diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2019-06-12 13:43:44 -0700 |
---|---|---|
committer | Ruben Bridgewater <ruben@bridgewater.de> | 2019-06-17 11:55:44 +0200 |
commit | 4c8fe4a96fddc66a18a33e7d8ae22ea10436ecb8 (patch) | |
tree | 165630be149e639f99070b5e4a5b3ec4fab21920 /deps/openssl/openssl/apps | |
parent | 5990c4d453b8fc8453a26566bb7ac680a76bd83f (diff) | |
download | android-node-v8-4c8fe4a96fddc66a18a33e7d8ae22ea10436ecb8.tar.gz android-node-v8-4c8fe4a96fddc66a18a33e7d8ae22ea10436ecb8.tar.bz2 android-node-v8-4c8fe4a96fddc66a18a33e7d8ae22ea10436ecb8.zip |
deps: upgrade openssl sources to 1.1.1c
This updates all sources in deps/openssl/openssl by:
$ cd deps/openssl/
$ rm -rf openssl
$ tar zxf ~/tmp/openssl-1.1.1c.tar.gz
$ mv openssl-1.1.1c openssl
$ git add --all openssl
$ git commit openssl
PR-URL: https://github.com/nodejs/node/pull/28211
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'deps/openssl/openssl/apps')
-rw-r--r-- | deps/openssl/openssl/apps/asn1pars.c | 14 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/cms.c | 3 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/enc.c | 4 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/ocsp.c | 11 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/s_cb.c | 106 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/s_client.c | 2 | ||||
-rw-r--r-- | deps/openssl/openssl/apps/speed.c | 83 |
7 files changed, 155 insertions, 68 deletions
diff --git a/deps/openssl/openssl/apps/asn1pars.c b/deps/openssl/openssl/apps/asn1pars.c index 62c70b9cc4..6c44df7de4 100644 --- a/deps/openssl/openssl/apps/asn1pars.c +++ b/deps/openssl/openssl/apps/asn1pars.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -170,17 +170,17 @@ int asn1parse_main(int argc, char **argv) if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL) goto end; + if ((buf = BUF_MEM_new()) == NULL) + goto end; if (strictpem) { - if (PEM_read_bio(in, &name, &header, &str, &num) != - 1) { + if (PEM_read_bio(in, &name, &header, &str, &num) != 1) { BIO_printf(bio_err, "Error reading PEM file\n"); ERR_print_errors(bio_err); goto end; } + buf->data = (char *)str; + buf->length = buf->max = num; } else { - - if ((buf = BUF_MEM_new()) == NULL) - goto end; if (!BUF_MEM_grow(buf, BUFSIZ * 8)) goto end; /* Pre-allocate :-) */ @@ -303,8 +303,6 @@ int asn1parse_main(int argc, char **argv) BUF_MEM_free(buf); OPENSSL_free(name); OPENSSL_free(header); - if (strictpem) - OPENSSL_free(str); ASN1_TYPE_free(at); sk_OPENSSL_STRING_free(osk); return ret; diff --git a/deps/openssl/openssl/apps/cms.c b/deps/openssl/openssl/apps/cms.c index e9d760c999..15edd67dbe 100644 --- a/deps/openssl/openssl/apps/cms.c +++ b/deps/openssl/openssl/apps/cms.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -636,6 +636,7 @@ int cms_main(int argc, char **argv) goto opthelp; } } else if (!operation) { + BIO_printf(bio_err, "No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.\n"); goto opthelp; } diff --git a/deps/openssl/openssl/apps/enc.c b/deps/openssl/openssl/apps/enc.c index 8e5a57d3e5..de33e57a5f 100644 --- a/deps/openssl/openssl/apps/enc.c +++ b/deps/openssl/openssl/apps/enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -500,7 +500,7 @@ int enc_main(int argc, char **argv) if (hiv != NULL) { int siz = EVP_CIPHER_iv_length(cipher); if (siz == 0) { - BIO_printf(bio_err, "warning: iv not use by this cipher\n"); + BIO_printf(bio_err, "warning: iv not used by this cipher\n"); } else if (!set_hex(hiv, iv, siz)) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; diff --git a/deps/openssl/openssl/apps/ocsp.c b/deps/openssl/openssl/apps/ocsp.c index e8aeb11cc5..066a2e43af 100644 --- a/deps/openssl/openssl/apps/ocsp.c +++ b/deps/openssl/openssl/apps/ocsp.c @@ -641,8 +641,10 @@ redo_accept: goto end; } - if (req != NULL && add_nonce) - OCSP_request_add1_nonce(req, NULL, -1); + if (req != NULL && add_nonce) { + if (!OCSP_request_add1_nonce(req, NULL, -1)) + goto end; + } if (signfile != NULL) { if (keyfile == NULL) @@ -1245,7 +1247,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req goto end; } } - OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags); + if (!OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags)) { + *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs); + goto end; + } if (badsig) { const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); diff --git a/deps/openssl/openssl/apps/s_cb.c b/deps/openssl/openssl/apps/s_cb.c index d0e332a708..520323c8b0 100644 --- a/deps/openssl/openssl/apps/s_cb.c +++ b/deps/openssl/openssl/apps/s_cb.c @@ -683,6 +683,53 @@ static STRINT_PAIR tlsext_types[] = { {NULL} }; +/* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */ +static STRINT_PAIR signature_tls13_scheme_list[] = { + {"rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */}, + {"ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */}, +/* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */ +/* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */ + {"rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */}, + {"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */}, + {"rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */}, + {"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */}, + {"rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */}, + {"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */}, + {"rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */}, + {"rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */}, + {"rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */}, + {"ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */}, + {"ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */}, + {"rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */}, + {"rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */}, + {"rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */}, + {"gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */}, + {"gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */}, + {"gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */}, + {NULL} +}; + +/* from rfc5246 7.4.1.4.1. */ +static STRINT_PAIR signature_tls12_alg_list[] = { + {"anonymous", TLSEXT_signature_anonymous /* 0 */}, + {"RSA", TLSEXT_signature_rsa /* 1 */}, + {"DSA", TLSEXT_signature_dsa /* 2 */}, + {"ECDSA", TLSEXT_signature_ecdsa /* 3 */}, + {NULL} +}; + +/* from rfc5246 7.4.1.4.1. */ +static STRINT_PAIR signature_tls12_hash_list[] = { + {"none", TLSEXT_hash_none /* 0 */}, + {"MD5", TLSEXT_hash_md5 /* 1 */}, + {"SHA1", TLSEXT_hash_sha1 /* 2 */}, + {"SHA224", TLSEXT_hash_sha224 /* 3 */}, + {"SHA256", TLSEXT_hash_sha256 /* 4 */}, + {"SHA384", TLSEXT_hash_sha384 /* 5 */}, + {"SHA512", TLSEXT_hash_sha512 /* 6 */}, + {NULL} +}; + void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data, int len, void *arg) { @@ -1282,9 +1329,9 @@ static STRINT_PAIR callback_types[] = { {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED}, {"Shared Curve", SSL_SECOP_CURVE_SHARED}, {"Check Curve", SSL_SECOP_CURVE_CHECK}, - {"Supported Signature Algorithm digest", SSL_SECOP_SIGALG_SUPPORTED}, - {"Shared Signature Algorithm digest", SSL_SECOP_SIGALG_SHARED}, - {"Check Signature Algorithm digest", SSL_SECOP_SIGALG_CHECK}, + {"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED}, + {"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED}, + {"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK}, {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK}, {"Certificate chain EE key", SSL_SECOP_EE_KEY}, {"Certificate chain CA