RH7 build

3rdparty/openssl_linux/include/openssl/asn1.h

@@ -1164,7 +1164,6 @@ int SMIME_text(BIO *in, BIO *out);
  * The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
-
 void ERR_load_ASN1_strings(void);
 
 /* Error codes for the ASN1 functions. */
@@ -1265,10 +1264,7 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_F_D2I_X509                                  156
 # define ASN1_F_D2I_X509_CINF                             157
 # define ASN1_F_D2I_X509_PKEY                             159
-# define ASN1_F_DO_BUF                                    221
 # define ASN1_F_I2D_ASN1_BIO_STREAM                       211
-# define ASN1_F_I2D_ASN1_BOOLEAN                          223
-# define ASN1_F_I2D_ASN1_OBJECT                           222
 # define ASN1_F_I2D_ASN1_SET                              188
 # define ASN1_F_I2D_ASN1_TIME                             160
 # define ASN1_F_I2D_DSA_PUBKEY                            161
@@ -1418,7 +1414,7 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_WRONG_TAG                                 168
 # define ASN1_R_WRONG_TYPE                                169
 
-# ifdef  __cplusplus
+#ifdef  __cplusplus
 }
-# endif
+#endif
 #endif

3rdparty/openssl_linux/include/openssl/bn.h

@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -375,76 +375,25 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
                                  * on the size of the number */
 
 /*
- * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations
- * that will be done for checking that a random number is probably prime. The
- * error rate for accepting a composite number as prime depends on the size of
- * the prime |b|. The error rates used are for calculating an RSA key with 2 primes,
- * and so the level is what you would expect for a key of double the size of the
- * prime.
- *
- * This table is generated using the algorithm of FIPS PUB 186-4
- * Digital Signature Standard (DSS), section F.1, page 117.
- * (https://dx.doi.org/10.6028/NIST.FIPS.186-4)
- *
- * The following magma script was used to generate the output:
- * securitybits:=125;
- * k:=1024;
- * for t:=1 to 65 do
- *   for M:=3 to Floor(2*Sqrt(k-1)-1) do
- *     S:=0;
- *     // Sum over m
- *     for m:=3 to M do
- *       s:=0;
- *       // Sum over j
- *       for j:=2 to m do
- *         s+:=(RealField(32)!2)^-(j+(k-1)/j);
- *       end for;
- *       S+:=2^(m-(m-1)*t)*s;
- *     end for;
- *     A:=2^(k-2-M*t);
- *     B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S;
- *     pkt:=2.00743*Log(2)*k*2^-k*(A+B);
- *     seclevel:=Floor(-Log(2,pkt));
- *     if seclevel ge securitybits then
- *       printf "k: %5o, security: %o bits  (t: %o, M: %o)\n",k,seclevel,t,M;
- *       break;
- *     end if;
- *   end for;
- *   if seclevel ge securitybits then break; end if;
- * end for;
- *
- * It can be run online at:
- * http://magma.maths.usyd.edu.au/calc
- *
- * And will output:
- * k:  1024, security: 129 bits  (t: 6, M: 23)
- *
- * k is the number of bits of the prime, securitybits is the level we want to
- * reach.
- *
- * prime length | RSA key size | # MR tests | security level
- * -------------+--------------|------------+---------------
- *  (b) >= 6394 |     >= 12788 |          3 |        256 bit
- *  (b) >= 3747 |     >=  7494 |          3 |        192 bit
- *  (b) >= 1345 |     >=  2690 |          4 |        128 bit
- *  (b) >= 1080 |     >=  2160 |          5 |        128 bit
- *  (b) >=  852 |     >=  1704 |          5 |        112 bit
- *  (b) >=  476 |     >=   952 |          5 |         80 bit
- *  (b) >=  400 |     >=   800 |          6 |         80 bit
- *  (b) >=  347 |     >=   694 |          7 |         80 bit
- *  (b) >=  308 |     >=   616 |          8 |         80 bit
- *  (b) >=   55 |     >=   110 |         27 |         64 bit
- *  (b) >=    6 |     >=    12 |         34 |         64 bit
+ * number of Miller-Rabin iterations for an error rate of less than 2^-80 for
+ * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of
+ * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
+ * original paper: Damgaard, Landrock, Pomerance: Average case error
+ * estimates for the strong probable prime test. -- Math. Comp. 61 (1993)
+ * 177-194)
  */
-
-# define BN_prime_checks_for_size(b) ((b) >= 3747 ?  3 : \
-                                (b) >=  1345 ?  4 : \
-                                (b) >=  476 ?  5 : \
-                                (b) >=  400 ?  6 : \
-                                (b) >=  347 ?  7 : \
-                                (b) >=  308 ?  8 : \
-                                (b) >=  55  ? 27 : \
-                                /* b >= 6 */ 34)
+# define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
+                                (b) >=  850 ?  3 : \
+                                (b) >=  650 ?  4 : \
+                                (b) >=  550 ?  5 : \
+                                (b) >=  450 ?  6 : \
+                                (b) >=  400 ?  7 : \
+                                (b) >=  350 ?  8 : \
+                                (b) >=  300 ?  9 : \
+                                (b) >=  250 ? 12 : \
+                                (b) >=  200 ? 15 : \
+                                (b) >=  150 ? 18 : \
+                                /* b >= 100 */ 27)
 
 # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
 
@@ -684,77 +633,6 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
                 BN_RECP_CTX *recp, BN_CTX *ctx);
 
-# ifndef OPENSSL_NO_EC2M
-
-/*
- * Functions for arithmetic over binary polynomials represented by BIGNUMs.
- * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
- * ignored. Note that input arguments are not const so that their bit arrays
- * can be expanded to the appropriate size if needed.
- */
-
-/*
- * r = a + b
- */
-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-#  define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
-/*
- * r=a mod p
- */
-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
-/* r = (a * b) mod p */
-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                    const BIGNUM *p, BN_CTX *ctx);
-/* r = (a * a) mod p */
-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-/* r = (1 / b) mod p */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
-/* r = (a / b) mod p */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                    const BIGNUM *p, BN_CTX *ctx);
-/* r = (a ^ b) mod p */
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                    const BIGNUM *p, BN_CTX *ctx);
-/* r = sqrt(a) mod p */
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                     BN_CTX *ctx);
-/* r^2 + r = a mod p */
-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                           BN_CTX *ctx);
-#  define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/*-
- * Some functions allow for representation of the irreducible polynomials
- * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
- *     t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-/* r = a mod p */
-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
-/* r = (a * b) mod p */
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                        const int p[], BN_CTX *ctx);
-/* r = (a * a) mod p */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
-                        BN_CTX *ctx);
-/* r = (1 / b) mod p */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
-                        BN_CTX *ctx);
-/* r = (a / b) mod p */
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                        const int p[], BN_CTX *ctx);
-/* r = (a ^ b) mod p */
-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-                        const int p[], BN_CTX *ctx);
-/* r = sqrt(a) mod p */
-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-                         const int p[], BN_CTX *ctx);
-/* r^2 + r = a mod p */
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-                               const int p[], BN_CTX *ctx);
-int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
-int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
-
-# endif
 
 /*
  * faster mod functions for the 'NIST primes' 0 <= a < p^2

3rdparty/openssl_linux/include/openssl/conf.h

@@ -259,7 +259,6 @@ void ERR_load_CONF_strings(void);
 # define CONF_R_NO_VALUE                                  108
 # define CONF_R_UNABLE_TO_CREATE_NEW_SECTION              103
 # define CONF_R_UNKNOWN_MODULE_NAME                       113
-# define CONF_R_VARIABLE_EXPANSION_TOO_LONG               116
 # define CONF_R_VARIABLE_HAS_NO_VALUE                     104
 
