From ea33bd989d3544dee6b71f3d57d13dc0f65ace61 Mon Sep 17 00:00:00 2001 From: Justin W Smith <103147162+justsmth@users.noreply.github.com> Date: Mon, 10 Apr 2023 12:06:30 -0400 Subject: [PATCH] Improved support for OpenSSH (#894) --- .clang-format | 1 + crypto/CMakeLists.txt | 2 + crypto/ec_extra/ec_asn1.c | 45 +- crypto/err/err.c | 2 + crypto/err/evp.errordata | 1 + crypto/err/pem.errordata | 1 + crypto/fipsmodule/ec/ec_test.cc | 24 +- crypto/obj/obj_dat.h | 1 - crypto/obj/objects.go | 2 +- generated-src/err_data.c | 903 +++++++++++++++--------------- include/openssl/base.h | 11 + include/openssl/crypto.h | 1 + include/openssl/ec.h | 8 + include/openssl/err.h | 3 + include/openssl/evp_errors.h | 1 + include/openssl/nid.h | 3 - include/openssl/pem.h | 1 + tests/check_objects_and_errors.sh | 2 +- 18 files changed, 553 insertions(+), 459 deletions(-) diff --git a/.clang-format b/.clang-format index 33b77f9ad7..a066257163 100644 --- a/.clang-format +++ b/.clang-format @@ -4,6 +4,7 @@ AllowShortIfStatementsOnASingleLine: false AllowShortLoopsOnASingleLine: false DerivePointerAlignment: false PointerAlignment: Right +InsertBraces: true # TODO(davidben): The default for Google style is now Regroup, but the default # IncludeCategories does not recognize . We should # reconfigure IncludeCategories to match. For now, keep it at Preserve. diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt index d1bc4a25c5..1c4e212f66 100644 --- a/crypto/CMakeLists.txt +++ b/crypto/CMakeLists.txt @@ -740,6 +740,8 @@ if(BUILD_TESTING) target_link_libraries(${CRYPTO_TEST_EXEC} test_support_lib boringssl_gtest_main crypto) if(WIN32) target_link_libraries(${CRYPTO_TEST_EXEC} ws2_32) + else() + target_compile_options(${CRYPTO_TEST_EXEC} PUBLIC -Wno-deprecated-declarations) endif() add_dependencies(all_tests ${CRYPTO_TEST_EXEC}) endif() diff --git a/crypto/ec_extra/ec_asn1.c b/crypto/ec_extra/ec_asn1.c index 5c0dab1a4f..797b8abb7f 100644 --- a/crypto/ec_extra/ec_asn1.c +++ b/crypto/ec_extra/ec_asn1.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -532,3 +532,46 @@ int i2o_ECPublicKey(const EC_KEY *key, uint8_t **outp) { // Historically, this function used the wrong return value on error. return ret > 0 ? ret : 0; } + +static size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + uint8_t **pbuf, BN_CTX *ctx) { + size_t len; + uint8_t *buf; + + len = EC_POINT_point2oct(group, point, form, NULL, 0, NULL); + if (len == 0) { + return 0; + } + buf = OPENSSL_malloc(len); + if (buf == NULL) { + OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); + return 0; + } + len = EC_POINT_point2oct(group, point, form, buf, len, ctx); + if (len == 0) { + OPENSSL_free(buf); + return 0; + } + *pbuf = buf; + return len; +} + +BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, BIGNUM *ret, + BN_CTX *ctx) { + size_t buf_len = 0; + uint8_t *buf; + + buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx); + + if (buf_len == 0) { + return NULL; + } + + ret = BN_bin2bn(buf, buf_len, ret); + + OPENSSL_free(buf); + + return ret; +} diff --git a/crypto/err/err.c b/crypto/err/err.c index 68c06341c7..e00de8f92c 