diff --git a/Apps-config-host.mk b/Apps-config-host.mk index 21b6841b..615b4ee8 100644 --- a/Apps-config-host.mk +++ b/Apps-config-host.mk @@ -1,6 +1,6 @@ # Auto-generated - DO NOT EDIT! # To regenerate, edit openssl.config, then run: -# ./import_openssl.sh import /path/to/openssl-1.0.2j.tar.gz +# ./import_openssl.sh import /path/to/openssl-1.0.2o.tar.gz # # This script will append to the following variables: # diff --git a/Apps-config-target.mk b/Apps-config-target.mk index 82664e51..987afb6c 100644 --- a/Apps-config-target.mk +++ b/Apps-config-target.mk @@ -1,6 +1,6 @@ # Auto-generated - DO NOT EDIT! # To regenerate, edit openssl.config, then run: -# ./import_openssl.sh import /path/to/openssl-1.0.2j.tar.gz +# ./import_openssl.sh import /path/to/openssl-1.0.2o.tar.gz # # This script will append to the following variables: # diff --git a/Crypto-config-host.mk b/Crypto-config-host.mk index bffc5787..a8ac01f7 100644 --- a/Crypto-config-host.mk +++ b/Crypto-config-host.mk @@ -1,6 +1,6 @@ # Auto-generated - DO NOT EDIT! # To regenerate, edit openssl.config, then run: -# ./import_openssl.sh import /path/to/openssl-1.0.2j.tar.gz +# ./import_openssl.sh import /path/to/openssl-1.0.2o.tar.gz # # This script will append to the following variables: # diff --git a/Crypto-config-target.mk b/Crypto-config-target.mk index ead9d273..4ff7ff34 100644 --- a/Crypto-config-target.mk +++ b/Crypto-config-target.mk @@ -1,6 +1,6 @@ # Auto-generated - DO NOT EDIT! # To regenerate, edit openssl.config, then run: -# ./import_openssl.sh import /path/to/openssl-1.0.2j.tar.gz +# ./import_openssl.sh import /path/to/openssl-1.0.2o.tar.gz # # This script will append to the following variables: # diff --git a/NOTICE b/NOTICE index fb03713d..b1fa6f9f 100644 --- a/NOTICE +++ b/NOTICE @@ -2,7 +2,7 @@ LICENSE ISSUES ============== - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + The OpenSSL toolkit stays under a double license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/Ssl-config-host.mk b/Ssl-config-host.mk index 00fad243..a925cd60 100644 --- a/Ssl-config-host.mk +++ b/Ssl-config-host.mk @@ -1,6 +1,6 @@ # Auto-generated - DO NOT EDIT! # To regenerate, edit openssl.config, then run: -# ./import_openssl.sh import /path/to/openssl-1.0.2j.tar.gz +# ./import_openssl.sh import /path/to/openssl-1.0.2o.tar.gz # # This script will append to the following variables: # diff --git a/Ssl-config-target.mk b/Ssl-config-target.mk index 1a573e60..565c4e4d 100644 --- a/Ssl-config-target.mk +++ b/Ssl-config-target.mk @@ -1,6 +1,6 @@ # Auto-generated - DO NOT EDIT! # To regenerate, edit openssl.config, then run: -# ./import_openssl.sh import /path/to/openssl-1.0.2j.tar.gz +# ./import_openssl.sh import /path/to/openssl-1.0.2o.tar.gz # # This script will append to the following variables: # diff --git a/android.testssl/testssl b/android.testssl/testssl index 7faf74d0..5507b453 100755 --- a/android.testssl/testssl +++ b/android.testssl/testssl @@ -292,4 +292,34 @@ if [ -z "$extra" -a `uname -m` = "x86_64" ]; then $ssltest -cipher AES128-SHA256 -bytes 8m || exit 1 fi +############################################################################# +# Signature algorithms + SNI + +$ssltest -tls12 -sn_client server1 -sn_server1 server1 -sn_server2 server2 -sn_expect1 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 || exit 1 +$ssltest -tls12 -sn_client server1 -sn_server1 server1 -sn_server2 server2 -sn_expect1 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 -sni_in_cert_cb || exit 1 +# Switching SSL_CTX on SNI must not break signature algorithm negotiation. +$ssltest -tls12 -sn_client server2 -sn_server1 server1 -sn_server2 server2 -sn_expect2 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 || exit 1 +$ssltest -tls12 -sn_client server2 -sn_server1 server1 -sn_server2 server2 -sn_expect2 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 -sni_in_cert_cb || exit 1 + + +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket yes -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket yes -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket yes -ticket_expect yes || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket yes -ticket_expect yes || exit 1 + +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket yes -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket yes -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket yes -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1 +$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket yes -ticket_expect yes || exit 1 + +$ssltest -bio_pair -s_ticket1 broken -c_ticket yes -ticket_expect no || exit 1 + exit 0 diff --git a/apps/app_rand.c b/apps/app_rand.c index 7f40bba7..0bbf342e 100644 --- a/apps/app_rand.c +++ b/apps/app_rand.c @@ -128,7 +128,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) #endif if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); + file = RAND_file_name(buffer, sizeof(buffer)); else if (RAND_egd(file) > 0) { /* * we try if the given filename is an EGD socket. if it is, we don't @@ -203,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e) return 0; if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); + file = RAND_file_name(buffer, sizeof(buffer)); if (file == NULL || !RAND_write_file(file)) { BIO_printf(bio_e, "unable to write 'random state'\n"); return 0; diff --git a/apps/apps.c b/apps/apps.c index 9fdc3e00..2fad43f9 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -148,6 +148,10 @@ #ifdef _WIN32 static int WIN32_rename(const char *from, const char *to); # define rename(from,to) WIN32_rename((from),(to)) +# ifdef fileno +# undef fileno +# endif +# define fileno(a) (int)_fileno(a) #endif typedef struct { @@ -1723,9 +1727,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial, BUF_strlcpy(buf[0], serialfile, BSIZE); else { #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix); #endif } #ifdef RL_DEBUG @@ -1774,14 +1778,14 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", @@ -1862,9 +1866,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) goto err; #ifndef OPENSSL_SYS_VMS - BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); + BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile); #else - BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); + BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile); #endif dbattr_conf = NCONF_new(NULL); if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { @@ -1952,19 +1956,19 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db) goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile); #else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); @@ -2013,29 +2017,29 @@ int rotate_index(const char *dbfile, const char *new_suffix, goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); + j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile); #else - j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); + j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix); #else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix); #else - j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]); @@ -2589,7 +2593,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx) JPAKE_STEP3A_init(&s3a); JPAKE_STEP3A_generate(&s3a, ctx); - BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); + BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk)); (void)BIO_flush(bconn); JPAKE_STEP3A_release(&s3a); } @@ -2600,7 +2604,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx) JPAKE_STEP3B_init(&s3b); JPAKE_STEP3B_generate(&s3b, ctx); - BIO_write(bconn, s3b.hk, sizeof s3b.hk); + BIO_write(bconn, s3b.hk, sizeof(s3b.hk)); (void)BIO_flush(bconn); JPAKE_STEP3B_release(&s3b); } @@ -2610,7 +2614,7 @@ static void readbn(BIGNUM **bn, BIO *bconn) char buf[10240]; int l; - l = BIO_gets(bconn, buf, sizeof buf); + l = BIO_gets(bconn, buf, sizeof(buf)); assert(l > 0); assert(buf[l - 1] == '\n'); buf[l - 1] = '\0'; @@ -2657,8 +2661,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn) int l; JPAKE_STEP3A_init(&s3a); - l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); - assert(l == sizeof s3a.hhk); + l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk)); + assert(l == sizeof(s3a.hhk)); if (!JPAKE_STEP3A_process(ctx, &s3a)) { ERR_print_errors(bio_err); exit(1); @@ -2672,8 +2676,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn) int l; JPAKE_STEP3B_init(&s3b); - l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); - assert(l == sizeof s3b.hk); + l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk)); + assert(l == sizeof(s3b.hk)); if (!JPAKE_STEP3B_process(ctx, &s3b)) { ERR_print_errors(bio_err); exit(1); @@ -2777,13 +2781,13 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in) OPENSSL_free(out); return NULL; } - out[start] = i - start; + out[start] = (unsigned char)(i - start); start = i + 1; } else out[i + 1] = in[i]; } - *outlen = len + 1; + *outlen = (unsigned char)(len + 1); return out; } #endif /* ndef OPENSSL_NO_TLSEXT */ diff --git a/apps/ca.c b/apps/ca.c index a0ec5838..e17cb7c1 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1631,8 +1631,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { - X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = - NULL; + X509_NAME *name = NULL, *CAname = NULL, *subject = NULL; ASN1_UTCTIME *tm, *tmptm; ASN1_STRING *str, *str2; ASN1_OBJECT *obj; @@ -1820,8 +1819,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (push != NULL) { if (!X509_NAME_add_entry(subject, push, -1, 0)) { - if (push != NULL) - X509_NAME_ENTRY_free(push); BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } @@ -1839,104 +1836,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto err; } - if (verbose) - BIO_printf(bio_err, - "The subject name appears to be ok, checking data base for clashes\n"); - - /* Build the correct Subject if no e-mail is wanted in the subject */ - /* - * and add it later on because of the method extensions are added - * (altName) - */ - - if (email_dn) - dn_subject = subject; - else { - X509_NAME_ENTRY *tmpne; - /* - * Its best to dup the subject DN and then delete any email addresses - * because this retains its structure. - */ - if (!(dn_subject = X509_NAME_dup(subject))) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto err; - } - while ((i = X509_NAME_get_index_by_NID(dn_subject, - NID_pkcs9_emailAddress, - -1)) >= 0) { - tmpne = X509_NAME_get_entry(dn_subject, i); - X509_NAME_delete_entry(dn_subject, i); - X509_NAME_ENTRY_free(tmpne); - } - } - - if (BN_is_zero(serial)) - row[DB_serial] = BUF_strdup("00"); - else - row[DB_serial] = BN_bn2hex(serial); - if (row[DB_serial] == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto err; - } - - if (db->attributes.unique_subject) { - OPENSSL_STRING *crow = row; - - rrow = TXT_DB_get_by_index(db->db, DB_name, crow); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:There is already a certificate for %s\n", - row[DB_name]); - } - } - if (rrow == NULL) { - rrow = TXT_DB_get_by_index(db->db, DB_serial, row); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:Serial number %s has already been issued,\n", - row[DB_serial]); - BIO_printf(bio_err, - " check the database/serial_file for corruption\n"); - } - } - - if (rrow != NULL) { - BIO_printf(bio_err, "The matching entry has the following details\n"); - if (rrow[DB_type][0] == 'E') - p = "Expired"; - else if (rrow[DB_type][0] == 'R') - p = "Revoked"; - else if (rrow[DB_type][0] == 'V') - p = "Valid"; - else - p = "\ninvalid type, Data base error\n"; - BIO_printf(bio_err, "Type :%s\n", p);; - if (rrow[DB_type][0] == 'R') { - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Was revoked on:%s\n", p); - } - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Expires on :%s\n", p); - p = rrow[DB_serial]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Serial Number :%s\n", p); - p = rrow[DB_file]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "File name :%s\n", p); - p = rrow[DB_name]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Subject Name :%s\n", p); - ok = -1; /* This is now a 'bad' error. */ - goto err; - } - /* We are now totally happy, lets make and sign the certificate */ if (verbose) BIO_printf(bio_err, @@ -1988,10 +1887,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, /* Lets add the extensions, if there are any */ if (ext_sect) { X509V3_CTX ctx; - if (ci->version == NULL) - if ((ci->version = ASN1_INTEGER_new()) == NULL) - goto err; - ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */ /* * Free the current entries if any, there should not be any I believe @@ -2054,10 +1949,133 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto err; } - /* Set the right value for the noemailDN option */ - if (email_dn == 0) { - if (!X509_set_subject_name(ret, dn_subject)) + { + STACK_OF(X509_EXTENSION) *exts = ci->extensions; + + if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0) + /* Make it an X509 v3 certificate. */ + if (!X509_set_version(ret, 2)) + goto err; + } + + if (verbose) + BIO_printf(bio_err, + "The subject name appears to be ok, checking data base for clashes\n"); + + /* Build the correct Subject if no e-mail is wanted in the subject */ + + if (!email_dn) { + X509_NAME_ENTRY *tmpne; + X509_NAME *dn_subject; + + /* + * Its best to dup the subject DN and then delete any email addresses + * because this retains its structure. + */ + if (!(dn_subject = X509_NAME_dup(subject))) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + while ((i = X509_NAME_get_index_by_NID(dn_subject, + NID_pkcs9_emailAddress, + -1)) >= 0) { + tmpne = X509_NAME_get_entry(dn_subject, i); + X509_NAME_delete_entry(dn_subject, i); + X509_NAME_ENTRY_free(tmpne); + } + + if (!X509_set_subject_name(ret, dn_subject)) { + X509_NAME_free(dn_subject); + goto err; + } + X509_NAME_free(dn_subject); + } + + row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); + if (row[DB_name] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + + if (BN_is_zero(serial)) + row[DB_serial] = BUF_strdup("00"); + else + row[DB_serial] = BN_bn2hex(serial); + if (row[DB_serial] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + + if (row[DB_name][0] == '\0') { + /* + * An empty subject! We'll use the serial number instead. If + * unique_subject is in use then we don't want different entries with + * empty subjects matching each other. + */ + OPENSSL_free(row[DB_name]); + row[DB_name] = OPENSSL_strdup(row[DB_serial]); + if (row[DB_name] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); goto err; + } + } + + if (db->attributes.unique_subject) { + OPENSSL_STRING *crow = row; + + rrow = TXT_DB_get_by_index(db->db, DB_name, crow); + if (rrow != NULL) { + BIO_printf(bio_err, + "ERROR:There is already a certificate for %s\n", + row[DB_name]); + } + } + if (rrow == NULL) { + rrow = TXT_DB_get_by_index(db->db, DB_serial, row); + if (rrow != NULL) { + BIO_printf(bio_err, + "ERROR:Serial number %s has already been issued,\n", + row[DB_serial]); + BIO_printf(bio_err, + " check the database/serial_file for corruption\n"); + } + } + + if (rrow != NULL) { + BIO_printf(bio_err, "The matching entry has the following details\n"); + if (rrow[DB_type][0] == 'E') + p = "Expired"; + else if (rrow[DB_type][0] == 'R') + p = "Revoked"; + else if (rrow[DB_type][0] == 'V') + p = "Valid"; + else + p = "\ninvalid type, Data base error\n"; + BIO_printf(bio_err, "Type :%s\n", p);; + if (rrow[DB_type][0] == 'R') { + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Was revoked on:%s\n", p); + } + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Expires on :%s\n", p); + p = rrow[DB_serial]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Serial Number :%s\n", p); + p = rrow[DB_file]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "File name :%s\n", p); + p = rrow[DB_name]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Subject Name :%s\n", p); + ok = -1; /* This is now a 'bad' error. */ + goto err; } if (!default_op) { @@ -2108,10 +2126,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, row[DB_exp_date] = OPENSSL_malloc(tm->length + 1); row[DB_rev_date] = OPENSSL_malloc(1); row[DB_file] = OPENSSL_malloc(8); - row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || (row[DB_rev_date] == NULL) || - (row[DB_file] == NULL) || (row[DB_name] == NULL)) { + (row[DB_file] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } @@ -2129,10 +2146,8 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto err; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { @@ -2140,18 +2155,19 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); goto err; } + irow = NULL; ok = 1; err: - for (i = 0; i < DB_NUMBER; i++) - if (row[i] != NULL) + if (ok != 1) { + for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); + } + OPENSSL_free(irow); if (CAname != NULL) X509_NAME_free(CAname); if (subject != NULL) X509_NAME_free(subject); - if ((dn_subject != NULL) && !email_dn) - X509_NAME_free(dn_subject); if (tmptm != NULL) ASN1_UTCTIME_free(tmptm); if (ok <= 0) { @@ -2355,6 +2371,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) else row[DB_serial] = BN_bn2hex(bn); BN_free(bn); + if (row[DB_name] != NULL && row[DB_name][0] == '\0') { + /* Entries with empty Subjects actually use the serial number instead */ + OPENSSL_free(row[DB_name]); + row[DB_name] = OPENSSL_strdup(row[DB_serial]); + } if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; @@ -2400,18 +2421,20 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) goto err; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { BIO_printf(bio_err, "failed to update database\n"); BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); + OPENSSL_free(irow); goto err; } + for (i = 0; i < DB_NUMBER; i++) + row[i] = NULL; + /* Revoke Certificate */ if (type == -1) ok = 1; diff --git a/apps/ciphers.c b/apps/ciphers.c index 66636d2d..4856141f 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -217,7 +217,7 @@ int MAIN(int argc, char **argv) BIO_printf(STDout, "%s - ", nm); } #endif - BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf)); + BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf))); } } diff --git a/apps/cms.c b/apps/cms.c index 60479374..9f0e5e58 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -981,12 +981,16 @@ int MAIN(int argc, char **argv) signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, e, "signer certificate"); - if (!signer) + if (!signer) { + ret = 2; goto end; + } key = load_key(bio_err, keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) + if (!key) { + ret = 2; goto end; + } for (kparam = key_first; kparam; kparam = kparam->next) { if (kparam->idx == i) { tflags |= CMS_KEY_PARAM; diff --git a/apps/dgst.c b/apps/dgst.c index 26afcd7b..ba52a599 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -145,7 +145,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0], pname, sizeof pname); + program_name(argv[0], pname, sizeof(pname)); md = EVP_get_digestbyname(pname); diff --git a/apps/dhparam.c b/apps/dhparam.c index 57199a8d..8a3fa160 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -384,10 +384,19 @@ int MAIN(int argc, char **argv) } else # endif { - if (informat == FORMAT_ASN1) + if (informat == FORMAT_ASN1) { + /* + * We have no PEM header to determine what type of DH params it + * is. We'll just try both. + */ dh = d2i_DHparams_bio(in, NULL); - else /* informat == FORMAT_PEM */ + /* BIO_reset() returns 0 for success for file BIOs only!!! */ + if (dh == NULL && BIO_reset(in) == 0) + dh = d2i_DHxparams_bio(in, NULL); + } else { + /* informat == FORMAT_PEM */ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); + } if (dh == NULL) { BIO_printf(bio_err, "unable to load DH parameters\n"); @@ -487,10 +496,13 @@ int MAIN(int argc, char **argv) } if (!noout) { - if (outformat == FORMAT_ASN1) - i = i2d_DHparams_bio(out, dh); - else if (outformat == FORMAT_PEM) { - if (dh->q) + if (outformat == FORMAT_ASN1) { + if (dh->q != NULL) + i = i2d_DHxparams_bio(out, dh); + else + i = i2d_DHparams_bio(out, dh); + } else if (outformat == FORMAT_PEM) { + if (dh->q != NULL) i = PEM_write_bio_DHxparams(out, dh); else i = PEM_write_bio_DHparams(out, dh); diff --git a/apps/dsa.c b/apps/dsa.c index dedf8e17..c1393653 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -333,6 +333,9 @@ int MAIN(int argc, char **argv) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); + if (pk == NULL) + goto end; + EVP_PKEY_set1_DSA(pk, dsa); if (outformat == FORMAT_PVK) i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 824a595c..fc8953fe 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -385,6 +385,9 @@ int MAIN(int argc, char **argv) printf("\treturn(dsa);\n\t}\n"); } + if (outformat == FORMAT_ASN1 && genkey) + noout = 1; + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_DSAparams_bio(out, dsa); diff --git a/apps/ecparam.c b/apps/ecparam.c index 71b67f43..c0b16ea3 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -547,6 +547,9 @@ int MAIN(int argc, char **argv) BIO_printf(out, "\treturn(group);\n\t}\n"); } + if (outformat == FORMAT_ASN1 && genkey) + noout = 1; + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_ECPKParameters_bio(out, group); @@ -583,6 +586,9 @@ int MAIN(int argc, char **argv) if (EC_KEY_set_group(eckey, group) == 0) goto end; + if (new_form) + EC_KEY_set_conv_form(eckey, form); + if (!EC_KEY_generate_key(eckey)) { EC_KEY_free(eckey); goto end; diff --git a/apps/enc.c b/apps/enc.c index 8e2ef27a..741a4b6d 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -81,20 +81,32 @@ int set_hex(char *in, unsigned char *out, int size); #define BSIZE (8*1024) #define PROG enc_main -static void show_ciphers(const OBJ_NAME *name, void *bio_) +struct doall_enc_ciphers { + BIO *bio; + int n; +}; + +static void show_ciphers(const OBJ_NAME *name, void *arg) { - BIO *bio = bio_; - static int n; + struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg; + const EVP_CIPHER *cipher; if (!islower((unsigned char)*name->name)) return; - BIO_printf(bio, "-%-25s", name->name); - if (++n == 3) { - BIO_printf(bio, "\n"); - n = 0; + /* Filter out ciphers that we cannot use */ + cipher = EVP_get_cipherbyname(name->name); + if (cipher == NULL || + (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 || + EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE) + return; + + BIO_printf(dec->bio, "-%-25s", name->name); + if (++dec->n == 3) { + BIO_printf(dec->bio, "\n"); + dec->n = 0; } else - BIO_printf(bio, " "); + BIO_printf(dec->bio, " "); } int MAIN(int, char **); @@ -102,7 +114,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { static const char magic[] = "Salted__"; - char mbuf[sizeof magic - 1]; + char mbuf[sizeof(magic) - 1]; char *strbuf = NULL; unsigned char *buff = NULL, *bufsize = NULL; int bsize = BSIZE, verbose = 0; @@ -131,6 +143,7 @@ int MAIN(int argc, char **argv) #endif const EVP_MD *dgst = NULL; int non_fips_allow = 0; + struct doall_enc_ciphers dec; apps_startup(); @@ -142,7 +155,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0], pname, sizeof pname); + program_name(argv[0], pname, sizeof(pname)); if (strcmp(pname, "base64") == 0) base64 = 1; #ifdef ZLIB @@ -235,7 +248,7 @@ int MAIN(int argc, char **argv) goto bad; } buf[0] = '\0'; - if (!fgets(buf, sizeof buf, infile)) { + if (!fgets(buf, sizeof(buf), infile)) { BIO_printf(bio_err, "unable to read key from '%s'\n", file); goto bad; } @@ -312,8 +325,10 @@ int MAIN(int argc, char **argv) #endif BIO_printf(bio_err, "Cipher Types\n"); + dec.n = 0; + dec.bio = bio_err; OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - show_ciphers, bio_err); + show_ciphers, &dec); BIO_printf(bio_err, "\n"); goto end; @@ -420,7 +435,7 @@ int MAIN(int argc, char **argv) for (;;) { char buf[200]; - BIO_snprintf(buf, sizeof buf, "enter %s %s password:", + BIO_snprintf(buf, sizeof(buf), "enter %s %s password:", OBJ_nid2ln(EVP_CIPHER_nid(cipher)), (enc) ? "encryption" : "decryption"); strbuf[0] = '\0'; @@ -505,31 +520,31 @@ int MAIN(int argc, char **argv) else { if (enc) { if (hsalt) { - if (!set_hex(hsalt, salt, sizeof salt)) { + if (!set_hex(hsalt, salt, sizeof(salt))) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_bytes(salt, sizeof salt) <= 0) + } else if (RAND_bytes(salt, sizeof(salt)) <= 0) goto end; /* * If -P option then don't bother writing */ if ((printkey != 2) && (BIO_write(wbio, magic, - sizeof magic - 1) != sizeof magic - 1 + sizeof(magic) - 1) != sizeof(magic) - 1 || BIO_write(wbio, (char *)salt, - sizeof salt) != sizeof salt)) { + sizeof(salt)) != sizeof(salt))) { BIO_printf(bio_err, "error writing output file\n"); goto end; } - } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf + } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf) || BIO_read(rbio, (unsigned char *)salt, - sizeof salt) != sizeof salt) { + sizeof(salt)) != sizeof(salt)) { BIO_printf(bio_err, "error reading input file\n"); goto end; - } else if (memcmp(mbuf, magic, sizeof magic - 1)) { + } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) { BIO_printf(bio_err, "bad magic number\n"); goto end; } @@ -552,7 +567,7 @@ int MAIN(int argc, char **argv) int siz = EVP_CIPHER_iv_length(cipher); if (siz == 0) { BIO_printf(bio_err, "warning: iv not use by this cipher\n"); - } else if (!set_hex(hiv, iv, sizeof iv)) { + } else if (!set_hex(hiv, iv, sizeof(iv))) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; } diff --git a/apps/engine.c b/apps/engine.c index f54631b5..a8eed9af 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -108,13 +108,16 @@ static int append_buf(char **buf, const char *s, int *size, int step) } if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { + char *p = *buf; + *size += step; *buf = OPENSSL_realloc(*buf, *size); + if (*buf == NULL) { + OPENSSL_free(p); + return 0; + } } - if (*buf == NULL) - return 0; - if (**buf != '\0') BUF_strlcat(*buf, ", ", *size); BUF_strlcat(*buf, s, *size); diff --git a/apps/errstr.c b/apps/errstr.c index c2d4fdec..c3fef610 100644 --- a/apps/errstr.c +++ b/apps/errstr.c @@ -108,7 +108,7 @@ int MAIN(int argc, char **argv) for (i = 1; i < argc; i++) { if (sscanf(argv[i], "%lx", &l)) { - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); printf("%s\n", buf); } else { printf("%s: bad error code\n", argv[i]); diff --git a/apps/ocsp.c b/apps/ocsp.c index 5da51df5..654eebcb 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1195,7 +1195,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *pcbio = cbio; for (;;) { - len = BIO_gets(cbio, inbuf, sizeof inbuf); + len = BIO_gets(cbio, inbuf, sizeof(inbuf)); if (len <= 0) return 1; /* Look for "POST" signalling start of query */ diff --git a/apps/openssl.c b/apps/openssl.c index 68731452..c3da5d6c 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[]) prog = prog_init(); /* first check the program name */ - program_name(Argv[0], pname, sizeof pname); + program_name(Argv[0], pname, sizeof(pname)); f.name = pname; fp = lh_FUNCTION_retrieve(prog, &f); @@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[]) for (;;) { ret = 0; p = buf; - n = sizeof buf; + n = sizeof(buf); i = 0; for (;;) { p[0] = '\0'; @@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void) /* Purely so it looks nice when the user hits ? */ for (i = 0, f = functions; f->name != NULL; ++f, ++i) ; - qsort(functions, i, sizeof *functions, SortFnByName); + qsort(functions, i, sizeof(*functions), SortFnByName); if ((ret = lh_FUNCTION_new()) == NULL) return (NULL); diff --git a/apps/passwd.c b/apps/passwd.c index 798a6d59..56e10ad3 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -252,7 +252,7 @@ int MAIN(int argc, char **argv) /* ignore rest of line */ char trash[BUFSIZ]; do - r = BIO_gets(in, trash, sizeof trash); + r = BIO_gets(in, trash, sizeof(trash)); while ((r > 0) && (!strchr(trash, '\n'))); } @@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); - for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - EVP_DigestUpdate(&md, buf, sizeof buf); + for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) + EVP_DigestUpdate(&md, buf, sizeof(buf)); EVP_DigestUpdate(&md, buf, i); n = passwd_len; @@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) for (i = 0; i < 1000; i++) { EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, - (i & 1) ? passwd_len : sizeof buf); + (i & 1) ? passwd_len : sizeof(buf)); if (i % 3) EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, - (i & 1) ? sizeof buf : passwd_len); + (i & 1) ? sizeof(buf) : passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); } EVP_MD_CTX_cleanup(&md2); @@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) { /* transform buf into output string */ - unsigned char buf_perm[sizeof buf]; + unsigned char buf_perm[sizeof(buf)]; int dest, source; char *output; @@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) buf_perm[15] = buf[11]; # ifndef PEDANTIC /* Unfortunately, this generates a "no * effect" warning */ - assert(16 == sizeof buf_perm); + assert(16 == sizeof(buf_perm)); # endif output = salt_out + salt_len; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 82182c29..d76df6e6 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -485,7 +485,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("read MAC password"); # endif if (EVP_read_pw_string - (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { + (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } @@ -633,13 +633,13 @@ int MAIN(int argc, char **argv) # endif if (!noprompt && - EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", + EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:", 1)) { BIO_printf(bio_err, "Can't read Password\n"); goto export_end; } if (!twopass) - BUF_strlcpy(macpass, pass, sizeof macpass); + BUF_strlcpy(macpass, pass, sizeof(macpass)); # ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -702,7 +702,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("read import password"); # endif if (!noprompt - && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", + && EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:", 0)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; @@ -712,7 +712,7 @@ int MAIN(int argc, char **argv) # endif if (!twopass) - BUF_strlcpy(macpass, pass, sizeof macpass); + BUF_strlcpy(macpass, pass, sizeof(macpass)); if ((options & INFO) && p12->mac) BIO_printf(bio_err, "MAC Iteration %ld\n", diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 5099e184..d30deb95 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -281,7 +281,7 @@ int MAIN(int argc, char **argv) else { p8pass = pass; if (EVP_read_pw_string - (pass, sizeof pass, "Enter Encryption Password:", 1)) + (pass, sizeof(pass), "Enter Encryption Password:", 1)) goto end; } app_RAND_load_file(NULL, bio_err, 0); @@ -335,7 +335,7 @@ int MAIN(int argc, char **argv) p8pass = passin; else { p8pass = pass; - EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); + EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0); } p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); } diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index e47206c4..a613ad95 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -322,8 +322,10 @@ int MAIN(int argc, char **argv) buf_in, (size_t)buf_inlen); if (rv == 0) BIO_puts(out, "Signature Verification Failure\n"); - else if (rv == 1) + else if (rv == 1) { BIO_puts(out, "Signature Verified Successfully\n"); + ret = 0; + } if (rv >= 0) goto end; } else { diff --git a/apps/prime.c b/apps/prime.c index 1fb1c8d8..831ba68d 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -147,5 +147,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "options are\n"); BIO_printf(bio_err, "%-14s hex\n", "-hex"); BIO_printf(bio_err, "%-14s number of checks\n", "-checks "); + BIO_printf(bio_err, "%-14s generate prime\n", "-generate"); + BIO_printf(bio_err, "%-14s number of bits\n", "-bits "); + BIO_printf(bio_err, "%-14s safe prime\n", "-safe"); return 1; } diff --git a/apps/progs.h b/apps/progs.h index d4e6fad3..ff13e862 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -60,7 +60,7 @@ extern int srp_main(int argc, char *argv[]); typedef struct { int type; const char *name; - int (*func) (int argc, char *argv[]); + int (*func)(int argc, char *argv[]); } FUNCTION; DECLARE_LHASH_OF(FUNCTION); diff --git a/apps/progs.pl b/apps/progs.pl index fa6258cf..73498e3d 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -6,22 +6,22 @@ grep(s/^asn1pars$/asn1parse/,@ARGV); foreach (@ARGV) - { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } + { printf "extern int %s_main(int argc, char *argv[]);\n",$_; } print <<'EOF'; -#define FUNC_TYPE_GENERAL 1 -#define FUNC_TYPE_MD 2 -#define FUNC_TYPE_CIPHER 3 -#define FUNC_TYPE_PKEY 4 -#define FUNC_TYPE_MD_ALG 5 -#define FUNC_TYPE_CIPHER_ALG 6 +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 +#define FUNC_TYPE_PKEY 4 +#define FUNC_TYPE_MD_ALG 5 +#define FUNC_TYPE_CIPHER_ALG 6 typedef struct { - int type; - const char *name; - int (*func)(int argc,char *argv[]); - } FUNCTION; + int type; + const char *name; + int (*func)(int argc, char *argv[]); +} FUNCTION; DECLARE_LHASH_OF(FUNCTION); FUNCTION functions[] = { @@ -30,7 +30,7 @@ foreach (@ARGV) { push(@files,$_); - $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + $str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^speed$/)) @@ -60,7 +60,7 @@ foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160") { push(@files,$_); - printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n"; + printf "#ifndef OPENSSL_NO_".uc($_)."\n {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n#endif\n"; } foreach ( @@ -86,7 +86,7 @@ { push(@files,$_); - $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + $t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n",$_); if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } @@ -101,4 +101,4 @@ print $t; } -print "\t{0,NULL,NULL}\n\t};\n"; +print " {0, NULL, NULL}\n};\n"; diff --git a/apps/rand.c b/apps/rand.c index e159da37..10c84dfa 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -201,7 +201,7 @@ int MAIN(int argc, char **argv) chunk = num; if (chunk > (int)sizeof(buf)) - chunk = sizeof buf; + chunk = sizeof(buf); r = RAND_bytes(buf, chunk); if (r <= 0) goto err; diff --git a/apps/req.c b/apps/req.c index d1411c91..9d9ee013 100644 --- a/apps/req.c +++ b/apps/req.c @@ -333,7 +333,6 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "-text") == 0) text = 1; else if (strcmp(*argv, "-x509") == 0) { - newreq = 1; x509 = 1; } else if (strcmp(*argv, "-asn1-kludge") == 0) kludge = 1; @@ -449,6 +448,9 @@ int MAIN(int argc, char **argv) goto end; } + if (x509 && infile == NULL) + newreq = 1; + ERR_load_crypto_strings(); if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); @@ -757,7 +759,7 @@ int MAIN(int argc, char **argv) } } - if (newreq) { + if (newreq || x509) { if (pkey == NULL) { BIO_printf(bio_err, "you need to specify a private key\n"); goto end; @@ -1194,7 +1196,7 @@ static int prompt_info(X509_REQ *req, /* If OBJ not recognised ignore it */ if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start; - if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name) + if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name) >= (int)sizeof(buf)) { BIO_printf(bio_err, "Name '%s' too long\n", v->name); return 0; @@ -1205,19 +1207,19 @@ static int prompt_info(X509_REQ *req, def = ""; } - BIO_snprintf(buf, sizeof buf, "%s_value", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_value", v->name); if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { ERR_clear_error(); value = NULL; } - BIO_snprintf(buf, sizeof buf, "%s_min", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_min", v->name); if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; } - BIO_snprintf(buf, sizeof buf, "%s_max", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_max", v->name); if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; @@ -1253,7 +1255,7 @@ static int prompt_info(X509_REQ *req, if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start2; - if (BIO_snprintf(buf, sizeof buf, "%s_default", type) + if (BIO_snprintf(buf, sizeof(buf), "%s_default", type) >= (int)sizeof(buf)) { BIO_printf(bio_err, "Name '%s' too long\n", v->name); return 0; @@ -1265,20 +1267,20 @@ static int prompt_info(X509_REQ *req, def = ""; } - BIO_snprintf(buf, sizeof buf, "%s_value", type); + BIO_snprintf(buf, sizeof(buf), "%s_value", type); if ((value = NCONF_get_string(req_conf, attr_sect, buf)) == NULL) { ERR_clear_error(); value = NULL; } - BIO_snprintf(buf, sizeof buf, "%s_min", type); + BIO_snprintf(buf, sizeof(buf), "%s_min", type); if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; } - BIO_snprintf(buf, sizeof buf, "%s_max", type); + BIO_snprintf(buf, sizeof(buf), "%s_max", type); if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; @@ -1373,13 +1375,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, BIO_printf(bio_err, "%s [%s]:", text, def); (void)BIO_flush(bio_err); if (value != NULL) { - BUF_strlcpy(buf, value, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, value, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; if (!batch) { - if (!fgets(buf, sizeof buf, stdin)) + if (!fgets(buf, sizeof(buf), stdin)) return 0; } else { buf[0] = '\n'; @@ -1392,8 +1394,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) return (1); - BUF_strlcpy(buf, def, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, def, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); } else if ((buf[0] == '.') && (buf[1] == '\n')) return (1); @@ -1432,13 +1434,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, BIO_printf(bio_err, "%s [%s]:", text, def); (void)BIO_flush(bio_err); if (value != NULL) { - BUF_strlcpy(buf, value, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, value, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; if (!batch) { - if (!fgets(buf, sizeof buf, stdin)) + if (!fgets(buf, sizeof(buf), stdin)) return 0; } else { buf[0] = '\n'; @@ -1451,8 +1453,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) return (1); - BUF_strlcpy(buf, def, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, def, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); } else if ((buf[0] == '.') && (buf[1] == '\n')) return (1); diff --git a/apps/s_client.c b/apps/s_client.c index 41a326fb..1a93bc2f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -630,10 +630,11 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, unsigned char ext_buf[4 + 65536]; /* Reconstruct the type/len fields prior to extension data */ - ext_buf[0] = ext_type >> 8; - ext_buf[1] = ext_type & 0xFF; - ext_buf[2] = inlen >> 8; - ext_buf[3] = inlen & 0xFF; + inlen &= 0xffff; /* for formal memcpy correctness */ + ext_buf[0] = (unsigned char)(ext_type >> 8); + ext_buf[1] = (unsigned char)(ext_type); + ext_buf[2] = (unsigned char)(inlen >> 8); + ext_buf[3] = (unsigned char)(inlen); memcpy(ext_buf + 4, in, inlen); BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d", @@ -1667,6 +1668,8 @@ int MAIN(int argc, char **argv) if (strstr(mbuf, "/stream:features>")) goto shut; seen = BIO_read(sbio, mbuf, BUFSIZZ); + if (seen <= 0) + goto shut; mbuf[seen] = 0; } BIO_printf(sbio, @@ -2131,6 +2134,7 @@ int MAIN(int argc, char **argv) BIO_free(bio_c_msg); bio_c_msg = NULL; } + SSL_COMP_free_compression_methods(); apps_shutdown(); OPENSSL_EXIT(ret); } @@ -2161,10 +2165,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio, "---\nCertificate chain\n"); for (i = 0; i < sk_X509_num(sk); i++) { X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), - buf, sizeof buf); + buf, sizeof(buf)); BIO_printf(bio, "%2d s:%s\n", i, buf); X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), - buf, sizeof buf); + buf, sizeof(buf)); BIO_printf(bio, " i:%s\n", buf); if (c_showcerts) PEM_write_bio_X509(bio, sk_X509_value(sk, i)); @@ -2179,9 +2183,9 @@ static void print_stuff(BIO *bio, SSL *s, int full) /* Redundant if we showed the whole chain */ if (!