 #ifdef  __cplusplus

3rdparty/openssl_linux/include/openssl/crypto.h

@@ -600,24 +600,29 @@ int FIPS_mode_set(int r);
 void OPENSSL_init(void);
 
 # define fips_md_init(alg) fips_md_init_ctx(alg, alg)
+# define nonfips_md_init(alg) nonfips_md_init_ctx(alg, alg)
+# define fips_md_init_ctx(alg, cx) \
+        int alg##_Init(cx##_CTX *c)
 
 # ifdef OPENSSL_FIPS
-#  define fips_md_init_ctx(alg, cx) \
+#  define nonfips_md_init_ctx(alg, cx) \
         int alg##_Init(cx##_CTX *c) \
         { \
         if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-                "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+                "Digest " #alg " forbidden in FIPS mode!"); \
         return private_##alg##_Init(c); \
         } \
         int private_##alg##_Init(cx##_CTX *c)
 
 #  define fips_cipher_abort(alg) \
         if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-                "Low level API call to cipher " #alg " forbidden in FIPS mode!")
+                "Cipher " #alg " forbidden in FIPS mode!")
+
+/* die if FIPS selftest failed */
+void FIPS_selftest_check(void);
 
 # else
-#  define fips_md_init_ctx(alg, cx) \
-        int alg##_Init(cx##_CTX *c)
+#  define nonfips_md_init_ctx(alg, cx) fips_md_init_ctx(alg, cx)
 #  define fips_cipher_abort(alg) while(0)
 # endif
 
@@ -637,6 +642,9 @@ int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len);
  */
 void ERR_load_CRYPTO_strings(void);
 
+# define OPENSSL_HAVE_INIT       1
+void OPENSSL_init_library(void);
+
 /* Error codes for the CRYPTO functions. */
 
 /* Function codes. */

3rdparty/openssl_linux/include/openssl/des.h

@@ -231,10 +231,6 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
 int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
 int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
-# ifdef OPENSSL_FIPS
-void private_DES_set_key_unchecked(const_DES_cblock *key,
-                                   DES_key_schedule *schedule);
-# endif
 void DES_string_to_key(const char *str, DES_cblock *key);
 void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
 void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,

3rdparty/openssl_linux/include/openssl/dh.h

@@ -77,6 +77,9 @@
 #  define OPENSSL_DH_MAX_MODULUS_BITS    10000
 # endif
 
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
+
 # define DH_FLAG_CACHE_MONT_P     0x01
 
 /*
@@ -182,29 +185,12 @@ struct dh_st {
  */
 # define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
 
-# define d2i_DHparams_fp(fp,x) \
-    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
-                      (char *(*)())d2i_DHparams, \
-                      (fp), \
-                      (unsigned char **)(x))
-# define i2d_DHparams_fp(fp,x) \
-    ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
-# define d2i_DHparams_bio(bp,x) \
-    ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
-# define i2d_DHparams_bio(bp,x) \
-    ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
-
-# define d2i_DHxparams_fp(fp,x) \
-    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
-                      (char *(*)())d2i_DHxparams, \
-                      (fp), \
-                      (unsigned char **)(x))
-# define i2d_DHxparams_fp(fp,x) \
-    ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
-# define d2i_DHxparams_bio(bp,x) \
-    ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
-# define i2d_DHxparams_bio(bp,x) \
-    ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x)
+# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
+# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
+                (unsigned char *)(x))
+# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
+# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
 
 DH *DHparams_dup(DH *);
 
@@ -257,13 +243,11 @@ DH *DH_get_1024_160(void);
 DH *DH_get_2048_224(void);
 DH *DH_get_2048_256(void);
 
-# ifndef OPENSSL_NO_CMS
 /* RFC2631 KDF */
 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
                  const unsigned char *Z, size_t Zlen,
                  ASN1_OBJECT *key_oid,
                  const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
-# endif
 
 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \