Import OpenSSL 1.0.1n.

This commit is contained in:
Jung-uk Kim
2015-06-11 17:56:16 +00:00
parent 3d2030852d
commit a9745f9a84
205 changed files with 2356 additions and 911 deletions
+71
View File
@@ -2,6 +2,77 @@
OpenSSL CHANGES OpenSSL CHANGES
_______________ _______________
Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
*) Malformed ECParameters causes infinite loop
When processing an ECParameters structure OpenSSL enters an infinite loop
if the curve specified is over a specially malformed binary polynomial
field.
This can be used to perform denial of service against any
system which processes public keys, certificate requests or
certificates. This includes TLS clients and TLS servers with
client authentication enabled.
This issue was reported to OpenSSL by Joseph Barr-Pixton.
(CVE-2015-1788)
[Andy Polyakov]
*) Exploitable out-of-bounds read in X509_cmp_time
X509_cmp_time does not properly check the length of the ASN1_TIME
string and can read a few bytes out of bounds. In addition,
X509_cmp_time accepts an arbitrary number of fractional seconds in the
time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in
a DoS on applications that verify certificates or CRLs. TLS clients
that verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.
This issue was reported to OpenSSL by Robert Swiecki (Google), and
independently by Hanno Böck.
(CVE-2015-1789)
[Emilia Käsper]
*) PKCS7 crash with missing EnvelopedContent
The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.
This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-1790)
[Emilia Käsper]
*) CMS verify infinite loop with unknown hash function
When verifying a signedData message the CMS code can enter an infinite loop
if presented with an unknown hash function OID. This can be used to perform
denial of service against any system which verifies signedData messages using
the CMS code.
This issue was reported to OpenSSL by Johannes Bauer.
(CVE-2015-1792)
[Stephen Henson]
*) Race condition handling NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when attempting to
reuse a previous ticket then a race condition can occur potentially leading to
a double free of the ticket data.
(CVE-2015-1791)
[Matt Caswell]
*) Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]
Changes between 1.0.1l and 1.0.1m [19 Mar 2015] Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
*) Segmentation fault in ASN1_TYPE_cmp fix *) Segmentation fault in ASN1_TYPE_cmp fix
+5 -5
View File
@@ -230,12 +230,12 @@ my %table=(
#### SPARC Solaris with GNU C setups #### SPARC Solaris with GNU C setups
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
#### ####
"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Solaris with Sun C setups #### SPARC Solaris with Sun C setups
@@ -252,7 +252,7 @@ my %table=(
#### SunOS configs, assuming sparc for the gcc one. #### SunOS configs, assuming sparc for the gcc one.
#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", "sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
#### IRIX 5.x configs #### IRIX 5.x configs
# -mips2 flag is added by ./config when appropriate. # -mips2 flag is added by ./config when appropriate.
@@ -379,7 +379,7 @@ my %table=(
#### SPARC Linux setups #### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs. # assisted with debugging of following two configs.
"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but # it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what. # -Wa,-Av8plus should do the trick no matter what.
"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -413,7 +413,7 @@ my %table=(
"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+2 -2
View File
@@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/VendorImports
# Xlist # Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://svn.freebsd.org/base" setenv FSVN "svn+ssh://svn.freebsd.org/base"
setenv OSSLVER 1.0.1m setenv OSSLVER 1.0.1n
# OSSLTAG format: v1_0_1m # OSSLTAG format: v1_0_1n
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`
+9 -19
View File
@@ -4,7 +4,7 @@
## Makefile for OpenSSL ## Makefile for OpenSSL
## ##
VERSION=1.0.1m VERSION=1.0.1n
MAJOR=1 MAJOR=1
MINOR=0.1 MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0 SHLIB_VERSION_NUMBER=1.0.0
@@ -186,7 +186,7 @@ WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h EXHEADER= e_os2.h
HEADER= e_os.h HEADER= e_os.h
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower # as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -272,7 +272,10 @@ reflect:
sub_all: build_all sub_all: build_all
build_all: build_libs build_apps build_tests build_tools build_all: build_libs build_apps build_tests build_tools
build_libs: build_crypto build_ssl build_engines build_libs: build_libcrypto build_libssl openssl.pc
build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto: build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD) @dir=crypto; target=all; $(BUILD_ONE_CMD)
@@ -461,6 +464,9 @@ tests: rehash
report: report:
@$(PERL) util/selftest.pl @$(PERL) util/selftest.pl
update: errors stacks util/libeay.num util/ssleay.num TABLE
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
depend: depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD) @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
@@ -485,26 +491,10 @@ util/libeay.num::
util/ssleay.num:: util/ssleay.num::
$(PERL) util/mkdef.pl ssl update $(PERL) util/mkdef.pl ssl update
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
apps/openssl-vms.cnf: apps/openssl.cnf
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
TABLE: Configure TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \ (echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE $(PERL) Configure TABLE) > TABLE
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
# Build distribution tar-file. As the list of files returned by "find" is # Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar # pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file # would occur. Therefore the list of files is temporarily stored into a file
+8 -18
View File
@@ -184,7 +184,7 @@ WTARFILE= $(NAME)-win.tar
EXHEADER= e_os2.h EXHEADER= e_os2.h
HEADER= e_os.h HEADER= e_os.h
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc all: Makefile build_all
# as we stick to -e, CLEARENV ensures that local variables in lower # as we stick to -e, CLEARENV ensures that local variables in lower
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@@ -270,7 +270,10 @@ reflect:
sub_all: build_all sub_all: build_all
build_all: build_libs build_apps build_tests build_tools build_all: build_libs build_apps build_tests build_tools
build_libs: build_crypto build_ssl build_engines build_libs: build_libcrypto build_libssl openssl.pc
build_libcrypto: build_crypto build_engines libcrypto.pc
build_libssl: build_ssl libssl.pc
build_crypto: build_crypto:
@dir=crypto; target=all; $(BUILD_ONE_CMD) @dir=crypto; target=all; $(BUILD_ONE_CMD)
@@ -459,6 +462,9 @@ tests: rehash
report: report:
@$(PERL) util/selftest.pl @$(PERL) util/selftest.pl
update: errors stacks util/libeay.num util/ssleay.num TABLE
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
depend: depend:
@set -e; target=depend; $(RECURSIVE_BUILD_CMD) @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
@@ -483,26 +489,10 @@ util/libeay.num::
util/ssleay.num:: util/ssleay.num::
$(PERL) util/mkdef.pl ssl update $(PERL) util/mkdef.pl ssl update
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
apps/openssl-vms.cnf: apps/openssl.cnf
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
TABLE: Configure TABLE: Configure
(echo 'Output of `Configure TABLE'"':"; \ (echo 'Output of `Configure TABLE'"':"; \
$(PERL) Configure TABLE) > TABLE $(PERL) Configure TABLE) > TABLE
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
# Build distribution tar-file. As the list of files returned by "find" is # Build distribution tar-file. As the list of files returned by "find" is
# pretty long, on several platforms a "too many arguments" error or similar # pretty long, on several platforms a "too many arguments" error or similar
# would occur. Therefore the list of files is temporarily stored into a file # would occur. Therefore the list of files is temporarily stored into a file
+8
View File
@@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
o Race condition handling NewSessionTicket (CVE-2015-1791)
Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+1 -1
View File
@@ -1,5 +1,5 @@
OpenSSL 1.0.1m 19 Mar 2015 OpenSSL 1.0.1n 11 Jun 2015
Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+11 -8
View File
@@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
sreq.o: req.c sreq.o: req.c
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
openssl-vms.cnf: openssl.cnf
$(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
files: files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -127,12 +130,12 @@ links:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
depend: update: openssl-vms.cnf local_depend
@if [ -z "$(THIS)" ]; then \
$(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ depend: local_depend
else \ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ local_depend:
fi @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
dclean: dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@@ -144,10 +147,10 @@ clean:
rm -f req rm -f req
$(DLIBSSL): $(DLIBSSL):
(cd ..; $(MAKE) DIRS=ssl all) (cd ..; $(MAKE) build_libssl)
$(DLIBCRYPTO): $(DLIBCRYPTO):
(cd ..; $(MAKE) DIRS=crypto all) (cd ..; $(MAKE) build_libcrypto)
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE) $(RM) $(EXE)
+4 -2
View File
@@ -572,7 +572,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
char *prompt = NULL; char *prompt = NULL;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if(!prompt) { if (!prompt) {
BIO_printf(bio_err, "Out of memory\n"); BIO_printf(bio_err, "Out of memory\n");
UI_free(ui); UI_free(ui);
return 0; return 0;
@@ -586,7 +586,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
PW_MIN_LENGTH, bufsiz - 1); PW_MIN_LENGTH, bufsiz - 1);
if (ok >= 0 && verify) { if (ok >= 0 && verify) {
buff = (char *)OPENSSL_malloc(bufsiz); buff = (char *)OPENSSL_malloc(bufsiz);
if(!buff) { if (!buff) {
BIO_printf(bio_err, "Out of memory\n"); BIO_printf(bio_err, "Out of memory\n");
UI_free(ui); UI_free(ui);
OPENSSL_free(prompt); OPENSSL_free(prompt);
@@ -2238,6 +2238,8 @@ int args_verify(char ***pargs, int *pargc,
flags |= X509_V_FLAG_NOTIFY_POLICY; flags |= X509_V_FLAG_NOTIFY_POLICY;
else if (!strcmp(arg, "-check_ss_sig")) else if (!strcmp(arg, "-check_ss_sig"))
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
else if (!strcmp(arg, "-no_alt_chains"))
flags |= X509_V_FLAG_NO_ALT_CHAINS;
else else
return 0; return 0;
+1 -1
View File