key", SSL_SECOP_CA_KEY}, @@ -1304,29 +1351,37 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, security_debug_ex *sdb = ex; int rv, show_bits = 1, cert_md = 0; const char *nm; + int show_nm; rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex); if (rv == 1 && sdb->verbose < 2) return 1; BIO_puts(sdb->out, "Security callback: "); nm = lookup(op, callback_types, NULL); + show_nm = nm != NULL; switch (op) { case SSL_SECOP_TICKET: case SSL_SECOP_COMPRESSION: show_bits = 0; - nm = NULL; + show_nm = 0; break; case SSL_SECOP_VERSION: BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???")); show_bits = 0; - nm = NULL; + show_nm = 0; break; case SSL_SECOP_CA_MD: case SSL_SECOP_PEER_CA_MD: cert_md = 1; break; + case SSL_SECOP_SIGALG_SUPPORTED: + case SSL_SECOP_SIGALG_SHARED: + case SSL_SECOP_SIGALG_CHECK: + case SSL_SECOP_SIGALG_MASK: + show_nm = 0; + break; } - if (nm != NULL) + if (show_nm) BIO_printf(sdb->out, "%s=", nm); switch (op & SSL_SECOP_OTHER_TYPE) { @@ -1373,27 +1428,28 @@ static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, { const unsigned char *salg = other; const char *sname = NULL; - switch (salg[1]) { - case TLSEXT_signature_anonymous: - sname = "anonymous"; - break; - case TLSEXT_signature_rsa: - sname = "RSA"; - break; - case TLSEXT_signature_dsa: - sname = "DSA"; - break; - case TLSEXT_signature_ecdsa: - sname = "ECDSA"; - break; - } + int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */ + /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */ - BIO_puts(sdb->out, OBJ_nid2sn(nid)); - if (sname) - BIO_printf(sdb->out, ", algorithm=%s", sname); + if (nm != NULL) + BIO_printf(sdb->out, "%s", nm); else - BIO_printf(sdb->out, ", algid=%d", salg[1]); - break; + BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op); + + sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL); + if (sname != NULL) { + BIO_printf(sdb->out, " scheme=%s", sname); + } else { + int alg_code = salg[1]; + int hash_code = salg[0]; + const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL); + const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL); + + if (alg_str != NULL && hash_str != NULL) + BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str); + else + BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code); + } } } diff --git a/deps/openssl/openssl/apps/s_client.c b/deps/openssl/openssl/apps/s_client.c index 66c32c176e..d24d03a016 100644 --- a/deps/openssl/openssl/apps/s_client.c +++ b/deps/openssl/openssl/apps/s_client.c @@ -2253,7 +2253,7 @@ int s_client_main(int argc, char **argv) do { mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); } - while (mbuf_len > 3 && mbuf[3] == '-'); + while (mbuf_len > 3 && (!isdigit(mbuf[0]) || !isdigit(mbuf[1]) || !isdigit(mbuf[2]) || mbuf[3] != ' ')); (void)BIO_flush(fbio); BIO_pop(fbio); BIO_free(fbio); diff --git a/deps/openssl/openssl/apps/speed.c b/deps/openssl/openssl/apps/speed.c index 506737d05f..8d4b1695d8 100644 --- a/deps/openssl/openssl/apps/speed.c +++ b/deps/openssl/openssl/apps/speed.c @@ -489,30 +489,35 @@ static const OPT_PAIR rsa_choices[] = { static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_RSA */ -#define R_EC_P160 0 -#define R_EC_P192 1 -#define R_EC_P224 2 -#define R_EC_P256 3 -#define R_EC_P384 4 -#define R_EC_P521 5 -#define R_EC_K163 6 -#define R_EC_K233 7 -#define R_EC_K283 8 -#define R_EC_K409 9 -#define R_EC_K571 10 -#define R_EC_B163 11 -#define R_EC_B233 12 -#define R_EC_B283 13 -#define R_EC_B409 14 -#define R_EC_B571 15 -#define R_EC_BRP256R1 16 -#define R_EC_BRP256T1 17 -#define R_EC_BRP384R1 18 -#define R_EC_BRP384T1 19 -#define R_EC_BRP512R1 20 -#define R_EC_BRP512T1 21 -#define R_EC_X25519 22 -#define R_EC_X448 23 +enum { + R_EC_P160, + R_EC_P192, + R_EC_P224, + R_EC_P256, + R_EC_P384, + R_EC_P521, +#ifndef