(c_showcerts && got_a_chain)) PEM_write_bio_X509(bio, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf)); BIO_printf(bio, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf)); BIO_printf(bio, "issuer=%s\n", buf); } else BIO_printf(bio, "no peer certificate available\n"); @@ -2198,7 +2202,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } else { BIO_printf(bio, "---\nNo client certificate CA names sent\n"); } - p = SSL_get_shared_ciphers(s, buf, sizeof buf); + p = SSL_get_shared_ciphers(s, buf, sizeof(buf)); if (p != NULL) { /* * This works only for SSL 2. In later protocol versions, the diff --git a/apps/s_server.c b/apps/s_server.c index 857a70e3..43183d02 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2014,7 +2014,7 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context, - sizeof s_server_session_id_context); + sizeof(s_server_session_id_context)); /* Set DTLS cookie generation and verification callbacks */ SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); @@ -2025,7 +2025,7 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); SSL_CTX_set_session_id_context(ctx2, (void *)&s_server_session_id_context, - sizeof s_server_session_id_context); + sizeof(s_server_session_id_context)); tlsextcbp.biodebug = bio_s_out; SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); @@ -2137,6 +2137,7 @@ int MAIN(int argc, char *argv[]) BIO_free(bio_s_msg); bio_s_msg = NULL; } + SSL_COMP_free_compression_methods(); apps_shutdown(); OPENSSL_EXIT(ret); } @@ -2670,14 +2671,14 @@ static int init_ssl_connection(SSL *con) if (peer != NULL) { BIO_printf(bio_s_out, "Client certificate\n"); PEM_write_bio_X509(bio_s_out, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf)); BIO_printf(bio_s_out, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf)); BIO_printf(bio_s_out, "issuer=%s\n", buf); X509_free(peer); } - if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL) + if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL) BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); ssl_print_sigalgs(bio_s_out, con); @@ -3021,7 +3022,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) PEM_write_bio_X509(io, peer); } else BIO_puts(io, "no client certificate available\n"); - BIO_puts(io, "\r\n\r\n"); + BIO_puts(io, "\r\n\r\n"); break; } else if ((www == 2 || www == 3) && (strncmp("GET /", buf, 5) == 0)) { diff --git a/apps/s_socket.c b/apps/s_socket.c index 77a7688f..83624ca8 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -235,7 +235,7 @@ int init_client(int *sock, char *host, int port, int type) { unsigned char ip[4]; - memset(ip, '\0', sizeof ip); + memset(ip, '\0', sizeof(ip)); if (!host_ip(host, &(ip[0]))) return 0; return init_client_ip(sock, ip, port, type); @@ -360,7 +360,7 @@ static int init_server_long(int *sock, int port, char *ip, int type) # if defined SOL_SOCKET && defined SO_REUSEADDR { int j = 1; - setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); + setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j)); } # endif if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { @@ -595,7 +595,7 @@ static struct hostent *GetHostByName(char *name) if (ret == NULL) return (NULL); /* else add to cache */ - if (strlen(name) < sizeof ghbn_cache[0].name) { + if (strlen(name) < sizeof(ghbn_cache[0].name)) { strcpy(ghbn_cache[lowi].name, name); memcpy((char *)&(ghbn_cache[lowi].ent), ret, sizeof(struct hostent)); diff --git a/apps/s_time.c b/apps/s_time.c index 38788f71..0bb2f8cc 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -422,7 +422,7 @@ int MAIN(int argc, char **argv) goto end; if (s_www_path != NULL) { - BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", + BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path); SSL_write(scon, buf, strlen(buf)); while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) @@ -481,7 +481,7 @@ int MAIN(int argc, char **argv) } if (s_www_path != NULL) { - BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path); + BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path); SSL_write(scon, buf, strlen(buf)); while (SSL_read(scon, buf, sizeof(buf)) > 0) ; } @@ -517,7 +517,7 @@ int MAIN(int argc, char **argv) goto end; if (s_www_path) { - BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", + BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path); SSL_write(scon, buf, strlen(buf)); while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) diff --git a/apps/speed.c b/apps/speed.c index b862868e..ec7a9e43 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -307,7 +307,8 @@ static SIGRETTYPE sig_done(int sig) # if !defined(SIGALRM) # define SIGALRM # endif -static unsigned int lapse, schlock; +static volatile unsigned int lapse; +static volatile unsigned int schlock; static void alarm_win32(unsigned int secs) { lapse = secs * 1000; @@ -726,6 +727,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "no EVP given\n"); goto end; } + evp_md = NULL; evp_cipher = EVP_get_cipherbyname(*argv); if (!evp_cipher) { evp_md = EVP_get_digestbyname(*argv); @@ -2090,7 +2092,7 @@ int MAIN(int argc, char **argv) RAND_pseudo_bytes(buf, 20); # ifndef OPENSSL_NO_DSA if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); rnd_fake = 1; } for (j = 0; j < DSA_NUM; j++) { @@ -2169,7 +2171,7 @@ int MAIN(int argc, char **argv) # ifndef OPENSSL_NO_ECDSA if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); rnd_fake = 1; } for (j = 0; j < EC_NUM; j++) { @@ -2264,7 +2266,7 @@ int MAIN(int argc, char **argv) # ifndef OPENSSL_NO_ECDH if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); rnd_fake = 1; } for (j = 0; j < EC_NUM; j++) { @@ -2586,7 +2588,7 @@ static char *sstrsep(char **string, const char *delim) if (**string == 0) return NULL; - memset(isdelim, 0, sizeof isdelim); + memset(isdelim, 0, sizeof(isdelim)); isdelim[0] = 1; while (*delim) { @@ -2613,7 +2615,7 @@ static int do_multi(int multi) int *fds; static char sep[] = ":"; - fds = malloc(multi * sizeof *fds); + fds = malloc(multi * sizeof(*fds)); if (fds == NULL) { fprintf(stderr, "Out of memory in speed (do_multi)\n"); exit(1); @@ -2651,7 +2653,7 @@ static int do_multi(int multi) char *p; f = fdopen(fds[n], "r"); - while (fgets(buf, sizeof buf, f)) { + while (fgets(buf, sizeof(buf), f)) { p = strchr(buf, '\n'); if (p) *p = '\0'; @@ -2827,8 +2829,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) RAND_bytes(out, 16); len += 16; - aad[11] = len >> 8; - aad[12] = len; + aad[11] = (unsigned char)(len >> 8); + aad[12] = (unsigned char)(len); pad = EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_AEAD_TLS1_AAD, EVP_AEAD_TLS1_AAD_LEN, aad); diff --git a/apps/spkac.c b/apps/spkac.c index 8b06ec4d..5f9eeec1 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -5,7 +5,7 @@ * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -189,20 +189,23 @@ int MAIN(int argc, char **argv) e = setup_engine(bio_err, engine, 0); #endif - if (keyfile) { + if (keyfile != NULL) { pkey = load_key(bio_err, strcmp(keyfile, "-") ? keyfile : NULL, FORMAT_PEM, 1, passin, e, "private key"); - if (!pkey) { + if (pkey == NULL) goto end; - } spki = NETSCAPE_SPKI_new(); - if (challenge) + if (spki == NULL) + goto end; + if (challenge != NULL) ASN1_STRING_set(spki->spkac->challenge, challenge, (int)strlen(challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); + if (spkstr == NULL) + goto end; if (outfile) out = BIO_new_file(outfile, "w"); @@ -257,7 +260,7 @@ int MAIN(int argc, char **argv) spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); - if (!spki) { + if (spki == NULL) { BIO_printf(bio_err, "Error loading SPKAC\n"); ERR_print_errors(bio_err); goto end; @@ -286,9 +289,9 @@ int MAIN(int argc, char **argv) pkey = NETSCAPE_SPKI_get_pubkey(spki); if (verify) { i = NETSCAPE_SPKI_verify(spki, pkey); - if (i > 0) + if (i > 0) { BIO_printf(bio_err, "Signature OK\n"); - else { + } else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); goto end; diff --git a/apps/srp.c b/apps/srp.c index c75052f3..2256467c 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type) int i; if (id == NULL) return -1; - if (type == DB_SRP_INDEX) + if (type == DB_SRP_INDEX) { for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid])) return i; - } else + } + } else { for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); @@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type) && !strcmp(id, pp[DB_srpid])) return i; } + } return -1; } @@ -177,16 +179,14 @@ static int update_index(CA_DB *db, BIO *bio, char **row) char **irow; int i; - if ((irow = - (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { + irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1)); + if (irow == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); return 0; } - for (i = 0; i < DB_NUMBER; i++) { + for (i = 0; i < DB_NUMBER; i++) irow[i] = row[i]; - row[i] = NULL; - } irow[DB_NUMBER] = NULL; if (!TXT_DB_insert(db->db, irow)) { @@ -207,30 +207,32 @@ static char *srp_verify_user(const char *user, const char *srp_verifier, char *srp_usersalt, const char *g, const char *N, const char *passin, BIO *bio, int verbose) { - char password[1024]; + char password[1025]; PW_CB_DATA cb_tmp; char *verifier = NULL; char *gNid = NULL; + int len; cb_tmp.prompt_info = user; cb_tmp.password = passin; - if (password_callback(password, 1024, 0, &cb_tmp) > 0) { + len = password_callback(password, sizeof(password)-1, 0, &cb_tmp); + if (len > 0) { + password[len] = 0; VERBOSE BIO_printf(bio, "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, srp_verifier, srp_usersalt, g, N); - BIO_printf(bio, "Pass %s\n", password); + VVERBOSE BIO_printf(bio, "Pass %s\n", password); - if (! - (gNid = - SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, - g))) { + if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt, + &verifier, N, g))) { BIO_printf(bio, "Internal error validating SRP verifier\n"); } else { if (strcmp(verifier, srp_verifier)) gNid = NULL; OPENSSL_free(verifier); } + OPENSSL_cleanse(password, len); } return gNid; } @@ -239,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_verifier, char **srp_usersalt, char *g, char *N, char *passout, BIO *bio, int verbose) { - char password[1024]; + char password[1025]; PW_CB_DATA cb_tmp; char *gNid = NULL; char *salt = NULL; + int len; cb_tmp.prompt_info = user; cb_tmp.password = passout; - if (password_callback(password, 1024, 1, &cb_tmp) > 0) { + len = password_callback(password, sizeof(password)-1, 1, &cb_tmp); + if (len > 0) { + password[len] = 0; VERBOSE BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, g, N); - if (! - (gNid = - SRP_create_verifier(user, password, &salt, srp_verifier, N, - g))) { + if (!(gNid = SRP_create_verifier(user, password, &salt, + srp_verifier, N, g))) { BIO_printf(bio, "Internal error creating SRP verifier\n"); - } else + } else { *srp_usersalt = salt; + } + OPENSSL_cleanse(password, len); VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, salt, *srp_verifier); @@ -317,9 +322,9 @@ int MAIN(int argc, char **argv) argc--; argv++; while (argc >= 1 && badops == 0) { - if (strcmp(*argv, "-verbose") == 0) + if (strcmp(*argv, "-verbose") == 0) { verbose++; - else if (strcmp(*argv, "-config") == 0) { + } else if (strcmp(*argv, "-config") == 0) { if (--argc < 1) goto bad; configfile = *(++argv); @@ -331,15 +336,15 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; dbfile = *(++argv); - } else if (strcmp(*argv, "-add") == 0) + } else if (strcmp(*argv, "-add") == 0) { add_user = 1; - else if (strcmp(*argv, "-delete") == 0) + } else if (strcmp(*argv, "-delete") == 0) { delete_user = 1; - else if (strcmp(*argv, "-modify") == 0) + } else if (strcmp(*argv, "-modify") == 0) { modify_user = 1; - else if (strcmp(*argv, "-list") == 0) + } else if (strcmp(*argv, "-list") == 0) { list_user = 1; - else if (strcmp(*argv, "-gn") == 0) { + } else if (strcmp(*argv, "-gn") == 0) { if (--argc < 1) goto bad; gN = *(++argv); @@ -369,8 +374,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; - } else + } else { break; + } argc--; argv++; @@ -391,7 +397,7 @@ int MAIN(int argc, char **argv) "Need at least one user for options -add, -delete, -modify. \n"); badops = 1; } - if ((passin || passout) && argc != 1) { + if ((passargin || passargout) && argc != 1) { BIO_printf(bio_err, "-passin, -passout arguments only valid with one user.\n"); badops = 1; @@ -711,9 +717,9 @@ int MAIN(int argc, char **argv) doupdatedb = 1; } } - if (--argc > 0) + if (--argc > 0) { user = *(argv++); - else { + } else { user = NULL; list_user = 0; } diff --git a/apps/vms_term_sock.c b/apps/vms_term_sock.c index a7d87ff3..bc0c173e 100755 --- a/apps/vms_term_sock.c +++ b/apps/vms_term_sock.c @@ -143,7 +143,7 @@ int main (int argc, char *argv[], char *envp[]) ** Process the terminal input */ LogMessage ("Waiting on terminal I/O ...\n"); - len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ; + len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ; TermBuff[len] = '\0'; LogMessage ("Received terminal I/O [%s]", TermBuff); @@ -209,7 +209,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) TerminalDeviceAst, 0, TerminalDeviceBuff, - sizeof (TerminalDeviceBuff) - 2, + sizeof(TerminalDeviceBuff) - 2, 0, 0, 0, 0); if (! (status & 1)) { LogMessage ("TerminalSocket: SYS$QIO () - %08X", status); @@ -317,7 +317,7 @@ static int CreateSocketPair (int SocketFamily, /* ** Initialize the socket information */ - slen = sizeof (sin); + slen = sizeof(sin); memset ((char *) &sin, 0, slen); sin.sin_family = SocketFamily; sin.sin_addr.s_addr = inet_addr (LocalHostAddr); @@ -434,12 +434,12 @@ static int CreateSocketPair (int SocketFamily, /* ** Now issue the connect */ - memset ((char *) &sin, 0, sizeof (sin)) ; + memset ((char *) &sin, 0, sizeof(sin)) ; sin.sin_family = SocketFamily; sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ; sin.sin_port = LocalHostPort ; - status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin)); + status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin)); if (status < 0 ) { LogMessage ("CreateSocketPair: connect () - %d", errno); sys$cantim (&sptb, 0); @@ -528,7 +528,7 @@ static int TerminalDeviceAst (int astparm) TerminalDeviceAst, 0, TerminalDeviceBuff, - sizeof (TerminalDeviceBuff) - 1, + sizeof(TerminalDeviceBuff) - 1, 0, 0, 0, 0); /* diff --git a/apps/winrand.c b/apps/winrand.c index 44f57a38..fd5cf3b1 100644 --- a/apps/winrand.c +++ b/apps/winrand.c @@ -77,7 +77,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, char buffer[200]; if (cmdline[0] == '\0') - filename = RAND_file_name(buffer, sizeof buffer); + filename = RAND_file_name(buffer, sizeof(buffer)); else filename = cmdline; diff --git a/apps/x509.c b/apps/x509.c index 17cb62da..a8f8805e 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -821,10 +821,10 @@ int MAIN(int argc, char **argv) char *m; int y, z; - X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf)); BIO_printf(STDout, "/* subject:%s */\n", buf); m = X509_NAME_oneline(X509_get_issuer_name(x), buf, - sizeof buf); + sizeof(buf)); BIO_printf(STDout, "/* issuer :%s */\n", buf); z = i2d_X509(x, NULL); diff --git a/build-config-32.mk b/build-config-32.mk index 52147b60..c837b102 100644 --- a/build-config-32.mk +++ b/build-config-32.mk @@ -1,6 +1,6 @@ # Auto-generated - DO NOT EDIT! # To regenerate, edit openssl.config, then run: -# ./import_openssl.sh import /path/to/openssl-1.0.2j.tar.gz +# ./import_openssl.sh import /path/to/openssl-1.0.2o.tar.gz # openssl_cflags_32 := \ -DOPENSSL_THREADS \ diff --git a/build-config-64.mk b/build-config-64.mk index 921dc017..5e3f05a2 100644 --- a/build-config-64.mk +++ b/build-config-64.mk @@ -1,6 +1,6 @@ # Auto-generated - DO NOT EDIT! # To regenerate, edit openssl.config, then run: -# ./import_openssl.sh import /path/to/openssl-1.0.2j.tar.gz +# ./import_openssl.sh import /path/to/openssl-1.0.2o.tar.gz # openssl_cflags_64 := \ -DOPENSSL_THREADS \ diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c index 07e63fb4..4961254d 100644 --- a/crypto/LPdir_win.c +++ b/crypto/LPdir_win.c @@ -94,8 +94,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) TCHAR *wdir = NULL; /* len_0 denotes string length *with* trailing 0 */ size_t index = 0, len_0 = strlen(extdir) + 1; - - wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR)); + size_t amount; + + /* + * Size check + * The reasoning is that absolutely worst case, each byte in + * extdir will take up one TCHAR each, so the maximum size in + * bytes that we can tolerate is MAX_PATH TCHARs... not counting + * the ending NUL. + */ + if ((len_0 - 1) > MAX_PATH * sizeof(TCHAR)) { + free(*ctx); + *ctx = NULL; + errno = EINVAL; + return 0; + } + amount = len_0 * sizeof(TCHAR); + wdir = (TCHAR *)malloc(amount); if (wdir == NULL) { if (extdirbuf != NULL) { free(extdirbuf); diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl index 4f891708..c1b5e352 100644 --- a/crypto/aes/asm/aes-armv4.pl +++ b/crypto/aes/asm/aes-armv4.pl @@ -184,7 +184,7 @@ #if __ARM_ARCH__<7 sub r3,pc,#8 @ AES_encrypt #else - adr r3,AES_encrypt + adr r3,. #endif stmdb sp!,{r1,r4-r12,lr} mov $rounds,r0 @ inp @@ -430,7 +430,7 @@ #if __ARM_ARCH__<7 sub r3,pc,#8 @ AES_set_encrypt_key #else - adr r3,private_AES_set_encrypt_key + adr r3,. #endif teq r0,#0 #if __ARM_ARCH__>=7 @@ -952,7 +952,7 @@ #if __ARM_ARCH__<7 sub r3,pc,#8 @ AES_decrypt #else - adr r3,AES_decrypt + adr r3,. #endif stmdb sp!,{r1,r4-r12,lr} mov $rounds,r0 @ inp diff --git a/crypto/aes/asm/aesni-sha1-x86_64.S b/crypto/aes/asm/aesni-sha1-x86_64.S index 96b6650a..d7a1c8d8 100644 --- a/crypto/aes/asm/aesni-sha1-x86_64.S +++ b/crypto/aes/asm/aesni-sha1-x86_64.S @@ -1389,6 +1389,7 @@ aesni_cbc_sha1_enc_shaext: movl 240(%rcx),%r11d subq %rdi,%rsi movups (%rcx),%xmm15 + movups (%r8),%xmm2 movups 16(%rcx),%xmm0 leaq 112(%rcx),%rcx diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl index 8c842608..7a30e893 100644 --- a/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/crypto/aes/asm/aesni-sha1-x86_64.pl @@ -1702,6 +1702,7 @@ () mov 240($key),$rounds sub $in0,$out movups ($key),$rndkey0 # $key[0] + movups ($ivp),$iv # load IV movups 16($key),$rndkey[0] # forward reference lea 112($key),$key # size optimization diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl index 72f44ecf..588ade64 100644 --- a/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -1299,6 +1299,7 @@ () mov 240($key),$rounds sub $in0,$out movups ($key),$rndkey0 # $key[0] + movups ($ivp),$iv # load IV movups 16($key),$rndkey[0] # forward reference lea 112($key),$key # size optimization diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl index 83343e2d..ec66b050 100644 --- a/crypto/aes/asm/bsaes-armv7.pl +++ b/crypto/aes/asm/bsaes-armv7.pl @@ -724,7 +724,7 @@ sub bitslice { .type _bsaes_decrypt8,%function .align 4 _bsaes_decrypt8: - adr $const,_bsaes_decrypt8 + adr $const,. vldmia $key!, {@XMM[9]} @ round 0 key add $const,$const,#.LM0ISR-_bsaes_decrypt8 @@ -819,7 +819,7 @@ sub bitslice { .type _bsaes_encrypt8,%function .align 4 _bsaes_encrypt8: - adr $const,_bsaes_encrypt8 + adr $const,. vldmia $key!, {@XMM[9]} @ round 0 key sub $const,$const,#_bsaes_encrypt8-.LM0SR @@ -923,7 +923,7 @@ sub bitslice_key { .type _bsaes_key_convert,%function .align 4 _bsaes_key_convert: - adr $const,_bsaes_key_convert + adr $const,. vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key sub $const,$const,#_bsaes_key_convert-.LM0 vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key @@ -1333,7 +1333,7 @@ sub bitslice_key { vmov @XMM[4],@XMM[15] @ just in case ensure that IV vmov @XMM[5],@XMM[0] @ and input are preserved bl AES_decrypt - vld1.8 {@XMM[0]}, [$fp,:64] @ load result + vld1.8 {@XMM[0]}, [$fp] @ load result veor @XMM[0], @XMM[0], @XMM[4] @ ^= IV vmov @XMM[15], @XMM[5] @ @XMM[5] holds input vst1.8 {@XMM[0]}, [$rounds] @ write output diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index f906188b..0c8bb144 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include "cryptlib.h" #include @@ -114,10 +115,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) *(p++) = (unsigned char)bits; d = a->data; - memcpy(p, d, len); - p += len; - if (len > 0) + if (len > 0) { + memcpy(p, d, len); + p += len; p[-1] &= (0xff << bits); + } *pp = p; return (ret); } @@ -135,6 +137,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, goto err; } + if (len > INT_MAX) { + i = ASN1_R_STRING_TOO_LONG; + goto err; + } + if ((a == NULL) || ((*a) == NULL)) { if ((ret = M_ASN1_BIT_STRING_new()) == NULL) return (NULL); diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index 7cbc4751..57a04f76 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -86,8 +86,10 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, p = str; i2d(data, &p); - if (!EVP_Digest(str, i, md, len, type, NULL)) + if (!EVP_Digest(str, i, md, len, type, NULL)) { + OPENSSL_free(str); return 0; + } OPENSSL_free(str); return (1); } @@ -104,8 +106,10 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, if (!str) return (0); - if (!EVP_Digest(str, i, md, len, type, NULL)) + if (!EVP_Digest(str, i, md, len, type, NULL)) { + OPENSSL_free(str); return 0; + } OPENSSL_free(str); return (1); } diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index fa76dcac..cb448159 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -78,7 +78,7 @@ int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) ASN1_STRING tmpstr = *(ASN1_STRING *)a; len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); + ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len); tmpstr.data = tmp; a = (ASN1_GENERALIZEDTIME *)&tmpstr; @@ -202,7 +202,7 @@ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) if (a[o] == 'Z') o++; else if ((a[o] == '+') || (a[o] == '-')) { - int offsign = a[o] == '-' ? -1 : 1, offset = 0; + int offsign = a[o] == '-' ? 1 : -1, offset = 0; o++; if (o + 4 > l) goto err; diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c index 0f56cd4e..2e85e041 100644 --- a/crypto/asn1/a_i2d_fp.c +++ b/crypto/asn1/a_i2d_fp.c @@ -87,6 +87,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) int i, j = 0, n, ret = 1; n = i2d(x, NULL); + if (n <= 0) + return 0; + b = (char *)OPENSSL_malloc(n); if (b == NULL) { ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 6935efe0..5b8028aa 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -149,14 +149,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, if ((minsize > 0) && (nchar < minsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); - BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); + BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize); ERR_add_error_data(2, "minsize=", strbuf); return -1; } if ((maxsize > 0) && (nchar > maxsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); - BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); + BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize); ERR_add_error_data(2, "maxsize=", strbuf); return -1; } diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 229a40ff..ad6b12a5 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -89,7 +89,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) { int i, first, len = 0, c, use_bn; char ftmp[24], *tmp = ftmp; - int tmpsize = sizeof ftmp; + int tmpsize = sizeof(ftmp); const char *p; unsigned long l; BIGNUM *bl = NULL; @@ -226,7 +226,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) if ((a == NULL) || (a->data == NULL)) return (BIO_write(bp, "NULL", 4)); - i = i2t_ASN1_OBJECT(buf, sizeof buf, a); + i = i2t_ASN1_OBJECT(buf, sizeof(buf), a); if (i > (int)(sizeof(buf) - 1)) { p = OPENSSL_malloc(i + 1); if (!p) diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 2d562f93..95f04162 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -130,13 +130,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, if (c > 0xffffffffL) return -1; if (c > 0xffff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); + BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c); if (!io_ch(arg, tmphex, 10)) return -1; return 10; } if (c > 0xff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); + BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c); if (!io_ch(arg, tmphex, 6)) return -1; return 6; @@ -236,7 +236,7 @@ static int do_buf(unsigned char *buf, int buflen, if (type & BUF_TYPE_CONVUTF8) { unsigned char utfbuf[6]; int utflen; - utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); + utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); for (i = 0; i < utflen; i++) { /* * We don't need to worry about setting orflags correctly @@ -533,7 +533,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, if (fn_opt != XN_FLAG_FN_NONE) { int objlen, fld_len; if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { - OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); + OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1); fld_len = 0; /* XXX: what should this be? */ objbuf = objtmp; } else { diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 2d2303d8..99ffe737 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -192,7 +192,8 @@ static const ASN1_STRING_TABLE tbl_standard[] = { {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, - {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} + {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, + {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK} }; static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index fcb2d565..28831d6b 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -86,7 +86,7 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) tmpstr = *(ASN1_STRING *)a; len = tmpstr.length; ebcdic2ascii(tmp, tmpstr.data, - (len >= sizeof tmp) ? sizeof tmp : len); + (len >= sizeof(tmp)) ? sizeof(tmp) : len); tmpstr.data = tmp; a = (ASN1_GENERALIZEDTIME *)&tmpstr; } @@ -137,7 +137,7 @@ int ASN1_TIME_check(ASN1_TIME *t) ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) { - ASN1_GENERALIZEDTIME *ret; + ASN1_GENERALIZEDTIME *ret = NULL; char *str; int newlen; @@ -146,22 +146,21 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, if (!out || !*out) { if (!(ret = ASN1_GENERALIZEDTIME_new())) - return NULL; - if (out) - *out = ret; - } else + goto err; + } else { ret = *out; + } /* If already GeneralizedTime just copy across */ if (t->type == V_ASN1_GENERALIZEDTIME) { if (!ASN1_STRING_set(ret, t->data, t->length)) - return NULL; - return ret; + goto err; + goto done; } /* grow the string */ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) - return NULL; + goto err; /* ASN1_STRING_set() allocated 'len + 1' bytes. */ newlen = t->length + 2 + 1; str = (char *)ret->data; @@ -173,9 +172,18 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, BUF_strlcat(str, (char *)t->data, newlen); - return ret; + done: + if (out != NULL && *out == NULL) + *out = ret; + return ret; + + err: + if (out == NULL || *out != ret) + ASN1_GENERALIZEDTIME_free(ret); + return NULL; } + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) { ASN1_TIME t; diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 724a10be..9cbad7c5 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -76,7 +76,7 @@ int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) ASN1_STRING x = *(ASN1_STRING *)a; len = x.length; - ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); + ebcdic2ascii(tmp, x.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len); x.data = tmp; return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); # endif @@ -172,7 +172,7 @@ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) if (a[o] == 'Z') o++; else if ((a[o] == '+') || (a[o] == '-')) { - int offsign = a[o] == '-' ? -1 : 1, offset = 0; + int offsign = a[o] == '-' ? 1 : -1, offset = 0; o++; if (o + 4 > l) goto err; @@ -317,7 +317,7 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) struct tm tm; int offset; - memset(&tm, '\0', sizeof tm); + memset(&tm, '\0', sizeof(tm)); # define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') tm.tm_year = g2(s->data); diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 68e791fc..35a2b2aa 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 219 # define ASN1_R_NON_HEX_CHARACTERS 141 # define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ENOUGH_DATA 142 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index fd4ac8d9..cfc1512f 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, + {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, diff --git a/crypto/asn1/asn1_int.h b/crypto/asn1/asn1_int.h new file mode 100644 index 00000000..c9fd8b12 --- /dev/null +++ b/crypto/asn1/asn1_int.h @@ -0,0 +1,63 @@ +/* asn1t.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Internal ASN1 template structures and functions: not for application use */ + +void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + int combine); diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index e63e82a8..b52c3e12 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -456,8 +456,8 @@ void asn1_add_error(const unsigned char *address, int offset) { char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1]; - BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address); - BIO_snprintf(buf2, sizeof buf2, "%d", offset); + BIO_snprintf(buf1, sizeof(buf1), "%lu", (unsigned long)address); + BIO_snprintf(buf2, sizeof(buf2), "%d", offset); ERR_add_error_data(4, "address=", buf1, " offset=", buf2); } diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index e85e3398..0b1a689d 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -87,13 +87,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, p = str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) - BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag); + BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag); else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) - BIO_snprintf(str, sizeof str, "cont [ %d ]", tag); + BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag); else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) - BIO_snprintf(str, sizeof str, "appl [ %d ]", tag); + BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag); else if (tag > 30) - BIO_snprintf(str, sizeof str, "", tag); + BIO_snprintf(str, sizeof(str), "", tag); else p = ASN1_tag2str(tag); diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 5170906c..02b7c9b7 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -473,6 +473,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); + sk_BIO_pop_free(parts, BIO_vfree); return NULL; } diff --git a/crypto/asn1/f_enum.c b/crypto/asn1/f_enum.c index 94cd54db..527f1d8f 100644 --- a/crypto/asn1/f_enum.c +++ b/crypto/asn1/f_enum.c @@ -138,7 +138,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) bufp = (unsigned char *)buf; if (first) { first = 0; - if ((bufp[0] == '0') && (buf[1] == '0')) { + if ((bufp[0] == '0') && (bufp[1] == '0')) { bufp += 2; i -= 2; } diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 2bdc78d7..e6ed7f1e 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -152,7 +152,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) bufp = (unsigned char *)buf; if (first) { first = 0; - if ((bufp[0] == '0') && (buf[1] == '0')) { + if ((bufp[0] == '0') && (bufp[1] == '0')) { bufp += 2; i -= 2; } diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c index f4b8f94c..d1b897a4 100644 --- a/crypto/asn1/t_x509a.c +++ b/crypto/asn1/t_x509a.c @@ -81,7 +81,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, sizeof oidstr, + OBJ_obj2txt(oidstr, sizeof(oidstr), sk_ASN1_OBJECT_value(aux->trust, i), 0); BIO_puts(out, oidstr); } @@ -96,7 +96,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, sizeof oidstr, + OBJ_obj2txt(oidstr, sizeof(oidstr), sk_ASN1_OBJECT_value(aux->reject, i), 0); BIO_puts(out, oidstr); } diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index d2540273..e657c36d 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -65,6 +65,14 @@ #include #include +/* + * Constructed types with a recursive definition (such as can be found in PKCS7) + * could eventually exceed the stack given malicious input with excessive + * recursion. Therefore we limit the stack depth. This is the maximum number of + * recursive invocations of asn1_item_embed_d2i(). + */ +#define ASN1_MAX_CONSTRUCTED_NEST 30 + static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); @@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx); + ASN1_TLC *ctx, int depth); static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx); + ASN1_TLC *ctx, int depth); static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, @@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval, { ASN1_TLC c; asn1_tlc_clear_nc(&c); - return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); + return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0); } /* * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and * tag mismatch return -1 to handle OPTIONAL */ - -int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) +static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it, int tag, int aclass, + char opt, ASN1_TLC *ctx, int depth) { const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_COMPAT_FUNCS *cf; @@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, else asn1_cb = 0; + if (++depth > ASN1_MAX_CONSTRUCTED_NEST) { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP); + goto err; + } + switch (it->itype) { case ASN1_ITYPE_PRIMITIVE: if (it->templates) { @@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, goto err; } return asn1_template_ex_d2i(pval, in, len, - it->templates, opt, ctx); + it->templates, opt, ctx, depth); } return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); @@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, /* * We mark field as OPTIONAL so its absence can be recognised. */ - ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); + ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth); /* If field not present, try the next one */ if (ret == -1) continue; @@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, * attempt to read in field, allowing each to be OPTIONAL */ - ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); + ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx, + depth); if (!ret) { errtt = seqtt; goto err; @@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, return 0; } +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0); +} + /* * Templates are handled with two separate functions. One handles any * EXPLICIT tag and the other handles the rest. @@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, static int asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx) + ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; @@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, return 0; } /* We've found the field so it can't be OPTIONAL now */ - ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); + ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; @@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, } } } else - return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); + return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth); *in = p; return 1; @@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx) + ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; @@ -665,14 +685,15 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, break; } skfield = NULL; - if (!ASN1_item_ex_d2i(&skfield, &p, len, - ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { + if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), + -1, 0, 0, ctx, depth)) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; } len -= p - q; if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { + ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item)); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); goto err; } @@ -683,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } } else if (flags & ASN1_TFLG_IMPTAG) { /* IMPLICIT tagging */ - ret = ASN1_item_ex_d2i(val, &p, len, - ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, - ctx); + ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, + aclass, opt, ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -693,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, return -1; } else { /* Nothing special */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); + ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx, + depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index aeea4eff..0cf7510f 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -61,9 +61,7 @@ #include #include #include - -static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - int combine); +#include "asn1_int.h" /* Free up an ASN1 structure */ @@ -77,8 +75,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) asn1_item_combine_free(pval, it, 0); } -static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - int combine) +void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) { const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_EXTERN_FUNCS *ef; diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index b0c73bee..6ba90260 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -63,6 +63,7 @@ #include #include #include +#include "asn1_int.h" static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); @@ -158,7 +159,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, } asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) - goto auxerr; + goto auxerr2; break; case ASN1_ITYPE_NDEF_SEQUENCE: @@ -186,10 +187,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { pseqval = asn1_get_field_ptr(pval, tt); if (!ASN1_template_new(pseqval, tt)) - goto memerr; + goto memerr2; } if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) - goto auxerr; + goto auxerr2; break; } #ifdef CRYPTO_MDEBUG @@ -198,6 +199,8 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, #endif return 1; + memerr2: + asn1_item_combine_free(pval, it, combine); memerr: ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); #ifdef CRYPTO_MDEBUG @@ -206,9 +209,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, #endif return 0; + auxerr2: + asn1_item_combine_free(pval, it, combine); auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); - ASN1_item_ex_free(pval, it); #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_pop_info(); diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index f628cadd..e93fd11f 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -463,7 +463,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, ln = OBJ_nid2ln(OBJ_obj2nid(oid)); if (!ln) ln = ""; - OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1); + OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1); if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) return 0; return 1; diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 3aed44a3..aecb9506 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -126,7 +126,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, * set. */ if (ltmp < 0) - utmp = -ltmp - 1; + utmp = 0 - (unsigned long)ltmp - 1; else utmp = ltmp; clen = BN_num_bits_word(utmp); @@ -155,19 +155,41 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - int neg, i; + int neg = -1, i; long ltmp; unsigned long utmp = 0; char *cp = (char *)pval; + + if (len) { + /* + * Check possible pad byte. Worst case, we're skipping past actual + * content, but since that's only with 0x00 and 0xff and we set neg + * accordingly, the result will be correct in the end anyway. + */ + switch (cont[0]) { + case 0xff: + cont++; + len--; + neg = 1; + break; + case 0: + cont++; + len--; + neg = 0; + break; + } + } if (len > (int)sizeof(long)) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } - /* Is it negative? */ - if (len && (cont[0] & 0x80)) - neg = 1; - else - neg = 0; + if (neg == -1) { + /* Is it negative? */ + if (len && (cont[0] & 0x80)) + neg = 1; + else + neg = 0; + } utmp = 0; for (i = 0; i < len; i++) { utmp <<= 8; @@ -178,8 +200,8 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, } ltmp = (long)utmp; if (neg) { - ltmp++; ltmp = -ltmp; + ltmp--; } if (ltmp == it->size) { ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index 