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -808,6 +808,8 @@ int ERR_pop_to_mark(void) { return 0; } +void ERR_load_CRYPTO_strings(void) {} + void ERR_load_crypto_strings(void) {} void ERR_free_strings(void) {} diff --git a/crypto/err/evp.errordata b/crypto/err/evp.errordata index 87fc1895c8..f2e2d21e29 100644 --- a/crypto/err/evp.errordata +++ b/crypto/err/evp.errordata @@ -1,3 +1,4 @@ +EVP,138,BAD_DECRYPT EVP,100,BUFFER_TOO_SMALL EVP,101,COMMAND_NOT_SUPPORTED EVP,102,DECODE_ERROR diff --git a/crypto/err/pem.errordata b/crypto/err/pem.errordata index 2a4b73af2d..bb0e50857f 100644 --- a/crypto/err/pem.errordata +++ b/crypto/err/pem.errordata @@ -9,6 +9,7 @@ PEM,107,NOT_DEK_INFO PEM,108,NOT_ENCRYPTED PEM,109,NOT_PROC_TYPE PEM,110,NO_START_LINE +PEM,115,PROBLEMS_GETTING_PASSWORD PEM,111,READ_KEY PEM,112,SHORT_HEADER PEM,113,UNSUPPORTED_CIPHER diff --git a/crypto/fipsmodule/ec/ec_test.cc b/crypto/fipsmodule/ec/ec_test.cc index a2abc4ddaf..025afa030e 100644 --- a/crypto/fipsmodule/ec/ec_test.cc +++ b/crypto/fipsmodule/ec/ec_test.cc @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -1036,6 +1037,25 @@ TEST(ECTest, ArbitraryCurve) { EXPECT_EQ(0, EC_GROUP_cmp(group.get(), group.get(), NULL)); EXPECT_EQ(0, EC_GROUP_cmp(group2.get(), group.get(), NULL)); + bssl::UniquePtr converted_generator1(EC_POINT_point2bn( + group.get(), generator.get(), POINT_CONVERSION_UNCOMPRESSED, NULL, NULL)); + ASSERT_TRUE(converted_generator1); + + bssl::UniquePtr converted_generator2(EC_POINT_point2bn( + group2.get(), generator2.get(), POINT_CONVERSION_UNCOMPRESSED, NULL, NULL)); + ASSERT_TRUE(converted_generator2); + EXPECT_EQ(0, BN_cmp(converted_generator1.get(), converted_generator2.get())); + + bssl::UniquePtr converted_generator3(EC_POINT_point2bn( + group.get(), generator.get(), POINT_CONVERSION_COMPRESSED, NULL, NULL)); + ASSERT_TRUE(converted_generator3); + + bssl::UniquePtr converted_generator4(EC_POINT_point2bn( + group2.get(), generator2.get(), POINT_CONVERSION_COMPRESSED, NULL, NULL)); + ASSERT_TRUE(converted_generator4); + EXPECT_EQ(0, BN_cmp(converted_generator3.get(), converted_generator4.get())); + + // group3 uses the wrong generator. bssl::UniquePtr group3( EC_GROUP_new_curve_GFp(p.get(), a.get(), b.get(), ctx.get())); @@ -1829,8 +1849,8 @@ static int has_uint128_and_not_small() { } // Test for out-of-range coordinates in public-key validation in -// |EC_KEY_check_fips|. This test can only be exercised when the coordinates -// in the raw point are not in Montgomery representation, which is the case +// |EC_KEY_check_fips|. This test can only be exercised when the coordinates +// in the raw point are not in Montgomery representation, which is the case // for P-224 in some builds (see below) and for P-521. TEST(ECTest, LargeXCoordinateVectors) { int line; diff --git a/crypto/obj/obj_dat.h b/crypto/obj/obj_dat.h index f2ec86b713..ff368562a8 100644 --- a/crypto/obj/obj_dat.h +++ b/crypto/obj/obj_dat.h @@ -56,7 +56,6 @@ /* This file is generated by crypto/obj/objects.go. */ - #define NUM_NID 975 static const uint8_t kObjectData[] = { diff --git a/crypto/obj/objects.go b/crypto/obj/objects.go index 716adf9486..719061eb02 