@@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
{ {
CONF *cnf = NULL; CONF *cnf = NULL;
int len; int len;
long errline; long errline = 0;
unsigned char *p; unsigned char *p;
ASN1_TYPE *atyp = NULL; ASN1_TYPE *atyp = NULL;
+5 -5
View File
@@ -558,7 +558,7 @@ int MAIN(int argc, char **argv)
#ifdef OPENSSL_SYS_VMS #ifdef OPENSSL_SYS_VMS
len = strlen(s) + sizeof(CONFIG_FILE); len = strlen(s) + sizeof(CONFIG_FILE);
tofree = OPENSSL_malloc(len); tofree = OPENSSL_malloc(len);
if(!tofree) { if (!tofree) {
BIO_printf(bio_err, "Out of memory\n"); BIO_printf(bio_err, "Out of memory\n");
goto err; goto err;
} }
@@ -566,7 +566,7 @@ int MAIN(int argc, char **argv)
#else #else
len = strlen(s) + sizeof(CONFIG_FILE) + 1; len = strlen(s) + sizeof(CONFIG_FILE) + 1;
tofree = OPENSSL_malloc(len); tofree = OPENSSL_malloc(len);
if(!tofree) { if (!tofree) {
BIO_printf(bio_err, "Out of memory\n"); BIO_printf(bio_err, "Out of memory\n");
goto err; goto err;
} }
@@ -2803,7 +2803,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME *comp_time = NULL; ASN1_GENERALIZEDTIME *comp_time = NULL;
tmp = BUF_strdup(str); tmp = BUF_strdup(str);
if(!tmp) { if (!tmp) {
BIO_printf(bio_err, "memory allocation failure\n"); BIO_printf(bio_err, "memory allocation failure\n");
goto err; goto err;
} }
@@ -2825,7 +2825,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
if (prevtm) { if (prevtm) {
*prevtm = ASN1_UTCTIME_new(); *prevtm = ASN1_UTCTIME_new();
if(!*prevtm) { if (!*prevtm) {
BIO_printf(bio_err, "memory allocation failure\n"); BIO_printf(bio_err, "memory allocation failure\n");
goto err; goto err;
} }
@@ -2869,7 +2869,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
goto err; goto err;
} }
comp_time = ASN1_GENERALIZEDTIME_new(); comp_time = ASN1_GENERALIZEDTIME_new();
if(!comp_time) { if (!comp_time) {
BIO_printf(bio_err, "memory allocation failure\n"); BIO_printf(bio_err, "memory allocation failure\n");
goto err; goto err;
} }
+2
View File
@@ -580,6 +580,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, BIO_printf(bio_err,
"-CApath dir trusted certificates directory\n"); "-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
"-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf(bio_err, BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n"); "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf(bio_err, BIO_printf(bio_err,
+2 -2
View File
@@ -130,7 +130,7 @@
# undef PROG # undef PROG
# define PROG dhparam_main # define PROG dhparam_main
# define DEFBITS 512 # define DEFBITS 2048
/*- /*-
* -inform arg - input format - default PEM (DER or PEM) * -inform arg - input format - default PEM (DER or PEM)
@@ -254,7 +254,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, BIO_printf(bio_err,
" -5 generate parameters using 5 as the generator value\n"); " -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err, BIO_printf(bio_err,
" numbits number of bits in to generate (default 512)\n"); " numbits number of bits in to generate (default 2048)\n");
# ifndef OPENSSL_NO_ENGINE # ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, BIO_printf(bio_err,
" -engine e use engine e, possibly a hardware device.\n"); " -engine e use engine e, possibly a hardware device.\n");
+9 -4
View File
@@ -548,9 +548,14 @@ int MAIN(int argc, char **argv)
else else
OPENSSL_cleanse(str, strlen(str)); OPENSSL_cleanse(str, strlen(str));
} }
if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { if (hiv != NULL) {
BIO_printf(bio_err, "invalid hex iv value\n"); int siz = EVP_CIPHER_iv_length(cipher);
goto end; if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
} else if (!set_hex(hiv, iv, sizeof iv)) {
BIO_printf(bio_err, "invalid hex iv value\n");
goto end;
}
} }
if ((hiv == NULL) && (str == NULL) if ((hiv == NULL) && (str == NULL)
&& EVP_CIPHER_iv_length(cipher) != 0) { && EVP_CIPHER_iv_length(cipher) != 0) {
@@ -562,7 +567,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "iv undefined\n"); BIO_printf(bio_err, "iv undefined\n");
goto end; goto end;
} }
if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
BIO_printf(bio_err, "invalid hex key value\n"); BIO_printf(bio_err, "invalid hex key value\n");
goto end; goto end;
} }
+1 -1
View File
@@ -80,7 +80,7 @@
# include <openssl/x509.h> # include <openssl/x509.h>
# include <openssl/pem.h> # include <openssl/pem.h>
# define DEFBITS 512 # define DEFBITS 2048
# undef PROG # undef PROG
# define PROG gendh_main # define PROG gendh_main
+2
View File
@@ -518,6 +518,8 @@ int MAIN(int argc, char **argv)
"-CApath dir trusted certificates directory\n"); "-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, BIO_printf(bio_err,
"-CAfile file trusted certificates file\n"); "-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
"-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf(bio_err, BIO_printf(bio_err,
"-VAfile file validator certificates file\n"); "-VAfile file validator certificates file\n");
BIO_printf(bio_err, BIO_printf(bio_err,
+2 -1
View File
@@ -111,6 +111,7 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> /* for memcpy() */
#define USE_SOCKETS #define USE_SOCKETS
#define NON_MAIN #define NON_MAIN
#include "apps.h" #include "apps.h"
@@ -747,7 +748,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
/* Initialize a random secret */ /* Initialize a random secret */
if (!cookie_initialized) { if (!cookie_initialized) {
if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) { if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
BIO_printf(bio_err, "error setting random cookie secret\n"); BIO_printf(bio_err, "error setting random cookie secret\n");
return 0; return 0;
} }
+8 -7
View File
@@ -322,6 +322,8 @@ static void sc_usage(void)
" -pass arg - private key file pass phrase source\n"); " -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err,
" -no_alt_chains - only ever use the first certificate chain found\n");
BIO_printf(bio_err, BIO_printf(bio_err,
" -reconnect - Drop and re-make the connection with the same Session-ID\n"); " -reconnect - Drop and re-make the connection with the same Session-ID\n");
BIO_printf(bio_err, BIO_printf(bio_err,
@@ -547,7 +549,7 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
PW_CB_DATA cb_tmp; PW_CB_DATA cb_tmp;
int l; int l;
if(!pass) { if (!pass) {
BIO_printf(bio_err, "Malloc failure\n"); BIO_printf(bio_err, "Malloc failure\n");
return NULL; return NULL;
} }
@@ -1177,13 +1179,12 @@ int MAIN(int argc, char **argv)
if (!set_cert_key_stuff(ctx, cert, key)) if (!set_cert_key_stuff(ctx, cert, key))
goto end; goto end;
if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || if ((CAfile || CApath)
(!SSL_CTX_set_default_verify_paths(ctx))) { && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
/* ERR_print_errors(bio_err);
* BIO_printf(bio_err,"error setting default verify locations\n"); }
*/ if (!SSL_CTX_set_default_verify_paths(ctx)) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
/* goto end; */
} }
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
if (servername != NULL) { if (servername != NULL) {
+50 -23
View File
@@ -219,7 +219,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
unsigned int *id_len); unsigned int *id_len);
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
static DH *load_dh_param(const char *dhfile); static DH *load_dh_param(const char *dhfile);
static DH *get_dh512(void); static DH *get_dh2048(void);
#endif #endif
#ifdef MONOLITH #ifdef MONOLITH
@@ -227,30 +227,48 @@ static void s_server_init(void);
#endif #endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
static unsigned char dh512_p[] = { static unsigned char dh2048_p[] = {
0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75, 0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F, 0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3, 0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12, 0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C, 0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
0x47, 0x74, 0xE8, 0x33, 0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
0xE9,0x32,0x0B,0x3B,
}; };
static unsigned char dh512_g[] = { static unsigned char dh2048_g[] = {
0x02, 0x02,
}; };
static DH *get_dh512(void) DH *get_dh2048()
{ {
DH *dh = NULL; DH *dh;
if ((dh = DH_new()) == NULL) if ((dh = DH_new()) == NULL)
return (NULL); return NULL;
dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
if ((dh->p == NULL) || (dh->g == NULL)) if (dh->p == NULL || dh->g == NULL) {
return (NULL); DH_free(dh);
return (dh); return NULL;
}
return dh;
} }
#endif #endif
@@ -522,6 +540,8 @@ static void sv_usage(void)
BIO_printf(bio_err, " -state - Print the SSL states\n"); BIO_printf(bio_err, " -state - Print the SSL states\n");
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
BIO_printf(bio_err,
" -no_alt_chains - only ever use the first certificate chain found\n");
BIO_printf(bio_err, BIO_printf(bio_err,
" -nocert - Don't use any certificates (Anon-DH)\n"); " -nocert - Don't use any certificates (Anon-DH)\n");
BIO_printf(bio_err, BIO_printf(bio_err,
@@ -720,7 +740,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
num = inl; num = inl;
wbuf = wbuf =
(EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
if(!wbuf) if (!wbuf)
return 0; return 0;
OPENSSL_free(b->ptr); OPENSSL_free(b->ptr);
@@ -998,7 +1018,7 @@ int MAIN(int argc, char *argv[])
int off = 0; int off = 0;
int no_tmp_rsa = 0, no_dhe = 0, nocert = 0; int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
#ifndef OPENSSL_NO_ECDH #ifndef OPENSSL_NO_ECDH
int no_ecdhe; int no_ecdhe = 0;
#endif #endif
int state = 0; int state = 0;
const SSL_METHOD *meth = NULL; const SSL_METHOD *meth = NULL;
@@ -1654,7 +1674,11 @@ int MAIN(int argc, char *argv[])
BIO_printf(bio_s_out, "Setting temp DH parameters\n"); BIO_printf(bio_s_out, "Setting temp DH parameters\n");
} else { } else {
BIO_printf(bio_s_out, "Using default temp DH parameters\n"); BIO_printf(bio_s_out, "Using default temp DH parameters\n");
dh = get_dh512(); dh = get_dh2048();
if (dh == NULL) {
ERR_print_errors(bio_err);
goto end;
}
} }
(void)BIO_flush(bio_s_out); (void)BIO_flush(bio_s_out);
@@ -2251,8 +2275,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
ret = 1; ret = 1;
goto err; goto err;
} }
l += k; if (k > 0) {
i -= k; l += k;
i -= k;
}
if (i <= 0) if (i <= 0)
break; break;
} }
@@ -2916,7 +2942,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
{ {
unsigned int count = 0; unsigned int count = 0;
do { do {
RAND_pseudo_bytes(id, *id_len); if (RAND_pseudo_bytes(id, *id_len) < 0)
return 0;
/* /*
* Prefix the session_id with the required prefix. NB: If our prefix * Prefix the session_id with the required prefix. NB: If our prefix
* is too long, clip it - but there will be worse effects anyway, eg. * is too long, clip it - but there will be worse effects anyway, eg.
