d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import OpenSSL 1.0.2o.

Browse Source
This commit is contained in:
jkim 2018-03-27 17:03:01 +00:00
parent a5d91b220f
commit 11cb1242eb
157 changed files with 952 additions and 810 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CHANGES
View File

@ -7,6 +7,21 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch. release branch.
Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
*) Constructed ASN.1 types with a recursive definition could exceed the stack
Constructed ASN.1 types with a recursive definition (such as can be found
in PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There
are no such structures used within SSL/TLS that come from untrusted sources
so this is considered safe.
This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
project.
(CVE-2018-0739)
[Matt Caswell]
Changes between 1.0.2m and 1.0.2n [7 Dec 2017] Changes between 1.0.2m and 1.0.2n [7 Dec 2017]
*) Read/write after SSL object in error state *) Read/write after SSL object in error state
@ -2012,8 +2027,11 @@
to work with OPENSSL_NO_SSL_INTERN defined. to work with OPENSSL_NO_SSL_INTERN defined.
[Steve Henson] [Steve Henson]
*) Add SRP support. *) A long standing patch to add support for SRP from EdelWeb (Peter
[Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] Sylvester and Christophe Renou) was integrated.
[Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
<peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
Ben Laurie]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson] [Steve Henson]

24
Configure
View File

@ -354,7 +354,7 @@ my %table=(
"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", "MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
# DEC Alpha OSF/1/Tru64 targets. # DEC Alpha OSF/1/Tru64 targets.
# #
@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags)) { $lflags=$postlflags; } if (defined($postlflags)) { $lflags=$postlflags; }
else { $lflags=$prelflags; undef $prelflags; } else { $lflags=$prelflags; undef $prelflags; }
if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
{ {
$cflags =~ s/\-mno\-cygwin\s*//; $cflags =~ s/\-mno\-cygwin\s*//;
$shared_ldflag =~ s/\-mno\-cygwin\s*//; $shared_ldflag =~ s/\-mno\-cygwin\s*//;
@ -1661,18 +1661,25 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2; $shlib_minor=$2;
} }
my $ecc = $cc; my %predefined;
$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
# collect compiler pre-defines from gcc or gcc-alike...
open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
while (<PIPE>) {
m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
$predefined{$1} = defined($2) ? $2 : "";
}
close(PIPE);
if ($strict_warnings) if ($strict_warnings)
{ {
my $wopt; my $wopt;
die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
foreach $wopt (split /\s+/, $gcc_devteam_warn) foreach $wopt (split /\s+/, $gcc_devteam_warn)
{ {
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
} }
if ($ecc eq "clang") if (defined($predefined{__clang__}))
{ {
foreach $wopt (split /\s+/, $clang_devteam_warn) foreach $wopt (split /\s+/, $clang_devteam_warn)
{ {
@ -1723,15 +1730,14 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/; s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
} }
else { else {
s/^CC=.*$/CC= $cc/; s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/; s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/; s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/; s/^RC=.*/RC= $windres/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
} }
s/^CFLAG=.*$/CFLAG= $cflags/; s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/;

4
FREEBSD-upgrade
View File

@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/VendorImports
# Xlist # Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://repo.freebsd.org/base" setenv FSVN "svn+ssh://repo.freebsd.org/base"
setenv OSSLVER 1.0.2n setenv OSSLVER 1.0.2o
# OSSLTAG format: v1_0_2n # OSSLTAG format: v1_0_2o
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`

2
LICENSE
View File

@ -12,7 +12,7 @@
--------------- ---------------
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions

4
Makefile
View File

@ -4,7 +4,7 @@
## Makefile for OpenSSL ## Makefile for OpenSSL
## ##
VERSION=1.0.2n VERSION=1.0.2o
MAJOR=1 MAJOR=1
MINOR=0.2 MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0 SHLIB_VERSION_NUMBER=1.0.0
@ -73,7 +73,7 @@ NM= nm
PERL= /usr/bin/perl PERL= /usr/bin/perl
TAR= tar TAR= tar
TARFLAGS= --no-recursion TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend MAKEDEPPROG= cc
LIBDIR=lib LIBDIR=lib
# We let the C compiler driver to take care of .s files. This is done in # We let the C compiler driver to take care of .s files. This is done in

5
NEWS
View File

@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
o Constructed ASN.1 types with a recursive definition could exceed the
stack (CVE-2018-0739)
Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]
o Read/write after SSL object in error state (CVE-2017-3737) o Read/write after SSL object in error state (CVE-2017-3737)

2
README
View File

@ -1,5 +1,5 @@
OpenSSL 1.0.2n 7 Dec 2017 OpenSSL 1.0.2o 27 Mar 2018
Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

4
apps/app_rand.c
View File

@ -128,7 +128,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
#endif #endif
if (file == NULL) if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer); file = RAND_file_name(buffer, sizeof(buffer));
else if (RAND_egd(file) > 0) { else if (RAND_egd(file) > 0) {
/* /*
* we try if the given filename is an EGD socket. if it is, we don't * we try if the given filename is an EGD socket. if it is, we don't
@ -203,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
return 0; return 0;
if (file == NULL) if (file == NULL)
file = RAND_file_name(buffer, sizeof buffer); file = RAND_file_name(buffer, sizeof(buffer));
if (file == NULL || !RAND_write_file(file)) { if (file == NULL || !RAND_write_file(file)) {
BIO_printf(bio_e, "unable to write 'random state'\n"); BIO_printf(bio_e, "unable to write 'random state'\n");
return 0; return 0;

62
apps/apps.c
View File

@ -1738,9 +1738,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
BUF_strlcpy(buf[0], serialfile, BSIZE); BUF_strlcpy(buf[0], serialfile, BSIZE);
else { else {
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
#else #else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
#endif #endif
} }
#ifdef RL_DEBUG #ifdef RL_DEBUG
@ -1789,14 +1789,14 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
goto err; goto err;
} }
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
#else #else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
#else #else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
#endif #endif
#ifdef RL_DEBUG #ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
@ -1877,9 +1877,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
goto err; goto err;
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile);
#else #else
BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile);
#endif #endif
dbattr_conf = NCONF_new(NULL); dbattr_conf = NCONF_new(NULL);
if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
@ -1967,19 +1967,19 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db)
goto err; goto err;
} }
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
#else #else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
#else #else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
#else #else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
#endif #endif
#ifdef RL_DEBUG #ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
@ -2028,29 +2028,29 @@ int rotate_index(const char *dbfile, const char *new_suffix,
goto err; goto err;
} }
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
#else #else
j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
#else #else
j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
#else #else
j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
#else #else
j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
#endif #endif
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
#else #else
j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
#endif #endif
#ifdef RL_DEBUG #ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]); BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]);
@ -2604,7 +2604,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
JPAKE_STEP3A_init(&s3a); JPAKE_STEP3A_init(&s3a);
JPAKE_STEP3A_generate(&s3a, ctx); JPAKE_STEP3A_generate(&s3a, ctx);
BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk));
(void)BIO_flush(bconn); (void)BIO_flush(bconn);
JPAKE_STEP3A_release(&s3a); JPAKE_STEP3A_release(&s3a);
} }
@ -2615,7 +2615,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
JPAKE_STEP3B_init(&s3b); JPAKE_STEP3B_init(&s3b);
JPAKE_STEP3B_generate(&s3b, ctx); JPAKE_STEP3B_generate(&s3b, ctx);
BIO_write(bconn, s3b.hk, sizeof s3b.hk); BIO_write(bconn, s3b.hk, sizeof(s3b.hk));
(void)BIO_flush(bconn); (void)BIO_flush(bconn);
JPAKE_STEP3B_release(&s3b); JPAKE_STEP3B_release(&s3b);
} }
@ -2625,7 +2625,7 @@ static void readbn(BIGNUM **bn, BIO *bconn)
char buf[10240]; char buf[10240];
int l; int l;
l = BIO_gets(bconn, buf, sizeof buf); l = BIO_gets(bconn, buf, sizeof(buf));
assert(l > 0); assert(l > 0);
assert(buf[l - 1] == '\n'); assert(buf[l - 1] == '\n');
buf[l - 1] = '\0'; buf[l - 1] = '\0';
@ -2672,8 +2672,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
int l; int l;
JPAKE_STEP3A_init(&s3a); JPAKE_STEP3A_init(&s3a);
l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk));
assert(l == sizeof s3a.hhk); assert(l == sizeof(s3a.hhk));
if (!JPAKE_STEP3A_process(ctx, &s3a)) { if (!JPAKE_STEP3A_process(ctx, &s3a)) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
exit(1); exit(1);
@ -2687,8 +2687,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
int l; int l;
JPAKE_STEP3B_init(&s3b); JPAKE_STEP3B_init(&s3b);
l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk));
assert(l == sizeof s3b.hk); assert(l == sizeof(s3b.hk));
if (!JPAKE_STEP3B_process(ctx, &s3b)) { if (!JPAKE_STEP3B_process(ctx, &s3b)) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
exit(1); exit(1);

