { - return -1; /* return WANT_WRITE */ - } - } else if (s->s3->alert_dispatch) { - /* resend it if not sent */ - ret = s->method->ssl_dispatch_alert(s); - if (ret == -1) { - /* we only get to return -1 here the 2nd/Nth invocation, we must have - * already signalled return 0 upon a previous invoation, return - * WANT_WRITE */ - return ret; - } - } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - /* If we are waiting for a close from our peer, we are closed */ - s->method->ssl_read_bytes(s, 0, NULL, 0, 0); - if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { - return -1; /* return WANT_READ */ - } - } - - if (s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) && - !s->s3->alert_dispatch) { - return 1; - } else { - return 0; - } -} - -int ssl3_write(SSL *s, const void *buf, int len) { - ERR_clear_system_error(); - if (s->s3->renegotiate) { - ssl3_renegotiate_check(s); - } - - return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len); -} - -static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) { - ERR_clear_system_error(); - if (s->s3->renegotiate) { - ssl3_renegotiate_check(s); - } - - return s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len, peek); -} - -int ssl3_read(SSL *s, void *buf, int len) { - return ssl3_read_internal(s, buf, len, 0); -} - -int ssl3_peek(SSL *s, void *buf, int len) { - return ssl3_read_internal(s, buf, len, 1); -} - -int ssl3_renegotiate(SSL *s) { - if (s->handshake_func == NULL) { - return 1; - } - - s->s3->renegotiate = 1; - return 1; -} - -int ssl3_renegotiate_check(SSL *s) { - if (s->s3->renegotiate && s->s3->rbuf.left == 0 && s->s3->wbuf.left == 0 && - !SSL_in_init(s)) { - /* if we are the server, and we have sent a 'RENEGOTIATE' message, we - * need to go to SSL_ST_ACCEPT. */ - s->state = SSL_ST_RENEGOTIATE; - s->s3->renegotiate = 0; - s->s3->total_renegotiations++; - return 1; - } - - return 0; -} - /* If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and * handshake macs if required. */ uint32_t ssl_get_algorithm2(SSL *s) { - static const uint32_t kMask = SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF; + static const uint32_t kMask = SSL_HANDSHAKE_MAC_DEFAULT; uint32_t alg2 = s->s3->tmp.new_cipher->algorithm2; if (s->enc_method->enc_flags & SSL_ENC_FLAG_SHA256_PRF && (alg2 & kMask) == kMask) { - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + return SSL_HANDSHAKE_MAC_SHA256; } return alg2; } diff --git a/src/ssl/s3_meth.c b/src/ssl/s3_meth.c index 28b9051..66bbb29 100644 --- a/src/ssl/s3_meth.c +++ b/src/ssl/s3_meth.c @@ -63,21 +63,14 @@ static const SSL_PROTOCOL_METHOD TLS_protocol_method = { ssl3_free, ssl3_accept, ssl3_connect, - ssl3_read, - ssl3_peek, - ssl3_write, - ssl3_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, ssl3_get_message, - ssl3_read_bytes, - ssl3_write_bytes, + ssl3_read_app_data, + ssl3_read_close_notify, + ssl3_write_app_data, ssl3_dispatch_alert, ssl3_ctrl, ssl3_ctx_ctrl, - ssl3_pending, - ssl3_num_ciphers, - ssl3_get_cipher, + ssl3_supports_cipher, SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, ssl3_handshake_write, diff --git a/src/ssl/s3_pkt.c b/src/ssl/s3_pkt.c index c42d000..4a9ae83 100644 --- a/src/ssl/s3_pkt.c +++ b/src/ssl/s3_pkt.c @@ -129,9 +129,13 @@ int ssl3_read_n(SSL *s, int n, int extend) { * if |extend| is 1, increase packet by another n bytes. * * The packet will be in the sub-array of |s->s3->rbuf.buf| specified by - * |s->packet| and |s->packet_length|. (If |s->read_ahead| is set and |extend| - * is 0, additional bytes may be read into |rbuf|, up to the size of the - * buffer.) */ + * |s->packet| and |s->packet_length|. (If DTLS and |extend| is 0, additional + * bytes will be read into |rbuf|, up to the size of the buffer.) + * + * TODO(davidben): |dtls1_get_record| and |ssl3_get_record| have very + * different needs. Separate the two record layers. In DTLS, |BIO_read| is + * called at most once, and only when |extend| is 0. In TLS, the buffer never + * contains more than one record. */ int i, len, left; uintptr_t align = 0; uint8_t *pkt; @@ -173,10 +177,10 @@ int ssl3_read_n(SSL *s, int n, int extend) { /* ... now we can act as if 'extend' was set */ } - /* For DTLS/UDP reads should not span multiple packets because the read - * operation returns the whole packet at once (as long as it fits into the - * buffer). */ - if (SSL_IS_DTLS(s) && left > 0 && n > left) { + /* In DTLS, if there is leftover data from the previous packet or |extend| is + * true, clamp to the previous read. DTLS records may not span packet + * boundaries. */ + if (SSL_IS_DTLS(s) && n > left && (left > 0 || extend)) { n = left; } @@ -207,7 +211,7 @@ int ssl3_read_n(SSL *s, int n, int extend) { } int max = n; - if (s->read_ahead && !extend) { + if (SSL_IS_DTLS(s) && !extend) { max = rb->len - rb->offset; } @@ -262,16 +266,14 @@ int ssl3_read_n(SSL *s, int n, int extend) { * ssl->s3->rrec.length - number of bytes */ /* used only by ssl3_read_bytes */ static int ssl3_get_record(SSL *s) { - int ssl_major, ssl_minor, al; - int n, i, ret = -1; - SSL3_RECORD *rr; + uint8_t ssl_major, ssl_minor; + int al, n, i, ret = -1; + SSL3_RECORD *rr = &s->s3->rrec; uint8_t *p; - short version; + uint16_t version; size_t extra; unsigned empty_record_count = 0; - rr = &s->s3->rrec; - again: /* check if we have the header */ if (s->rstate != SSL_ST_READ_BODY || @@ -296,7 +298,7 @@ again: rr->type = *(p++); ssl_major = *(p++); ssl_minor = *(p++); - version = (ssl_major << 8) | ssl_minor; + version = (((uint16_t)ssl_major) << 8) | ssl_minor; n2s(p, rr->length); if (s->s3->have_version && version != s->version) { @@ -339,40 +341,40 @@ again: s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ - /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, and - * we have that many bytes in s->packet. */ - rr->input = &s->packet[SSL3_RT_HEADER_LENGTH]; - - /* ok, we can now read from |s->packet| data into |rr|. |rr->input| points at - * |rr->length| bytes, which need to be copied into |rr->data| by decryption. - * When the data is 'copied' into the |rr->data| buffer, |rr->input| will be - * pointed at the new buffer. */ + /* |rr->data| points to |rr->length| bytes of ciphertext in |s->packet|. */ + rr->data = &s->packet[SSL3_RT_HEADER_LENGTH]; - /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] - * rr->length bytes of encrypted compressed stuff. */ - - /* decrypt in place in 'rr->input' */ - rr->data = rr->input; - - if (!s->enc_method->enc(s, 0)) { + /* Decrypt the packet in-place. + * + * TODO(davidben): This assumes |s->version| is the same as the record-layer + * version which isn't always true, but it only differs with the NULL cipher + * which ignores the parameter. */ + size_t plaintext_len; + if (!SSL_AEAD_CTX_open(s->aead_read_ctx, rr->data, &plaintext_len, rr->length, + rr->type, s->version, s->s3->read_sequence, rr->data, + rr->length)) { al = SSL_AD_BAD_RECORD_MAC; OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); goto f_err; } - - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) { + if (!ssl3_record_sequence_update(s->s3->read_sequence, 8)) { + goto err; + } + if (plaintext_len > SSL3_RT_MAX_PLAIN_LENGTH + extra) { al = SSL_AD_RECORD_OVERFLOW; OPENSSL_PUT_ERROR(SSL, ssl3_get_record, SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } + assert(plaintext_len <= (1u << 16)); + rr->length = plaintext_len; rr->off = 0; /* So at this point the following is true: * ssl->s3->rrec.type is the type of record; * ssl->s3->rrec.length is the number of bytes in the record; * ssl->s3->rrec.off is the offset to first valid byte; - * ssl->s3->rrec.data is where to take bytes from (increment after use). */ + * ssl->s3->rrec.data the first byte of the record body. */ /* we have pulled in a full packet so zero things */ s->packet_length = 0; @@ -396,6 +398,10 @@ err: return ret; } +int ssl3_write_app_data(SSL *ssl, const void *buf, int len) { + return ssl3_write_bytes(ssl, SSL3_RT_APPLICATION_DATA, buf, len); +} + /* Call this to write data in records of type |type|. It will return <= 0 if * not all data has been sent or non-blocking IO. */ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) { @@ -471,8 +477,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) { /* ssl3_seal_record seals a new record of type |type| and plaintext |in| and * writes it to |out|. At most |max_out| bytes will be written. It returns one - * on success and zero on error. On success, |s->s3->wrec| is updated to include - * the new record. */ + * on success and zero on error. On success, it updates the write sequence + * number. */ static int ssl3_seal_record(SSL *s, uint8_t *out, size_t *out_len, size_t max_out, uint8_t type, const uint8_t *in, size_t in_len) { @@ -485,61 +491,30 @@ static int ssl3_seal_record(SSL *s, uint8_t *out, size_t *out_len, /* Some servers hang if initial ClientHello is larger than 256 bytes and * record version number > TLS 1.0. */ + uint16_t wire_version = s->version; if (!s->s3->have_version && s->version > SSL3_VERSION) { - out[1] = TLS1_VERSION >> 8; - out[2] = TLS1_VERSION & 0xff; - } else { - out[1] = s->version >> 8; - out[2] = s->version & 0xff; + wire_version = TLS1_VERSION; } + out[1] = wire_version >> 8; + out[2] = wire_version & 0xff; - size_t explicit_nonce_len = 0; - if (s->aead_write_ctx != NULL && - s->aead_write_ctx->variable_nonce_included_in_record) { - explicit_nonce_len = s->aead_write_ctx->variable_nonce_len; - } - size_t max_overhead = 0; - if (s->aead_write_ctx != NULL) { - max_overhead = s->aead_write_ctx->tag_len; - } - - /* Assemble the input for |s->enc_method->enc|. The input is the plaintext - * with |explicit_nonce_len| bytes of space prepended for the explicit - * nonce. The input is copied into |out| and then encrypted in-place to take - * advantage of alignment. - * - * TODO(davidben): |tls1_enc| should accept its inputs and outputs directly - * rather than looking up in |wrec| and friends. The |max_overhead| bounds - * check would also be unnecessary if |max_out| were passed down. */ - SSL3_RECORD *wr = &s->s3->wrec; - size_t plaintext_len = in_len + explicit_nonce_len; - if (plaintext_len < in_len || plaintext_len > INT_MAX || - plaintext_len + max_overhead < plaintext_len) { - OPENSSL_PUT_ERROR(SSL, ssl3_seal_record, ERR_R_OVERFLOW); - return 0; - } - if (max_out - SSL3_RT_HEADER_LENGTH < plaintext_len + max_overhead) { - OPENSSL_PUT_ERROR(SSL, ssl3_seal_record, SSL_R_BUFFER_TOO_SMALL); - return 0; - } - wr->type = type; - wr->input = out + SSL3_RT_HEADER_LENGTH; - wr->data = wr->input; - wr->length = plaintext_len; - memcpy(wr->input + explicit_nonce_len, in, in_len); - - if (!s->enc_method->enc(s, 1)) { + size_t ciphertext_len; + if (!SSL_AEAD_CTX_seal(s->aead_write_ctx, out + SSL3_RT_HEADER_LENGTH, + &ciphertext_len, max_out - SSL3_RT_HEADER_LENGTH, + type, wire_version, s->s3->write_sequence, in, + in_len) || + !ssl3_record_sequence_update(s->s3->write_sequence, 8)) { return 0; } - /* |wr->length| has now been set to the ciphertext length. */ - if (wr->length >= 1 << 16) { + if (ciphertext_len >= 1 << 16) { OPENSSL_PUT_ERROR(SSL, ssl3_seal_record, ERR_R_OVERFLOW); return 0; } - out[3] = wr->length >> 8; - out[4] = wr->length & 0xff; - *out_len = SSL3_RT_HEADER_LENGTH + (size_t)wr->length; + out[3] = ciphertext_len >> 8; + out[4] = ciphertext_len & 0xff; + + *out_len = SSL3_RT_HEADER_LENGTH + ciphertext_len; if (s->msg_callback) { s->msg_callback(1 /* write */, 0, SSL3_RT_HEADER, out, SSL3_RT_HEADER_LENGTH, @@ -696,6 +671,14 @@ int ssl3_expect_change_cipher_spec(SSL *s) { return 1; } +int ssl3_read_app_data(SSL *ssl, uint8_t *buf, int len, int peek) { + return ssl3_read_bytes(ssl, SSL3_RT_APPLICATION_DATA, buf, len, peek); +} + +void ssl3_read_close_notify(SSL *ssl) { + ssl3_read_bytes(ssl, 0, NULL, 0, 0); +} + /* Return up to 'len' payload bytes received in 'type' records. * 'type' is one of the following: * @@ -859,22 +842,18 @@ start: return n; } - - /* If we get here, then type != rr->type; if we have a handshake message, - * then it was unexpected (Hello Request or Client Hello). */ - - /* In case of record types for which we have 'fragment' storage, fill that so - * that we can process the data at a fixed place. */ + /* Process unexpected records. */ if (rr->type == SSL3_RT_HANDSHAKE) { /* If peer renegotiations are disabled, all out-of-order handshake records - * are fatal. */ - if (s->reject_peer_renegotiations) { + * are fatal. Renegotiations as a server are never supported. */ + if (!s->accept_peer_renegotiations || s->server) { al = SSL_AD_NO_RENEGOTIATION; OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_NO_RENEGOTIATION); goto f_err; } + /* HelloRequests may be fragmented across multiple records. */ const size_t size = sizeof(s->s3->handshake_fragment); const size_t avail = size - s->s3->handshake_fragment_len; const size_t todo = (rr->length < avail) ? rr->length : avail; @@ -886,45 +865,53 @@ start: if (s->s3->handshake_fragment_len < size) { goto start; /* fragment was too small */ } - } - /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ - - /* If we are a client, check for an incoming 'Hello Request': */ - if (!s->server && s->s3->handshake_fragment_len >= 4 && - s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST && - s->session != NULL && s->session->cipher != NULL) { - s->s3->handshake_fragment_len = 0; - - if (s->s3->handshake_fragment[1] != 0 || + /* Parse out and consume a HelloRequest. */ + if (s->s3->handshake_fragment[0] != SSL3_MT_HELLO_REQUEST || + s->s3->handshake_fragment[1] != 0 || s->s3->handshake_fragment[2] != 0 || s->s3->handshake_fragment[3] != 0) { al = SSL_AD_DECODE_ERROR; OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_BAD_HELLO_REQUEST); goto f_err; } + s->s3->handshake_fragment_len = 0; if (s->msg_callback) { s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); } - if (SSL_is_init_finished(s) && !s->s3->renegotiate) { - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) { - i = s->handshake_func(s); - if (i < 0) { - return i; - } - if (i == 0) { - OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - } + if (!SSL_is_init_finished(s) || !s->s3->initial_handshake_complete) { + /* This cannot happen. If a handshake is in progress, |type| must be + * |SSL3_RT_HANDSHAKE|. */ + assert(0); + OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, ERR_R_INTERNAL_ERROR); + goto err; + } + + /* Renegotiation is only supported at quiescent points in the application + * protocol, namely in HTTPS, just before reading the HTTP response. Require + * the record-layer be idle and avoid complexities of sending a handshake + * record while an application_data record is being written. */ + if (s->s3->wbuf.left != 0 || s->s3->rbuf.left != 0) { + al = SSL_AD_NO_RENEGOTIATION; + OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_NO_RENEGOTIATION); + goto f_err; + } + + /* Begin a new handshake. */ + s->state = SSL_ST_CONNECT; + i = s->handshake_func(s); + if (i < 0) { + return i; + } + if (i == 0) { + OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_SSL_HANDSHAKE_FAILURE); + return -1; } - /* we either finished a handshake or ignored the request, now try again to - * obtain the (application) data we were asked for */ + + /* The handshake completed synchronously. Continue reading records. */ goto start; } @@ -1043,25 +1030,6 @@ start: } } - /* Unexpected handshake message (Client Hello, or protocol violation) */ - if (s->s3->handshake_fragment_len >= 4 && !s->in_handshake) { - if ((s->state & SSL_ST_MASK) == SSL_ST_OK) { - s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; - s->renegotiate = 1; - s->new_session = 1; - } - i = s->handshake_func(s); - if (i < 0) { - return i; - } - if (i == 0) { - OPENSSL_PUT_ERROR(SSL, ssl3_read_bytes, SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - - goto start; - } - /* We already handled these. */ assert(rr->type != SSL3_RT_CHANGE_CIPHER_SPEC && rr->type != SSL3_RT_ALERT && rr->type != SSL3_RT_HANDSHAKE); diff --git a/src/ssl/s3_srvr.c b/src/ssl/s3_srvr.c index 3cc3032..a72e17e 100644 --- a/src/ssl/s3_srvr.c +++ b/src/ssl/s3_srvr.c @@ -207,79 +207,11 @@ int ssl3_accept(SSL *s) { state = s->state; switch (s->state) { - case SSL_ST_RENEGOTIATE: - /* This state is the renegotiate entry point. It sends a HelloRequest - * and nothing else. */ - s->renegotiate = 1; - - if (cb != NULL) { - cb(s, SSL_CB_HANDSHAKE_START, 1); - } - - if (s->init_buf == NULL) { - buf = BUF_MEM_new(); - if (!buf || !BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { - ret = -1; - goto end; - } - s->init_buf = buf; - buf = NULL; - } - s->init_num = 0; - - if (!s->s3->send_connection_binding && - !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { - /* Server attempting to renegotiate with client that doesn't support - * secure renegotiation. */ - OPENSSL_PUT_ERROR(SSL, ssl3_accept, - SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - ret = -1; - goto end; - } - - s->state = SSL3_ST_SW_HELLO_REQ_A; - break; - - case SSL3_ST_SW_HELLO_REQ_A: - case SSL3_ST_SW_HELLO_REQ_B: - s->shutdown = 0; - ret = ssl3_send_hello_request(s); - if (ret <= 0) { - goto end; - } - s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C; - s->state = SSL3_ST_SW_FLUSH; - s->init_num = 0; - - if (!ssl3_init_finished_mac(s)) { - OPENSSL_PUT_ERROR(SSL, ssl3_accept, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - break; - - case SSL3_ST_SW_HELLO_REQ_C: - s->state = SSL_ST_OK; - break; - case SSL_ST_ACCEPT: - case SSL_ST_BEFORE | SSL_ST_ACCEPT: - /* This state is the entry point for the handshake itself (initial and - * renegotiation). */ if (cb != NULL) { cb(s, SSL_CB_HANDSHAKE_START, 1); } - if ((s->version >> 8) != 3) { - /* TODO(davidben): Some consumers clear |s->version| to break the - * handshake in a callback. Remove this when they're using proper - * APIs. */ - OPENSSL_PUT_ERROR(SSL, ssl3_accept, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - if (s->init_buf == NULL) { buf = BUF_MEM_new(); if (!buf || !BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { @@ -337,7 +269,6 @@ int ssl3_accept(SSL *s) { if (ret <= 0) { goto end; } - s->renegotiate = 2; s->state = SSL3_ST_SW_SRVR_HELLO_A; s->init_num = 0; break; @@ -406,35 +337,16 @@ int ssl3_accept(SSL *s) { case SSL3_ST_SW_CERT_REQ_A: case SSL3_ST_SW_CERT_REQ_B: - if (/* don't request cert unless asked for it: */ - !(s->verify_mode & SSL_VERIFY_PEER) || - /* Don't request a certificate if an obc was presented */ - ((s->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) && - s->s3->tlsext_channel_id_valid) || - /* if SSL_VERIFY_CLIENT_ONCE is set, - * don't request cert during re-negotiation: */ - ((s->session->peer != NULL) && - (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - /* With normal PSK Certificates and - * Certificate Requests are omitted */ - (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { - /* no cert request */ - skip = 1; - s->s3->tmp.cert_request = 0; - s->state = SSL3_ST_SW_SRVR_DONE_A; - if (s->s3->handshake_buffer && - !ssl3_digest_cached_records(s, free_handshake_buffer)) { - return -1; - } - } else { - s->s3->tmp.cert_request = 1; + if (s->s3->tmp.cert_request) { ret = ssl3_send_certificate_request(s); if (ret <= 0) { goto end; } - s->state = SSL3_ST_SW_SRVR_DONE_A; - s->init_num = 0; + } else { + skip = 1; } + s->state = SSL3_ST_SW_SRVR_DONE_A; + s->init_num = 0; break; case SSL3_ST_SW_SRVR_DONE_A: @@ -640,16 +552,12 @@ int ssl3_accept(SSL *s) { s->session->peer = NULL; } - if (s->renegotiate == 2) { - /* skipped if we just sent a HelloRequest */ - s->renegotiate = 0; - s->new_session = 0; + s->s3->initial_handshake_complete = 1; - ssl_update_cache(s, SSL_SESS_CACHE_SERVER); + ssl_update_cache(s, SSL_SESS_CACHE_SERVER); - if (cb != NULL) { - cb(s, SSL_CB_HANDSHAKE_DONE, 1); - } + if (cb != NULL) { + cb(s, SSL_CB_HANDSHAKE_DONE, 1); } ret = 1; @@ -898,20 +806,8 @@ int ssl3_get_v2_client_hello(SSL *s) { return 1; } -int ssl3_send_hello_request(SSL *s) { - if (s->state == SSL3_ST_SW_HELLO_REQ_A) { - if (!