openssl-1_1/openssl-1_1-ossl-sli-002-ran-make-update.patch
Otto Hollmann d7adac4e7f Accepting request 1144565 from home:ohollmann:branches:security:tls
- Rename engines directories to the same name like in SLE:
    /etc/ssl/engines1_1.d -> /etc/ssl/engines1.1.d
    /etc/ssl/engdef1_1.d -> /etc/ssl/engdef1.1.d
  * Add migration script to move files (bsc#1219562)
    /etc/ssl/engines.d/* -> /etc/ssl/engines1.1.d
    /etc/ssl/engdef.d/* -> /etc/ssl/engdef1.1.d

- Security fix: [bsc#1219243, CVE-2024-0727]
  * Add NULL checks where ContentInfo data can be NULL
  * Add openssl-CVE-2024-0727.patch

OBS-URL: https://build.opensuse.org/request/show/1144565
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=156
2024-02-06 12:52:41 +00:00

947 lines
47 KiB
Diff

---
apps/openssl-vms.cnf | 18 ++++
crypto/dh/dh_err.c | 8 -
crypto/dsa/dsa_err.c | 8 +
crypto/ec/ec_err.c | 29 ++++++-
crypto/err/openssl.txt | 40 +++++++++
crypto/evp/evp_err.c | 6 -
crypto/fips/fips_ers.c | 189 +++++++++++++++++++++++++++++++++++++++++++++--
crypto/rsa/rsa_err.c | 23 +++--
include/openssl/dherr.h | 15 +--
include/openssl/dsaerr.h | 18 +---
include/openssl/ecerr.h | 7 -
include/openssl/evperr.h | 19 ++--
include/openssl/rsaerr.h | 32 +++----
13 files changed, 333 insertions(+), 79 deletions(-)
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@@ -11,6 +11,24 @@
# defined.
HOME = .
+openssl_conf = openssl_init
+
+[ openssl_init ]
+
+engines = engine_section
+
+[ engine_section ]
+
+# This include will look through the directory that will contain the
+# engine declarations for any engines provided by other packages.
+.include /etc/ssl/engines1.1.d
+
+# This include will look through the directory that will contain the
+# definitions of the engines declared in the engine section.
+.include /etc/ssl/engdef1.1.d
+
+[ oid_section ]
+
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -26,8 +26,8 @@ static const ERR_STRING_DATA DH_str_func
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
"dh_cms_set_shared_info"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_COMPUTE_KEY, 0), "DH_compute_key"},
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_KEY, 0), "DH_generate_key"},
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), "DH_generate_parameters_ex"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0),
+ "DH_generate_parameters_ex"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"},
@@ -78,11 +78,11 @@ static const ERR_STRING_DATA DH_str_reas
{ERR_PACK(ERR_LIB_DH, 0, DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non fips method"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
"not suitable generator"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non FIPS method"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -24,7 +24,8 @@ static const ERR_STRING_DATA DSA_str_fun
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_KEY, 0), "DSA_generate_key"},
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0), "DSA_generate_parameters_ex"},
+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0),
+ "DSA_generate_parameters_ex"},
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"},
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"},
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"},
@@ -60,8 +61,9 @@ static const ERR_STRING_DATA DSA_str_rea
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY),
"missing private key"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD),
+ "non fips dsa method"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,9 +27,19 @@ static const ERR_STRING_DATA EC_str_func
"ecdh_simple_compute_key"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_S390X_NISTP_SIGN_SIG, 0),
+ "ecdsa_s390x_nistp_sign_sig"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, 0),
+ "ecdsa_s390x_nistp_verify_sig"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_SIGN_SETUP, 0),
+ "ecdsa_simple_sign_setup"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_SIGN_SIG, 0),
+ "ecdsa_simple_sign_sig"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_VERIFY_SIG, 0),
+ "ecdsa_simple_verify_sig"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"},
{ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"},
@@ -193,6 +203,7 @@ static const ERR_STRING_DATA EC_str_func
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PUBLIC_CHECK, 0), "ec_key_public_check"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0),
"EC_KEY_set_public_key_affine_coordinates"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0),
@@ -266,6 +277,8 @@ static const ERR_STRING_DATA EC_str_func
{ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"},
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0),
"ossl_ecdh_compute_key"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SETUP, 0),
+ "ossl_ecdsa_sign_setup"},
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"},
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0),
"ossl_ecdsa_verify_sig"},
@@ -284,6 +297,18 @@ static const ERR_STRING_DATA EC_str_func
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"},
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"},
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_DIGESTSIGN25519, 0),
+ "s390x_pkey_ecd_digestsign25519"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_DIGESTSIGN448, 0),
+ "s390x_pkey_ecd_digestsign448"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_KEYGEN25519, 0),
+ "s390x_pkey_ecd_keygen25519"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_KEYGEN448, 0),
+ "s390x_pkey_ecd_keygen448"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECX_KEYGEN25519, 0),
+ "s390x_pkey_ecx_keygen25519"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECX_KEYGEN448, 0),
+ "s390x_pkey_ecx_keygen448"},
{ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"},
{0, NULL}
};
@@ -298,6 +323,8 @@ static const ERR_STRING_DATA EC_str_reas
"coordinates out of range"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
"curve does not support ecdh"},
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA),
+ "curve does not support ecdsa"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
"curve does not support signing"},
{ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE),
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -408,6 +408,8 @@ DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pu
DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt
DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey
DH_F_DH_CMS_SET_SHARED_INFO:116:dh_cms_set_shared_info
+DH_F_DH_COMPUTE_KEY:126:DH_compute_key
+DH_F_DH_GENERATE_PARAMETERS_EX:127:DH_generate_parameters_ex
DH_F_DH_METH_DUP:117:DH_meth_dup
DH_F_DH_METH_NEW:118:DH_meth_new
DH_F_DH_METH_SET1_NAME:119:DH_meth_set1_name
@@ -427,10 +429,13 @@ DH_F_PKEY_DH_INIT:125:pkey_dh_init
DH_F_PKEY_DH_KEYGEN:113:pkey_dh_keygen
DSA_F_DSAPARAMS_PRINT:100:DSAparams_print
DSA_F_DSAPARAMS_PRINT_FP:101:DSAparams_print_fp
+DSA_F_DSA_BUILTIN_KEYGEN:108:dsa_builtin_keygen
DSA_F_DSA_BUILTIN_PARAMGEN:125:dsa_builtin_paramgen
DSA_F_DSA_BUILTIN_PARAMGEN2:126:dsa_builtin_paramgen2
DSA_F_DSA_DO_SIGN:112:DSA_do_sign
DSA_F_DSA_DO_VERIFY:113:DSA_do_verify
+DSA_F_DSA_GENERATE_KEY:109:DSA_generate_key
+DSA_F_DSA_GENERATE_PARAMETERS_EX:110:DSA_generate_parameters_ex
DSA_F_DSA_METH_DUP:127:DSA_meth_dup
DSA_F_DSA_METH_NEW:128:DSA_meth_new
DSA_F_DSA_METH_SET1_NAME:129:DSA_meth_set1_name
@@ -494,15 +499,15 @@ EC_F_ECDH_COMPUTE_KEY:246:ECDH_compute_k
EC_F_ECDH_SIMPLE_COMPUTE_KEY:257:ecdh_simple_compute_key
EC_F_ECDSA_DO_SIGN_EX:251:ECDSA_do_sign_ex
EC_F_ECDSA_DO_VERIFY:252:ECDSA_do_verify
+EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
+EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
-EC_F_ECDSA_VERIFY:253:ECDSA_verify
EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
-EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
-EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
+EC_F_ECDSA_VERIFY:253:ECDSA_verify
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
@@ -610,6 +615,7 @@ EC_F_EC_KEY_PRINT:180:EC_KEY_print
EC_F_EC_KEY_PRINT_FP:181:EC_KEY_print_fp
EC_F_EC_KEY_PRIV2BUF:279:EC_KEY_priv2buf
EC_F_EC_KEY_PRIV2OCT:256:EC_KEY_priv2oct
+EC_F_EC_KEY_PUBLIC_CHECK:299:ec_key_public_check
EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES:229:\
EC_KEY_set_public_key_affine_coordinates
EC_F_EC_KEY_SIMPLE_CHECK_KEY:258:ec_key_simple_check_key
@@ -735,6 +741,7 @@ EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher
EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key
EVP_F_AES_T4_XTS_INIT_KEY:208:aes_t4_xts_init_key
EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher
+EVP_F_AES_XTS_CIPHER:210:aes_xts_cipher
EVP_F_AES_XTS_INIT_KEY:209:aes_xts_init_key
EVP_F_ALG_MODULE_INIT:177:alg_module_init
EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key