237
apps/ca.c
View File

@ -1628,8 +1628,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
CONF *lconf, unsigned long certopt, unsigned long nameopt, CONF *lconf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign) int default_op, int ext_copy, int selfsign)
{ {
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
NULL;
ASN1_UTCTIME *tm, *tmptm; ASN1_UTCTIME *tm, *tmptm;
ASN1_STRING *str, *str2; ASN1_STRING *str, *str2;
ASN1_OBJECT *obj; ASN1_OBJECT *obj;
@ -1817,8 +1816,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (push != NULL) { if (push != NULL) {
if (!X509_NAME_add_entry(subject, push, -1, 0)) { if (!X509_NAME_add_entry(subject, push, -1, 0)) {
if (push != NULL)
X509_NAME_ENTRY_free(push);
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto err; goto err;
} }
@ -1836,104 +1833,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err; goto err;
} }
if (verbose)
BIO_printf(bio_err,
"The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject */
/*
* and add it later on because of the method extensions are added
* (altName)
*/
if (email_dn)
dn_subject = subject;
else {
X509_NAME_ENTRY *tmpne;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if (!(dn_subject = X509_NAME_dup(subject))) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
}
if (BN_is_zero(serial))
row[DB_serial] = BUF_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == 'E')
p = "Expired";
else if (rrow[DB_type][0] == 'R')
p = "Revoked";
else if (rrow[DB_type][0] == 'V')
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == 'R') {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto err;
}
/* We are now totally happy, lets make and sign the certificate */ /* We are now totally happy, lets make and sign the certificate */
if (verbose) if (verbose)
BIO_printf(bio_err, BIO_printf(bio_err,
@ -2056,10 +1955,124 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err; goto err;
} }
/* Set the right value for the noemailDN option */ if (verbose)
if (email_dn == 0) { BIO_printf(bio_err,
if (!X509_set_subject_name(ret, dn_subject)) "The subject name appears to be ok, checking data base for clashes\n");
/* Build the correct Subject if no e-mail is wanted in the subject */
if (!email_dn) {
X509_NAME_ENTRY *tmpne;
X509_NAME *dn_subject;
/*
* Its best to dup the subject DN and then delete any email addresses
* because this retains its structure.
*/
if (!(dn_subject = X509_NAME_dup(subject))) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err; goto err;
}
while ((i = X509_NAME_get_index_by_NID(dn_subject,
NID_pkcs9_emailAddress,
-1)) >= 0) {
tmpne = X509_NAME_get_entry(dn_subject, i);
X509_NAME_delete_entry(dn_subject, i);
X509_NAME_ENTRY_free(tmpne);
}
if (!X509_set_subject_name(ret, dn_subject)) {
X509_NAME_free(dn_subject);
goto err;
}
X509_NAME_free(dn_subject);
}
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
if (BN_is_zero(serial))
row[DB_serial] = BUF_strdup("00");
else
row[DB_serial] = BN_bn2hex(serial);
if (row[DB_serial] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
if (row[DB_name][0] == '\0') {
/*
* An empty subject! We'll use the serial number instead. If
* unique_subject is in use then we don't want different entries with
* empty subjects matching each other.
*/
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
if (row[DB_name] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
}
if (db->attributes.unique_subject) {
OPENSSL_STRING *crow = row;
rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:There is already a certificate for %s\n",
row[DB_name]);
}
}
if (rrow == NULL) {
rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
if (rrow != NULL) {
BIO_printf(bio_err,
"ERROR:Serial number %s has already been issued,\n",
row[DB_serial]);
BIO_printf(bio_err,
" check the database/serial_file for corruption\n");
}
}
if (rrow != NULL) {
BIO_printf(bio_err, "The matching entry has the following details\n");
if (rrow[DB_type][0] == 'E')
p = "Expired";
else if (rrow[DB_type][0] == 'R')
p = "Revoked";
else if (rrow[DB_type][0] == 'V')
p = "Valid";
else
p = "\ninvalid type, Data base error\n";
BIO_printf(bio_err, "Type :%s\n", p);;
if (rrow[DB_type][0] == 'R') {
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Was revoked on:%s\n", p);
}
p = rrow[DB_exp_date];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Expires on :%s\n", p);
p = rrow[DB_serial];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Serial Number :%s\n", p);
p = rrow[DB_file];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "File name :%s\n", p);
p = rrow[DB_name];
if (p == NULL)
p = "undef";
BIO_printf(bio_err, "Subject Name :%s\n", p);
ok = -1; /* This is now a 'bad' error. */
goto err;
} }
if (!default_op) { if (!default_op) {
@ -2110,10 +2123,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
row[DB_exp_date] = OPENSSL_malloc(tm->length + 1); row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
row[DB_rev_date] = OPENSSL_malloc(1); row[DB_rev_date] = OPENSSL_malloc(1);
row[DB_file] = OPENSSL_malloc(8); row[DB_file] = OPENSSL_malloc(8);
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_rev_date] == NULL) || (row[DB_rev_date] == NULL) ||
(row[DB_file] == NULL) || (row[DB_name] == NULL)) { (row[DB_file] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto err; goto err;
} }
@ -2143,18 +2155,16 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
irow = NULL; irow = NULL;
ok = 1; ok = 1;
err: err:
if (irow != NULL) { if (ok != 1) {
for (i = 0; i < DB_NUMBER; i++) for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]); OPENSSL_free(row[i]);
OPENSSL_free(irow);
} }
OPENSSL_free(irow);
if (CAname != NULL) if (CAname != NULL)
X509_NAME_free(CAname); X509_NAME_free(CAname);
if (subject != NULL) if (subject != NULL)
X509_NAME_free(subject); X509_NAME_free(subject);
if ((dn_subject != NULL) && !email_dn)
X509_NAME_free(dn_subject);
if (tmptm != NULL) if (tmptm != NULL)
ASN1_UTCTIME_free(tmptm); ASN1_UTCTIME_free(tmptm);
if (ok <= 0) { if (ok <= 0) {
@ -2357,6 +2367,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
else else
row[DB_serial] = BN_bn2hex(bn); row[DB_serial] = BN_bn2hex(bn);
BN_free(bn); BN_free(bn);
if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
/* Entries with empty Subjects actually use the serial number instead */
OPENSSL_free(row[DB_name]);
row[DB_name] = OPENSSL_strdup(row[DB_serial]);
}
if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
goto err; goto err;

2
apps/ciphers.c
View File

@ -217,7 +217,7 @@ int MAIN(int argc, char **argv)
BIO_printf(STDout, "%s - ", nm); BIO_printf(STDout, "%s - ", nm);
} }
#endif #endif
BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf)); BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf)));
} }
} }

10
apps/cms.c
View File

@ -4,7 +4,7 @@
* project. * project.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2008 The OpenSSL Project. All rights reserved. * Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -977,12 +977,16 @@ int MAIN(int argc, char **argv)
signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
e, "signer certificate"); e, "signer certificate");
if (!signer) if (!signer) {
ret = 2;
goto end; goto end;
}
key = load_key(bio_err, keyfile, keyform, 0, passin, e, key = load_key(bio_err, keyfile, keyform, 0, passin, e,
"signing key file"); "signing key file");
if (!key) if (!key) {
ret = 2;
goto end; goto end;
}
for (kparam = key_first; kparam; kparam = kparam->next) { for (kparam = key_first; kparam; kparam = kparam->next) {
if (kparam->idx == i) { if (kparam->idx == i) {
tflags |= CMS_KEY_PARAM; tflags |= CMS_KEY_PARAM;

2
apps/dgst.c
View File

@ -145,7 +145,7 @@ int MAIN(int argc, char **argv)
goto end; goto end;
/* first check the program name */ /* first check the program name */
program_name(argv[0], pname, sizeof pname); program_name(argv[0], pname, sizeof(pname));
md = EVP_get_digestbyname(pname); md = EVP_get_digestbyname(pname);

3
apps/dsaparam.c
View File

@ -382,6 +382,9 @@ int MAIN(int argc, char **argv)
printf("\treturn(dsa);\n\t}\n"); printf("\treturn(dsa);\n\t}\n");
} }
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) { if (!noout) {
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_DSAparams_bio(out, dsa); i = i2d_DSAparams_bio(out, dsa);

8
apps/ecparam.c
View File

@ -3,7 +3,7 @@
* Written by Nils Larsch for the OpenSSL project. * Written by Nils Larsch for the OpenSSL project.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -546,6 +546,9 @@ int MAIN(int argc, char **argv)
BIO_printf(out, "\treturn(group);\n\t}\n"); BIO_printf(out, "\treturn(group);\n\t}\n");
} }
if (outformat == FORMAT_ASN1 && genkey)
noout = 1;
if (!noout) { if (!noout) {
if (outformat == FORMAT_ASN1) if (outformat == FORMAT_ASN1)
i = i2d_ECPKParameters_bio(out, group); i = i2d_ECPKParameters_bio(out, group);
@ -582,6 +585,9 @@ int MAIN(int argc, char **argv)
if (EC_KEY_set_group(eckey, group) == 0) if (EC_KEY_set_group(eckey, group) == 0)
goto end; goto end;
if (new_form)
EC_KEY_set_conv_form(eckey, form);
if (!EC_KEY_generate_key(eckey)) { if (!EC_KEY_generate_key(eckey)) {
EC_KEY_free(eckey); EC_KEY_free(eckey);
goto end; goto end;

24
apps/enc.c
View File

@ -114,7 +114,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
static const char magic[] = "Salted__"; static const char magic[] = "Salted__";
char mbuf[sizeof magic - 1]; char mbuf[sizeof(magic) - 1];
char *strbuf = NULL; char *strbuf = NULL;
unsigned char *buff = NULL, *bufsize = NULL; unsigned char *buff = NULL, *bufsize = NULL;
int bsize = BSIZE, verbose = 0; int bsize = BSIZE, verbose = 0;
@ -154,7 +154,7 @@ int MAIN(int argc, char **argv)
goto end; goto end;
/* first check the program name */ /* first check the program name */
program_name(argv[0], pname, sizeof pname); program_name(argv[0], pname, sizeof(pname));
if (strcmp(pname, "base64") == 0) if (strcmp(pname, "base64") == 0)
base64 = 1; base64 = 1;
#ifdef ZLIB #ifdef ZLIB
@ -247,7 +247,7 @@ int MAIN(int argc, char **argv)
goto bad; goto bad;
} }
buf[0] = '\0'; buf[0] = '\0';
if (!fgets(buf, sizeof buf, infile)) { if (!fgets(buf, sizeof(buf), infile)) {
BIO_printf(bio_err, "unable to read key from '%s'\n", file); BIO_printf(bio_err, "unable to read key from '%s'\n", file);
goto bad; goto bad;
} }
@ -432,7 +432,7 @@ int MAIN(int argc, char **argv)
for (;;) { for (;;) {
char buf[200]; char buf[200];
BIO_snprintf(buf, sizeof buf, "enter %s %s password:", BIO_snprintf(buf, sizeof(buf), "enter %s %s password:",
OBJ_nid2ln(EVP_CIPHER_nid(cipher)), OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
(enc) ? "encryption" : "decryption"); (enc) ? "encryption" : "decryption");
strbuf[0] = '\0'; strbuf[0] = '\0';
@ -517,31 +517,31 @@ int MAIN(int argc, char **argv)
else { else {
if (enc) { if (enc) {
if (hsalt) { if (hsalt) {
if (!set_hex(hsalt, salt, sizeof salt)) { if (!set_hex(hsalt, salt, sizeof(salt))) {
BIO_printf(bio_err, "invalid hex salt value\n"); BIO_printf(bio_err, "invalid hex salt value\n");
goto end; goto end;
} }
} else if (RAND_bytes(salt, sizeof salt) <= 0) } else if (RAND_bytes(salt, sizeof(salt)) <= 0)
goto end; goto end;
/* /*
* If -P option then don't bother writing * If -P option then don't bother writing
*/ */
if ((printkey != 2) if ((printkey != 2)
&& (BIO_write(wbio, magic, && (BIO_write(wbio, magic,
sizeof magic - 1) != sizeof magic - 1 sizeof(magic) - 1) != sizeof(magic) - 1
|| BIO_write(wbio, || BIO_write(wbio,
(char *)salt, (char *)salt,
sizeof salt) != sizeof salt)) { sizeof(salt)) != sizeof(salt))) {
BIO_printf(bio_err, "error writing output file\n"); BIO_printf(bio_err, "error writing output file\n");
goto end; goto end;
} }
} else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
|| BIO_read(rbio, || BIO_read(rbio,
(unsigned char *)salt, (unsigned char *)salt,
sizeof salt) != sizeof salt) { sizeof(salt)) != sizeof(salt)) {
BIO_printf(bio_err, "error reading input file\n"); BIO_printf(bio_err, "error reading input file\n");
goto end; goto end;
} else if (memcmp(mbuf, magic, sizeof magic - 1)) { } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
BIO_printf(bio_err, "bad magic number\n"); BIO_printf(bio_err, "bad magic number\n");
goto end; goto end;
} }
@ -564,7 +564,7 @@ int MAIN(int argc, char **argv)
int siz = EVP_CIPHER_iv_length(cipher); int siz = EVP_CIPHER_iv_length(cipher);
if (siz == 0) { if (siz == 0) {
BIO_printf(bio_err, "warning: iv not use by this cipher\n"); BIO_printf(bio_err, "warning: iv not use by this cipher\n");
} else if (!set_hex(hiv, iv, sizeof iv)) { } else if (!set_hex(hiv, iv, sizeof(iv))) {
BIO_printf(bio_err, "invalid hex iv value\n"); BIO_printf(bio_err, "invalid hex iv value\n");
goto end; goto end;
} }