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) { - return -1; - } - s->state = SSL3_ST_SW_HELLO_REQ_B; - } - - /* SSL3_ST_SW_HELLO_REQ_B */ - return ssl_do_write(s); -} - int ssl3_get_client_hello(SSL *s) { - int i, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1; + int ok, al = SSL_AD_INTERNAL_ERROR, ret = -1; long n; const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *ciphers = NULL; @@ -1011,6 +907,11 @@ int ssl3_get_client_hello(SSL *s) { } } + /* Note: This codepath may run twice if |ssl_get_prev_session| completes + * asynchronously. + * + * TODO(davidben): Clean up the order of events around ClientHello + * processing. */ if (!s->s3->have_version) { /* Select version to use */ uint16_t version = ssl3_get_mutual_version(s, client_version); @@ -1034,41 +935,49 @@ int ssl3_get_client_hello(SSL *s) { } s->hit = 0; - /* Versions before 0.9.7 always allow clients to resume sessions in - * renegotiation. 0.9.7 and later allow this by default, but optionally - * ignore resumption requests with flag - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather than - * a change to default behavior so that applications relying on this for - * security won't even compile against older library versions). - * - * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to - * request renegotiation but not a new session (s->new_session remains - * unset): for servers, this essentially just means that the - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be ignored. */ - if (s->new_session && - (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)) { - if (!ssl_get_new_session(s, 1)) { - goto err; - } - } else { - i = ssl_get_prev_session(s, &early_ctx); - if (i == PENDING_SESSION) { - s->rwstate = SSL_PENDING_SESSION; - goto err; - } else if (i == -1) { - goto err; - } + int session_ret = ssl_get_prev_session(s, &early_ctx); + if (session_ret == PENDING_SESSION) { + s->rwstate = SSL_PENDING_SESSION; + goto err; + } else if (session_ret == -1) { + goto err; + } - /* Only resume if the session's version matches the negotiated version: - * most clients do not accept a mismatch. */ - if (i == 1 && s->version == s->session->ssl_version) { - s->hit = 1; - } else { - /* No session was found or it was unacceptable. */ - if (!ssl_get_new_session(s, 1)) { - goto err; - } + /* The EMS state is needed when making the resumption decision, but + * extensions are not normally parsed until later. This detects the EMS + * extension for the resumption decision and it's checked against the result + * of the normal parse later in this function. */ + const uint8_t *ems_data; + size_t ems_len; + int have_extended_master_secret = + s->version != SSL3_VERSION && + SSL_early_callback_ctx_extension_get(&early_ctx, + TLSEXT_TYPE_extended_master_secret, + &ems_data, &ems_len) && + ems_len == 0; + + if (session_ret == 1) { + if (s->session->extended_master_secret && + !have_extended_master_secret) { + /* A ClientHello without EMS that attempts to resume a session with EMS + * is fatal to the connection. */ + al = SSL_AD_HANDSHAKE_FAILURE; + OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, + SSL_R_RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION); + goto f_err; } + + s->hit = + /* Only resume if the session's version matches the negotiated version: + * most clients do not accept a mismatch. */ + s->version == s->session->ssl_version && + /* If the client offers the EMS extension, but the previous session + * didn't use it, then negotiate a new session. */ + have_extended_master_secret == s->session->extended_master_secret; + } + + if (!s->hit && !ssl_get_new_session(s, 1)) { + goto err; } if (s->ctx->dos_protection_cb != NULL && s->ctx->dos_protection_cb(&early_ctx) == 0) { @@ -1141,6 +1050,12 @@ int ssl3_get_client_hello(SSL *s) { goto f_err; } + if (have_extended_master_secret != s->s3->tmp.extended_master_secret) { + al = SSL_AD_INTERNAL_ERROR; + OPENSSL_PUT_ERROR(SSL, ssl3_get_client_hello, SSL_R_EMS_STATE_INCONSISTENT); + goto f_err; + } + /* Given ciphers and SSL_get_ciphers, we must pick a cipher */ if (!s->hit) { if (ciphers == NULL) { @@ -1171,12 +1086,27 @@ int ssl3_get_client_hello(SSL *s) { goto f_err; } s->s3->tmp.new_cipher = c; + + /* Determine whether to request a client certificate. */ + s->s3->tmp.cert_request = !!(s->verify_mode & SSL_VERIFY_PEER); + /* Only request a certificate if Channel ID isn't negotiated. */ + if ((s->verify_mode & SSL_VERIFY_PEER_IF_NO_OBC) && + s->s3->tlsext_channel_id_valid) { + s->s3->tmp.cert_request = 0; + } + /* Plain PSK forbids Certificate and CertificateRequest. */ + if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) { + s->s3->tmp.cert_request = 0; + } } else { /* Session-id reuse */ s->s3->tmp.new_cipher = s->session->cipher; + s->s3->tmp.cert_request = 0; } - if ((!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER)) && + /* In TLS 1.2, client authentication requires hashing the handshake transcript + * under a different hash. Otherwise, release the handshake buffer. */ + if ((!SSL_USE_SIGALGS(s) || !s->s3->tmp.cert_request) && !ssl3_digest_cached_records(s, free_handshake_buffer)) { goto f_err; } @@ -1235,7 +1165,8 @@ int ssl3_send_server_hello(SSL *s) { *(p++) = s->version & 0xff; /* Random stuff */ - if (!ssl_fill_hello_random(s, 1, s->s3->server_random, SSL3_RANDOM_SIZE)) { + if (!ssl_fill_hello_random(s->s3->server_random, SSL3_RANDOM_SIZE, + 1 /* server */)) { OPENSSL_PUT_ERROR(SSL, ssl3_send_server_hello, ERR_R_INTERNAL_ERROR); return -1; } @@ -1268,7 +1199,7 @@ int ssl3_send_server_hello(SSL *s) { p += sl; /* put the cipher */ - s2n(ssl3_get_cipher_value(s->s3->tmp.new_cipher), p); + s2n(ssl_cipher_get_value(s->s3->tmp.new_cipher), p); /* put the compression method */ *(p++) = 0; diff --git a/src/ssl/ssl_aead_ctx.c b/src/ssl/ssl_aead_ctx.c new file mode 100644 index 0000000..c2fba1d --- /dev/null +++ b/src/ssl/ssl_aead_ctx.c @@ -0,0 +1,257 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <assert.h> +#include <string.h> + +#include <openssl/aead.h> +#include <openssl/err.h> +#include <openssl/rand.h> +#include <openssl/type_check.h> + +#include "internal.h" + + +OPENSSL_COMPILE_ASSERT(EVP_AEAD_MAX_NONCE_LENGTH < 256, + variable_nonce_len_doesnt_fit_in_uint8_t); + +SSL_AEAD_CTX *SSL_AEAD_CTX_new(enum evp_aead_direction_t direction, + uint16_t version, const SSL_CIPHER *cipher, + const uint8_t *enc_key, size_t enc_key_len, + const uint8_t *mac_key, size_t mac_key_len, + const uint8_t *fixed_iv, size_t fixed_iv_len) { + const EVP_AEAD *aead; + size_t discard; + if (!ssl_cipher_get_evp_aead(&aead, &discard, &discard, cipher, version)) { + OPENSSL_PUT_ERROR(SSL, SSL_AEAD_CTX_new, ERR_R_INTERNAL_ERROR); + return 0; + } + + uint8_t merged_key[EVP_AEAD_MAX_KEY_LENGTH]; + if (mac_key_len > 0) { + /* This is a "stateful" AEAD (for compatibility with pre-AEAD cipher + * suites). */ + if (mac_key_len + enc_key_len + fixed_iv_len > sizeof(merged_key)) { + OPENSSL_PUT_ERROR(SSL, SSL_AEAD_CTX_new, ERR_R_INTERNAL_ERROR); + return 0; + } + memcpy(merged_key, mac_key, mac_key_len); + memcpy(merged_key + mac_key_len, enc_key, enc_key_len); + memcpy(merged_key + mac_key_len + enc_key_len, fixed_iv, fixed_iv_len); + enc_key = merged_key; + enc_key_len += mac_key_len; + enc_key_len += fixed_iv_len; + } + + SSL_AEAD_CTX *aead_ctx = (SSL_AEAD_CTX *)OPENSSL_malloc(sizeof(SSL_AEAD_CTX)); + if (aead_ctx == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_AEAD_CTX_new, ERR_R_MALLOC_FAILURE); + return NULL; + } + memset(aead_ctx, 0, sizeof(SSL_AEAD_CTX)); + aead_ctx->cipher = cipher; + + if (!EVP_AEAD_CTX_init_with_direction( + &aead_ctx->ctx, aead, enc_key, enc_key_len, + EVP_AEAD_DEFAULT_TAG_LENGTH, direction)) { + OPENSSL_free(aead_ctx); + return NULL; + } + + assert(EVP_AEAD_nonce_length(aead) <= EVP_AEAD_MAX_NONCE_LENGTH); + aead_ctx->variable_nonce_len = (uint8_t)EVP_AEAD_nonce_length(aead); + if (mac_key_len == 0) { + /* For a real AEAD, the IV is the fixed part of the nonce. */ + if (fixed_iv_len > sizeof(aead_ctx->fixed_nonce) || + fixed_iv_len > aead_ctx->variable_nonce_len) { + SSL_AEAD_CTX_free(aead_ctx); + OPENSSL_PUT_ERROR(SSL, SSL_AEAD_CTX_new, ERR_R_INTERNAL_ERROR); + return 0; + } + aead_ctx->variable_nonce_len -= fixed_iv_len; + + memcpy(aead_ctx->fixed_nonce, fixed_iv, fixed_iv_len); + aead_ctx->fixed_nonce_len = fixed_iv_len; + aead_ctx->variable_nonce_included_in_record = + (cipher->algorithm2 & + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD) != 0; + } else { + aead_ctx->variable_nonce_included_in_record = 1; + aead_ctx->random_variable_nonce = 1; + aead_ctx->omit_length_in_ad = 1; + aead_ctx->omit_version_in_ad = (version == SSL3_VERSION); + } + + return aead_ctx; +} + +void SSL_AEAD_CTX_free(SSL_AEAD_CTX *aead) { + if (aead == NULL) { + return; + } + EVP_AEAD_CTX_cleanup(&aead->ctx); + OPENSSL_free(aead); +} + +size_t SSL_AEAD_CTX_explicit_nonce_len(SSL_AEAD_CTX *aead) { + if (aead != NULL && aead->variable_nonce_included_in_record) { + return aead->variable_nonce_len; + } + return 0; +} + +size_t SSL_AEAD_CTX_max_overhead(SSL_AEAD_CTX *aead) { + if (aead == NULL) { + return 0; + } + return EVP_AEAD_max_overhead(aead->ctx.aead) + + SSL_AEAD_CTX_explicit_nonce_len(aead); +} + +/* ssl_aead_ctx_get_ad writes the additional data for |aead| into |out| and + * returns the number of bytes written. */ +static size_t ssl_aead_ctx_get_ad(SSL_AEAD_CTX *aead, uint8_t out[13], + uint8_t type, uint16_t wire_version, + const uint8_t seqnum[8], + size_t plaintext_len) { + memcpy(out, seqnum, 8); + size_t len = 8; + out[len++] = type; + if (!aead->omit_version_in_ad) { + out[len++] = (uint8_t)(wire_version >> 8); + out[len++] = (uint8_t)wire_version; + } + if (!aead->omit_length_in_ad) { + out[len++] = (uint8_t)(plaintext_len >> 8); + out[len++] = (uint8_t)plaintext_len; + } + return len; +} + +int SSL_AEAD_CTX_open(SSL_AEAD_CTX *aead, uint8_t *out, size_t *out_len, + size_t max_out, uint8_t type, uint16_t wire_version, + const uint8_t seqnum[8], const uint8_t *in, + size_t in_len) { + if (aead == NULL) { + /* Handle the initial NULL cipher. */ + if (in_len > max_out) { + OPENSSL_PUT_ERROR(SSL, SSL_AEAD_CTX_open, SSL_R_BUFFER_TOO_SMALL); + return 0; + } + memmove(out, in, in_len); + *out_len = in_len; + return 1; + } + + /* TLS 1.2 AEADs include the length in the AD and are assumed to have fixed + * overhead. Otherwise the parameter is unused. */ + size_t plaintext_len = 0; + if (!aead->omit_length_in_ad) { + size_t overhead = SSL_AEAD_CTX_max_overhead(aead); + if (in_len < overhead) { + /* Publicly invalid. */ + OPENSSL_PUT_ERROR(SSL, SSL_AEAD_CTX_open, SSL_R_BAD_PACKET_LENGTH); + return 0; + } + plaintext_len = in_len - overhead; + } + uint8_t ad[13]; + size_t ad_len = ssl_aead_ctx_get_ad(aead, ad, type, wire_version, seqnum, + plaintext_len); + + /* Assemble the nonce. */ + uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH]; + size_t nonce_len = 0; + memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len); + nonce_len += aead->fixed_nonce_len; + if (aead->variable_nonce_included_in_record) { + if (in_len < aead->variable_nonce_len) { + /* Publicly invalid. */ + OPENSSL_PUT_ERROR(SSL, SSL_AEAD_CTX_open, SSL_R_BAD_PACKET_LENGTH); + return 0; + } + memcpy(nonce + nonce_len, in, aead->variable_nonce_len); + in += aead->variable_nonce_len; + in_len -= aead->variable_nonce_len; + } else { + assert(aead->variable_nonce_len == 8); + memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len); + } + nonce_len += aead->variable_nonce_len; + + return EVP_AEAD_CTX_open(&aead->ctx, out, out_len, max_out, nonce, nonce_len, + in, in_len, ad, ad_len); +} + +int SSL_AEAD_CTX_seal(SSL_AEAD_CTX *aead, uint8_t *out, size_t *out_len, + size_t max_out, uint8_t type, uint16_t wire_version, + const uint8_t seqnum[8], const uint8_t *in, + size_t in_len) { + if (aead == NULL) { + /* Handle the initial NULL cipher. */ + if (in_len > max_out) { + OPENSSL_PUT_ERROR(SSL, SSL_AEAD_CTX_seal, SSL_R_BUFFER_TOO_SMALL); + return 0; + } + memmove(out, in, in_len); + *out_len = in_len; + return 1; + } + + uint8_t ad[13]; + size_t ad_len = ssl_aead_ctx_get_ad(aead, ad, type, wire_version, seqnum, + in_len); + + /* Assemble the nonce. */ + uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH]; + size_t nonce_len = 0; + memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len); + nonce_len += aead->fixed_nonce_len; + if (aead->random_variable_nonce) { + assert(aead->variable_nonce_included_in_record); + if (!RAND_bytes(nonce + nonce_len, aead->variable_nonce_len)) { + return 0; + } + } else { + /* When sending we use the sequence number as the variable part of the + * nonce. */ + assert(aead->variable_nonce_len == 8); + memcpy(nonce + nonce_len, ad, aead->variable_nonce_len); + } + nonce_len += aead->variable_nonce_len; + + /* Emit the variable nonce if included in the record. */ + size_t extra_len = 0; + if (aead->variable_nonce_included_in_record) { + if (max_out < aead->variable_nonce_len) { + OPENSSL_PUT_ERROR(SSL, SSL_AEAD_CTX_seal, SSL_R_BUFFER_TOO_SMALL); + return 0; + } + if (out < in + in_len && in < out + aead->variable_nonce_len) { + OPENSSL_PUT_ERROR(SSL, SSL_AEAD_CTX_seal, SSL_R_OUTPUT_ALIASES_INPUT); + return 0; + } + memcpy(out, nonce + aead->fixed_nonce_len, aead->variable_nonce_len); + extra_len = aead->variable_nonce_len; + out += aead->variable_nonce_len; + max_out -= aead->variable_nonce_len; + } + + if (!EVP_AEAD_CTX_seal(&aead->ctx, out, out_len, max_out, nonce, nonce_len, + in, in_len, ad, ad_len)) { + return 0; + } + *out_len += extra_len; + return 1; +} diff --git a/src/ssl/ssl_asn1.c b/src/ssl/ssl_asn1.c index eb0c725..d1ac1b6 100644 --- a/src/ssl/ssl_asn1.c +++ b/src/ssl/ssl_asn1.c @@ -477,13 +477,17 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) { } if (!CBS_get_optional_asn1_bool(&session, &extended_master_secret, kExtendedMasterSecretTag, - 0 /* default to false */)) { + 0 /* default to false */) || + CBS_len(&session) != 0) { OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION); goto err; } ret->extended_master_secret = extended_master_secret; - /* Ignore |version|. The structure version number is ignored. */ + if (version != SSL_SESSION_ASN1_VERSION) { + OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION); + goto err; + } /* Only support SSLv3/TLS and DTLS. */ if ((ssl_version >> 8) != SSL3_VERSION_MAJOR && @@ -498,7 +502,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) { OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH); goto err; } - ret->cipher = ssl3_get_cipher_by_value(cipher_value); + ret->cipher = SSL_get_cipher_by_value(cipher_value); if (ret->cipher == NULL) { OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNSUPPORTED_CIPHER); goto err; diff --git a/src/ssl/ssl_cert.c b/src/ssl/ssl_cert.c index 770912b..f1fd675 100644 --- a/src/ssl/ssl_cert.c +++ b/src/ssl/ssl_cert.c @@ -128,33 +128,22 @@ #include "../crypto/dh/internal.h" #include "../crypto/directory.h" +#include "../crypto/internal.h" #include "internal.h" -int SSL_get_ex_data_X509_STORE_CTX_idx(void) { - static int ssl_x509_store_ctx_idx = -1; - int got_write_lock = 0; - - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - - if (ssl_x509_store_ctx_idx < 0) { - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - got_write_lock = 1; - - if (ssl_x509_store_ctx_idx < 0) { - ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index( - 0, "SSL for verify callback", NULL, NULL, NULL); - } - } +static CRYPTO_once_t g_x509_store_ex_data_index_once; +static int g_x509_store_ex_data_index; - if (got_write_lock) { - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - } else { - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); - } +static void ssl_x509_store_ex_data_index_init(void) { + g_x509_store_ex_data_index = X509_STORE_CTX_get_ex_new_index( + 0, "SSL for verify callback", NULL, NULL, NULL); +} - return ssl_x509_store_ctx_idx; +int SSL_get_ex_data_X509_STORE_CTX_idx(void) { + CRYPTO_once(&g_x509_store_ex_data_index_once, + ssl_x509_store_ex_data_index_init); + return g_x509_store_ex_data_index; } CERT *ssl_cert_new(void) { @@ -269,12 +258,12 @@ CERT *ssl_cert_dup(CERT *cert) { ret->cert_cb_arg = cert->cert_cb_arg; if (cert->verify_store) { - CRYPTO_add(&cert->verify_store->references, 1, CRYPTO_LOCK_X509_STORE); + CRYPTO_refcount_inc(&cert->verify_store->references); ret->verify_store = cert->verify_store; } if (cert->chain_store) { - CRYPTO_add(&cert->chain_store->references, 1, CRYPTO_LOCK_X509_STORE); + CRYPTO_refcount_inc(&cert->chain_store->references); ret->chain_store = cert->chain_store; } @@ -731,8 +720,6 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *filename; int ret = 0; - CRYPTO_w_lock(CRYPTO_LOCK_READDIR); - /* Note that a side effect is that the CAs will be sorted by name */ while ((filename = OPENSSL_DIR_read(&d, dir))) { char buf[1024]; @@ -763,7 +750,6 @@ err: if (d) { OPENSSL_DIR_end(&d); } - CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); return ret; } @@ -977,7 +963,7 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref) { *pstore = store; if (ref && store) { - CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); + CRYPTO_refcount_inc(&store->references); } return 1; } diff --git a/src/ssl/ssl_cipher.c b/src/ssl/ssl_cipher.c index a9c8536..5e617b1 100644 --- a/src/ssl/ssl_cipher.c +++ b/src/ssl/ssl_cipher.c @@ -152,6 +152,325 @@ #include "internal.h" +/* kCiphers is an array of all supported ciphers, sorted by id. */ +const SSL_CIPHER kCiphers[] = { + /* The RSA ciphers */ + /* Cipher 04 */ + { + SSL3_TXT_RSA_RC4_128_MD5, SSL3_CK_RSA_RC4_128_MD5, SSL_kRSA, SSL_aRSA, + SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT, 128, 128, + }, + + /* Cipher 05 */ + { + SSL3_TXT_RSA_RC4_128_SHA, SSL3_CK_RSA_RC4_128_SHA, SSL_kRSA, SSL_aRSA, + SSL_RC4, SSL_SHA1, SSL_SSLV3, SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT, 128, 128, + }, + + /* Cipher 0A */ + { + SSL3_TXT_RSA_DES_192_CBC3_SHA, SSL3_CK_RSA_DES_192_CBC3_SHA, SSL_kRSA, + SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 112, 168, + }, + + + /* New AES ciphersuites */ + + /* Cipher 2F */ + { + TLS1_TXT_RSA_WITH_AES_128_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, SSL_kRSA, + SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 128, 128, + }, + + /* Cipher 33 */ + { + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA, + SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 128, 128, + }, + + /* Cipher 35 */ + { + TLS1_TXT_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_256_SHA, SSL_kRSA, + SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 256, 256, + }, + + /* Cipher 39 */ + { + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA, + SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 256, 256, + }, + + + /* TLS v1.2 ciphersuites */ + + /* Cipher 3C */ + { + TLS1_TXT_RSA_WITH_AES_128_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, + SSL_kRSA, SSL_aRSA, SSL_AES128, SSL_SHA256, SSL_TLSV1_2, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256, 128, 128, + }, + + /* Cipher 3D */ + { + TLS1_TXT_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_256_SHA256, + SSL_kRSA, SSL_aRSA, SSL_AES256, SSL_SHA256, SSL_TLSV1_2, + SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256, 256, 256, + }, + + /* Cipher 67 */ + { + TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128, + SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256, 128, 128, + }, + + /* Cipher 6B */ + { + TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256, + SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256, 256, 