+1 -1
View File
@@ -302,7 +302,7 @@ static int parseArgs(int argc, char **argv)
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
maxTime = atoi(*(++argv)); maxTime = atoi(*(++argv));
if(maxTime <= 0) { if (maxTime <= 0) {
BIO_printf(bio_err, "time must be > 0\n"); BIO_printf(bio_err, "time must be > 0\n");
badop = 1; badop = 1;
} }
+2
View File
@@ -441,6 +441,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, BIO_printf(bio_err,
"-CApath dir trusted certificates directory\n"); "-CApath dir trusted certificates directory\n");
BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
BIO_printf(bio_err,
"-no_alt_chains only ever use the first certificate chain found\n");
BIO_printf(bio_err, BIO_printf(bio_err,
"-crl_check check revocation status of signer's certificate using CRLs\n"); "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf(bio_err, BIO_printf(bio_err,
+2 -2
View File
@@ -435,7 +435,7 @@ int MAIN(int argc, char **argv)
# ifdef OPENSSL_SYS_VMS # ifdef OPENSSL_SYS_VMS
len = strlen(s) + sizeof(CONFIG_FILE); len = strlen(s) + sizeof(CONFIG_FILE);
tofree = OPENSSL_malloc(len); tofree = OPENSSL_malloc(len);
if(!tofree) { if (!tofree) {
BIO_printf(bio_err, "Out of memory\n"); BIO_printf(bio_err, "Out of memory\n");
goto err; goto err;
} }
@@ -443,7 +443,7 @@ int MAIN(int argc, char **argv)
# else # else
len = strlen(s) + sizeof(CONFIG_FILE) + 1; len = strlen(s) + sizeof(CONFIG_FILE) + 1;
tofree = OPENSSL_malloc(len); tofree = OPENSSL_malloc(len);
if(!tofree) { if (!tofree) {
BIO_printf(bio_err, "Out of memory\n"); BIO_printf(bio_err, "Out of memory\n");
goto err; goto err;
} }
+1 -1
View File
@@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
if (ret == 1) { if (ret == 1) {
BIO_printf(bio_err, BIO_printf(bio_err,
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
BIO_printf(bio_err, " [-attime timestamp]"); BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, " [-engine e]"); BIO_printf(bio_err, " [-engine e]");
#endif #endif
+8 -3
View File
@@ -125,12 +125,17 @@ install:
lint: lint:
@target=lint; $(RECURSIVE_MAKE) @target=lint; $(RECURSIVE_MAKE)
depend: update: local_depend
@[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
depend: local_depend
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
local_depend:
@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
clean: clean:
rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+2
View File
@@ -106,6 +106,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2
View File
@@ -93,6 +93,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+4 -2
View File
@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
else { else {
ret = a->length; ret = a->length;
i = a->data[0]; i = a->data[0];
if (ret == 1 && i == 0)
neg = 0;
if (!neg && (i > 127)) { if (!neg && (i > 127)) {
pad = 1; pad = 1;
pb = 0; pb = 0;
@@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
p += a->length - 1; p += a->length - 1;
i = a->length; i = a->length;
/* Copy zeros to destination as long as source is zero */ /* Copy zeros to destination as long as source is zero */
while (!*n) { while (!*n && i > 1) {
*(p--) = 0; *(p--) = 0;
n--; n--;
i--; i--;
@@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;
} }
if (BN_is_negative(bn)) if (BN_is_negative(bn) && !BN_is_zero(bn))
ret->type = V_ASN1_NEG_INTEGER; ret->type = V_ASN1_NEG_INTEGER;
else else
ret->type = V_ASN1_INTEGER; ret->type = V_ASN1_INTEGER;
+31 -9
View File
@@ -74,6 +74,8 @@
#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
#define ASN1_FLAG_EXP_MAX 20 #define ASN1_FLAG_EXP_MAX 20
/* Maximum number of nested sequences */
#define ASN1_GEN_SEQ_MAX_DEPTH 50
/* Input formats */ /* Input formats */
@@ -110,13 +112,16 @@ typedef struct {
int exp_count; int exp_count;
} tag_exp_arg; } tag_exp_arg;
static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
int *perr);
static int bitstr_cb(const char *elem, int len, void *bitstr); static int bitstr_cb(const char *elem, int len, void *bitstr);
static int asn1_cb(const char *elem, int len, void *bitstr); static int asn1_cb(const char *elem, int len, void *bitstr);
static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
int exp_constructed, int exp_pad, int imp_ok); int exp_constructed, int exp_pad, int imp_ok);
static int parse_tagging(const char *vstart, int vlen, int *ptag, static int parse_tagging(const char *vstart, int vlen, int *ptag,
int *pclass); int *pclass);
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
int depth, int *perr);
static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
static int asn1_str2tag(const char *tagstr, int len); static int asn1_str2tag(const char *tagstr, int len);
@@ -132,6 +137,16 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
} }
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
{
int err = 0;
ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
if (err)
ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
return ret;
}
static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
int *perr)
{ {
ASN1_TYPE *ret; ASN1_TYPE *ret;
tag_exp_arg asn1_tags; tag_exp_arg asn1_tags;
@@ -152,17 +167,22 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
asn1_tags.imp_class = -1; asn1_tags.imp_class = -1;
asn1_tags.format = ASN1_GEN_FORMAT_ASCII; asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
asn1_tags.exp_count = 0; asn1_tags.exp_count = 0;
if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
*perr = ASN1_R_UNKNOWN_TAG;
return NULL; return NULL;
}
if ((asn1_tags.utype == V_ASN1_SEQUENCE) if ((asn1_tags.utype == V_ASN1_SEQUENCE)
|| (asn1_tags.utype == V_ASN1_SET)) { || (asn1_tags.utype == V_ASN1_SET)) {
if (!cnf) { if (!cnf) {
ASN1err(ASN1_F_ASN1_GENERATE_V3, *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
return NULL; return NULL;
} }
ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
*perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
return NULL;
}
ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
} else } else
ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
@@ -280,7 +300,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
int tmp_tag, tmp_class; int tmp_tag, tmp_class;
if (elem == NULL) if (elem == NULL)
return 0; return -1;
for (i = 0, p = elem; i < len; p++, i++) { for (i = 0, p = elem; i < len; p++, i++) {
/* Look for the ':' in name value pairs */ /* Look for the ':' in name value pairs */
@@ -353,7 +373,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
break; break;
case ASN1_GEN_FLAG_FORMAT: case ASN1_GEN_FLAG_FORMAT:
if(!vstart) { if (!vstart) {
ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
return -1; return -1;
} }
@@ -435,7 +455,8 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
/* Handle multiple types: SET and SEQUENCE */ /* Handle multiple types: SET and SEQUENCE */
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
int depth, int *perr)
{ {
ASN1_TYPE *ret = NULL; ASN1_TYPE *ret = NULL;
STACK_OF(ASN1_TYPE) *sk = NULL; STACK_OF(ASN1_TYPE) *sk = NULL;
@@ -454,7 +475,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
goto bad; goto bad;
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
ASN1_TYPE *typ = ASN1_TYPE *typ =
ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
depth + 1, perr);
if (!typ) if (!typ)
goto bad; goto bad;
if (!sk_ASN1_TYPE_push(sk, typ)) if (!sk_ASN1_TYPE_push(sk, typ))
+2 -1
View File
@@ -289,7 +289,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
if ((flags & SMIME_DETACHED) && data) { if ((flags & SMIME_DETACHED) && data) {
/* We want multipart/signed */ /* We want multipart/signed */
/* Generate a random boundary */ /* Generate a random boundary */
RAND_pseudo_bytes((unsigned char *)bound, 32); if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
return 0;
for (i = 0; i < 32; i++) { for (i = 0; i < 32; i++) {
c = bound[i] & 0xf; c = bound[i] & 0xf;
if (c < 10) if (c < 10)
+2 -2
View File
@@ -162,7 +162,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
p = OPENSSL_malloc(derlen); p = OPENSSL_malloc(derlen);
if(!p) if (!p)
return 0; return 0;
ndef_aux->derbuf = p; ndef_aux->derbuf = p;
@@ -232,7 +232,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
p = OPENSSL_malloc(derlen); p = OPENSSL_malloc(derlen);
if(!p) if (!p)
return 0; return 0;
ndef_aux->derbuf = p; ndef_aux->derbuf = p;
-3
View File
@@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
else else
asn1_cb = 0; asn1_cb = 0;
if (!combine)
*pval = NULL;
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG
if (it->sname) if (it->sname)
CRYPTO_push_info(it->sname); CRYPTO_push_info(it->sname);
+1 -1
View File
@@ -290,7 +290,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
const ASN1_TEMPLATE *seqtt; const ASN1_TEMPLATE *seqtt;
seqtt = asn1_do_adb(fld, tt, 1); seqtt = asn1_do_adb(fld, tt, 1);