2
apps/errstr.c
View File

@ -108,7 +108,7 @@ int MAIN(int argc, char **argv)
for (i = 1; i < argc; i++) { for (i = 1; i < argc; i++) {
if (sscanf(argv[i], "%lx", &l)) { if (sscanf(argv[i], "%lx", &l)) {
ERR_error_string_n(l, buf, sizeof buf); ERR_error_string_n(l, buf, sizeof(buf));
printf("%s\n", buf); printf("%s\n", buf);
} else { } else {
printf("%s: bad error code\n", argv[i]); printf("%s: bad error code\n", argv[i]);

2
apps/ocsp.c
View File

@ -1195,7 +1195,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
*pcbio = cbio; *pcbio = cbio;
for (;;) { for (;;) {
len = BIO_gets(cbio, inbuf, sizeof inbuf); len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0) if (len <= 0)
return 1; return 1;
/* Look for "POST" signalling start of query */ /* Look for "POST" signalling start of query */

6
apps/openssl.c
View File

@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[])
prog = prog_init(); prog = prog_init();
/* first check the program name */ /* first check the program name */
program_name(Argv[0], pname, sizeof pname); program_name(Argv[0], pname, sizeof(pname));
f.name = pname; f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f); fp = lh_FUNCTION_retrieve(prog, &f);
@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[])
for (;;) { for (;;) {
ret = 0; ret = 0;
p = buf; p = buf;
n = sizeof buf; n = sizeof(buf);
i = 0; i = 0;
for (;;) { for (;;) {
p[0] = '\0'; p[0] = '\0';
@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void)
/* Purely so it looks nice when the user hits ? */ /* Purely so it looks nice when the user hits ? */
for (i = 0, f = functions; f->name != NULL; ++f, ++i) ; for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
qsort(functions, i, sizeof *functions, SortFnByName); qsort(functions, i, sizeof(*functions), SortFnByName);
if ((ret = lh_FUNCTION_new()) == NULL) if ((ret = lh_FUNCTION_new()) == NULL)
return (NULL); return (NULL);

14
apps/passwd.c
View File

@ -252,7 +252,7 @@ int MAIN(int argc, char **argv)
/* ignore rest of line */ /* ignore rest of line */
char trash[BUFSIZ]; char trash[BUFSIZ];
do do
r = BIO_gets(in, trash, sizeof trash); r = BIO_gets(in, trash, sizeof(trash));
while ((r > 0) && (!strchr(trash, '\n'))); while ((r > 0) && (!strchr(trash, '\n')));
} }
@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL); EVP_DigestFinal_ex(&md2, buf, NULL);
for (i = passwd_len; i > sizeof buf; i -= sizeof buf) for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf))
EVP_DigestUpdate(&md, buf, sizeof buf); EVP_DigestUpdate(&md, buf, sizeof(buf));
EVP_DigestUpdate(&md, buf, i); EVP_DigestUpdate(&md, buf, i);
n = passwd_len; n = passwd_len;
@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
for (i = 0; i < 1000; i++) { for (i = 0; i < 1000; i++) {
EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
(i & 1) ? passwd_len : sizeof buf); (i & 1) ? passwd_len : sizeof(buf));
if (i % 3) if (i % 3)
EVP_DigestUpdate(&md2, salt_out, salt_len); EVP_DigestUpdate(&md2, salt_out, salt_len);
if (i % 7) if (i % 7)
EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, passwd, passwd_len);
EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
(i & 1) ? sizeof buf : passwd_len); (i & 1) ? sizeof(buf) : passwd_len);
EVP_DigestFinal_ex(&md2, buf, NULL); EVP_DigestFinal_ex(&md2, buf, NULL);
} }
EVP_MD_CTX_cleanup(&md2); EVP_MD_CTX_cleanup(&md2);
@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
{ {
/* transform buf into output string */ /* transform buf into output string */
unsigned char buf_perm[sizeof buf]; unsigned char buf_perm[sizeof(buf)];
int dest, source; int dest, source;
char *output; char *output;
@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
buf_perm[15] = buf[11]; buf_perm[15] = buf[11];
# ifndef PEDANTIC /* Unfortunately, this generates a "no # ifndef PEDANTIC /* Unfortunately, this generates a "no
* effect" warning */ * effect" warning */
assert(16 == sizeof buf_perm); assert(16 == sizeof(buf_perm));
# endif # endif
output = salt_out + salt_len; output = salt_out + salt_len;

10
apps/pkcs12.c
View File

@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read MAC password"); CRYPTO_push_info("read MAC password");
# endif # endif
if (EVP_read_pw_string if (EVP_read_pw_string
(macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto end; goto end;
} }
@ -629,13 +629,13 @@ int MAIN(int argc, char **argv)
# endif # endif
if (!noprompt && if (!noprompt &&
EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:",
1)) { 1)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto export_end; goto export_end;
} }
if (!twopass) if (!twopass)
BUF_strlcpy(macpass, pass, sizeof macpass); BUF_strlcpy(macpass, pass, sizeof(macpass));
# ifdef CRYPTO_MDEBUG # ifdef CRYPTO_MDEBUG
CRYPTO_pop_info(); CRYPTO_pop_info();
@ -698,7 +698,7 @@ int MAIN(int argc, char **argv)
CRYPTO_push_info("read import password"); CRYPTO_push_info("read import password");
# endif # endif
if (!noprompt if (!noprompt
&& EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", && EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
0)) { 0)) {
BIO_printf(bio_err, "Can't read Password\n"); BIO_printf(bio_err, "Can't read Password\n");
goto end; goto end;
@ -708,7 +708,7 @@ int MAIN(int argc, char **argv)
# endif # endif
if (!twopass) if (!twopass)
BUF_strlcpy(macpass, pass, sizeof macpass); BUF_strlcpy(macpass, pass, sizeof(macpass));
if ((options & INFO) && p12->mac) if ((options & INFO) && p12->mac)
BIO_printf(bio_err, "MAC Iteration %ld\n", BIO_printf(bio_err, "MAC Iteration %ld\n",

4
apps/pkcs8.c
View File

@ -277,7 +277,7 @@ int MAIN(int argc, char **argv)
else { else {
p8pass = pass; p8pass = pass;
if (EVP_read_pw_string if (EVP_read_pw_string
(pass, sizeof pass, "Enter Encryption Password:", 1)) (pass, sizeof(pass), "Enter Encryption Password:", 1))
goto end; goto end;
} }
app_RAND_load_file(NULL, bio_err, 0); app_RAND_load_file(NULL, bio_err, 0);
@ -331,7 +331,7 @@ int MAIN(int argc, char **argv)
p8pass = passin; p8pass = passin;
else { else {
p8pass = pass; p8pass = pass;
EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0);
} }
p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
} }

2
apps/rand.c
View File

@ -198,7 +198,7 @@ int MAIN(int argc, char **argv)
chunk = num; chunk = num;
if (chunk > (int)sizeof(buf)) if (chunk > (int)sizeof(buf))
chunk = sizeof buf; chunk = sizeof(buf);
r = RAND_bytes(buf, chunk); r = RAND_bytes(buf, chunk);
if (r <= 0) if (r <= 0)
goto err; goto err;