256, + }, + + /* Cipher 8A */ + { + TLS1_TXT_PSK_WITH_RC4_128_SHA, TLS1_CK_PSK_WITH_RC4_128_SHA, SSL_kPSK, + SSL_aPSK, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT, 128, 128, + }, + + /* Cipher 8C */ + { + TLS1_TXT_PSK_WITH_AES_128_CBC_SHA, TLS1_CK_PSK_WITH_AES_128_CBC_SHA, + SSL_kPSK, SSL_aPSK, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 128, 128, + }, + + /* Cipher 8D */ + { + TLS1_TXT_PSK_WITH_AES_256_CBC_SHA, TLS1_CK_PSK_WITH_AES_256_CBC_SHA, + SSL_kPSK, SSL_aPSK, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 256, 256, + }, + + + /* GCM ciphersuites from RFC5288 */ + + /* Cipher 9C */ + { + TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, SSL_kRSA, SSL_aRSA, SSL_AES128GCM, + SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, + 128, 128, + }, + + /* Cipher 9D */ + { + TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, SSL_kRSA, SSL_aRSA, SSL_AES256GCM, + SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, + 256, 256, + }, + + /* Cipher 9E */ + { + TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM, + SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, + 128, 128, + }, + + /* Cipher 9F */ + { + TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM, + SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, + 256, 256, + }, + + /* Cipher C007 */ + { + TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4, + SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT, 128, + 128, + }, + + /* Cipher C009 */ + { + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA, + SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 128, 128, + }, + + /* Cipher C00A */ + { + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA, + SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 256, 256, + }, + + /* Cipher C011 */ + { + TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, + SSL_HANDSHAKE_MAC_DEFAULT, 128, 128, + }, + + /* Cipher C013 */ + { + TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128, + SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 128, 128, + }, + + /* Cipher C014 */ + { + TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256, + SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT, 256, 256, + }, + + + /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ + + /* Cipher C023 */ + { + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA, + SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256, 128, 128, + }, + + /* Cipher C024 */ + { + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA, + SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384, 256, 256, + }, + + /* Cipher C027 */ + { + TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128, + SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256, 128, 128, + }, + + /* Cipher C028 */ + { + TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256, + SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384, 256, 256, + }, + + + /* GCM based TLS v1.2 ciphersuites from RFC5289 */ + + /* Cipher C02B */ + { + TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA, + SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, + 128, 128, + }, + + /* Cipher C02C */ + { + TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA, + SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, + 256, 256, + }, + + /* Cipher C02F */ + { + TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA, + SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA256 | + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, + 128, 128, + }, + + /* Cipher C030 */ + { + TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA, + SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, + 256, 256, + }, + + +#if !defined(ANDROID) + /* ECDH PSK ciphersuites */ + + /* Cipher CAFE */ + { + TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256, + TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aPSK, + SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD, + 128, 128, + }, + + { + TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA, + SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 256, 0, + }, + + { + TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA, + SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 256, 0, + }, + + { + TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kDHE, SSL_aRSA, + SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256, + 256, 0, + }, +#endif +}; + +static const size_t kCiphersLen = sizeof(kCiphers) / sizeof(kCiphers[0]); + struct handshake_digest { uint32_t mask; const EVP_MD *(*md_func)(void); @@ -193,71 +512,96 @@ typedef struct cipher_alias_st { uint32_t algo_strength; } CIPHER_ALIAS; -static const CIPHER_ALIAS kCipherAliases[] = - { - {SSL_TXT_ALL, ~0u, ~0u, ~0u, ~0u, ~0u, ~0u}, - - /* The "COMPLEMENTOFDEFAULT" rule is omitted. It matches nothing. */ - - /* key exchange aliases - * (some of those using only a single bit here combine - * multiple key exchange algs according to the RFCs, - * e.g. kEDH combines DHE_DSS and DHE_RSA) */ - {SSL_TXT_kRSA, SSL_kRSA, ~0u, ~0u, ~0u, ~0u, ~0u}, - - {SSL_TXT_kDHE, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_kEDH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_DH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - - {SSL_TXT_kECDHE, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_kEECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_ECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - - {SSL_TXT_kPSK, SSL_kPSK, ~0u, ~0u, ~0u, ~0u, ~0u}, - - /* server authentication aliases */ - {SSL_TXT_aRSA, ~0u, SSL_aRSA, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_aECDSA, ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_ECDSA, ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_aPSK, ~0u, SSL_aPSK, ~0u, ~0u, ~0u, ~0u}, - - /* aliases combining key exchange and server authentication */ - {SSL_TXT_DHE, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_EDH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_ECDHE, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_EECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_RSA, SSL_kRSA, SSL_aRSA, ~0u, ~0u, ~0u, ~0u}, - {SSL_TXT_PSK, SSL_kPSK, SSL_aPSK, ~0u, ~0u, ~0u, ~0u}, - - /* symmetric encryption aliases */ - {SSL_TXT_3DES, ~0u, ~0u, SSL_3DES, ~0u, ~0u, ~0u}, - {SSL_TXT_RC4, ~0u, ~0u, SSL_RC4, ~0u, ~0u, ~0u}, - {SSL_TXT_AES128, ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, ~0u, ~0u}, - {SSL_TXT_AES256, ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, ~0u, ~0u}, - {SSL_TXT_AES, ~0u, ~0u, SSL_AES, ~0u, ~0u, ~0u}, - {SSL_TXT_AES_GCM, ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, ~0u, ~0u}, - {SSL_TXT_CHACHA20, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u}, - - /* MAC aliases */ - {SSL_TXT_MD5, ~0u, ~0u, ~0u, SSL_MD5, ~0u, ~0u}, - {SSL_TXT_SHA1, ~0u, ~0u, ~0u, SSL_SHA1, ~0u, ~0u}, - {SSL_TXT_SHA, ~0u, ~0u, ~0u, SSL_SHA1, ~0u, ~0u}, - {SSL_TXT_SHA256, ~0u, ~0u, ~0u, SSL_SHA256, ~0u, ~0u}, - {SSL_TXT_SHA384, ~0u, ~0u, ~0u, SSL_SHA384, ~0u, ~0u}, - - /* protocol version aliases */ - {SSL_TXT_SSLV3, ~0u, ~0u, ~0u, ~0u, SSL_SSLV3, ~0u}, - {SSL_TXT_TLSV1, ~0u, ~0u, ~0u, ~0u, SSL_TLSV1, ~0u}, - {SSL_TXT_TLSV1_2, ~0u, ~0u, ~0u, ~0u, SSL_TLSV1_2, ~0u}, - - /* strength classes */ - {SSL_TXT_MEDIUM, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_MEDIUM}, - {SSL_TXT_HIGH, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_HIGH}, - /* FIPS 140-2 approved ciphersuite */ - {SSL_TXT_FIPS, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_FIPS}, +static const CIPHER_ALIAS kCipherAliases[] = { + {SSL_TXT_ALL, ~0u, ~0u, ~0u, ~0u, ~0u, ~0u}, + + /* The "COMPLEMENTOFDEFAULT" rule is omitted. It matches nothing. */ + + /* key exchange aliases + * (some of those using only a single bit here combine + * multiple key exchange algs according to the RFCs, + * e.g. kEDH combines DHE_DSS and DHE_RSA) */ + {SSL_TXT_kRSA, SSL_kRSA, ~0u, ~0u, ~0u, ~0u, ~0u}, + + {SSL_TXT_kDHE, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_kEDH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_DH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + + {SSL_TXT_kECDHE, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_kEECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_ECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + + {SSL_TXT_kPSK, SSL_kPSK, ~0u, ~0u, ~0u, ~0u, ~0u}, + + /* server authentication aliases */ + {SSL_TXT_aRSA, ~0u, SSL_aRSA, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_aECDSA, ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_ECDSA, ~0u, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_aPSK, ~0u, SSL_aPSK, ~0u, ~0u, ~0u, ~0u}, + + /* aliases combining key exchange and server authentication */ + {SSL_TXT_DHE, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_EDH, SSL_kDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_ECDHE, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_EECDH, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_RSA, SSL_kRSA, SSL_aRSA, ~0u, ~0u, ~0u, ~0u}, + {SSL_TXT_PSK, SSL_kPSK, SSL_aPSK, ~0u, ~0u, ~0u, ~0u}, + + /* symmetric encryption aliases */ + {SSL_TXT_3DES, ~0u, ~0u, SSL_3DES, ~0u, ~0u, ~0u}, + {SSL_TXT_RC4, ~0u, ~0u, SSL_RC4, ~0u, ~0u, ~0u}, + {SSL_TXT_AES128, ~0u, ~0u, SSL_AES128 | SSL_AES128GCM, ~0u, ~0u, ~0u}, + {SSL_TXT_AES256, ~0u, ~0u, SSL_AES256 | SSL_AES256GCM, ~0u, ~0u, ~0u}, + {SSL_TXT_AES, ~0u, ~0u, SSL_AES, ~0u, ~0u, ~0u}, + {SSL_TXT_AES_GCM, ~0u, ~0u, SSL_AES128GCM | SSL_AES256GCM, ~0u, ~0u, ~0u}, + {SSL_TXT_CHACHA20, ~0u, ~0u, SSL_CHACHA20POLY1305, ~0u, ~0u, ~0u}, + + /* MAC aliases */ + {SSL_TXT_MD5, ~0u, ~0u, ~0u, SSL_MD5, ~0u, ~0u}, + {SSL_TXT_SHA1, ~0u, ~0u, ~0u, SSL_SHA1, ~0u, ~0u}, + {SSL_TXT_SHA, ~0u, ~0u, ~0u, SSL_SHA1, ~0u, ~0u}, + {SSL_TXT_SHA256, ~0u, ~0u, ~0u, SSL_SHA256, ~0u, ~0u}, + {SSL_TXT_SHA384, ~0u, ~0u, ~0u, SSL_SHA384, ~0u, ~0u}, + + /* protocol version aliases */ + {SSL_TXT_SSLV3, ~0u, ~0u, ~0u, ~0u, SSL_SSLV3, ~0u}, + {SSL_TXT_TLSV1, ~0u, ~0u, ~0u, ~0u, SSL_TLSV1, ~0u}, + {SSL_TXT_TLSV1_2, ~0u, ~0u, ~0u, ~0u, SSL_TLSV1_2, ~0u}, + + /* strength classes */ + {SSL_TXT_MEDIUM, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_MEDIUM}, + {SSL_TXT_HIGH, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_HIGH}, + /* FIPS 140-2 approved ciphersuite */ + {SSL_TXT_FIPS, ~0u, ~0u, ~0u, ~0u, ~0u, SSL_FIPS}, }; -#define NUM_CIPHER_ALIASES (sizeof(kCipherAliases) / sizeof(kCipherAliases[0])) +static const size_t kCipherAliasesLen = + sizeof(kCipherAliases) / sizeof(kCipherAliases[0]); + +static int ssl_cipher_id_cmp(const void *in_a, const void *in_b) { + const SSL_CIPHER *a = in_a; + const SSL_CIPHER *b = in_b; + + if (a->id > b->id) { + return 1; + } else if (a->id < b->id) { + return -1; + } else { + return 0; + } +} + +static int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **a, const SSL_CIPHER **b) { + return ssl_cipher_id_cmp(*a, *b); +} + +const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) { + SSL_CIPHER c; + + c.id = 0x03000000L | value; + return bsearch(&c, kCiphers, kCiphersLen, sizeof(SSL_CIPHER), + ssl_cipher_id_cmp); +} int ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead, size_t *out_mac_secret_len, @@ -439,22 +783,17 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, } static void ssl_cipher_collect_ciphers(const SSL_PROTOCOL_METHOD *ssl_method, - size_t num_of_ciphers, CIPHER_ORDER *co_list, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) { - size_t i, co_list_num; - - /* We have num_of_ciphers descriptions compiled in, depending on the method - * selected (SSLv2 and/or SSLv3, TLSv1 etc). These will later be sorted in a - * linked list with at most num entries. */ - - /* Get the initial list of ciphers */ - co_list_num = 0; /* actual count of ciphers */ - for (i = 0; i < num_of_ciphers; i++) { - const SSL_CIPHER *c = ssl_method->get_cipher(i); - if (c != NULL) { - co_list[co_list_num].cipher = c; + /* The set of ciphers is static, but some subset may be unsupported by + * |ssl_method|, so the list may be smaller. */ + size_t co_list_num = 0; + size_t i; + for (i = 0; i < kCiphersLen; i++) { + const SSL_CIPHER *cipher = &kCiphers[i]; + if (ssl_method->supports_cipher(cipher)) { + co_list[co_list_num].cipher = cipher; co_list[co_list_num].next = NULL; co_list[co_list_num].prev = NULL; co_list[co_list_num].active = 0; @@ -777,10 +1116,9 @@ static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method, /* Look for a matching exact cipher. These aren't allowed in multipart * rules. */ if (!multi && ch != '+') { - size_t num_ciphers = ssl_method->num_ciphers(); - for (j = 0; j < num_ciphers; j++) { - const SSL_CIPHER *cipher = ssl_method->get_cipher(j); - if (cipher != NULL && rule_equals(cipher->name, buf, buf_len)) { + for (j = 0; j < kCiphersLen; j++) { + const SSL_CIPHER *cipher = &kCiphers[j]; + if (rule_equals(cipher->name, buf, buf_len)) { cipher_id = cipher->id; break; } @@ -788,7 +1126,7 @@ static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method, } if (cipher_id == 0) { /* If not an exact cipher, look for a matching cipher alias. */ - for (j = 0; j < NUM_CIPHER_ALIASES; j++) { + for (j = 0; j < kCipherAliasesLen; j++) { if (rule_equals(kCipherAliases[j].name, buf, buf_len)) { alg_mkey &= kCipherAliases[j].algorithm_mkey; alg_auth &= kCipherAliases[j].algorithm_auth; @@ -799,7 +1137,7 @@ static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method, break; } } - if (j == NUM_CIPHER_ALIASES) { + if (j == kCipherAliasesLen) { alg_mkey = alg_auth = alg_enc = alg_mac = alg_ssl = algo_strength = 0; } } @@ -853,7 +1191,6 @@ ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) **out_cipher_list_by_id, const char *rule_str) { int ok; - size_t num_of_ciphers; STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list = NULL; const char *rule_p; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; @@ -869,23 +1206,21 @@ ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, /* Now we have to collect the available ciphers from the compiled in ciphers. * We cannot get more than the number compiled in, so it is used for * allocation. */ - num_of_ciphers = ssl_method->num_ciphers(); - co_list = - (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); + co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * kCiphersLen); if (co_list == NULL) { OPENSSL_PUT_ERROR(SSL, ssl_create_cipher_list, ERR_R_MALLOC_FAILURE); return NULL; } - ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, co_list, &head, &tail); + ssl_cipher_collect_ciphers(ssl_method, co_list, &head, &tail); /* Now arrange all ciphers by preference: * TODO(davidben): Compute this order once and copy it. */ /* Everything else being equal, prefer ECDHE_ECDSA then ECDHE_RSA over other * key exchange mechanisms */ - ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u, - CIPHER_ADD, -1, 0, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, ~0u, ~0u, ~0u, ~0u, + CIPHER_ADD, -1, 0, &head, &tail); ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u, CIPHER_ADD, -1, 0, &head, &tail); ssl_cipher_apply_rule(0, SSL_kECDHE, ~0u, ~0u, ~0u, ~0u, ~0u, CIPHER_DEL, -1, @@ -963,7 +1298,7 @@ ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, goto err; } - in_group_flags = OPENSSL_malloc(num_of_ciphers); + in_group_flags = OPENSSL_malloc(kCiphersLen); if (!in_group_flags) { goto err; } @@ -1032,6 +1367,13 @@ err: uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; } +uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher) { + uint32_t id = cipher->id; + /* All ciphers are SSLv3. */ + assert((id & 0xff000000) == 0x03000000); + return id & 0xffff; +} + int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher) { return (cipher->algorithm_enc & SSL_AES) != 0; } @@ -1122,7 +1464,8 @@ static const char *ssl_cipher_get_enc_name(const SSL_CIPHER *cipher) { } static const char *ssl_cipher_get_prf_name(const SSL_CIPHER *cipher) { - if ((cipher->algorithm2 & TLS1_PRF) == TLS1_PRF) { + if ((cipher->algorithm2 & SSL_HANDSHAKE_MAC_DEFAULT) == + SSL_HANDSHAKE_MAC_DEFAULT) { /* Before TLS 1.2, the PRF component is the hash used in the HMAC, which is * only ever MD5 or SHA-1. */ switch (cipher->algorithm_mac) { @@ -1134,9 +1477,9 @@ static const char *ssl_cipher_get_prf_name(const SSL_CIPHER *cipher) { assert(0); return "UNKNOWN"; } - } else if (cipher->algorithm2 & TLS1_PRF_SHA256) { + } else if (cipher->algorithm2 & SSL_HANDSHAKE_MAC_SHA256) { return "SHA256"; - } else if (cipher->algorithm2 & TLS1_PRF_SHA384) { + } else if (cipher->algorithm2 & SSL_HANDSHAKE_MAC_SHA384) { return "SHA384"; } else { assert(0); diff --git a/src/ssl/ssl_lib.c b/src/ssl/ssl_lib.c index 6c8e2c9..e95226f 100644 --- a/src/ssl/ssl_lib.c +++ b/src/ssl/ssl_lib.c @@ -167,80 +167,75 @@ static const size_t kMaxHandshakeSize = (1u << 24) - 1; static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl = CRYPTO_EX_DATA_CLASS_INIT; static CRYPTO_EX_DATA_CLASS g_ex_data_class_ssl_ctx = CRYPTO_EX_DATA_CLASS_INIT; -int SSL_clear(SSL *s) { - if (s->method == NULL) { +int SSL_clear(SSL *ssl) { + if (ssl->method == NULL) { OPENSSL_PUT_ERROR(SSL, SSL_clear, SSL_R_NO_METHOD_SPECIFIED); return 0; } - if (ssl_clear_bad_session(s)) { - SSL_SESSION_free(s->session); - s->session = NULL; + if (ssl_clear_bad_session(ssl)) { + SSL_SESSION_free(ssl->session); + ssl->session = NULL; } - s->hit = 0; - s->shutdown = 0; + ssl->hit = 0; + ssl->shutdown = 0; - if (s->renegotiate) { - OPENSSL_PUT_ERROR(SSL, SSL_clear, ERR_R_INTERNAL_ERROR); - return 0; - } - - /* SSL_clear may be called before or after the |s| is initialized in either + /* SSL_clear may be called before or after the |ssl| is initialized in either * accept or connect state. In the latter case, SSL_clear should preserve the - * half and reset |s->state| accordingly. */ - if (s->handshake_func != NULL) { - if (s->server) { - SSL_set_accept_state(s); + * half and reset |ssl->state| accordingly. */ + if (ssl->handshake_func != NULL) { + if (ssl->server) { + SSL_set_accept_state(ssl); } else { - SSL_set_connect_state(s); + SSL_set_connect_state(ssl); } } else { - assert(s->state == 0); + assert(ssl->state == 0); } - /* TODO(davidben): Some state on |s| is reset both in |SSL_new| and + /* TODO(davidben): Some state on |ssl| is reset both in |SSL_new| and * |SSL_clear| because it is per-connection state rather than configuration - * state. Per-connection state should be on |s->s3| and |s->d1| so it is + * state. Per-connection state should be on |ssl->s3| and |ssl->d1| so it is * naturally reset at the right points between |SSL_new|, |SSL_clear|, and * |ssl3_new|. */ - s->rwstate = SSL_NOTHING; - s->rstate = SSL_ST_READ_HEADER; + ssl->rwstate = SSL_NOTHING; + ssl->rstate = SSL_ST_READ_HEADER; - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; + BUF_MEM_free(ssl->init_buf); + ssl->init_buf = NULL; - s->packet = NULL; - s->packet_length = 0; + ssl->packet = NULL; + ssl->packet_length = 0; - ssl_clear_cipher_ctx(s); + ssl_clear_cipher_ctx(ssl); - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; + OPENSSL_free(ssl->next_proto_negotiated); + ssl->next_proto_negotiated = NULL; + ssl->next_proto_negotiated_len = 0; - /* The s->d1->mtu is simultaneously configuration (preserved across + /* The ssl->d1->mtu is simultaneously configuration (preserved across * clear) and connection-specific state (gets reset). * * TODO(davidben): Avoid this. */ unsigned mtu = 0; - if (s->d1 != NULL) { - mtu = s->d1->mtu; + if (ssl->d1 != NULL) { + mtu = ssl->d1->mtu; } - s->method->ssl_free(s); - if (!s->method->ssl_new(s)) { + ssl->method->ssl_free(ssl); + if (!ssl->method->ssl_new(ssl)) { return 0; } - s->enc_method = ssl3_get_enc_method(s->version); - assert(s->enc_method != NULL); + ssl->enc_method = ssl3_get_enc_method(ssl->version); + assert(ssl->enc_method != NULL); - if (SSL_IS_DTLS(s) && (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { - s->d1->mtu = mtu; + if (SSL_IS_DTLS(ssl) && (SSL_get_options(ssl) & SSL_OP_NO_QUERY_MTU)) { + ssl->d1->mtu = mtu; } - s->client_version = s->version; + ssl->client_version = ssl->version; return 1; } @@ -275,7 +270,6 @@ SSL *SSL_new(SSL_CTX *ctx) { goto err; } - s->read_ahead = ctx->read_ahead; s->msg_callback = ctx->msg_callback; s->msg_callback_arg = ctx->msg_callback_arg; s->verify_mode = ctx->verify_mode; @@ -293,10 +287,10 @@ SSL *SSL_new(SSL_CTX *ctx) { s->quiet_shutdown = ctx->quiet_shutdown; s->max_send_fragment = ctx->max_send_fragment; - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + CRYPTO_refcount_inc(&ctx->references); s->ctx = ctx; s->tlsext_ticket_expected = 0; - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + CRYPTO_refcount_inc(&ctx->references); s->initial_ctx = ctx; if (ctx->tlsext_ecpointformatlist) { s->tlsext_ecpointformatlist = BUF_memdup( @@ -396,9 +390,7 @@ int SSL_set_session_id_context(SSL *ssl, const uint8_t *sid_ctx, } int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); ctx->generate_session_id = cb; - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); return 1; } @@ -424,9 +416,9 @@ int SSL_has_matching_session_id(const SSL *ssl, const uint8_t *id, r.session_id_length = id_len; memcpy(r.session_id, id, id_len); - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_lock_read(&ssl->ctx->lock); p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r); - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_unlock(&ssl->ctx->lock); return p != NULL; } @@ -525,60 +517,60 @@ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) { return ssl->param; } void SSL_certs_clear(SSL *s) { ssl_cert_clear_certs(s->cert); } -void SSL_free(SSL *s) { - if (s == NULL) { +void SSL_free(SSL *ssl) { + if (ssl == NULL) { return; } - X509_VERIFY_PARAM_free(s->param); + X509_VERIFY_PARAM_free(ssl->param); - CRYPTO_free_ex_data(&g_ex_data_class_ssl, s, &s->ex_data); + CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data); - if (s->bbio != NULL) { + if (ssl->bbio != NULL) { /* If the buffering BIO is in place, pop it off */ - if (s->bbio == s->wbio) { - s->wbio = BIO_pop(s->wbio); + if (ssl->bbio == ssl->wbio) { + ssl->wbio = BIO_pop(ssl->wbio); } - BIO_free(s->bbio); - s->bbio = NULL; + BIO_free(ssl->bbio); + ssl->bbio = NULL; } - int free_wbio = s->wbio != s->rbio; - BIO_free_all(s->rbio); + int free_wbio = ssl->wbio != ssl->rbio; + BIO_free_all(ssl->rbio); if (free_wbio) { - BIO_free_all(s->wbio); + BIO_free_all(ssl->wbio); } - BUF_MEM_free(s->init_buf); + BUF_MEM_free(ssl->init_buf); /* add extra stuff */ - ssl_cipher_preference_list_free(s->cipher_list); - sk_SSL_CIPHER_free(s->cipher_list_by_id); + ssl_cipher_preference_list_free(ssl->cipher_list); + sk_SSL_CIPHER_free(ssl->cipher_list_by_id); - ssl_clear_bad_session(s); - SSL_SESSION_free(s->session); + ssl_clear_bad_session(ssl); + SSL_SESSION_free(ssl->session); - ssl_clear_cipher_ctx(s); + ssl_clear_cipher_ctx(ssl); - ssl_cert_free(s->cert); + ssl_cert_free(ssl->cert); - OPENSSL_free(s->tlsext_hostname); - SSL_CTX_free(s->initial_ctx); - OPENSSL_free(s->tlsext_ecpointformatlist); - OPENSSL_free(s->tlsext_ellipticcurvelist); - OPENSSL_free(s->alpn_client_proto_list); - EVP_PKEY_free(s->tlsext_channel_id_private); - OPENSSL_free(s->psk_identity_hint); - sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); - OPENSSL_free(s->next_proto_negotiated); - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); + OPENSSL_free(ssl->tlsext_hostname); + SSL_CTX_free(ssl->initial_ctx); + OPENSSL_free(ssl->tlsext_ecpointformatlist); + OPENSSL_free(ssl->tlsext_ellipticcurvelist); + OPENSSL_free(ssl->alpn_client_proto_list); + EVP_PKEY_free(ssl->tlsext_channel_id_private); + OPENSSL_free(ssl->psk_identity_hint); + sk_X509_NAME_pop_free(ssl->client_CA, X509_NAME_free); + OPENSSL_free(ssl->next_proto_negotiated); + sk_SRTP_PROTECTION_PROFILE_free(ssl->srtp_profiles); - if (s->method != NULL) { - s->method->ssl_free(s); + if (ssl->method != NULL) { + ssl->method->ssl_free(ssl); } - SSL_CTX_free(s->ctx); + SSL_CTX_free(ssl->ctx); - OPENSSL_free(s); + OPENSSL_free(ssl); } void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio) { @@ -758,21 +750,21 @@ void SSL_set_verify_depth(SSL *s, int depth) { X509_VERIFY_PARAM_set_depth(s->param, depth); } -int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return ctx->read_ahead; } +int SSL_CTX_get_read_ahead(const SSL_CTX *ctx) { return 0; } -int SSL_get_read_ahead(const SSL *s) { return s->read_ahead; } +int SSL_get_read_ahead(const SSL *s) { return 0; } -void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { ctx->read_ahead = !!yes; } +void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) { } -void SSL_set_read_ahead(SSL *s, int yes) { s->read_ahead = !!yes; } +void SSL_set_read_ahead(SSL *s, int yes) { } int SSL_pending(const SSL *s) { - /* SSL_pending cannot work properly if read-ahead is enabled - * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is - * impossible to fix since SSL_pending cannot report errors that may be - * observed while scanning the new data. (Note that SSL_pending() is often - * used as a boolean value, so we'd better not return -1.). */ - return s->method->ssl_pending(s); + if (s->rstate == SSL_ST_READ_BODY) { + return 0; + } + + return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length + : 0; } X509 *SSL_get_peer_certificate(const SSL *s) { @@ -895,7 +887,8 @@ int SSL_read(SSL *s, void *buf, int num) { return 0; } - return s->method->ssl_read(s, buf, num); + ERR_clear_system_error(); + return s->method->ssl_read_app_data(s, buf, num, 0); } int SSL_peek(SSL *s, void *buf, int num) { @@ -908,7 +901,8 @@ int SSL_peek(SSL *s, void *buf, int num) { return 0; } - return s->method->ssl_peek(s, buf, num); + ERR_clear_system_error(); + return s->method->ssl_read_app_data(s, buf, num, 1); } int SSL_write(SSL *s, const void *buf, int num) { @@ -923,7 +917,8 @@ int SSL_write(SSL *s, const void *buf, int num) { return -1; } - return s->method->ssl_write(s, buf, num); + ERR_clear_system_error(); + return s->method->ssl_write_app_data(s, buf, num); } int SSL_shutdown(SSL *s) { @@ -937,32 +932,58 @@ int SSL_shutdown(SSL *s) { return -1; } - if (!SSL_in_init(s)) { - return s->method->ssl_shutdown(s); + if (SSL_in_init(s)) { + return 1; } - return 1; -} + /* Do nothing if configured not to send a close_notify. */ + if (s->quiet_shutdown) { + s->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN; + return 1; + } -int SSL_renegotiate(SSL *s) { - if (SSL_IS_DTLS(s)) { - /* Renegotiation is not supported for DTLS. */ - OPENSSL_PUT_ERROR(SSL, SSL_renegotiate, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; + if (!(s->shutdown & SSL_SENT_SHUTDOWN)) { + s->shutdown |= SSL_SENT_SHUTDOWN; + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); + + /* our shutdown alert has been sent now, and if it still needs to be + * written, s->s3->alert_dispatch will be true */ + if (s->s3->alert_dispatch) { + return -1; /* return WANT_WRITE */ + } + } else if (s->s3->alert_dispatch) { + /* resend it if not sent */ + int ret = s->method->ssl_dispatch_alert(s); + if (ret == -1) { + /* we only get to return -1 here the 2nd/Nth invocation, we must have + * already signalled return 0 upon a previous invoation, return + * WANT_WRITE */ + return ret; + } + } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + /* If we are waiting for a close from our peer, we are closed */ + s->method->ssl_read_close_notify(s); + if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { + return -1; /* return WANT_READ */ + } } - if (s->renegotiate == 0) { - s->renegotiate = 1; + if (s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN) && + !s->s3->alert_dispatch) { + return 1; + } else { + return 0; } +} - s->new_session = 1; - return s->method->ssl_renegotiate(s); +int SSL_renegotiate(SSL *ssl) { + /* Caller-initiated renegotiation is not supported. */ + OPENSSL_PUT_ERROR(SSL, SSL_renegotiate, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; } -int SSL_renegotiate_pending(SSL *s) { - /* becomes true when negotiation is requested; false again once a handshake - * has finished */ - return s->renegotiate != 0; +int SSL_renegotiate_pending(SSL *ssl) { + return SSL_in_init(ssl) && ssl->s3->initial_handshake_complete; } uint32_t SSL_CTX_set_options(SSL_CTX *ctx, uint32_t options) { @@ -1101,34 +1122,6 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg); } -int ssl_cipher_id_cmp(const void *in_a, const void *in_b) { - long l; - const SSL_CIPHER *a = in_a; - const SSL_CIPHER *b = in_b; - const long a_id = a->id; - const long b_id = b->id; - - l = a_id - b_id; - if (l == 0L) { - return 0; - } else { - return (l > 0) ? 1 : -1; - } -} - -int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp) { - long l; - const long a_id = (*ap)->id; - const long b_id = (*bp)->id; - - l = a_id - b_id; - if (l == 0) { - return 0; - } else { - return (l > 0) ? 1 : -1; - } -} - /* return a STACK of the ciphers available for the SSL and in order of * preference */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { @@ -1267,7 +1260,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p) { c->algorithm_auth & ct->mask_a) { continue; } - s2n(ssl3_get_cipher_value(c), p); + s2n(ssl_cipher_get_value(c), p); } /* If all ciphers were disabled, return the error to the caller. */ @@ -1276,7 +1269,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p) { } /* Add SCSVs. */ - if (!s->renegotiate) { + if (!s->s3->initial_handshake_complete) { s2n(SSL3_CK_SCSV & 0xffff, p); } @@ -1319,7 +1312,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs) { /* Check for SCSV. */ if (s->s3 && cipher_suite == (SSL3_CK_SCSV & 0xffff)) { /* SCSV is fatal if renegotiating. */ - if (s->renegotiate) { + if (s->s3->initial_handshake_complete) { OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); @@ -1342,7 +1335,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs) { continue; } - c = ssl3_get_cipher_by_value(cipher_suite); + c = SSL_get_cipher_by_value(cipher_suite); if (c != NULL && !sk_SSL_CIPHER_push(sk, c)) { OPENSSL_PUT_ERROR(SSL, ssl_bytes_to_cipher_list, ERR_R_MALLOC_FAILURE); goto err; @@ -1629,10 +1622,10 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { return memcmp(a->session_id, b->session_id, a->session_id_length); } -SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { +SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) { SSL_CTX *ret = NULL; - if (meth == NULL) { + if (method == NULL) { OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, SSL_R_NULL_SSL_METHOD_PASSED); return NULL; } @@ -1649,7 +1642,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { memset(ret, 0, sizeof(SSL_CTX)); - ret->method = meth->method; + ret->method = method->method; + + CRYPTO_MUTEX_init(&ret->lock); ret->cert_store = NULL; ret->session_cache_mode = SSL_SESS_CACHE_SERVER; @@ -1674,7 +1669,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { ret->app_verify_arg = NULL; ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT; - ret->read_ahead = 0; ret->msg_callback = 0; ret->msg_callback_arg = NULL; ret->verify_mode = SSL_VERIFY_NONE; @@ -1743,9 +1737,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { /* Lock the SSL_CTX to the specified version, for compatibility with legacy * uses of SSL_METHOD. */ - if (meth->version != 0) { - SSL_CTX_set_max_version(ret, meth->version); - SSL_CTX_set_min_version(ret, meth->version); + if (method->version != 0) { + SSL_CTX_set_max_version(ret, method->version); + SSL_CTX_set_min_version(ret, method->version); } return ret; @@ -1759,7 +1753,7 @@ err2: void SSL_CTX_free(SSL_CTX *ctx) { if (ctx == NULL || - CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX) > 0) { + !CRYPTO_refcount_dec_and_test_zero(&ctx->references)) { return; } @@ -1775,6 +1769,7 @@ void SSL_CTX_free(SSL_CTX *ctx) { CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data); + CRYPTO_MUTEX_cleanup(&ctx->lock); lh_SSL_SESSION_free(ctx->sessions); X509_STORE_free(ctx->cert_store); ssl_cipher_preference_list_free(ctx->cipher_list); @@ -1997,13 +1992,13 @@ void ssl_update_cache(SSL *s, int mode) { (ctx->session_cache_mode & mode) == mode) { /* Automatically flush the internal session cache every 255 connections. */ int flush_cache = 0; - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_lock_write(&ctx->lock); ctx->handshakes_since_cache_flush++; if (ctx->handshakes_since_cache_flush >= 255) { flush_cache = 1; ctx->handshakes_since_cache_flush = 0; } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_unlock(&ctx->lock); if (flush_cache) { SSL_CTX_flush_sessions(ctx, (unsigned long)time(NULL)); @@ -2124,30 +2119,28 @@ int SSL_do_handshake(SSL *s) { return -1; } - s->method->ssl_renegotiate_check(s); - if (SSL_in_init(s)) { ret = s->handshake_func(s); } return ret; } -void SSL_set_accept_state(SSL *s) { - s->server = 1; - s->shutdown = 0; - s->state = SSL_ST_ACCEPT | SSL_ST_BEFORE; - s->handshake_func = s->method->ssl_accept; +void SSL_set_accept_state(SSL *ssl) { + ssl->server = 1; + ssl->shutdown = 0; + ssl->state = SSL_ST_ACCEPT; + ssl->handshake_func = ssl->method->ssl_accept; /* clear the current cipher */ - ssl_clear_cipher_ctx(s); + ssl_clear_cipher_ctx(ssl); } -void SSL_set_connect_state(SSL *s) { - s->server = 0; - s->shutdown = 0; - s->state = SSL_ST_CONNECT | SSL_ST_BEFORE; - s->handshake_func = s->method->ssl_connect; +void SSL_set_connect_state(SSL *ssl) { + ssl->server = 0; + ssl->shutdown = 0; + ssl->state = SSL_ST_CONNECT; + ssl->handshake_func = ssl->method->ssl_connect; /* clear the current cipher */ - ssl_clear_cipher_ctx(s); + ssl_clear_cipher_ctx(ssl); } static const char *ssl_get_version(int version) { @@ -2184,17 +2177,10 @@ const char *SSL_SESSION_get_version(const SSL_SESSION *sess) { } void ssl_clear_cipher_ctx(SSL *s) { - if (s->aead_read_ctx != NULL) { - EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx); - OPENSSL_free(s->aead_read_ctx); - s->aead_read_ctx = NULL; - } - - if (s->aead_write_ctx != NULL) { - EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx); - OPENSSL_free(s->aead_write_ctx); - s->aead_write_ctx = NULL; - } + SSL_AEAD_CTX_free(s->aead_read_ctx); + s->aead_read_ctx = NULL; + SSL_AEAD_CTX_free(s->aead_write_ctx); + s->aead_write_ctx = NULL; } X509 *SSL_get_certificate(const SSL *s) { @@ -2230,11 +2216,10 @@ EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) { } const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) { - if (s->session != NULL && s->session->cipher != NULL) { - return s->session->cipher; + if (s->aead_write_ctx == NULL) { + return NULL; } - - return NULL; + return s->aead_write_ctx->cipher; } const void *SSL_get_current_compression(SSL *s) { return NULL; } @@ -2322,7 +2307,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) { ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); - CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); + CRYPTO_refcount_inc(&ctx->references); SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; @@ -2354,7 +2339,7 @@ void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/, int /*type*/, int SSL_state(const SSL *ssl) { return ssl->state; } -void SSL_set_state(SSL *ssl, int state) { ssl->state = state; } +void SSL_set_state(SSL *ssl, int state) { } void SSL_set_verify_result(SSL *ssl, long arg) { ssl->verify_result = arg; } @@ -2397,8 +2382,6 @@ void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx) { return CRYPTO_get_ex_data(&s->ex_data, idx); } -int ssl_ok(SSL *s) { return 1; } - X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx) { return ctx->cert_store; } @@ -2626,9 +2609,9 @@ int ssl_ctx_log_rsa_client_key_exchange(SSL_CTX *ctx, return 0; } - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_lock_write(&ctx->lock); ret = BIO_write(bio, out, out_len) >= 0 && BIO_flush(bio); - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_unlock(&ctx->lock); OPENSSL_free(out); return ret; @@ -2666,9 +2649,9 @@ int ssl_ctx_log_master_secret(SSL_CTX *ctx, const uint8_t *client_random, return 0; } - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_lock_write(&ctx->lock); ret = BIO_write(bio, out, out_len) >= 0 && BIO_flush(bio); - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_unlock(&ctx->lock); OPENSSL_free(out); return ret; @@ -2929,11 +2912,7 @@ void SSL_enable_fastradio_padding(SSL *s, char on_off) { } void SSL_set_reject_peer_renegotiations(SSL *s, int reject) { - s->reject_peer_renegotiations = !!reject; -} - -const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) { - return ssl3_get_cipher_by_value(value); + s->accept_peer_renegotiations = !reject; } int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key, @@ -2946,6 +2925,41 @@ int SSL_get_rc4_state(const SSL *ssl, const RC4_KEY **read_key, EVP_AEAD_CTX_get_rc4_state(&ssl->aead_write_ctx->ctx, write_key); } +int SSL_get_tls_unique(const SSL *ssl, uint8_t *out, size_t *out_len, + size_t max_out) { + /* The tls-unique value is the first Finished message in the handshake, which + * is the client's in a full handshake and the server's for a resumption. See + * https://tools.ietf.org/html/rfc5929#section-3.1. */ + const uint8_t *finished = ssl->s3->previous_client_finished; + size_t finished_len = ssl->s3->previous_client_finished_len; + if (ssl->hit) { + /* tls-unique is broken for resumed sessions unless EMS is used. */ + if (!ssl->session->extended_master_secret) { + goto err; + } + finished = ssl->s3->previous_server_finished; + finished_len = ssl->s3->previous_server_finished_len; + } + + if (!ssl->s3->initial_handshake_complete || + ssl->version < TLS1_VERSION) { + goto err; + } + + *out_len = finished_len; + if (finished_len > max_out) { + *out_len = max_out; + } + + memcpy(out, finished, *out_len); + return 1; + +err: + *out_len = 0; + memset(out, 0, max_out); + return 0; +} + int SSL_CTX_sess_connect(const SSL_CTX *ctx) { return 0; } int SSL_CTX_sess_connect_good(const SSL_CTX *ctx) { return 0; } int SSL_CTX_sess_connect_renegotiate(const SSL_CTX *ctx) { return 0; } diff --git a/src/ssl/ssl_sess.c b/src/ssl/ssl_sess.c index 3eb428f..9ab4585 100644 --- a/src/ssl/ssl_sess.c +++ b/src/ssl/ssl_sess.c @@ -295,13 +295,11 @@ int ssl_get_new_session(SSL *s, int session) { } /* Choose which callback will set the session ID */ - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); if (s->generate_session_id) { cb = s->generate_session_id; } else if (s->initial_ctx->generate_session_id) { cb = s->initial_ctx->generate_session_id; } - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); /* Choose a session ID */ tmp = ss->session_id_length; @@ -419,10 +417,14 @@ int ssl_get_prev_session(SSL *s, const struct ssl_early_callback_ctx *ctx) { return 0; } memcpy(data.session_id, ctx->session_id, ctx->session_id_len); - CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); - ret = SSL_SESSION_up_ref(lh_SSL_SESSION_retrieve(s->initial_ctx->sessions, - &data)); - CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); + + CRYPTO_MUTEX_lock_read(&s->initial_ctx->lock); + ret = lh_SSL_SESSION_retrieve(s->initial_ctx->sessions, &data); + CRYPTO_MUTEX_unlock(&s->initial_ctx->lock); + + if (ret != NULL) { + SSL_SESSION_up_ref(ret); + } } if (try_session_cache && ret == NULL && @@ -524,8 +526,9 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) { SSL_SESSION_up_ref(c); /* if session c is in already in cache, we take back the increment later */ - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_lock_write(&ctx->lock); if (!lh_SSL_SESSION_insert(ctx->sessions, &s, c)) { + CRYPTO_MUTEX_unlock(&ctx->lock); return 0; } @@ -566,7 +569,7 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) { } } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_unlock(&ctx->lock); return