100644 --- a/crypto/obj/objects.go +++ b/crypto/obj/objects.go @@ -376,7 +376,7 @@ func writeNumbers(path string, objs *objects) error { func clangFormat(input string) (string, error) { var b bytes.Buffer - cmd := exec.Command("clang-format") + cmd := exec.Command("clang-format", "--style=Google") cmd.Stdin = strings.NewReader(input) cmd.Stdout = &b cmd.Stderr = os.Stderr diff --git a/generated-src/err_data.c b/generated-src/err_data.c index 3fe323691e..cc61f0cfa1 100644 --- a/generated-src/err_data.c +++ b/generated-src/err_data.c @@ -76,54 +76,54 @@ const uint32_t kOpenSSLReasonValues[] = { 0xc3b00f7, 0xc3b8921, 0x10320892, - 0x103297ea, - 0x103317f6, - 0x1033980f, - 0x10341822, + 0x10329804, + 0x10331810, + 0x10339829, + 0x1034183c, 0x10348fe1, 0x10350d1a, - 0x10359835, - 0x1036185f, - 0x10369872, - 0x10371891, - 0x103798aa, - 0x103818bf, - 0x103898dd, - 0x103918ec, - 0x10399908, - 0x103a1923, - 0x103a9932, - 0x103b194e, - 0x103b9969, - 0x103c198f, + 0x1035984f, + 0x10361879, + 0x1036988c, + 0x103718ab, + 0x103798c4, + 0x103818d9, + 0x103898f7, + 0x10391906, + 0x10399922, + 0x103a193d, + 0x103a994c, + 0x103b1968, + 0x103b9983, + 0x103c19a9, 0x103c80f7, - 0x103d19a0, - 0x103d99b4, - 0x103e19d3, - 0x103e99e2, - 0x103f19f9, - 0x103f9a0c, + 0x103d19ba, + 0x103d99ce, + 0x103e19ed, + 0x103e99fc, + 0x103f1a13, + 0x103f9a26, 0x10400cde, - 0x10409a1f, - 0x10411a3d, - 0x10419a50, - 0x10421a6a, - 0x10429a7a, - 0x10431a8e, - 0x10439aa4, - 0x10441abc, - 0x10449ad1, - 0x10451ae5, - 0x10459af7, + 0x10409a39, + 0x10411a57, + 0x10419a6a, + 0x10421a84, + 0x10429a94, + 0x10431aa8, + 0x10439abe, + 0x10441ad6, + 0x10449aeb, + 0x10451aff, + 0x10459b11, 0x10460635, 0x1046899a, - 0x10471b0c, - 0x10479b23, - 0x10481b38, - 0x10489b46, + 0x10471b26, + 0x10479b3d, + 0x10481b52, + 0x10489b60, 0x10490f2d, - 0x10499980, - 0x104a184a, + 0x1049999a, + 0x104a1864, 0x107c0fef, 0x14320cc1, 0x14328ccf, @@ -169,6 +169,7 @@ const uint32_t kOpenSSLReasonValues[] = { 0x18439217, 0x1844108b, 0x184490fa, + 0x184509e0, 0x18fa117e, 0x18fa91a1, 0x18fb11b6, @@ -185,10 +186,11 @@ const uint32_t kOpenSSLReasonValues[] = { 0x243614b1, 0x243694bf, 0x243714cd, - 0x243794db, - 0x243814e4, - 0x243894f1, - 0x24391504, + 0x243794f5, + 0x243814fe, + 0x2438950b, + 0x2439151e, + 0x243994db, 0x28320d0e, 0x28328d39, 0x28330cde, @@ -197,51 +199,51 @@ const uint32_t kOpenSSLReasonValues[] = { 0x283480b9, 0x283500f7, 0x28358d26, - 0x2c323547, - 0x2c32951b, - 0x2c333555, - 0x2c33b567, - 0x2c34357b, - 0x2c34b58d, - 0x2c3535a8, - 0x2c35b5ba, - 0x2c3635ea, + 0x2c323561, + 0x2c329535, + 0x2c33356f, + 0x2c33b581, + 0x2c343595, + 0x2c34b5a7, + 0x2c3535c2, + 0x2c35b5d4, + 0x2c363604, 0x2c36833a, - 0x2c3735f7, - 0x2c37b623, - 0x2c383661, - 0x2c38b678, - 0x2c393696, - 0x2c39b6a6, - 0x2c3a36b8, - 0x2c3ab6cc, - 0x2c3b36dd, - 0x2c3bb6fc, - 0x2c3c152d, - 0x2c3c9543, - 0x2c3d3741, - 0x2c3d955c, - 0x2c3e376b, - 0x2c3eb779, - 0x2c3f3791, - 0x2c3fb7a9, - 0x2c4037d3, + 0x2c373611, + 0x2c37b63d, + 0x2c38367b, + 0x2c38b692, + 0x2c3936b0, + 0x2c39b6c0, + 0x2c3a36d2, + 0x2c3ab6e6, + 0x2c3b36f7, + 0x2c3bb716, + 0x2c3c1547, + 0x2c3c955d, + 0x2c3d375b, + 0x2c3d9576, + 