@@ -844,6 +851,8 @@ FIPS_F_EVP_CIPHER_CTX_NEW:137:EVP_CIPHER
FIPS_F_EVP_CIPHER_CTX_RESET:122:EVP_CIPHER_CTX_reset
FIPS_F_EVP_CIPHERINIT_EX:124:EVP_CipherInit_ex
FIPS_F_EVP_DIGESTINIT_EX:125:EVP_DigestInit_ex
+FIPS_F_ECDSA_SIMPLE_SIGN_SIG:104:ecdsa_simple_sign_sig
+FIPS_F_ECDSA_SIMPLE_VERIFY_SIG:105:ecdsa_simple_verify_sig
FIPS_F_FIPS_CHECK_DSA:104:fips_check_dsa
FIPS_F_FIPS_CHECK_EC:142:fips_check_ec
FIPS_F_FIPS_CHECK_RSA:106:fips_check_rsa
@@ -874,9 +883,15 @@ FIPS_F_FIPS_SELFTEST_CMAC:130:FIPS_selft
FIPS_F_FIPS_SELFTEST_DES:111:FIPS_selftest_des
FIPS_F_FIPS_SELFTEST_DSA:112:FIPS_selftest_dsa
FIPS_F_FIPS_SELFTEST_ECDSA:133:FIPS_selftest_ecdsa
+FIPS_F_FIPS_SELFTEST_HKDF:136:FIPS_selftest_hkdf
FIPS_F_FIPS_SELFTEST_HMAC:113:FIPS_selftest_hmac
+FIPS_F_FIPS_SELFTEST_PBKDF2:138:FIPS_selftest_pbkdf2
FIPS_F_FIPS_SELFTEST_SHA1:115:FIPS_selftest_sha1
FIPS_F_FIPS_SELFTEST_SHA2:105:FIPS_selftest_sha2
+FIPS_F_FIPS_SELFTEST_SHA3:141:FIPS_selftest_sha3
+FIPS_F_FIPS_SELFTEST_SSH:142:FIPS_selftest_ssh
+FIPS_F_FIPS_SELFTEST_TLS:143:FIPS_selftest_tls
+FIPS_F_OSSL_ECDH_COMPUTE_KEY:144:ossl_ecdh_compute_key
FIPS_F_OSSL_ECDSA_SIGN_SIG:143:ossl_ecdsa_sign_sig
FIPS_F_OSSL_ECDSA_VERIFY_SIG:148:ossl_ecdsa_verify_sig
FIPS_F_RSA_BUILTIN_KEYGEN:116:rsa_builtin_keygen
@@ -1126,6 +1141,7 @@ RAND_F_RAND_PSEUDO_BYTES:126:RAND_pseudo
RAND_F_RAND_WRITE_FILE:112:RAND_write_file
RSA_F_CHECK_PADDING_MD:140:check_padding_md
RSA_F_ENCODE_PKCS1:146:encode_pkcs1
+RSA_F_FIPS_RSA_BUILTIN_KEYGEN:168:fips_rsa_builtin_keygen
RSA_F_INT_RSA_VERIFY:145:int_rsa_verify
RSA_F_OLD_RSA_PRIV_DECODE:147:old_rsa_priv_decode
RSA_F_PKEY_PSS_INIT:165:pkey_pss_init
@@ -1140,6 +1156,8 @@ RSA_F_RSA_CHECK_KEY:123:RSA_check_key
RSA_F_RSA_CHECK_KEY_EX:160:RSA_check_key_ex
RSA_F_RSA_CMS_DECRYPT:159:rsa_cms_decrypt
RSA_F_RSA_CMS_VERIFY:158:rsa_cms_verify
+RSA_F_RSA_GENERATE_KEY_EX:169:RSA_generate_key_ex
+RSA_F_RSA_GENERATE_MULTI_PRIME_KEY:170:RSA_generate_multi_prime_key
RSA_F_RSA_ITEM_VERIFY:148:rsa_item_verify
RSA_F_RSA_METH_DUP:161:RSA_meth_dup
RSA_F_RSA_METH_NEW:162:RSA_meth_new
@@ -1175,12 +1193,18 @@ RSA_F_RSA_PADDING_CHECK_X931:128:RSA_pad
RSA_F_RSA_PARAM_DECODE:164:rsa_param_decode
RSA_F_RSA_PRINT:115:RSA_print
RSA_F_RSA_PRINT_FP:116:RSA_print_fp
+RSA_F_RSA_PRIVATE_DECRYPT:171:RSA_private_decrypt
+RSA_F_RSA_PRIVATE_ENCRYPT:172:RSA_private_encrypt
RSA_F_RSA_PRIV_DECODE:150:rsa_priv_decode
RSA_F_RSA_PRIV_ENCODE:138:rsa_priv_encode
RSA_F_RSA_PSS_GET_PARAM:151:rsa_pss_get_param
RSA_F_RSA_PSS_TO_CTX:155:rsa_pss_to_ctx
+RSA_F_RSA_PUBLIC_DECRYPT:173:RSA_public_decrypt
+RSA_F_RSA_PUBLIC_ENCRYPT:174:RSA_public_encrypt
RSA_F_RSA_PUB_DECODE:139:rsa_pub_decode
RSA_F_RSA_SETUP_BLINDING:136:RSA_setup_blinding
+RSA_F_RSA_SET_DEFAULT_METHOD:175:RSA_set_default_method
+RSA_F_RSA_SET_METHOD:176:RSA_set_method
RSA_F_RSA_SIGN:117:RSA_sign
RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
RSA_F_RSA_VERIFY:119:RSA_verify
@@ -2189,8 +2213,10 @@ DH_R_INVALID_PARAMETER_NID:114:invalid p
DH_R_INVALID_PUBKEY:102:invalid public key
DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error
DH_R_KEYS_NOT_SET:108:keys not set
+DH_R_KEY_SIZE_TOO_SMALL:126:key size too small
DH_R_MISSING_PUBKEY:125:missing pubkey
DH_R_MODULUS_TOO_LARGE:103:modulus too large
+DH_R_NON_FIPS_METHOD:127:non fips method
DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator
DH_R_NO_PARAMETERS_SET:107:no parameters set
DH_R_NO_PRIVATE_VALUE:100:no private value
@@ -2204,9 +2230,12 @@ DSA_R_BN_ERROR:109:bn error
DSA_R_DECODE_ERROR:104:decode error
DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type
DSA_R_INVALID_PARAMETERS:112:invalid parameters
+DSA_R_KEY_SIZE_INVALID:114:key size invalid
+DSA_R_KEY_SIZE_TOO_SMALL:115:key size too small
DSA_R_MISSING_PARAMETERS:101:missing parameters
DSA_R_MISSING_PRIVATE_KEY:111:missing private key
DSA_R_MODULUS_TOO_LARGE:103:modulus too large
+DSA_R_NON_FIPS_DSA_METHOD:116:non fips dsa method
DSA_R_NO_PARAMETERS_SET:107:no parameters set
DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
DSA_R_Q_NOT_PRIME:113:q not prime
@@ -2344,6 +2373,7 @@ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:
EVP_R_DECODE_ERROR:114:decode error
EVP_R_DIFFERENT_KEY_TYPES:101:different key types
EVP_R_DIFFERENT_PARAMETERS:153:different parameters
+EVP_R_DISABLED_FOR_FIPS:185:disabled for fips
EVP_R_ERROR_LOADING_SECTION:165:error loading section
EVP_R_ERROR_SETTING_FIPS_MODE:166:error setting fips mode
EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key
@@ -2389,6 +2419,7 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREA
EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
+EVP_R_TOO_LARGE:186:too large
EVP_R_UNKNOWN_CIPHER:160:unknown cipher
EVP_R_UNKNOWN_DIGEST:161:unknown digest
EVP_R_UNKNOWN_OPTION:169:unknown option
@@ -2711,11 +2742,13 @@ RSA_R_MODULUS_TOO_LARGE:105:modulus too
RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r
RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d
RSA_R_MP_R_NOT_PRIME:170:mp r not prime
+RSA_R_NON_FIPS_RSA_METHOD:171:non fips rsa method
RSA_R_NO_PUBLIC_EXPONENT:140:no public exponent
RSA_R_NULL_BEFORE_BLOCK_MISSING:113:null before block missing
RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES:172:n does not equal product of primes
RSA_R_N_DOES_NOT_EQUAL_P_Q:127:n does not equal p q
RSA_R_OAEP_DECODING_ERROR:121:oaep decoding error
+RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE:173:operation not allowed in fips mode
RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:148:\
operation not supported for this keytype
RSA_R_PADDING_CHECK_FAILED:114:padding check failed
@@ -2737,6 +2770,7 @@ RSA_R_UNSUPPORTED_ENCRYPTION_TYPE:162:un
RSA_R_UNSUPPORTED_LABEL_SOURCE:163:unsupported label source
RSA_R_UNSUPPORTED_MASK_ALGORITHM:153:unsupported mask algorithm
RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
+RSA_R_UNSUPPORTED_PARAMETERS:174:unsupported parameters
RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
RSA_R_VALUE_MISSING:147:value missing
RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -192,7 +192,7 @@ static const ERR_STRING_DATA EVP_str_rea
"different key types"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS),
"different parameters"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for fips"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
"error loading section"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
@@ -286,8 +286,6 @@ static const ERR_STRING_DATA EVP_str_rea
"wrap mode not allowed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
"wrong final block length"},
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE),
- "xts data unit is too large"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS),
"xts duplicated keys"},
{0, NULL}
--- a/crypto/fips/fips_ers.c
+++ b/crypto/fips/fips_ers.c
@@ -1,7 +1,186 @@
-#include <openssl/opensslconf.h>
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
-#ifdef OPENSSL_FIPS
-# include "fips_err.h"
-#else
-static void *dummy = &dummy;
+#include <openssl/err.h>
+#include "crypto/fipserr.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA FIPS_str_functs[] = {
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DRBG_RESEED, 0), "drbg_reseed"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_BUILTIN_PARAMGEN2, 0),
+ "dsa_builtin_paramgen2"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_ECDSA_SIMPLE_SIGN_SIG, 0),
+ "ecdsa_simple_sign_sig"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_ECDSA_SIMPLE_VERIFY_SIG, 0),
+ "ecdsa_simple_verify_sig"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHER_CTX_NEW, 0),
+ "EVP_CIPHER_CTX_new"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHER_CTX_RESET, 0),
+ "EVP_CIPHER_CTX_reset"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_DSA, 0), "fips_check_dsa"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_EC, 0), "fips_check_ec"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_RSA, 0), "fips_check_rsa"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_BYTES, 0), "fips_drbg_bytes"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_CHECK, 0), "fips_drbg_check"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_ERROR_CHECK, 0),
+ "fips_drbg_error_check"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_GENERATE, 0),
+ "FIPS_drbg_generate"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_INIT, 0), "FIPS_drbg_init"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_INSTANTIATE, 0),
+ "FIPS_drbg_instantiate"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_NEW, 0), "FIPS_drbg_new"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_SINGLE_KAT, 0),
+ "fips_drbg_single_kat"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_GET_ENTROPY, 0), "fips_get_entropy"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_MODULE_MODE_SET, 0),