if(!seqtt) if (!seqtt)
return 0; return 0;
tmpfld = asn1_get_field_ptr(fld, seqtt); tmpfld = asn1_get_field_ptr(fld, seqtt);
if (!asn1_template_print_ctx(out, tmpfld, if (!asn1_template_print_ctx(out, tmpfld,
+2 -2
View File
@@ -177,7 +177,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
/* Save start position */ /* Save start position */
q = *pp; q = *pp;
if(!a || *a == NULL) { if (!a || *a == NULL) {
freeret = 1; freeret = 1;
} }
ret = d2i_X509(a, pp, length); ret = d2i_X509(a, pp, length);
@@ -192,7 +192,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
goto err; goto err;
return ret; return ret;
err: err:
if(freeret) { if (freeret) {
X509_free(ret); X509_free(ret);
if (a) if (a)
*a = NULL; *a = NULL;
+2
View File
@@ -72,6 +72,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2
View File
@@ -73,6 +73,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+21 -24
View File
@@ -704,32 +704,29 @@ doapr_outch(char **sbuffer,
/* If we haven't at least one buffer, someone has doe a big booboo */ /* If we haven't at least one buffer, someone has doe a big booboo */
assert(*sbuffer != NULL || buffer != NULL); assert(*sbuffer != NULL || buffer != NULL);
if (buffer) { /* |currlen| must always be <= |*maxlen| */
while (*currlen >= *maxlen) { assert(*currlen <= *maxlen);
if (*buffer == NULL) {
if (*maxlen == 0) if (buffer && *currlen == *maxlen) {
*maxlen = 1024; *maxlen += 1024;
*buffer = OPENSSL_malloc(*maxlen); if (*buffer == NULL) {
if(!*buffer) { *buffer = OPENSSL_malloc(*maxlen);
/* Panic! Can't really do anything sensible. Just return */ if (!*buffer) {
return; /* Panic! Can't really do anything sensible. Just return */
} return;
if (*currlen > 0) { }
assert(*sbuffer != NULL); if (*currlen > 0) {
memcpy(*buffer, *sbuffer, *currlen); assert(*sbuffer != NULL);
} memcpy(*buffer, *sbuffer, *currlen);
*sbuffer = NULL; }
} else { *sbuffer = NULL;
*maxlen += 1024; } else {
*buffer = OPENSSL_realloc(*buffer, *maxlen); *buffer = OPENSSL_realloc(*buffer, *maxlen);
if(!*buffer) { if (!*buffer) {
/* Panic! Can't really do anything sensible. Just return */ /* Panic! Can't really do anything sensible. Just return */
return; return;
}
} }
} }
/* What to do if *buffer is NULL? */
assert(*sbuffer != NULL || *buffer != NULL);
} }
if (*currlen < *maxlen) { if (*currlen < *maxlen) {
+4 -2
View File
@@ -139,7 +139,8 @@ static int nbiof_read(BIO *b, char *out, int outl)
BIO_clear_retry_flags(b); BIO_clear_retry_flags(b);
#if 1 #if 1
RAND_pseudo_bytes(&n, 1); if (RAND_pseudo_bytes(&n, 1) < 0)
return -1;
num = (n & 0x07); num = (n & 0x07);
if (outl > num) if (outl > num)
@@ -178,7 +179,8 @@ static int nbiof_write(BIO *b, const char *in, int inl)
num = nt->lwn; num = nt->lwn;
nt->lwn = 0; nt->lwn = 0;
} else { } else {
RAND_pseudo_bytes(&n, 1); if (RAND_pseudo_bytes(&n, 1) < 0)
return -1;
num = (n & 7); num = (n & 7);
} }
+5 -3
View File
@@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in)
/* copy app data */ /* copy app data */
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
&bio->ex_data)) &bio->ex_data)) {
BIO_free(new_bio);
goto err; goto err;
}
if (ret == NULL) { if (ret == NULL) {
eoc = new_bio; eoc = new_bio;
@@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in)
} }
return (ret); return (ret);
err: err:
if (ret != NULL) BIO_free_all(ret);
BIO_free(ret);
return (NULL); return (NULL);
} }
+11 -10
View File
@@ -299,16 +299,17 @@ static void dgram_adjust_rcv_timeout(BIO *b)
/* Calculate time left until timer expires */ /* Calculate time left until timer expires */
memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
timeleft.tv_sec -= timenow.tv_sec; if (timeleft.tv_usec < timenow.tv_usec) {
timeleft.tv_usec -= timenow.tv_usec; timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
if (timeleft.tv_usec < 0) {
timeleft.tv_sec--; timeleft.tv_sec--;
timeleft.tv_usec += 1000000; } else {
timeleft.tv_usec -= timenow.tv_usec;
} }
if (timeleft.tv_sec < timenow.tv_sec) {
if (timeleft.tv_sec < 0) {
timeleft.tv_sec = 0; timeleft.tv_sec = 0;
timeleft.tv_usec = 1; timeleft.tv_usec = 1;
} else {
timeleft.tv_sec -= timenow.tv_sec;
} }
/* /*
@@ -953,7 +954,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
*/ */
sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
authchunks = OPENSSL_malloc(sockopt_len); authchunks = OPENSSL_malloc(sockopt_len);
if(!authchunks) { if (!authchunks) {
BIO_vfree(bio); BIO_vfree(bio);
return (NULL); return (NULL);
} }
@@ -1293,7 +1294,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
(socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
authchunks = OPENSSL_malloc(optlen); authchunks = OPENSSL_malloc(optlen);
if (!authchunks) { if (!authchunks) {
BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR); BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
return -1; return -1;
} }
memset(authchunks, 0, sizeof(optlen)); memset(authchunks, 0, sizeof(optlen));
@@ -1364,8 +1365,8 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) {
char *tmp; char *tmp;
data->saved_message.bio = b; data->saved_message.bio = b;
if(!(tmp = OPENSSL_malloc(inl))) { if (!(tmp = OPENSSL_malloc(inl))) {
BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR); BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
return -1; return -1;
} }
if (data->saved_message.data) if (data->saved_message.data)
+2
View File
@@ -167,6 +167,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: bn_prime.h depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+5
View File
@@ -797,6 +797,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
* wouldn't be constructed with top!=dmax. */ \ * wouldn't be constructed with top!=dmax. */ \
BN_ULONG *_not_const; \ BN_ULONG *_not_const; \
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
/* Debug only - safe to ignore error return */ \
RAND_pseudo_bytes(&_tmp_char, 1); \ RAND_pseudo_bytes(&_tmp_char, 1); \
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
@@ -910,6 +911,7 @@ void ERR_load_BN_strings(void);
# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
# define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQR 136
# define BN_F_BN_GF2M_MOD_SQRT 137 # define BN_F_BN_GF2M_MOD_SQRT 137
# define BN_F_BN_LSHIFT 145
# define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP2_MONT 118
# define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT 109
# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
@@ -925,12 +927,14 @@ void ERR_load_BN_strings(void);
# define BN_F_BN_NEW 113 # define BN_F_BN_NEW 113
# define BN_F_BN_RAND 114 # define BN_F_BN_RAND 114
# define BN_F_BN_RAND_RANGE 122 # define BN_F_BN_RAND_RANGE 122
# define BN_F_BN_RSHIFT 146
# define BN_F_BN_USUB 115 # define BN_F_BN_USUB 115
/* Reason codes. */ /* Reason codes. */
# define BN_R_ARG2_LT_ARG3 100 # define BN_R_ARG2_LT_ARG3 100
# define BN_R_BAD_RECIPROCAL 101 # define BN_R_BAD_RECIPROCAL 101
# define BN_R_BIGNUM_TOO_LONG 114 # define BN_R_BIGNUM_TOO_LONG 114
# define BN_R_BITS_TOO_SMALL 118
# define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_CALLED_WITH_EVEN_MODULUS 102
# define BN_R_DIV_BY_ZERO 103 # define BN_R_DIV_BY_ZERO 103
# define BN_R_ENCODING_ERROR 104 # define BN_R_ENCODING_ERROR 104
@@ -938,6 +942,7 @@ void ERR_load_BN_strings(void);
# define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INPUT_NOT_REDUCED 110
# define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_LENGTH 106
# define BN_R_INVALID_RANGE 115 # define BN_R_INVALID_RANGE 115
# define BN_R_INVALID_SHIFT 119
# define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_A_SQUARE 111
# define BN_R_NOT_INITIALIZED 107 # define BN_R_NOT_INITIALIZED 107
# define BN_R_NO_INVERSE 108 # define BN_R_NO_INVERSE 108
+5 -1
View File
@@ -1,6 +1,6 @@
/* crypto/bn/bn_err.c */ /* crypto/bn/bn_err.c */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = {
{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
{ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
@@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = {
{ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
{ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
{ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
{ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
{0, NULL} {0, NULL}
}; };
@@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = {
{ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
{ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
{ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
{ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
{ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
{ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
@@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] = {
{ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
{ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
{ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
{ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
{ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
{ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
{ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
+10 -5
View File
@@ -694,9 +694,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
} }
# else # else
{ {
int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy int i;
* of p */ int ubits = BN_num_bits(u);
top = p->top; int vbits = BN_num_bits(v); /* v is copy of p */
int top = p->top;
BN_ULONG *udp, *bdp, *vdp, *cdp; BN_ULONG *udp, *bdp, *vdp, *cdp;
bn_wexpand(u, top); bn_wexpand(u, top);
@@ -740,8 +741,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
ubits--; ubits--;
} }
if (ubits <= BN_BITS2 && udp[0] == 1) if (ubits <= BN_BITS2) {
break; if (udp[0] == 0) /* poly was reducible */
goto err;
if (udp[0] == 1)
break;
}
if (ubits < vbits) { if (ubits < vbits) {
i = ubits; i = ubits;
+1 -1
View File
@@ -276,7 +276,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
# endif # endif
# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
# if defined(__GNUC__) && __GNUC__>=2 # if defined(__GNUC__) && __GNUC__>=2
# if __GNUC__>=4 && __GNUC_MINOR__>=4 # if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4)
/* "h" constraint is no more since 4.4 */ /* "h" constraint is no more since 4.4 */
# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64)
# define BN_UMULT_LOHI(low,high,a,b) ({ \ # define BN_UMULT_LOHI(low,high,a,b) ({ \
+6 -1
View File
@@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
char *buf; char *buf;
char *p; char *p;
buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); if (a->neg && BN_is_zero(a)) {
/* "-0" == 3 bytes including NULL terminator */
buf = OPENSSL_malloc(3);
} else {
buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
}
if (buf == NULL) { if (buf == NULL) {
BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
goto err; goto err;
+8 -2
View File
@@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
int ret = 0, bit, bytes, mask; int ret = 0, bit, bytes, mask;
time_t tim; time_t tim;
if (bits < 0 || (bits == 1 && top > 0)) {
BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
return 0;
}
if (bits == 0) { if (bits == 0) {
BN_zero(rnd); BN_zero(rnd);
return 1; return 1;
@@ -157,7 +162,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
unsigned char c; unsigned char c;
for (i = 0; i < bytes; i++) { for (i = 0; i < bytes; i++) {
RAND_pseudo_bytes(&c, 1); if (RAND_pseudo_bytes(&c, 1) < 0)
goto err;
if (c >= 128 && i > 0) if (c >= 128 && i > 0)
buf[i] = buf[i - 1]; buf[i] = buf[i - 1];
else if (c < 42) else if (c < 42)
@@ -168,7 +174,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
} }
#endif #endif
if (top != -1) { if (top >= 0) {
if (top) { if (top) {
if (bit == 0) { if (bit == 0) {
buf[0] = 1; buf[0] = 1;
+10
View File
@@ -137,6 +137,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
bn_check_top(r); bn_check_top(r);
bn_check_top(a); bn_check_top(a);
if (n < 0) {
BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
return 0;
}
r->neg = a->neg; r->neg = a->neg;
nw = n / BN_BITS2; nw = n / BN_BITS2;
if (bn_wexpand(r, a->top + nw + 1) == NULL) if (bn_wexpand(r, a->top + nw + 1) == NULL)
@@ -174,6 +179,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
bn_check_top(r); bn_check_top(r);
bn_check_top(a); bn_check_top(a);
if (n < 0) {
BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
return 0;
}
nw = n / BN_BITS2; nw = n / BN_BITS2;
rb = n % BN_BITS2; rb = n % BN_BITS2;
lb = BN_BITS2 - rb; lb = BN_BITS2 - rb;
+2
View File
@@ -61,6 +61,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+1 -1
View File
@@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a)
return; return;
if (a->data != NULL) { if (a->data != NULL) {
memset(a->data, 0, (unsigned int)a->max); OPENSSL_cleanse(a->data, a->max);
OPENSSL_free(a->data); OPENSSL_free(a->data);
} }
OPENSSL_free(a); OPENSSL_free(a);
+2
View File
@@ -73,6 +73,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2
View File
@@ -69,6 +69,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2
View File
@@ -61,6 +61,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2
View File
@@ -126,6 +126,8 @@ EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
void CMAC_CTX_free(CMAC_CTX *ctx) void CMAC_CTX_free(CMAC_CTX *ctx)
{ {
if (!ctx)
return;
CMAC_CTX_cleanup(ctx); CMAC_CTX_cleanup(ctx);
OPENSSL_free(ctx); OPENSSL_free(ctx);
} }
+2
View File
@@ -67,6 +67,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+4 -3
View File
@@ -231,7 +231,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
return 0; return 0;
} }
tmp = OPENSSL_malloc(inlen); tmp = OPENSSL_malloc(inlen);
if(!tmp) if (!tmp)
return 0; return 0;
/* setup IV by decrypting last two blocks */ /* setup IV by decrypting last two blocks */
EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
@@ -297,8 +297,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
out[3] = in[2] ^ 0xFF; out[3] = in[2] ^ 0xFF;
memcpy(out + 4, in, inlen); memcpy(out + 4, in, inlen);
/* Add random padding to end */ /* Add random padding to end */
if (olen > inlen + 4) if (olen > inlen + 4
RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen); && RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0)
return 0;
/* Encrypt twice */ /* Encrypt twice */
EVP_EncryptUpdate(ctx, out, &dummy, out, olen); EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
EVP_EncryptUpdate(ctx, out, &dummy, out, olen); EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
+1 -1
View File
@@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *upto)
BIO_free(f); BIO_free(f);
f = tbio; f = tbio;
} }
while (f != upto); while (f && f != upto);
} else } else
BIO_free_all(f); BIO_free_all(f);
} }
+2
View File
@@ -64,6 +64,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+2
View File
@@ -64,6 +64,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
-2
View File
@@ -806,8 +806,6 @@ int OPENSSL_isservice(void)
if (_OPENSSL_isservice.p != (void *)-1) if (_OPENSSL_isservice.p != (void *)-1)
return (*_OPENSSL_isservice.f) (); return (*_OPENSSL_isservice.f) ();
(void)GetDesktopWindow(); /* return value is ignored */
h = GetProcessWindowStation(); h = GetProcessWindowStation();
if (h == NULL) if (h == NULL)
return -1; return -1;
+2
View File
@@ -94,6 +94,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+4 -2
View File
@@ -455,8 +455,10 @@ void doencryption(void)
rem = l % 8; rem = l % 8;
len = l - rem; len = l - rem;
if (feof(DES_IN)) { if (feof(DES_IN)) {
for (i = 7 - rem; i > 0; i--) for (i = 7 - rem; i > 0; i--) {
RAND_pseudo_bytes(buf + l++, 1); if (RAND_pseudo_bytes(buf + l++, 1) < 0)
goto problems;
}
buf[l++] = rem; buf[l++] = rem;
ex = 1; ex = 1;
len += rem; len += rem;
+6 -1
View File
@@ -96,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
const unsigned char *cp; const unsigned char *cp;
static int start = 1; static int start = 1;
if (len < 0)
return -1;
if (outbuf == NULL) { if (outbuf == NULL) {
outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
if (outbuf == NULL) if (outbuf == NULL)
@@ -132,7 +135,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
if (len < 8) { if (len < 8) {
cp = shortbuf; cp = shortbuf;
memcpy(shortbuf, buf, len); memcpy(shortbuf, buf, len);
RAND_pseudo_bytes(shortbuf + len, 8 - len); if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) {
return -1;
}
rnum = 8; rnum = 8;
} else { } else {
cp = buf; cp = buf;
+2
View File
@@ -63,6 +63,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+1 -1
View File
@@ -135,7 +135,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
dh = pkey->pkey.dh; dh = pkey->pkey.dh;
str = ASN1_STRING_new(); str = ASN1_STRING_new();
if(!str) { if (!str) {
DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
+2
View File
@@ -63,6 +63,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2 -1
View File
@@ -202,7 +202,8 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
goto err; goto err;
if (!seed_len) { if (!seed_len) {
RAND_pseudo_bytes(seed, qsize); if (RAND_pseudo_bytes(seed, qsize) < 0)
goto err;
seed_is_random = 1; seed_is_random = 1;
} else { } else {
seed_is_random = 0; seed_is_random = 0;
+4 -4
View File
@@ -106,23 +106,23 @@ static DSA_METHOD openssl_dsa_meth = {
#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ #define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
do { \ do { \
int _tmp_res53; \ int _tmp_res53; \
if((dsa)->meth->dsa_mod_exp) \ if ((dsa)->meth->dsa_mod_exp) \
_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
(a2), (p2), (m), (ctx), (in_mont)); \ (a2), (p2), (m), (ctx), (in_mont)); \