36
apps/req.c
View File

@ -1193,7 +1193,7 @@ static int prompt_info(X509_REQ *req,
/* If OBJ not recognised ignore it */ /* If OBJ not recognised ignore it */
if ((nid = OBJ_txt2nid(type)) == NID_undef) if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start; goto start;
if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name) if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name)
>= (int)sizeof(buf)) { >= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name); BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0; return 0;
@ -1204,19 +1204,19 @@ static int prompt_info(X509_REQ *req,
def = ""; def = "";
} }
BIO_snprintf(buf, sizeof buf, "%s_value", v->name); BIO_snprintf(buf, sizeof(buf), "%s_value", v->name);
if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
ERR_clear_error(); ERR_clear_error();
value = NULL; value = NULL;
} }
BIO_snprintf(buf, sizeof buf, "%s_min", v->name); BIO_snprintf(buf, sizeof(buf), "%s_min", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) { if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
ERR_clear_error(); ERR_clear_error();
n_min = -1; n_min = -1;
} }
BIO_snprintf(buf, sizeof buf, "%s_max", v->name); BIO_snprintf(buf, sizeof(buf), "%s_max", v->name);
if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) { if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
ERR_clear_error(); ERR_clear_error();
n_max = -1; n_max = -1;
@ -1252,7 +1252,7 @@ static int prompt_info(X509_REQ *req,
if ((nid = OBJ_txt2nid(type)) == NID_undef) if ((nid = OBJ_txt2nid(type)) == NID_undef)
goto start2; goto start2;
if (BIO_snprintf(buf, sizeof buf, "%s_default", type) if (BIO_snprintf(buf, sizeof(buf), "%s_default", type)
>= (int)sizeof(buf)) { >= (int)sizeof(buf)) {
BIO_printf(bio_err, "Name '%s' too long\n", v->name); BIO_printf(bio_err, "Name '%s' too long\n", v->name);
return 0; return 0;
@ -1264,20 +1264,20 @@ static int prompt_info(X509_REQ *req,
def = ""; def = "";
} }
BIO_snprintf(buf, sizeof buf, "%s_value", type); BIO_snprintf(buf, sizeof(buf), "%s_value", type);
if ((value = NCONF_get_string(req_conf, attr_sect, buf)) if ((value = NCONF_get_string(req_conf, attr_sect, buf))
== NULL) { == NULL) {
ERR_clear_error(); ERR_clear_error();
value = NULL; value = NULL;
} }
BIO_snprintf(buf, sizeof buf, "%s_min", type); BIO_snprintf(buf, sizeof(buf), "%s_min", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) { if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
ERR_clear_error(); ERR_clear_error();
n_min = -1; n_min = -1;
} }
BIO_snprintf(buf, sizeof buf, "%s_max", type); BIO_snprintf(buf, sizeof(buf), "%s_max", type);
if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) { if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
ERR_clear_error(); ERR_clear_error();
n_max = -1; n_max = -1;
@ -1372,13 +1372,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def); BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err); (void)BIO_flush(bio_err);
if (value != NULL) { if (value != NULL) {
BUF_strlcpy(buf, value, sizeof buf); BUF_strlcpy(buf, value, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof buf); BUF_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value); BIO_printf(bio_err, "%s\n", value);
} else { } else {
buf[0] = '\0'; buf[0] = '\0';
if (!batch) { if (!batch) {
if (!fgets(buf, sizeof buf, stdin)) if (!fgets(buf, sizeof(buf), stdin))
return 0; return 0;
} else { } else {
buf[0] = '\n'; buf[0] = '\n';
@ -1391,8 +1391,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def,
else if (buf[0] == '\n') { else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0')) if ((def == NULL) || (def[0] == '\0'))
return (1); return (1);
BUF_strlcpy(buf, def, sizeof buf); BUF_strlcpy(buf, def, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof buf); BUF_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n')) } else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1); return (1);
@ -1431,13 +1431,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
BIO_printf(bio_err, "%s [%s]:", text, def); BIO_printf(bio_err, "%s [%s]:", text, def);
(void)BIO_flush(bio_err); (void)BIO_flush(bio_err);
if (value != NULL) { if (value != NULL) {
BUF_strlcpy(buf, value, sizeof buf); BUF_strlcpy(buf, value, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof buf); BUF_strlcat(buf, "\n", sizeof(buf));
BIO_printf(bio_err, "%s\n", value); BIO_printf(bio_err, "%s\n", value);
} else { } else {
buf[0] = '\0'; buf[0] = '\0';
if (!batch) { if (!batch) {
if (!fgets(buf, sizeof buf, stdin)) if (!fgets(buf, sizeof(buf), stdin))
return 0; return 0;
} else { } else {
buf[0] = '\n'; buf[0] = '\n';
@ -1450,8 +1450,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def,
else if (buf[0] == '\n') { else if (buf[0] == '\n') {
if ((def == NULL) || (def[0] == '\0')) if ((def == NULL) || (def[0] == '\0'))
return (1); return (1);
BUF_strlcpy(buf, def, sizeof buf); BUF_strlcpy(buf, def, sizeof(buf));
BUF_strlcat(buf, "\n", sizeof buf); BUF_strlcat(buf, "\n", sizeof(buf));
} else if ((buf[0] == '.') && (buf[1] == '\n')) } else if ((buf[0] == '.') && (buf[1] == '\n'))
return (1); return (1);

10
apps/s_client.c
View File

@ -2166,10 +2166,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)
BIO_printf(bio, "---\nCertificate chain\n"); BIO_printf(bio, "---\nCertificate chain\n");
for (i = 0; i < sk_X509_num(sk); i++) { for (i = 0; i < sk_X509_num(sk); i++) {
X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
buf, sizeof buf); buf, sizeof(buf));
BIO_printf(bio, "%2d s:%s\n", i, buf); BIO_printf(bio, "%2d s:%s\n", i, buf);
X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
buf, sizeof buf); buf, sizeof(buf));
BIO_printf(bio, " i:%s\n", buf); BIO_printf(bio, " i:%s\n", buf);
if (c_showcerts) if (c_showcerts)
PEM_write_bio_X509(bio, sk_X509_value(sk, i)); PEM_write_bio_X509(bio, sk_X509_value(sk, i));
@ -2184,9 +2184,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
/* Redundant if we showed the whole chain */ /* Redundant if we showed the whole chain */
if (!(c_showcerts && got_a_chain)) if (!(c_showcerts && got_a_chain))
PEM_write_bio_X509(bio, peer); PEM_write_bio_X509(bio, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio, "subject=%s\n", buf); BIO_printf(bio, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio, "issuer=%s\n", buf); BIO_printf(bio, "issuer=%s\n", buf);
} else } else
BIO_printf(bio, "no peer certificate available\n"); BIO_printf(bio, "no peer certificate available\n");
@ -2203,7 +2203,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
} else { } else {
BIO_printf(bio, "---\nNo client certificate CA names sent\n"); BIO_printf(bio, "---\nNo client certificate CA names sent\n");
} }
p = SSL_get_shared_ciphers(s, buf, sizeof buf); p = SSL_get_shared_ciphers(s, buf, sizeof(buf));
if (p != NULL) { if (p != NULL) {
/* /*
* This works only for SSL 2. In later protocol versions, the * This works only for SSL 2. In later protocol versions, the

10
apps/s_server.c
View File

@ -2008,7 +2008,7 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context, SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
sizeof s_server_session_id_context); sizeof(s_server_session_id_context));
/* Set DTLS cookie generation and verification callbacks */ /* Set DTLS cookie generation and verification callbacks */
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
@ -2019,7 +2019,7 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
SSL_CTX_set_session_id_context(ctx2, SSL_CTX_set_session_id_context(ctx2,
(void *)&s_server_session_id_context, (void *)&s_server_session_id_context,
sizeof s_server_session_id_context); sizeof(s_server_session_id_context));
tlsextcbp.biodebug = bio_s_out; tlsextcbp.biodebug = bio_s_out;
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
@ -2666,14 +2666,14 @@ static int init_ssl_connection(SSL *con)
if (peer != NULL) { if (peer != NULL) {
BIO_printf(bio_s_out, "Client certificate\n"); BIO_printf(bio_s_out, "Client certificate\n");
PEM_write_bio_X509(bio_s_out, peer); PEM_write_bio_X509(bio_s_out, peer);
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "subject=%s\n", buf); BIO_printf(bio_s_out, "subject=%s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
BIO_printf(bio_s_out, "issuer=%s\n", buf); BIO_printf(bio_s_out, "issuer=%s\n", buf);
X509_free(peer); X509_free(peer);
} }
if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL) if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL)
BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
ssl_print_sigalgs(bio_s_out, con); ssl_print_sigalgs(bio_s_out, con);

6
apps/s_socket.c
View File

@ -235,7 +235,7 @@ int init_client(int *sock, char *host, int port, int type)
{ {
unsigned char ip[4]; unsigned char ip[4];
memset(ip, '\0', sizeof ip); memset(ip, '\0', sizeof(ip));
if (!host_ip(host, &(ip[0]))) if (!host_ip(host, &(ip[0])))
return 0; return 0;
return init_client_ip(sock, ip, port, type); return init_client_ip(sock, ip, port, type);
@ -360,7 +360,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
# if defined SOL_SOCKET && defined SO_REUSEADDR # if defined SOL_SOCKET && defined SO_REUSEADDR
{ {
int j = 1; int j = 1;
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j));
} }
# endif # endif
if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
@ -595,7 +595,7 @@ static struct hostent *GetHostByName(char *name)
if (ret == NULL) if (ret == NULL)
return (NULL); return (NULL);
/* else add to cache */ /* else add to cache */
if (strlen(name) < sizeof ghbn_cache[0].name) { if (strlen(name) < sizeof(ghbn_cache[0].name)) {
strcpy(ghbn_cache[lowi].name, name); strcpy(ghbn_cache[lowi].name, name);
memcpy((char *)&(ghbn_cache[lowi].ent), ret, memcpy((char *)&(ghbn_cache[lowi].ent), ret,
sizeof(struct hostent)); sizeof(struct hostent));

6
apps/s_time.c
View File

@ -422,7 +422,7 @@ int MAIN(int argc, char **argv)
goto end; goto end;
if (s_www_path != NULL) { if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path); s_www_path);
SSL_write(scon, buf, strlen(buf)); SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
@ -481,7 +481,7 @@ int MAIN(int argc, char **argv)
} }
if (s_www_path != NULL) { if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path); BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path);
SSL_write(scon, buf, strlen(buf)); SSL_write(scon, buf, strlen(buf));
while (SSL_read(scon, buf, sizeof(buf)) > 0) ; while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
} }
@ -517,7 +517,7 @@ int MAIN(int argc, char **argv)
goto end; goto end;
if (s_www_path) { if (s_www_path) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n",
s_www_path); s_www_path);
SSL_write(scon, buf, strlen(buf)); SSL_write(scon, buf, strlen(buf));
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)

12
apps/speed.c
View File

@ -2091,7 +2091,7 @@ int MAIN(int argc, char **argv)
RAND_pseudo_bytes(buf, 20); RAND_pseudo_bytes(buf, 20);
# ifndef OPENSSL_NO_DSA # ifndef OPENSSL_NO_DSA
if (RAND_status() != 1) { if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1; rnd_fake = 1;
} }
for (j = 0; j < DSA_NUM; j++) { for (j = 0; j < DSA_NUM; j++) {
@ -2170,7 +2170,7 @@ int MAIN(int argc, char **argv)
# ifndef OPENSSL_NO_ECDSA # ifndef OPENSSL_NO_ECDSA
if (RAND_status() != 1) { if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1; rnd_fake = 1;
} }
for (j = 0; j < EC_NUM; j++) { for (j = 0; j < EC_NUM; j++) {
@ -2265,7 +2265,7 @@ int MAIN(int argc, char **argv)
# ifndef OPENSSL_NO_ECDH # ifndef OPENSSL_NO_ECDH
if (RAND_status() != 1) { if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
rnd_fake = 1; rnd_fake = 1;
} }
for (j = 0; j < EC_NUM; j++) { for (j = 0; j < EC_NUM; j++) {
@ -2588,7 +2588,7 @@ static char *sstrsep(char **string, const char *delim)
if (**string == 0) if (**string == 0)
return NULL; return NULL;
memset(isdelim, 0, sizeof isdelim); memset(isdelim, 0, sizeof(isdelim));
isdelim[0] = 1; isdelim[0] = 1;
while (*delim) { while (*delim) {
@ -2615,7 +2615,7 @@ static int do_multi(int multi)
int *fds; int *fds;
static char sep[] = ":"; static char sep[] = ":";
fds = malloc(multi * sizeof *fds); fds = malloc(multi * sizeof(*fds));
if (fds == NULL) { if (fds == NULL) {
fprintf(stderr, "Out of memory in speed (do_multi)\n"); fprintf(stderr, "Out of memory in speed (do_multi)\n");
exit(1); exit(1);
@ -2653,7 +2653,7 @@ static int do_multi(int multi)
char *p; char *p;
f = fdopen(fds[n], "r"); f = fdopen(fds[n], "r");
while (fgets(buf, sizeof buf, f)) { while (fgets(buf, sizeof(buf), f)) {
p = strchr(buf, '\n'); p = strchr(buf, '\n');
if (p) if (p)
*p = '\0'; *p = '\0';