ret; } @@ -580,7 +583,7 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lock) { if (c != NULL && c->session_id_length != 0) { if (lock) { - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_lock_write(&ctx->lock); } r = lh_SSL_SESSION_retrieve(ctx->sessions, c); if (r == c) { @@ -590,7 +593,7 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lock) { } if (lock) { - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_unlock(&ctx->lock); } if (ret) { @@ -607,14 +610,14 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lock) { SSL_SESSION *SSL_SESSION_up_ref(SSL_SESSION *session) { if (session) { - CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); + CRYPTO_refcount_inc(&session->references); } return session; } void SSL_SESSION_free(SSL_SESSION *session) { if (session == NULL || - CRYPTO_add(&session->references, -1, CRYPTO_LOCK_SSL_SESSION) > 0) { + !CRYPTO_refcount_dec_and_test_zero(&session->references)) { return; } @@ -741,18 +744,18 @@ static void timeout_doall_arg(SSL_SESSION *sess, void *void_param) { } } -void SSL_CTX_flush_sessions(SSL_CTX *s, long t) { +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long t) { TIMEOUT_PARAM tp; - tp.ctx = s; - tp.cache = s->sessions; + tp.ctx = ctx; + tp.cache = ctx->sessions; if (tp.cache == NULL) { return; } tp.time = t; - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_lock_write(&ctx->lock); lh_SSL_SESSION_doall_arg(tp.cache, timeout_doall_arg, &tp); - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); + CRYPTO_MUTEX_unlock(&ctx->lock); } int ssl_clear_bad_session(SSL *s) { diff --git a/src/ssl/ssl_stat.c b/src/ssl/ssl_stat.c index 8bed9ad..fa5541b 100644 --- a/src/ssl/ssl_stat.c +++ b/src/ssl/ssl_stat.c @@ -105,14 +105,6 @@ const char *SSL_state_string_long(const SSL *s) { str = "SSL renegotiate ciphers"; break; - case SSL_ST_BEFORE | SSL_ST_CONNECT: - str = "before/connect initialization"; - break; - - case SSL_ST_BEFORE | SSL_ST_ACCEPT: - str = "before/accept initialization"; - break; - /* SSLv3 additions */ case SSL3_ST_CW_CLNT_HELLO_A: str = "SSLv3 write client hello A"; diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc index 7886304..b29d28c 100644 --- a/src/ssl/ssl_test.cc +++ b/src/ssl/ssl_test.cc @@ -335,6 +335,30 @@ static const char kCustomSession[] = "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG" "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF"; +// kBadSessionExtraField is a custom serialized SSL_SESSION generated by replacing +// the final (optional) element of |kCustomSession| with tag number 30. +static const char kBadSessionExtraField[] = + "MIIBdgIBAQICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" + "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH" + "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE" + "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe" + "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751" + "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP" + "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG" + "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBL4DBAEF"; + +// kBadSessionVersion is a custom serialized SSL_SESSION generated by replacing +// the version of |kCustomSession| with 2. +static const char kBadSessionVersion[] = + "MIIBdgIBAgICAwMEAsAvBCAG5Q1ndq4Yfmbeo1zwLkNRKmCXGdNgWvGT3cskV0yQ" + "kAQwJlrlzkAWBOWiLj/jJ76D7l+UXoizP2KI2C7I2FccqMmIfFmmkUy32nIJ0mZH" + "IWoJoQYCBFRDO46iBAICASykAwQBAqUDAgEUphAEDnd3dy5nb29nbGUuY29tqAcE" + "BXdvcmxkqQUCAwGJwKqBpwSBpBwUQvoeOk0Kg36SYTcLEkXqKwOBfF9vE4KX0Nxe" + "LwjcDTpsuh3qXEaZ992r1N38VDcyS6P7I6HBYN9BsNHM362zZnY27GpTw+Kwd751" + "CLoXFPoaMOe57dbBpXoro6Pd3BTbf/Tzr88K06yEOTDKPNj3+inbMaVigtK4PLyP" + "q+Topyzvx9USFgRvyuoxn0Hgb+R0A3j6SLRuyOdAi4gv7Y5oliynrSIEIAYGBgYG" + "BgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGrgMEAQevAwQBBLADBAEF"; + static bool DecodeBase64(std::vector<uint8_t> *out, const char *in) { size_t len; if (!EVP_DecodedLength(&len, strlen(in))) { @@ -416,6 +440,23 @@ static bool TestSSL_SESSIONEncoding(const char *input_b64) { return true; } +static bool TestBadSSL_SESSIONEncoding(const char *input_b64) { + std::vector<uint8_t> input; + if (!DecodeBase64(&input, input_b64)) { + return false; + } + + // Verify that the SSL_SESSION fails to decode. + const uint8_t *ptr = bssl::vector_data(&input); + ScopedSSL_SESSION session(d2i_SSL_SESSION(NULL, &ptr, input.size())); + if (session) { + fprintf(stderr, "d2i_SSL_SESSION unexpectedly succeeded\n"); + return false; + } + ERR_clear_error(); + return true; +} + static bool TestDefaultVersion(uint16_t version, const SSL_METHOD *(*method)(void)) { ScopedSSL_CTX ctx(SSL_CTX_new(method())); @@ -431,6 +472,9 @@ static bool CipherGetRFCName(std::string *out, uint16_t value) { return false; } ScopedOpenSSLString rfc_name(SSL_CIPHER_get_rfc_name(cipher)); + if (!rfc_name) { + return false; + } out->assign(rfc_name.get()); return true; } @@ -491,6 +535,8 @@ int main(void) { if (!TestCipherRules() || !TestSSL_SESSIONEncoding(kOpenSSLSession) || !TestSSL_SESSIONEncoding(kCustomSession) || + !TestBadSSL_SESSIONEncoding(kBadSessionExtraField) || + !TestBadSSL_SESSIONEncoding(kBadSessionVersion) || !TestDefaultVersion(0, &TLS_method) || !TestDefaultVersion(SSL3_VERSION, &SSLv3_method) || !TestDefaultVersion(TLS1_VERSION, &TLSv1_method) || diff --git a/src/ssl/t1_enc.c b/src/ssl/t1_enc.c index 3eaffe7..6bd80c3 100644 --- a/src/ssl/t1_enc.c +++ b/src/ssl/t1_enc.c @@ -245,7 +245,7 @@ int tls1_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, /* Count number of digests and partition |secret| evenly. */ count = 0; for (idx = 0; ssl_get_handshake_digest(&m, &md, idx); idx++) { - if ((m << TLS1_PRF_DGST_SHIFT) & ssl_get_algorithm2(s)) { + if (m & ssl_get_algorithm2(s)) { count++; } } @@ -260,7 +260,7 @@ int tls1_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret, S1 = secret; memset(out, 0, out_len); for (idx = 0; ssl_get_handshake_digest(&m, &md, idx); idx++) { - if ((m << TLS1_PRF_DGST_SHIFT) & ssl_get_algorithm2(s)) { + if (m & ssl_get_algorithm2(s)) { /* If |count| is 2 and |secret_len| is odd, |secret| is partitioned into * two halves with an overlapping byte. */ if (!tls1_P_hash(tmp, out_len, md, S1, len + (secret_len & 1), @@ -292,114 +292,6 @@ static int tls1_generate_key_block(SSL *s, uint8_t *out, size_t out_len) { SSL3_RANDOM_SIZE); } -/* tls1_aead_ctx_init allocates |*aead_ctx|, if needed and returns 1. It - * returns 0 on malloc error. */ -static int tls1_aead_ctx_init(SSL_AEAD_CTX **aead_ctx) { - if (*aead_ctx != NULL) { - EVP_AEAD_CTX_cleanup(&(*aead_ctx)->ctx); - } else { - *aead_ctx = (SSL_AEAD_CTX *)OPENSSL_malloc(sizeof(SSL_AEAD_CTX)); - if (*aead_ctx == NULL) { - OPENSSL_PUT_ERROR(SSL, tls1_aead_ctx_init, ERR_R_MALLOC_FAILURE); - return 0; - } - } - - return 1; -} - -static int tls1_change_cipher_state_aead(SSL *s, char is_read, - const uint8_t *key, unsigned key_len, - const uint8_t *iv, unsigned iv_len, - const uint8_t *mac_secret, - unsigned mac_secret_len) { - const EVP_AEAD *aead = s->s3->tmp.new_aead; - SSL_AEAD_CTX *aead_ctx; - /* merged_key is used to merge the MAC, cipher, and IV keys for an AEAD which - * simulates pre-AEAD cipher suites. */ - uint8_t merged_key[EVP_AEAD_MAX_KEY_LENGTH]; - - if (mac_secret_len > 0) { - /* This is a "stateful" AEAD (for compatibility with pre-AEAD cipher - * suites). */ - if (mac_secret_len + key_len + iv_len > sizeof(merged_key)) { - OPENSSL_PUT_ERROR(SSL, tls1_change_cipher_state_aead, - ERR_R_INTERNAL_ERROR); - return 0; - } - memcpy(merged_key, mac_secret, mac_secret_len); - memcpy(merged_key + mac_secret_len, key, key_len); - memcpy(merged_key + mac_secret_len + key_len, iv, iv_len); - key = merged_key; - key_len += mac_secret_len; - key_len += iv_len; - } - - if (is_read) { - if (!tls1_aead_ctx_init(&s->aead_read_ctx)) { - return 0; - } - aead_ctx = s->aead_read_ctx; - } else { - if (SSL_IS_DTLS(s) && s->aead_write_ctx != NULL) { - /* DTLS renegotiation is unsupported, so a CCS can only switch away from - * the NULL cipher. This simplifies renegotiation. */ - OPENSSL_PUT_ERROR(SSL, tls1_change_cipher_state_aead, - ERR_R_INTERNAL_ERROR); - return 0; - } - if (!tls1_aead_ctx_init(&s->aead_write_ctx)) { - return 0; - } - aead_ctx = s->aead_write_ctx; - } - - if (!EVP_AEAD_CTX_init_with_direction( - &aead_ctx->ctx, aead, key, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH, - is_read ? evp_aead_open : evp_aead_seal)) { - OPENSSL_free(aead_ctx); - if (is_read) { - s->aead_read_ctx = NULL; - } else { - s->aead_write_ctx = NULL; - } - - return 0; - } - - if (mac_secret_len == 0) { - /* For a real AEAD, the IV is the fixed part of the nonce. */ - if (iv_len > sizeof(aead_ctx->fixed_nonce)) { - OPENSSL_PUT_ERROR(SSL, tls1_change_cipher_state_aead, ERR_R_INTERNAL_ERROR); - return 0; - } - - memcpy(aead_ctx->fixed_nonce, iv, iv_len); - aead_ctx->fixed_nonce_len = iv_len; - aead_ctx->variable_nonce_included_in_record = - (s->s3->tmp.new_cipher->algorithm2 & - SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD) != 0; - aead_ctx->random_variable_nonce = 0; - aead_ctx->omit_length_in_ad = 0; - } else { - aead_ctx->fixed_nonce_len = 0; - aead_ctx->variable_nonce_included_in_record = 1; - aead_ctx->random_variable_nonce = 1; - aead_ctx->omit_length_in_ad = 1; - } - aead_ctx->variable_nonce_len = s->s3->tmp.new_variable_iv_len; - aead_ctx->omit_version_in_ad = (s->version == SSL3_VERSION); - - if (aead_ctx->variable_nonce_len + aead_ctx->fixed_nonce_len != - EVP_AEAD_nonce_length(aead)) { - OPENSSL_PUT_ERROR(SSL, tls1_change_cipher_state_aead, ERR_R_INTERNAL_ERROR); - return 0; - } - aead_ctx->tag_len = EVP_AEAD_max_overhead(aead); - - return 1; -} - int tls1_change_cipher_state(SSL *s, int which) { /* is_read is true if we have just read a ChangeCipherSpec message - i.e. we * need to update the read cipherspec. Otherwise we have just written one. */ @@ -470,8 +362,21 @@ int tls1_change_cipher_state(SSL *s, int which) { return 0; } - return tls1_change_cipher_state_aead(s, is_read, key, key_len, iv, iv_len, - mac_secret, mac_secret_len); + if (is_read) { + SSL_AEAD_CTX_free(s->aead_read_ctx); + s->aead_read_ctx = SSL_AEAD_CTX_new( + evp_aead_open, ssl3_version_from_wire(s, s->version), + s->s3->tmp.new_cipher, key, key_len, mac_secret, mac_secret_len, iv, + iv_len); + return s->aead_read_ctx != NULL; + } else { + SSL_AEAD_CTX_free(s->aead_write_ctx); + s->aead_write_ctx = SSL_AEAD_CTX_new( + evp_aead_seal, ssl3_version_from_wire(s, s->version), + s->s3->tmp.new_cipher, key, key_len, mac_secret, mac_secret_len, iv, + iv_len); + return s->aead_write_ctx != NULL; + } } int tls1_setup_key_block(SSL *s) { @@ -564,153 +469,6 @@ cipher_unavailable_err: return 0; } -/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, - * respectively. It returns one on success and zero on failure. */ -int tls1_enc(SSL *s, int send) { - SSL3_RECORD *rec; - const SSL_AEAD_CTX *aead; - - if (send) { - rec = &s->s3->wrec; - aead = s->aead_write_ctx; - } else { - rec = &s->s3->rrec; - aead = s->aead_read_ctx; - } - - if (aead == NULL) { - /* Handle the initial NULL cipher. */ - memmove(rec->data, rec->input, rec->length); - rec->input = rec->data; - return 1; - } - - uint8_t ad[13], *seq, *in, *out, nonce[EVP_AEAD_MAX_NONCE_LENGTH]; - unsigned nonce_used; - size_t n, ad_len; - - seq = send ? s->s3->write_sequence : s->s3->read_sequence; - - if (SSL_IS_DTLS(s)) { - uint8_t dtlsseq[9], *p = dtlsseq; - - s2n(send ? s->d1->w_epoch : s->d1->r_epoch, p); - memcpy(p, &seq[2], 6); - memcpy(ad, dtlsseq, 8); - } else { - memcpy(ad, seq, 8); - if (!ssl3_record_sequence_update(seq, 8)) { - return 0; - } - } - - ad[8] = rec->type; - ad_len = 9; - if (!aead->omit_version_in_ad) { - ad[ad_len++] = (uint8_t)(s->version >> 8); - ad[ad_len++] = (uint8_t)(s->version); - } - - if (aead->fixed_nonce_len + aead->variable_nonce_len > sizeof(nonce)) { - OPENSSL_PUT_ERROR(SSL, tls1_enc, ERR_R_INTERNAL_ERROR); - return 0; - } - - memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len); - nonce_used = aead->fixed_nonce_len; - - if (send) { - size_t len = rec->length; - size_t eivlen = 0; - in = rec->input; - out = rec->data; - - uint8_t *variable_nonce = nonce + nonce_used; - if (aead->random_variable_nonce) { - assert(aead->variable_nonce_included_in_record); - if (!RAND_bytes(nonce + nonce_used, aead->variable_nonce_len)) { - return 0; - } - } else { - /* When sending we use the sequence number as the variable part of the - * nonce. */ - if (aead->variable_nonce_len != 8) { - OPENSSL_PUT_ERROR(SSL, tls1_enc, ERR_R_INTERNAL_ERROR); - return 0; - } - memcpy(nonce + nonce_used, ad, aead->variable_nonce_len); - } - nonce_used += aead->variable_nonce_len; - - /* in do_ssl3_write, rec->input is moved forward by variable_nonce_len in - * order to leave space for the variable nonce. Thus we can copy the - * sequence number bytes into place without overwriting any of the - * plaintext. */ - if (aead->variable_nonce_included_in_record) { - memcpy(out, variable_nonce, aead->variable_nonce_len); - len -= aead->variable_nonce_len; - eivlen = aead->variable_nonce_len; - } - - if (!aead->omit_length_in_ad) { - ad[ad_len++] = len >> 8; - ad[ad_len++] = len & 0xff; - } - - if (!EVP_AEAD_CTX_seal(&aead->ctx, out + eivlen, &n, len + aead->tag_len, - nonce, nonce_used, in + eivlen, len, ad, ad_len)) { - return 0; - } - - if (aead->variable_nonce_included_in_record) { - n += aead->variable_nonce_len; - } - } else { - /* receive */ - size_t len = rec->length; - - if (rec->data != rec->input) { - OPENSSL_PUT_ERROR(SSL, tls1_enc, ERR_R_INTERNAL_ERROR); - return 0; - } - out = in = rec->input; - - if (len < aead->variable_nonce_len) { - return 0; - } - memcpy(nonce + nonce_used, - aead->variable_nonce_included_in_record ? in : ad, - aead->variable_nonce_len); - nonce_used += aead->variable_nonce_len; - - if (aead->variable_nonce_included_in_record) { - in += aead->variable_nonce_len; - len -= aead->variable_nonce_len; - out += aead->variable_nonce_len; - } - - if (!aead->omit_length_in_ad) { - if (len < aead->tag_len) { - return 0; - } - size_t plaintext_len = len - aead->tag_len; - - ad[ad_len++] = plaintext_len >> 8; - ad[ad_len++] = plaintext_len & 0xff; - } - - if (!EVP_AEAD_CTX_open(&aead->ctx, out, &n, rec->length, nonce, nonce_used, in, - len, ad, ad_len)) { - return 0; - } - - rec->data = rec->input = out; - } - - rec->length = n; - return 1; -} - int tls1_cert_verify_mac(SSL *s, int md_nid, uint8_t *out) { unsigned int ret; EVP_MD_CTX ctx, *d = NULL; @@ -796,6 +554,11 @@ int tls1_final_finish_mac(SSL *s, const char *str, int slen, uint8_t *out) { int err = 0; int digests_len; + /* At this point, the handshake should have released the handshake buffer on + * its own. + * TODO(davidben): Apart from initialization, the handshake buffer should be + * orthogonal to the handshake digest. https://crbug.com/492371 */ + assert(s->s3->handshake_buffer == NULL); if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, free_handshake_buffer)) { return 0; diff --git a/src/ssl/t1_lib.c b/src/ssl/t1_lib.c index 58b7f04..9e5c011 100644 --- a/src/ssl/t1_lib.c +++ b/src/ssl/t1_lib.c @@ -129,7 +129,6 @@ static int ssl_check_clienthello_tlsext(SSL *s); static int ssl_check_serverhello_tlsext(SSL *s); const SSL3_ENC_METHOD TLSv1_enc_data = { - tls1_enc, tls1_prf, tls1_setup_key_block, tls1_generate_master_secret, @@ -144,7 +143,6 @@ const SSL3_ENC_METHOD TLSv1_enc_data = { }; const SSL3_ENC_METHOD TLSv1_1_enc_data = { - tls1_enc, tls1_prf, tls1_setup_key_block, tls1_generate_master_secret, @@ -159,7 +157,6 @@ const SSL3_ENC_METHOD TLSv1_1_enc_data = { }; const SSL3_ENC_METHOD TLSv1_2_enc_data = { - tls1_enc, tls1_prf, tls1_setup_key_block, tls1_generate_master_secret, @@ -874,7 +871,7 @@ uint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit, } /* Add RI if renegotiating */ - if (s->renegotiate) { + if (s->s3->initial_handshake_complete) { int el; if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { @@ -908,7 +905,12 @@ uint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit, if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) { int ticklen = 0; - if (!s->new_session && s->session && s->session->tlsext_tick) { + /* Renegotiation does not participate in session resumption. However, still + * advertise the extension to avoid potentially breaking servers which carry + * over the state from the previous handshake, such as OpenSSL servers + * without upstream's 3c3f0259238594d77264a78944d409f2127642c4. */ + if (!s->s3->initial_handshake_complete && s->session != NULL && + s->session->tlsext_tick != NULL) { ticklen = s->session->tlsext_ticklen; } @@ -957,7 +959,7 @@ uint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit, s2n(0, ret); } - if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len && + if (s->ctx->next_proto_select_cb && !s->s3->initial_handshake_complete && !SSL_IS_DTLS(s)) { /* The client advertises an emtpy extension to indicate its support for * Next Protocol Negotiation */ @@ -968,7 +970,7 @@ uint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit, s2n(0, ret); } - if (s->signed_cert_timestamps_enabled && !s->s3->tmp.finish_md_len) { + if (s->signed_cert_timestamps_enabled) { /* The client advertises an empty extension to indicate its support for * certificate timestamps. */ if (limit - ret - 4 < 0) { @@ -978,7 +980,7 @@ uint8_t *ssl_add_clienthello_tlsext(SSL *s, uint8_t *buf, uint8_t *limit, s2n(0, ret); } - if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) { + if (s->alpn_client_proto_list && !s->s3->initial_handshake_complete) { if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len) { return NULL; } @@ -1587,29 +1589,16 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CBS *cbs, int *out_alert) { return 0; } } else if (type == TLSEXT_TYPE_next_proto_neg && - s->s3->tmp.finish_md_len == 0 && s->s3->alpn_selected == NULL && - !SSL_IS_DTLS(s)) { + !s->s3->initial_handshake_complete && + s->s3->alpn_selected == NULL && !SSL_IS_DTLS(s)) { /* The extension must be empty. */ if (CBS_len(&extension) != 0) { *out_alert = SSL_AD_DECODE_ERROR; return 0; } - - /* We shouldn't accept this extension on a renegotiation. - * - * s->new_session will be set on renegotiation, but we probably shouldn't - * rely that it couldn't be set on the initial renegotation too in - * certain cases (when there's some other reason to disallow resuming an - * earlier session -- the current code won't be doing anything like that, - * but this might change). - - * A valid sign that there's been a previous handshake in this connection - * is if s->s3->tmp.finish_md_len > 0. (We are talking about a check - * that will happen in the Hello protocol round, well before a new - * Finished message could have been computed.) */ s->s3->next_proto_neg_seen = 1; } else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation && - s->ctx->alpn_select_cb && s->s3->tmp.finish_md_len == 0) { + s->ctx->alpn_select_cb && !s->s3->initial_handshake_complete) { if (!tls1_alpn_handle_client_hello(s, &extension, out_alert)) { return 0; } @@ -1652,7 +1641,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CBS *cbs, int *out_alert) { ri_check: /* Need RI if renegotiating */ - if (!renegotiate_seen && s->renegotiate && + if (!renegotiate_seen && s->s3->initial_handshake_complete && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { *out_alert = SSL_AD_HANDSHAKE_FAILURE; OPENSSL_PUT_ERROR(SSL, ssl_scan_clienthello_tlsext, @@ -1791,8 +1780,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, CBS *cbs, int *out_alert) { /* Set a flag to expect a CertificateStatus message */ s->s3->tmp.certificate_status_expected = 1; } else if (type == TLSEXT_TYPE_next_proto_neg && - s->s3->tmp.finish_md_len == 0 && - !SSL_IS_DTLS(s)) { + !s->s3->initial_handshake_complete && !SSL_IS_DTLS(s)) { uint8_t *selected; uint8_t selected_len; @@ -1824,7 +1812,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, CBS *cbs, int *out_alert) { s->next_proto_negotiated_len = selected_len; s->s3->next_proto_neg_seen = 1; - } else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation) { + } else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation && + !s->s3->initial_handshake_complete) { CBS protocol_name_list, protocol_name; /* We must have requested it. */ diff --git a/src/ssl/test/CMakeLists.txt b/src/ssl/test/CMakeLists.txt index a0d7a5e..3b07903 100644 --- a/src/ssl/test/CMakeLists.txt +++ b/src/ssl/test/CMakeLists.txt @@ -5,9 +5,10 @@ add_executable( async_bio.cc bssl_shim.cc - malloc.cc packeted_bio.cc test_config.cc + + $<TARGET_OBJECTS:test_support> ) target_link_libraries(bssl_shim ssl crypto) diff --git a/src/ssl/test/bssl_shim.cc b/src/ssl/test/bssl_shim.cc index 1cf96f2..40cb149 100644 --- a/src/ssl/test/bssl_shim.cc +++ b/src/ssl/test/bssl_shim.cc @@ -406,14 +406,6 @@ static ScopedSSL_CTX SetupCtx(const TestConfig *config) { return nullptr; } - if (config->is_dtls) { - // DTLS needs read-ahead to function on a datagram BIO. - // - // TODO(davidben): this should not be necessary. DTLS code should only - // expect a datagram BIO. - SSL_CTX_set_read_ahead(ssl_ctx.get(), 1); - } - if (!SSL_CTX_set_cipher_list(ssl_ctx.get(), "ALL")) { return nullptr; } @@ -599,6 +591,9 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, if (config->allow_unsafe_legacy_renegotiation) { SSL_set_options(ssl.get(), SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); } + if (config->no_legacy_server_connect) { + SSL_clear_options(ssl.get(), SSL_OP_LEGACY_SERVER_CONNECT); + } if (!config->expected_channel_id.empty()) { SSL_enable_tls_channel_id(ssl.get()); } @@ -660,8 +655,9 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, !SSL_set_cipher_list(ssl.get(), config->cipher.c_str())) { return false; } - if (config->reject_peer_renegotiations) { - SSL_set_reject_peer_renegotiations(ssl.get(), 1); + if (!config->reject_peer_renegotiations) { + /* Renegotiations are disabled by default. */ + SSL_set_reject_peer_renegotiations(ssl.get(), 0); } int sock = Connect(config->port); @@ -703,6 +699,11 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, } } + if (SSL_get_current_cipher(ssl.get()) != nullptr) { + fprintf(stderr, "non-null cipher before handshake\n"); + return false; + } + int ret; if (config->implicit_handshake) { if (config->is_server) { @@ -722,6 +723,11 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, return false; } + if (SSL_get_current_cipher(ssl.get()) == nullptr) { + fprintf(stderr, "null cipher after handshake\n"); + return false; + } + if (is_resume && (!!SSL_session_reused(ssl.get()) == config->expect_session_miss)) { fprintf(stderr, "session was%s reused\n", @@ -834,30 +840,6 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, } } - if (config->renegotiate) { - if (config->async) { - fprintf(stderr, "-renegotiate is not supported with -async.\n"); - return false; - } - if (config->implicit_handshake) { - fprintf(stderr, "-renegotiate is not supported with -implicit-handshake.\n"); - return false; - } - - SSL_renegotiate(ssl.get()); - - ret = SSL_do_handshake(ssl.get()); - if (ret != 1) { - return false; - } - - SSL_set_state(ssl.get(), SSL_ST_ACCEPT); - ret = SSL_do_handshake(ssl.get()); - if (ret != 1) { - return false; - } - } - if (config->export_keying_material > 0) { std::vector<uint8_t> result( static_cast<size_t>(config->export_keying_material)); @@ -874,6 +856,26 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, } } + if (config->tls_unique) { + uint8_t tls_unique[16]; + size_t tls_unique_len; + if (!SSL_get_tls_unique(ssl.get(), tls_unique, &tls_unique_len, + sizeof(tls_unique))) { + fprintf(stderr, "failed to get tls-unique\n"); + return false; + } + + if (tls_unique_len != 12) { + fprintf(stderr, "expected 12 bytes of tls-unique but got %u", + static_cast<unsigned>(tls_unique_len)); + return false; + } + + if (WriteAll(ssl.get(), tls_unique, tls_unique_len) < 0) { + return false; + } + } + if (config->write_different_record_sizes) { if (config->is_dtls) { fprintf(stderr, "write_different_record_sizes not supported for DTLS\n"); diff --git a/src/ssl/test/runner/common.go b/src/ssl/test/runner/common.go index 4ac7250..edebba1 100644 --- a/src/ssl/test/runner/common.go +++ b/src/ssl/test/runner/common.go @@ -188,6 +188,7 @@ type ConnectionState struct { VerifiedChains [][]*x509.Certificate // verified chains built from PeerCertificates ChannelID *ecdsa.PublicKey // the channel ID for this connection SRTPProtectionProfile uint16 // the negotiated DTLS-SRTP protection profile + TLSUnique []byte } // ClientAuthType declares the policy the server will follow for @@ -478,7 +479,9 @@ type ProtocolBugs struct { // MaxHandshakeRecordLength, if non-zero, is the maximum size of a // handshake record. Handshake messages will be split into multiple // records at the specified size, except that the client_version will - // never be fragmented. + // never be fragmented. For DTLS, it is the maximum handshake fragment + // size, not record size; DTLS allows multiple handshake fragments in a + // single handshake record. See |PackHandshakeFragments|. MaxHandshakeRecordLength int // FragmentClientVersion will allow MaxHandshakeRecordLength to apply to @@ -681,13 +684,14 @@ type ProtocolBugs struct { // fragments in DTLS. SendEmptyFragments bool - // NeverResumeOnRenego, if true, causes renegotiations to always be full - // handshakes. - NeverResumeOnRenego bool + // SendSplitAlert, if true, causes an alert to be sent with the header + // and record body split across multiple packets. The peer should + // discard these packets rather than process it. + SendSplitAlert bool - // NoSignatureAlgorithmsOnRenego, if true, causes renegotiations to omit - // the signature_algorithms extension. - NoSignatureAlgorithmsOnRenego bool + // FailIfResumeOnRenego, if true, causes renegotiations to fail if the + // client offers a resumption or the server accepts one. + FailIfResumeOnRenego bool // IgnorePeerCipherPreferences, if true, causes the peer's cipher // preferences to be ignored. @@ -707,6 +711,22 @@ type ProtocolBugs struct { // BadFinished, if true, causes the Finished hash to be broken. BadFinished bool + + // DHGroupPrime, if not nil, is used to define the (finite field) + // Diffie-Hellman group. The generator used is always two. + DHGroupPrime *big.Int + + // PackHandshakeFragments, if true, causes handshake fragments to be + // packed into individual handshake records, up to the specified record + // size. + PackHandshakeFragments int + + // PackHandshakeRecords, if true, causes handshake records to be packed + // into individual packets, up to the specified packet size. + PackHandshakeRecords int + + // EnableAllCiphersInDTLS, if true, causes RC4 to be enabled in DTLS. + EnableAllCiphersInDTLS bool } func (c *Config) serverInit() { diff --git a/src/ssl/test/runner/conn.go b/src/ssl/test/runner/conn.go index fd198ca..adbc1c3 100644 --- a/src/ssl/test/runner/conn.go +++ b/src/ssl/test/runner/conn.go @@ -44,7 +44,11 @@ type Conn struct { // opposed to the ones presented by the server. verifiedChains [][]*x509.Certificate // serverName contains the server name indicated by the client, if any. - serverName string + serverName string + // firstFinished contains the first Finished hash sent during the + // handshake. This is the "tls-unique" channel binding value. + firstFinished [12]byte + clientRandom, serverRandom [32]byte masterSecret [48]byte @@ -1260,6 +1264,15 @@ func (c *Conn) Handshake() error { return nil } + if c.isDTLS && c.config.Bugs.SendSplitAlert { + c.conn.Write([]byte{ + byte(recordTypeAlert), // type + 0xfe, 0xff, // version + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, // sequence + 0x0, 0x2, // length + }) + c.conn.Write([]byte{alertLevelError, byte(alertInternalError)}) + } if c.isClient { c.handshakeErr = c.clientHandshake() } else { @@ -1290,6 +1303,7 @@ func (c *Conn) ConnectionState() ConnectionState { state.ServerName = c.serverName state.ChannelID = c.channelID state.SRTPProtectionProfile = c.srtpProtectionProfile + state.TLSUnique = c.firstFinished[:] } return state diff --git a/src/ssl/test/runner/dtls.go b/src/ssl/test/runner/dtls.go index 85c4247..50f7786 100644 --- a/src/ssl/test/runner/dtls.go +++ b/src/ssl/test/runner/dtls.go @@ -196,6 +196,8 @@ func (c *Conn) dtlsFlushHandshake() error { return nil } + // This is a test-only DTLS implementation, so there is no need to + // retain |c.pendingFragments| for a future retransmit. var fragments [][]byte fragments, c.pendingFragments = c.pendingFragments, fragments @@ -208,38 +210,66 @@ func (c *Conn) dtlsFlushHandshake() error { fragments = tmp } - // Send them all. + maxRecordLen := c.config.Bugs.PackHandshakeFragments + maxPacketLen := c.config.Bugs.PackHandshakeRecords + + // Pack handshake fragments into records. + var records [][]byte for _, fragment := range fragments { if c.config.Bugs.SplitFragmentHeader { - if _, err := c.dtlsWriteRawRecord(recordTypeHandshake, fragment[:2]); err != nil { - return err - } - fragment = fragment[2:] - } else if c.config.Bugs.SplitFragmentBody && len(fragment) > 12 { - if _, err := c.dtlsWriteRawRecord(recordTypeHandshake, fragment[:13]); err != nil { - return err + records = append(records, fragment[:2]) + records = append(records, fragment[2:]) + } else if c.config.Bugs.SplitFragmentBody { + if len(fragment) > 12 { + records = append(records, fragment[:13]) + records = append(records, fragment[13:]) + } else { + records = append(records, fragment) } - fragment = fragment[13:] + } else if i := len(records) - 1; len(records) > 0 && len(records[i])+len(fragment) <= maxRecordLen { + records[i] = append(records[i], fragment...) + } else { + // The fragment will be appended to, so copy it. + records = append(records, append([]byte{}, fragment...)) + } + } + + // Format them into packets. + var packets [][]byte + for _, record := range records { + b, err := c.dtlsSealRecord(recordTypeHandshake, record) + if err != nil { + return err + } + + if i := len(packets) - 1; len(packets) > 0 && len(packets[i])+len(b.data) <= maxPacketLen { + packets[i] = append(packets[i], b.data...) + } else { + // The sealed record will be appended to and reused by + // |c.out|, so copy it. + packets = append(packets, append([]byte{}, b.data...)) } + c.out.freeBlock(b) + } - // TODO(davidben): A real DTLS implementation needs to - // retransmit handshake messages. For testing purposes, we don't - // actually care. - if _, err := c.dtlsWriteRawRecord(recordTypeHandshake, fragment); err != nil { + // Send all the packets. + for _, packet := range packets { + if _, err := c.conn.Write(packet); err != nil { return err } } return nil } -func (c *Conn) dtlsWriteRawRecord(typ recordType, data []byte) (n int, err error) { +// dtlsSealRecord seals a record into a block from |c.out|'s pool. +func (c *Conn) dtlsSealRecord(typ recordType, data []byte) (b *block, err error) { recordHeaderLen := dtlsRecordHeaderLen maxLen := c.config.Bugs.MaxHandshakeRecordLength if maxLen <= 0 { maxLen = 1024 } - b := c.out.newBlock() + b = c.out.newBlock() explicitIVLen := 0 explicitIVIsSeq := false @@ -286,6 +316,14 @@ func (c *Conn) dtlsWriteRawRecord(typ recordType, data []byte) (n int, err error } copy(b.data[recordHeaderLen+explicitIVLen:], data) c.out.encrypt(b, explicitIVLen) + return +} + +func (c *Conn) dtlsWriteRawRecord(typ recordType, data []byte) (n int, err error) { + b, err := c.dtlsSealRecord(typ, data) + if err != nil { + return + } _, err = c.conn.Write(b.data) if err != nil { diff --git a/src/ssl/test/runner/handshake_client.go b/src/ssl/test/runner/handshake_client.go index 0dac05d..a950313 100644 --- a/src/ssl/test/runner/handshake_client.go +++ b/src/ssl/test/runner/handshake_client.go @@ -115,7 +115,7 @@ NextCipherSuite: continue } // Don't advertise non-DTLS cipher suites on DTLS. - if c.isDTLS && suite.flags&suiteNoDTLS != 0 { + if c.isDTLS && suite.flags&suiteNoDTLS != 0 && !c.config.Bugs.EnableAllCiphersInDTLS { continue } hello.cipherSuites = append(hello.cipherSuites, suiteId) @@ -133,16 +133,13 @@ NextCipherSuite: return errors.New("tls: short read from Rand: " + err.Error()) } - if hello.vers >= VersionTLS12 && !c.config.Bugs.NoSignatureAndHashes && (c.cipherSuite == nil || !c.config.Bugs.NoSignatureAlgorithmsOnRenego) { + if hello.vers >= VersionTLS12 && !c.config.Bugs.NoSignatureAndHashes { hello.signatureAndHashes = c.config.signatureAndHashesForClient() } var session *ClientSessionState var cacheKey string sessionCache := c.config.ClientSessionCache - if c.config.Bugs.NeverResumeOnRenego && c.cipherSuite != nil { - sessionCache = nil - } if sessionCache != nil { hello.ticketSupported = !c.config.SessionTicketsDisabled @@ -316,10 +313,10 @@ NextCipherSuite: if err := hs.readSessionTicket(); err != nil { return err } - if err := hs.readFinished(); err != nil { + if err := hs.readFinished(c.firstFinished[:]); err != nil { return err } - if err := hs.sendFinished(isResume); err != nil { + if err := hs.sendFinished(nil, isResume); err != nil { return err } } else { @@ -329,7 +326,7 @@ NextCipherSuite: if err := hs.establishKeys(); err != nil { return err } - if err := hs.sendFinished(isResume); err != nil { + if err := hs.sendFinished(c.firstFinished[:], isResume); err != nil { return err } // Most retransmits are triggered by a timeout, but the final @@ -344,7 +341,7 @@ NextCipherSuite: if err := hs.readSessionTicket(); err != nil { return err } - if err := hs.readFinished(); err != nil { + if err := hs.readFinished(nil); err != nil { return err } } @@ -727,6 +724,12 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) { } if hs.serverResumedSession() { + // For test purposes, assert that the server never accepts the + // resumption offer on renegotiation. + if c.cipherSuite != nil && c.config.Bugs.FailIfResumeOnRenego { + return false, errors.New("tls: server resumed session on renegotiation") + } + // Restore masterSecret and peerCerts from previous state hs.masterSecret = hs.session.masterSecret c.peerCertificates = hs.session.serverCertificates @@ -737,7 +740,7 @@ func (hs *clientHandshakeState) processServerHello() (bool, error) { return false, nil } -func (hs *clientHandshakeState) readFinished() error { +func (hs *clientHandshakeState) readFinished(out []byte) error { c := hs.c c.readRecord(recordTypeChangeCipherSpec) @@ -764,6 +767,7 @@ func (hs *clientHandshakeState) readFinished() error { } } c.serverVerify = append(c.serverVerify[:0], serverFinished.verifyData...) + copy(out, serverFinished.verifyData) hs.writeServerHash(serverFinished.marshal()) return nil } @@ -807,7 +811,7 @@ func (hs *clientHandshakeState) readSessionTicket() error { return nil } -func (hs *clientHandshakeState) sendFinished(isResume bool) error { +func (hs *clientHandshakeState) sendFinished(out []byte, isResume bool) error { c := hs.c var postCCSBytes []byte @@ -859,6 +863,7 @@ func (hs *clientHandshakeState) sendFinished(isResume bool) error { } else { finished.verifyData = hs.finishedHash.clientSum(hs.masterSecret) } + copy(out, finished.verifyData) if c.config.Bugs.BadFinished { finished.verifyData[0]++ } diff --git a/src/ssl/test/runner/handshake_server.go b/src/ssl/test/runner/handshake_server.go index 59ed9df..85cc0d2 100644 --- a/src/ssl/test/runner/handshake_server.go +++ b/src/ssl/test/runner/handshake_server.go @@ -69,7 +69,7 @@ func (c *Conn) serverHandshake() error { return err } } - if err := hs.sendFinished(); err != nil { + if err := hs.sendFinished(c.firstFinished[:]); err != nil { return err } // Most retransmits are triggered by a timeout, but the final @@ -81,7 +81,7 @@ func (c *Conn) serverHandshake() error { }); err != nil { return err } - if err := hs.readFinished(isResume); err != nil { + if err := hs.readFinished(nil, isResume); err != nil { return err } c.didResume = true @@ -94,7 +94,7 @@ func (c *Conn) serverHandshake() error { if err := hs.establishKeys(); err != nil { return err } - if err := hs.readFinished(isResume); err != nil { + if err := hs.readFinished(c.firstFinished[:], isResume); err != nil { return err } if c.config.Bugs.AlertBeforeFalseStartTest != 0 { @@ -108,7 +108,7 @@ func (c *Conn) serverHandshake() error { if err := hs.sendSessionTicket(); err != nil { return err } - if err := hs.sendFinished(); err != nil { + if err := hs.sendFinished(nil); err != nil { return err } } @@ -274,6 +274,10 @@ Curves: hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation } + if c.config.Bugs.NoRenegotiationInfo { + hs.hello.secureRenegotiation = nil + } + hs.hello.compressionMethod = compressionNone hs.hello.duplicateExtension = c.config.Bugs.DuplicateExtension if len(hs.clientHello.serverName) > 0 { @@ -333,6 +337,12 @@ Curves: _, hs.ecdsaOk = hs.cert.PrivateKey.