OPENSSL_NO_EC2M + R_EC_K163, + R_EC_K233, + R_EC_K283, + R_EC_K409, + R_EC_K571, + R_EC_B163, + R_EC_B233, + R_EC_B283, + R_EC_B409, + R_EC_B571, +#endif + R_EC_BRP256R1, + R_EC_BRP256T1, + R_EC_BRP384R1, + R_EC_BRP384T1, + R_EC_BRP512R1, + R_EC_BRP512T1, + R_EC_X25519, + R_EC_X448 +}; + #ifndef OPENSSL_NO_EC static OPT_PAIR ecdsa_choices[] = { {"ecdsap160", R_EC_P160}, @@ -521,6 +526,7 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsap256", R_EC_P256}, {"ecdsap384", R_EC_P384}, {"ecdsap521", R_EC_P521}, +# ifndef OPENSSL_NO_EC2M {"ecdsak163", R_EC_K163}, {"ecdsak233", R_EC_K233}, {"ecdsak283", R_EC_K283}, @@ -531,6 +537,7 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsab283", R_EC_B283}, {"ecdsab409", R_EC_B409}, {"ecdsab571", R_EC_B571}, +# endif {"ecdsabrp256r1", R_EC_BRP256R1}, {"ecdsabrp256t1", R_EC_BRP256T1}, {"ecdsabrp384r1", R_EC_BRP384R1}, @@ -549,6 +556,7 @@ static const OPT_PAIR ecdh_choices[] = { {"ecdhp256", R_EC_P256}, {"ecdhp384", R_EC_P384}, {"ecdhp521", R_EC_P521}, +# ifndef OPENSSL_NO_EC2M {"ecdhk163", R_EC_K163}, {"ecdhk233", R_EC_K233}, {"ecdhk283", R_EC_K283}, @@ -559,6 +567,7 @@ static const OPT_PAIR ecdh_choices[] = { {"ecdhb283", R_EC_B283}, {"ecdhb409", R_EC_B409}, {"ecdhb571", R_EC_B571}, +# endif {"ecdhbrp256r1", R_EC_BRP256R1}, {"ecdhbrp256t1", R_EC_BRP256T1}, {"ecdhbrp384r1", R_EC_BRP384R1}, @@ -1501,6 +1510,7 @@ int speed_main(int argc, char **argv) {"nistp256", NID_X9_62_prime256v1, 256}, {"nistp384", NID_secp384r1, 384}, {"nistp521", NID_secp521r1, 521}, +# ifndef OPENSSL_NO_EC2M /* Binary Curves */ {"nistk163", NID_sect163k1, 163}, {"nistk233", NID_sect233k1, 233}, @@ -1512,6 +1522,7 @@ int speed_main(int argc, char **argv) {"nistb283", NID_sect283r1, 283}, {"nistb409", NID_sect409r1, 409}, {"nistb571", NID_sect571r1, 571}, +# endif {"brainpoolP256r1", NID_brainpoolP256r1, 256}, {"brainpoolP256t1", NID_brainpoolP256t1, 256}, {"brainpoolP384r1", NID_brainpoolP384r1, 384}, @@ -2031,6 +2042,7 @@ int speed_main(int argc, char **argv) } } } +# ifndef OPENSSL_NO_EC2M ecdsa_c[R_EC_K163][0] = count / 1000; ecdsa_c[R_EC_K163][1] = count / 1000 / 2; for (i = R_EC_K233; i <= R_EC_K571; i++) { @@ -2059,6 +2071,7 @@ int speed_main(int argc, char **argv) } } } +# endif ecdh_c[R_EC_P160][0] = count / 1000; for (i = R_EC_P192; i <= R_EC_P521; i++) { @@ -2071,6 +2084,7 @@ int speed_main(int argc, char **argv) } } } +# ifndef OPENSSL_NO_EC2M ecdh_c[R_EC_K163][0] = count / 1000; for (i = R_EC_K233; i <= R_EC_K571; i++) { ecdh_c[i][0] = ecdh_c[i - 1][0] / 2; @@ -2093,6 +2107,7 @@ int speed_main(int argc, char **argv) } } } +# endif /* repeated code good to factorize */ ecdh_c[R_EC_BRP256R1][0] = count / 1000; for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) { @@ -2614,16 +2629,28 @@ int speed_main(int argc, char **argv) for (k = 0; k < loopargs_len; k++) { loopargs[k].ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, NULL, - iv, decrypt ? 0 : 1); + if (loopargs[k].ctx == NULL) { + BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n"); + exit(1); + } + if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, + NULL, iv, decrypt ? 0 : 1)) { + BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); + ERR_print_errors(bio_err); + exit(1); + } EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx); loopargs[k].key = app_malloc(keylen, "evp_cipher key"); EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); - EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, - loopargs[k].key, NULL, -1); + if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, + loopargs[k].key, NULL, -1)) { + BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); + ERR_print_errors(bio_err); + exit(1); + } OPENSSL_clear_free(loopargs[k].key, keylen); } |