else \ else \
_tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
(m), (ctx), (in_mont)); \ (m), (ctx), (in_mont)); \
if(!_tmp_res53) err_instr; \ if (!_tmp_res53) err_instr; \
} while(0) } while(0)
#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ #define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
do { \ do { \
int _tmp_res53; \ int _tmp_res53; \
if((dsa)->meth->bn_mod_exp) \ if ((dsa)->meth->bn_mod_exp) \
_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
(m), (ctx), (m_ctx)); \ (m), (ctx), (m_ctx)); \
else \ else \
_tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
if(!_tmp_res53) err_instr; \ if (!_tmp_res53) err_instr; \
} while(0) } while(0)
const DSA_METHOD *DSA_OpenSSL(void) const DSA_METHOD *DSA_OpenSSL(void)
+2
View File
@@ -63,6 +63,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+1 -1
View File
@@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
* honest. For one thing, I think I have to return a negative value for any * honest. For one thing, I think I have to return a negative value for any
* error because possible DSO_ctrl() commands may return values such as * error because possible DSO_ctrl() commands may return values such as
* "size"s that can legitimately be zero (making the standard * "size"s that can legitimately be zero (making the standard
* "if(DSO_cmd(...))" form that works almost everywhere else fail at odd * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
* times. I'd prefer "output" values to be passed by reference and the return * times. I'd prefer "output" values to be passed by reference and the return
* value as success/failure like usual ... but we conform when we must... :-) * value as success/failure like usual ... but we conform when we must... :-)
*/ */
+2
View File
@@ -70,6 +70,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+1 -1
View File
@@ -387,7 +387,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
} }
/* test required by X9.62 */ /* test required by X9.62 */
if (!EC_POINT_is_on_curve(group, point, ctx)) { if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err; goto err;
} }
+17 -3
View File
@@ -1114,7 +1114,7 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
{ {
int ret = 0, ok = 0; int ret = 0, ok = 0;
unsigned char *buffer = NULL; unsigned char *buffer = NULL;
size_t buf_len = 0, tmp_len; size_t buf_len = 0, tmp_len, bn_len;
EC_PRIVATEKEY *priv_key = NULL; EC_PRIVATEKEY *priv_key = NULL;
if (a == NULL || a->group == NULL || a->priv_key == NULL || if (a == NULL || a->group == NULL || a->priv_key == NULL ||
@@ -1130,18 +1130,32 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
priv_key->version = a->version; priv_key->version = a->version;
buf_len = (size_t)BN_num_bytes(a->priv_key); bn_len = (size_t)BN_num_bytes(a->priv_key);
/* Octetstring may need leading zeros if BN is to short */
buf_len = (EC_GROUP_get_degree(a->group) + 7) / 8;
if (bn_len > buf_len) {
ECerr(EC_F_I2D_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
goto err;
}
buffer = OPENSSL_malloc(buf_len); buffer = OPENSSL_malloc(buf_len);
if (buffer == NULL) { if (buffer == NULL) {
ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
if (!BN_bn2bin(a->priv_key, buffer)) { if (!BN_bn2bin(a->priv_key, buffer + buf_len - bn_len)) {
ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
goto err; goto err;
} }
if (buf_len - bn_len > 0) {
memset(buffer, 0, buf_len - bn_len);
}
if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) { if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) {
ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
goto err; goto err;
+1 -1
View File
@@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
goto err; goto err;
} }
if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
goto err; goto err;
} }
+1 -1
View File
@@ -314,7 +314,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
goto err; goto err;
/* testing whether the pub_key is on the elliptic curve */ /* testing whether the pub_key is on the elliptic curve */
if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
goto err; goto err;
} }
-8
View File
@@ -451,14 +451,6 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
int ec_GF2m_have_precompute_mult(const EC_GROUP *group); int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
/* method functions in ec2_mult.c */
int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
const BIGNUM *scalar, size_t num,
const EC_POINT *points[], const BIGNUM *scalars[],
BN_CTX *);
int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
/* method functions in ecp_nistp224.c */ /* method functions in ecp_nistp224.c */
int ec_GFp_nistp224_group_init(EC_GROUP *group); int ec_GFp_nistp224_group_init(EC_GROUP *group);
+7
View File
@@ -934,6 +934,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
return group->meth->is_at_infinity(group, point); return group->meth->is_at_infinity(group, point);
} }
/*
* Check whether an EC_POINT is on the curve or not. Note that the return
* value for this function should NOT be treated as a boolean. Return values:
* 1: The point is on the curve
* 0: The point is not on the curve
* -1: An error occurred
*/
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
BN_CTX *ctx) BN_CTX *ctx)
{ {
+3 -1
View File
@@ -338,12 +338,14 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
if (buf == NULL) if (buf == NULL)
return 1; return 1;
if (off) { if (off > 0) {
if (off > 128) if (off > 128)
off = 128; off = 128;
memset(str, ' ', off); memset(str, ' ', off);
if (BIO_write(fp, str, off) <= 0) if (BIO_write(fp, str, off) <= 0)
return 0; return 0;
} else {
off = 0;
} }
if (BIO_printf(fp, "%s", name) <= 0) if (BIO_printf(fp, "%s", name) <= 0)
+1 -1
View File
@@ -413,7 +413,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
} }
/* test required by X9.62 */ /* test required by X9.62 */
if (!EC_POINT_is_on_curve(group, point, ctx)) { if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err; goto err;
} }
+12 -12
View File
@@ -412,7 +412,7 @@ static void prime_field_tests(void)
ABORT; ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
ABORT; ABORT;
if (!EC_POINT_is_on_curve(group, Q, ctx)) { if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
ABORT; ABORT;
fprintf(stderr, "Point is not on curve: x = 0x"); fprintf(stderr, "Point is not on curve: x = 0x");
@@ -544,7 +544,7 @@ static void prime_field_tests(void)
ABORT; ABORT;
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
ABORT; ABORT;
if (!EC_POINT_is_on_curve(group, P, ctx)) if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT; ABORT;
if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
ABORT; ABORT;
@@ -593,7 +593,7 @@ static void prime_field_tests(void)
ABORT; ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
ABORT; ABORT;
if (!EC_POINT_is_on_curve(group, P, ctx)) if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT; ABORT;
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
ABORT; ABORT;
@@ -646,7 +646,7 @@ static void prime_field_tests(void)
ABORT; ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
ABORT; ABORT;
if (!EC_POINT_is_on_curve(group, P, ctx)) if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT; ABORT;
if (!BN_hex2bn if (!BN_hex2bn
(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
@@ -705,7 +705,7 @@ static void prime_field_tests(void)
ABORT; ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
ABORT; ABORT;
if (!EC_POINT_is_on_curve(group, P, ctx)) if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT; ABORT;
if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
"84F3B9CAC2FC632551")) "84F3B9CAC2FC632551"))
@@ -761,7 +761,7 @@ static void prime_field_tests(void)
ABORT; ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
ABORT; ABORT;
if (!EC_POINT_is_on_curve(group, P, ctx)) if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT; ABORT;
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
@@ -820,7 +820,7 @@ static void prime_field_tests(void)
ABORT; ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
ABORT; ABORT;
if (!EC_POINT_is_on_curve(group, P, ctx)) if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT; ABORT;
if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
@@ -864,7 +864,7 @@ static void prime_field_tests(void)
ABORT; ABORT;
if (!EC_POINT_dbl(group, P, P, ctx)) if (!EC_POINT_dbl(group, P, P, ctx))
ABORT; ABORT;
if (!EC_POINT_is_on_curve(group, P, ctx)) if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT; ABORT;
if (!EC_POINT_invert(group, Q, ctx)) if (!EC_POINT_invert(group, Q, ctx))
ABORT; /* P = -2Q */ ABORT; /* P = -2Q */
@@ -1008,7 +1008,7 @@ static void prime_field_tests(void)
# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&x, _x)) ABORT; \
if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \
if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -1026,7 +1026,7 @@ static void prime_field_tests(void)
if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&x, _x)) ABORT; \
if (!BN_hex2bn(&y, _y)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \
if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \
if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -1157,7 +1157,7 @@ static void char2_field_tests(void)
if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
ABORT; ABORT;
# endif # endif
if (!EC_POINT_is_on_curve(group, Q, ctx)) { if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
/* Change test based on whether binary point compression is enabled or not. */ /* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP # ifdef OPENSSL_EC_BIN_PT_COMP
if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
@@ -1378,7 +1378,7 @@ static void char2_field_tests(void)
ABORT; ABORT;
if (!EC_POINT_dbl(group, P, P, ctx)) if (!EC_POINT_dbl(group, P, P, ctx))
ABORT; ABORT;
if (!EC_POINT_is_on_curve(group, P, ctx)) if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
ABORT; ABORT;
if (!EC_POINT_invert(group, Q, ctx)) if (!EC_POINT_invert(group, Q, ctx))
ABORT; /* P = -2Q */ ABORT; /* P = -2Q */
+2
View File
@@ -62,6 +62,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2
View File
@@ -62,6 +62,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2 -2
View File
@@ -296,8 +296,8 @@ int test_builtin(BIO *out)
int nid, ret = 0; int nid, ret = 0;
/* fill digest values with some random data */ /* fill digest values with some random data */
if (!RAND_pseudo_bytes(digest, 20) || if (RAND_pseudo_bytes(digest, 20) <= 0 ||
!RAND_pseudo_bytes(wrong_digest, 20)) { RAND_pseudo_bytes(wrong_digest, 20) <= 0) {
BIO_printf(out, "ERROR: unable to get random data\n"); BIO_printf(out, "ERROR: unable to get random data\n");
goto builtin_err; goto builtin_err;
} }
+2
View File
@@ -71,6 +71,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+4 -2
View File
@@ -351,6 +351,8 @@ void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
ENGINE_PILE_DOALL dall; ENGINE_PILE_DOALL dall;
dall.cb = cb; dall.cb = cb;
dall.arg = arg; dall.arg = arg;
lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb), if (table)
ENGINE_PILE_DOALL, &dall); lh_ENGINE_PILE_doall_arg(&table->piles,
LHASH_DOALL_ARG_FN(int_cb),
ENGINE_PILE_DOALL, &dall);
} }
+2
View File
@@ -61,6 +61,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2
View File
@@ -86,6 +86,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+2 -1
View File
@@ -491,7 +491,8 @@ static int sig_out(BIO *b)
* FIXME: there's absolutely no guarantee this makes any sense at all, * FIXME: there's absolutely no guarantee this makes any sense at all,
* particularly now EVP_MD_CTX has been restructured. * particularly now EVP_MD_CTX has been restructured.
*/ */
RAND_pseudo_bytes(md->md_data, md->digest->md_size); if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0)
goto berr;
memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
ctx->buf_len += md->digest->md_size; ctx->buf_len += md->digest->md_size;
+4 -3
View File
@@ -50,6 +50,7 @@
#include <openssl/opensslconf.h> #include <openssl/opensslconf.h>
#ifndef OPENSSL_NO_AES #ifndef OPENSSL_NO_AES
#include <openssl/crypto.h>
# include <openssl/evp.h> # include <openssl/evp.h>
# include <openssl/err.h> # include <openssl/err.h>
# include <string.h> # include <string.h>
@@ -753,7 +754,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
case EVP_CTRL_AEAD_TLS1_AAD: case EVP_CTRL_AEAD_TLS1_AAD:
/* Save the AAD for later use */ /* Save the AAD for later use */
if (arg != 13) if (arg != EVP_AEAD_TLS1_AAD_LEN)
return 0; return 0;
memcpy(c->buf, ptr, arg); memcpy(c->buf, ptr, arg);
gctx->tls_aad_len = arg; gctx->tls_aad_len = arg;
@@ -914,7 +915,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* Retrieve tag */ /* Retrieve tag */
CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
/* If tag mismatch wipe buffer */ /* If tag mismatch wipe buffer */
if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
OPENSSL_cleanse(out, len); OPENSSL_cleanse(out, len);
goto err; goto err;
} }
@@ -1259,7 +1260,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
!CRYPTO_ccm128_decrypt(ccm, in, out, len)) { !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
unsigned char tag[16]; unsigned char tag[16];
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
if (!memcmp(tag, ctx->buf, cctx->M)) if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M))
rv = len; rv = len;
} }
} }
+6 -3
View File
@@ -503,7 +503,12 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
case EVP_CTRL_AEAD_TLS1_AAD: case EVP_CTRL_AEAD_TLS1_AAD:
{ {
unsigned char *p = ptr; unsigned char *p = ptr;
unsigned int len = p[arg - 2] << 8 | p[arg - 1]; unsigned int len;
if (arg != EVP_AEAD_TLS1_AAD_LEN)
return -1;
len = p[arg - 2] << 8 | p[arg - 1];
if (ctx->encrypt) { if (ctx->encrypt) {
key->payload_length = len; key->payload_length = len;
@@ -520,8 +525,6 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
- len); - len);
} else { } else {
if (arg > 13)
arg = 13;
memcpy(key->aux.tls_aad, ptr, arg); memcpy(key->aux.tls_aad, ptr, arg);
key->payload_length = arg; key->payload_length = arg;
+8 -2
View File
@@ -54,6 +54,7 @@
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
# include <openssl/crypto.h>
# include <openssl/evp.h> # include <openssl/evp.h>
# include <openssl/objects.h> # include <openssl/objects.h>
# include <openssl/rc4.h> # include <openssl/rc4.h>
@@ -210,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
MD5_Final(mac, &key->md); MD5_Final(mac, &key->md);
if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
return 0; return 0;
} else { } else {
MD5_Update(&key->md, out + md5_off, len - md5_off); MD5_Update(&key->md, out + md5_off, len - md5_off);
@@ -258,7 +259,12 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
case EVP_CTRL_AEAD_TLS1_AAD: case EVP_CTRL_AEAD_TLS1_AAD:
{ {
unsigned char *p = ptr; unsigned char *p = ptr;
unsigned int len = p[arg - 2] << 8 | p[arg - 1]; unsigned int len;
if (arg != EVP_AEAD_TLS1_AAD_LEN)
return -1;
len = p[arg - 2] << 8 | p[arg - 1];
if (!ctx->encrypt) { if (!ctx->encrypt) {
len -= MD5_DIGEST_LENGTH; len -= MD5_DIGEST_LENGTH;
+1 -1
View File
@@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
unsigned int total = 0; unsigned int total = 0;
*outl = 0; *outl = 0;
if (inl == 0) if (inl <= 0)
return; return;
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
if ((ctx->num + inl) < ctx->length) { if ((ctx->num + inl) < ctx->length) {
+3 -1
View File
@@ -103,7 +103,6 @@
# define EVP_PKS_RSA 0x0100 # define EVP_PKS_RSA 0x0100
# define EVP_PKS_DSA 0x0200 # define EVP_PKS_DSA 0x0200
# define EVP_PKS_EC 0x0400 # define EVP_PKS_EC 0x0400
# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
# define EVP_PKEY_NONE NID_undef # define EVP_PKEY_NONE NID_undef
# define EVP_PKEY_RSA NID_rsaEncryption # define EVP_PKEY_RSA NID_rsaEncryption
@@ -409,6 +408,9 @@ struct evp_cipher_st {
/* Set the GCM invocation field, decrypt only */ /* Set the GCM invocation field, decrypt only */
# define EVP_CTRL_GCM_SET_IV_INV 0x18 # define EVP_CTRL_GCM_SET_IV_INV 0x18
/* RFC 5246 defines additional data to be 13 bytes in length */
# define EVP_AEAD_TLS1_AAD_LEN 13
/* GCM TLS constants */ /* GCM TLS constants */
/* Length of fixed part of IV derived from PRF */ /* Length of fixed part of IV derived from PRF */
# define EVP_GCM_TLS_FIXED_IV_LEN 4 # define EVP_GCM_TLS_FIXED_IV_LEN 4
+3 -2
View File
@@ -82,8 +82,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
return 1; return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0; return 0;
if (EVP_CIPHER_CTX_iv_length(ctx)) if (EVP_CIPHER_CTX_iv_length(ctx)
RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)); && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
return 0;
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return 0; return 0;
+2
View File
@@ -61,6 +61,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+24 -4
View File
@@ -91,8 +91,14 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
if (md != NULL) { if (md != NULL) {
reset = 1; reset = 1;
ctx->md = md; ctx->md = md;
} else } else if (ctx->md) {
md = ctx->md; md = ctx->md;
} else {
return 0;
}
if (!ctx->key_init && key == NULL)
return 0;
if (key != NULL) { if (key != NULL) {
reset = 1; reset = 1;
@@ -107,13 +113,15 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
&ctx->key_length)) &ctx->key_length))
goto err; goto err;
} else { } else {
OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key)); if (len < 0 || len > (int)sizeof(ctx->key))
return 0;
memcpy(ctx->key, key, len); memcpy(ctx->key, key, len);