4
apps/x509.c
View File

@ -817,10 +817,10 @@ int MAIN(int argc, char **argv)
char *m; char *m;
int y, z; int y, z;
X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf); X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
BIO_printf(STDout, "/* subject:%s */\n", buf); BIO_printf(STDout, "/* subject:%s */\n", buf);
m = X509_NAME_oneline(X509_get_issuer_name(x), buf, m = X509_NAME_oneline(X509_get_issuer_name(x), buf,
sizeof buf); sizeof(buf));
BIO_printf(STDout, "/* issuer :%s */\n", buf); BIO_printf(STDout, "/* issuer :%s */\n", buf);
z = i2d_X509(x, NULL); z = i2d_X509(x, NULL);

2
crypto/asn1/a_gentm.c
View File

@ -78,7 +78,7 @@ int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
ASN1_STRING tmpstr = *(ASN1_STRING *)a; ASN1_STRING tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length; len = tmpstr.length;
ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len);
tmpstr.data = tmp; tmpstr.data = tmp;
a = (ASN1_GENERALIZEDTIME *)&tmpstr; a = (ASN1_GENERALIZEDTIME *)&tmpstr;

4
crypto/asn1/a_mbstr.c
View File

@ -149,14 +149,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
if ((minsize > 0) && (nchar < minsize)) { if ((minsize > 0) && (nchar < minsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf); ERR_add_error_data(2, "minsize=", strbuf);
return -1; return -1;
} }
if ((maxsize > 0) && (nchar > maxsize)) { if ((maxsize > 0) && (nchar > maxsize)) {
ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf); ERR_add_error_data(2, "maxsize=", strbuf);
return -1; return -1;
} }

4
crypto/asn1/a_object.c
View File

@ -89,7 +89,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
{ {
int i, first, len = 0, c, use_bn; int i, first, len = 0, c, use_bn;
char ftmp[24], *tmp = ftmp; char ftmp[24], *tmp = ftmp;
int tmpsize = sizeof ftmp; int tmpsize = sizeof(ftmp);
const char *p; const char *p;
unsigned long l; unsigned long l;
BIGNUM *bl = NULL; BIGNUM *bl = NULL;
@ -226,7 +226,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
if ((a == NULL) || (a->data == NULL)) if ((a == NULL) || (a->data == NULL))
return (BIO_write(bp, "NULL", 4)); return (BIO_write(bp, "NULL", 4));
i = i2t_ASN1_OBJECT(buf, sizeof buf, a); i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
if (i > (int)(sizeof(buf) - 1)) { if (i > (int)(sizeof(buf) - 1)) {
p = OPENSSL_malloc(i + 1); p = OPENSSL_malloc(i + 1);
if (!p) if (!p)

8
crypto/asn1/a_strex.c
View File

@ -130,13 +130,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
if (c > 0xffffffffL) if (c > 0xffffffffL)
return -1; return -1;
if (c > 0xffff) { if (c > 0xffff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
if (!io_ch(arg, tmphex, 10)) if (!io_ch(arg, tmphex, 10))
return -1; return -1;
return 10; return 10;
} }
if (c > 0xff) { if (c > 0xff) {
BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
if (!io_ch(arg, tmphex, 6)) if (!io_ch(arg, tmphex, 6))
return -1; return -1;
return 6; return 6;
@ -236,7 +236,7 @@ static int do_buf(unsigned char *buf, int buflen,
if (type & BUF_TYPE_CONVUTF8) { if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6]; unsigned char utfbuf[6];
int utflen; int utflen;
utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
for (i = 0; i < utflen; i++) { for (i = 0; i < utflen; i++) {
/* /*
* We don't need to worry about setting orflags correctly * We don't need to worry about setting orflags correctly
@ -533,7 +533,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
if (fn_opt != XN_FLAG_FN_NONE) { if (fn_opt != XN_FLAG_FN_NONE) {
int objlen, fld_len; int objlen, fld_len;
if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
fld_len = 0; /* XXX: what should this be? */ fld_len = 0; /* XXX: what should this be? */
objbuf = objtmp; objbuf = objtmp;
} else { } else {

2
crypto/asn1/a_time.c
View File

@ -86,7 +86,7 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
tmpstr = *(ASN1_STRING *)a; tmpstr = *(ASN1_STRING *)a;
len = tmpstr.length; len = tmpstr.length;
ebcdic2ascii(tmp, tmpstr.data, ebcdic2ascii(tmp, tmpstr.data,
(len >= sizeof tmp) ? sizeof tmp : len); (len >= sizeof(tmp)) ? sizeof(tmp) : len);
tmpstr.data = tmp; tmpstr.data = tmp;
a = (ASN1_GENERALIZEDTIME *)&tmpstr; a = (ASN1_GENERALIZEDTIME *)&tmpstr;
} }

4
crypto/asn1/a_utctm.c
View File

@ -76,7 +76,7 @@ int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
ASN1_STRING x = *(ASN1_STRING *)a; ASN1_STRING x = *(ASN1_STRING *)a;
len = x.length; len = x.length;
ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); ebcdic2ascii(tmp, x.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len);
x.data = tmp; x.data = tmp;
return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
# endif # endif
@ -317,7 +317,7 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
struct tm tm; struct tm tm;
int offset; int offset;
memset(&tm, '\0', sizeof tm); memset(&tm, '\0', sizeof(tm));
# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') # define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
tm.tm_year = g2(s->data); tm.tm_year = g2(s->data);

1
crypto/asn1/asn1.h
View File

@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_NOT_UNIVERSAL 139
# define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_MSTRING_WRONG_TAG 140
# define ASN1_R_NESTED_ASN1_STRING 197 # define ASN1_R_NESTED_ASN1_STRING 197
# define ASN1_R_NESTED_TOO_DEEP 219
# define ASN1_R_NON_HEX_CHARACTERS 141 # define ASN1_R_NON_HEX_CHARACTERS 141
# define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ASCII_FORMAT 190
# define ASN1_R_NOT_ENOUGH_DATA 142 # define ASN1_R_NOT_ENOUGH_DATA 142

3
crypto/asn1/asn1_err.c
View File

@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */ /* crypto/asn1/asn1_err.c */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
{ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
{ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},

4
crypto/asn1/asn1_lib.c
View File

@ -456,8 +456,8 @@ void asn1_add_error(const unsigned char *address, int offset)
{ {
char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1]; char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1];
BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address); BIO_snprintf(buf1, sizeof(buf1), "%lu", (unsigned long)address);
BIO_snprintf(buf2, sizeof buf2, "%d", offset); BIO_snprintf(buf2, sizeof(buf2), "%d", offset);
ERR_add_error_data(4, "address=", buf1, " offset=", buf2); ERR_add_error_data(4, "address=", buf1, " offset=", buf2);
} }

8
crypto/asn1/asn1_par.c
View File

@ -87,13 +87,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
p = str; p = str;
if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag); BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag);
else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
BIO_snprintf(str, sizeof str, "cont [ %d ]", tag); BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag);
else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
BIO_snprintf(str, sizeof str, "appl [ %d ]", tag); BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag);
else if (tag > 30) else if (tag > 30)
BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag); BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag);
else else
p = ASN1_tag2str(tag); p = ASN1_tag2str(tag);

3
crypto/asn1/asn_mime.c
View File

@ -4,7 +4,7 @@
* project. * project.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -473,6 +473,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
sk_MIME_HEADER_pop_free(headers, mime_hdr_free); sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
sk_BIO_pop_free(parts, BIO_vfree);
return NULL; return NULL;
} }

4
crypto/asn1/t_x509a.c
View File

@ -81,7 +81,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
BIO_puts(out, ", "); BIO_puts(out, ", ");
else else
first = 0; first = 0;
OBJ_obj2txt(oidstr, sizeof oidstr, OBJ_obj2txt(oidstr, sizeof(oidstr),
sk_ASN1_OBJECT_value(aux->trust, i), 0); sk_ASN1_OBJECT_value(aux->trust, i), 0);
BIO_puts(out, oidstr); BIO_puts(out, oidstr);
} }
@ -96,7 +96,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
BIO_puts(out, ", "); BIO_puts(out, ", ");
else else
first = 0; first = 0;
OBJ_obj2txt(oidstr, sizeof oidstr, OBJ_obj2txt(oidstr, sizeof(oidstr),
sk_ASN1_OBJECT_value(aux->reject, i), 0); sk_ASN1_OBJECT_value(aux->reject, i), 0);
BIO_puts(out, oidstr); BIO_puts(out, oidstr);
} }