+ "FIPS_module_mode_set"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_PKEY_SIGNATURE_TEST, 0),
+ "fips_pkey_signature_test"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_BYTES, 0), "FIPS_rand_bytes"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_SEED, 0), "FIPS_rand_seed"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_SET_METHOD, 0),
+ "FIPS_rand_set_method"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_STATUS, 0), "FIPS_rand_status"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, 0),
+ "fips_rsa_builtin_keygen"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES, 0), "FIPS_selftest_aes"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_CCM, 0),
+ "FIPS_selftest_aes_ccm"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_GCM, 0),
+ "FIPS_selftest_aes_gcm"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_XTS, 0),
+ "FIPS_selftest_aes_xts"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_CMAC, 0),
+ "FIPS_selftest_cmac"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_DES, 0), "FIPS_selftest_des"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_ECDSA, 0),
+ "FIPS_selftest_ecdsa"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_HKDF, 0),
+ "FIPS_selftest_hkdf"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_HMAC, 0),
+ "FIPS_selftest_hmac"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_PBKDF2, 0),
+ "FIPS_selftest_pbkdf2"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA1, 0),
+ "FIPS_selftest_sha1"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA2, 0),
+ "FIPS_selftest_sha2"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA3, 0),
+ "FIPS_selftest_sha3"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SSH, 0), "FIPS_selftest_ssh"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_TLS, 0), "FIPS_selftest_tls"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_OSSL_ECDH_COMPUTE_KEY, 0),
+ "ossl_ecdh_compute_key"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PRIVATE_DECRYPT, 0),
+ "rsa_ossl_private_decrypt"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT, 0),
+ "rsa_ossl_private_encrypt"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PUBLIC_DECRYPT, 0),
+ "rsa_ossl_public_decrypt"},
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT, 0),
+ "rsa_ossl_public_encrypt"},
+ {0, NULL}
+};
+
+static const ERR_STRING_DATA FIPS_str_reasons[] = {
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),
+ "additional input error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ADDITIONAL_INPUT_TOO_LONG),
+ "additional input too long"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ALREADY_INSTANTIATED),
+ "already instantiated"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_DRBG_NOT_INITIALISED),
+ "drbg not initialised"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_ERROR_UNDETECTED),
+ "entropy error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),
+ "entropy not requested for reseed"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_SOURCE_STUCK),
+ "entropy source stuck"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_INITIALISING_DRBG),
+ "error initialising drbg"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_INSTANTIATING_DRBG),
+ "error instantiating drbg"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
+ "error retrieving additional input"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_ENTROPY),
+ "error retrieving entropy"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_NONCE),
+ "error retrieving nonce"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FINGERPRINT_DOES_NOT_MATCH),
+ "fingerprint does not match"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FIPS_MODE_ALREADY_SET),
+ "fips mode already set"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FIPS_SELFTEST_FAILED),
+ "fips selftest failed"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FUNCTION_ERROR), "function error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_GENERATE_ERROR), "generate error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_GENERATE_ERROR_UNDETECTED),
+ "generate error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_INSTANTIATE_ERROR), "instantiate error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_INVALID_KEY_LENGTH),