26378fdb..aea0c276 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -178,6 +178,16 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) *pval = NULL; } +static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_free(ne); +} + +static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); +} + static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, @@ -228,13 +238,14 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, entry->set = i; if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) goto err; + sk_X509_NAME_ENTRY_set(entries, j, NULL); } - sk_X509_NAME_ENTRY_free(entries); } - sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); ret = x509_name_canon(nm.x); if (!ret) goto err; + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_free); nm.x->modified = 0; *val = nm.a; *in = p; @@ -242,6 +253,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, err: if (nm.x != NULL) X509_NAME_free(nm.x); + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_pop_free); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; } @@ -267,16 +280,6 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, return ret; } -static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) -{ - sk_X509_NAME_ENTRY_free(ne); -} - -static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) -{ - sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); -} - static int x509_name_encode(X509_NAME *a) { union { @@ -299,8 +302,10 @@ static int x509_name_encode(X509_NAME *a) entries = sk_X509_NAME_ENTRY_new_null(); if (!entries) goto memerr; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) { + sk_X509_NAME_ENTRY_free(entries); goto memerr; + } set = entry->set; } if (!sk_X509_NAME_ENTRY_push(entries, entry)) @@ -370,8 +375,10 @@ static int x509_name_canon(X509_NAME *a) entries = sk_X509_NAME_ENTRY_new_null(); if (!entries) goto err; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { + sk_X509_NAME_ENTRY_free(entries); goto err; + } set = entry->set; } tmpentry = X509_NAME_ENTRY_new(); @@ -516,19 +523,11 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { - X509_NAME *in; - - if (!xn || !name) - return (0); - - if (*xn != name) { - in = X509_NAME_dup(name); - if (in != NULL) { - X509_NAME_free(*xn); - *xn = in; - } - } - return (*xn != NULL); + if ((name = X509_NAME_dup(name)) == NULL) + return 0; + X509_NAME_free(*xn); + *xn = name; + return 1; } IMPLEMENT_STACK_OF(X509_NAME_ENTRY) diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index 2da23e47..59f85539 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -106,10 +106,14 @@ X509_PKEY *X509_PKEY_new(void) X509_PKEY *ret = NULL; ASN1_CTX c; - M_ASN1_New_Malloc(ret, X509_PKEY); + ret = OPENSSL_malloc(sizeof(X509_PKEY)); + if (ret == NULL) { + c.line = __LINE__; + goto err; + } ret->version = 0; - M_ASN1_New(ret->enc_algor, X509_ALGOR_new); - M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new); + ret->enc_algor = X509_ALGOR_new(); + ret->enc_pkey = M_ASN1_OCTET_STRING_new(); ret->dec_pkey = NULL; ret->key_length = 0; ret->key_data = NULL; @@ -117,8 +121,15 @@ X509_PKEY *X509_PKEY_new(void) ret->cipher.cipher = NULL; memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); ret->references = 1; - return (ret); - M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); + if (ret->enc_algor == NULL || ret->enc_pkey == NULL) { + c.line = __LINE__; + goto err; + } + return ret; +err: + X509_PKEY_free(ret); + ASN1_MAC_H_err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE, c.line); + return NULL; } void X509_PKEY_free(X509_PKEY *x) diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index ccf0e287..fcfd6995 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -64,7 +64,6 @@ #include "cryptlib.h" #include "bio_lcl.h" -#define TRUNCATE #define DUMP_WIDTH 16 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) @@ -79,17 +78,10 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), { int ret = 0; char buf[288 + 1], tmp[20], str[128 + 1]; - int i, j, rows, trc; + int i, j, rows; unsigned char ch; int dump_width; - trc = 0; - -#ifdef TRUNCATE - for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--) - trc++; -#endif - if (indent < 0) indent = 0; if (indent) { @@ -104,50 +96,43 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if ((rows * dump_width) < len) rows++; for (i = 0; i < rows; i++) { - BUF_strlcpy(buf, str, sizeof buf); - BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); - BUF_strlcat(buf, tmp, sizeof buf); + BUF_strlcpy(buf, str, sizeof(buf)); + BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width); + BUF_strlcat(buf, tmp, sizeof(buf)); for (j = 0; j < dump_width; j++) { if (((i * dump_width) + j) >= len) { - BUF_strlcat(buf, " ", sizeof buf); + BUF_strlcat(buf, " ", sizeof(buf)); } else { ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; - BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch, + BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch, j == 7 ? '-' : ' '); - BUF_strlcat(buf, tmp, sizeof buf); + BUF_strlcat(buf, tmp, sizeof(buf)); } } - BUF_strlcat(buf, " ", sizeof buf); + BUF_strlcat(buf, " ", sizeof(buf)); for (j = 0; j < dump_width; j++) { if (((i * dump_width) + j) >= len) break; ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; #ifndef CHARSET_EBCDIC - BIO_snprintf(tmp, sizeof tmp, "%c", + BIO_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.'); #else - BIO_snprintf(tmp, sizeof tmp, "%c", + BIO_snprintf(tmp, sizeof(tmp), "%c", ((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) ? os_toebcdic[ch] : '.'); #endif - BUF_strlcat(buf, tmp, sizeof buf); + BUF_strlcat(buf, tmp, sizeof(buf)); } - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcat(buf, "\n", sizeof(buf)); /* * if this is the last call then update the ddt_dump thing so that we * will move the selection point in the debug window */ ret += cb((void *)buf, strlen(buf), u); } -#ifdef TRUNCATE - if (trc > 0) { - BIO_snprintf(buf, sizeof buf, "%s%04x - \n", str, - len + trc); - ret += cb((void *)buf, strlen(buf), u); - } -#endif - return (ret); + return ret; } #ifndef OPENSSL_NO_FP_API diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 987fe068..47654f85 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -385,7 +385,7 @@ _dopr(char **sbuffer, if (cflags == DP_C_SHORT) { short int *num; num = va_arg(args, short int *); - *num = currlen; + *num = (short int)currlen; } else if (cflags == DP_C_LONG) { /* XXX */ long int *num; num = va_arg(args, long int *); @@ -502,7 +502,7 @@ fmtint(char **sbuffer, if (!(flags & DP_F_UNSIGNED)) { if (value < 0) { signvalue = '-'; - uvalue = -value; + uvalue = 0 - (unsigned LLONG)value; } else if (flags & DP_F_PLUS) signvalue = '+'; else if (flags & DP_F_SPACE) @@ -663,7 +663,7 @@ fmtfp(char **sbuffer, iconvert[iplace++] = "0123456789"[intpart % 10]; intpart = (intpart / 10); } while (intpart && (iplace < (int)sizeof(iconvert))); - if (iplace == sizeof iconvert) + if (iplace == sizeof(iconvert)) iplace--; iconvert[iplace] = 0; @@ -672,7 +672,7 @@ fmtfp(char **sbuffer, fconvert[fplace++] = "0123456789"[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); - if (fplace == sizeof fconvert) + if (fplace == sizeof(fconvert)) fplace--; fconvert[fplace] = 0; diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index d3e86068..2ff52636 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -76,8 +76,11 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, if (BIO_CB_RETURN & cmd) r = ret; - len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + len = BIO_snprintf(buf,sizeof(buf),"BIO[%p]: ",(void *)bio); + /* Ignore errors and continue printing the other information. */ + if (len < 0) + len = 0; p = buf + len; p_maxlen = sizeof(buf) - len; diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 3dd81877..096ea415 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -144,7 +144,7 @@ static int bio_new(BIO *bio) { struct bio_bio_st *b; - b = OPENSSL_malloc(sizeof *b); + b = OPENSSL_malloc(sizeof(*b)); if (b == NULL) return 0; diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 7d15ad29..bbc6d5ab 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -481,7 +481,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) char buf[16]; unsigned char *p = ptr; - BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d", + BIO_snprintf(buf, sizeof(buf), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); if (data->param_hostname != NULL) OPENSSL_free(data->param_hostname); @@ -490,7 +490,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) } else if (num == 3) { char buf[DECIMAL_SIZE(int) + 1]; - BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr); + BIO_snprintf(buf, sizeof(buf), "%d", *(int *)ptr); if (data->param_port != NULL) OPENSSL_free(data->param_port); data->param_port = BUF_strdup(buf); diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index a6e3b3ac..bbf906fa 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -251,7 +251,7 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl) ret = fread(out, 1, (int)outl, (FILE *)b->ptr); if (ret == 0 && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) : - ferror((FILE *)b->ptr)) { + ferror((FILE *)b->ptr)) { SYSerr(SYS_F_FREAD, get_last_sys_error()); BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB); ret = -1; @@ -287,6 +287,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) FILE *fp = (FILE *)b->ptr; FILE **fpp; char p[4]; + int st; switch (cmd) { case BIO_C_FILE_SEEK: @@ -318,8 +319,11 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) # if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) # define _IOB_ENTRIES 20 # endif -# if defined(_IOB_ENTRIES) /* Safety net to catch purely internal BIO_set_fp calls */ +# if defined(_MSC_VER) && _MSC_VER>=1900 + if (ptr == stdin || ptr == stdout || ptr == stderr) + BIO_clear_flags(b, BIO_FLAGS_UPLINK); +# elif defined(_IOB_ENTRIES) if ((size_t)ptr >= (size_t)stdin && (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) BIO_clear_flags(b, BIO_FLAGS_UPLINK); @@ -371,15 +375,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num & BIO_CLOSE; if (num & BIO_FP_APPEND) { if (num & BIO_FP_READ) - BUF_strlcpy(p, "a+", sizeof p); + BUF_strlcpy(p, "a+", sizeof(p)); else - BUF_strlcpy(p, "a", sizeof p); + BUF_strlcpy(p, "a", sizeof(p)); } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) - BUF_strlcpy(p, "r+", sizeof p); + BUF_strlcpy(p, "r+", sizeof(p)); else if (num & BIO_FP_WRITE) - BUF_strlcpy(p, "w", sizeof p); + BUF_strlcpy(p, "w", sizeof(p)); else if (num & BIO_FP_READ) - BUF_strlcpy(p, "r", sizeof p); + BUF_strlcpy(p, "r", sizeof(p)); else { BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE); ret = 0; @@ -424,10 +428,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num; break; case BIO_CTRL_FLUSH: - if (b->flags & BIO_FLAGS_UPLINK) - UP_fflush(b->ptr); - else - fflush((FILE *)b->ptr); + st = b->flags & BIO_FLAGS_UPLINK + ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr); + if (st == EOF) { + SYSerr(SYS_F_FFLUSH, get_last_sys_error()); + ERR_add_error_data(1, "fflush()"); + BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB); + ret = 0; + } break; case BIO_CTRL_DUP: ret = 1; diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index b8fb1e8a..d8662878 100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl @@ -290,7 +290,7 @@ ######## .Lbn_sqr_mont gives up to 20% *overall* improvement over ######## code without following dedicated squaring procedure. ######## -$sbit="%i2"; # re-use $bp! +$sbit="%o5"; $code.=<<___; .align 32 @@ -403,7 +403,7 @@ mulx $apj,$mul0,$acc0 mulx $npj,$mul1,$acc1 add $acc0,$car0,$car0 - add $tpj,$car1,$car1 + add $tpj,$sbit,$sbit ld [$ap+$j],$apj ! ap[j] and $car0,$mask,$acc0 ld [$np+$j],$npj ! np[j] @@ -412,7 +412,7 @@ ld [$tp+8],$tpj ! tp[j] add $acc0,$acc0,$acc0 add $j,4,$j ! j++ - or $sbit,$acc0,$acc0 + add $sbit,$acc0,$acc0 srlx $acc0,32,$sbit and $acc0,$mask,$acc0 cmp $j,$num @@ -426,12 +426,12 @@ mulx $apj,$mul0,$acc0 mulx $npj,$mul1,$acc1 add $acc0,$car0,$car0 - add $tpj,$car1,$car1 + add $tpj,$sbit,$sbit and $car0,$mask,$acc0 srlx $car0,32,$car0 add $acc1,$car1,$car1 add $acc0,$acc0,$acc0 - or $sbit,$acc0,$acc0 + add $sbit,$acc0,$acc0 srlx $acc0,32,$sbit and $acc0,$mask,$acc0 add $acc0,$car1,$car1 @@ -439,7 +439,7 @@ srlx $car1,32,$car1 add $car0,$car0,$car0 - or $sbit,$car0,$car0 + add $sbit,$car0,$car0 add $car0,$car1,$car1 add $car2,$car1,$car1 st $car1,[$tp+4] @@ -499,7 +499,7 @@ .Lsqr_inner2: mulx $apj,$mul0,$acc0 mulx $npj,$mul1,$acc1 - add $tpj,$car1,$car1 + add $tpj,$sbit,$sbit add $acc0,$car0,$car0 ld [$ap+$j],$apj ! ap[j] and $car0,$mask,$acc0 @@ -507,7 +507,7 @@ srlx $car0,32,$car0 add $acc0,$acc0,$acc0 ld [$tp+8],$tpj ! tp[j] - or $sbit,$acc0,$acc0 + add $sbit,$acc0,$acc0 add $j,4,$j ! j++ srlx $acc0,32,$sbit and $acc0,$mask,$acc0 @@ -522,12 +522,12 @@ .Lsqr_no_inner2: mulx $apj,$mul0,$acc0 mulx $npj,$mul1,$acc1 - add $tpj,$car1,$car1 + add $tpj,$sbit,$sbit add $acc0,$car0,$car0 and $car0,$mask,$acc0 srlx $car0,32,$car0 add $acc0,$acc0,$acc0 - or $sbit,$acc0,$acc0 + add $sbit,$acc0,$acc0 srlx $acc0,32,$sbit and $acc0,$mask,$acc0 add $acc0,$car1,$car1 @@ -536,7 +536,7 @@ srlx $car1,32,$car1 add $car0,$car0,$car0 - or $sbit,$car0,$car0 + add $sbit,$car0,$car0 add $car0,$car1,$car1 add $car2,$car1,$car1 st $car1,[$tp+4] @@ -581,14 +581,17 @@ !.Lsqr_last mulx $npj,$mul1,$acc1 - add $tpj,$car1,$car1 + add $tpj,$acc0,$acc0 + srlx $acc0,32,$tmp0 + and $acc0,$mask,$acc0 + add $tmp0,$sbit,$sbit add $acc0,$car1,$car1 add $acc1,$car1,$car1 st $car1,[$tp] srlx $car1,32,$car1 add $car0,$car0,$car0 ! recover $car0 - or $sbit,$car0,$car0 + add $sbit,$car0,$car0 add $car0,$car1,$car1 add $car2,$car1,$car1 st $car1,[$tp+4] diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index f1fbb45b..d62730ac 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -3091,11 +3091,19 @@ .align 32 .Lsqrx8x_break: - sub 16+8(%rsp),%r8 # consume last carry + xor $zero,$zero + sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf + adcx $zero,%r8 mov 24+8(%rsp),$carry # initial $tptr, borrow $carry + adcx $zero,%r9 mov 0*8($aptr),%rdx # a[8], modulo-scheduled - xor %ebp,%ebp # xor $zero,$zero + adc \$0,%r10 mov %r8,0*8($tptr) + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 cmp $carry,$tptr # cf=0, of=0 je .Lsqrx8x_outer_loop diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 1670f01d..11cfbd9e 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -145,10 +145,11 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int i, bits, ret = 0; BIGNUM *v, *rr; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; + return 0; } BN_CTX_start(ctx); @@ -244,7 +245,9 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, if (BN_is_odd(m)) { # ifdef MONT_EXP_WORD if (a->top == 1 && !a->neg - && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) { + && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0) + && (BN_get_flags(a, BN_FLG_CONSTTIME) == 0) + && (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) { BN_ULONG A = a->d[0]; ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL); } else @@ -276,10 +279,12 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BIGNUM *val[TABLE_SIZE]; BN_RECP_CTX recp; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; + return 0; } bits = BN_num_bits(p); @@ -410,7 +415,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BIGNUM *val[TABLE_SIZE]; BN_MONT_CTX *mont = NULL; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); } @@ -719,7 +726,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, top = m->top; - bits = BN_num_bits(p); + /* + * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak + * whether the top bits are zero. + */ + bits = p->top * BN_BITS2; if (bits == 0) { /* x**0 mod 1 is still zero. */ if (BN_is_one(m)) { @@ -1216,10 +1227,11 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; + return 0; } bn_check_top(p); @@ -1347,10 +1359,12 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, /* Table of variables obtained from 'ctx' */ BIGNUM *val[TABLE_SIZE]; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; + return 0; } bits = BN_num_bits(p); diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 10b78f51..27b9bdbc 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -144,74 +144,47 @@ const BIGNUM *BN_value_one(void) int BN_num_bits_word(BN_ULONG l) { - static const unsigned char bits[256] = { - 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, - 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - }; - -#if defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffffffff00000000L) { - if (l & 0xffff000000000000L) { - if (l & 0xff00000000000000L) { - return (bits[(int)(l >> 56)] + 56); - } else - return (bits[(int)(l >> 48)] + 48); - } else { - if (l & 0x0000ff0000000000L) { - return (bits[(int)(l >> 40)] + 40); - } else - return (bits[(int)(l >> 32)] + 32); - } - } else -#else -# ifdef SIXTY_FOUR_BIT - if (l & 0xffffffff00000000LL) { - if (l & 0xffff000000000000LL) { - if (l & 0xff00000000000000LL) { - return (bits[(int)(l >> 56)] + 56); - } else - return (bits[(int)(l >> 48)] + 48); - } else { - if (l & 0x0000ff0000000000LL) { - return (bits[(int)(l >> 40)] + 40); - } else - return (bits[(int)(l >> 32)] + 32); - } - } else -# endif -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffff0000L) { - if (l & 0xff000000L) - return (bits[(int)(l >> 24L)] + 24); - else - return (bits[(int)(l >> 16L)] + 16); - } else + BN_ULONG x, mask; + int bits = (l != 0); + +#if BN_BITS2 > 32 + x = l >> 32; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 32 & mask; + l ^= (x ^ l) & mask; #endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xff00L) - return (bits[(int)(l >> 8)] + 8); - else -#endif - return (bits[(int)(l)]); - } - } + + x = l >> 16; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 16 & mask; + l ^= (x ^ l) & mask; + + x = l >> 8; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 8 & mask; + l ^= (x ^ l) & mask; + + x = l >> 4; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 4 & mask; + l ^= (x ^ l) & mask; + + x = l >> 2; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 2 & mask; + l ^= (x ^ l) & mask; + + x = l >> 1; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 1 & mask; + + return bits; } int BN_num_bits(const BIGNUM *a) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index be95bd55..c1703650 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -207,26 +207,13 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) r->top = max; n0 = mont->n0[0]; -# ifdef BN_COUNT - fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl); -# endif + /* + * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On + * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r| + * includes |carry| which is stored separately. + */ for (carry = 0, i = 0; i < nl; i++, rp++) { -# ifdef __TANDEM - { - long long t1; - long long t2; - long long t3; - t1 = rp[0] * (n0 & 0177777); - t2 = 037777600000l; - t2 = n0 & t2; - t3 = rp[0] & 0177777; - t2 = (t3 * t2) & BN_MASK2; - t1 = t1 + t2; - v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1); - } -# else v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); -# endif v = (v + carry + rp[nl]) & BN_MASK2; carry |= (v != rp[nl]); carry &= (v <= rp[nl]); @@ -239,46 +226,24 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) ret->neg = r->neg; rp = ret->d; - ap = &(r->d[nl]); -# define BRANCH_FREE 1 -# if BRANCH_FREE - { - BN_ULONG *nrp; - size_t m; + /* + * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap| + * includes |carry| which is stored separately. + */ + ap = &(r->d[nl]); - v = bn_sub_words(rp, ap, np, nl) - carry; - /* - * if subtraction result is real, then trick unconditional memcpy - * below to perform in-place "refresh" instead of actual copy. - */ - m = (0 - (size_t)v); - nrp = - (BN_ULONG *)(((PTR_SIZE_INT) rp & ~m) | ((PTR_SIZE_INT) ap & m)); - - for (i = 0, nl -= 4; i < nl; i += 4) { - BN_ULONG t1, t2, t3, t4; - - t1 = nrp[i + 0]; - t2 = nrp[i + 1]; - t3 = nrp[i + 2]; - ap[i + 0] = 0; - t4 = nrp[i + 3]; - ap[i + 1] = 0; - rp[i + 0] = t1; - ap[i + 2] = 0; - rp[i + 1] = t2; - ap[i + 3] = 0; - rp[i + 2] = t3; - rp[i + 3] = t4; - } - for (nl += 4; i < nl; i++) - rp[i] = nrp[i], ap[i] = 0; + /* + * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v| + * cannot be -1. That would imply the subtraction did not fit in |nl| words, + * and we know at most one subtraction is needed. + */ + v = bn_sub_words(rp, ap, np, nl) - carry; + v = 0 - v; + for (i = 0; i < nl; i++) { + rp[i] = (v & ap[i]) | (~v & rp[i]); + ap[i] = 0; } -# else - if (bn_sub_words(rp, ap, np, nl) - carry) - memcpy(rp, ap, nl * sizeof(BN_ULONG)); -# endif bn_correct_top(r); bn_correct_top(ret); bn_check_top(ret); @@ -382,6 +347,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) R = &(mont->RR); /* grab RR as a temp */ if (!BN_copy(&(mont->N), mod)) goto err; /* Set N */ + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(&(mont->N), BN_FLG_CONSTTIME); mont->N.neg = 0; #ifdef MONT_WORD @@ -394,6 +361,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) tmod.dmax = 2; tmod.neg = 0; + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(&tmod, BN_FLG_CONSTTIME); + mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; # if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index b174850b..1232f942 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -1032,46 +1032,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) rr->top = top; goto end; } -# if 0 - if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) { - BIGNUM *tmp_bn = (BIGNUM *)b; - if (bn_wexpand(tmp_bn, al) == NULL) - goto err; - tmp_bn->d[bl] = 0; - bl++; - i--; - } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { - BIGNUM *tmp_bn = (BIGNUM *)a; - if (bn_wexpand(tmp_bn, bl) == NULL) - goto err; - tmp_bn->d[al] = 0; - al++; - i++; - } - if (i == 0) { - /* symmetric and > 4 */ - /* 16 or larger */ - j = BN_num_bits_word((BN_ULONG)al); - j = 1 << (j - 1); - k = j + j; - t = BN_CTX_get(ctx); - if (al == j) { /* exact multiple */ - if (bn_wexpand(t, k * 2) == NULL) - goto err; - if (bn_wexpand(rr, k * 2) == NULL) - goto err; - bn_mul_recursive(rr->d, a->d, b->d, al, t->d); - } else { - if (bn_wexpand(t, k * 4) == NULL) - goto err; - if (bn_wexpand(rr, k * 4) == NULL) - goto err; - bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d); - } - rr->top = top; - goto end; - } -# endif } #endif /* BN_RECURSION */ if (bn_wexpand(rr, top) == NULL) diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 1d256874..e911e157 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -252,7 +252,6 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_CTX *ctx = NULL; BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ BN_MONT_CTX *mont = NULL; - const BIGNUM *A = NULL; if (BN_cmp(a, BN_value_one()) <= 0) return 0; @@ -278,24 +277,14 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, goto err; BN_CTX_start(ctx); - /* A := abs(a) */ - if (a->neg) { - BIGNUM *t; - if ((t = BN_CTX_get(ctx)) == NULL) - goto err; - BN_copy(t, a); - t->neg = 0; - A = t; - } else - A = a; A1 = BN_CTX_get(ctx); A1_odd = BN_CTX_get(ctx); check = BN_CTX_get(ctx); if (check == NULL) goto err; - /* compute A1 := A - 1 */ - if (!BN_copy(A1, A)) + /* compute A1 := a - 1 */ + if (!BN_copy(A1, a)) goto err; if (!BN_sub_word(A1, 1)) goto err; @@ -311,11 +300,11 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, if (!BN_rshift(A1_odd, A1, k)) goto err; - /* Montgomery setup for computations mod A */ + /* Montgomery setup for computations mod a */ mont = BN_MONT_CTX_new(); if (mont == NULL) goto err; - if (!BN_MONT_CTX_set(mont, A, ctx)) + if (!BN_MONT_CTX_set(mont, a, ctx)) goto err; for (i = 0; i < checks; i++) { @@ -323,9 +312,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, goto err; if (!BN_add_word(check, 1)) goto err; - /* now 1 <= check < A */ + /* now 1 <= check < a */ - j = witness(check, A, A1, A1_odd, k, ctx, mont); + j = witness(check, a, A1, A1_odd, k, ctx, mont); if (j == -1) goto err; if (j) { diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index 5cf0de16..489af8b4 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -64,263 +64,263 @@ typedef unsigned short prime_t; typedef unsigned char prime_t; #endif static const prime_t primes[NUMPRIMES] = { - 2, 3, 5, 7, 11, 13, 17, 19, - 23, 29, 31, 37, 41, 43, 47, 53, - 59, 61, 67, 71, 73, 79, 83, 89, - 97, 101, 103, 107, 109, 113, 127, 131, - 137, 139, 149, 151, 157, 163, 167, 173, - 179, 181, 191, 193, 197, 199, 211, 223, - 227, 229, 233, 239, 241, 251, + 2, 3, 5, 7, 11, 13, 17, 19, + 23, 29, 31, 37, 41, 43, 47, 53, + 59, 61, 67, 71, 73, 79, 83, 89, + 97, 101, 103, 107, 109, 113, 127, 131, + 137, 139, 149, 151, 157, 163, 167, 173, + 179, 181, 191, 193, 197, 199, 211, 223, + 227, 229, 233, 239, 241, 251, #ifndef EIGHT_BIT - 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, - 313, 317, 331, 337, 347, 349, 353, 359, - 367, 373, 379, 383, 389, 397, 401, 409, - 419, 421, 431, 433, 439, 443, 449, 457, - 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, - 571, 577, 587, 593, 599, 601, 607, 613, - 617, 619, 631, 641, 643, 647, 653, 659, - 661, 673, 677, 683, 691, 701, 709, 719, - 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, - 829, 839, 853, 857, 859, 863, 877, 881, - 883, 887, 907, 911, 919, 929, 937, 941, - 947, 953, 967, 971, 977, 983, 991, 997, - 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, - 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, - 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, - 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, - 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, - 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, - 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, - 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, - 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, - 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, - 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, - 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, - 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, - 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, - 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, - 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, - 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, - 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, - 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, - 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, - 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, - 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, - 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, - 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, - 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, - 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, - 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, - 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, - 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, - 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, - 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, - 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, - 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, - 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, - 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, - 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, - 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, - 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, - 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, - 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, - 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, - 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, - 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, - 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, - 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, - 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, - 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, - 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, - 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, - 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, - 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, - 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, - 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, - 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, - 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, - 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, - 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, - 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, - 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, - 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, - 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, - 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, - 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, - 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, - 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, - 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, - 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, - 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, - 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, - 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, - 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, - 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, - 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, - 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, - 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, - 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, - 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, - 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, - 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, - 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, - 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, - 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, - 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, - 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, - 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, - 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, - 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, - 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, - 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, - 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, - 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, - 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, - 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, - 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, - 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, - 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, - 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, - 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, - 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, - 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, - 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, - 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, - 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, - 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, - 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, - 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, - 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, - 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, - 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, - 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, - 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, - 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, - 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, - 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, - 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, - 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, - 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, - 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, - 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, - 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, - 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, - 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, - 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, - 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, - 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, - 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, - 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, - 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, - 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, - 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, - 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, - 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, - 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, - 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, - 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, - 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, - 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, - 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, - 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, - 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, - 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, - 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, - 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, - 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, - 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, - 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, - 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, - 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, - 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, - 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, - 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, - 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, - 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, - 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, - 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, - 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, - 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, - 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, - 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, - 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, - 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, - 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, - 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, - 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, - 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, - 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, - 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, - 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, - 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, - 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, - 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, - 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, - 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, - 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, - 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, - 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, - 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, - 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, - 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, - 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, - 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, - 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, - 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, - 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, - 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, - 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, - 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, - 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, - 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, - 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, - 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, - 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, - 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, - 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, - 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, - 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, - 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, - 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, - 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, - 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, - 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, - 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, - 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, - 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, - 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, - 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, - 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, - 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, - 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, - 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, - 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, - 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, - 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, - 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, - 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, - 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, - 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, - 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, - 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, - 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, - 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, - 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, - 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, - 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, - 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, - 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, - 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, - 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, - 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, - 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, - 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, - 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, - 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, - 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, - 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, + 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, + 313, 317, 331, 337, 347, 349, 353, 359, + 367, 373, 379, 383, 389, 397, 401, 409, + 419, 421, 431, 433, 439, 443, 449, 457, + 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, + 571, 577, 587, 593, 599, 601, 607, 613, + 617, 619, 631, 641, 643, 647, 653, 659, + 661, 673, 677, 683, 691, 701, 709, 719, + 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, + 829, 839, 853, 857, 859, 863, 877, 881, + 883, 887, 907, 911, 919, 929, 937, 941, + 947, 953, 967, 971, 977, 983, 991, 997, + 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, + 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, + 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, + 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, + 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, + 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, + 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, + 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, + 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, + 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, + 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, + 