(*ecdsa.PrivateKey) + // For test purposes, check that the peer never offers a session when + // renegotiating. + if c.cipherSuite != nil && len(hs.clientHello.sessionId) > 0 && c.config.Bugs.FailIfResumeOnRenego { + return false, errors.New("tls: offered resumption on renegotiation") + } + if hs.checkForResumption() { return true, nil } @@ -382,10 +392,6 @@ Curves: func (hs *serverHandshakeState) checkForResumption() bool { c := hs.c - if c.config.Bugs.NeverResumeOnRenego && c.cipherSuite != nil { - return false - } - if len(hs.clientHello.sessionTicket) > 0 { if c.config.SessionTicketsDisabled { return false @@ -748,7 +754,7 @@ func (hs *serverHandshakeState) establishKeys() error { return nil } -func (hs *serverHandshakeState) readFinished(isResume bool) error { +func (hs *serverHandshakeState) readFinished(out []byte, isResume bool) error { c := hs.c c.readRecord(recordTypeChangeCipherSpec) @@ -817,6 +823,7 @@ func (hs *serverHandshakeState) readFinished(isResume bool) error { return errors.New("tls: client's Finished message is incorrect") } c.clientVerify = append(c.clientVerify[:0], clientFinished.verifyData...) + copy(out, clientFinished.verifyData) hs.writeClientHash(clientFinished.marshal()) return nil @@ -853,11 +860,12 @@ func (hs *serverHandshakeState) sendSessionTicket() error { return nil } -func (hs *serverHandshakeState) sendFinished() error { +func (hs *serverHandshakeState) sendFinished(out []byte) error { c := hs.c finished := new(finishedMsg) finished.verifyData = hs.finishedHash.serverSum(hs.masterSecret) + copy(out, finished.verifyData) if c.config.Bugs.BadFinished { finished.verifyData[0]++ } diff --git a/src/ssl/test/runner/key_agreement.go b/src/ssl/test/runner/key_agreement.go index 5e44b54..2ee0087 100644 --- a/src/ssl/test/runner/key_agreement.go +++ b/src/ssl/test/runner/key_agreement.go @@ -561,11 +561,18 @@ type dheKeyAgreement struct { } func (ka *dheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { - // 2048-bit MODP Group with 256-bit Prime Order Subgroup (RFC - // 5114, Section 2.3) - ka.p, _ = new(big.Int).SetString("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597", 16) - ka.g, _ = new(big.Int).SetString("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659", 16) - q, _ := new(big.Int).SetString("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3", 16) + var q *big.Int + if p := config.Bugs.DHGroupPrime; p != nil { + ka.p = p + ka.g = big.NewInt(2) + q = p + } else { + // 2048-bit MODP Group with 256-bit Prime Order Subgroup (RFC + // 5114, Section 2.3) + ka.p, _ = new(big.Int).SetString("87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F25D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA3016C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0EF13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D967E144E5140564251CCACB83E6B486F6B3CA3F7971506026C0B857F689962856DED4010ABD0BE621C3A3960A54E710C375F26375D7014103A4B54330C198AF126116D2276E11715F693877FAD7EF09CADB094AE91E1A1597", 16) + ka.g, _ = new(big.Int).SetString("3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF205407F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC831D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6184B523D1DB246C32F63078490F00EF8D647D148D47954515E2327CFEF98C582664B4C0F6CC41659", 16) + q, _ = new(big.Int).SetString("8CF83642A709A097B447997640129DA299B1A47D1EB3750BA308B0FE64F5FBD3", 16) + } var err error ka.xOurs, err = rand.Int(config.rand(), q) diff --git a/src/ssl/test/runner/runner.go b/src/ssl/test/runner/runner.go index ec2fede..bd03cb1 100644 --- a/src/ssl/test/runner/runner.go +++ b/src/ssl/test/runner/runner.go @@ -11,6 +11,7 @@ import ( "fmt" "io" "io/ioutil" + "math/big" "net" "os" "os/exec" @@ -160,6 +161,10 @@ type testCase struct { // resumeSession controls whether a second connection should be tested // which attempts to resume the first session. resumeSession bool + // expectResumeRejected, if true, specifies that the attempted + // resumption must be rejected by the client. This is only valid for a + // serverTest. + expectResumeRejected bool // resumeConfig, if not nil, points to a Config to be used on // resumption. Unless newSessionsOnResume is set, // SessionTicketKey, ServerSessionCache, and @@ -196,6 +201,9 @@ type testCase struct { // flags, if not empty, contains a list of command-line flags that will // be passed to the shim program. flags []string + // testTLSUnique, if true, causes the shim to send the tls-unique value + // which will be compared against the expected value. + testTLSUnique bool } var testCases = []testCase{ @@ -1085,6 +1093,49 @@ var testCases = []testCase{ }, expectedCipher: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, }, + { + protocol: dtls, + name: "SendSplitAlert-Sync", + config: Config{ + Bugs: ProtocolBugs{ + SendSplitAlert: true, + }, + }, + }, + { + protocol: dtls, + name: "SendSplitAlert-Async", + config: Config{ + Bugs: ProtocolBugs{ + SendSplitAlert: true, + }, + }, + flags: []string{"-async"}, + }, + { + protocol: dtls, + name: "PackDTLSHandshake", + config: Config{ + Bugs: ProtocolBugs{ + MaxHandshakeRecordLength: 2, + PackHandshakeFragments: 20, + PackHandshakeRecords: 200, + }, + }, + }, + { + testType: serverTest, + protocol: dtls, + name: "NoRC4-DTLS", + config: Config{ + CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA}, + Bugs: ProtocolBugs{ + EnableAllCiphersInDTLS: true, + }, + }, + shouldFail: true, + expectedError: ":NO_SHARED_CIPHER:", + }, } func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, isResume bool) error { @@ -1144,16 +1195,20 @@ func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, i if isResume && test.expectedResumeVersion != 0 { expectedVersion = test.expectedResumeVersion } - if vers := tlsConn.ConnectionState().Version; expectedVersion != 0 && vers != expectedVersion { + connState := tlsConn.ConnectionState() + if vers := connState.Version; expectedVersion != 0 && vers != expectedVersion { return fmt.Errorf("got version %x, expected %x", vers, expectedVersion) } - if cipher := tlsConn.ConnectionState().CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher { + if cipher := connState.CipherSuite; test.expectedCipher != 0 && cipher != test.expectedCipher { return fmt.Errorf("got cipher %x, expected %x", cipher, test.expectedCipher) } + if didResume := connState.DidResume; isResume && didResume == test.expectResumeRejected { + return fmt.Errorf("didResume is %t, but we expected the opposite", didResume) + } if test.expectChannelID { - channelID := tlsConn.ConnectionState().ChannelID + channelID := connState.ChannelID if channelID == nil { return fmt.Errorf("no channel ID negotiated") } @@ -1165,18 +1220,18 @@ func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, i } if expected := test.expectedNextProto; expected != "" { - if actual := tlsConn.ConnectionState().NegotiatedProtocol; actual != expected { + if actual := connState.NegotiatedProtocol; actual != expected { return fmt.Errorf("next proto mismatch: got %s, wanted %s", actual, expected) } } if test.expectedNextProtoType != 0 { - if (test.expectedNextProtoType == alpn) != tlsConn.ConnectionState().NegotiatedProtocolFromALPN { + if (test.expectedNextProtoType == alpn) != connState.NegotiatedProtocolFromALPN { return fmt.Errorf("next proto type mismatch") } } - if p := tlsConn.ConnectionState().SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile { + if p := connState.SRTPProtectionProfile; p != test.expectedSRTPProtectionProfile { return fmt.Errorf("SRTP profile mismatch: got %d, wanted %d", p, test.expectedSRTPProtectionProfile) } @@ -1194,6 +1249,17 @@ func doExchange(test *testCase, config *Config, conn net.Conn, messageLen int, i } } + if test.testTLSUnique { + var peersValue [12]byte + if _, err := io.ReadFull(tlsConn, peersValue[:]); err != nil { + return err + } + expected := tlsConn.ConnectionState().TLSUnique + if !bytes.Equal(peersValue[:], expected) { + return fmt.Errorf("tls-unique mismatch: peer sent %x, but %x was expected", peersValue[:], expected) + } + } + if test.shimWritesFirst { var buf [5]byte _, err := io.ReadFull(tlsConn, buf[:]) @@ -1321,6 +1387,10 @@ func runTest(test *testCase, buildDir string, mallocNumToFail int64) error { panic("Error expected without shouldFail in " + test.name) } + if test.expectResumeRejected && !test.resumeSession { + panic("expectResumeRejected without resumeSession in " + test.name) + } + listener, err := net.ListenTCP("tcp4", &net.TCPAddr{IP: net.IP{127, 0, 0, 1}}) if err != nil { panic(err) @@ -1371,6 +1441,13 @@ func runTest(test *testCase, buildDir string, mallocNumToFail int64) error { flags = append(flags, "-use-export-context") } } + if test.expectResumeRejected { + flags = append(flags, "-expect-session-miss") + } + + if test.testTLSUnique { + flags = append(flags, "-tls-unique") + } flags = append(flags, test.flags...) @@ -1569,6 +1646,14 @@ func isDTLSCipher(suiteName string) bool { return !hasComponent(suiteName, "RC4") } +func bigFromHex(hex string) *big.Int { + ret, ok := new(big.Int).SetString(hex, 16) + if !ok { + panic("failed to parse hex number 0x" + hex) + } + return ret +} + func addCipherSuiteTests() { for _, suite := range testCipherSuites { const psk = "12345" @@ -1667,6 +1752,21 @@ func addCipherSuiteTests() { } } } + + testCases = append(testCases, testCase{ + name: "WeakDH", + config: Config{ + CipherSuites: []uint16{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256}, + Bugs: ProtocolBugs{ + // This is a 1023-bit prime number, generated + // with: + // openssl gendh 1023 | openssl asn1parse -i + DHGroupPrime: bigFromHex("518E9B7930CE61C6E445C8360584E5FC78D9137C0FFDC880B495D5338ADF7689951A6821C17A76B3ACB8E0156AEA607B7EC406EBEDBB84D8376EB8FE8F8BA1433488BEE0C3EDDFD3A32DBB9481980A7AF6C96BFCF490A094CFFB2B8192C1BB5510B77B658436E27C2D4D023FE3718222AB0CA1273995B51F6D625A4944D0DD4B"), + }, + }, + shouldFail: true, + expectedError: "BAD_DH_P_LENGTH", + }) } func addBadECDSASignatureTests() { @@ -1866,245 +1966,235 @@ func addExtendedMasterSecretTests() { } } - // When a session is resumed, it should still be aware that its master - // secret was generated via EMS and thus it's safe to use tls-unique. - testCases = append(testCases, testCase{ - name: "ExtendedMasterSecret-Resume", - config: Config{ - Bugs: ProtocolBugs{ - RequireExtendedMasterSecret: true, - }, - }, - flags: []string{expectEMSFlag}, - resumeSession: true, - }) + for _, isClient := range []bool{false, true} { + for _, supportedInFirstConnection := range []bool{false, true} { + for _, supportedInResumeConnection := range []bool{false, true} { + boolToWord := func(b bool) string { + if b { + return "Yes" + } + return "No" + } + suffix := boolToWord(supportedInFirstConnection) + "To" + boolToWord(supportedInResumeConnection) + "-" + if isClient { + suffix += "Client" + } else { + suffix += "Server" + } + + supportedConfig := Config{ + Bugs: ProtocolBugs{ + RequireExtendedMasterSecret: true, + }, + } + + noSupportConfig := Config{ + Bugs: ProtocolBugs{ + NoExtendedMasterSecret: true, + }, + } + + test := testCase{ + name: "ExtendedMasterSecret-" + suffix, + resumeSession: true, + } + + if !isClient { + test.testType = serverTest + } + + if supportedInFirstConnection { + test.config = supportedConfig + } else { + test.config = noSupportConfig + } + + if supportedInResumeConnection { + test.resumeConfig = &supportedConfig + } else { + test.resumeConfig = &noSupportConfig + } + + switch suffix { + case "YesToYes-Client", "YesToYes-Server": + // When a session is resumed, it should + // still be aware that its master + // secret was generated via EMS and + // thus it's safe to use tls-unique. + test.flags = []string{expectEMSFlag} + case "NoToYes-Server": + // If an original connection did not + // contain EMS, but a resumption + // handshake does, then a server should + // not resume the session. + test.expectResumeRejected = true + case "YesToNo-Server": + // Resuming an EMS session without the + // EMS extension should cause the + // server to abort the connection. + test.shouldFail = true + test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:" + case "NoToYes-Client": + // A client should abort a connection + // where the server resumed a non-EMS + // session but echoed the EMS + // extension. + test.shouldFail = true + test.expectedError = ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:" + case "YesToNo-Client": + // A client should abort a connection + // where the server didn't echo EMS + // when the session used it. + test.shouldFail = true + test.expectedError = ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:" + } + + testCases = append(testCases, test) + } + } + } } // Adds tests that try to cover the range of the handshake state machine, under // various conditions. Some of these are redundant with other tests, but they // only cover the synchronous case. func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) { - var suffix string - var flags []string - var maxHandshakeRecordLength int - if protocol == dtls { - suffix = "-DTLS" - } - if async { - suffix += "-Async" - flags = append(flags, "-async") - } else { - suffix += "-Sync" - } - if splitHandshake { - suffix += "-SplitHandshakeRecords" - maxHandshakeRecordLength = 1 - } + var tests []testCase // Basic handshake, with resumption. Client and server, // session ID and session ticket. - testCases = append(testCases, testCase{ - protocol: protocol, - name: "Basic-Client" + suffix, - config: Config{ - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, - }, - flags: flags, + tests = append(tests, testCase{ + name: "Basic-Client", resumeSession: true, }) - testCases = append(testCases, testCase{ - protocol: protocol, - name: "Basic-Client-RenewTicket" + suffix, + tests = append(tests, testCase{ + name: "Basic-Client-RenewTicket", config: Config{ Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - RenewTicketOnResume: true, + RenewTicketOnResume: true, }, }, - flags: flags, resumeSession: true, }) - testCases = append(testCases, testCase{ - protocol: protocol, - name: "Basic-Client-NoTicket" + suffix, + tests = append(tests, testCase{ + name: "Basic-Client-NoTicket", config: Config{ SessionTicketsDisabled: true, - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: flags, resumeSession: true, }) - testCases = append(testCases, testCase{ - protocol: protocol, - name: "Basic-Client-Implicit" + suffix, - config: Config{ - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, - }, - flags: append(flags, "-implicit-handshake"), + tests = append(tests, testCase{ + name: "Basic-Client-Implicit", + flags: []string{"-implicit-handshake"}, resumeSession: true, }) - testCases = append(testCases, testCase{ - protocol: protocol, - testType: serverTest, - name: "Basic-Server" + suffix, - config: Config{ - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, - }, - flags: flags, + tests = append(tests, testCase{ + testType: serverTest, + name: "Basic-Server", resumeSession: true, }) - testCases = append(testCases, testCase{ - protocol: protocol, + tests = append(tests, testCase{ testType: serverTest, - name: "Basic-Server-NoTickets" + suffix, + name: "Basic-Server-NoTickets", config: Config{ SessionTicketsDisabled: true, - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: flags, resumeSession: true, }) - testCases = append(testCases, testCase{ - protocol: protocol, - testType: serverTest, - name: "Basic-Server-Implicit" + suffix, - config: Config{ - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, - }, - flags: append(flags, "-implicit-handshake"), + tests = append(tests, testCase{ + testType: serverTest, + name: "Basic-Server-Implicit", + flags: []string{"-implicit-handshake"}, resumeSession: true, }) - testCases = append(testCases, testCase{ - protocol: protocol, - testType: serverTest, - name: "Basic-Server-EarlyCallback" + suffix, - config: Config{ - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, - }, - flags: append(flags, "-use-early-callback"), + tests = append(tests, testCase{ + testType: serverTest, + name: "Basic-Server-EarlyCallback", + flags: []string{"-use-early-callback"}, resumeSession: true, }) // TLS client auth. - testCases = append(testCases, testCase{ - protocol: protocol, + tests = append(tests, testCase{ testType: clientTest, - name: "ClientAuth-Client" + suffix, + name: "ClientAuth-Client", config: Config{ ClientAuth: RequireAnyClientCert, - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: append(flags, + flags: []string{ "-cert-file", rsaCertificateFile, - "-key-file", rsaKeyFile), + "-key-file", rsaKeyFile, + }, }) - testCases = append(testCases, testCase{ - protocol: protocol, + tests = append(tests, testCase{ testType: serverTest, - name: "ClientAuth-Server" + suffix, + name: "ClientAuth-Server", config: Config{ Certificates: []Certificate{rsaCertificate}, }, - flags: append(flags, "-require-any-client-certificate"), + flags: []string{"-require-any-client-certificate"}, }) // No session ticket support; server doesn't send NewSessionTicket. - testCases = append(testCases, testCase{ - protocol: protocol, - name: "SessionTicketsDisabled-Client" + suffix, + tests = append(tests, testCase{ + name: "SessionTicketsDisabled-Client", config: Config{ SessionTicketsDisabled: true, - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: flags, }) - testCases = append(testCases, testCase{ - protocol: protocol, + tests = append(tests, testCase{ testType: serverTest, - name: "SessionTicketsDisabled-Server" + suffix, + name: "SessionTicketsDisabled-Server", config: Config{ SessionTicketsDisabled: true, - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: flags, }) // Skip ServerKeyExchange in PSK key exchange if there's no // identity hint. - testCases = append(testCases, testCase{ - protocol: protocol, - name: "EmptyPSKHint-Client" + suffix, + tests = append(tests, testCase{ + name: "EmptyPSKHint-Client", config: Config{ CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA}, PreSharedKey: []byte("secret"), - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: append(flags, "-psk", "secret"), + flags: []string{"-psk", "secret"}, }) - testCases = append(testCases, testCase{ - protocol: protocol, + tests = append(tests, testCase{ testType: serverTest, - name: "EmptyPSKHint-Server" + suffix, + name: "EmptyPSKHint-Server", config: Config{ CipherSuites: []uint16{TLS_PSK_WITH_AES_128_CBC_SHA}, PreSharedKey: []byte("secret"), - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: append(flags, "-psk", "secret"), + flags: []string{"-psk", "secret"}, }) if protocol == tls { + tests = append(tests, testCase{ + name: "Renegotiate-Client", + renegotiate: true, + }) // NPN on client and server; results in post-handshake message. - testCases = append(testCases, testCase{ - protocol: protocol, - name: "NPN-Client" + suffix, + tests = append(tests, testCase{ + name: "NPN-Client", config: Config{ NextProtos: []string{"foo"}, - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: append(flags, "-select-next-proto", "foo"), + flags: []string{"-select-next-proto", "foo"}, expectedNextProto: "foo", expectedNextProtoType: npn, }) - testCases = append(testCases, testCase{ - protocol: protocol, + tests = append(tests, testCase{ testType: serverTest, - name: "NPN-Server" + suffix, + name: "NPN-Server", config: Config{ NextProtos: []string{"bar"}, - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: append(flags, + flags: []string{ "-advertise-npn", "\x03foo\x03bar\x03baz", - "-expect-next-proto", "bar"), + "-expect-next-proto", "bar", + }, expectedNextProto: "bar", expectedNextProtoType: npn, }) @@ -2112,146 +2202,148 @@ func addStateMachineCoverageTests(async, splitHandshake bool, protocol protocol) // TODO(davidben): Add tests for when False Start doesn't trigger. // Client does False Start and negotiates NPN. - testCases = append(testCases, testCase{ - protocol: protocol, - name: "FalseStart" + suffix, + tests = append(tests, testCase{ + name: "FalseStart", config: Config{ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, NextProtos: []string{"foo"}, Bugs: ProtocolBugs{ - ExpectFalseStart: true, - MaxHandshakeRecordLength: maxHandshakeRecordLength, + ExpectFalseStart: true, }, }, - flags: append(flags, + flags: []string{ "-false-start", - "-select-next-proto", "foo"), + "-select-next-proto", "foo", + }, shimWritesFirst: true, resumeSession: true, }) // Client does False Start and negotiates ALPN. - testCases = append(testCases, testCase{ - protocol: protocol, - name: "FalseStart-ALPN" + suffix, + tests = append(tests, testCase{ + name: "FalseStart-ALPN", config: Config{ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, NextProtos: []string{"foo"}, Bugs: ProtocolBugs{ - ExpectFalseStart: true, - MaxHandshakeRecordLength: maxHandshakeRecordLength, + ExpectFalseStart: true, }, }, - flags: append(flags, + flags: []string{ "-false-start", - "-advertise-alpn", "\x03foo"), + "-advertise-alpn", "\x03foo", + }, shimWritesFirst: true, resumeSession: true, }) // Client does False Start but doesn't explicitly call // SSL_connect. - testCases = append(testCases, testCase{ - protocol: protocol, - name: "FalseStart-Implicit" + suffix, + tests = append(tests, testCase{ + name: "FalseStart-Implicit", config: Config{ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, NextProtos: []string{"foo"}, - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: append(flags, + flags: []string{ "-implicit-handshake", "-false-start", - "-advertise-alpn", "\x03foo"), + "-advertise-alpn", "\x03foo", + }, }) // False Start without session tickets. - testCases = append(testCases, testCase{ - name: "FalseStart-SessionTicketsDisabled" + suffix, + tests = append(tests, testCase{ + name: "FalseStart-SessionTicketsDisabled", config: Config{ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, NextProtos: []string{"foo"}, SessionTicketsDisabled: true, Bugs: ProtocolBugs{ - ExpectFalseStart: true, - MaxHandshakeRecordLength: maxHandshakeRecordLength, + ExpectFalseStart: true, }, }, - flags: append(flags, + flags: []string{ "-false-start", "-select-next-proto", "foo", - ), + }, shimWritesFirst: true, }) // Server parses a V2ClientHello. - testCases = append(testCases, testCase{ - protocol: protocol, + tests = append(tests, testCase{ testType: serverTest, - name: "SendV2ClientHello" + suffix, + name: "SendV2ClientHello", config: Config{ // Choose a cipher suite that does not involve // elliptic curves, so no extensions are // involved. CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - SendV2ClientHello: true, + SendV2ClientHello: true, }, }, - flags: flags, }) // Client sends a Channel ID. - testCases = append(testCases, testCase{ - protocol: protocol, - name: "ChannelID-Client" + suffix, + tests = append(tests, testCase{ + name: "ChannelID-Client", config: Config{ RequestChannelID: true, - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: append(flags, - "-send-channel-id", channelIDKeyFile, - ), + flags: []string{"-send-channel-id", channelIDKeyFile}, resumeSession: true, expectChannelID: true, }) // Server accepts a Channel ID. - testCases = append(testCases, testCase{ - protocol: protocol, + tests = append(tests, testCase{ testType: serverTest, - name: "ChannelID-Server" + suffix, + name: "ChannelID-Server", config: Config{ ChannelID: channelIDKey, - Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - }, }, - flags: append(flags, + flags: []string{ "-expect-channel-id", base64.StdEncoding.EncodeToString(channelIDBytes), - ), + }, resumeSession: true, expectChannelID: true, }) } else { - testCases = append(testCases, testCase{ - protocol: protocol, - name: "SkipHelloVerifyRequest" + suffix, + tests = append(tests, testCase{ + name: "SkipHelloVerifyRequest", config: Config{ Bugs: ProtocolBugs{ - MaxHandshakeRecordLength: maxHandshakeRecordLength, - SkipHelloVerifyRequest: true, + SkipHelloVerifyRequest: true, }, }, - flags: flags, }) } + + var suffix string + var flags []string + var maxHandshakeRecordLength int + if protocol == dtls { + suffix = "-DTLS" + } + if async { + suffix += "-Async" + flags = append(flags, "-async") + } else { + suffix += "-Sync" + } + if splitHandshake { + suffix += "-SplitHandshakeRecords" + maxHandshakeRecordLength = 1 + } + for _, test := range tests { + test.protocol = protocol + test.name += suffix + test.config.Bugs.MaxHandshakeRecordLength = maxHandshakeRecordLength + test.flags = append(test.flags, flags...) + testCases = append(testCases, test) + } } func addDDoSCallbackTests() { @@ -2637,8 +2729,8 @@ func addExtensionTests() { CorruptTicket: true, }, }, - resumeSession: true, - flags: []string{"-expect-session-miss"}, + resumeSession: true, + expectResumeRejected: true, }) // Resume with an oversized session id. testCases = append(testCases, testCase{ @@ -2799,7 +2891,6 @@ func addResumptionVersionTests() { testCases = append(testCases, testCase{ protocol: protocol, name: "Resume-Client-NoResume" + suffix, - flags: []string{"-expect-session-miss"}, resumeSession: true, config: Config{ MaxVersion: sessionVers.version, @@ -2811,24 +2902,21 @@ func addResumptionVersionTests() { CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, }, newSessionsOnResume: true, + expectResumeRejected: true, expectedResumeVersion: resumeVers.version, }) - var flags []string - if sessionVers.version != resumeVers.version { - flags = append(flags, "-expect-session-miss") - } testCases = append(testCases, testCase{ protocol: protocol, testType: serverTest, name: "Resume-Server" + suffix, - flags: flags, resumeSession: true, config: Config{ MaxVersion: sessionVers.version, CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, }, - expectedVersion: sessionVers.version, + expectedVersion: sessionVers.version, + expectResumeRejected: sessionVers.version != resumeVers.version, resumeConfig: &Config{ MaxVersion: resumeVers.version, CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, @@ -2857,57 +2945,50 @@ func addResumptionVersionTests() { } func addRenegotiationTests() { + // Servers cannot renegotiate. testCases = append(testCases, testCase{ - testType: serverTest, - name: "Renegotiate-Server", - flags: []string{"-renegotiate"}, - shimWritesFirst: true, + testType: serverTest, + name: "Renegotiate-Server-Forbidden", + renegotiate: true, + flags: []string{"-reject-peer-renegotiations"}, + shouldFail: true, + expectedError: ":NO_RENEGOTIATION:", + expectedLocalError: "remote error: no renegotiation", }) + // TODO(agl): test the renegotiation info SCSV. testCases = append(testCases, testCase{ - testType: serverTest, - name: "Renegotiate-Server-Full", + name: "Renegotiate-Client", config: Config{ Bugs: ProtocolBugs{ - NeverResumeOnRenego: true, + FailIfResumeOnRenego: true, }, }, - flags: []string{"-renegotiate"}, - shimWritesFirst: true, + renegotiate: true, }) testCases = append(testCases, testCase{ - testType: serverTest, - name: "Renegotiate-Server-EmptyExt", + name: "Renegotiate-Client-EmptyExt", + renegotiate: true, config: Config{ Bugs: ProtocolBugs{ EmptyRenegotiationInfo: true, }, }, - flags: []string{"-renegotiate"}, - shimWritesFirst: true, - shouldFail: true, - expectedError: ":RENEGOTIATION_MISMATCH:", + shouldFail: true, + expectedError: ":RENEGOTIATION_MISMATCH:", }) testCases = append(testCases, testCase{ - testType: serverTest, - name: "Renegotiate-Server-BadExt", + name: "Renegotiate-Client-BadExt", + renegotiate: true, config: Config{ Bugs: ProtocolBugs{ BadRenegotiationInfo: true, }, }, - flags: []string{"-renegotiate"}, - shimWritesFirst: true, - shouldFail: true, - expectedError: ":RENEGOTIATION_MISMATCH:", - }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "Renegotiate-Server-ClientInitiated", - renegotiate: true, + shouldFail: true, + expectedError: ":RENEGOTIATION_MISMATCH:", }) testCases = append(testCases, testCase{ - testType: serverTest, - name: "Renegotiate-Server-ClientInitiated-NoExt", + name: "Renegotiate-Client-NoExt", renegotiate: true, config: Config{ Bugs: ProtocolBugs{ @@ -2916,75 +2997,16 @@ func addRenegotiationTests() { }, shouldFail: true, expectedError: ":UNSAFE_LEGACY_RENEGOTIATION_DISABLED:", + flags: []string{"-no-legacy-server-connect"}, }) testCases = append(testCases, testCase{ - testType: serverTest, - name: "Renegotiate-Server-ClientInitiated-NoExt-Allowed", + name: "Renegotiate-Client-NoExt-Allowed", renegotiate: true, config: Config{ Bugs: ProtocolBugs{ NoRenegotiationInfo: true, }, }, - flags: []string{"-allow-unsafe-legacy-renegotiation"}, - }) - testCases = append(testCases, testCase{ - testType: serverTest, - name: "Renegotiate-Server-ClientInitiated-Forbidden", - renegotiate: true, - flags: []string{"-reject-peer-renegotiations"}, - shouldFail: true, - expectedError: ":NO_RENEGOTIATION:", - expectedLocalError: "remote error: no renegotiation", - }) - // Regression test for CVE-2015-0291. - testCases = append(testCases, testCase{ - testType: serverTest, - name: "Renegotiate-Server-NoSignatureAlgorithms", - config: Config{ - Bugs: ProtocolBugs{ - NeverResumeOnRenego: true, - NoSignatureAlgorithmsOnRenego: true, - }, - }, - flags: []string{"-renegotiate"}, - shimWritesFirst: true, - }) - // TODO(agl): test the renegotiation info SCSV. - testCases = append(testCases, testCase{ - name: "Renegotiate-Client", - renegotiate: true, - }) - testCases = append(testCases, testCase{ - name: "Renegotiate-Client-Full", - config: Config{ - Bugs: ProtocolBugs{ - NeverResumeOnRenego: true, - }, - }, - renegotiate: true, - }) - testCases = append(testCases, testCase{ - name: "Renegotiate-Client-EmptyExt", - renegotiate: true, - config: Config{ - Bugs: ProtocolBugs{ - EmptyRenegotiationInfo: true, - }, - }, - shouldFail: true, - expectedError: ":RENEGOTIATION_MISMATCH:", - }) - testCases = append(testCases, testCase{ - name: "Renegotiate-Client-BadExt", - renegotiate: true, - config: Config{ - Bugs: ProtocolBugs{ - BadRenegotiationInfo: true, - }, - }, - shouldFail: true, - expectedError: ":RENEGOTIATION_MISMATCH:", }) testCases = append(testCases, testCase{ name: "Renegotiate-Client-SwitchCiphers", @@ -3365,6 +3387,59 @@ func addExportKeyingMaterialTests() { }) } +func addTLSUniqueTests() { + for _, isClient := range []bool{false, true} { + for _, isResumption := range []bool{false, true} { + for _, hasEMS := range []bool{false, true} { + var suffix string + if isResumption { + suffix = "Resume-" + } else { + suffix = "Full-" + } + + if hasEMS { + suffix += "EMS-" + } else { + suffix += "NoEMS-" + } + + if isClient { + suffix += "Client" + } else { + suffix += "Server" + } + + test := testCase{ + name: "TLSUnique-" + suffix, + testTLSUnique: true, + config: Config{ + Bugs: ProtocolBugs{ + NoExtendedMasterSecret: !hasEMS, + }, + }, + } + + if isResumption { + test.resumeSession = true + test.resumeConfig = &Config{ + Bugs: ProtocolBugs{ + NoExtendedMasterSecret: !hasEMS, + }, + } + } + + if isResumption && !hasEMS { + test.shouldFail = true + test.expectedError = "failed to get tls-unique" + } + + testCases = append(testCases, test) + } + } + } +} + func worker(statusChan chan statusMsg, c chan *testCase, buildDir string, wg *sync.WaitGroup) { defer wg.Done() @@ -3463,6 +3538,7 @@ func main() { addFastRadioPaddingTests() addDTLSRetransmitTests() addExportKeyingMaterialTests() + addTLSUniqueTests() for _, async := range []bool{false, true} { for _, splitHandshake := range []bool{false, true} { for _, protocol := range []protocol{tls, dtls} { diff --git a/src/ssl/test/test_config.cc b/src/ssl/test/test_config.cc index 25906f7..363b6f3 100644 --- a/src/ssl/test/test_config.cc +++ b/src/ssl/test/test_config.cc @@ -65,7 +65,6 @@ const Flag<bool> kBoolFlags[] = { { "-expect-session-miss", &TestConfig::expect_session_miss }, { "-expect-extended-master-secret", &TestConfig::expect_extended_master_secret }, - { "-renegotiate", &TestConfig::renegotiate }, { "-allow-unsafe-legacy-renegotiation", &TestConfig::allow_unsafe_legacy_renegotiation }, { "-enable-ocsp-stapling", &TestConfig::enable_ocsp_stapling }, @@ -81,6 +80,8 @@ const Flag<bool> kBoolFlags[] = { { "-handshake-never-done", &TestConfig::handshake_never_done }, { "-use-export-context", &TestConfig::use_export_context }, { "-reject-peer-renegotiations", &TestConfig::reject_peer_renegotiations }, + { "-no-legacy-server-connect", &TestConfig::no_legacy_server_connect }, + { "-tls-unique", &TestConfig::tls_unique }, }; const Flag<std::string> kStringFlags[] = { diff --git a/src/ssl/test/test_config.h b/src/ssl/test/test_config.h index f107a0f..5d753c8 100644 --- a/src/ssl/test/test_config.h +++ b/src/ssl/test/test_config.h @@ -54,7 +54,6 @@ struct TestConfig { bool expect_extended_master_secret = false; std::string psk; std::string psk_identity; - bool renegotiate = false; bool allow_unsafe_legacy_renegotiation = false; std::string srtp_profiles; bool enable_ocsp_stapling = false; @@ -78,6 +77,8 @@ struct TestConfig { std::string export_context; bool use_export_context = false; bool reject_peer_renegotiations = false; + bool no_legacy_server_connect = false; + bool tls_unique = false; }; bool ParseConfig(int argc, char **argv, TestConfig *out_config); diff --git a/src/tool/CMakeLists.txt b/src/tool/CMakeLists.txt index 4bb6ca2..74c1ac8 100644 --- a/src/tool/CMakeLists.txt +++ b/src/tool/CMakeLists.txt @@ -15,4 +15,8 @@ add_executable( transport_common.cc ) -target_link_libraries(bssl ssl crypto) +if (APPLE OR WIN32 OR ANDROID) + target_link_libraries(bssl ssl crypto) +else() + target_link_libraries(bssl ssl crypto -lrt) +endif() diff --git a/src/util/all_tests.go b/src/util/all_tests.go index 91822d1..49954df 100644 --- a/src/util/all_tests.go +++ b/src/util/all_tests.go @@ -22,16 +22,21 @@ import ( "os" "os/exec" "path" + "strconv" "strings" + "syscall" "time" ) // TODO(davidben): Link tests with the malloc shim and port -malloc-test to this runner. var ( - useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind") - buildDir = flag.String("build-dir", "build", "The build directory to run the tests from.") - jsonOutput = flag.String("json-output", "", "The file to output JSON results to.") + useValgrind = flag.Bool("valgrind", false, "If true, run code under valgrind") + useGDB = flag.Bool("gdb", false, "If true, run BoringSSL code under gdb") + buildDir = flag.String("build-dir", "build", "The build directory to run the tests from.") + jsonOutput = flag.String("json-output", "", "The file to output JSON results to.") + mallocTest = flag.Int64("malloc-test", -1, "If non-negative, run each test with each malloc in turn failing from the given number onwards.") + mallocTestDebug = flag.Bool("malloc-test-debug", false, "If true, ask each test to abort rather than fail a malloc. This can be used with a specific value for --malloc-test to identity the malloc failing that is causing problems.") ) type test []string @@ -83,6 +88,7 @@ var tests = []test{ {"crypto/lhash/lhash_test"}, {"crypto/modes/gcm_test"}, {"crypto/pkcs8/pkcs12_test"}, + {"crypto/refcount_test"}, {"crypto/rsa/rsa_test"}, {"crypto/thread_test"}, {"crypto/x509/pkcs7_test"}, @@ -156,25 +162,59 @@ func valgrindOf(dbAttach bool, path string, args ...string) *exec.Cmd { return exec.Command("valgrind", valgrindArgs...) } -func runTest(test test) (passed bool, err error) { +func gdbOf(path string, args ...string) *exec.Cmd { + xtermArgs := []string{"-e", "gdb", "--args"} + xtermArgs = append(xtermArgs, path) + xtermArgs = append(xtermArgs, args...) + + return exec.Command("xterm", xtermArgs...) +} + +type moreMallocsError struct{} + +func (moreMallocsError) Error() string { + return "child process did not exhaust all allocation calls" +} + +var errMoreMallocs = moreMallocsError{} + +func runTestOnce(test test, mallocNumToFail int64) (passed bool, err error) { prog := path.Join(*buildDir, test[0]) args := test[1:] var cmd *exec.Cmd if *useValgrind { cmd = valgrindOf(false, prog, args...) + } else if *useGDB { + cmd = gdbOf(prog, args...) } else { cmd = exec.Command(prog, args...) } var stdoutBuf bytes.Buffer + var stderrBuf bytes.Buffer cmd.Stdout = &stdoutBuf - cmd.Stderr = os.Stderr + cmd.Stderr = &stderrBuf + if mallocNumToFail >= 0 { + cmd.Env = os.Environ() + cmd.Env = append(cmd.Env, "MALLOC_NUMBER_TO_FAIL="+strconv.FormatInt(mallocNumToFail, 10)) + if *mallocTestDebug { + cmd.Env = append(cmd.Env, "MALLOC_ABORT_ON_FAIL=1") + } + cmd.Env = append(cmd.Env, "_MALLOC_CHECK=1") + } if err := cmd.Start(); err != nil { return false, err } if err := cmd.Wait(); err != nil { + if exitError, ok := err.(*exec.ExitError); ok { + if exitError.Sys().(syscall.WaitStatus).ExitStatus() == 88 { + return false, errMoreMallocs + } + } + fmt.Print(string(stderrBuf.Bytes())) return false, err } + fmt.Print(string(stderrBuf.Bytes())) // Account for Windows line-endings. stdout := bytes.Replace(stdoutBuf.Bytes(), []byte("\r\n"), []byte("\n"), -1) @@ -186,6 +226,21 @@ func runTest(test test) (passed bool, err error) { return false, nil } +func runTest(test test) (bool, error) { + if *mallocTest < 0 { + return runTestOnce(test, -1) + } + + for mallocNumToFail := int64(*mallocTest); ; mallocNumToFail++ { + if passed, err := runTestOnce(test, mallocNumToFail); err != errMoreMallocs { + if err != nil { + err = fmt.Errorf("at malloc %d: %s", mallocNumToFail, err) + } + return passed, err + } + } +} + // shortTestName returns the short name of a test. Except for evp_test, it // assumes that any argument which ends in .txt is a path to a data file and not // relevant to the test's uniqueness. diff --git a/src/util/bot/toolchain_vs2013.hash b/src/util/bot/toolchain_vs2013.hash deleted file mode 100644 index 4ed8816..0000000 --- a/src/util/bot/toolchain_vs2013.hash +++ /dev/null @@ -1 +0,0 @@ -ee7d718ec60c2dc5d255bbe325909c2021a7efef diff --git a/src/util/bot/vs_toolchain.py b/src/util/bot/vs_toolchain.py index fd76f39..2a54b9e 100644 --- a/src/util/bot/vs_toolchain.py +++ b/src/util/bot/vs_toolchain.py @@ -34,8 +34,9 @@ def SetEnvironmentAndGetRuntimeDllDirs(): toolchain = toolchain_data['path'] version = toolchain_data['version'] - version_is_pro = version[-1] != 'e' - win8sdk = toolchain_data['win8sdk'] + win_sdk = toolchain_data.get('win_sdk') + if not win_sdk: + win_sdk = toolchain_data['win8sdk'] wdk = toolchain_data['wdk'] # TODO(scottmg): The order unfortunately matters in these. They should be # split into separate keys for x86 and x64. (See CopyVsRuntimeDlls call @@ -49,10 +50,10 @@ def SetEnvironmentAndGetRuntimeDllDirs(): # otheroptions.express # values there. gyp_defines_dict = gyp.NameValueListToDict(gyp.ShlexEnv('GYP_DEFINES')) - gyp_defines_dict['windows_sdk_path'] = win8sdk + gyp_defines_dict['windows_sdk_path'] = win_sdk os.environ['GYP_DEFINES'] = ' '.join('%s=%s' % (k, pipes.quote(str(v))) for k, v in gyp_defines_dict.iteritems()) - os.environ['WINDOWSSDKDIR'] = win8sdk + os.environ['WINDOWSSDKDIR'] = win_sdk os.environ['WDK_DIR'] = wdk # Include the VS runtime in the PATH in case it's not machine-installed. runtime_path = ';'.join(vs2013_runtime_dll_dirs) @@ -63,9 +64,8 @@ def SetEnvironmentAndGetRuntimeDllDirs(): def _GetDesiredVsToolchainHashes(): """Load a list of SHA1s corresponding to the toolchains that we want installed to build with.""" - sha1path = os.path.join(script_dir, 'toolchain_vs2013.hash') - with open(sha1path, 'rb') as f: - return f.read().strip().splitlines() + # Use Chromium's VS2013. + return ['ee7d718ec60c2dc5d255bbe325909c2021a7efef'] def FindDepotTools(): @@ -85,7 +85,6 @@ def Update(): bool(int(os.environ.get('DEPOT_TOOLS_WIN_TOOLCHAIN', '1'))) if sys.platform in ('win32', 'cygwin') and depot_tools_win_toolchain: depot_tools_path = FindDepotTools() - json_data_file = os.path.join(script_dir, 'win_toolchain.json') get_toolchain_args = [ sys.executable, os.path.join(depot_tools_path, diff --git a/src/util/doc.go b/src/util/doc.go index 20feae5..540d6ca 100644 --- a/src/util/doc.go +++ b/src/util/doc.go @@ -209,12 +209,24 @@ func skipLine(s string) string { } func getNameFromDecl(decl string) (string, bool) { - for strings.HasPrefix(decl, "#if") { + for strings.HasPrefix(decl, "#if") || strings.HasPrefix(decl, "#elif") { decl = skipLine(decl) } if strings.HasPrefix(decl, "struct ") { return "", false } + if strings.HasPrefix(decl, "#define ") { + // This is a preprocessor #define. The name is the next symbol. + decl = strings.TrimPrefix(decl, "#define ") + for len(decl) > 0 && decl[0] == ' ' { + decl = decl[1:] + } + i := strings.IndexAny(decl, "( ") + if i < 0 { + return "", false + } + return decl[:i], true + } decl = skipPast(decl, "STACK_OF(") decl = skipPast(decl, "LHASH_OF(") i := strings.Index(decl, "(") diff --git a/src/util/generate_build_files.py b/src/util/generate_build_files.py index 94de546..e534a56 100644 --- a/src/util/generate_build_files.py +++ b/src/util/generate_build_files.py @@ -90,6 +90,7 @@ class Chromium(object): ], 'sources': [ '%s', + '<@(boringssl_test_support_sources)', ], # TODO(davidben): Fix size_t truncations in BoringSSL. # https://crbug.com/429039 @@ -99,9 +100,12 @@ class Chromium(object): test_names.sort() - test_gypi.write(""" ], - 'variables': { - 'boringssl_test_targets': [\n""") + test_gypi.write(' ],\n \'variables\': {\n') + + self.PrintVariableSection( + test_gypi, 'boringssl_test_support_sources', files['test_support']) + + test_gypi.write(' \'boringssl_test_targets\': [\n') for test in test_names: test_gypi.write(""" '%s',\n""" % test) @@ -174,10 +178,16 @@ def OnlyTests(dent, is_dir): """Filter function that can be passed to FindCFiles in order to remove non-test sources.""" if is_dir: - return True + return dent != 'test' return '_test.' in dent or dent.startswith('example_') +def AllFiles(dent, is_dir): + """Filter function that can be passed to FindCFiles in order to include all + sources.""" + return True + + def FindCFiles(directory, filter_func): """Recurses through directory and returns a list of paths to all the C source files that pass filter_func.""" @@ -304,6 +314,9 @@ def main(platform): stdout=err_data) crypto_c_files.append('err_data.c') + test_support_cc_files = FindCFiles(os.path.join('src', 'crypto', 'test'), + AllFiles) + test_c_files = FindCFiles(os.path.join('src', 'crypto'), OnlyTests) test_c_files += FindCFiles(os.path.join('src', 'ssl'), OnlyTests) @@ -312,6 +325,7 @@ def main(platform): 'ssl': ssl_c_files, 'tool': tool_cc_files, 'test': test_c_files, + 'test_support': test_support_cc_files, } asm_outputs = sorted(WriteAsmFiles(ReadPerlAsmOperations()).iteritems()) |