+ "invalid key length"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_IN_ERROR_STATE), "in error state"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_KEY_TOO_SHORT), "key too short"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NONCE_ERROR_UNDETECTED),
+ "nonce error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NON_FIPS_METHOD), "non fips method"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOPR_TEST1_FAILURE),
+ "nopr test1 failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOPR_TEST2_FAILURE),
+ "nopr test2 failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOT_INSTANTIATED), "not instantiated"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PAIRWISE_TEST_FAILED),
+ "pairwise test failed"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PERSONALISATION_ERROR_UNDETECTED),
+ "personalisation error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PERSONALISATION_STRING_TOO_LONG),
+ "personalisation string too long"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),
+ "request length error undetected"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),
+ "request too large for drbg"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_RESEED_COUNTER_ERROR),
+ "reseed counter error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_RESEED_ERROR), "reseed error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_SELFTEST_FAILED), "selftest failed"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_SELFTEST_FAILURE), "selftest failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_TEST_FAILURE), "test failure"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNINSTANTIATE_ERROR),
+ "uninstantiate error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),
+ "uninstantiate zeroise error"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNSUPPORTED_DRBG_TYPE),
+ "unsupported drbg type"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNSUPPORTED_PLATFORM),
+ "unsupported platform"},
+ {0, NULL}
+};
+
+#endif
+
+int ERR_load_FIPS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+ if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) {
+ ERR_load_strings_const(FIPS_str_functs);
+ ERR_load_strings_const(FIPS_str_reasons);
+ }
#endif
+ return 1;
+}
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -34,7 +34,8 @@ static const ERR_STRING_DATA RSA_str_fun
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0), "RSA_generate_key_ex"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0),
+ "RSA_generate_key_ex"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, 0),
"RSA_generate_multi_prime_key"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"},
@@ -93,16 +94,21 @@ static const ERR_STRING_DATA RSA_str_fun
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0),
+ "RSA_private_decrypt"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0),
+ "RSA_private_encrypt"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0), "RSA_private_decrypt"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_private_encrypt"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_DECRYPT, 0), "RSA_public_decrypt"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_public_encrypt"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0),
+ "RSA_set_default_method"},
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0),
"RSA_sign_ASN1_OCTET_STRING"},
@@ -111,8 +117,6 @@ static const ERR_STRING_DATA RSA_str_fun
"RSA_verify_ASN1_OCTET_STRING"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0),
"RSA_verify_PKCS1_PSS_mgf1"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0), "RSA_set_default_method"},
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"},
{ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"},
{0, NULL}
};
@@ -193,8 +197,9 @@ static const ERR_STRING_DATA RSA_str_rea
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D),
"mp exponent not congruent to d"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"},
+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD),
+ "non fips rsa method"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING),
"null before block missing"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES),
@@ -204,7 +209,7 @@ static const ERR_STRING_DATA RSA_str_rea
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR),
"oaep decoding error"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
- "operation not allowed in FIPS mode"},
+ "operation not allowed in fips mode"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED),