0x2c3e3785, + 0x2c3eb793, + 0x2c3f37ab, + 0x2c3fb7c3, + 0x2c4037ed, 0x2c409326, - 0x2c4137e4, - 0x2c41b7f7, + 0x2c4137fe, + 0x2c41b811, 0x2c4212ec, - 0x2c42b808, + 0x2c42b822, 0x2c43076d, - 0x2c43b6ee, - 0x2c443636, - 0x2c44b7b6, - 0x2c4535cd, - 0x2c45b609, - 0x2c463686, - 0x2c46b710, - 0x2c473725, - 0x2c47b75e, - 0x2c483648, + 0x2c43b708, + 0x2c443650, + 0x2c44b7d0, + 0x2c4535e7, + 0x2c45b623, + 0x2c4636a0, + 0x2c46b72a, + 0x2c47373f, + 0x2c47b778, + 0x2c483662, 0x30320000, 0x30328015, 0x3033001f, @@ -380,267 +382,267 @@ const uint32_t kOpenSSLReasonValues[] = { 0x3c418e21, 0x3c420f2d, 0x3c428eb7, - 0x40321bd8, - 0x40329bee, - 0x40331c1c, - 0x40339c26, - 0x40341c3d, - 0x40349c5b, - 0x40351c6b, - 0x40359c7d, - 0x40361c8a, - 0x40369c96, - 0x40371cab, - 0x40379cbd, - 0x40381cc8, - 0x40389cda, + 0x40321bf2, + 0x40329c08, + 0x40331c36, + 0x40339c40, + 0x40341c57, + 0x40349c75, + 0x40351c85, + 0x40359c97, + 0x40361ca4, + 0x40369cb0, + 0x40371cc5, + 0x40379cd7, + 0x40381ce2, + 0x40389cf4, 0x40390fe1, - 0x40399cea, - 0x403a1cfd, - 0x403a9d1e, - 0x403b1d2f, - 0x403b9d3f, + 0x40399d04, + 0x403a1d17, + 0x403a9d38, + 0x403b1d49, + 0x403b9d59, 0x403c0071, 0x403c8090, - 0x403d1da0, - 0x403d9db6, - 0x403e1dc5, - 0x403e9dfd, - 0x403f1e17, - 0x403f9e3f, - 0x40401e54, - 0x40409e68, - 0x40411ea3, - 0x40419ebe, - 0x40421ed7, - 0x40429eea, - 0x40431efe, - 0x40439f2c, - 0x40441f43, + 0x403d1dba, + 0x403d9dd0, + 0x403e1ddf, + 0x403e9e17, + 0x403f1e31, + 0x403f9e59, + 0x40401e6e, + 0x40409e82, + 0x40411ebd, + 0x40419ed8, + 0x40421ef1, + 0x40429f04, + 0x40431f18, + 0x40439f46, + 0x40441f5d, 0x404480b9, - 0x40451f58, - 0x40459f6a, - 0x40461f8e, - 0x40469fae, - 0x40471fbc, - 0x40479fe3, - 0x40482054, - 0x4048a10e, - 0x40492125, - 0x4049a13f, - 0x404a2156, - 0x404aa174, - 0x404b218c, - 0x404ba1b9, - 0x404c21cf, - 0x404ca1e1, - 0x404d2202, - 0x404da23b, - 0x404e224f, - 0x404ea25c, - 0x404f22f6, - 0x404fa36c, - 0x405023db, - 0x4050a3ef, - 0x40512422, - 0x40522432, - 0x4052a456, - 0x4053246e, - 0x4053a481, - 0x40542496, - 0x4054a4b9, - 0x405524e4, - 0x4055a521, - 0x40562546, - 0x4056a55f, - 0x40572577, - 0x4057a58a, - 0x4058259f, - 0x4058a5c6, - 0x405925f5, - 0x4059a622, - 0x405a2636, - 0x405aa646, - 0x405b265e, - 0x405ba66f, - 0x405c2682, - 0x405ca6c1, - 0x405d26ce, - 0x405da6f3, - 0x405e2731, + 0x40451f72, + 0x40459f84, + 0x40461fa8, + 0x40469fc8, + 0x40471fd6, + 0x40479ffd, + 0x4048206e, + 0x4048a128, + 0x4049213f, + 0x4049a159, + 0x404a2170, + 0x404aa18e, + 0x404b21a6, + 0x404ba1d3, + 0x404c21e9, + 0x404ca1fb, + 0x404d221c, + 0x404da255, + 0x404e2269, + 0x404ea276, + 0x404f2310, + 0x404fa386, + 0x405023f5, + 0x4050a409, + 0x4051243c, + 0x4052244c, + 0x4052a470, + 0x40532488, + 0x4053a49b, + 0x405424b0, + 0x4054a4d3, + 0x405524fe, + 0x4055a53b, + 0x40562560, + 0x4056a579, + 0x40572591, + 0x4057a5a4, + 0x405825b9, + 0x4058a5e0, + 0x4059260f, + 0x4059a63c, + 0x405a2650, + 0x405aa660, + 0x405b2678, + 0x405ba689, + 0x405c269c, + 0x405ca6db, + 0x405d26e8, + 0x405da70d, + 0x405e274b, 0x405e8b1b, - 0x405f2752, - 0x405fa75f, - 0x4060276d, - 0x4060a78f, - 0x406127f0, - 0x4061a828, - 0x4062283f, - 0x4062a850, - 0x4063289d, - 0x4063a8b2, - 