64
crypto/asn1/tasn_dec.c
View File

@ -4,7 +4,7 @@
* 2000. * 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -65,6 +65,14 @@
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/err.h> #include <openssl/err.h>
/*
* Constructed types with a recursive definition (such as can be found in PKCS7)
* could eventually exceed the stack given malicious input with excessive
* recursion. Therefore we limit the stack depth. This is the maximum number of
* recursive invocations of asn1_item_embed_d2i().
*/
#define ASN1_MAX_CONSTRUCTED_NEST 30
static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf); static int asn1_find_end(const unsigned char **in, long len, char inf);
@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
static int asn1_template_ex_d2i(ASN1_VALUE **pval, static int asn1_template_ex_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx); ASN1_TLC *ctx, int depth);
static int asn1_template_noexp_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx); ASN1_TLC *ctx, int depth);
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_ITEM *it, const ASN1_ITEM *it,
@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
{ {
ASN1_TLC c; ASN1_TLC c;
asn1_tlc_clear_nc(&c); asn1_tlc_clear_nc(&c);
return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0);
} }
/* /*
* Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
* tag mismatch return -1 to handle OPTIONAL * tag mismatch return -1 to handle OPTIONAL
*/ */
static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, long len, const ASN1_ITEM *it, int tag, int aclass,
const ASN1_ITEM *it, char opt, ASN1_TLC *ctx, int depth)
int tag, int aclass, char opt, ASN1_TLC *ctx)
{ {
const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_TEMPLATE *tt, *errtt = NULL;
const ASN1_COMPAT_FUNCS *cf; const ASN1_COMPAT_FUNCS *cf;
@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
else else
asn1_cb = 0; asn1_cb = 0;
if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP);
goto err;
}
switch (it->itype) { switch (it->itype) {
case ASN1_ITYPE_PRIMITIVE: case ASN1_ITYPE_PRIMITIVE:
if (it->templates) { if (it->templates) {
@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
goto err; goto err;
} }
return asn1_template_ex_d2i(pval, in, len, return asn1_template_ex_d2i(pval, in, len,
it->templates, opt, ctx); it->templates, opt, ctx, depth);
} }
return asn1_d2i_ex_primitive(pval, in, len, it, return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx); tag, aclass, opt, ctx);
@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
/* /*
* We mark field as OPTIONAL so its absence can be recognised. * We mark field as OPTIONAL so its absence can be recognised.
*/ */
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
/* If field not present, try the next one */ /* If field not present, try the next one */
if (ret == -1) if (ret == -1)
continue; continue;
@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
* attempt to read in field, allowing each to be OPTIONAL * attempt to read in field, allowing each to be OPTIONAL
*/ */
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
depth);
if (!ret) { if (!ret) {
errtt = seqtt; errtt = seqtt;
goto err; goto err;
@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
return 0; return 0;
} }
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx)
{
return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
}
/* /*
* Templates are handled with two separate functions. One handles any * Templates are handled with two separate functions. One handles any
* EXPLICIT tag and the other handles the rest. * EXPLICIT tag and the other handles the rest.
@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
static int asn1_template_ex_d2i(ASN1_VALUE **val, static int asn1_template_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long inlen, const unsigned char **in, long inlen,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx) ASN1_TLC *ctx, int depth)
{ {
int flags, aclass; int flags, aclass;
int ret; int ret;
@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
return 0; return 0;
} }
/* We've found the field so it can't be OPTIONAL now */ /* We've found the field so it can't be OPTIONAL now */
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
if (!ret) { if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0; return 0;
@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
} }
} }
} else } else
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
*in = p; *in = p;
return 1; return 1;
@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
static int asn1_template_noexp_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt, const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx) ASN1_TLC *ctx, int depth)
{ {
int flags, aclass; int flags, aclass;
int ret; int ret;
@ -665,8 +685,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
break; break;
} }
skfield = NULL; skfield = NULL;
if (!ASN1_item_ex_d2i(&skfield, &p, len, if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { -1, 0, 0, ctx, depth)) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR); ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;
@ -684,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
} }
} else if (flags & ASN1_TFLG_IMPTAG) { } else if (flags & ASN1_TFLG_IMPTAG) {
/* IMPLICIT tagging */ /* IMPLICIT tagging */
ret = ASN1_item_ex_d2i(val, &p, len, ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, aclass, opt, ctx, depth);
ctx);
if (!ret) { if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;
@ -694,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
return -1; return -1;
} else { } else {
/* Nothing special */ /* Nothing special */
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
depth);
if (!ret) { if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err; goto err;

2
crypto/asn1/tasn_prn.c
View File

@ -463,7 +463,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
ln = OBJ_nid2ln(OBJ_obj2nid(oid)); ln = OBJ_nid2ln(OBJ_obj2nid(oid));
if (!ln) if (!ln)
ln = ""; ln = "";
OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1); OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1);
if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
return 0; return 0;
return 1; return 1;

6
crypto/bf/bftest.c
View File

@ -462,9 +462,9 @@ static int test(void)
len = strlen(cbc_data) + 1; len = strlen(cbc_data) + 1;
BF_set_key(&key, 16, cbc_key); BF_set_key(&key, 16, cbc_key);
memset(cbc_in, 0, sizeof cbc_in); memset(cbc_in, 0, sizeof(cbc_in));
memset(cbc_out, 0, sizeof cbc_out); memset(cbc_out, 0, sizeof(cbc_out));
memcpy(iv, cbc_iv, sizeof iv); memcpy(iv, cbc_iv, sizeof(iv));
BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len, BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len,
&key, iv, BF_ENCRYPT); &key, iv, BF_ENCRYPT);
if (memcmp(cbc_out, cbc_ok, 32) != 0) { if (memcmp(cbc_out, cbc_ok, 32) != 0) {

41
crypto/bio/b_dump.c
View File

@ -64,7 +64,6 @@
#include "cryptlib.h" #include "cryptlib.h"
#include "bio_lcl.h" #include "bio_lcl.h"
#define TRUNCATE
#define DUMP_WIDTH 16 #define DUMP_WIDTH 16
#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
@ -79,17 +78,10 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
{ {
int ret = 0; int ret = 0;
char buf[288 + 1], tmp[20], str[128 + 1]; char buf[288 + 1], tmp[20], str[128 + 1];
int i, j, rows, trc; int i, j, rows;
unsigned char ch; unsigned char ch;
int dump_width; int dump_width;
trc = 0;
#ifdef TRUNCATE
for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--)
trc++;
#endif
if (indent < 0) if (indent < 0)
indent = 0; indent = 0;
if (indent) { if (indent) {
@ -104,50 +96,43 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
if ((rows * dump_width) < len) if ((rows * dump_width) < len)
rows++; rows++;
for (i = 0; i < rows; i++) { for (i = 0; i < rows; i++) {
BUF_strlcpy(buf, str, sizeof buf); BUF_strlcpy(buf, str, sizeof(buf));
BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width);
BUF_strlcat(buf, tmp, sizeof buf); BUF_strlcat(buf, tmp, sizeof(buf));
for (j = 0; j < dump_width; j++) { for (j = 0; j < dump_width; j++) {
if (((i * dump_width) + j) >= len) { if (((i * dump_width) + j) >= len) {
BUF_strlcat(buf, " ", sizeof buf); BUF_strlcat(buf, " ", sizeof(buf));
} else { } else {
ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch, BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch,
j == 7 ? '-' : ' '); j == 7 ? '-' : ' ');
BUF_strlcat(buf, tmp, sizeof buf); BUF_strlcat(buf, tmp, sizeof(buf));
} }
} }
BUF_strlcat(buf, " ", sizeof buf); BUF_strlcat(buf, " ", sizeof(buf));
for (j = 0; j < dump_width; j++) { for (j = 0; j < dump_width; j++) {
if (((i * dump_width) + j) >= len) if (((i * dump_width) + j) >= len)
break; break;
ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
#ifndef CHARSET_EBCDIC #ifndef CHARSET_EBCDIC
BIO_snprintf(tmp, sizeof tmp, "%c", BIO_snprintf(tmp, sizeof(tmp), "%c",
((ch >= ' ') && (ch <= '~')) ? ch : '.'); ((ch >= ' ') && (ch <= '~')) ? ch : '.');
#else #else
BIO_snprintf(tmp, sizeof tmp, "%c", BIO_snprintf(tmp, sizeof(tmp), "%c",
((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
? os_toebcdic[ch] ? os_toebcdic[ch]
: '.'); : '.');
#endif #endif
BUF_strlcat(buf, tmp, sizeof buf); BUF_strlcat(buf, tmp, sizeof(buf));
} }
BUF_strlcat(buf, "\n", sizeof buf); BUF_strlcat(buf, "\n", sizeof(buf));
/* /*
* if this is the last call then update the ddt_dump thing so that we * if this is the last call then update the ddt_dump thing so that we
* will move the selection point in the debug window * will move the selection point in the debug window
*/ */
ret += cb((void *)buf, strlen(buf), u); ret += cb((void *)buf, strlen(buf), u);
} }
#ifdef TRUNCATE return ret;
if (trc > 0) {
BIO_snprintf(buf, sizeof buf, "%s%04x - <SPACES/NULS>\n", str,
len + trc);
ret += cb((void *)buf, strlen(buf), u);
}
#endif
return (ret);
} }
#ifndef OPENSSL_NO_FP_API #ifndef OPENSSL_NO_FP_API

4
crypto/bio/b_print.c
View File

@ -663,7 +663,7 @@ fmtfp(char **sbuffer,
iconvert[iplace++] = "0123456789"[intpart % 10]; iconvert[iplace++] = "0123456789"[intpart % 10];
intpart = (intpart / 10); intpart = (intpart / 10);
} while (intpart && (iplace < (int)sizeof(iconvert))); } while (intpart && (iplace < (int)sizeof(iconvert)));
if (iplace == sizeof iconvert) if (iplace == sizeof(iconvert))
iplace--; iplace--;
iconvert[iplace] = 0; iconvert[iplace] = 0;
@ -672,7 +672,7 @@ fmtfp(char **sbuffer,
fconvert[fplace++] = "0123456789"[fracpart % 10]; fconvert[fplace++] = "0123456789"[fracpart % 10];
fracpart = (fracpart / 10); fracpart = (fracpart / 10);
} while (fplace < max); } while (fplace < max);
if (fplace == sizeof fconvert) if (fplace == sizeof(fconvert))
fplace--; fplace--;
fconvert[fplace] = 0; fconvert[fplace] = 0;

2
crypto/bio/bio_cb.c
View File

@ -76,7 +76,7 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
if (BIO_CB_RETURN & cmd) if (BIO_CB_RETURN & cmd)
r = ret; r = ret;
len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); len = BIO_snprintf(buf,sizeof(buf),"BIO[%p]: ",(void *)bio);
/* Ignore errors and continue printing the other information. */ /* Ignore errors and continue printing the other information. */
if (len < 0) if (len < 0)

2
crypto/bio/bss_bio.c
View File

@ -144,7 +144,7 @@ static int bio_new(BIO *bio)
{ {
struct bio_bio_st *b; struct bio_bio_st *b;
b = OPENSSL_malloc(sizeof *b); b = OPENSSL_malloc(sizeof(*b));
if (b == NULL) if (b == NULL)
return 0; return 0;