--- a/include/openssl/dherr.h
+++ b/include/openssl/dherr.h
@@ -11,9 +11,7 @@
#ifndef HEADER_DHERR_H
# define HEADER_DHERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# include <openssl/opensslconf.h>
@@ -36,9 +34,8 @@ int ERR_load_DH_strings(void);
# define DH_F_DH_CMS_DECRYPT 114
# define DH_F_DH_CMS_SET_PEERKEY 115
# define DH_F_DH_CMS_SET_SHARED_INFO 116
-# define DH_F_DH_COMPUTE_KEY 203
-# define DH_F_DH_GENERATE_KEY 202
-# define DH_F_DH_GENERATE_PARAMETERS_EX 201
+# define DH_F_DH_COMPUTE_KEY 126
+# define DH_F_DH_GENERATE_PARAMETERS_EX 127
# define DH_F_DH_METH_DUP 117
# define DH_F_DH_METH_NEW 118
# define DH_F_DH_METH_SET1_NAME 119
@@ -76,14 +73,14 @@ int ERR_load_DH_strings(void);
# define DH_R_INVALID_PARAMETER_NID 114
# define DH_R_INVALID_PUBKEY 102
# define DH_R_KDF_PARAMETER_ERROR 112
-# define DH_R_KEY_SIZE_TOO_SMALL 201
# define DH_R_KEYS_NOT_SET 108
+# define DH_R_KEY_SIZE_TOO_SMALL 126
# define DH_R_MISSING_PUBKEY 125
# define DH_R_MODULUS_TOO_LARGE 103
+# define DH_R_NON_FIPS_METHOD 127
# define DH_R_NOT_SUITABLE_GENERATOR 120
# define DH_R_NO_PARAMETERS_SET 107
# define DH_R_NO_PRIVATE_VALUE 100
-# define DH_R_NON_FIPS_METHOD 202
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 111
# define DH_R_SHARED_INFO_ERROR 113
--- a/include/openssl/dsaerr.h
+++ b/include/openssl/dsaerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,9 +11,7 @@
#ifndef HEADER_DSAERR_H
# define HEADER_DSAERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# include <openssl/opensslconf.h>
@@ -29,13 +27,13 @@ int ERR_load_DSA_strings(void);
*/
# define DSA_F_DSAPARAMS_PRINT 100
# define DSA_F_DSAPARAMS_PRINT_FP 101
-# define DSA_F_DSA_BUILTIN_KEYGEN 202
+# define DSA_F_DSA_BUILTIN_KEYGEN 108
# define DSA_F_DSA_BUILTIN_PARAMGEN 125
# define DSA_F_DSA_BUILTIN_PARAMGEN2 126
-# define DSA_F_DSA_GENERATE_KEY 201
-# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200
# define DSA_F_DSA_DO_SIGN 112
# define DSA_F_DSA_DO_VERIFY 113
+# define DSA_F_DSA_GENERATE_KEY 109
+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 110
# define DSA_F_DSA_METH_DUP 127
# define DSA_F_DSA_METH_NEW 128
# define DSA_F_DSA_METH_SET1_NAME 129
@@ -63,13 +61,13 @@ int ERR_load_DSA_strings(void);
# define DSA_R_DECODE_ERROR 104
# define DSA_R_INVALID_DIGEST_TYPE 106
# define DSA_R_INVALID_PARAMETERS 112
-# define DSA_R_KEY_SIZE_INVALID 201
-# define DSA_R_KEY_SIZE_TOO_SMALL 202
+# define DSA_R_KEY_SIZE_INVALID 114
+# define DSA_R_KEY_SIZE_TOO_SMALL 115
# define DSA_R_MISSING_PARAMETERS 101
# define DSA_R_MISSING_PRIVATE_KEY 111
# define DSA_R_MODULUS_TOO_LARGE 103
+# define DSA_R_NON_FIPS_DSA_METHOD 116
# define DSA_R_NO_PARAMETERS_SET 107
-# define DSA_R_NON_FIPS_DSA_METHOD 200
# define DSA_R_PARAMETER_ENCODING_ERROR 105
# define DSA_R_Q_NOT_PRIME 113
# define DSA_R_SEED_LEN_SMALL 110
--- a/include/openssl/ecerr.h
+++ b/include/openssl/ecerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,9 +11,7 @@
#ifndef HEADER_ECERR_H
# define HEADER_ECERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# include <openssl/opensslconf.h>
@@ -143,6 +141,7 @@ int ERR_load_EC_strings(void);
# define EC_F_EC_KEY_PRINT_FP 181
# define EC_F_EC_KEY_PRIV2BUF 279
# define EC_F_EC_KEY_PRIV2OCT 256
+# define EC_F_EC_KEY_PUBLIC_CHECK 299
# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229
# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258
# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -22,15 +22,15 @@ int ERR_load_EVP_strings(void);
* EVP function codes.
*/
# define EVP_F_AESNI_INIT_KEY 165
-# define EVP_F_AESNI_XTS_INIT_KEY 233
+# define EVP_F_AESNI_XTS_INIT_KEY 207
# define EVP_F_AES_GCM_CTRL 196
# define EVP_F_AES_INIT_KEY 133
# define EVP_F_AES_OCB_CIPHER 169
# define EVP_F_AES_T4_INIT_KEY 178
-# define EVP_F_AES_T4_XTS_INIT_KEY 234
+# define EVP_F_AES_T4_XTS_INIT_KEY 208
# define EVP_F_AES_WRAP_CIPHER 170
-# define EVP_F_AES_XTS_CIPHER 229
-# define EVP_F_AES_XTS_INIT_KEY 235
+# define EVP_F_AES_XTS_CIPHER 210
+# define EVP_F_AES_XTS_INIT_KEY 209
# define EVP_F_ALG_MODULE_INIT 177
# define EVP_F_ARIA_CCM_INIT_KEY 175
# define EVP_F_ARIA_GCM_CTRL 197
@@ -146,9 +146,9 @@ int ERR_load_EVP_strings(void);
# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
# define EVP_R_DECODE_ERROR 114
-# define EVP_R_DISABLED_FOR_FIPS 200
# define EVP_R_DIFFERENT_KEY_TYPES 101
# define EVP_R_DIFFERENT_PARAMETERS 153
+# define EVP_R_DISABLED_FOR_FIPS 185