0x406428c9, - 0x4064a8f5, - 0x40652910, - 0x4065a927, - 0x4066293f, - 0x4066a969, - 0x40672994, - 0x4067aa97, - 0x40682adf, - 0x4068ab00, - 0x40692b32, - 0x4069ab60, - 0x406a2b81, - 0x406aaba1, - 0x406b2d29, - 0x406bad4c, - 0x406c2d62, - 0x406cb06c, - 0x406d309b, - 0x406db0c3, - 0x406e30f1, - 0x406eb13e, - 0x406f3197, - 0x406fb1cf, - 0x407031e2, - 0x4070b1ff, + 0x405f276c, + 0x405fa779, + 0x40602787, + 0x4060a7a9, + 0x4061280a, + 0x4061a842, + 0x40622859, + 0x4062a86a, + 0x406328b7, + 0x4063a8cc, + 0x406428e3, + 0x4064a90f, + 0x4065292a, + 0x4065a941, + 0x40662959, + 0x4066a983, + 0x406729ae, + 0x4067aab1, + 0x40682af9, + 0x4068ab1a, + 0x40692b4c, + 0x4069ab7a, + 0x406a2b9b, + 0x406aabbb, + 0x406b2d43, + 0x406bad66, + 0x406c2d7c, + 0x406cb086, + 0x406d30b5, + 0x406db0dd, + 0x406e310b, + 0x406eb158, + 0x406f31b1, + 0x406fb1e9, + 0x407031fc, + 0x4070b219, 0x4071084d, - 0x4071b211, - 0x40723224, - 0x4072b25a, - 0x40733272, - 0x40739745, - 0x40743286, - 0x4074b2a0, - 0x407532b1, - 0x4075b2c5, - 0x407632d3, - 0x407694f1, - 0x407732f8, - 0x4077b338, - 0x40783353, - 0x4078b38c, - 0x407933a3, - 0x4079b3b9, - 0x407a33e5, - 0x407ab3f8, - 0x407b340d, - 0x407bb41f, - 0x407c3450, - 0x407cb459, - 0x407d2b1b, - 0x407da394, - 0x407e3368, - 0x407ea5d6, - 0x407f1fd0, - 0x407fa1a3, - 0x40802306, - 0x40809ff8, - 0x40812444, - 0x4081a2aa, - 0x408230dc, - 0x40829d4b, - 0x408325b1, - 0x4083a8da, - 0x4084200c, - 0x4084a60e, - 0x40852693, - 0x4085a7b7, - 0x40862713, - 0x4086a3ae, - 0x40873122, - 0x4087a805, - 0x40881d89, - 0x4088aaaa, - 0x40891dd8, - 0x40899d65, - 0x408a2d9a, - 0x408a9b5d, - 0x408b3434, - 0x408bb1ac, - 0x408c26a3, - 0x408c9b95, - 0x408d20f4, - 0x408da03e, - 0x408e2224, - 0x408ea501, - 0x408f2abe, - 0x408fa7d3, - 0x409029b5, - 0x4090a6e5, - 0x40912d82, - 0x40919bbb, - 0x40921e25, - 0x4092b15d, - 0x4093323d, - 0x4093a3bf, - 0x40942020, - 0x4094adb3, - 0x40952861, - 0x4095b3c5, - 0x40963109, - 0x4096a31f, - 0x4097240a, - 0x4097a273, - 0x40981e85, - 0x4098a875, - 0x40993179, - 0x4099a52e, - 0x409a24c7, - 0x409a9b79, - 0x409b207a, - 0x409ba0a5, - 0x409c331a, - 0x409ca0cd, - 0x409d22db, - 0x409da2c0, - 0x409e1f16, - 0x409ea354, - 0x409f233c, - 0x409fa06d, - 0x40a0237c, - 0x40a0a28d, - 0x40fa2a7d, - 0x40faa9d9, - 0x40fb2a5c, - 0x40fba9f3, - 0x40fcaa3b, - 0x40fd2a14, - 0x41f42c54, - 0x41f92ce6, - 0x41fe2bd9, - 0x41feae8f, - 0x41ff2fbd, - 0x42032c6d, - 0x42082c8f, - 0x4208accb, - 0x42092bbd, - 0x4209ad05, - 0x420a2c14, - 0x420aabf4, - 0x420b2c34, - 0x420bacad, - 0x420c2fd9, - 0x420cadc3, - 0x420d2e76, - 0x420daead, - 0x42122ee0, - 0x42172fa0, - 0x4217af22, - 0x421c2f44, - 0x421f2eff, - 0x42213051, - 0x42262f83, - 0x422b302f, - 0x422bae51, - 0x422c3011, - 0x422cae04, - 0x422d2ddd, - 0x422daff0, - 0x422e2e30, - 0x42302f5f, - 0x4230aec7, + 0x4071b22b, + 0x4072323e, + 0x4072b274, + 0x4073328c, + 0x4073975f, + 0x407432a0, + 0x4074b2ba, + 0x407532cb, + 0x4075b2df, + 0x407632ed, + 0x4076950b, + 0x40773312, + 0x4077b352, + 0x4078336d, + 0x4078b3a6, + 0x407933bd, + 0x4079b3d3, + 0x407a33ff, + 0x407ab412, + 0x407b3427, + 0x407bb439, + 0x407c346a, + 0x407cb473, + 0x407d2b35, + 0x407da3ae, + 0x407e3382, + 0x407ea5f0, + 0x407f1fea, + 0x407fa1bd, + 0x40802320, + 0x4080a012, + 0x4081245e, + 0x4081a2c4, + 0x408230f6, + 0x40829d65, + 0x408325cb, + 0x4083a8f4, + 0x40842026, + 0x4084a628, + 0x408526ad, + 0x4085a7d1, + 0x4086272d, + 0x4086a3c8, + 0x4087313c, + 0x4087a81f, + 0x40881da3, + 0x4088aac4, + 0x40891df2, + 0x40899d7f, + 0x408a2db4, + 0x408a9b77, + 0x408b344e, + 0x408bb1c6, + 0x408c26bd, + 0x408c9baf, + 0x408d210e, + 0x408da058, + 0x408e223e, + 0x408ea51b, + 0x408f2ad8, + 0x408fa7ed, + 0x409029cf, + 0x4090a6ff, + 0x40912d9c, + 0x40919bd5, + 0x40921e3f, + 0x4092b177, + 0x40933257, + 0x4093a3d9, + 0x4094203a, + 0x4094adcd, + 0x4095287b, + 0x4095b3df, + 0x40963123, + 0x4096a339, + 0x40972424, + 0x4097a28d, + 0x40981e9f, + 0x4098a88f, + 0x40993193, + 0x4099a548, + 0x409a24e1, + 0x409a9b93, + 0x409b2094, + 0x409ba0bf, + 0x409c3334, + 0x409ca0e7, + 0x409d22f5, + 0x409da2da, + 0x409e1f30, + 0x409ea36e, + 0x409f2356, + 0x409fa087, + 0x40a02396, + 0x40a0a2a7, + 0x40fa2a97, + 0x40faa9f3, + 0x40fb2a76, + 0x40fbaa0d, + 0x40fcaa55, + 0x40fd2a2e, + 0x41f42c6e, + 0x41f92d00, + 0x41fe2bf3, + 0x41feaea9, + 0x41ff2fd7, + 0x42032c87, + 0x42082ca9, + 0x4208ace5, + 0x42092bd7, + 0x4209ad1f, + 0x420a2c2e, + 0x420aac0e, + 0x420b2c4e, + 0x420bacc7, + 0x420c2ff3, + 0x420caddd, + 0x420d2e90, + 0x420daec7, + 0x42122efa, + 0x42172fba, + 0x4217af3c, + 0x421c2f5e, + 0x421f2f19, + 0x4221306b, + 0x42262f9d, + 0x422b3049, + 0x422bae6b, + 0x422c302b, + 0x422cae1e, + 0x422d2df7, + 0x422db00a, + 0x422e2e4a, + 0x42302f79, + 0x4230aee1, 0x44320778, 0x44328787, 0x44330793, @@ -658,109 +660,109 @@ const uint32_t kOpenSSLReasonValues[] = { 0x4439084d, 0x4439885b, 0x443a086e, - 0x4832151b, - 0x4832952d, - 0x48331543, - 0x4833955c, - 0x4c321599, - 0x4c3295a9, - 0x4c3315bc, - 0x4c3395dc, + 0x48321535, + 0x48329547, + 0x4833155d, + 0x48339576, + 0x4c3215b3, + 0x4c3295c3, + 0x4c3315d6, + 0x4c3395f6, 0x4c3400b9, 0x4c3480f7, - 0x4c3515e8, - 0x4c3595f6, - 0x4c361612, - 0x4c369638, - 0x4c371647, - 0x4c379655, - 0x4c38166a, - 0x4c389676, - 0x4c391696, - 0x4c3996c0, - 0x4c3a16d9, - 0x4c3a96f2, + 0x4c351602, + 0x4c359610, + 0x4c36162c, + 0x4c369652, + 0x4c371661, + 0x4c37966f, + 0x4c381684, + 0x4c389690, + 0x4c3916b0, + 0x4c3996da, + 0x4c3a16f3, + 0x4c3a970c, 0x4c3b0635, - 0x4c3b970b, - 0x4c3c171d, - 0x4c3c972c, - 0x4c3d1745, + 0x4c3b9725, + 0x4c3c1737, + 0x4c3c9746, + 0x4c3d175f, 0x4c3d8d01, - 0x4c3e17b2, - 0x4c3e9754, - 0x4c3f17d4, - 0x4c3f94f1, - 0x4c40176a, - 0x4c409585, - 0x4c4117a2, - 0x4c419625, - 0x4c42178e, - 0x4c42956d, - 0x5032381a, - 0x5032b829, - 0x50333834, - 0x5033b844, - 0x5034385d, - 0x5034b877, - 0x50353885, - 0x5035b89b, - 0x503638ad, - 0x5036b8c3, - 0x503738dc, - 0x5037b8ef, - 0x50383907, - 0x5038b918, - 0x5039392d, - 0x5039b941, - 0x503a3961, - 0x503ab977, - 0x503b398f, - 0x503bb9a1, - 0x503c39bd, - 0x503cb9d4, - 0x503d39ed, - 0x503dba03, - 0x503e3a10, - 0x503eba26, - 0x503f3a38, + 0x4c3e17cc, + 0x4c3e976e, + 0x4c3f17ee, + 0x4c3f950b, + 0x4c401784, + 0x4c40959f, + 0x4c4117bc, + 0x4c41963f, + 0x4c4217a8, + 0x4c429587, + 0x50323834, + 0x5032b843, + 0x5033384e, + 0x5033b85e, + 0x50343877, + 0x5034b891, + 0x5035389f, + 0x5035b8b5, + 