ctx->key_length = len; ctx->key_length = len;
} }
if (ctx->key_length != HMAC_MAX_MD_CBLOCK) if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
memset(&ctx->key[ctx->key_length], 0, memset(&ctx->key[ctx->key_length], 0,
HMAC_MAX_MD_CBLOCK - ctx->key_length); HMAC_MAX_MD_CBLOCK - ctx->key_length);
ctx->key_init = 1;
} }
if (reset) { if (reset) {
@@ -151,6 +159,9 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
if (FIPS_mode() && !ctx->i_ctx.engine) if (FIPS_mode() && !ctx->i_ctx.engine)
return FIPS_hmac_update(ctx, data, len); return FIPS_hmac_update(ctx, data, len);
#endif #endif
if (!ctx->key_init)
return 0;
return EVP_DigestUpdate(&ctx->md_ctx, data, len); return EVP_DigestUpdate(&ctx->md_ctx, data, len);
} }
@@ -163,6 +174,9 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
return FIPS_hmac_final(ctx, md, len); return FIPS_hmac_final(ctx, md, len);
#endif #endif
if (!ctx->key_init)
goto err;
if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
goto err; goto err;
if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))
@@ -181,6 +195,8 @@ void HMAC_CTX_init(HMAC_CTX *ctx)
EVP_MD_CTX_init(&ctx->i_ctx); EVP_MD_CTX_init(&ctx->i_ctx);
EVP_MD_CTX_init(&ctx->o_ctx); EVP_MD_CTX_init(&ctx->o_ctx);
EVP_MD_CTX_init(&ctx->md_ctx); EVP_MD_CTX_init(&ctx->md_ctx);
ctx->key_init = 0;
ctx->md = NULL;
} }
int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
@@ -191,8 +207,11 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
goto err; goto err;
if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
goto err; goto err;
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); dctx->key_init = sctx->key_init;
dctx->key_length = sctx->key_length; if (sctx->key_init) {
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
dctx->key_length = sctx->key_length;
}
dctx->md = sctx->md; dctx->md = sctx->md;
return 1; return 1;
err: err:
@@ -232,6 +251,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
HMAC_CTX_cleanup(&c); HMAC_CTX_cleanup(&c);
return md; return md;
err: err:
HMAC_CTX_cleanup(&c);
return NULL; return NULL;
} }
+1
View File
@@ -79,6 +79,7 @@ typedef struct hmac_ctx_st {
EVP_MD_CTX o_ctx; EVP_MD_CTX o_ctx;
unsigned int key_length; unsigned int key_length;
unsigned char key[HMAC_MAX_MD_CBLOCK]; unsigned char key[HMAC_MAX_MD_CBLOCK];
int key_init;
} HMAC_CTX; } HMAC_CTX;
# define HMAC_size(e) (EVP_MD_size((e)->md)) # define HMAC_size(e) (EVP_MD_size((e)->md))
+167 -7
View File
@@ -85,7 +85,7 @@ static struct test_st {
unsigned char data[64]; unsigned char data[64];
int data_len; int data_len;
unsigned char *digest; unsigned char *digest;
} test[4] = { } test[8] = {
{ {
"", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54, "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54,
(unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86", (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
@@ -113,10 +113,27 @@ static struct test_st {
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd
}, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6", }, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
}, },
{
"", 0, "My test data", 12,
(unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc"
},
{
"", 0, "My test data", 12,
(unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776"
},
{
"123456", 6, "My test data", 12,
(unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd"
},
{
"12345", 5, "My test data again", 12,
(unsigned char *)"7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb"
}
}; };
# endif # endif
static char *pt(unsigned char *md); static char *pt(unsigned char *md, unsigned int len);
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
# ifndef OPENSSL_NO_MD5 # ifndef OPENSSL_NO_MD5
@@ -124,6 +141,9 @@ int main(int argc, char *argv[])
char *p; char *p;
# endif # endif
int err = 0; int err = 0;
HMAC_CTX ctx, ctx2;
unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int len;
# ifdef OPENSSL_NO_MD5 # ifdef OPENSSL_NO_MD5
printf("test skipped: MD5 disabled\n"); printf("test skipped: MD5 disabled\n");
@@ -139,27 +159,167 @@ int main(int argc, char *argv[])
for (i = 0; i < 4; i++) { for (i = 0; i < 4; i++) {
p = pt(HMAC(EVP_md5(), p = pt(HMAC(EVP_md5(),
test[i].key, test[i].key_len, test[i].key, test[i].key_len,
test[i].data, test[i].data_len, NULL, NULL)); test[i].data, test[i].data_len, NULL, NULL),
MD5_DIGEST_LENGTH);
if (strcmp(p, (char *)test[i].digest) != 0) { if (strcmp(p, (char *)test[i].digest) != 0) {
printf("error calculating HMAC on %d entry'\n", i); printf("Error calculating HMAC on %d entry'\n", i);
printf("got %s instead of %s\n", p, test[i].digest); printf("got %s instead of %s\n", p, test[i].digest);
err++; err++;
} else } else
printf("test %d ok\n", i); printf("test %d ok\n", i);
} }
# endif /* OPENSSL_NO_MD5 */ # endif /* OPENSSL_NO_MD5 */
/* test4 */
HMAC_CTX_init(&ctx);
if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
err++;
goto test5;
}
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++;
goto test5;
}
if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with empty key (test 4)\n");
err++;
goto test5;
}
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
err++;
goto test5;
}
printf("test 4 ok\n");
test5:
HMAC_CTX_init(&ctx);
if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) {
printf("Should fail to initialise HMAC with empty MD (test 5)\n");
err++;
goto test6;
}
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
err++;
goto test6;
}
if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) {
printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
err++;
goto test6;
}
if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
printf("Error updating HMAC with data (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(&ctx, buf, &len)) {
printf("Error finalising data (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[4].digest) != 0) {
printf("Error calculating interim HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[4].digest);
err++;
goto test6;
}
if (!HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
printf("Failed to reinitialise HMAC (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) {
printf("Error updating HMAC with data (sha256) (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(&ctx, buf, &len)) {
printf("Error finalising data (sha256) (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[5].digest) != 0) {
printf("Error calculating 2nd interim HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[5].digest);
err++;
goto test6;
}
if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) {
printf("Failed to reinitialise HMAC with key (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) {
printf("Error updating HMAC with data (new key) (test 5)\n");
err++;
goto test6;
}
if (!HMAC_Final(&ctx, buf, &len)) {
printf("Error finalising data (new key) (test 5)\n");
err++;
goto test6;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[6].digest) != 0) {
printf("error calculating HMAC on test 5\n");
printf("got %s instead of %s\n", p, test[6].digest);
err++;
} else {
printf("test 5 ok\n");
}
test6:
HMAC_CTX_init(&ctx);
if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
printf("Failed to initialise HMAC (test 6)\n");
err++;
goto end;
}
if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) {
printf("Error updating HMAC with data (test 6)\n");
err++;
goto end;
}
if (!HMAC_CTX_copy(&ctx2, &ctx)) {
printf("Failed to copy HMAC_CTX (test 6)\n");
err++;
goto end;
}
if (!HMAC_Final(&ctx2, buf, &len)) {
printf("Error finalising data (test 6)\n");
err++;
goto end;
}
p = pt(buf, len);
if (strcmp(p, (char *)test[7].digest) != 0) {
printf("Error calculating HMAC on test 6\n");
printf("got %s instead of %s\n", p, test[7].digest);
err++;
} else {
printf("test 6 ok\n");
}
end:
EXIT(err); EXIT(err);
return (0); return (0);
} }
# ifndef OPENSSL_NO_MD5 # ifndef OPENSSL_NO_MD5
static char *pt(unsigned char *md) static char *pt(unsigned char *md, unsigned int len)
{ {
int i; unsigned int i;
static char buf[80]; static char buf[80];
for (i = 0; i < MD5_DIGEST_LENGTH; i++) for (i = 0; i < len; i++)
sprintf(&(buf[i * 2]), "%02x", md[i]); sprintf(&(buf[i * 2]), "%02x", md[i]);
return (buf); return (buf);
} }
+2
View File
@@ -61,6 +61,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2
View File
@@ -32,6 +32,8 @@ install:
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done; done;
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+2
View File
@@ -62,6 +62,8 @@ tests:
lint: lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff lint -DLINT $(INCLUDES) $(SRC)>fluff
update: depend
depend: depend:
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)

Some files were not shown because too many files have changed in this diff Show More