# define EVP_R_ERROR_LOADING_SECTION 165
# define EVP_R_ERROR_SETTING_FIPS_MODE 166
# define EVP_R_EXPECTING_AN_HMAC_KEY 174
@@ -184,15 +184,15 @@ int ERR_load_EVP_strings(void);
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
-# define EVP_R_PARAMETER_TOO_LARGE 187
# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
+# define EVP_R_PARAMETER_TOO_LARGE 187
# define EVP_R_PARTIALLY_OVERLAPPING 162
# define EVP_R_PBKDF2_ERROR 181
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
-# define EVP_R_TOO_LARGE 201
+# define EVP_R_TOO_LARGE 186
# define EVP_R_UNKNOWN_CIPHER 160
# define EVP_R_UNKNOWN_DIGEST 161
# define EVP_R_UNKNOWN_OPTION 169
@@ -208,7 +208,6 @@ int ERR_load_EVP_strings(void);
# define EVP_R_UNSUPPORTED_SALT_TYPE 126
# define EVP_R_WRAP_MODE_NOT_ALLOWED 170
# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
-# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191
-# define EVP_R_XTS_DUPLICATED_KEYS 192
+# define EVP_R_XTS_DUPLICATED_KEYS 183
#endif
--- a/include/openssl/rsaerr.h
+++ b/include/openssl/rsaerr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,9 +11,7 @@
#ifndef HEADER_RSAERR_H
# define HEADER_RSAERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# ifdef __cplusplus
extern "C"
@@ -25,7 +23,7 @@ int ERR_load_RSA_strings(void);
*/
# define RSA_F_CHECK_PADDING_MD 140
# define RSA_F_ENCODE_PKCS1 146
-# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206
+# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 168
# define RSA_F_INT_RSA_VERIFY 145
# define RSA_F_OLD_RSA_PRIV_DECODE 147
# define RSA_F_PKEY_PSS_INIT 165
@@ -40,8 +38,8 @@ int ERR_load_RSA_strings(void);
# define RSA_F_RSA_CHECK_KEY_EX 160
# define RSA_F_RSA_CMS_DECRYPT 159
# define RSA_F_RSA_CMS_VERIFY 158
-# define RSA_F_RSA_GENERATE_KEY_EX 204
-# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207
+# define RSA_F_RSA_GENERATE_KEY_EX 169
+# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 170
# define RSA_F_RSA_ITEM_VERIFY 148
# define RSA_F_RSA_METH_DUP 161
# define RSA_F_RSA_METH_NEW 162
@@ -77,18 +75,18 @@ int ERR_load_RSA_strings(void);
# define RSA_F_RSA_PARAM_DECODE 164
# define RSA_F_RSA_PRINT 115
# define RSA_F_RSA_PRINT_FP 116
+# define RSA_F_RSA_PRIVATE_DECRYPT 171
+# define RSA_F_RSA_PRIVATE_ENCRYPT 172
# define RSA_F_RSA_PRIV_DECODE 150
# define RSA_F_RSA_PRIV_ENCODE 138
-# define RSA_F_RSA_PRIVATE_DECRYPT 200
-# define RSA_F_RSA_PRIVATE_ENCRYPT 201
# define RSA_F_RSA_PSS_GET_PARAM 151
# define RSA_F_RSA_PSS_TO_CTX 155
+# define RSA_F_RSA_PUBLIC_DECRYPT 173
+# define RSA_F_RSA_PUBLIC_ENCRYPT 174
# define RSA_F_RSA_PUB_DECODE 139
-# define RSA_F_RSA_PUBLIC_DECRYPT 202
-# define RSA_F_RSA_PUBLIC_ENCRYPT 203
# define RSA_F_RSA_SETUP_BLINDING 136
-# define RSA_F_RSA_SET_DEFAULT_METHOD 205
-# define RSA_F_RSA_SET_METHOD 204
+# define RSA_F_RSA_SET_DEFAULT_METHOD 175
+# define RSA_F_RSA_SET_METHOD 176
# define RSA_F_RSA_SIGN 117
# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
# define RSA_F_RSA_VERIFY 119
@@ -139,19 +137,19 @@ int ERR_load_RSA_strings(void);
# define RSA_R_KEY_PRIME_NUM_INVALID 165
# define RSA_R_KEY_SIZE_TOO_SMALL 120
# define RSA_R_LAST_OCTET_INVALID 134
-# define RSA_R_MISSING_PRIVATE_KEY 179
# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152
+# define RSA_R_MISSING_PRIVATE_KEY 179
# define RSA_R_MODULUS_TOO_LARGE 105
# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168
# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169
# define RSA_R_MP_R_NOT_PRIME 170
+# define RSA_R_NON_FIPS_RSA_METHOD 171
# define RSA_R_NO_PUBLIC_EXPONENT 140
-# define RSA_R_NON_FIPS_RSA_METHOD 200
# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172
# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
# define RSA_R_OAEP_DECODING_ERROR 121
-# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 201
+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 173
# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
# define RSA_R_PADDING_CHECK_FAILED 114
# define RSA_R_PKCS_DECODING_ERROR 159
@@ -171,7 +169,7 @@ int ERR_load_RSA_strings(void);
# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163
# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154
-# define RSA_R_UNSUPPORTED_PARAMETERS 202
+# define RSA_R_UNSUPPORTED_PARAMETERS 174
# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
# define RSA_R_VALUE_MISSING 147
# define RSA_R_WRONG_SIGNATURE_LENGTH 119