0x503638c7, + 0x5036b8dd, + 0x503738f6, + 0x5037b909, + 0x50383921, + 0x5038b932, + 0x50393947, + 0x5039b95b, + 0x503a397b, + 0x503ab991, + 0x503b39a9, + 0x503bb9bb, + 0x503c39d7, + 0x503cb9ee, + 0x503d3a07, + 0x503dba1d, + 0x503e3a2a, + 0x503eba40, + 0x503f3a52, 0x503f83b3, - 0x50403a4b, - 0x5040ba5b, - 0x50413a75, - 0x5041ba84, - 0x50423a9e, - 0x5042babb, - 0x50433acb, - 0x5043badb, - 0x50443af8, + 0x50403a65, + 0x5040ba75, + 0x50413a8f, + 0x5041ba9e, + 0x50423ab8, + 0x5042bad5, + 0x50433ae5, + 0x5043baf5, + 0x50443b12, 0x50448469, - 0x50453b0c, - 0x5045bb2a, - 0x50463b3d, - 0x5046bb53, - 0x50473b65, - 0x5047bb7a, - 0x50483ba0, - 0x5048bbae, - 0x50493bc1, - 0x5049bbd6, - 0x504a3bec, - 0x504abbfc, - 0x504b3c1c, - 0x504bbc2f, - 0x504c3c52, - 0x504cbc80, - 0x504d3cad, - 0x504dbcca, - 0x504e3ce5, - 0x504ebd01, - 0x504f3d13, - 0x504fbd2a, - 0x50503d39, + 0x50453b26, + 0x5045bb44, + 0x50463b57, + 0x5046bb6d, + 0x50473b7f, + 0x5047bb94, + 0x50483bba, + 0x5048bbc8, + 0x50493bdb, + 0x5049bbf0, + 0x504a3c06, + 0x504abc16, + 0x504b3c36, + 0x504bbc49, + 0x504c3c6c, + 0x504cbc9a, + 0x504d3cc7, + 0x504dbce4, + 0x504e3cff, + 0x504ebd1b, + 0x504f3d2d, + 0x504fbd44, + 0x50503d53, 0x50508729, - 0x50513d4c, - 0x5051baea, - 0x50523c92, + 0x50513d66, + 0x5051bb04, + 0x50523cac, 0x58321034, 0x5c329332, 0x5c33134b, @@ -820,21 +822,21 @@ const uint32_t kOpenSSLReasonValues[] = { 0x78460a2f, 0x78468b30, 0x7c321302, - 0x80321638, + 0x80321652, 0x80328090, - 0x80333516, + 0x80333530, 0x803380b9, - 0x80343525, - 0x8034b48d, - 0x803534ab, - 0x8035b539, - 0x803634ed, - 0x8036b49c, - 0x803734df, - 0x8037b47a, - 0x80383500, - 0x8038b4bc, - 0x803934d1, + 0x8034353f, + 0x8034b4a7, + 0x803534c5, + 0x8035b553, + 0x80363507, + 0x8036b4b6, + 0x803734f9, + 0x8037b494, + 0x8038351a, + 0x8038b4d6, + 0x803934eb, }; const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); @@ -1115,6 +1117,7 @@ const char kOpenSSLReasonStringData[] = "NOT_ENCRYPTED\0" "NOT_PROC_TYPE\0" "NO_START_LINE\0" + "PROBLEMS_GETTING_PASSWORD\0" "READ_KEY\0" "SHORT_HEADER\0" "UNSUPPORTED_CIPHER\0" diff --git a/include/openssl/base.h b/include/openssl/base.h index 62e2efe9f4..fbfc31de12 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -480,6 +480,17 @@ typedef struct x509_trust_st X509_TRUST; typedef void *OPENSSL_BLOCK; +#ifndef __has_attribute +#define __has_attribute(x) 0 +#endif +#if __STDC_VERSION__ > 202300L +#define AWS_LC_DEPRECATED [[deprecated]] +#elif __has_attribute(deprecated) +#define AWS_LC_DEPRECATED __attribute__((deprecated)) +#else +#define AWS_LC_DEPRECATED /* deprecated */ +#endif + #if defined(__cplusplus) } // extern C #elif !defined(BORINGSSL_NO_CXX) diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index b4f68eed90..7eed7b58ca 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -16,6 +16,7 @@ #define OPENSSL_HEADER_CRYPTO_H #include +#include #include // Upstream OpenSSL defines |OPENSSL_malloc|, etc., in crypto.h rather than diff --git a/include/openssl/ec.h b/include/openssl/ec.h index b253922d4b..fe1e07418a 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -371,6 +371,14 @@ OPENSSL_EXPORT int EC_GROUP_set_generator(EC_GROUP *group, const BIGNUM *order, const BIGNUM *cofactor); + +// EC_POINT_point2bn converts an |EC_POINT| to |BIGNUM|. On success, returns the +// BIGNUM pointer supplied, |ret|. Otherwise, it returns NULL on error. The +// |ctx| argument may be used if not NULL. +AWS_LC_DEPRECATED OPENSSL_EXPORT BIGNUM *EC_POINT_point2bn( + const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, + BIGNUM *ret, BN_CTX *ctx); + // EC_GROUP_get_order sets |*order| to the order of |group|, if it's not // NULL. It returns one on success and zero otherwise. |ctx| is ignored. Use // |EC_GROUP_get0_order| instead. diff --git a/include/openssl/err.h b/include/openssl/err.h index 0ec71b171f..934f3d931d 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -149,6 +149,9 @@ OPENSSL_EXPORT void ERR_load_BIO_strings(void); // ERR_load_ERR_strings does nothing. OPENSSL_EXPORT void ERR_load_ERR_strings(void); +// ERR_load_CRYPTO_strings does nothing. +AWS_LC_DEPRECATED OPENSSL_EXPORT void ERR_load_CRYPTO_strings(void); + // ERR_load_crypto_strings does nothing. OPENSSL_EXPORT void ERR_load_crypto_strings(void); diff --git a/include/openssl/evp_errors.h b/include/openssl/evp_errors.h index a65d3806a3..3a06e861b0 100644 --- a/include/openssl/evp_errors.h +++ b/include/openssl/evp_errors.h @@ -95,6 +95,7 @@ #define EVP_R_NOT_XOF_OR_INVALID_LENGTH 135 #define EVP_R_EMPTY_PSK 136 #define EVP_R_INVALID_BUFFER_SIZE 137 +#define EVP_R_BAD_DECRYPT 138 #define EVP_R_INVALID_PSS_MD 500 #define EVP_R_INVALID_PSS_SALT_LEN 501 #define EVP_R_INVALID_PSS_TRAILER_FIELD 502 diff --git a/include/openssl/nid.h b/include/openssl/nid.h index dcaa43d48e..897b70d8e1 100644 --- a/include/openssl/nid.h +++ b/include/openssl/nid.h @@ -65,7 +65,6 @@ extern "C" { #endif - /* The nid library provides numbered values for ASN.1 object identifiers and * other symbols. These values are used by other libraries to identify * cryptographic primitives. @@ -79,7 +78,6 @@ extern "C" { * These values should not be used outside of a single process; they are not * stable identifiers. */ - #define SN_undef "UNDEF" #define LN_undef "undefined" #define NID_undef 0 @@ -4299,7 +4297,6 @@ extern "C" { #define SN_KYBER1024_R3 "KYBER1024_R3" #define NID_KYBER1024_R3 974 - #if defined(__cplusplus) } /* extern C */ #endif diff --git a/include/openssl/pem.h b/include/openssl/pem.h index 9319ac80b8..d53e273452 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -475,5 +475,6 @@ OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, #define PEM_R_SHORT_HEADER 112 #define PEM_R_UNSUPPORTED_CIPHER 113 #define PEM_R_UNSUPPORTED_ENCRYPTION 114 +#define PEM_R_PROBLEMS_GETTING_PASSWORD 115 #endif // OPENSSL_HEADER_PEM_H diff --git a/tests/check_objects_and_errors.sh b/tests/check_objects_and_errors.sh index 0f1cb9eca3..df3eede6e8 100755 --- a/tests/check_objects_and_errors.sh +++ b/tests/check_objects_and_errors.sh @@ -14,7 +14,7 @@ echo "Checking for any changes" git diff --exit-code HEAD echo "Running make_errors.go to update files" -go run ./util/make_errors.go ssl evp ocsp +go run ./util/make_errors.go ssl evp ocsp pem echo "Adding all changed files to the git tree" git add -A