4
crypto/bio/bss_conn.c
View File

@ -481,7 +481,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
char buf[16]; char buf[16];
unsigned char *p = ptr; unsigned char *p = ptr;
BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d", BIO_snprintf(buf, sizeof(buf), "%d.%d.%d.%d",
p[0], p[1], p[2], p[3]); p[0], p[1], p[2], p[3]);
if (data->param_hostname != NULL) if (data->param_hostname != NULL)
OPENSSL_free(data->param_hostname); OPENSSL_free(data->param_hostname);
@ -490,7 +490,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
} else if (num == 3) { } else if (num == 3) {
char buf[DECIMAL_SIZE(int) + 1]; char buf[DECIMAL_SIZE(int) + 1];
BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr); BIO_snprintf(buf, sizeof(buf), "%d", *(int *)ptr);
if (data->param_port != NULL) if (data->param_port != NULL)
OPENSSL_free(data->param_port); OPENSSL_free(data->param_port);
data->param_port = BUF_strdup(buf); data->param_port = BUF_strdup(buf);

10
crypto/bio/bss_file.c
View File

@ -375,15 +375,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
b->shutdown = (int)num & BIO_CLOSE; b->shutdown = (int)num & BIO_CLOSE;
if (num & BIO_FP_APPEND) { if (num & BIO_FP_APPEND) {
if (num & BIO_FP_READ) if (num & BIO_FP_READ)
BUF_strlcpy(p, "a+", sizeof p); BUF_strlcpy(p, "a+", sizeof(p));
else else
BUF_strlcpy(p, "a", sizeof p); BUF_strlcpy(p, "a", sizeof(p));
} else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
BUF_strlcpy(p, "r+", sizeof p); BUF_strlcpy(p, "r+", sizeof(p));
else if (num & BIO_FP_WRITE) else if (num & BIO_FP_WRITE)
BUF_strlcpy(p, "w", sizeof p); BUF_strlcpy(p, "w", sizeof(p));
else if (num & BIO_FP_READ) else if (num & BIO_FP_READ)
BUF_strlcpy(p, "r", sizeof p); BUF_strlcpy(p, "r", sizeof(p));
else { else {
BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE); BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);
ret = 0; ret = 0;

8
crypto/bn/bn_exp.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -727,7 +727,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
top = m->top; top = m->top;
bits = BN_num_bits(p); /*
* Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak
* whether the top bits are zero.
*/
bits = p->top * BN_BITS2;
if (bits == 0) { if (bits == 0) {
/* x**0 mod 1 is still zero. */ /* x**0 mod 1 is still zero. */
if (BN_is_one(m)) { if (BN_is_one(m)) {

108
crypto/bn/bn_lib.c
View File

@ -144,74 +144,47 @@ const BIGNUM *BN_value_one(void)
int BN_num_bits_word(BN_ULONG l) int BN_num_bits_word(BN_ULONG l)
{ {
static const unsigned char bits[256] = { BN_ULONG x, mask;
0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, int bits = (l != 0);
5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
};
#if defined(SIXTY_FOUR_BIT_LONG) #if BN_BITS2 > 32
if (l & 0xffffffff00000000L) { x = l >> 32;
if (l & 0xffff000000000000L) { mask = (0 - x) & BN_MASK2;
if (l & 0xff00000000000000L) { mask = (0 - (mask >> (BN_BITS2 - 1)));
return (bits[(int)(l >> 56)] + 56); bits += 32 & mask;
} else l ^= (x ^ l) & mask;
return (bits[(int)(l >> 48)] + 48);
} else {
if (l & 0x0000ff0000000000L) {
return (bits[(int)(l >> 40)] + 40);
} else
return (bits[(int)(l >> 32)] + 32);
}
} else
#else
# ifdef SIXTY_FOUR_BIT
if (l & 0xffffffff00000000LL) {
if (l & 0xffff000000000000LL) {
if (l & 0xff00000000000000LL) {
return (bits[(int)(l >> 56)] + 56);
} else
return (bits[(int)(l >> 48)] + 48);
} else {
if (l & 0x0000ff0000000000LL) {
return (bits[(int)(l >> 40)] + 40);
} else
return (bits[(int)(l >> 32)] + 32);
}
} else
# endif
#endif #endif
{
#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) x = l >> 16;
if (l & 0xffff0000L) { mask = (0 - x) & BN_MASK2;
if (l & 0xff000000L) mask = (0 - (mask >> (BN_BITS2 - 1)));
return (bits[(int)(l >> 24L)] + 24); bits += 16 & mask;
else l ^= (x ^ l) & mask;
return (bits[(int)(l >> 16L)] + 16);
} else x = l >> 8;
#endif mask = (0 - x) & BN_MASK2;
{ mask = (0 - (mask >> (BN_BITS2 - 1)));
#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) bits += 8 & mask;
if (l & 0xff00L) l ^= (x ^ l) & mask;
return (bits[(int)(l >> 8)] + 8);
else x = l >> 4;
#endif mask = (0 - x) & BN_MASK2;
return (bits[(int)(l)]); mask = (0 - (mask >> (BN_BITS2 - 1)));
} bits += 4 & mask;
} l ^= (x ^ l) & mask;
x = l >> 2;
mask = (0 - x) & BN_MASK2;
mask = (0 - (mask >> (BN_BITS2 - 1)));
bits += 2 & mask;
l ^= (x ^ l) & mask;
x = l >> 1;
mask = (0 - x) & BN_MASK2;
mask = (0 - (mask >> (BN_BITS2 - 1)));
bits += 1 & mask;
return bits;
} }
int BN_num_bits(const BIGNUM *a) int BN_num_bits(const BIGNUM *a)
@ -524,9 +497,6 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif #endif
if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
BN_set_flags(a, BN_FLG_CONSTTIME);
a->top = b->top; a->top = b->top;
a->neg = b->neg; a->neg = b->neg;
bn_check_top(a); bn_check_top(a);

79
crypto/bn/bn_mont.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -207,26 +207,13 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
r->top = max; r->top = max;
n0 = mont->n0[0]; n0 = mont->n0[0];
# ifdef BN_COUNT /*
fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl); * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On
# endif * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r|
* includes |carry| which is stored separately.
*/
for (carry = 0, i = 0; i < nl; i++, rp++) { for (carry = 0, i = 0; i < nl; i++, rp++) {
# ifdef __TANDEM
{
long long t1;
long long t2;
long long t3;
t1 = rp[0] * (n0 & 0177777);
t2 = 037777600000l;
t2 = n0 & t2;
t3 = rp[0] & 0177777;
t2 = (t3 * t2) & BN_MASK2;
t1 = t1 + t2;
v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1);
}
# else
v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
# endif
v = (v + carry + rp[nl]) & BN_MASK2; v = (v + carry + rp[nl]) & BN_MASK2;
carry |= (v != rp[nl]); carry |= (v != rp[nl]);
carry &= (v <= rp[nl]); carry &= (v <= rp[nl]);
@ -239,46 +226,24 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
ret->neg = r->neg; ret->neg = r->neg;
rp = ret->d; rp = ret->d;
/*
* Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap|
* includes |carry| which is stored separately.
*/
ap = &(r->d[nl]); ap = &(r->d[nl]);
# define BRANCH_FREE 1 /*
# if BRANCH_FREE * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v|
{ * cannot be -1. That would imply the subtraction did not fit in |nl| words,
BN_ULONG *nrp; * and we know at most one subtraction is needed.
size_t m; */
v = bn_sub_words(rp, ap, np, nl) - carry;
v = bn_sub_words(rp, ap, np, nl) - carry; v = 0 - v;
/* for (i = 0; i < nl; i++) {
* if subtraction result is real, then trick unconditional memcpy rp[i] = (v & ap[i]) | (~v & rp[i]);
* below to perform in-place "refresh" instead of actual copy. ap[i] = 0;
*/
m = (0 - (size_t)v);
nrp =
(BN_ULONG *)(((PTR_SIZE_INT) rp & ~m) | ((PTR_SIZE_INT) ap & m));
for (i = 0, nl -= 4; i < nl; i += 4) {
BN_ULONG t1, t2, t3, t4;
t1 = nrp[i + 0];
t2 = nrp[i + 1];
t3 = nrp[i + 2];
ap[i + 0] = 0;
t4 = nrp[i + 3];
ap[i + 1] = 0;
rp[i + 0] = t1;
ap[i + 2] = 0;
rp[i + 1] = t2;
ap[i + 3] = 0;
rp[i + 2] = t3;
rp[i + 3] = t4;
}
for (nl += 4; i < nl; i++)
rp[i] = nrp[i], ap[i] = 0;
} }
# else
if (bn_sub_words(rp, ap, np, nl) - carry)
memcpy(rp, ap, nl * sizeof(BN_ULONG));
# endif
bn_correct_top(r); bn_correct_top(r);
bn_correct_top(ret); bn_correct_top(ret);
bn_check_top(ret); bn_check_top(ret);
@ -382,6 +347,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
R = &(mont->RR); /* grab RR as a temp */ R = &(mont->RR); /* grab RR as a temp */
if (!BN_copy(&(mont->N), mod)) if (!BN_copy(&(mont->N), mod))
goto err; /* Set N */ goto err; /* Set N */
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
mont->N.neg = 0; mont->N.neg = 0;
#ifdef MONT_WORD #ifdef MONT_WORD

4
crypto/bn/bn_print.c
View File

@ -391,10 +391,10 @@ char *BN_options(void)
if (!init) { if (!init) {
init++; init++;
#ifdef BN_LLONG #ifdef BN_LLONG
BIO_snprintf(data, sizeof data, "bn(%d,%d)", BIO_snprintf(data, sizeof(data), "bn(%d,%d)",
(int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
#else #else
BIO_snprintf(data, sizeof data, "bn(%d,%d)", BIO_snprintf(data, sizeof(data), "bn(%d,%d)",
(int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
#endif #endif
} }

2
crypto/bn/bntest.c
View File

@ -148,7 +148,7 @@ int main(int argc, char *argv[])
results = 0; results = 0;
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */
argc--; argc--;
argv++; argv++;

2
crypto/bn/expspeed.c
View File

@ -198,7 +198,7 @@ static int mul_c[NUM_SIZES] =
* static int sizes[NUM_SIZES]={59,179,299,419,539}; * static int sizes[NUM_SIZES]={59,179,299,419,539};
*/ */
#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); } #define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof(str)); }
void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx); void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx);