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, + 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, + 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, + 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, + 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, + 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, + 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, + 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, + 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, + 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, + 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, + 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, + 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, + 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, + 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, + 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, + 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, + 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, + 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, + 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, + 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, + 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, + 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, + 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, + 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, + 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, + 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, + 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, + 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, + 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, + 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, + 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, + 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, + 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, + 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, + 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, + 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, + 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, + 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, + 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, + 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, + 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, + 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, + 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, + 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, + 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, + 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, + 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, + 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, + 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, + 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, + 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, + 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, + 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, + 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, + 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, + 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, + 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, + 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, + 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, + 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, + 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, + 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, + 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, + 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, + 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, + 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, + 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, + 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, + 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, + 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, + 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, + 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, + 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, + 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, + 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, + 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, + 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, + 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, + 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, + 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, + 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, + 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, + 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, + 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, + 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, + 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, + 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, + 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, + 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, + 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, + 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, + 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, + 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, + 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, + 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, + 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, + 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, + 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, + 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, + 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, + 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, + 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, + 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, + 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, + 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, + 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, + 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, + 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, + 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, + 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, + 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, + 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, + 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, + 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, + 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, + 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, + 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, + 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, + 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, + 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, + 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, + 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, + 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, + 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, + 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, + 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, + 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, + 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, + 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, + 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, + 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, + 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, + 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, + 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, + 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, + 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, + 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, + 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, + 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, + 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, + 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, + 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, + 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, + 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, + 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, + 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, + 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, + 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, + 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, + 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, + 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, + 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, + 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, + 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, + 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, + 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, + 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, + 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, + 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, + 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, + 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, + 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, + 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, + 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, + 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, + 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, + 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, + 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, + 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, + 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, + 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, + 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, + 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, + 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, + 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, + 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, + 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, + 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, + 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, + 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, + 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, + 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, + 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, + 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, + 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, + 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, + 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, + 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, + 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, + 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, + 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, + 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, + 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, + 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, + 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, + 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, + 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, + 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, + 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, + 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, + 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, + 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, + 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, + 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, + 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, + 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, + 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, + 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, + 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, + 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, + 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, + 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, + 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, + 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, + 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, + 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, + 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, + 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, + 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, + 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, + 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, + 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, + 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, #endif }; diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl index 3fafb6f3..6bede65e 100644 --- a/crypto/bn/bn_prime.pl +++ b/crypto/bn/bn_prime.pl @@ -26,7 +26,7 @@ # * the code are not to be removed. # * See the COPYRIGHT file in the SSLeay distribution for more details. # */ -# +# # EOF print <<\EOF; @@ -37,21 +37,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -66,10 +66,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -81,7 +81,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -100,20 +100,20 @@ } printf "#ifndef EIGHT_BIT\n"; -printf "#define NUMPRIMES %d\n",$num; +printf "# define NUMPRIMES %d\n",$num; printf "typedef unsigned short prime_t;\n"; printf "#else\n"; -printf "#define NUMPRIMES %d\n",$eight; +printf "# define NUMPRIMES %d\n",$eight; printf "typedef unsigned char prime_t;\n"; printf "#endif\n"; -print "static const prime_t primes[NUMPRIMES]=\n\t{\n\t"; +print "static const prime_t primes[NUMPRIMES] = {"; $init=0; for ($i=0; $i <= $#primes; $i++) { - printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++); - printf("\n\t") if (($i%8) == 0) && ($i != 0); - printf("%4d,",$primes[$i]); + printf "\n#ifndef EIGHT_BIT\n " if ($primes[$i] > 256) && !($init++); + printf("\n ") if ($i%8) == 0; + printf(" %5d,",$primes[$i]); } -print "\n#endif\n\t};\n"; +print "\n#endif\n};\n"; diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index f121fb6e..c0b029da 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -82,8 +82,6 @@ char *BN_bn2hex(const BIGNUM *a) p = buf; if (a->neg) *(p++) = '-'; - if (BN_is_zero(a)) - *(p++) = '0'; for (i = a->top - 1; i >= 0; i--) { for (j = BN_BITS2 - 8; j >= 0; j -= 8) { /* strip leading zeros */ @@ -393,10 +391,10 @@ char *BN_options(void) if (!init) { init++; #ifdef BN_LLONG - BIO_snprintf(data, sizeof data, "bn(%d,%d)", + BIO_snprintf(data, sizeof(data), "bn(%d,%d)", (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); #else - BIO_snprintf(data, sizeof data, "bn(%d,%d)", + BIO_snprintf(data, sizeof(data), "bn(%d,%d)", (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); #endif } diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index a327b1a6..abe5dbe0 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -148,7 +148,7 @@ int main(int argc, char *argv[]) results = 0; - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ argc--; argv++; diff --git a/crypto/bn/expspeed.c b/crypto/bn/expspeed.c index 513a568a..8ea980cd 100644 --- a/crypto/bn/expspeed.c +++ b/crypto/bn/expspeed.c @@ -198,7 +198,7 @@ static int mul_c[NUM_SIZES] = * static int sizes[NUM_SIZES]={59,179,299,419,539}; */ -#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); } +#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof(str)); } void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx); diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index ac611c2e..779ee902 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -183,9 +183,11 @@ int main(int argc, char *argv[]) unsigned char c; BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m; - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we - * don't even check its return - * value (which we should) */ + /* + * Seed or BN_rand may fail, and we don't even check its return + * value (which we should) + */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); ERR_load_BN_strings(); diff --git a/crypto/comp/c_rle.c b/crypto/comp/c_rle.c index e9aabbd1..41919613 100644 --- a/crypto/comp/c_rle.c +++ b/crypto/comp/c_rle.c @@ -31,12 +31,11 @@ static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, unsigned char *in, unsigned int ilen) { - /* int i; */ + if (ilen == 0) + return 0; - if (ilen == 0 || olen < (ilen - 1)) { - /* ZZZZZZZZZZZZZZZZZZZZZZ */ - return (-1); - } + if (olen <= ilen) + return -1; *(out++) = 0; memcpy(out, in, ilen); @@ -49,14 +48,16 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, { int i; - if (olen < (ilen - 1)) { - /* ZZZZZZZZZZZZZZZZZZZZZZ */ - return (-1); - } + if (ilen == 0) + return 0; + + if (olen < (ilen - 1)) + return -1; i = *(in++); - if (i == 0) { - memcpy(out, in, ilen - 1); - } + if (i != 0) + return -1; + + memcpy(out, in, ilen - 1); return (ilen - 1); } diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index 8d926d5d..fe491130 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -259,6 +259,7 @@ void ERR_load_CONF_strings(void); # define CONF_R_NO_VALUE 108 # define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 # define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 # define CONF_R_VARIABLE_HAS_NO_VALUE 104 #ifdef __cplusplus diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 68c77cec..6237f6a1 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -69,6 +69,12 @@ #include #include +/* + * The maximum length we can grow a value to after variable expansion. 64k + * should be more than enough for all reasonable uses. + */ +#define MAX_CONF_VALUE_LENGTH 65536 + static char *eat_ws(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p); static void clear_comments(CONF *conf, char *p); @@ -417,7 +423,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) OPENSSL_free(section); if (line != NULL) *line = eline; - BIO_snprintf(btmp, sizeof btmp, "%ld", eline); + BIO_snprintf(btmp, sizeof(btmp), "%ld", eline); ERR_add_error_data(2, "line ", btmp); if ((h != conf->data) && (conf->data != NULL)) { CONF_free(conf->data); @@ -530,6 +536,8 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) } else if (IS_EOF(conf, *from)) break; else if (*from == '$') { + size_t newsize; + /* try to expand it */ rrp = NULL; s = &(from[1]); @@ -584,8 +592,12 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); goto err; } - if (!BUF_MEM_grow_clean(buf, - (strlen(p) + buf->length - (e - from)))) { + newsize = strlen(p) + buf->length - (e - from); + if (newsize > MAX_CONF_VALUE_LENGTH) { + CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_EXPANSION_TOO_LONG); + goto err; + } + if (!BUF_MEM_grow_clean(buf, newsize)) { CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index bb5e2fe2..b0b6896f 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -115,6 +115,8 @@ static ERR_STRING_DATA CONF_str_reasons[] = { {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), "unable to create new section"}, {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"}, + {ERR_REASON(CONF_R_VARIABLE_EXPANSION_TOO_LONG), + "variable expansion too long"}, {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"}, {0, NULL} }; diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index e0c9a67f..e2a9a816 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -221,7 +221,7 @@ static int module_run(const CONF *cnf, char *name, char *value, if (!(flags & CONF_MFLAGS_SILENT)) { char rcode[DECIMAL_SIZE(ret) + 1]; CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); - BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); + BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); } diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 1925428f..5fab45b2 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -469,11 +469,18 @@ void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) } } +#ifdef OPENSSL_FIPS +extern int FIPS_crypto_threadid_set_callback(void (*func) (CRYPTO_THREADID *)); +#endif + int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *)) { if (threadid_callback) return 0; threadid_callback = func; +#ifdef OPENSSL_FIPS + FIPS_crypto_threadid_set_callback(func); +#endif return 1; } diff --git a/crypto/des/destest.c b/crypto/des/destest.c index c6be3420..f2041c1e 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -398,7 +398,7 @@ int main(int argc, char *argv[]) i = strlen((char *)cbc_data) + 1; /* i=((i+7)/8)*8; */ memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - memset(iv2, '\0', sizeof iv2); + memset(iv2, '\0', sizeof(iv2)); DES_ede3_cbcm_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, &iv2, DES_ENCRYPT); @@ -412,7 +412,7 @@ int main(int argc, char *argv[]) } */ memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - memset(iv2, '\0', sizeof iv2); + memset(iv2, '\0', sizeof(iv2)); DES_ede3_cbcm_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, &iv2, DES_DECRYPT); if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c index f97fd971..60470d6d 100644 --- a/crypto/des/ecb_enc.c +++ b/crypto/des/ecb_enc.c @@ -96,7 +96,7 @@ const char *DES_options(void) size = "int"; else size = "long"; - BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll, + BIO_snprintf(buf, sizeof(buf), "des(%s,%s,%s,%s)", ptr, risc, unroll, size); init = 0; } diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c index 111f1e46..09f5792b 100644 --- a/crypto/des/fcrypt.c +++ b/crypto/des/fcrypt.c @@ -80,10 +80,10 @@ char *DES_crypt(const char *buf, const char *salt) e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0'; /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ - ebcdic2ascii(e_salt, e_salt, sizeof e_salt); + ebcdic2ascii(e_salt, e_salt, sizeof(e_salt)); /* Convert the cleartext password to ASCII */ - ebcdic2ascii(e_buf, e_buf, sizeof e_buf); + ebcdic2ascii(e_buf, e_buf, sizeof(e_buf)); /* Encrypt it (from/to ASCII) */ ret = DES_fcrypt(e_buf, e_salt, buff); diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index 514a7063..080d3e8d 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -434,7 +434,7 @@ static void pushsig(void) # ifdef SIGACTION struct sigaction sa; - memset(&sa, 0, sizeof sa); + memset(&sa, 0, sizeof(sa)); sa.sa_handler = recsig; # endif diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index 8fd8fe14..0a9ddb4b 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -120,7 +120,7 @@ int DES_check_key_parity(const_DES_cblock *key) } /*- - * Weak and semi week keys as take from + * Weak and semi weak keys as taken from * %A D.W. Davies * %A W.L. Price * %T Security for Computer Networks @@ -377,7 +377,7 @@ void private_DES_set_key_unchecked(const_DES_cblock *key, register int i; #ifdef OPENBSD_DEV_CRYPTO - memcpy(schedule->key, key, sizeof schedule->key); + memcpy(schedule->key, key, sizeof(schedule->key)); schedule->session = NULL; #endif k = &schedule->ks->deslong[0]; diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index a5bd9016..80b28fb3 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -182,12 +182,29 @@ struct dh_st { */ # define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) -# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ - (unsigned char *)(x)) -# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) -# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) +# define d2i_DHparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x) DH *DHparams_dup(DH *); @@ -240,11 +257,13 @@ DH *DH_get_1024_160(void); DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); +# ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index a882cb28..8947a087 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -51,6 +51,9 @@ * ==================================================================== */ +#include + +#ifndef OPENSSL_NO_CMS #include #include #include @@ -185,3 +188,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, EVP_MD_CTX_cleanup(&mctx); return rv; } +#endif diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index b58e3fa8..6452482c 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case EVP_PKEY_CTRL_DH_KDF_TYPE: if (p1 == -2) return dctx->kdf_type; +#ifdef OPENSSL_NO_CMS + if (p1 != EVP_PKEY_DH_KDF_NONE) +#else if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) +#endif return -2; dctx->kdf_type = p1; return 1; @@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, return ret; *keylen = ret; return 1; - } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { + } +#ifndef OPENSSL_NO_CMS + else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { unsigned char *Z = NULL; size_t Zlen = 0; if (!dctx->kdf_outlen || !dctx->kdf_oid) @@ -479,6 +485,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, } return ret; } +#endif return 1; } diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index c5d3d87e..cb83109c 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -116,7 +116,7 @@ int main(int argc, char *argv[]) CRYPTO_malloc_init(); # endif - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); out = BIO_new(BIO_s_file()); if (out == NULL) diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index c4fa1057..e22627f8 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -133,6 +133,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) unsigned char *penc = NULL; int penclen; ASN1_STRING *str = NULL; + ASN1_OBJECT *aobj; dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { @@ -159,8 +160,11 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) goto err; } - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), - ptype, str, penc, penclen)) + aobj = OBJ_nid2obj(EVP_PKEY_DSA); + if (aobj == NULL) + goto err; + + if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen)) return 1; err: @@ -258,6 +262,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto dsaerr; } + BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME); if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); goto dsaerr; diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 1fce0f81..21af2e15 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -482,6 +482,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, } else { p = BN_CTX_get(ctx); q = BN_CTX_get(ctx); + if (q == NULL) + goto err; } if (!BN_lshift(test, BN_value_one(), L - 1)) diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 58013a4a..aa10dd12 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -224,7 +224,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, { BN_CTX *ctx; BIGNUM k, kq, *K, *kinv = NULL, *r = NULL; + BIGNUM l, m; int ret = 0; + int q_bits; if (!dsa->p || !dsa->q || !dsa->g) { DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); @@ -233,6 +235,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BN_init(&k); BN_init(&kq); + BN_init(&l); + BN_init(&m); if (ctx_in == NULL) { if ((ctx = BN_CTX_new()) == NULL) @@ -243,6 +247,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, if ((r = BN_new()) == NULL) goto err; + /* Preallocate space */ + q_bits = BN_num_bits(dsa->q); + if (!BN_set_bit(&k, q_bits) + || !BN_set_bit(&l, q_bits) + || !BN_set_bit(&m, q_bits)) + goto err; + /* Get random k */ do if (!BN_rand_range(&k, dsa->q)) @@ -263,24 +274,23 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, /* Compute r = (g^k mod p) mod q */ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { - if (!BN_copy(&kq, &k)) - goto err; - - BN_set_flags(&kq, BN_FLG_CONSTTIME); - /* * We do not want timing information to leak the length of k, so we - * compute g^k using an equivalent exponent of fixed length. (This - * is a kludge that we need because the BN_mod_exp_mont() does not - * let us specify the desired timing behaviour.) + * compute G^k using an equivalent scalar of fixed bit-length. + * + * We unconditionally perform both of these additions to prevent a + * small timing information leakage. We then choose the sum that is + * one bit longer than the modulus. + * + * TODO: revisit the BN_copy aiming for a memory access agnostic + * conditional copy. */ - - if (!BN_add(&kq, &kq, dsa->q)) + if (!BN_add(&l, &k, dsa->q) + || !BN_add(&m, &l, dsa->q) + || !BN_copy(&kq, BN_num_bits(&l) > q_bits ? &l : &m)) goto err; - if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) { - if (!BN_add(&kq, &kq, dsa->q)) - goto err; - } + + BN_set_flags(&kq, BN_FLG_CONSTTIME); K = &kq; } else { @@ -314,7 +324,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BN_CTX_free(ctx); BN_clear_free(&k); BN_clear_free(&kq); - return (ret); + BN_clear_free(&l); + BN_clear_free(&m); + return ret; } static int dsa_do_verify(const unsigned char *dgst, int dgst_len, diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 8a224a88..bee95431 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -157,7 +157,7 @@ int main(int argc, char **argv) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); BIO_printf(bio_err, "test generation of DSA parameters\n"); diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index 7948bf71..35d2b6d1 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -1178,19 +1178,18 @@ adox $t1, $acc5 .byte 0x67,0x67 mulx %rdx, $t0, $t4 - mov $acc0, %rdx + mov .Lpoly+8*3(%rip), %rdx adox $t0, $acc6 shlx $a_ptr, $acc0, $t0 adox $t4, $acc7 shrx $a_ptr, $acc0, $t4 - mov .Lpoly+8*3(%rip), $t1 + mov %rdx,$t1 # reduction step 1 add $t0, $acc1 adc $t4, $acc2 - mulx $t1, $t0, $acc0 - mov $acc1, %rdx + mulx $acc0, $t0, $acc0 adc $t0, $acc3 shlx $a_ptr, $acc1, $t0 adc \$0, $acc0 @@ -1200,8 +1199,7 @@ add $t0, $acc2 adc $t4, $acc3 - mulx $t1, $t0, $acc1 - mov $acc2, %rdx + mulx $acc1, $t0, $acc1 adc $t0, $acc0 shlx $a_ptr, $acc2, $t0 adc \$0, $acc1 @@ -1211,8 +1209,7 @@ add $t0, $acc3 adc $t4, $acc0 - mulx $t1, $t0, $acc2 - mov $acc3, %rdx + mulx $acc2, $t0, $acc2 adc $t0, $acc1 shlx $a_ptr, $acc3, $t0 adc \$0, $acc2 @@ -1222,12 +1219,12 @@ add $t0, $acc0 adc $t4, $acc1 - mulx $t1, $t0, $acc3 + mulx $acc3, $t0, $acc3 adc $t0, $acc2 adc \$0, $acc3 - xor $t3, $t3 # cf=0 - adc $acc0, $acc4 # accumulate upper half + xor $t3, $t3 + add $acc0, $acc4 # accumulate upper half mov .Lpoly+8*1(%rip), $a_ptr adc $acc1, $acc5 mov $acc4, $acc0 @@ -1236,8 +1233,7 @@ mov $acc5, $acc1 adc \$0, $t3 - xor %eax, %eax # cf=0 - sbb \$-1, $acc4 # .Lpoly[0] + sub \$-1, $acc4 # .Lpoly[0] mov $acc6, $acc2 sbb $a_ptr, $acc5 # .Lpoly[1] sbb \$0, $acc6 # .Lpoly[2] diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index d089af7a..2c41c6e7 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -342,8 +342,10 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, - ptype, pval, ep, eplen)) + ptype, pval, ep, eplen)) { + OPENSSL_free(ep); return 0; + } return 1; } diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 33abf61f..b0cd3e17 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -62,17 +62,22 @@ #include #include +#define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0])) + int EC_GROUP_get_basis_type(const EC_GROUP *group) { - int i = 0; + int i; if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != NID_X9_62_characteristic_two_field) /* everything else is currently not supported */ return 0; - while (group->poly[i] != 0) - i++; + /* Find the last non-zero element of group->poly[] */ + for (i = 0; + i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0; + i++) + continue; if (i == 4) return NID_X9_62_ppBasis; diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 3ffa112c..3241aa51 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -85,7 +85,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) return NULL; } - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -164,7 +164,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) OPENSSL_free(group->seed); } - OPENSSL_cleanse(group, sizeof *group); + OPENSSL_cleanse(group, sizeof(*group)); OPENSSL_free(group); } @@ -575,7 +575,7 @@ int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, /* no explicit entry needed */ return 1; - d = OPENSSL_malloc(sizeof *d); + d = OPENSSL_malloc(sizeof(*d)); if (d == NULL) return 0; @@ -712,7 +712,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) return NULL; } - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -747,7 +747,7 @@ void EC_POINT_clear_free(EC_POINT *point) point->meth->point_clear_finish(point); else if (point->meth->point_finish != 0) point->meth->point_finish(point); - OPENSSL_cleanse(point, sizeof *point); + OPENSSL_cleanse(point, sizeof(*point)); OPENSSL_free(point); } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 23b8c308..2231f995 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -68,10 +68,14 @@ #include "ec_lcl.h" /* - * This file implements the wNAF-based interleaving multi-exponentation method - * (); - * for multiplication with precomputation, we use wNAF splitting - * (). + * This file implements the wNAF-based interleaving multi-exponentiation method + * Formerly at: + * http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp + * You might now find it here: + * http://link.springer.com/chapter/10.1007%2F3-540-45537-X_13 + * http://www.bmoeller.de/pdf/TI-01-08.multiexp.pdf + * For multiplication with precomputation, we use wNAF splitting, formerly at: + * http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp */ /* structure for precomputed multiples of the generator */ @@ -165,11 +169,11 @@ static void ec_pre_comp_clear_free(void *pre_) for (p = pre->points; *p != NULL; p++) { EC_POINT_clear_free(*p); - OPENSSL_cleanse(p, sizeof *p); + OPENSSL_cleanse(p, sizeof(*p)); } OPENSSL_free(pre->points); } - OPENSSL_cleanse(pre, sizeof *pre); + OPENSSL_cleanse(pre, sizeof(*pre)); OPENSSL_free(pre); } @@ -426,11 +430,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, totalnum = num + numblocks; - wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); - wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); - wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space - * for pivot */ - val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); + wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0])); + wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0])); + /* include space for pivot */ + wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0])); + val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0])); /* Ensure wNAF is initialised in case we end up going to err */ if (wNAF) @@ -576,7 +580,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a * subarray of 'pre_comp->points' if we already have precomputation. */ - val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); + val = OPENSSL_malloc((num_val + 1) * sizeof(val[0])); if (val == NULL) { ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index df9b37a7..176ec1f1 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -342,7 +342,7 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf, size_t len, int off) { size_t i; - char str[128]; + char str[128 + 1 + 4]; if (buf == NULL) return 1; diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index b2de7fae..43c4330c 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -247,6 +247,8 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, BN_CTX_free(new_ctx); if (mont != NULL) BN_MONT_CTX_free(mont); + if (one != NULL) + BN_free(one); return ret; } diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 99b8d613..9a53a39a 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1504,7 +1504,7 @@ static void ecp_nistz256_pre_comp_clear_free(void *pre_) 32 * sizeof(unsigned char) * (1 << pre->w) * 2 * 37); OPENSSL_free(pre->precomp_storage); } - OPENSSL_cleanse(pre, sizeof *pre); + OPENSSL_cleanse(pre, sizeof(*pre)); OPENSSL_free(pre); } diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 2b848216..e94a7d49 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -1270,7 +1270,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, if (tmp == NULL || tmp_Z == NULL) goto err; - prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0])); if (prod_Z == NULL) goto err; for (i = 0; i < num; i++) { diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index 40a1f003..5e1ef509 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -469,7 +469,7 @@ static void prime_field_tests(void) len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -482,7 +482,7 @@ static void prime_field_tests(void) len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -494,7 +494,7 @@ static void prime_field_tests(void) fprintf(stdout, "%02X", buf[i]); len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, + EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), ctx); if (len == 0) ABORT; @@ -1206,7 +1206,7 @@ static void char2_field_tests(void) # ifdef OPENSSL_EC_BIN_PT_COMP len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -1220,7 +1220,7 @@ static void char2_field_tests(void) len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -1234,7 +1234,7 @@ static void char2_field_tests(void) /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, + EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), ctx); if (len == 0) ABORT; @@ -1844,7 +1844,7 @@ int main(int argc, char *argv[]) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ prime_field_tests(); puts(""); diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 2fe2c664..3febf101 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -490,7 +490,7 @@ int main(int argc, char *argv[]) CRYPTO_malloc_init(); # endif - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); out = BIO_new(BIO_s_file()); if (out == NULL) diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index cbc21d1a..9cc22582 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -225,9 +225,16 @@ ECDH_DATA *ecdh_check(EC_KEY *key) */ ecdh_data_free(ecdh_data); ecdh_data = (ECDH_DATA *)data; + } else if (EC_KEY_get_key_method_data(key, ecdh_data_dup, + ecdh_data_free, + ecdh_data_free) != ecdh_data) { + /* Or an out of memory error in EC_KEY_insert_key_method_data. */ + ecdh_data_free(ecdh_data); + return NULL; } - } else + } else { ecdh_data = (ECDH_DATA *)data; + } #ifdef OPENSSL_FIPS if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD) && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) { diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 8dc1dda4..f1dd4723 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -203,9 +203,16 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key) */ ecdsa_data_free(ecdsa_data); ecdsa_data = (ECDSA_DATA *)data; + } else if (EC_KEY_get_key_method_data(key, ecdsa_data_dup, + ecdsa_data_free, + ecdsa_data_free) != ecdsa_data) { + /* Or an out of memory error in EC_KEY_insert_key_method_data. */ + ecdsa_data_free(ecdsa_data); + return NULL; } - } else + } else { ecdsa_data = (ECDSA_DATA *)data; + } #ifdef OPENSSL_FIPS if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD) && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) { diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index dd769609..16d4f59b 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -95,6 +95,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, EC_POINT *tmp_point = NULL; const EC_GROUP *group; int ret = 0; + int order_bits; if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); @@ -126,6 +127,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, goto err; } + /* Preallocate space */ + order_bits = BN_num_bits(order); + if (!BN_set_bit(k, order_bits) + || !BN_set_bit(r, order_bits) + || !BN_set_bit(X, order_bits)) + goto err; + do { /* get random k */ do @@ -139,13 +147,19 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, /* * We do not want timing information to leak the length of k, so we * compute G*k using an equivalent scalar of fixed bit-length. + * + * We unconditionally perform both of these additions to prevent a + * small timing information leakage. We then choose the sum that is + * one bit longer than the order. This guarantees the code + * path used in the constant time implementations elsewhere. + * + * TODO: revisit the BN_copy aiming for a memory access agnostic + * conditional copy. */ - - if (!BN_add(k, k, order)) + if (!BN_add(r, k, order) + || !BN_add(X, r, order) + || !BN_copy(k, BN_num_bits(r) > order_bits ? r : X)) goto err; - if (BN_num_bits(k) <= BN_num_bits(order)) - if (!BN_add(k, k, order)) - goto err; /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index 2a2b95ce..d8cac4bd 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -810,14 +810,15 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data, if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { /* if application doesn't support one buffer */ - state->mac_data = + char *mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count); - if (!state->mac_data) { + if (mac_data == NULL) { printf("cryptodev_digest_update: realloc failed\n"); return (0); } + state->mac_data = mac_data; memcpy(state->mac_data + state->mac_len, data, count); state->mac_len += count; @@ -1056,7 +1057,7 @@ static int crparam2bn(struct crparam *crp, BIGNUM *a) return (-1); for (i = 0; i < bytes; i++) - pd[i] = crp->crp_p[bytes - i - 1]; + pd[i] = ((char *)crp->crp_p)[bytes - i - 1]; BN_bin2bn(pd, bytes, a); free(pd); @@ -1132,7 +1133,7 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return (ret); } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_MOD_EXP; /* inputs: a^p % m */ @@ -1183,7 +1184,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) return (0); } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_MOD_EXP_CRT; /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ if (bn2crparam(rsa->p, &kop.crk_param[0])) @@ -1286,7 +1287,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, goto err; } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DSA_SIGN; /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ @@ -1329,7 +1330,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, struct crypt_kop kop; int dsaret = 1; - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DSA_VERIFY; /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ @@ -1402,7 +1403,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) keylen = BN_num_bits(dh->p); - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DH_COMPUTE_KEY; /* inputs: dh->priv_key pub_key dh->p key */ diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index 4279dd94..55d3858b 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -167,6 +167,7 @@ int ENGINE_register_complete(ENGINE *e) #endif ENGINE_register_RAND(e); ENGINE_register_pkey_meths(e); + ENGINE_register_pkey_asn1_meths(e); return 1; } diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index 27d31f70..709393fa 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -159,6 +159,11 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, } fnd->funct = NULL; (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd); + if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) { + sk_ENGINE_free(fnd->sk); + OPENSSL_free(fnd); + goto end; + } } /* A registration shouldn't add duplciate entries */ (void)sk_ENGINE_delete_ptr(fnd->sk, e); diff --git a/crypto/err/err.c b/crypto/err/err.c index e77d963b..2a3b2ef3 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -172,6 +172,7 @@ static ERR_STRING_DATA ERR_str_functs[] = { # endif {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, {ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, + {ERR_PACK(0, SYS_F_FFLUSH, 0), "fflush"}, {0, NULL}, }; @@ -601,8 +602,8 @@ static void build_SYS_str_reasons(void) char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); char *src = strerror(i); if (src != NULL) { - strncpy(*dest, src, sizeof *dest); - (*dest)[sizeof *dest - 1] = '\0'; + strncpy(*dest, src, sizeof(*dest)); + (*dest)[sizeof(*dest) - 1] = '\0'; str->string = *dest; } } @@ -724,6 +725,8 @@ void ERR_put_error(int lib, int func, int reason, const char *file, int line) } #endif es = ERR_get_state(); + if (es == NULL) + return; es->top = (es->top + 1) % ERR_NUM_ERRORS; if (es->top == es->bottom) @@ -741,6 +744,8 @@ void ERR_clear_error(void) ERR_STATE *es; es = ERR_get_state(); + if (es == NULL) + return; for (i = 0; i < ERR_NUM_ERRORS; i++) { err_clear(es, i); @@ -805,6 +810,8 @@ static unsigned long get_error_values(int inc, int top, const char **file, unsigned long ret; es = ERR_get_state(); + if (es == NULL) + return 0; if (inc && top) { if (file) @@ -1012,7 +1019,6 @@ void ERR_remove_state(unsigned long pid) ERR_STATE *ERR_get_state(void) { - static ERR_STATE fallback; ERR_STATE *ret, tmp, *tmpp = NULL; int i; CRYPTO_THREADID tid; @@ -1026,7 +1032,7 @@ ERR_STATE *ERR_get_state(void) if (ret == NULL) { ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); if (ret == NULL) - return (&fallback); + return NULL; CRYPTO_THREADID_cpy(&ret->tid, &tid); ret->top = 0; ret->bottom = 0; @@ -1038,7 +1044,7 @@ ERR_STATE *ERR_get_state(void) /* To check if insertion failed, do a get. */ if (ERRFN(thread_get_item) (ret) != ret) { ERR_STATE_free(ret); /* could not insert it */ - return (&fallback); + return NULL; } /* * If a race occured in this function and we came second, tmpp is the @@ -1062,10 +1068,10 @@ void ERR_set_error_data(char *data, int flags) int i; es = ERR_get_state(); + if (es == NULL) + return; i = es->top; - if (i == 0) - i = ERR_NUM_ERRORS - 1; err_clear_data(es, i); es->err_data[i] = data; @@ -1117,6 +1123,8 @@ int ERR_set_mark(void) ERR_STATE *es; es = ERR_get_state(); + if (es == NULL) + return 0; if (es->bottom == es->top) return 0; @@ -1129,6 +1137,8 @@ int ERR_pop_to_mark(void) ERR_STATE *es; es = ERR_get_state(); + if (es == NULL) + return 0; while (es->bottom != es->top && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) { diff --git a/crypto/err/err.h b/crypto/err/err.h index 585aa8ba..f4236562 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -258,6 +258,7 @@ typedef struct err_state_st { # define SYS_F_WSASTARTUP 9/* Winsock stuff */ # define SYS_F_OPENDIR 10 # define SYS_F_FREAD 11 +# define SYS_F_FFLUSH 18 /* reasons */ # define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 6e352eff..25c808ea 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -77,7 +77,7 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), CRYPTO_THREADID_current(&cur); es = CRYPTO_THREADID_hash(&cur); while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, file, line, (flags & ERR_TXT_STRING) ? data : ""); if (cb(buf2, strlen(buf2), u) <= 0) diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 538b5202..5ad5a950 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -330,6 +330,14 @@ static int b64_read(BIO *b, char *out, int outl) (unsigned char *)ctx->tmp, i); ctx->tmp_len = 0; } + /* + * If eof or an error was signalled, then the condition + * 'ctx->cont <= 0' will prevent b64_read() from reading + * more data on subsequent calls. This assignment was + * deleted accidentally in commit 5562cfaca4f3. + */ + ctx->cont = i; + ctx->buf_off = 0; if (i < 0) { ret_code = 0; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 4db17962..d4274c57 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -124,12 +124,12 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); } EVP_MD_CTX *EVP_MD_CTX_create(void) { - EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx) EVP_MD_CTX_init(ctx); @@ -316,7 +316,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) } else tmp_buf = NULL; EVP_MD_CTX_cleanup(out); - memcpy(out, in, sizeof *out); + memcpy(out, in, sizeof(*out)); if (in->md_data && out->digest->ctx_size) { if (tmp_buf) @@ -402,7 +402,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) #ifdef OPENSSL_FIPS FIPS_md_ctx_cleanup(ctx); #endif - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); return 1; } diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 1734a823..3275c0c3 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1089,6 +1089,8 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, ctx->iv, &ctx->num, ctx->encrypt, dat->block); len -= MAXBITCHUNK; + out += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, @@ -1120,6 +1122,8 @@ BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { EVP_AES_GCM_CTX *gctx = c->cipher_data; + if (gctx == NULL) + return 0; OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); if (gctx->iv != c->iv) OPENSSL_free(gctx->iv); @@ -1235,10 +1239,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; /* Correct length for explicit IV */ + if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) + return 0; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; /* If decrypting correct for tag too */ - if (!c->encrypt) + if (!c->encrypt) { + if (len < EVP_GCM_TLS_TAG_LEN) + return 0; len -= EVP_GCM_TLS_TAG_LEN; + } c->buf[arg - 2] = len >> 8; c->buf[arg - 1] = len & 0xff; } diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 6dfd590a..b25fc6d5 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -579,12 +579,17 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; - ret &= constant_time_ge(maxpad, pad); + mask = constant_time_ge(maxpad, pad); + ret &= mask; + /* + * If pad is invalid then we will fail the above test but we must + * continue anyway because we are in constant time code. However, + * we'll use the maxpad value instead of the supplied pad to make + * sure we perform well defined pointer arithmetic. + */ + pad = constant_time_select(mask, pad, maxpad); inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); - mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); - inp_len &= mask; - ret &= (int)mask; key->aux.tls_aad[plen - 2] = inp_len >> 8; key->aux.tls_aad[plen - 1] = inp_len; @@ -859,6 +864,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; len -= AES_BLOCK_SIZE; p[arg - 2] = len >> 8; p[arg - 1] = len; diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 46c9d033..9a8a2ad7 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -507,10 +507,12 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, * to identify it and avoid stitch invocation. So that after we * establish that current CPU supports AVX, we even see if it's * either even XOP-capable Bulldozer-based or GenuineIntel one. + * But SHAEXT-capable go ahead... */ - if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */ - ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ - | (OPENSSL_ia32cap_P[0] & (1<<30))) && /* "Intel CPU"? */ + if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */ + ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */ + ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ + | (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */ plen > (sha_off + iv) && (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { SHA256_Update(&key->md, in + iv, sha_off); @@ -590,12 +592,17 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; - ret &= constant_time_ge(maxpad, pad); + mask = constant_time_ge(maxpad, pad); + ret &= mask; + /* + * If pad is invalid then we will fail the above test but we must + * continue anyway because we are in constant time code. However, + * we'll use the maxpad value instead of the supplied pad to make + * sure we perform well defined pointer arithmetic. + */ + pad = constant_time_select(mask, pad, maxpad); inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); - mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); - inp_len &= mask; - ret &= (int)mask; key->aux.tls_aad[plen - 2] = inp_len >> 8; key->aux.tls_aad[plen - 1] = inp_len; @@ -825,15 +832,19 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + unsigned int len; if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; + len = p[arg - 2] << 8 | p[arg - 1]; + if (ctx->encrypt) { key->payload_length = len; if ((key->aux.tls_ver = p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { + if (len < AES_BLOCK_SIZE) + return 0; len -= AES_BLOCK_SIZE; p[arg - 2] = len >> 8; p[arg - 1] = len; diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index f273f9c9..996aed2a 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -1,6 +1,6 @@ /* crypto/evp/e_camellia.c */ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -356,6 +356,8 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, ctx->iv, &ctx->num, ctx->encrypt, dat->block); len -= MAXBITCHUNK; + out += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 0e910d6d..ab8126e5 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -212,6 +212,8 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, size_t n; unsigned char c[1], d[1]; + if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) + inl *= 8; for (n = 0; n < inl; ++n) { c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; DES_ede3_cfb_encrypt(c, d, 1, 1, diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 39ab7937..1a40dbc4 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -1363,6 +1363,98 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); +void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + void EVP_add_alg_module(void); /* BEGIN ERROR CODES */ diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 0e40f09f..0c740d16 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -85,7 +85,7 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { - EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx) EVP_CIPHER_CTX_init(ctx); return ctx; @@ -182,6 +182,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, if (ctx->cipher->ctx_size) { ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); if (!ctx->cipher_data) { + ctx->cipher = NULL; EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } @@ -193,6 +194,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { + ctx->cipher = NULL; EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); return 0; } @@ -400,7 +402,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->buf); + OPENSSL_assert(b <= sizeof(ctx->buf)); if (b == 1) { *outl = 0; return 1; @@ -452,7 +454,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return EVP_EncryptUpdate(ctx, out, outl, in, inl); b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->final); + OPENSSL_assert(b <= sizeof(ctx->final)); if (ctx->final_used) { memcpy(out, ctx->final, b); @@ -518,7 +520,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); return (0); } - OPENSSL_assert(b <= sizeof ctx->final); + OPENSSL_assert(b <= sizeof(ctx->final)); /* * The following assumes that the ciphertext has been authenticated. @@ -649,11 +651,12 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) #endif EVP_CIPHER_CTX_cleanup(out); - memcpy(out, in, sizeof *out); + memcpy(out, in, sizeof(*out)); if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); if (!out->cipher_data) { + out->cipher = NULL; EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); return 0; } @@ -661,6 +664,10 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) } if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) - return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); + if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) { + out->cipher = NULL; + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR); + return 0; + } return 1; } diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 5be9e336..cdffe1c8 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -97,7 +97,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify) { - int ret; + int ret = -1; char buff[BUFSIZ]; UI *ui; @@ -105,16 +105,18 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, prompt = prompt_string; ui = UI_new(); if (ui == NULL) - return -1; - UI_add_input_string(ui, prompt, 0, buf, min, - (len >= BUFSIZ) ? BUFSIZ - 1 : len); - if (verify) - UI_add_verify_string(ui, prompt, 0, - buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len, - buf); + return ret; + if (UI_add_input_string(ui, prompt, 0, buf, min, + (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0 + || (verify + && UI_add_verify_string(ui, prompt, 0, buff, min, + (len >= BUFSIZ) ? BUFSIZ - 1 : len, + buf) < 0)) + goto end; ret = UI_process(ui); - UI_free(ui); OPENSSL_cleanse(buff, BUFSIZ); + end: + UI_free(ui); return ret; } diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 2bb709a0..bee7f6d1 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -116,7 +116,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (inl=chunk)\ {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ inl-=chunk;\ in +=chunk;\ out+=chunk;\ diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 7934c95f..5d2f04bf 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -161,9 +161,9 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); if (!pbe_obj) - BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); + BUF_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp)); else - i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); + i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; } diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 98796427..97a20830 100755 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -506,7 +506,7 @@ int main(int argc, char **argv) int an = 0; int tn = 0; - if (!fgets((char *)line, sizeof line, f)) + if (!fgets((char *)line, sizeof(line), f)) break; if (line[0] == '#' || line[0] == '\n') continue; diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c index 07decf26..24a358e5 100644 --- a/crypto/evp/openbsd_hw.c +++ b/crypto/evp/openbsd_hw.c @@ -111,7 +111,7 @@ static int dev_crypto_init(session_op *ses) close(cryptodev_fd); } assert(ses); - memset(ses, '\0', sizeof *ses); + memset(ses, '\0', sizeof(*ses)); return 1; } @@ -164,7 +164,7 @@ static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, assert(CDATA(ctx)); assert(!dev_failed); - memset(&cryp, '\0', sizeof cryp); + memset(&cryp, '\0', sizeof(cryp)); cryp.ses = CDATA(ctx)->ses; cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; cryp.flags = 0; @@ -329,7 +329,7 @@ static int do_digest(int ses, unsigned char *md, const void *data, int len) return 1; } - memset(&cryp, '\0', sizeof cryp); + memset(&cryp, '\0', sizeof(cryp)); cryp.ses = ses; cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check * it */ diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index f2ae1e57..46fefa9a 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -262,7 +262,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); - OPENSSL_assert(keylen <= sizeof key); + OPENSSL_assert(keylen <= sizeof(key)); /* Decode parameter */ diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 9668b3a9..2aaeb36d 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -188,6 +188,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) if (pmeth->init) { if (pmeth->init(ret) <= 0) { + ret->pmeth = NULL; EVP_PKEY_CTX_free(ret); return NULL; } @@ -341,6 +342,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) if (pctx->pmeth->copy(rctx, pctx) > 0) return rctx; + rctx->pmeth = NULL; EVP_PKEY_CTX_free(rctx); return NULL; @@ -613,3 +615,170 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl = ctrl; pmeth->ctrl_str = ctrl_str; } + +void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)) +{ + *pinit = pmeth->init; +} + +void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)) +{ + *pcopy = pmeth->copy; +} + +void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)) +{ + *pcleanup = pmeth->cleanup; +} + +void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)) +{ + if (pparamgen_init) + *pparamgen_init = pmeth->paramgen_init; + if (pparamgen) + *pparamgen = pmeth->paramgen; +} + +void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)) +{ + if (pkeygen_init) + *pkeygen_init = pmeth->keygen_init; + if (pkeygen) + *pkeygen = pmeth->keygen; +} + +void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)) +{ + if (psign_init) + *psign_init = pmeth->sign_init; + if (psign) + *psign = pmeth->sign; +} + +void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)) +{ + if (pverify_init) + *pverify_init = pmeth->verify_init; + if (pverify) + *pverify = pmeth->verify; +} + +void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)) +{ + if (pverify_recover_init) + *pverify_recover_init = pmeth->verify_recover_init; + if (pverify_recover) + *pverify_recover = pmeth->verify_recover; +} + +void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)) +{ + if (psignctx_init) + *psignctx_init = pmeth->signctx_init; + if (psignctx) + *psignctx = pmeth->signctx; +} + +void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)) +{ + if (pverifyctx_init) + *pverifyctx_init = pmeth->verifyctx_init; + if (pverifyctx) + *pverifyctx = pmeth->verifyctx; +} + +void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)) +{ + if (pencrypt_init) + *pencrypt_init = pmeth->encrypt_init; + if (pencryptfn) + *pencryptfn = pmeth->encrypt; +} + +void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)) +{ + if (pdecrypt_init) + *pdecrypt_init = pmeth->decrypt_init; + if (pdecrypt) + *pdecrypt = pmeth->decrypt; +} + +void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)) +{ + if (pderive_init) + *pderive_init = pmeth->derive_init; + if (pderive) + *pderive = pmeth->derive; +} + +void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)) +{ + if (pctrl) + *pctrl = pmeth->ctrl; + if (pctrl_str) + *pctrl_str = pmeth->ctrl_str; +} diff --git a/crypto/ex_data.c b/crypto/ex_data.c index f96a5178..723b21b3 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -331,7 +331,11 @@ static EX_CLASS_ITEM *def_get_class(int class_index) * from the insert will be NULL */ (void)lh_EX_CLASS_ITEM_insert(ex_data, gen); - p = gen; + p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d); + if (p != gen) { + sk_CRYPTO_EX_DATA_FUNCS_free(gen->meth); + OPENSSL_free(gen); + } } } } @@ -455,7 +459,7 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from) { int mx, j, i; - char *ptr; + void *ptr; CRYPTO_EX_DATA_FUNCS **storage = NULL; EX_CLASS_ITEM *item; if (!from->sk) @@ -469,6 +473,15 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, if (j < mx) mx = j; if (mx > 0) { + /* + * Make sure the ex_data stack is at least |mx| elements long to avoid + * issues in the for loop that follows; so go get the |mx|'th element + * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign + * to itself. This is normally a no-op; but ensures the stack is the + * proper size + */ + if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1))) + goto skip; storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); if (!storage) goto skip; @@ -499,11 +512,12 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) int mx, i; EX_CLASS_ITEM *item; void *ptr; + CRYPTO_EX_DATA_FUNCS *f; CRYPTO_EX_DATA_FUNCS **storage = NULL; if (ex_data == NULL) - return; + goto err; if ((item = def_get_class(class_index)) == NULL) - return; + goto err; CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); if (mx > 0) { @@ -515,23 +529,23 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) } skip: CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); - if ((mx > 0) && !storage) { - CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE); - return; - } for (i = 0; i < mx; i++) { - if (storage[i] && storage[i]->free_func) { + if (storage != NULL) + f = storage[i]; + else { + CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); + f = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); + CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); + } + if (f != NULL && f->free_func != NULL) { ptr = CRYPTO_get_ex_data(ad, i); - storage[i]->free_func(obj, ptr, ad, i, - storage[i]->argl, storage[i]->argp); + f->free_func(obj, ptr, ad, i, f->argl, f->argp); } } - if (storage) - OPENSSL_free(storage); - if (ad->sk) { - sk_void_free(ad->sk); - ad->sk = NULL; - } + OPENSSL_free(storage); + err: + sk_void_free(ad->sk); + ad->sk = NULL; } /********************************************************************/ diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index 0ffff79c..0a59a01c 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -99,15 +99,18 @@ static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) sctx = src->data; dctx = dst->data; dctx->md = sctx->md; - HMAC_CTX_init(&dctx->ctx); if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) - return 0; - if (sctx->ktmp.data) { + goto err; + if (sctx->ktmp.data != NULL) { if (!ASN1_OCTET_STRING_set(&dctx->ktmp, sctx->ktmp.data, sctx->ktmp.length)) - return 0; + goto err; } return 1; + err: + HMAC_CTX_cleanup(&dctx->ctx); + OPENSSL_free(dctx); + return 0; } static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 213504e8..023ec456 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -234,7 +234,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx) EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); - OPENSSL_cleanse(ctx, sizeof *ctx); + OPENSSL_cleanse(ctx, sizeof(*ctx)); } unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index 2ba75f01..daf27228 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -108,14 +108,14 @@ static void JPAKE_CTX_release(JPAKE_CTX *ctx) OPENSSL_free(ctx->p.peer_name); OPENSSL_free(ctx->p.name); - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); } JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, const BIGNUM *secret) { - JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + JPAKE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx == NULL) return NULL; @@ -460,7 +460,7 @@ void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a) int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx) { quickhashbn(send->hhk, ctx->key); - SHA1(send->hhk, sizeof send->hhk, send->hhk); + SHA1(send->hhk, sizeof(send->hhk), send->hhk); return 1; } @@ -470,8 +470,8 @@ int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received) unsigned char hhk[SHA_DIGEST_LENGTH]; quickhashbn(hhk, ctx->key); - SHA1(hhk, sizeof hhk, hhk); - if (memcmp(hhk, received->hhk, sizeof hhk)) { + SHA1(hhk, sizeof(hhk), hhk); + if (memcmp(hhk, received->hhk, sizeof(hhk))) { JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH); return 0; @@ -499,7 +499,7 @@ int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received) unsigned char hk[SHA_DIGEST_LENGTH]; quickhashbn(hk, ctx->key); - if (memcmp(hk, received->hk, sizeof hk)) { + if (memcmp(hk, received->hk, sizeof(hk))) { JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH); return 0; } diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index f20353ae..51bb258e 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -101,6 +101,24 @@ #include #include +/* + * A hashing implementation that appears to be based on the linear hashing + * alogrithm: + * https://en.wikipedia.org/wiki/Linear_hashing + * + * Litwin, Witold (1980), "Linear hashing: A new tool for file and table + * addressing", Proc. 6th Conference on Very Large Databases: 212-223 + * http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf + * + * From the wikipedia article "Linear hashing is used in the BDB Berkeley + * database system, which in turn is used by many software systems such as + * OpenLDAP, using a C implementation derived from the CACM article and first + * published on the Usenet in 1988 by Esmond Pitt." + * + * The CACM paper is available here: + * https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf + */ + const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT; #undef MIN_NODES @@ -108,7 +126,7 @@ const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT; #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ -static void expand(_LHASH *lh); +static int expand(_LHASH *lh); static void contract(_LHASH *lh); static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); @@ -182,8 +200,9 @@ void *lh_insert(_LHASH *lh, void *data) void *ret; lh->error = 0; - if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) - expand(lh); + if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes) + && !expand(lh)) + return NULL; rn = getrn(lh, data, &hash); @@ -300,19 +319,37 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); } -static void expand(_LHASH *lh) +static int expand(_LHASH *lh) { LHASH_NODE **n, **n1, **n2, *np; - unsigned int p, i, j; - unsigned long hash, nni; + unsigned int p, pmax, nni, j; + unsigned long hash; + + nni = lh->num_alloc_nodes; + p = lh->p; + pmax = lh->pmax; + if (p + 1 >= pmax) { + j = nni * 2; + n = OPENSSL_realloc(lh->b, (int)(sizeof(LHASH_NODE *) * j)); + if (n == NULL) { + lh->error++; + return 0; + } + lh->b = n; + memset(n + nni, 0, sizeof(*n) * (j - nni)); + lh->pmax = nni; + lh->num_alloc_nodes = j; + lh->num_expand_reallocs++; + lh->p = 0; + } else { + lh->p++; + } lh->num_nodes++; lh->num_expands++; - p = (int)lh->p++; n1 = &(lh->b[p]); - n2 = &(lh->b[p + (int)lh->pmax]); - *n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */ - nni = lh->num_alloc_nodes; + n2 = &(lh->b[p + pmax]); + *n2 = NULL; for (np = *n1; np != NULL;) { #ifndef OPENSSL_NO_HASH_COMP @@ -330,25 +367,7 @@ static void expand(_LHASH *lh) np = *n1; } - if ((lh->p) >= lh->pmax) { - j = (int)lh->num_alloc_nodes * 2; - n = (LHASH_NODE **)OPENSSL_realloc(lh->b, - (int)(sizeof(LHASH_NODE *) * j)); - if (n == NULL) { - lh->error++; - lh->num_nodes--; - lh->p = 0; - return; - } - /* else */ - for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */ - n[i] = NULL; /* 02/03/92 eay */ - lh->pmax = lh->num_alloc_nodes; - lh->num_alloc_nodes = j; - lh->num_expand_reallocs++; - lh->p = 0; - lh->b = n; - } + return 1; } static void contract(_LHASH *lh) diff --git a/crypto/md4/md4.c b/crypto/md4/md4.c index c9fab666..a79997f8 100644 --- a/crypto/md4/md4.c +++ b/crypto/md4/md4.c @@ -102,7 +102,7 @@ void do_fp(FILE *f) fd = fileno(f); MD4_Init(&c); for (;;) { - i = read(fd, buf, sizeof buf); + i = read(fd, buf, sizeof(buf)); if (i <= 0) break; MD4_Update(&c, buf, (unsigned long)i); diff --git a/crypto/mem.c b/crypto/mem.c index 06c3960c..dd4c9ce9 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -150,12 +150,12 @@ static long (*get_debug_options_func) (void) = NULL; int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), void (*f) (void *)) { - /* Dummy call just to ensure OPENSSL_init() gets linked in */ - OPENSSL_init(); if (!allow_customize) return 0; if ((m == 0) || (r == 0) || (f == 0)) return 0; + /* Dummy call just to ensure OPENSSL_init() gets linked in */ + OPENSSL_init(); malloc_func = m; malloc_ex_func = default_malloc_ex; realloc_func = r; diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 8525ded7..218ca8eb 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -635,14 +635,14 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) struct tm *lcl = NULL; CRYPTO_THREADID ti; -#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) +#define BUF_REMAIN (sizeof(buf) - (size_t)(bufp - buf)) if (m->addr == (char *)l->bio) return; if (options & V_CRYPTO_MDEBUG_TIME) { lcl = localtime(&m->time); - + BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", lcl->tm_hour, lcl->tm_min, lcl->tm_sec); bufp += strlen(bufp); @@ -679,7 +679,7 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) ami_cnt++; memset(buf, '>', ami_cnt); - BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, + BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt, " thread=%lu, file=%s, line=%d, info=\"", CRYPTO_THREADID_hash(&amip->threadid), amip->file, amip->line); @@ -689,10 +689,10 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); buf_len = 128 - 3; } else { - BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); + BUF_strlcpy(buf + buf_len, amip->info, sizeof(buf) - buf_len); buf_len = strlen(buf); } - BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); + BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n"); BIO_puts(l->bio, buf); diff --git a/crypto/o_dir.c b/crypto/o_dir.c index f9dbed87..fb3b2fd8 100644 --- a/crypto/o_dir.c +++ b/crypto/o_dir.c @@ -73,7 +73,8 @@ #include "o_dir.h" #define LPDIR_H -#if defined OPENSSL_SYS_UNIX || defined DJGPP +#if defined OPENSSL_SYS_UNIX || defined DJGPP \ + || (defined __VMS_VER && __VMS_VER >= 70000000) # include "LPdir_unix.c" #elif defined OPENSSL_SYS_VMS # include "LPdir_vms.c" diff --git a/crypto/o_init.c b/crypto/o_init.c index 185841ea..18bb8589 100644 --- a/crypto/o_init.c +++ b/crypto/o_init.c @@ -58,6 +58,11 @@ #ifdef OPENSSL_FIPS # include # include + +# ifndef OPENSSL_NO_DEPRECATED +/* the prototype is missing in */ +void FIPS_crypto_set_id_callback(unsigned long (*func)(void)); +# endif #endif /* diff --git a/crypto/o_time.c b/crypto/o_time.c index b99e5990..61927439 100755 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -8,7 +8,7 @@ * 2008. */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -105,12 +105,9 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) { struct tm *ts = NULL; -#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) - /* - * should return &data, but doesn't on some systems, so we don't even - * look at the return value - */ - gmtime_r(timer, result); +#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_SUNOS) + if (gmtime_r(timer, result) == NULL) + return NULL; ts = result; #elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) ts = gmtime(timer); @@ -144,14 +141,14 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) pitem->ileb_64$w_mbo = 1; pitem->ileb_64$w_code = LNM$_STRING; pitem->ileb_64$l_mbmo = -1; - pitem->ileb_64$q_length = sizeof (logvalue); + pitem->ileb_64$q_length = sizeof(logvalue); pitem->ileb_64$pq_bufaddr = logvalue; pitem->ileb_64$pq_retlen_addr = (unsigned __int64 *) &reslen; pitem++; /* Last item of the item list is null terminated */ pitem->ileb_64$q_length = pitem->ileb_64$w_code = 0; # else - pitem->ile3$w_length = sizeof (logvalue); + pitem->ile3$w_length = sizeof(logvalue); pitem->ile3$w_code = LNM$_STRING; pitem->ile3$ps_bufaddr = logvalue; pitem->ile3$ps_retlen_addr = (unsigned short int *) &reslen; diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index f106905f..b8bdc5c5 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -312,13 +312,13 @@ void OBJ_NAME_do_all_sorted(int type, d.type = type; d.names = - OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); + OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof(*d.names)); /* Really should return an error if !d.names...but its a void function! */ if (d.names) { d.n = 0; OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); + qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp); for (n = 0; n < d.n; ++n) fn(d.names[n], arg); diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index aca382a6..315afa9d 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -305,9 +305,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj) for (i = ADDED_DATA; i <= ADDED_NID; i++) if (ao[i] != NULL) OPENSSL_free(ao[i]); - if (o != NULL) - OPENSSL_free(o); - return (NID_undef); + ASN1_OBJECT_free(o); + return NID_undef; } ASN1_OBJECT *OBJ_nid2obj(int n) @@ -591,7 +590,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) n += i; OPENSSL_free(bndec); } else { - BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l); + BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l); i = strlen(tbuf); if (buf && (buf_len > 0)) { BUF_strlcpy(buf, tbuf, buf_len); @@ -725,6 +724,10 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, return (p); } +/* + * Parse a BIO sink to create some extra oid's objects. + * Line format: + */ int OBJ_create_objects(BIO *in) { MS_STATIC char buf[512]; @@ -746,9 +749,9 @@ int OBJ_create_objects(BIO *in) *(s++) = '\0'; while (isspace((unsigned char)*s)) s++; - if (*s == '\0') + if (*s == '\0') { s = NULL; - else { + } else { l = s; while ((*l != '\0') && !isspace((unsigned char)*l)) l++; @@ -756,15 +759,18 @@ int OBJ_create_objects(BIO *in) *(l++) = '\0'; while (isspace((unsigned char)*l)) l++; - if (*l == '\0') + if (*l == '\0') { l = NULL; - } else + } + } else { l = NULL; + } } - } else + } else { s = NULL; - if ((o == NULL) || (*o == '\0')) - return (num); + } + if (*o == '\0') + return num; if (!OBJ_create(o, s, l)) return (num); num++; diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index d4a257c3..7a7d0609 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, goto end; } } + } else if (certs != NULL) { + untrusted = certs; } else { untrusted = bs->certs; } diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 88faad65..77f124e2 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100020afL +# define OPENSSL_VERSION_NUMBER 0x100020ffL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o 27 Mar 2018" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 4d736a1d..0994020d 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -354,7 +354,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, /* create the right magic header stuff */ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= - sizeof buf); + sizeof(buf)); buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index c82b3c0a..4d5f053e 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -406,7 +406,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, OPENSSL_cleanse(buf, PEM_BUFSIZE); OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= - sizeof buf); + sizeof(buf)); buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); @@ -536,7 +536,8 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) ((c >= '0') && (c <= '9')))) break; #else - if (!(isupper(c) || (c == '-') || isdigit(c))) + if (!(isupper((unsigned char)c) || (c == '-') + || isdigit((unsigned char)c))) break; #endif header++; diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 5747c736..daf210fd 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -178,6 +178,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); + OPENSSL_cleanse(psbuf, klen); if (!p8inf) return NULL; ret = EVP_PKCS82PKEY(p8inf); diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 04d6319a..e8b3a1b9 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -120,6 +120,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); + OPENSSL_cleanse(psbuf, klen); if (!p8inf) goto p8err; ret = EVP_PKCS82PKEY(p8inf); diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index 7a3dd04b..444a5442 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -206,8 +206,9 @@ } sprintf "\$%s",$self->{value}; } else { - $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm); - sprintf "%s",$self->{value}; + my $value = $self->{value}; + $value =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm); + sprintf "%s",$value; } } } @@ -407,7 +408,7 @@ } } } -{ package expr; # pick up expressioins +{ package expr; # pick up expressions sub re { my $self = shift; # single instance is enough... local *line = shift; @@ -970,7 +971,7 @@ sub rxb { # the area above user stack pointer in true asynchronous manner... # # All the above means that if assembler programmer adheres to Unix -# register and stack layout, but disregards the "red zone" existense, +# register and stack layout, but disregards the "red zone" existence, # it's possible to use following prologue and epilogue to "gear" from # Unix to Win64 ABI in leaf functions with not more than 6 arguments. # diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index 9aa3c90c..1841f78f 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -84,6 +84,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, { STACK_OF(X509) *ocerts = NULL; X509 *x = NULL; + + if (pkey) + *pkey = NULL; + if (cert) + *cert = NULL; + /* Check for NULL PKCS12 structure */ if (!p12) { @@ -92,11 +98,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, return 0; } - if (pkey) - *pkey = NULL; - if (cert) - *cert = NULL; - /* Check the mac */ /* @@ -125,7 +126,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, if (!ocerts) { PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { @@ -163,10 +164,14 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, err: - if (pkey && *pkey) + if (pkey) { EVP_PKEY_free(*pkey); - if (cert && *cert) + *pkey = NULL; + } + if (cert) { X509_free(*cert); + *cert = NULL; + } if (x) X509_free(x); if (ocerts) diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index cbf34da0..b1f7381a 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -159,7 +159,10 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type) { - if (!(p12->mac = PKCS12_MAC_DATA_new())) + PKCS12_MAC_DATA_free(p12->mac); + p12->mac = NULL; + + if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) return PKCS12_ERROR; if (iter > 1) { if (!(p12->mac->iter = M_ASN1_INTEGER_new())) { diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 6cf8253b..6a463680 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -375,16 +375,18 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) } if (bio == NULL) { - if (PKCS7_is_detached(p7)) + if (PKCS7_is_detached(p7)) { bio = BIO_new(BIO_s_null()); - else if (os && os->length > 0) + } else if (os && os->length > 0) { bio = BIO_new_mem_buf(os->data, os->length); - if (bio == NULL) { + } else { bio = BIO_new(BIO_s_mem()); if (bio == NULL) goto err; BIO_set_mem_eof_return(bio, 0); } + if (bio == NULL) + goto err; } if (out) BIO_push(out, bio); diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index bd76e23e..a7af9f9d 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -238,7 +238,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) md_c[0] = md_count[0]; md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); + memcpy(local_md, md, sizeof(md)); /* state_index <= state_num <= STATE_SIZE */ state_index += num; @@ -266,17 +266,21 @@ static void ssleay_rand_add(const void *buf, int num, double add) j = (num - i); j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; - MD_Init(&m); - MD_Update(&m, local_md, MD_DIGEST_LENGTH); + if (!MD_Init(&m) || + !MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + goto err; k = (st_idx + j) - STATE_SIZE; if (k > 0) { - MD_Update(&m, &(state[st_idx]), j - k); - MD_Update(&m, &(state[0]), k); + if (!MD_Update(&m, &(state[st_idx]), j - k) || + !MD_Update(&m, &(state[0]), k)) + goto err; } else - MD_Update(&m, &(state[st_idx]), j); + if (!MD_Update(&m, &(state[st_idx]), j)) + goto err; /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ - MD_Update(&m, buf, j); + if (!MD_Update(&m, buf, j)) + goto err; /* * We know that line may cause programs such as purify and valgrind * to complain about use of uninitialized data. The problem is not, @@ -285,8 +289,9 @@ static void ssleay_rand_add(const void *buf, int num, double add) * insecure keys. */ - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); - MD_Final(&m, local_md); + if (!MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)) || + !MD_Final(&m, local_md)) + goto err; md_c[1]++; buf = (const char *)buf + j; @@ -305,7 +310,6 @@ static void ssleay_rand_add(const void *buf, int num, double add) st_idx = 0; } } - EVP_MD_CTX_cleanup(&m); if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); @@ -326,6 +330,9 @@ static void ssleay_rand_add(const void *buf, int num, double add) #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) assert(md_c[1] == md_count[1]); #endif + + err: + EVP_MD_CTX_cleanup(&m); } static void ssleay_rand_seed(const void *buf, int num) @@ -447,7 +454,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) st_num = state_num; md_c[0] = md_count[0]; md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); + memcpy(local_md, md, sizeof(md)); state_index += num_ceil; if (state_index > state_num) @@ -469,15 +476,18 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) /* num_ceil -= MD_DIGEST_LENGTH/2 */ j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; num -= j; - MD_Init(&m); + if (!MD_Init(&m)) + goto err; #ifndef GETPID_IS_MEANINGLESS if (curr_pid) { /* just in the first iteration to save time */ - MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid); + if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof(curr_pid))) + goto err; curr_pid = 0; } #endif - MD_Update(&m, local_md, MD_DIGEST_LENGTH); - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + if (!MD_Update(&m, local_md, MD_DIGEST_LENGTH) || + !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c))) + goto err; #ifndef PURIFY /* purify complains */ /* @@ -487,16 +497,21 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) * builds it is not used: the removal of such a small source of * entropy has negligible impact on security. */ - MD_Update(&m, buf, j); + if (!MD_Update(&m, buf, j)) + goto err; #endif k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; if (k > 0) { - MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k); - MD_Update(&m, &(state[0]), k); - } else - MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2); - MD_Final(&m, local_md); + if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k) || + !MD_Update(&m, &(state[0]), k)) + goto err; + } else { + if (!MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) + goto err; + } + if (!MD_Final(&m, local_md)) + goto err; for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { /* may compete with other threads */ @@ -508,13 +523,18 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) } } - MD_Init(&m); - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); - MD_Update(&m, local_md, MD_DIGEST_LENGTH); + if (!MD_Init(&m) || + !MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)) || + !MD_Update(&m, local_md, MD_DIGEST_LENGTH)) + goto err; if (lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); - MD_Update(&m, md, MD_DIGEST_LENGTH); - MD_Final(&m, md); + if (!MD_Update(&m, md, MD_DIGEST_LENGTH) || + !MD_Final(&m, md)) { + if (lock) + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + goto err; + } if (lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); @@ -529,6 +549,10 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) "http://www.openssl.org/support/faq.html"); return (0); } + + err: + EVP_MD_CTX_cleanup(&m); + return (0); } static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num) diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 737aebfa..66fb14c8 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -148,7 +148,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) addr.sun_family = AF_UNIX; if (strlen(path) >= sizeof(addr.sun_path)) return (-1); - BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path); + BUF_strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); len = offsetof(struct sockaddr_un, sun_path) + strlen(path); fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 6c5b65da..097e4099 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -181,15 +181,15 @@ int RAND_poll(void) */ curr_gid = getgid(); - RAND_add(&curr_gid, sizeof curr_gid, 1); + RAND_add(&curr_gid, sizeof(curr_gid), 1); curr_gid = 0; curr_pid = getpid(); - RAND_add(&curr_pid, sizeof curr_pid, 1); + RAND_add(&curr_pid, sizeof(curr_pid), 1); curr_pid = 0; curr_uid = getuid(); - RAND_add(&curr_uid, sizeof curr_uid, 1); + RAND_add(&curr_uid, sizeof(curr_uid), 1); curr_uid = 0; for (i = 0; i < (ENTROPY_NEEDED * 4); i++) { @@ -217,7 +217,7 @@ int RAND_poll(void) /* take 8 bits */ v = (unsigned char)(ts.tv_nsec % 256); - RAND_add(&v, sizeof v, 1); + RAND_add(&v, sizeof(v), 1); v = 0; } return 1; @@ -402,7 +402,7 @@ int RAND_poll(void) # if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) if (n > 0) { - RAND_add(tmpbuf, sizeof tmpbuf, (double)n); + RAND_add(tmpbuf, sizeof(tmpbuf), (double)n); OPENSSL_cleanse(tmpbuf, n); } # endif diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 06670ae0..b4be3097 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -196,6 +196,8 @@ typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE); # endif /* 1 */ # endif /* !OPENSSL_SYS_WINCE */ +#define NOTTOOLONG(start) ((GetTickCount() - (start)) < MAXDELAY) + int RAND_poll(void) { MEMORYSTATUS m; @@ -466,9 +468,7 @@ int RAND_poll(void) do RAND_add(&hentry, hentry.dwSize, 5); while (heap_next(&hentry) - && (!good - || (GetTickCount() - starttime) < - MAXDELAY) + && (!good || NOTTOOLONG(starttime)) && --entrycnt > 0); } } @@ -480,8 +480,7 @@ int RAND_poll(void) ex_cnt_limit--; } } while (heaplist_next(handle, &hlist) - && (!good - || (GetTickCount() - starttime) < MAXDELAY) + && (!good || NOTTOOLONG(starttime)) && ex_cnt_limit > 0); } # else @@ -496,11 +495,11 @@ int RAND_poll(void) do RAND_add(&hentry, hentry.dwSize, 5); while (heap_next(&hentry) + && (!good || NOTTOOLONG(starttime)) && --entrycnt > 0); } } while (heaplist_next(handle, &hlist) - && (!good - || (GetTickCount() - starttime) < MAXDELAY)); + && (!good || NOTTOOLONG(starttime))); } # endif @@ -518,8 +517,7 @@ int RAND_poll(void) do RAND_add(&p, p.dwSize, 9); while (process_next(handle, &p) - && (!good - || (GetTickCount() - starttime) < MAXDELAY)); + && (!good || NOTTOOLONG(starttime))); /* thread walking */ /* @@ -533,8 +531,7 @@ int RAND_poll(void) do RAND_add(&t, t.dwSize, 6); while (thread_next(handle, &t) - && (!good - || (GetTickCount() - starttime) < MAXDELAY)); + && (!good || NOTTOOLONG(starttime))); /* module walking */ /* @@ -548,8 +545,7 @@ int RAND_poll(void) do RAND_add(&m, m.dwSize, 9); while (module_next(handle, &m) - && (!good - || (GetTickCount() - starttime) < MAXDELAY)); + && (!good || NOTTOOLONG(starttime))); if (close_snap) close_snap(handle); else @@ -708,14 +704,13 @@ static void readscreen(void) hBitmap = CreateCompatibleBitmap(hScrDC, w, n); /* Get bitmap properties */ - GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm); - size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; - - bi.biSize = sizeof(BITMAPINFOHEADER); + GetObject(hBitmap, sizeof(bm), (LPSTR)&bm); + size = (unsigned int)4 * bm.bmHeight * bm.bmWidth; + bi.biSize = sizeof(bi); bi.biWidth = bm.bmWidth; bi.biHeight = bm.bmHeight; - bi.biPlanes = bm.bmPlanes; - bi.biBitCount = bm.bmBitsPixel; + bi.biPlanes = 1; + bi.biBitCount = 32; bi.biCompression = BI_RGB; bi.biSizeImage = 0; bi.biXPelsPerMeter = 0; @@ -731,7 +726,7 @@ static void readscreen(void) /* Copy the bits of the current line range into the buffer */ GetDIBits(hScrDC, hBitmap, y, n, - bmbits, (BITMAPINFO *) & bi, DIB_RGB_COLORS); + bmbits, (LPBITMAPINFO)&bi, DIB_RGB_COLORS); /* Get the hash of the bitmap */ MD(bmbits, size, md); diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 951e1d5c..ddead3d7 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, return 2; } +#ifndef OPENSSL_NO_CMS static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { @@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, return pss; } -#ifndef OPENSSL_NO_CMS static int rsa_cms_decrypt(CMS_RecipientInfo *ri) { EVP_PKEY_CTX *pkctx; diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index 5c416b53..68f2981c 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -219,7 +219,7 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) * if PRNG is not properly seeded, resort to secret exponent as * unpredictable seed */ - RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); + RAND_add(rsa->d->d, rsa->d->dmax * sizeof(rsa->d->d[0]), 0.0); } if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 7f7dca39..b5e76791 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -109,6 +109,17 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BIGNUM *pr0, *d, *p; int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; + unsigned long error = 0; + + /* + * When generating ridiculously small keys, we can get stuck + * continually regenerating the same prime values. + */ + if (bits < 16) { + ok = 0; /* we set our own err */ + RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); + goto err; + } ctx = BN_CTX_new(); if (ctx == NULL) @@ -144,43 +155,51 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_copy(rsa->e, e_value); + BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } if (!BN_GENCB_call(cb, 2, n++)) goto err; } if (!BN_GENCB_call(cb, 3, 0)) goto err; for (;;) { - /* - * When generating ridiculously small keys, we can get stuck - * continually regenerating the same prime values. Check for this and - * bail if it happens 3 times. - */ - unsigned int degenerate = 0; do { if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) goto err; - } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); - if (degenerate == 3) { - ok = 0; /* we set our own err */ - RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); - goto err; - } + } while (BN_cmp(rsa->p, rsa->q) == 0); if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } if (!BN_GENCB_call(cb, 2, n++)) goto err; } diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 9c2a943c..5a342e81 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -233,10 +233,14 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_OAEP_DECODING_ERROR); cleanup: - if (db != NULL) + if (db != NULL) { + OPENSSL_cleanse(db, dblen); OPENSSL_free(db); - if (em != NULL) + } + if (em != NULL) { + OPENSSL_cleanse(em, num); OPENSSL_free(em); + } return mlen; } diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index efa1fd3e..50397c33 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -255,8 +255,6 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * We can't continue in constant-time because we need to copy the result * and we cannot fake its length. This unavoidably leaks timing * information at the API boundary. - * TODO(emilia): this could be addressed at the call site, - * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26. */ if (!good) { mlen = -1; @@ -266,8 +264,10 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, memcpy(to, em + msg_index, mlen); err: - if (em != NULL) + if (em != NULL) { + OPENSSL_cleanse(em, num); OPENSSL_free(em); + } if (mlen == -1) RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 94db87a0..00e730ff 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -180,27 +180,25 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) * FIPS mode. */ -static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx) +static int pkey_fips_check_rsa(const RSA *rsa, const EVP_MD **pmd, + const EVP_MD **pmgf1md) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey.rsa; int rv = -1; + if (!FIPS_mode()) return 0; if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) rv = 0; if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv) return -1; - if (rctx->md) { - const EVP_MD *fmd; - fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md)); - if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS)) + if (*pmd != NULL) { + *pmd = FIPS_get_digestbynid(EVP_MD_type(*pmd)); + if (*pmd == NULL || !((*pmd)->flags & EVP_MD_FLAG_FIPS)) return rv; } - if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) { - const EVP_MD *fmd; - fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md)); - if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS)) + if (*pmgf1md != NULL) { + *pmgf1md = FIPS_get_digestbynid(EVP_MD_type(*pmgf1md)); + if (*pmgf1md == NULL || !((*pmgf1md)->flags & EVP_MD_FLAG_FIPS)) return rv; } return 1; @@ -214,27 +212,27 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int ret; RSA_PKEY_CTX *rctx = ctx->data; RSA *rsa = ctx->pkey->pkey.rsa; + const EVP_MD *md = rctx->md; + const EVP_MD *mgf1md = rctx->mgf1md; #ifdef OPENSSL_FIPS - ret = pkey_fips_check_ctx(ctx); + ret = pkey_fips_check_rsa(rsa, &md, &mgf1md); if (ret < 0) { RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); return -1; } #endif - if (rctx->md) { - if (tbslen != (size_t)EVP_MD_size(rctx->md)) { + if (md != NULL) { + if (tbslen != (size_t)EVP_MD_size(md)) { RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); return -1; } #ifdef OPENSSL_FIPS if (ret > 0) { unsigned int slen; - ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, - rctx->pad_mode, - rctx->saltlen, - rctx->mgf1md, sig, &slen); + ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, md, rctx->pad_mode, + rctx->saltlen, mgf1md, sig, &slen); if (ret > 0) *siglen = slen; else @@ -243,12 +241,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, } #endif - if (EVP_MD_type(rctx->md) == NID_mdc2) { + if (EVP_MD_type(md) == NID_mdc2) { unsigned int sltmp; if (rctx->pad_mode != RSA_PKCS1_PADDING) return -1; - ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, - tbs, tbslen, sig, &sltmp, rsa); + ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen, sig, &sltmp, + rsa); if (ret <= 0) return ret; @@ -263,23 +261,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, return -1; } memcpy(rctx->tbuf, tbs, tbslen); - rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); + rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(md)); ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, sig, rsa, RSA_X931_PADDING); } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { unsigned int sltmp; - ret = RSA_sign(EVP_MD_type(rctx->md), - tbs, tbslen, sig, &sltmp, rsa); + ret = RSA_sign(EVP_MD_type(md), tbs, tbslen, sig, &sltmp, rsa); if (ret <= 0) return ret; ret = sltmp; } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { if (!setup_tbuf(rctx, ctx)) return -1; - if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, - rctx->tbuf, tbs, - rctx->md, rctx->mgf1md, - rctx->saltlen)) + if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs, + md, mgf1md, rctx->saltlen)) return -1; ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, sig, rsa, RSA_NO_PADDING); @@ -348,31 +343,34 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, { RSA_PKEY_CTX *rctx = ctx->data; RSA *rsa = ctx->pkey->pkey.rsa; + const EVP_MD *md = rctx->md; + const EVP_MD *mgf1md = rctx->mgf1md; size_t rslen; + #ifdef OPENSSL_FIPS - int rv; - rv = pkey_fips_check_ctx(ctx); + int rv = pkey_fips_check_rsa(rsa, &md, &mgf1md); + if (rv < 0) { RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); return -1; } #endif - if (rctx->md) { + if (md != NULL) { #ifdef OPENSSL_FIPS if (rv > 0) { - return FIPS_rsa_verify_digest(rsa, - tbs, tbslen, - rctx->md, - rctx->pad_mode, - rctx->saltlen, - rctx->mgf1md, sig, siglen); + return FIPS_rsa_verify_digest(rsa, tbs, tbslen, md, rctx->pad_mode, + rctx->saltlen, mgf1md, sig, siglen); } #endif if (rctx->pad_mode == RSA_PKCS1_PADDING) - return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, + return RSA_verify(EVP_MD_type(md), tbs, tbslen, sig, siglen, rsa); + if (tbslen != (size_t)EVP_MD_size(md)) { + RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); + return -1; + } if (rctx->pad_mode == RSA_X931_PADDING) { if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0) return 0; @@ -384,8 +382,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, rsa, RSA_NO_PADDING); if (ret <= 0) return 0; - ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, - rctx->md, rctx->mgf1md, + ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, md, mgf1md, rctx->tbuf, rctx->saltlen); if (ret <= 0) return 0; @@ -442,19 +439,14 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, int ret; RSA_PKEY_CTX *rctx = ctx->data; if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { - int i; if (!setup_tbuf(rctx, ctx)) return -1; ret = RSA_private_decrypt(inlen, in, rctx->tbuf, ctx->pkey->pkey.rsa, RSA_NO_PADDING); if (ret <= 0) return ret; - for (i = 0; i < ret; i++) { - if (rctx->tbuf[i]) - break; - } - ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf + i, - ret - i, ret, + ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf, + ret, ret, rctx->oaep_label, rctx->oaep_labellen, rctx->md, rctx->mgf1md); diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 41bc0844..3c9250ba 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -122,7 +122,11 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, EM++; emLen--; } - if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */ + if (emLen < hLen + 2) { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); + goto err; + } + if (sLen > emLen - hLen - 2) { /* sLen can be small negative */ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); goto err; } @@ -153,7 +157,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, goto err; } if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(&ctx, zeroes, sizeof(zeroes)) || !EVP_DigestUpdate(&ctx, mHash, hLen)) goto err; if (maskedDBLen - i) { @@ -222,9 +226,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, *EM++ = 0; emLen--; } + if (emLen < hLen + 2) { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } if (sLen == -2) { sLen = emLen - hLen - 2; - } else if (emLen < (hLen + sLen + 2)) { + } else if (sLen > emLen - hLen - 2) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; @@ -243,7 +252,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, H = EM + maskedDBLen; EVP_MD_CTX_init(&ctx); if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(&ctx, zeroes, sizeof(zeroes)) || !EVP_DigestUpdate(&ctx, mHash, hLen)) goto err; if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index 85c7440b..ed78f010 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -226,7 +226,7 @@ int main(int argc, char *argv[]) CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or OAEP may fail */ plen = sizeof(ptext_ex) - 1; diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index 4fee74d8..750216eb 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -205,7 +205,7 @@ sub BODY_16_XX { #if __ARM_ARCH__<7 sub r3,pc,#8 @ sha256_block_data_order #else - adr r3,sha256_block_data_order + adr r3,. #endif #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap diff --git a/crypto/srp/srp_grps.h b/crypto/srp/srp_grps.h index 31312de1..f76652cb 100644 --- a/crypto/srp/srp_grps.h +++ b/crypto/srp/srp_grps.h @@ -21,8 +21,8 @@ static BN_ULONG bn_group_1024_value[] = { static BIGNUM bn_group_1024 = { bn_group_1024_value, - (sizeof bn_group_1024_value) / sizeof(BN_ULONG), - (sizeof bn_group_1024_value) / sizeof(BN_ULONG), + (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -56,8 +56,8 @@ static BN_ULONG bn_group_1536_value[] = { static BIGNUM bn_group_1536 = { bn_group_1536_value, - (sizeof bn_group_1536_value) / sizeof(BN_ULONG), - (sizeof bn_group_1536_value) / sizeof(BN_ULONG), + (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -99,8 +99,8 @@ static BN_ULONG bn_group_2048_value[] = { static BIGNUM bn_group_2048 = { bn_group_2048_value, - (sizeof bn_group_2048_value) / sizeof(BN_ULONG), - (sizeof bn_group_2048_value) / sizeof(BN_ULONG), + (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -158,8 +158,8 @@ static BN_ULONG bn_group_3072_value[] = { static BIGNUM bn_group_3072 = { bn_group_3072_value, - (sizeof bn_group_3072_value) / sizeof(BN_ULONG), - (sizeof bn_group_3072_value) / sizeof(BN_ULONG), + (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -233,8 +233,8 @@ static BN_ULONG bn_group_4096_value[] = { static BIGNUM bn_group_4096 = { bn_group_4096_value, - (sizeof bn_group_4096_value) / sizeof(BN_ULONG), - (sizeof bn_group_4096_value) / sizeof(BN_ULONG), + (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -340,8 +340,8 @@ static BN_ULONG bn_group_6144_value[] = { static BIGNUM bn_group_6144 = { bn_group_6144_value, - (sizeof bn_group_6144_value) / sizeof(BN_ULONG), - (sizeof bn_group_6144_value) / sizeof(BN_ULONG), + (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -479,8 +479,8 @@ static BN_ULONG bn_group_8192_value[] = { static BIGNUM bn_group_8192 = { bn_group_8192_value, - (sizeof bn_group_8192_value) / sizeof(BN_ULONG), - (sizeof bn_group_8192_value) / sizeof(BN_ULONG), + (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index a8ec52a4..c8bc7a94 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -86,10 +86,13 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src) int i, j; int size; + if (alen == 0 || alen > INT_MAX) + return -1; + while (*src && (*src == ' ' || *src == '\t' || *src == '\n')) ++src; size = strlen(src); - if (alen > INT_MAX || size > (int)alen) + if (size < 0 || size >= (int)alen) return -1; i = 0; @@ -127,7 +130,7 @@ static int t_fromb64(unsigned char *a, size_t alen, const char *src) if (--i < 0) break; } - while (a[j] == 0 && j <= size) + while (j <= size && a[j] == 0) ++j; i = 0; while (j <= size) diff --git a/crypto/symhacks.h b/crypto/symhacks.h index 239fa4fb..30019579 100644 --- a/crypto/symhacks.h +++ b/crypto/symhacks.h @@ -280,6 +280,8 @@ # define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf # undef EVP_PKEY_meth_set_verify_recover # define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover +# undef EVP_PKEY_meth_get_verify_recover +# define EVP_PKEY_meth_get_verify_recover EVP_PKEY_meth_get_vrfy_recover /* Hack some long EC names */ # undef EC_GROUP_set_point_conversion_form diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index dbff4a69..b26ed28a 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -190,7 +190,7 @@ int main(int argc, char *argv[]) char *ccert = TEST_CLIENT_CERT; const SSL_METHOD *ssl_method = SSLv23_method(); - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); if (bio_err == NULL) bio_err = BIO_new_fd(2, BIO_NOCLOSE); diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index f9b42ac6..ed02efc2 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -162,6 +162,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n", ln, num, n, f); #endif + OPENSSL_free(pp); er = 2; goto err; } @@ -171,6 +172,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) * fix :-( */ fprintf(stderr, "failure in sk_push\n"); #endif + OPENSSL_free(pp); er = 2; goto err; } @@ -222,7 +224,7 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) { LHASH_OF(OPENSSL_STRING) *idx; - OPENSSL_STRING *r; + OPENSSL_STRING *r, *k; int i, n; if (field >= db->num_fields) { @@ -239,13 +241,18 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), r = sk_OPENSSL_PSTRING_value(db->data, i); if ((qual != NULL) && (qual(r) == 0)) continue; - if ((r = lh_OPENSSL_STRING_insert(idx, r)) != NULL) { + if ((k = lh_OPENSSL_STRING_insert(idx, r)) != NULL) { db->error = DB_ERROR_INDEX_CLASH; - db->arg1 = sk_OPENSSL_PSTRING_find(db->data, r); + db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k); db->arg2 = i; lh_OPENSSL_STRING_free(idx); return (0); } + if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) { + db->error = DB_ERROR_MALLOC; + lh_OPENSSL_STRING_free(idx); + return (0); + } } if (db->index[field] != NULL) lh_OPENSSL_STRING_free(db->index[field]); @@ -320,20 +327,29 @@ int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row) } } } - /* We have passed the index checks, now just append and insert */ - if (!sk_OPENSSL_PSTRING_push(db->data, row)) { - db->error = DB_ERROR_MALLOC; - goto err; - } for (i = 0; i < db->num_fields; i++) { if (db->index[i] != NULL) { if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) continue; (void)lh_OPENSSL_STRING_insert(db->index[i], row); + if (lh_OPENSSL_STRING_retrieve(db->index[i], row) == NULL) + goto err1; } } + if (!sk_OPENSSL_PSTRING_push(db->data, row)) + goto err1; return (1); + + err1: + db->error = DB_ERROR_MALLOC; + while (i-- > 0) { + if (db->index[i] != NULL) { + if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) + continue; + (void)lh_OPENSSL_STRING_delete(db->index[i], row); + } + } err: return (0); } diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index d25b4f37..f7387611 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -515,6 +515,7 @@ int UI_process(UI *ui) } } } + err: if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui)) return -1; @@ -741,7 +742,6 @@ const char *UI_get0_action_string(UI_STRING *uis) if (!uis) return NULL; switch (uis->type) { - case UIT_PROMPT: case UIT_BOOLEAN: return uis->_.boolean_data.action_desc; default: diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 9ab259b8..a2efd0d8 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -597,7 +597,7 @@ static void pushsig(void) # ifdef SIGACTION struct sigaction sa; - memset(&sa, 0, sizeof sa); + memset(&sa, 0, sizeof(sa)); sa.sa_handler = recsig; # endif diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index bbc31893..6f0209a2 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -402,6 +402,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, if (!hent) { hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); if (hent == NULL) { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); goto finish; } diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index 43a07300..82ce4e8d 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -92,12 +92,12 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, char **ret) { int ok = 0; - char *file; + const char *file; switch (cmd) { case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { - file = (char *)getenv(X509_get_default_cert_file_env()); + file = getenv(X509_get_default_cert_file_env()); if (file) ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0); @@ -140,7 +140,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_AUX(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -199,7 +199,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_CRL(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -253,7 +253,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); return 0; } - inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); + inf = PEM_X509_INFO_read_bio(in, NULL, NULL, ""); BIO_free(in); if (!inf) { X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 50120a4d..b7424809 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -185,14 +185,16 @@ X509_STORE *X509_STORE_new(void) if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) return NULL; - ret->objs = sk_X509_OBJECT_new(x509_object_cmp); + if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) + goto err0; ret->cache = 1; - ret->get_cert_methods = sk_X509_LOOKUP_new_null(); + if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) + goto err1; ret->verify = 0; ret->verify_cb = 0; if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) - return NULL; + goto err2; ret->get_issuer = 0; ret->check_issued = 0; @@ -204,14 +206,21 @@ X509_STORE *X509_STORE_new(void) ret->lookup_crls = 0; ret->cleanup = 0; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { - sk_X509_OBJECT_free(ret->objs); - OPENSSL_free(ret); - return NULL; - } + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) + goto err3; ret->references = 1; return ret; + + err3: + X509_VERIFY_PARAM_free(ret->param); + err2: + sk_X509_LOOKUP_free(ret->get_cert_methods); + err1: + sk_X509_OBJECT_free(ret->objs); + err0: + OPENSSL_free(ret); + return NULL; } static void cleanup(X509_OBJECT *a) @@ -360,8 +369,12 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) X509err(X509_F_X509_STORE_ADD_CERT, X509_R_CERT_ALREADY_IN_HASH_TABLE); ret = 0; - } else - sk_X509_OBJECT_push(ctx->objs, obj); + } else if (!sk_X509_OBJECT_push(ctx->objs, obj)) { + X509_OBJECT_free_contents(obj); + OPENSSL_free(obj); + X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); + ret = 0; + } CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); @@ -392,8 +405,12 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) OPENSSL_free(obj); X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE); ret = 0; - } else - sk_X509_OBJECT_push(ctx->objs, obj); + } else if (!sk_X509_OBJECT_push(ctx->objs, obj)) { + X509_OBJECT_free_contents(obj); + OPENSSL_free(obj); + X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); + ret = 0; + } CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 35db0955..594031e7 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -212,7 +212,7 @@ const char *X509_verify_cert_error_string(long n) return ("proxy subject name violation"); default: - BIO_snprintf(buf, sizeof buf, "error number %ld", n); + BIO_snprintf(buf, sizeof(buf), "error number %ld", n); return (buf); } } diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 4a03445a..9a3517e0 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -177,7 +177,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, err2: if (new_ex != NULL) X509_EXTENSION_free(new_ex); - if (sk != NULL) + if (x != NULL && *x == NULL && sk != NULL) sk_X509_EXTENSION_free(sk); return (NULL); } diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 1ac15a88..7d68a4ab 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -173,7 +173,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) X509_VERIFY_PARAM *param; X509_VERIFY_PARAM_ID *paramid; - param = OPENSSL_malloc(sizeof *param); + param = OPENSSL_malloc(sizeof(*param)); if (!param) return NULL; memset(param, 0, sizeof(*param)); diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 09b8691c..03c9533b 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -732,6 +732,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) { int ret; + int calc_ret; X509_POLICY_TREE *tree = NULL; STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; *ptree = NULL; @@ -800,17 +801,20 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, /* Tree is not empty: continue */ - ret = tree_calculate_authority_set(tree, &auth_nodes); + calc_ret = tree_calculate_authority_set(tree, &auth_nodes); - if (!ret) + if (!calc_ret) goto error; - if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) - goto error; + ret = tree_calculate_user_set(tree, policy_oids, auth_nodes); - if (ret == 2) + if (calc_ret == 2) sk_X509_POLICY_NODE_free(auth_nodes); + if (!ret) + goto error; + + if (tree) *ptree = tree; diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 1290dec9..af080a04 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi) */ unsigned int v3_addr_get_afi(const IPAddressFamily *f) { - return ((f != NULL && - f->addressFamily != NULL && f->addressFamily->data != NULL) - ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1])) - : 0); + if (f == NULL + || f->addressFamily == NULL + || f->addressFamily->data == NULL + || f->addressFamily->length < 2) + return 0; + return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1]; } /* diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 7f1e71dd..d4d024c5 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -119,58 +119,68 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, int i; switch (gen->type) { case GEN_OTHERNAME: - X509V3_add_value("othername", "", &ret); + if (!X509V3_add_value("othername", "", &ret)) + return NULL; break; case GEN_X400: - X509V3_add_value("X400Name", "", &ret); + if (!X509V3_add_value("X400Name", "", &ret)) + return NULL; break; case GEN_EDIPARTY: - X509V3_add_value("EdiPartyName", "", &ret); + if (!X509V3_add_value("EdiPartyName", "", &ret)) + return NULL; break; case GEN_EMAIL: - X509V3_add_value_uchar("email", gen->d.ia5->data, &ret); + if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) + return NULL; break; case GEN_DNS: - X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret); + if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) + return NULL; break; case GEN_URI: - X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret); + if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) + return NULL; break; case GEN_DIRNAME: - X509_NAME_oneline(gen->d.dirn, oline, 256); - X509V3_add_value("DirName", oline, &ret); + if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL + || !X509V3_add_value("DirName", oline, &ret)) + return NULL; break; case GEN_IPADD: p = gen->d.ip->data; if (gen->d.ip->length == 4) - BIO_snprintf(oline, sizeof oline, + BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); else if (gen->d.ip->length == 16) { oline[0] = 0; for (i = 0; i < 8; i++) { - BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]); + BIO_snprintf(htmp, sizeof(htmp), "%X", p[0] << 8 | p[1]); p += 2; strcat(oline, htmp); if (i != 7) strcat(oline, ":"); } } else { - X509V3_add_value("IP Address", "", &ret); + if (!X509V3_add_value("IP Address", "", &ret)) + return NULL; break; } - X509V3_add_value("IP Address", oline, &ret); + if (!X509V3_add_value("IP Address", oline, &ret)) + return NULL; break; case GEN_RID: i2t_ASN1_OBJECT(oline, 256, gen->d.rid); - X509V3_add_value("Registered ID", oline, &ret); + if (!X509V3_add_value("Registered ID", oline, &ret)) + return NULL; break; } return ret; diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index c1b4c1a8..a38848cc 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -4,7 +4,7 @@ * 1999. */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -340,8 +340,12 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, val = sk_CONF_VALUE_value(nval, i); if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) return 0; - if (sk) - X509v3_add_ext(sk, ext, -1); + if (sk != NULL) { + if (X509v3_add_ext(sk, ext, -1) == NULL) { + X509_EXTENSION_free(ext); + return 0; + } + } X509_EXTENSION_free(ext); } return 1; diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index d97f6226..b99269e7 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -390,10 +390,10 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) return 1; merr: + ASN1_INTEGER_free(aint); X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); err: - sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); return 0; } @@ -458,9 +458,15 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) num = sk_ASN1_INTEGER_value(ref->noticenos, i); if (i) BIO_puts(out, ", "); - tmp = i2s_ASN1_INTEGER(NULL, num); - BIO_puts(out, tmp); - OPENSSL_free(tmp); + if (num == NULL) + BIO_puts(out, "(null)"); + else { + tmp = i2s_ASN1_INTEGER(NULL, num); + if (tmp == NULL) + return; + BIO_puts(out, tmp); + OPENSSL_free(tmp); + } } BIO_puts(out, "\n"); } diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c index 7f40bfab..9bb01ee3 100644 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -231,6 +231,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, oth = OTHERNAME_new(); if (!oth) return 0; + ASN1_TYPE_free(oth->value); oth->type_id = oid; oth->value = value; GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth); diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index e052a34b..0c64b0ad 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -107,29 +107,30 @@ ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS) IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - *method, AUTHORITY_INFO_ACCESS - *ainfo, STACK_OF(CONF_VALUE) - *ret) +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( + X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo, + STACK_OF(CONF_VALUE) *ret) { ACCESS_DESCRIPTION *desc; int i, nlen; char objtmp[80], *ntmp; CONF_VALUE *vtmp; + STACK_OF(CONF_VALUE) *tret = ret; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { + STACK_OF(CONF_VALUE) *tmp; + desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); - ret = i2v_GENERAL_NAME(method, desc->location, ret); - if (!ret) - break; - vtmp = sk_CONF_VALUE_value(ret, i); - i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); + tmp = i2v_GENERAL_NAME(method, desc->location, tret); + if (tmp == NULL) + goto err; + tret = tmp; + vtmp = sk_CONF_VALUE_value(tret, i); + i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); - if (!ntmp) { - X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, - ERR_R_MALLOC_FAILURE); - return NULL; - } + if (ntmp == NULL) + goto err; BUF_strlcpy(ntmp, objtmp, nlen); BUF_strlcat(ntmp, " - ", nlen); BUF_strlcat(ntmp, vtmp->name, nlen); @@ -137,9 +138,15 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD vtmp->name = ntmp; } - if (!ret) + if (ret == NULL && tret == NULL) return sk_CONF_VALUE_new_null(); - return ret; + + return tret; + err: + X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); + if (ret == NULL && tret != NULL) + sk_CONF_VALUE_pop_free(tret, X509V3_conf_free); + return NULL; } static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 8350429a..11128024 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -286,9 +286,9 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags) { - int extidx = -1; - int errcode; - X509_EXTENSION *ext, *extmp; + int errcode, extidx = -1; + X509_EXTENSION *ext = NULL, *extmp; + STACK_OF(X509_EXTENSION) *ret = NULL; unsigned long ext_op = flags & X509V3_ADD_OP_MASK; /* @@ -347,13 +347,21 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, return 1; } - if (!*x && !(*x = sk_X509_EXTENSION_new_null())) - return -1; - if (!sk_X509_EXTENSION_push(*x, ext)) - return -1; + if ((ret = *x) == NULL + && (ret = sk_X509_EXTENSION_new_null()) == NULL) + goto m_fail; + if (!sk_X509_EXTENSION_push(ret, ext)) + goto m_fail; + *x = ret; return 1; + m_fail: + if (ret != *x) + sk_X509_EXTENSION_free(ret); + X509_EXTENSION_free(ext); + return -1; + err: if (!(flags & X509V3_ADD_SILENT)) X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 28552696..1184091c 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -107,6 +107,47 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) +/* + * We cannot use strncasecmp here because that applies locale specific rules. + * For example in Turkish 'I' is not the uppercase character for 'i'. We need to + * do a simple ASCII case comparison ignoring the locale (that is why we use + * numeric constants below). + */ +static int ia5ncasecmp(const char *s1, const char *s2, size_t n) +{ + for (; n > 0; n--, s1++, s2++) { + if (*s1 != *s2) { + unsigned char c1 = (unsigned char)*s1, c2 = (unsigned char)*s2; + + /* Convert to lower case */ + if (c1 >= 0x41 /* A */ && c1 <= 0x5A /* Z */) + c1 += 0x20; + if (c2 >= 0x41 /* A */ && c2 <= 0x5A /* Z */) + c2 += 0x20; + + if (c1 == c2) + continue; + + if (c1 < c2) + return -1; + + /* c1 > c2 */ + return 1; + } else if (*s1 == 0) { + /* If we get here we know that *s2 == 0 too */ + return 0; + } + } + + return 0; +} + +static int ia5casecmp(const char *s1, const char *s2) +{ + /* No portable definition of SIZE_MAX, so we use (size_t)(-1) instead */ + return ia5ncasecmp(s1, s2, (size_t)(-1)); +} + static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { @@ -384,7 +425,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) return X509_V_ERR_PERMITTED_VIOLATION; } - if (strcasecmp(baseptr, dnsptr)) + if (ia5casecmp(baseptr, dnsptr)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -404,7 +445,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) if (!baseat && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (!strcasecmp(baseptr, emlptr)) + if (ia5casecmp(baseptr, emlptr) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -425,7 +466,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) } emlptr = emlat + 1; /* Just have hostname left to match: case insensitive */ - if (strcasecmp(baseptr, emlptr)) + if (ia5casecmp(baseptr, emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -464,14 +505,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) if (*baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; - if (!strncasecmp(p, baseptr, base->length)) + if (ia5ncasecmp(p, baseptr, base->length) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; } if ((base->length != (int)hostlen) - || strncasecmp(hostptr, baseptr, hostlen)) + || ia5ncasecmp(hostptr, baseptr, hostlen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 845be673..96e629a9 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -321,6 +321,7 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_subject_alt_name, /* 85 */ NID_basic_constraints, /* 87 */ NID_certificate_policies, /* 89 */ + NID_crl_distribution_points, /* 103 */ NID_ext_key_usage, /* 126 */ #ifndef OPENSSL_NO_RFC3779 NID_sbgp_ipAddrBlock, /* 290 */ diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index 0b7c6818..87a6ae1d 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -156,7 +156,7 @@ static void timestamp_print(BIO *out, SCT_TIMESTAMP timestamp) gen = ASN1_GENERALIZEDTIME_new(); ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, (int)(timestamp / 86400000), - (timestamp % 86400000) / 1000); + (int)(timestamp % 86400000) / 1000); /* * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15 * characters long with a final Z. Update it with fractional seconds. diff --git a/crypto/x86_64cpuid.S b/crypto/x86_64cpuid.S index 64e0b806..0e124d87 100644 --- a/crypto/x86_64cpuid.S +++ b/crypto/x86_64cpuid.S @@ -107,14 +107,6 @@ OPENSSL_ia32_cpuid: shrl $14,%r10d andl $0xfff,%r10d - cmpl $7,%r11d - jb .Lnocacheinfo - - movl $7,%eax - xorl %ecx,%ecx - cpuid - movl %ebx,8(%rdi) - .Lnocacheinfo: movl $1,%eax cpuid @@ -124,8 +116,19 @@ OPENSSL_ia32_cpuid: orl $0x40000000,%edx andb $15,%ah cmpb $15,%ah - jne .Lnotintel + jne .LnotP4 orl $0x00100000,%edx +.LnotP4: + cmpb $6,%ah + jne .Lnotintel + andl $0x0fff0ff0,%eax + cmpl $0x00050670,%eax + je .Lknights + cmpl $0x00080650,%eax + jne .Lnotintel +.Lknights: + andl $0xfbffffff,%ecx + .Lnotintel: btl $28,%edx jnc .Lgeneric @@ -144,6 +147,19 @@ OPENSSL_ia32_cpuid: orl %ecx,%r9d movl %edx,%r10d + + cmpl $7,%r11d + jb .Lno_extended_info + movl $7,%eax + xorl %ecx,%ecx + cpuid + btl $26,%r9d + jc .Lnotknights + andl $0xfff7ffff,%ebx +.Lnotknights: + movl %ebx,8(%rdi) +.Lno_extended_info: + btl $27,%r9d jnc .Lclear_avx xorl %ecx,%ecx diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl index d208d023..ef3608b1 100644 --- a/crypto/x86_64cpuid.pl +++ b/crypto/x86_64cpuid.pl @@ -59,7 +59,7 @@ mov %rbx,%r8 # save %rbx xor %eax,%eax - mov %eax,8(%rdi) # clear 3rd word + mov %eax,8(%rdi) # clear extended feature flags cpuid mov %eax,%r11d # max value for standard query level @@ -127,14 +127,6 @@ shr \$14,%r10d and \$0xfff,%r10d # number of cores -1 per L1D - cmp \$7,%r11d - jb .Lnocacheinfo - - mov \$7,%eax - xor %ecx,%ecx - cpuid - mov %ebx,8(%rdi) - .Lnocacheinfo: mov \$1,%eax cpuid @@ -144,8 +136,19 @@ or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs and \$15,%ah cmp \$15,%ah # examine Family ID - jne .Lnotintel + jne .LnotP4 or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR +.LnotP4: + cmp \$6,%ah + jne .Lnotintel + and \$0x0fff0ff0,%eax + cmp \$0x00050670,%eax # Knights Landing + je .Lknights + cmp \$0x00080650,%eax # Knights Mill (according to sde) + jne .Lnotintel +.Lknights: + and \$0xfbffffff,%ecx # clear XSAVE flag to mimic Silvermont + .Lnotintel: bt \$28,%edx # test hyper-threading bit jnc .Lgeneric @@ -164,6 +167,19 @@ or %ecx,%r9d # merge AMD XOP flag mov %edx,%r10d # %r9d:%r10d is copy of %ecx:%edx + + cmp \$7,%r11d + jb .Lno_extended_info + mov \$7,%eax + xor %ecx,%ecx + cpuid + bt \$26,%r9d # check XSAVE bit, cleared on Knights + jc .Lnotknights + and \$0xfff7ffff,%ebx # clear ADCX/ADOX flag +.Lnotknights: + mov %ebx,8(%rdi) # save extended feature flags +.Lno_extended_info: + bt \$27,%r9d # check OSXSAVE bit jnc .Lclear_avx xor %ecx,%ecx # XCR0 @@ -174,7 +190,7 @@ .Lclear_avx: mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11) and %eax,%r9d # clear AVX, FMA and AMD XOP bits - andl \$0xffffffdf,8(%rdi) # cleax AVX2, ~(1<<5) + andl \$0xffffffdf,8(%rdi) # clear AVX2, ~(1<<5) .Ldone: shl \$32,%r9 mov %r10d,%eax diff --git a/crypto/x86cpuid.S b/crypto/x86cpuid.S index 2ea77d2a..26cf0a50 100644 --- a/crypto/x86cpuid.S +++ b/crypto/x86cpuid.S @@ -20,10 +20,10 @@ OPENSSL_ia32_cpuid: popl %eax xorl %eax,%ecx xorl %eax,%eax - btl $21,%ecx - jnc .L000nocpuid movl 20(%esp),%esi movl %eax,8(%esi) + btl $21,%ecx + jnc .L000nocpuid .byte 0x0f,0xa2 movl %eax,%edi xorl %eax,%eax @@ -74,40 +74,32 @@ OPENSSL_ia32_cpuid: andl $4026531839,%edx jmp .L002generic .L001intel: - cmpl $7,%edi - jb .L003cacheinfo - movl 20(%esp),%esi - movl $7,%eax - xorl %ecx,%ecx - .byte 0x0f,0xa2 - movl %ebx,8(%esi) -.L003cacheinfo: cmpl $4,%edi - movl $-1,%edi - jb .L004nocacheinfo + movl $-1,%esi + jb .L003nocacheinfo movl $4,%eax movl $0,%ecx .byte 0x0f,0xa2 - movl %eax,%edi - shrl $14,%edi - andl $4095,%edi -.L004nocacheinfo: + movl %eax,%esi + shrl $14,%esi + andl $4095,%esi +.L003nocacheinfo: movl $1,%eax xorl %ecx,%ecx .byte 0x0f,0xa2 andl $3220176895,%edx cmpl $0,%ebp - jne .L005notintel + jne .L004notintel orl $1073741824,%edx andb $15,%ah cmpb $15,%ah - jne .L005notintel + jne .L004notintel orl $1048576,%edx -.L005notintel: +.L004notintel: btl $28,%edx jnc .L002generic andl $4026531839,%edx - cmpl $0,%edi + cmpl $0,%esi je .L002generic orl $268435456,%edx shrl $16,%ebx @@ -119,7 +111,15 @@ OPENSSL_ia32_cpuid: andl $4294965247,%ecx movl %edx,%esi orl %ecx,%ebp - btl $27,%ecx + cmpl $7,%edi + movl 20(%esp),%edi + jb .L005no_extended_info + movl $7,%eax + xorl %ecx,%ecx + .byte 0x0f,0xa2 + movl %ebx,8(%edi) +.L005no_extended_info: + btl $27,%ebp jnc .L006clear_avx xorl %ecx,%ecx .byte 15,1,208 @@ -133,7 +133,6 @@ OPENSSL_ia32_cpuid: andl $4278190079,%esi .L006clear_avx: andl $4026525695,%ebp - movl 20(%esp),%edi andl $4294967263,8(%edi) .L007done: movl %esi,%eax diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl index e95f6274..90ed196c 100644 --- a/crypto/x86cpuid.pl +++ b/crypto/x86cpuid.pl @@ -20,10 +20,10 @@ &pop ("eax"); &xor ("ecx","eax"); &xor ("eax","eax"); + &mov ("esi",&wparam(0)); + &mov (&DWP(8,"esi"),"eax"); # clear extended feature flags &bt ("ecx",21); &jnc (&label("nocpuid")); - &mov ("esi",&wparam(0)); - &mov (&DWP(8,"esi"),"eax"); # clear 3rd word &cpuid (); &mov ("edi","eax"); # max value for standard query level @@ -81,26 +81,16 @@ &jmp (&label("generic")); &set_label("intel"); - &cmp ("edi",7); - &jb (&label("cacheinfo")); - - &mov ("esi",&wparam(0)); - &mov ("eax",7); - &xor ("ecx","ecx"); - &cpuid (); - &mov (&DWP(8,"esi"),"ebx"); - -&set_label("cacheinfo"); &cmp ("edi",4); - &mov ("edi",-1); + &mov ("esi",-1); &jb (&label("nocacheinfo")); &mov ("eax",4); &mov ("ecx",0); # query L1D &cpuid (); - &mov ("edi","eax"); - &shr ("edi",14); - &and ("edi",0xfff); # number of cores -1 per L1D + &mov ("esi","eax"); + &shr ("esi",14); + &and ("esi",0xfff); # number of cores -1 per L1D &set_label("nocacheinfo"); &mov ("eax",1); @@ -118,7 +108,7 @@ &bt ("edx",28); # test hyper-threading bit &jnc (&label("generic")); &and ("edx",0xefffffff); - &cmp ("edi",0); + &cmp ("esi",0); &je (&label("generic")); &or ("edx",0x10000000); @@ -130,10 +120,19 @@ &set_label("generic"); &and ("ebp",1<<11); # isolate AMD XOP flag &and ("ecx",0xfffff7ff); # force 11th bit to 0 - &mov ("esi","edx"); + &mov ("esi","edx"); # %ebp:%esi is copy of %ecx:%edx &or ("ebp","ecx"); # merge AMD XOP flag - &bt ("ecx",27); # check OSXSAVE bit + &cmp ("edi",7); + &mov ("edi",&wparam(0)); + &jb (&label("no_extended_info")); + &mov ("eax",7); + &xor ("ecx","ecx"); + &cpuid (); + &mov (&DWP(8,"edi"),"ebx"); # save extended feature flag +&set_label("no_extended_info"); + + &bt ("ebp",27); # check OSXSAVE bit &jnc (&label("clear_avx")); &xor ("ecx","ecx"); &data_byte(0x0f,0x01,0xd0); # xgetbv @@ -147,7 +146,6 @@ &and ("esi",0xfeffffff); # clear FXSR &set_label("clear_avx"); &and ("ebp",0xefffe7ff); # clear AVX, FMA and AMD XOP bits - &mov ("edi",&wparam(0)); &and (&DWP(8,"edi"),0xffffffdf); # clear AVX2 &set_label("done"); &mov ("eax","esi"); diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 68e791fc..35a2b2aa 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 219 # define ASN1_R_NON_HEX_CHARACTERS 141 # define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ENOUGH_DATA 142 diff --git a/include/openssl/conf.h b/include/openssl/conf.h index 8d926d5d..fe491130 100644 --- a/include/openssl/conf.h +++ b/include/openssl/conf.h @@ -259,6 +259,7 @@ void ERR_load_CONF_strings(void); # define CONF_R_NO_VALUE 108 # define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 # define CONF_R_UNKNOWN_MODULE_NAME 113 +# define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 # define CONF_R_VARIABLE_HAS_NO_VALUE 104 #ifdef __cplusplus diff --git a/include/openssl/dh.h b/include/openssl/dh.h index a5bd9016..80b28fb3 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -182,12 +182,29 @@ struct dh_st { */ # define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) -# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ - (unsigned char *)(x)) -# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) -# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) +# define d2i_DHparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x)) +# define d2i_DHparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x) +# define i2d_DHparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + +# define d2i_DHxparams_fp(fp,x) \ + (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ + (char *(*)())d2i_DHxparams, \ + (fp), \ + (unsigned char **)(x)) +# define i2d_DHxparams_fp(fp,x) \ + ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x)) +# define d2i_DHxparams_bio(bp,x) \ + ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x) +# define i2d_DHxparams_bio(bp,x) \ + ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x) DH *DHparams_dup(DH *); @@ -240,11 +257,13 @@ DH *DH_get_1024_160(void); DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); +# ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ diff --git a/include/openssl/err.h b/include/openssl/err.h index 585aa8ba..f4236562 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -258,6 +258,7 @@ typedef struct err_state_st { # define SYS_F_WSASTARTUP 9/* Winsock stuff */ # define SYS_F_OPENDIR 10 # define SYS_F_FREAD 11 +# define SYS_F_FFLUSH 18 /* reasons */ # define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 39ab7937..1a40dbc4 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1363,6 +1363,98 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, const char *type, const char *value)); +void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, + int (**pinit) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, + int (**pcopy) (EVP_PKEY_CTX *dst, + EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, + void (**pcleanup) (EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, + int (**pparamgen_init) (EVP_PKEY_CTX *ctx), + int (**pparamgen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, + int (**pkeygen_init) (EVP_PKEY_CTX *ctx), + int (**pkeygen) (EVP_PKEY_CTX *ctx, + EVP_PKEY *pkey)); + +void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, + int (**psign_init) (EVP_PKEY_CTX *ctx), + int (**psign) (EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, + int (**pverify_init) (EVP_PKEY_CTX *ctx), + int (**pverify) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + size_t siglen, + const unsigned char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, + int (**pverify_recover_init) (EVP_PKEY_CTX + *ctx), + int (**pverify_recover) (EVP_PKEY_CTX + *ctx, + unsigned char + *sig, + size_t *siglen, + const unsigned + char *tbs, + size_t tbslen)); + +void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, + int (**psignctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**psignctx) (EVP_PKEY_CTX *ctx, + unsigned char *sig, + size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, + int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, + EVP_MD_CTX *mctx), + int (**pverifyctx) (EVP_PKEY_CTX *ctx, + const unsigned char *sig, + int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, + int (**pencrypt_init) (EVP_PKEY_CTX *ctx), + int (**pencryptfn) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, + int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), + int (**pdecrypt) (EVP_PKEY_CTX *ctx, + unsigned char *out, + size_t *outlen, + const unsigned char *in, + size_t inlen)); + +void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, + int (**pderive_init) (EVP_PKEY_CTX *ctx), + int (**pderive) (EVP_PKEY_CTX *ctx, + unsigned char *key, + size_t *keylen)); + +void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, + int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, + void *p2), + int (**pctrl_str) (EVP_PKEY_CTX *ctx, + const char *type, + const char *value)); + void EVP_add_alg_module(void); /* BEGIN ERROR CODES */ diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 88faad65..77f124e2 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100020afL +# define OPENSSL_VERSION_NUMBER 0x100020ffL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o 27 Mar 2018" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 90aeb0ce..3cf96a23 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1727,7 +1727,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 +# define SSL_ST_ERR (0x05|SSL_ST_INIT) # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h index 239fa4fb..30019579 100644 --- a/include/openssl/symhacks.h +++ b/include/openssl/symhacks.h @@ -280,6 +280,8 @@ # define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf # undef EVP_PKEY_meth_set_verify_recover # define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover +# undef EVP_PKEY_meth_get_verify_recover +# define EVP_PKEY_meth_get_verify_recover EVP_PKEY_meth_get_vrfy_recover /* Hack some long EC names */ # undef EC_GROUP_set_point_conversion_form diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 7e237d06..dd1d8c10 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -317,7 +317,7 @@ int SSL_get_servername_type(const SSL *s); */ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, - const unsigned char *p, size_t plen, + const unsigned char *context, size_t contextlen, int use_context); int SSL_get_sigalgs(SSL *s, int idx, diff --git a/openssl.version b/openssl.version index 12d453ca..abf98ac0 100644 --- a/openssl.version +++ b/openssl.version @@ -1 +1 @@ -OPENSSL_VERSION=1.0.2j +OPENSSL_VERSION=1.0.2o diff --git a/ssl/bad_dtls_test.c b/ssl/bad_dtls_test.c index d42817fc..411e5b19 100644 --- a/ssl/bad_dtls_test.c +++ b/ssl/bad_dtls_test.c @@ -19,7 +19,7 @@ * Note that unlike other SSL tests, we don't test against our own SSL * server method. Firstly because we don't have one; we *only* support * DTLS1_BAD_VER as a client. And secondly because even if that were - * fixed up it's the wrong thing to test against — because if changes + * fixed up it's the wrong thing to test against - because if changes * are made in generic DTLS code which don't take DTLS1_BAD_VER into * account, there's plenty of scope for making those changes such that * they break *both* the client and the server in the same way. @@ -590,13 +590,13 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, unsigned char *enc; #ifdef SIXTY_FOUR_BIT_LONG - seq[0] = (seqnr >> 40) & 0xff; - seq[1] = (seqnr >> 32) & 0xff; + seq[0] = (unsigned char)(seqnr >> 40); + seq[1] = (unsigned char)(seqnr >> 32); #endif - seq[2] = (seqnr >> 24) & 0xff; - seq[3] = (seqnr >> 16) & 0xff; - seq[4] = (seqnr >> 8) & 0xff; - seq[5] = seqnr & 0xff; + seq[2] = (unsigned char)(seqnr >> 24); + seq[3] = (unsigned char)(seqnr >> 16); + seq[4] = (unsigned char)(seqnr >> 8); + seq[5] = (unsigned char)(seqnr); pad = 15 - ((len + SHA_DIGEST_LENGTH) % 16); enc = OPENSSL_malloc(len + SHA_DIGEST_LENGTH + 1 + pad); @@ -612,8 +612,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, HMAC_Update(&ctx, seq, 6); HMAC_Update(&ctx, &type, 1); HMAC_Update(&ctx, ver, 2); /* Version */ - lenbytes[0] = len >> 8; - lenbytes[1] = len & 0xff; + lenbytes[0] = (unsigned char)(len >> 8); + lenbytes[1] = (unsigned char)(len); HMAC_Update(&ctx, lenbytes, 2); /* Length */ HMAC_Update(&ctx, enc, len); /* Finally the data itself */ HMAC_Final(&ctx, enc + len, NULL); @@ -637,8 +637,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, BIO_write(rbio, ver, 2); BIO_write(rbio, epoch, 2); BIO_write(rbio, seq, 6); - lenbytes[0] = (len + sizeof(iv)) >> 8; - lenbytes[1] = (len + sizeof(iv)) & 0xff; + lenbytes[0] = (unsigned char)((len + sizeof(iv)) >> 8); + lenbytes[1] = (unsigned char)(len + sizeof(iv)); BIO_write(rbio, lenbytes, 2); BIO_write(rbio, iv, sizeof(iv)); diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 9bc61536..e6bc761e 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -517,6 +517,17 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) return i; } + /* + * Don't change the *message* read sequence number while listening. For + * the *record* write sequence we reflect the ClientHello sequence number + * when listening. + */ + if (s->d1->listen) + memcpy(s->s3->write_sequence, s->s3->read_sequence, + sizeof(s->s3->write_sequence)); + else + s->d1->handshake_read_seq++; + if (mt >= 0 && s->s3->tmp.message_type != mt) { al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); @@ -544,10 +555,6 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); - /* Don't change sequence numbers while listening */ - if (!s->d1->listen) - s->d1->handshake_read_seq++; - s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH; return s->init_num; @@ -1068,7 +1075,9 @@ int dtls1_send_change_cipher_spec(SSL *s, int a, int b) int dtls1_read_failed(SSL *s, int code) { if (code > 0) { +#ifdef TLS_DEBUG fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__); +#endif return 1; } @@ -1140,7 +1149,9 @@ int dtls1_retransmit_buffered_messages(SSL *s) (frag->msg_header.seq, frag->msg_header.is_ccs), 0, &found) <= 0 && found) { +#ifdef TLS_DEBUG fprintf(stderr, "dtls1_retransmit_message() failed\n"); +#endif return -1; } } @@ -1240,7 +1251,9 @@ dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, item = pqueue_find(s->d1->sent_messages, seq64be); if (item == NULL) { +#ifdef TLS_DEBUG fprintf(stderr, "retransmit: message %d non-existant\n", seq); +#endif *found = 0; return 0; } diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 7e2f5c28..76451a34 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -320,8 +320,13 @@ int dtls1_connect(SSL *s) s->shutdown = 0; /* every DTLS ClientHello resets Finished MAC */ - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } + /* fall thru */ case SSL3_ST_CW_CLNT_HELLO_B: dtls1_start_timer(s); ret = ssl3_client_hello(s); diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index debd4fd5..95b5033d 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -126,9 +126,9 @@ int dtls1_new(SSL *s) if (!ssl3_new(s)) return (0); - if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) + if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL) return (0); - memset(d1, 0, sizeof *d1); + memset(d1, 0, sizeof(*d1)); /* d1->handshake_epoch=0; */ diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 7a02459f..f5deddf7 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -4,7 +4,7 @@ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -706,8 +706,11 @@ int dtls1_get_record(SSL *s) n2s(p, rr->length); - /* Lets check version */ - if (!s->first_packet) { + /* + * Lets check the version. We tolerate alerts that don't have the exact + * version number (e.g. because of protocol version errors) + */ + if (!s->first_packet && rr->type != SSL3_RT_ALERT) { if (version != s->version) { /* unexpected version, silently discard */ rr->length = 0; @@ -1061,7 +1064,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) unsigned int *dest_len = NULL; if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof s->d1->handshake_fragment; + dest_maxlen = sizeof(s->d1->handshake_fragment); dest = s->d1->handshake_fragment; dest_len = &s->d1->handshake_fragment_len; } else if (rr->type == SSL3_RT_ALERT) { @@ -1202,6 +1205,24 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) goto start; } + /* + * If we are a server and get a client hello when renegotiation isn't + * allowed send back a no renegotiation alert and carry on. + */ + if (s->server + && SSL_is_init_finished(s) + && !s->s3->send_connection_binding + && s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH + && s->d1->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO + && s->s3->previous_client_finished_len != 0 + && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) { + s->d1->handshake_fragment_len = 0; + rr->length = 0; + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + goto start; + } + + if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { int alert_level = s->d1->alert_fragment[0]; int alert_descr = s->d1->alert_fragment[1]; @@ -1286,7 +1307,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->s3->fatal_alert = alert_descr; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); + BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); @@ -1323,9 +1344,9 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) /* XDTLS: check that epoch is consistent */ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { - i = SSL_AD_ILLEGAL_PARAMETER; + al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto err; + goto f_err; } rr->length = 0; diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index bc875b53..8502b242 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -282,7 +282,12 @@ int dtls1_accept(SSL *s) goto end; } - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } + s->state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; } else if (!s->s3->send_connection_binding && @@ -322,7 +327,11 @@ int dtls1_accept(SSL *s) s->state = SSL3_ST_SW_FLUSH; s->init_num = 0; - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } break; case SSL3_ST_SW_HELLO_REQ_C: @@ -346,15 +355,6 @@ int dtls1_accept(SSL *s) s->init_num = 0; - /* - * Reflect ClientHello sequence to remain stateless while - * listening - */ - if (listen) { - memcpy(s->s3->write_sequence, s->s3->read_sequence, - sizeof(s->s3->write_sequence)); - } - /* If we're just listening, stop here */ if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) { ret = 2; @@ -381,7 +381,11 @@ int dtls1_accept(SSL *s) /* HelloVerifyRequest resets Finished MAC */ if (s->version != DTLS1_BAD_VER) - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } break; #ifndef OPENSSL_NO_SCTP diff --git a/ssl/fatalerrtest.c b/ssl/fatalerrtest.c new file mode 100644 index 00000000..f9d66e27 --- /dev/null +++ b/ssl/fatalerrtest.c @@ -0,0 +1,109 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "ssltestlib.h" + +int main(int argc, char *argv[]) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *sssl = NULL, *cssl = NULL; + const char *msg = "Dummy"; + BIO *err = NULL, *wbio = NULL; + int ret = 1, len; + char buf[80]; + unsigned char dummyrec[] = { + 0x17, 0x03, 0x03, 0x00, 0x05, 'D', 'u', 'm', 'm', 'y' + }; + + if (argc != 3) { + printf("Incorrect number of parameters\n"); + return 1; + } + + SSL_library_init(); + SSL_load_error_strings(); + err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + CRYPTO_malloc_debug_init(); + CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + if (!create_ssl_ctx_pair(SSLv23_method(), SSLv23_method(), &sctx, &cctx, + argv[1], argv[2])) { + printf("Failed to create SSL_CTX pair\n"); + goto err; + } + + /* + * Deliberately set the cipher lists for client and server to be different + * to force a handshake failure. + */ + if (!SSL_CTX_set_cipher_list(sctx, "AES128-SHA") + || !SSL_CTX_set_cipher_list(cctx, "AES256-SHA")) { + printf("Failed to set cipher lists\n"); + goto err; + } + + if (!create_ssl_objects(sctx, cctx, &sssl, &cssl, NULL, NULL)) { + printf("Failed to create SSL objectx\n"); + goto err; + } + + wbio = SSL_get_wbio(cssl); + if (wbio == NULL) { + printf("Unexpected NULL bio received\n"); + goto err; + } + + if (create_ssl_connection(sssl, cssl)) { + printf("Unexpected success creating a connection\n"); + goto err; + } + + ERR_clear_error(); + + /* Inject a plaintext record from client to server */ + if (BIO_write(wbio, dummyrec, sizeof(dummyrec)) <= 0) { + printf("Unexpected failure injecting dummy record\n"); + goto err; + } + + /* SSL_read()/SSL_write should fail because of a previous fatal error */ + if ((len = SSL_read(sssl, buf, sizeof(buf) - 1)) > 0) { + buf[len] = '\0'; + printf("Unexpected success reading data: %s\n", buf); + goto err; + } + if (SSL_write(sssl, msg, strlen(msg)) > 0) { + printf("Unexpected success writing data\n"); + goto err; + } + + ret = 0; + err: + SSL_free(sssl); + SSL_free(cssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + ERR_print_errors_fp(stderr); + + if (ret) { + printf("Fatal err test: FAILED\n"); + } + + ERR_free_strings(); + ERR_remove_thread_state(NULL); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); + CRYPTO_mem_leaks(err); + BIO_free(err); + + return ret; +} diff --git a/ssl/kssl.c b/ssl/kssl.c index f2839bdc..18e5f1dc 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -78,6 +78,7 @@ #include #include #include +#include "o_time.h" #include "kssl_lcl.h" #ifndef OPENSSL_NO_KRB5 @@ -2026,6 +2027,8 @@ krb5_error_code kssl_check_authent( int outl, unencbufsize; struct tm tm_time, *tm_l, *tm_g; time_t now, tl, tg, tr, tz_offset; + struct tm gmt_result = {0}; + struct tm lt_result = {0}; EVP_CIPHER_CTX_init(&ciph_ctx); *atimep = 0; @@ -2082,7 +2085,7 @@ krb5_error_code kssl_check_authent( } # endif enc = kssl_map_enc(enctype); - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ if (enc == NULL) { /* @@ -2140,9 +2143,17 @@ krb5_error_code kssl_check_authent( if (k_gmtime(auth->ctime, &tm_time) && ((tr = mktime(&tm_time)) != (time_t)(-1))) { now = time(&now); + tm_g = OPENSSL_gmtime(&now, &gmt_result); + +# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \ + !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \ + (!defined(OPENSSL_SYS_VMS) || defined(localtime_r)) + tm_l = localtime_r(&now, <_result); +# else tm_l = localtime(&now); +# endif + tl = mktime(tm_l); - tm_g = gmtime(&now); tg = mktime(tm_g); tz_offset = tg - tl; diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 6850dc0c..add8c991 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -204,7 +204,10 @@ int ssl23_connect(SSL *s) goto end; } - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + goto end; + } s->state = SSL23_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; @@ -732,7 +735,37 @@ static int ssl23_get_server_hello(SSL *s) s->version = TLS1_2_VERSION; s->method = TLSv1_2_client_method(); } else { + /* + * Unrecognised version, we'll send a protocol version alert using + * our preferred version. + */ + switch(s->client_version) { + default: + /* + * Shouldn't happen + * Fall through + */ + case TLS1_2_VERSION: + s->version = TLS1_2_VERSION; + s->method = TLSv1_2_client_method(); + break; + case TLS1_1_VERSION: + s->version = TLS1_1_VERSION; + s->method = TLSv1_1_client_method(); + break; + case TLS1_VERSION: + s->version = TLS1_VERSION; + s->method = TLSv1_client_method(); + break; +#ifndef OPENSSL_NO_SSL3 + case SSL3_VERSION: + s->version = SSL3_VERSION; + s->method = SSLv3_client_method(); + break; +#endif + } SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION); goto err; } diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index 470bd3d9..d2017e7c 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -195,7 +195,10 @@ int ssl23_accept(SSL *s) s->init_buf = buf; } - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + goto end; + } s->state = SSL23_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; @@ -265,8 +268,8 @@ int ssl23_get_client_hello(SSL *s) if (!ssl3_setup_buffers(s)) goto err; - n = ssl23_read_bytes(s, sizeof buf_space); - if (n != sizeof buf_space) + n = ssl23_read_bytes(s, sizeof(buf_space)); + if (n != sizeof(buf_space)) return (n); /* n == -1 || n == 0 */ p = s->packet; diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 20de1a82..3a8345ba 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -523,7 +523,7 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length = s->s2->tmp.conn_id_length; - if (s->s2->conn_id_length > sizeof s->s2->conn_id) { + if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); return -1; @@ -708,7 +708,7 @@ static int client_finished(SSL *s) if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) { p = (unsigned char *)s->init_buf->data; *(p++) = SSL2_MT_CLIENT_FINISHED; - if (s->s2->conn_id_length > sizeof s->s2->conn_id) { + if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) { SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); return -1; } @@ -981,7 +981,7 @@ static int get_server_finished(SSL *s) } else { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { if ((s->session->session_id_length > - sizeof s->session->session_id) + sizeof(s->session->session_id)) || (0 != memcmp(buf + 1, s->session->session_id, (unsigned int)s->session->session_id_length))) { diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index 23eef72a..0115d206 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -99,7 +99,7 @@ int ssl2_enc_init(SSL *s, int client) num = c->key_len; s->s2->key_material_length = num * 2; - OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material); + OPENSSL_assert(s->s2->key_material_length <= sizeof(s->s2->key_material)); if (ssl2_generate_key_material(s) <= 0) return 0; diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index 88e67f08..772fcc02 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -326,9 +326,9 @@ int ssl2_new(SSL *s) { SSL2_STATE *s2; - if ((s2 = OPENSSL_malloc(sizeof *s2)) == NULL) + if ((s2 = OPENSSL_malloc(sizeof(*s2))) == NULL) goto err; - memset(s2, 0, sizeof *s2); + memset(s2, 0, sizeof(*s2)); # if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2 # error "assertion failed" @@ -371,7 +371,7 @@ void ssl2_free(SSL *s) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - OPENSSL_cleanse(s2, sizeof *s2); + OPENSSL_cleanse(s2, sizeof(*s2)); OPENSSL_free(s2); s->s2 = NULL; } @@ -386,7 +386,7 @@ void ssl2_clear(SSL *s) rbuf = s2->rbuf; wbuf = s2->wbuf; - memset(s2, 0, sizeof *s2); + memset(s2, 0, sizeof(*s2)); s2->rbuf = rbuf; s2->wbuf = wbuf; diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index d3b243c2..c3016110 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -724,7 +724,7 @@ static int get_client_hello(SSL *s) p += s->s2->tmp.session_id_length; /* challenge */ - if (s->s2->challenge_length > sizeof s->s2->challenge) { + if (s->s2->challenge_length > sizeof(s->s2->challenge)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); return -1; @@ -872,7 +872,7 @@ static int get_client_finished(SSL *s) } /* SSL2_ST_GET_CLIENT_FINISHED_B */ - if (s->s2->conn_id_length > sizeof s->s2->conn_id) { + if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); return -1; @@ -903,7 +903,7 @@ static int server_verify(SSL *s) if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) { p = (unsigned char *)s->init_buf->data; *(p++) = SSL2_MT_SERVER_VERIFY; - if (s->s2->challenge_length > sizeof s->s2->challenge) { + if (s->s2->challenge_length > sizeof(s->s2->challenge)) { SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR); return -1; } @@ -925,7 +925,7 @@ static int server_finish(SSL *s) p = (unsigned char *)s->init_buf->data; *(p++) = SSL2_MT_SERVER_FINISHED; - if (s->session->session_id_length > sizeof s->session->session_id) { + if (s->session->session_id_length > sizeof(s->session->session_id)) { SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR); return -1; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 21853473..abe34e75 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -263,6 +263,7 @@ int ssl3_connect(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -275,7 +276,11 @@ int ssl3_connect(SSL *s) /* don't push the buffering BIO quite yet */ - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } s->state = SSL3_ST_CW_CLNT_HELLO_A; s->ctx->stats.sess_connect++; @@ -979,7 +984,7 @@ int ssl3_get_server_hello(SSL *s) /* get the session-id */ j = *(p++); - if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { + if ((j > sizeof(s->session->session_id)) || (j > SSL3_SESSION_ID_SIZE)) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; @@ -1842,6 +1847,7 @@ int ssl3_get_key_exchange(SSL *s) goto err; } if (EC_KEY_set_group(ecdh, ngroup) == 0) { + EC_GROUP_free(ngroup); SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB); goto err; } @@ -2533,16 +2539,16 @@ int ssl3_send_client_key_exchange(SSL *s) tmp_buf[0] = s->client_version >> 8; tmp_buf[1] = s->client_version & 0xff; - if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) + if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0) goto err; - s->session->master_key_length = sizeof tmp_buf; + s->session->master_key_length = sizeof(tmp_buf); q = p; /* Fix buf for TLS and beyond */ if (s->version > SSL3_VERSION) p += 2; - n = RSA_public_encrypt(sizeof tmp_buf, + n = RSA_public_encrypt(sizeof(tmp_buf), tmp_buf, p, rsa, RSA_PKCS1_PADDING); # ifdef PKCS1_CHECK if (s->options & SSL_OP_PKCS1_CHECK_1) @@ -2567,8 +2573,8 @@ int ssl3_send_client_key_exchange(SSL *s) s-> session->master_key, tmp_buf, - sizeof tmp_buf); - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); + sizeof(tmp_buf)); + OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf)); } #endif #ifndef OPENSSL_NO_KRB5 @@ -2660,7 +2666,7 @@ int ssl3_send_client_key_exchange(SSL *s) tmp_buf[0] = s->client_version >> 8; tmp_buf[1] = s->client_version & 0xff; - if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) + if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0) goto err; /*- @@ -2671,13 +2677,13 @@ int ssl3_send_client_key_exchange(SSL *s) * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); */ - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf, - sizeof tmp_buf); + sizeof(tmp_buf)); EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); outl += padl; - if (outl > (int)sizeof epms) { + if (outl > (int)sizeof(epms)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; @@ -2695,9 +2701,9 @@ int ssl3_send_client_key_exchange(SSL *s) s-> session->master_key, tmp_buf, - sizeof tmp_buf); + sizeof(tmp_buf)); - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); + OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf)); OPENSSL_cleanse(epms, outl); } #endif diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index fbc954d4..1eee9d9b 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -177,32 +177,34 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX_init(&s1); for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { k++; - if (k > sizeof buf) { + if (k > sizeof(buf)) /* bug: 'buf' is too small for this ciphersuite */ - SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); - return 0; - } + goto err; for (j = 0; j < k; j++) buf[j] = c; c++; - EVP_DigestInit_ex(&s1, EVP_sha1(), NULL); - EVP_DigestUpdate(&s1, buf, k); - EVP_DigestUpdate(&s1, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&s1, smd, NULL); - - EVP_DigestInit_ex(&m5, EVP_md5(), NULL); - EVP_DigestUpdate(&m5, s->session->master_key, - s->session->master_key_length); - EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH); + if (!EVP_DigestInit_ex(&s1, EVP_sha1(), NULL) || + !EVP_DigestUpdate(&s1, buf, k) || + !EVP_DigestUpdate(&s1, s->session->master_key, + s->session->master_key_length) || + !EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE) || + !EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE) || + !EVP_DigestFinal_ex(&s1, smd, NULL)) + goto err2; + + if (!EVP_DigestInit_ex(&m5, EVP_md5(), NULL) || + !EVP_DigestUpdate(&m5, s->session->master_key, + s->session->master_key_length) || + !EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH)) + goto err2; if ((int)(i + MD5_DIGEST_LENGTH) > num) { - EVP_DigestFinal_ex(&m5, smd, NULL); + if (!EVP_DigestFinal_ex(&m5, smd, NULL)) + goto err2; memcpy(km, smd, (num - i)); } else - EVP_DigestFinal_ex(&m5, km, NULL); + if (!EVP_DigestFinal_ex(&m5, km, NULL)) + goto err2; km += MD5_DIGEST_LENGTH; } @@ -210,6 +212,12 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX_cleanup(&m5); EVP_MD_CTX_cleanup(&s1); return 1; + err: + SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); + err2: + EVP_MD_CTX_cleanup(&m5); + EVP_MD_CTX_cleanup(&s1); + return 0; } int ssl3_change_cipher_state(SSL *s, int which) @@ -360,25 +368,33 @@ int ssl3_change_cipher_state(SSL *s, int which) * In here I set both the read and write key/iv to the same value * since only the correct one will be used :-). */ - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, key, j); - EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL); + if (!EVP_DigestInit_ex(&md, EVP_md5(), NULL) || + !EVP_DigestUpdate(&md, key, j) || + !EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE) || + !EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE) || + !EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL)) { + EVP_MD_CTX_cleanup(&md); + goto err2; + } key = &(exp_key[0]); if (k > 0) { - EVP_DigestInit_ex(&md, EVP_md5(), NULL); - EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE); - EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL); + if (!EVP_DigestInit_ex(&md, EVP_md5(), NULL) || + !EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE) || + !EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE) || + !EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL)) { + EVP_MD_CTX_cleanup(&md); + goto err2; + } iv = &(exp_iv[0]); } } + EVP_MD_CTX_cleanup(&md); s->session->key_arg_length = 0; - EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) + goto err2; #ifdef OPENSSL_SSL_TRACE_CRYPTO if (s->msg_callback) { @@ -399,7 +415,6 @@ int ssl3_change_cipher_state(SSL *s, int which) OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv)); - EVP_MD_CTX_cleanup(&md); return (1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); @@ -555,17 +570,20 @@ int ssl3_enc(SSL *s, int send) if ((bs != 1) && !send) return ssl3_cbc_remove_padding(s, rec, bs, mac_size); } - return (1); + return 1; } -void ssl3_init_finished_mac(SSL *s) +int ssl3_init_finished_mac(SSL *s) { if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer); if (s->s3->handshake_dgst) ssl3_free_digest_list(s); s->s3->handshake_buffer = BIO_new(BIO_s_mem()); + if (s->s3->handshake_buffer == NULL) + return 0; (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); + return 1; } void ssl3_free_digest_list(SSL *s) @@ -622,6 +640,10 @@ int ssl3_digest_cached_records(SSL *s) for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) { if ((mask & ssl_get_algorithm2(s)) && md) { s->s3->handshake_dgst[i] = EVP_MD_CTX_create(); + if (s->s3->handshake_dgst[i] == NULL) { + SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); + return 0; + } #ifdef OPENSSL_FIPS if (EVP_MD_nid(md) == NID_md5) { EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i], @@ -903,7 +925,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s, s->msg_callback_arg); } #endif - OPENSSL_cleanse(buf, sizeof buf); + OPENSSL_cleanse(buf, sizeof(buf)); return (ret); } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 0385e039..7e27dae3 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3018,9 +3018,9 @@ int ssl3_new(SSL *s) { SSL3_STATE *s3; - if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) + if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL) goto err; - memset(s3, 0, sizeof *s3); + memset(s3, 0, sizeof(*s3)); memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); @@ -3078,7 +3078,7 @@ void ssl3_free(SSL *s) #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); #endif - OPENSSL_cleanse(s->s3, sizeof *s->s3); + OPENSSL_cleanse(s->s3, sizeof(*s->s3)); OPENSSL_free(s->s3); s->s3 = NULL; } @@ -3142,7 +3142,7 @@ void ssl3_clear(SSL *s) s->s3->alpn_selected = NULL; } #endif - memset(s->s3, 0, sizeof *s->s3); + memset(s->s3, 0, sizeof(*s->s3)); s->s3->rbuf.buf = rp; s->s3->wbuf.buf = wp; s->s3->rbuf.len = rlen; @@ -4237,7 +4237,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) return (int)s->cert->ctype_num; } /* get configured sigalgs */ - siglen = tls12_get_psigalgs(s, &sig); + siglen = tls12_get_psigalgs(s, 1, &sig); if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) nostrict = 0; for (i = 0; i < siglen; i += 2, sig += 2) { diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index be37ef0e..50866394 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -667,7 +667,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) * promptly send beyond the end of the users buffer ... so we trap and * report the error in a way the user will notice */ - if (len < tot) { + if ((len < tot) || ((wb->left != 0) && (len < (tot + s->s3->wpend_tot)))) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH); return (-1); } @@ -696,6 +696,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) len >= 4 * (int)(max_send_fragment = s->max_send_fragment) && s->compress == NULL && s->msg_callback == NULL && SSL_USE_EXPLICIT_IV(s) && + s->enc_write_ctx != NULL && EVP_CIPHER_flags(s->enc_write_ctx->cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) { unsigned char aad[13]; @@ -1089,10 +1090,9 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, int i; SSL3_BUFFER *wb = &(s->s3->wbuf); -/* XXXX */ if ((s->s3->wpend_tot > (int)len) - || ((s->s3->wpend_buf != buf) && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) + || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) + && (s->s3->wpend_buf != buf)) || (s->s3->wpend_type != type)) { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); return (-1); @@ -1307,20 +1307,26 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) unsigned int *dest_len = NULL; if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof s->s3->handshake_fragment; + dest_maxlen = sizeof(s->s3->handshake_fragment); dest = s->s3->handshake_fragment; dest_len = &s->s3->handshake_fragment_len; } else if (rr->type == SSL3_RT_ALERT) { - dest_maxlen = sizeof s->s3->alert_fragment; + dest_maxlen = sizeof(s->s3->alert_fragment); dest = s->s3->alert_fragment; dest_len = &s->s3->alert_fragment_len; } #ifndef OPENSSL_NO_HEARTBEATS else if (rr->type == TLS1_RT_HEARTBEAT) { - tls1_process_heartbeat(s); + i = tls1_process_heartbeat(s); + + if (i < 0) + return i; - /* Exit and notify application to read again */ rr->length = 0; + if (s->mode & SSL_MODE_AUTO_RETRY) + goto start; + + /* Exit and notify application to read again */ s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); @@ -1408,26 +1414,25 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) */ goto start; } + /* * If we are a server and get a client hello when renegotiation isn't - * allowed send back a no renegotiation alert and carry on. WARNING: - * experimental code, needs reviewing (steve) + * allowed send back a no renegotiation alert and carry on. */ - if (s->server && - SSL_is_init_finished(s) && - !s->s3->send_connection_binding && - (s->version > SSL3_VERSION) && - (s->s3->handshake_fragment_len >= 4) && - (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL) && - !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { - /* - * s->s3->handshake_fragment_len = 0; - */ + if (s->server + && SSL_is_init_finished(s) + && !s->s3->send_connection_binding + && s->version > SSL3_VERSION + && s->s3->handshake_fragment_len >= SSL3_HM_HEADER_LENGTH + && s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO + && s->s3->previous_client_finished_len != 0 + && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) { + s->s3->handshake_fragment_len = 0; rr->length = 0; ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); goto start; } + if (s->s3->alert_fragment_len >= 2) { int alert_level = s->s3->alert_fragment[0]; int alert_descr = s->s3->alert_fragment[1]; @@ -1485,7 +1490,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->rwstate = SSL_NOTHING; s->s3->fatal_alert = alert_descr; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); + BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 01ccd5d2..c53924cc 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -311,7 +311,12 @@ int ssl3_accept(SSL *s) goto end; } - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } + s->state = SSL3_ST_SR_CLNT_HELLO_A; s->ctx->stats.sess_accept++; } else if (!s->s3->send_connection_binding && @@ -348,7 +353,11 @@ int ssl3_accept(SSL *s) s->state = SSL3_ST_SW_FLUSH; s->init_num = 0; - ssl3_init_finished_mac(s); + if (!ssl3_init_finished_mac(s)) { + ret = -1; + s->state = SSL_ST_ERR; + goto end; + } break; case SSL3_ST_SW_HELLO_REQ_C: @@ -1701,6 +1710,12 @@ int ssl3_send_server_key_exchange(SSL *s) if (type & SSL_kEECDH) { const EC_GROUP *group; + if (s->s3->tmp.ecdh != NULL) { + SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto err; + } + ecdhp = cert->ecdh_tmp; if (s->cert->ecdh_tmp_auto) { /* Get NID of appropriate shared curve */ @@ -1721,17 +1736,7 @@ int ssl3_send_server_key_exchange(SSL *s) goto f_err; } - if (s->s3->tmp.ecdh != NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - /* Duplicate the ECDH structure. */ - if (ecdhp == NULL) { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); - goto err; - } if (s->cert->ecdh_tmp_auto) ecdh = ecdhp; else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { @@ -2057,7 +2062,7 @@ int ssl3_send_certificate_request(SSL *s) if (SSL_USE_SIGALGS(s)) { const unsigned char *psigs; - nl = tls12_get_psigalgs(s, &psigs); + nl = tls12_get_psigalgs(s, 1, &psigs); s2n(nl, p); memcpy(p, psigs, nl); p += nl; @@ -2170,7 +2175,7 @@ int ssl3_get_client_key_exchange(SSL *s) unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; int decrypt_len; unsigned char decrypt_good, version_good; - size_t j; + size_t j, padding_len; /* FIX THIS UP EAY EAY EAY EAY */ if (s->s3->tmp.use_rsa_tmp) { @@ -2238,16 +2243,38 @@ int ssl3_get_client_key_exchange(SSL *s) if (RAND_bytes(rand_premaster_secret, sizeof(rand_premaster_secret)) <= 0) goto err; + + /* + * Decrypt with no padding. PKCS#1 padding will be removed as part of + * the timing-sensitive code below. + */ decrypt_len = - RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING); - ERR_clear_error(); + RSA_private_decrypt((int)n, p, p, rsa, RSA_NO_PADDING); + if (decrypt_len < 0) + goto err; + + /* Check the padding. See RFC 3447, section 7.2.2. */ /* - * decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. decrypt_good will - * be 0xff if so and zero otherwise. + * The smallest padded premaster is 11 bytes of overhead. Small keys + * are publicly invalid, so this may return immediately. This ensures + * PS is at least 8 bytes. */ - decrypt_good = - constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH); + if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) { + al = SSL_AD_DECRYPT_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DECRYPTION_FAILED); + goto f_err; + } + + padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH; + decrypt_good = constant_time_eq_int_8(p[0], 0) & + constant_time_eq_int_8(p[1], 2); + for (j = 2; j < padding_len - 1; j++) { + decrypt_good &= ~constant_time_is_zero_8(p[j]); + } + decrypt_good &= constant_time_is_zero_8(p[padding_len - 1]); + p += padding_len; /* * If the version in the decrypted pre-master secret is correct then @@ -2456,7 +2483,7 @@ int ssl3_get_client_key_exchange(SSL *s) /* * Note that the length is checked again below, ** after decryption */ - if (enc_pms.length > sizeof pms) { + if (enc_pms.length > sizeof(pms)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); goto err; @@ -2509,7 +2536,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (enc == NULL) goto err; - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, @@ -2991,6 +3018,11 @@ int ssl3_get_cert_verify(SSL *s) peer = s->session->peer; pkey = X509_get_pubkey(peer); + if (pkey == NULL) { + al = SSL_AD_INTERNAL_ERROR; + goto f_err; + } + type = X509_certificate_type(peer, pkey); if (!(type & EVP_PKT_SIGN)) { @@ -3127,7 +3159,9 @@ int ssl3_get_cert_verify(SSL *s) goto f_err; } if (i != 64) { +#ifdef SSL_DEBUG fprintf(stderr, "GOST signature length is %d", i); +#endif } for (idx = 0; idx < 64; idx++) { signature[63 - idx] = p[idx]; @@ -3436,8 +3470,22 @@ int ssl3_send_newsession_ticket(SSL *s) * all the work otherwise use generated values from parent ctx. */ if (tctx->tlsext_ticket_key_cb) { - if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, - &hctx, 1) < 0) + /* if 0 is returned, write en empty ticket */ + int ret = tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx, + &hctx, 1); + + if (ret == 0) { + l2n(0, p); /* timeout */ + s2n(0, p); /* length */ + ssl_set_handshake_header(s, SSL3_MT_NEWSESSION_TICKET, + p - ssl_handshake_start(s)); + s->state = SSL3_ST_SW_SESSION_TICKET_B; + OPENSSL_free(senc); + EVP_CIPHER_CTX_cleanup(&ctx); + HMAC_CTX_cleanup(&hctx); + return ssl_do_write(s); + } + if (ret < 0) goto err; } else { if (RAND_bytes(iv, 16) <= 0) diff --git a/ssl/ssl.h b/ssl/ssl.h index 90aeb0ce..3cf96a23 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1727,7 +1727,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 +# define SSL_ST_ERR (0x05|SSL_ST_INIT) # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index f48ebaec..2c2eddf8 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -414,6 +414,7 @@ CERT *ssl_cert_dup(CERT *cert) #endif ssl_cert_clear_certs(ret); + OPENSSL_free(ret); return NULL; } @@ -637,13 +638,13 @@ SESS_CERT *ssl_sess_cert_new(void) { SESS_CERT *ret; - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof *ret); + memset(ret, 0, sizeof(*ret)); ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; @@ -1019,15 +1020,15 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, char buf[1024]; int r; - if (strlen(dir) + strlen(filename) + 2 > sizeof buf) { + if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) { SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, SSL_R_PATH_TOO_LONG); goto err; } #ifdef OPENSSL_SYS_VMS - r = BIO_snprintf(buf, sizeof buf, "%s%s", dir, filename); + r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename); #else - r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename); + r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename); #endif if (r <= 0 || r >= (int)sizeof(buf)) goto err; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 2ad8f439..ccdf00fa 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1205,7 +1205,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, ((ch >= '0') && (ch <= '9')) || ((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.')) #else - while (isalnum(ch) || (ch == '-') || (ch == '.')) + while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')) #endif { ch = *(++l); @@ -2001,7 +2001,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) if (id < 193 || id > 255) { SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE); - return 0; + return 1; } MemCheck_off(); @@ -2013,6 +2013,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) } comp->id = id; comp->method = cm; + comp->name = cm->name; load_builtin_compressions(); if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) { OPENSSL_free(comp); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 42b980ac..ff2ade80 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -343,7 +343,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_depth = ctx->verify_depth; #endif s->sid_ctx_length = ctx->sid_ctx_length; - OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); + OPENSSL_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)); memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); s->verify_callback = ctx->default_verify_callback; s->generate_session_id = ctx->generate_session_id; @@ -437,7 +437,7 @@ SSL *SSL_new(SSL_CTX *ctx) int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if (sid_ctx_len > sizeof ctx->sid_ctx) { + if (sid_ctx_len > sizeof(ctx->sid_ctx)) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; @@ -490,7 +490,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, */ SSL_SESSION r, *p; - if (id_len > sizeof r.session_id) + if (id_len > sizeof(r.session_id)) return 0; r.ssl_version = ssl->version; @@ -1825,26 +1825,34 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, - const unsigned char *p, size_t plen, + const unsigned char *context, size_t contextlen, int use_context) { if (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER) return -1; return s->method->ssl3_enc->export_keying_material(s, out, olen, label, - llen, p, plen, - use_context); + llen, context, + contextlen, use_context); } static unsigned long ssl_session_hash(const SSL_SESSION *a) { + const unsigned char *session_id = a->session_id; unsigned long l; + unsigned char tmp_storage[4]; + + if (a->session_id_length < sizeof(tmp_storage)) { + memset(tmp_storage, 0, sizeof(tmp_storage)); + memcpy(tmp_storage, a->session_id, a->session_id_length); + session_id = tmp_storage; + } l = (unsigned long) - ((unsigned int)a->session_id[0]) | - ((unsigned int)a->session_id[1] << 8L) | - ((unsigned long)a->session_id[2] << 16L) | - ((unsigned long)a->session_id[3] << 24L); + ((unsigned long)session_id[0]) | + ((unsigned long)session_id[1] << 8L) | + ((unsigned long)session_id[2] << 16L) | + ((unsigned long)session_id[3] << 24L); return (l); } @@ -3174,6 +3182,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) #endif ssl->cert = ssl_cert_dup(ctx->cert); if (ocert) { + int i; /* Preserve any already negotiated parameters */ if (ssl->server) { ssl->cert->peer_sigalgs = ocert->peer_sigalgs; @@ -3183,11 +3192,17 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen; ocert->ciphers_raw = NULL; } + for (i = 0; i < SSL_PKEY_NUM; i++) { + ssl->cert->pkeys[i].digest = ocert->pkeys[i].digest; + } #ifndef OPENSSL_NO_TLSEXT ssl->cert->alpn_proposed = ocert->alpn_proposed; ssl->cert->alpn_proposed_len = ocert->alpn_proposed_len; ocert->alpn_proposed = NULL; ssl->cert->alpn_sent = ocert->alpn_sent; + + if (!custom_exts_copy_flags(&ssl->cert->srv_ext, &ocert->srv_ext)) + return NULL; #endif ssl_cert_free(ocert); } diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6df725f7..63ce224d 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1158,7 +1158,7 @@ long ssl2_default_timeout(void); const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -void ssl3_init_finished_mac(SSL *s); +int ssl3_init_finished_mac(SSL *s); int ssl3_send_server_certificate(SSL *s); int ssl3_send_newsession_ticket(SSL *s); int ssl3_send_cert_status(SSL *s); @@ -1430,7 +1430,7 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, long ssl_get_algorithm2(SSL *s); int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize); int tls1_process_sigalgs(SSL *s); -size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs); +size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs); int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, const unsigned char *sig, EVP_PKEY *pkey); void ssl_set_client_disabled(SSL *s); @@ -1482,6 +1482,8 @@ int custom_ext_add(SSL *s, int server, unsigned char **pret, unsigned char *limit, int *al); int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src); +int custom_exts_copy_flags(custom_ext_methods *dst, + const custom_ext_methods *src); void custom_exts_free(custom_ext_methods *exts); # else diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index f679801a..af03d45c 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -964,6 +964,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) int ret = 0; BIO *bin = NULL; size_t num_extensions = 0; + unsigned char *new_serverinfo; if (ctx == NULL || file == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, @@ -1014,12 +1015,13 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) goto end; } /* Append the decoded extension to the serverinfo buffer */ - serverinfo = + new_serverinfo = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length); - if (serverinfo == NULL) { + if (new_serverinfo == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE); goto end; } + serverinfo = new_serverinfo; memcpy(serverinfo + serverinfo_length, extension, extension_length); serverinfo_length += extension_length; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index ed9855f9..d808be7a 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -261,7 +261,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) #ifndef OPENSSL_NO_SRP dest->srp_username = NULL; #endif - memset(&dest->ex_data, 0, sizeof(dest->ex_data)); /* We deliberately don't copy the prev and next pointers */ dest->prev = NULL; @@ -275,6 +274,9 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (src->peer != NULL) CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data)) + goto err; + #ifndef OPENSSL_NO_PSK if (src->psk_identity_hint) { dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint); @@ -325,7 +327,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } # endif - if (ticket != 0) { + if (ticket != 0 && src->tlsext_tick != NULL) { dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); if(dest->tlsext_tick == NULL) goto err; @@ -527,7 +529,7 @@ int ssl_get_new_session(SSL *s, int session) ss->session_id_length = 0; } - if (s->sid_ctx_length > sizeof ss->sid_ctx) { + if (s->sid_ctx_length > sizeof(ss->sid_ctx)) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; @@ -859,9 +861,9 @@ void SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); - OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); - OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); + OPENSSL_cleanse(ss->key_arg, sizeof(ss->key_arg)); + OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key)); + OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id)); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) @@ -997,7 +999,8 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, return 0; } s->sid_ctx_length = sid_ctx_len; - memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); + if (s->sid_ctx != sid_ctx) + memcpy(s->sid_ctx, sid_ctx, sid_ctx_len); return 1; } diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 890e4768..b861e495 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -311,6 +311,13 @@ static const char *sn_client; static const char *sn_server1; static const char *sn_server2; static int sn_expect = 0; +static int s_ticket1 = 0; +static int s_ticket2 = 0; +static int c_ticket = 0; +static int ticket_expect = -1; +static int sni_in_cert_cb = 0; +static const char *client_sigalgs = NULL; +static const char *server_digest_expect = NULL; static int servername_cb(SSL *s, int *ad, void *arg) { @@ -325,6 +332,9 @@ static int servername_cb(SSL *s, int *ad, void *arg) !strcasecmp(servername, sn_server2)) { BIO_printf(bio_stdout, "Switching server context.\n"); SSL_set_SSL_CTX(s, s_ctx2); + /* Copy over all the SSL_CTX options */ + SSL_clear_options(s, 0xFFFFFFFFL); + SSL_set_options(s, SSL_CTX_get_options(s_ctx2)); } } return SSL_TLSEXT_ERR_OK; @@ -348,6 +358,40 @@ static int verify_servername(SSL *client, SSL *server) BIO_printf(bio_stdout, "Servername: context is unknown\n"); return -1; } +static int cert_cb(SSL *ssl, void *arg) +{ + int unused; + return servername_cb(ssl, &unused, NULL) != SSL_TLSEXT_ERR_ALERT_FATAL; +} + +static int verify_ticket(SSL* ssl) +{ + if (ticket_expect == -1) + return 0; + if (ticket_expect == 0 && + (ssl->session->tlsext_tick == NULL || + ssl->session->tlsext_ticklen == 0)) + return 1; + if (ticket_expect == 1 && + (ssl->session->tlsext_tick != NULL && + ssl->session->tlsext_ticklen != 0)) + return 1; + return -1; +} + +static int verify_server_digest(SSL* ssl) +{ + int nid = NID_undef; + + if (server_digest_expect == NULL) + return 0; + SSL_get_peer_signature_nid(ssl, &nid); + if (strcmp(server_digest_expect, OBJ_nid2sn(nid)) == 0) + return 1; + BIO_printf(bio_stdout, "Expected server digest %s, got %s.\n", + server_digest_expect, OBJ_nid2sn(nid)); + return -1; +} /*- * next_protos_parse parses a comma separated list of strings into a string @@ -379,13 +423,13 @@ static unsigned char *next_protos_parse(unsigned short *outlen, OPENSSL_free(out); return NULL; } - out[start] = i - start; + out[start] = (unsigned char)(i - start); start = i + 1; } else out[i + 1] = in[i]; } - *outlen = len + 1; + *outlen = (unsigned char)(len + 1); return out; } @@ -477,6 +521,43 @@ static int verify_alpn(SSL *client, SSL *server) return -1; } +#ifndef OPENSSL_NO_TLSEXT + +static int cb_ticket0(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +{ + return 0; +} + +static int cb_ticket1(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +{ + static unsigned char key[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 }; + static char name[] = "ticket11ticket11"; + if (SSL_get_options(s) & SSL_OP_NO_TICKET) + return 0; + if (enc) { + RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH); + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + HMAC_Init_ex(hctx, key, sizeof(key), EVP_sha1(), NULL); + memcpy(key_name, name, 16); + return 1; + } else { + if (memcmp(key_name, name, 16) == 0) { + EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + HMAC_Init_ex(hctx, key, sizeof(key), EVP_sha1(), NULL); + return 1; + } + } + return 0; +} + +static int cb_ticket2(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +{ + fprintf(stderr, "ticket callback for SNI context should never be called\n"); + EXIT(1); + return 0; +} +#endif + #define SCT_EXT_TYPE 18 /* @@ -773,6 +854,7 @@ static void sv_usage(void) #endif #ifndef OPENSSL_NO_TLS1 fprintf(stderr, " -tls1 - use TLSv1\n"); + fprintf(stderr, " -tls12 - use TLSv1.2\n"); #endif #ifndef OPENSSL_NO_DTLS fprintf(stderr, " -dtls1 - use DTLSv1\n"); @@ -820,6 +902,15 @@ static void sv_usage(void) fprintf(stderr, " -sn_server2 - have server context 2 respond to this servername\n"); fprintf(stderr, " -sn_expect1 - expected server 1\n"); fprintf(stderr, " -sn_expect2 - expected server 2\n"); +#ifndef OPENSSL_NO_TLSEXT + fprintf(stderr, " -s_ticket1 - enable/disable session tickets on context 1\n"); + fprintf(stderr, " -s_ticket2 - enable/disable session tickets on context 2\n"); + fprintf(stderr, " -c_ticket - enable/disable session tickets on the client\n"); + fprintf(stderr, " -ticket_expect - indicate that the client should (or should not) have a ticket\n"); +#endif + fprintf(stderr, " -sni_in_cert_cb - have the server handle SNI in the certificate callback\n"); + fprintf(stderr, " -client_sigalgs arg - the signature algorithms to configure on the client\n"); + fprintf(stderr, " -server_digest_expect arg - the expected server signing digest\n"); } static void print_details(SSL *c_ssl, const char *prefix) @@ -946,7 +1037,7 @@ int main(int argc, char *argv[]) int badop = 0; int bio_pair = 0; int force = 0; - int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1; + int dtls1 = 0, dtls12 = 0, tls1 = 0, tls12 = 0, ssl2 = 0, ssl3 = 0, ret = 1; int client_auth = 0; int server_auth = 0, i; struct app_verify_arg app_verify_arg = @@ -1011,7 +1102,7 @@ int main(int argc, char *argv[]) } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); @@ -1100,6 +1191,11 @@ int main(int argc, char *argv[]) no_protocol = 1; #endif tls1 = 1; + } else if (strcmp(*argv, "-tls12") == 0) { +#ifdef OPENSSL_NO_TLS1 + no_protocol = 1; +#endif + tls12 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { #ifdef OPENSSL_NO_SSL3_METHOD no_protocol = 1; @@ -1175,13 +1271,21 @@ int main(int argc, char *argv[]) } else if (strcmp(*argv, "-time") == 0) { print_time = 1; } -#ifndef OPENSSL_NO_COMP else if (strcmp(*argv, "-zlib") == 0) { +#ifndef OPENSSL_NO_COMP comp = COMP_ZLIB; +#else + fprintf(stderr, + "ignoring -zlib, since I'm compiled without COMP\n"); +#endif } else if (strcmp(*argv, "-rle") == 0) { +#ifndef OPENSSL_NO_COMP comp = COMP_RLE; - } +#else + fprintf(stderr, + "ignoring -rle, since I'm compiled without COMP\n"); #endif + } else if (strcmp(*argv, "-named_curve") == 0) { if (--argc < 1) goto bad; @@ -1241,6 +1345,46 @@ int main(int argc, char *argv[]) sn_expect = 1; } else if (strcmp(*argv, "-sn_expect2") == 0) { sn_expect = 2; +#ifndef OPENSSL_NO_TLSEXT + } else if (strcmp(*argv, "-s_ticket1") == 0) { + if (--argc < 1) + goto bad; + argv++; + if (strcmp(*argv, "yes") == 0) + s_ticket1 = 1; + if (strcmp(*argv, "broken") == 0) + s_ticket1 = 2; + } else if (strcmp(*argv, "-s_ticket2") == 0) { + if (--argc < 1) + goto bad; + argv++; + if (strcmp(*argv, "yes") == 0) + s_ticket2 = 1; + } else if (strcmp(*argv, "-c_ticket") == 0) { + if (--argc < 1) + goto bad; + argv++; + if (strcmp(*argv, "yes") == 0) + c_ticket = 1; + } else if (strcmp(*argv, "-ticket_expect") == 0) { + if (--argc < 1) + goto bad; + argv++; + if (strcmp(*argv, "yes") == 0) + ticket_expect = 1; + else if (strcmp(*argv, "no") == 0) + ticket_expect = 0; +#endif + } else if (strcmp(*argv, "-sni_in_cert_cb") == 0) { + sni_in_cert_cb = 1; + } else if (strcmp(*argv, "-client_sigalgs") == 0) { + if (--argc < 1) + goto bad; + client_sigalgs = *(++argv); + } else if (strcmp(*argv, "-server_digest_expect") == 0) { + if (--argc < 1) + goto bad; + server_digest_expect = *(++argv); } else { fprintf(stderr, "unknown option %s\n", *argv); badop = 1; @@ -1271,9 +1415,9 @@ int main(int argc, char *argv[]) goto end; } - if (ssl2 + ssl3 + tls1 + dtls1 + dtls12 > 1) { - fprintf(stderr, "At most one of -ssl2, -ssl3, -tls1, -dtls1 or -dtls12 should " - "be requested.\n"); + if (ssl2 + ssl3 + tls1 + tls12 + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl2, -ssl3, -tls1, -tls12, -dtls1 or " + "-dtls12 should be requested.\n"); EXIT(1); } @@ -1289,10 +1433,11 @@ int main(int argc, char *argv[]) goto end; } - if (!ssl2 && !ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { + if (!ssl2 && !ssl3 && !tls1 && !tls12 && !dtls1 && !dtls12 && number > 1 + && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of ssl2, -ssl3, -tls1, -dtls1, -dtls12, -reuse\n" + "or add one of ssl2, -ssl3, -tls1, -tls12, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); EXIT(1); } @@ -1356,7 +1501,7 @@ int main(int argc, char *argv[]) #endif /* - * At this point, ssl2/ssl3/tls1 is only set if the protocol is + * At this point, ssl2/ssl3/tls1/tls12 is only set if the protocol is * available. (Otherwise we exit early.) However the compiler doesn't * know this, so we ifdef. */ @@ -1380,6 +1525,8 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_TLS1 if (tls1) meth = TLSv1_method(); + else if (tls12) + meth = TLSv1_2_method(); else #endif meth = SSLv23_method(); @@ -1526,9 +1673,9 @@ int main(int argc, char *argv[]) { int session_id_context = 0; SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, - sizeof session_id_context); + sizeof(session_id_context)); SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context, - sizeof session_id_context); + sizeof(session_id_context)); } /* Use PSK only if PSK key is given */ @@ -1676,8 +1823,33 @@ int main(int argc, char *argv[]) OPENSSL_free(alpn); } - if (sn_server1 || sn_server2) - SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb); + if (sn_server1 || sn_server2) { + if (sni_in_cert_cb) + SSL_CTX_set_cert_cb(s_ctx, cert_cb, NULL); + else + SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb); + } + +#ifndef OPENSSL_NO_TLSEXT + if (s_ticket1 == 0) + SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET); + /* always set the callback */ + if (s_ticket1 == 2) + SSL_CTX_set_tlsext_ticket_key_cb(s_ctx, cb_ticket0); + else + SSL_CTX_set_tlsext_ticket_key_cb(s_ctx, cb_ticket1); + + if (!s_ticket2) + SSL_CTX_set_options(s_ctx2, SSL_OP_NO_TICKET); + /* always set the callback - this should never be called */ + SSL_CTX_set_tlsext_ticket_key_cb(s_ctx2, cb_ticket2); + + if (!c_ticket) + SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET); +#endif + + if (client_sigalgs != NULL) + SSL_CTX_set1_sigalgs_list(c_ctx, client_sigalgs); c_ssl = SSL_new(c_ctx); s_ssl = SSL_new(s_ctx); @@ -1689,9 +1861,9 @@ int main(int argc, char *argv[]) if (c_ssl && c_ssl->kssl_ctx) { char localhost[MAXHOSTNAMELEN + 2]; - if (gethostname(localhost, sizeof localhost - 1) == 0) { - localhost[sizeof localhost - 1] = '\0'; - if (strlen(localhost) == sizeof localhost - 1) { + if (gethostname(localhost, sizeof(localhost) - 1) == 0) { + localhost[sizeof(localhost) - 1] = '\0'; + if (strlen(localhost) == sizeof(localhost) - 1) { BIO_printf(bio_err, "localhost name too long\n"); goto end; } @@ -1742,6 +1914,10 @@ int main(int argc, char *argv[]) ret = 1; if (verify_servername(c_ssl, s_ssl) < 0) ret = 1; + if (verify_ticket(c_ssl) < 0) + ret = 1; + if (verify_server_digest(c_ssl) < 0) + ret = 1; SSL_free(s_ssl); SSL_free(c_ssl); @@ -1865,8 +2041,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (cw_num > 0) { /* Write to server. */ - if (cw_num > (long)sizeof cbuf) - i = sizeof cbuf; + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); else i = (int)cw_num; r = BIO_write(c_ssl_bio, cbuf, i); @@ -1942,8 +2118,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (sw_num > 0) { /* Write to client. */ - if (sw_num > (long)sizeof sbuf) - i = sizeof sbuf; + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); else i = (int)sw_num; r = BIO_write(s_ssl_bio, sbuf, i); @@ -2454,7 +2630,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) char *s, buf[256]; s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, - sizeof buf); + sizeof(buf)); if (s != NULL) { if (ok) fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index b6d1ee95..50491ff6 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -972,7 +972,7 @@ int tls1_final_finish_mac(SSL *s, int hashsize = EVP_MD_size(md); EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; if (!hdgst || hashsize < 0 - || hashsize > (int)(sizeof buf - (size_t)(q - buf))) { + || hashsize > (int)(sizeof(buf) - (size_t)(q - buf))) { /* * internal error: 'buf' is too small for this cipersuite! */ @@ -990,7 +990,7 @@ int tls1_final_finish_mac(SSL *s, if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0, s->session->master_key, s->session->master_key_length, - out, buf2, sizeof buf2)) + out, buf2, sizeof(buf2))) err = 1; EVP_MD_CTX_cleanup(&ctx); @@ -999,7 +999,7 @@ int tls1_final_finish_mac(SSL *s, if (err) return 0; else - return sizeof buf2; + return sizeof(buf2); } int tls1_mac(SSL *ssl, unsigned char *md, int send) @@ -1165,8 +1165,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s->s3->client_random, SSL3_RANDOM_SIZE, co, col, s->s3->server_random, SSL3_RANDOM_SIZE, - so, sol, p, len, s->session->master_key, buff, sizeof buff); - OPENSSL_cleanse(buff, sizeof buff); + so, sol, p, len, s->session->master_key, buff, sizeof(buff)); + OPENSSL_cleanse(buff, sizeof(buff)); #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); BIO_dump_fp(stderr, (char *)p, len); diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 79ed946a..0f4aba02 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -179,6 +179,25 @@ int custom_ext_add(SSL *s, int server, return 1; } +/* Copy the flags from src to dst for any extensions that exist in both */ +int custom_exts_copy_flags(custom_ext_methods *dst, + const custom_ext_methods *src) +{ + size_t i; + custom_ext_method *methsrc = src->meths; + + for (i = 0; i < src->meths_count; i++, methsrc++) { + custom_ext_method *methdst = custom_ext_find(dst, methsrc->ext_type); + + if (methdst == NULL) + continue; + + methdst->ext_flags = methsrc->ext_flags; + } + + return 1; +} + /* Copy table of custom extensions */ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) { @@ -223,16 +242,14 @@ static int custom_ext_meth_add(custom_ext_methods *exts, /* Search for duplicate */ if (custom_ext_find(exts, ext_type)) return 0; - exts->meths = OPENSSL_realloc(exts->meths, - (exts->meths_count + - 1) * sizeof(custom_ext_method)); - - if (!exts->meths) { - exts->meths_count = 0; + meth = OPENSSL_realloc(exts->meths, + (exts->meths_count + 1) + * sizeof(custom_ext_method)); + if (meth == NULL) return 0; - } - meth = exts->meths + exts->meths_count; + exts->meths = meth; + meth += exts->meths_count; memset(meth, 0, sizeof(custom_ext_method)); meth->parse_cb = parse_cb; meth->add_cb = add_cb; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 7831046b..65f8ab43 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1032,7 +1032,7 @@ static unsigned char suiteb_sigalgs[] = { tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) }; # endif -size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) +size_t tls12_get_psigalgs(SSL *s, int sent, const unsigned char **psigs) { /* * If Suite B mode use Suite B sigalgs only, ignore any other @@ -1054,7 +1054,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) } # endif /* If server use client authentication sigalgs if not NULL */ - if (s->server && s->cert->client_sigalgs) { + if (s->server == sent && s->cert->client_sigalgs) { *psigs = s->cert->client_sigalgs; return s->cert->client_sigalgslen; } else if (s->cert->conf_sigalgs) { @@ -1118,7 +1118,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, # endif /* Check signature matches a type we sent */ - sent_sigslen = tls12_get_psigalgs(s, &sent_sigs); + sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs); for (i = 0; i < sent_sigslen; i += 2, sent_sigs += 2) { if (sig[0] == sent_sigs[0] && sig[1] == sent_sigs[1]) break; @@ -1166,7 +1166,7 @@ void ssl_set_client_disabled(SSL *s) * Now go through all signature algorithms seeing if we support any for * RSA, DSA, ECDSA. Do this for all versions not just TLS 1.2. */ - sigalgslen = tls12_get_psigalgs(s, &sigalgs); + sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs); for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) { switch (sigalgs[1]) { # ifndef OPENSSL_NO_RSA @@ -1432,8 +1432,15 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, if (SSL_CLIENT_USE_SIGALGS(s)) { size_t salglen; const unsigned char *salg; - salglen = tls12_get_psigalgs(s, &salg); - if ((size_t)(limit - ret) < salglen + 6) + salglen = tls12_get_psigalgs(s, 1, &salg); + + /*- + * check for enough space. + * 4 bytes for the sigalgs type and extension length + * 2 bytes for the sigalg list length + * + sigalg list length + */ + if (CHECKLEN(ret, salglen + 6, limit)) return NULL; s2n(TLSEXT_TYPE_signature_algorithms, ret); s2n(salglen + 2, ret); @@ -1695,6 +1702,9 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, return NULL; s2n(TLSEXT_TYPE_session_ticket, ret); s2n(0, ret); + } else { + /* if we don't add the above TLSEXT, we can't add a session ticket later */ + s->tlsext_ticket_expected = 0; } if (s->tlsext_status_expected) { @@ -1811,7 +1821,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret); s2n(3 + len, ret); s2n(1 + len, ret); - *ret++ = len; + *ret++ = (unsigned char)len; memcpy(ret, selected, len); ret += len; } @@ -2181,8 +2191,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; - int ecpointformatlist_length = *(sdata++); + int ecpointformatlist_length; + if (size == 0) + goto err; + + ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1 || ecpointformatlist_length < 1) goto err; @@ -2608,8 +2622,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; - int ecpointformatlist_length = *(sdata++); + int ecpointformatlist_length; + if (size == 0) { + *al = TLS1_AD_DECODE_ERROR; + return 0; + } + + ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1) { *al = TLS1_AD_DECODE_ERROR; return 0; @@ -3417,6 +3437,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, EVP_CIPHER_CTX ctx; SSL_CTX *tctx = s->initial_ctx; + /* Need at least keyname + iv */ + if (eticklen < 16 + EVP_MAX_IV_LENGTH) + return 2; + /* Initialize session ticket encryption and HMAC contexts */ HMAC_CTX_init(&hctx); EVP_CIPHER_CTX_init(&ctx); @@ -3425,9 +3449,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, &ctx, &hctx, 0); if (rv < 0) - return -1; - if (rv == 0) + goto err; + if (rv == 0) { + HMAC_CTX_cleanup(&hctx); + EVP_CIPHER_CTX_cleanup(&ctx); return 2; + } if (rv == 2) renew_ticket = 1; } else { @@ -3489,8 +3516,14 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, p = sdec; sess = d2i_SSL_SESSION(NULL, &p, slen); + slen -= p - sdec; OPENSSL_free(sdec); if (sess) { + /* Some additional consistency checks */ + if (slen != 0 || sess->session_id_length != 0) { + SSL_SESSION_free(sess); + return 2; + } /* * The session ID, if non-empty, is used by some clients to detect * that the ticket has been accepted. So we copy it to the session @@ -3718,7 +3751,7 @@ static int tls1_set_shared_sigalgs(SSL *s) conf = c->conf_sigalgs; conflen = c->conf_sigalgslen; } else - conflen = tls12_get_psigalgs(s, &conf); + conflen = tls12_get_psigalgs(s, 0, &conf); if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) { pref = conf; preflen = conflen; diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index c5e21df7..dc62df8f 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1247,13 +1247,15 @@ void SSL_trace(int write_p, int version, int content_type, break; case SSL3_RT_ALERT: - if (msglen != 2) + if (msglen != 2) { BIO_puts(bio, " Illegal Alert Length\n"); - else { + } else { BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n", SSL_alert_type_string_long(msg[0] << 8), msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); } + break; + case TLS1_RT_HEARTBEAT: ssl_print_heartbeat(bio, 4, msg, msglen); break; diff --git a/ssl/tls1.h b/ssl/tls1.h index 7e237d06..dd1d8c10 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -317,7 +317,7 @@ int SSL_get_servername_type(const SSL *s); */ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, - const unsigned char *p, size_t plen, + const unsigned char *context, size_t contextlen, int use_context); int SSL_get_sigalgs(SSL *s, int idx,