8
crypto/bn/exptest.c
View File

@ -183,9 +183,11 @@ int main(int argc, char *argv[])
unsigned char c; unsigned char c;
BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m; BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m;
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we /*
* don't even check its return * Seed or BN_rand may fail, and we don't even check its return
* value (which we should) */ * value (which we should)
*/
RAND_seed(rnd_seed, sizeof(rnd_seed));
ERR_load_BN_strings(); ERR_load_BN_strings();

2
crypto/conf/conf_def.c
View File

@ -423,7 +423,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
OPENSSL_free(section); OPENSSL_free(section);
if (line != NULL) if (line != NULL)
*line = eline; *line = eline;
BIO_snprintf(btmp, sizeof btmp, "%ld", eline); BIO_snprintf(btmp, sizeof(btmp), "%ld", eline);
ERR_add_error_data(2, "line ", btmp); ERR_add_error_data(2, "line ", btmp);
if ((h != conf->data) && (conf->data != NULL)) { if ((h != conf->data) && (conf->data != NULL)) {
CONF_free(conf->data); CONF_free(conf->data);

2
crypto/conf/conf_mod.c
View File

@ -221,7 +221,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
if (!(flags & CONF_MFLAGS_SILENT)) { if (!(flags & CONF_MFLAGS_SILENT)) {
char rcode[DECIMAL_SIZE(ret) + 1]; char rcode[DECIMAL_SIZE(ret) + 1];
CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret);
ERR_add_error_data(6, "module=", name, ", value=", value, ERR_add_error_data(6, "module=", name, ", value=", value,
", retcode=", rcode); ", retcode=", rcode);
} }

4
crypto/des/destest.c
View File

@ -398,7 +398,7 @@ int main(int argc, char *argv[])
i = strlen((char *)cbc_data) + 1; i = strlen((char *)cbc_data) + 1;
/* i=((i+7)/8)*8; */ /* i=((i+7)/8)*8; */
memcpy(iv3, cbc_iv, sizeof(cbc_iv)); memcpy(iv3, cbc_iv, sizeof(cbc_iv));
memset(iv2, '\0', sizeof iv2); memset(iv2, '\0', sizeof(iv2));
DES_ede3_cbcm_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, &iv2, DES_ede3_cbcm_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, &iv2,
DES_ENCRYPT); DES_ENCRYPT);
@ -412,7 +412,7 @@ int main(int argc, char *argv[])
} }
*/ */
memcpy(iv3, cbc_iv, sizeof(cbc_iv)); memcpy(iv3, cbc_iv, sizeof(cbc_iv));
memset(iv2, '\0', sizeof iv2); memset(iv2, '\0', sizeof(iv2));
DES_ede3_cbcm_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, &iv2, DES_ede3_cbcm_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, &iv2,
DES_DECRYPT); DES_DECRYPT);
if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {

2
crypto/des/ecb_enc.c
View File

@ -96,7 +96,7 @@ const char *DES_options(void)
size = "int"; size = "int";
else else
size = "long"; size = "long";
BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll, BIO_snprintf(buf, sizeof(buf), "des(%s,%s,%s,%s)", ptr, risc, unroll,
size); size);
init = 0; init = 0;
} }

4
crypto/des/fcrypt.c
View File

@ -80,10 +80,10 @@ char *DES_crypt(const char *buf, const char *salt)
e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0'; e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
/* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
ebcdic2ascii(e_salt, e_salt, sizeof e_salt); ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
/* Convert the cleartext password to ASCII */ /* Convert the cleartext password to ASCII */
ebcdic2ascii(e_buf, e_buf, sizeof e_buf); ebcdic2ascii(e_buf, e_buf, sizeof(e_buf));
/* Encrypt it (from/to ASCII) */ /* Encrypt it (from/to ASCII) */
ret = DES_fcrypt(e_buf, e_salt, buff); ret = DES_fcrypt(e_buf, e_salt, buff);

2
crypto/des/read_pwd.c
View File

@ -434,7 +434,7 @@ static void pushsig(void)
# ifdef SIGACTION # ifdef SIGACTION
struct sigaction sa; struct sigaction sa;
memset(&sa, 0, sizeof sa); memset(&sa, 0, sizeof(sa));
sa.sa_handler = recsig; sa.sa_handler = recsig;
# endif # endif

2
crypto/des/set_key.c
View File

@ -377,7 +377,7 @@ void private_DES_set_key_unchecked(const_DES_cblock *key,
register int i; register int i;
#ifdef OPENBSD_DEV_CRYPTO #ifdef OPENBSD_DEV_CRYPTO
memcpy(schedule->key, key, sizeof schedule->key); memcpy(schedule->key, key, sizeof(schedule->key));
schedule->session = NULL; schedule->session = NULL;
#endif #endif
k = &schedule->ks->deslong[0]; k = &schedule->ks->deslong[0];

2
crypto/dh/dhtest.c
View File

@ -116,7 +116,7 @@ int main(int argc, char *argv[])
CRYPTO_malloc_init(); CRYPTO_malloc_init();
# endif # endif
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL)

2
crypto/dsa/dsatest.c
View File

@ -157,7 +157,7 @@ int main(int argc, char **argv)
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings(); ERR_load_crypto_strings();
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
BIO_printf(bio_err, "test generation of DSA parameters\n"); BIO_printf(bio_err, "test generation of DSA parameters\n");

10
crypto/ec/ec_lib.c
View File

@ -85,7 +85,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
return NULL; return NULL;
} }
ret = OPENSSL_malloc(sizeof *ret); ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL) { if (ret == NULL) {
ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
@ -164,7 +164,7 @@ void EC_GROUP_clear_free(EC_GROUP *group)
OPENSSL_free(group->seed); OPENSSL_free(group->seed);
} }
OPENSSL_cleanse(group, sizeof *group); OPENSSL_cleanse(group, sizeof(*group));
OPENSSL_free(group); OPENSSL_free(group);
} }
@ -575,7 +575,7 @@ int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
/* no explicit entry needed */ /* no explicit entry needed */
return 1; return 1;
d = OPENSSL_malloc(sizeof *d); d = OPENSSL_malloc(sizeof(*d));
if (d == NULL) if (d == NULL)
return 0; return 0;
@ -712,7 +712,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group)
return NULL; return NULL;
} }
ret = OPENSSL_malloc(sizeof *ret); ret = OPENSSL_malloc(sizeof(*ret));
if (ret == NULL) { if (ret == NULL) {
ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
@ -747,7 +747,7 @@ void EC_POINT_clear_free(EC_POINT *point)
point->meth->point_clear_finish(point); point->meth->point_clear_finish(point);
else if (point->meth->point_finish != 0) else if (point->meth->point_finish != 0)
point->meth->point_finish(point); point->meth->point_finish(point);
OPENSSL_cleanse(point, sizeof *point); OPENSSL_cleanse(point, sizeof(*point));
OPENSSL_free(point); OPENSSL_free(point);
} }

16
crypto/ec/ec_mult.c
View File

@ -169,11 +169,11 @@ static void ec_pre_comp_clear_free(void *pre_)
for (p = pre->points; *p != NULL; p++) { for (p = pre->points; *p != NULL; p++) {
EC_POINT_clear_free(*p); EC_POINT_clear_free(*p);
OPENSSL_cleanse(p, sizeof *p); OPENSSL_cleanse(p, sizeof(*p));
} }
OPENSSL_free(pre->points); OPENSSL_free(pre->points);
} }
OPENSSL_cleanse(pre, sizeof *pre); OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre); OPENSSL_free(pre);
} }
@ -430,11 +430,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
totalnum = num + numblocks; totalnum = num + numblocks;
wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0]));
wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0]));
wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space /* include space for pivot */
* for pivot */ wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0]));
val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0]));
/* Ensure wNAF is initialised in case we end up going to err */ /* Ensure wNAF is initialised in case we end up going to err */
if (wNAF) if (wNAF)
@ -580,7 +580,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
* 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a
* subarray of 'pre_comp->points' if we already have precomputation. * subarray of 'pre_comp->points' if we already have precomputation.
*/ */
val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); val = OPENSSL_malloc((num_val + 1) * sizeof(val[0]));
if (val == NULL) { if (val == NULL) {
ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
goto err; goto err;

15
crypto/ec/ecp_nistp224.c
View File

@ -48,7 +48,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit
typedef uint8_t u8; typedef uint8_t u8;
typedef uint64_t u64; typedef uint64_t u64;
typedef int64_t s64;
/******************************************************************************/ /******************************************************************************/
/*- /*-
@ -351,9 +350,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn)
unsigned num_bytes; unsigned num_bytes;
/* BN_bn2bin eats leading zeroes */ /* BN_bn2bin eats leading zeroes */
memset(b_out, 0, sizeof b_out); memset(b_out, 0, sizeof(b_out));
num_bytes = BN_num_bytes(bn); num_bytes = BN_num_bytes(bn);
if (num_bytes > sizeof b_out) { if (num_bytes > sizeof(b_out)) {
ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
return 0; return 0;
} }
@ -372,8 +371,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
{ {
felem_bytearray b_in, b_out; felem_bytearray b_in, b_out;
felem_to_bin28(b_in, in); felem_to_bin28(b_in, in);
flip_endian(b_out, b_in, sizeof b_out); flip_endian(b_out, b_in, sizeof(b_out));
return BN_bin2bn(b_out, sizeof b_out, out); return BN_bin2bn(b_out, sizeof(b_out), out);
} }
/******************************************************************************/ /******************************************************************************/
@ -1234,7 +1233,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
static NISTP224_PRE_COMP *nistp224_pre_comp_new() static NISTP224_PRE_COMP *nistp224_pre_comp_new()
{ {
NISTP224_PRE_COMP *ret = NULL; NISTP224_PRE_COMP *ret = NULL;
ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof *ret); ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof(*ret));
if (!ret) { if (!ret) {
ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret; return ret;
@ -1281,7 +1280,7 @@ static void nistp224_pre_comp_clear_free(void *pre_)
if (i > 0) if (i > 0)
return; return;
OPENSSL_cleanse(pre, sizeof *pre); OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre); OPENSSL_free(pre);
} }
@ -1568,7 +1567,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
/* the scalar for the generator */ /* the scalar for the generator */
if ((scalar != NULL) && (have_pre_comp)) { if ((scalar != NULL) && (have_pre_comp)) {
memset(g_secret, 0, sizeof g_secret); memset(g_secret, 0, sizeof(g_secret));
/* reduce scalar to 0 <= scalar < 2^224 */ /* reduce scalar to 0 <= scalar < 2^224 */
if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) { if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) {
/* /*

41
crypto/ec/ecp_nistp256.c
View File

@ -51,7 +51,6 @@ typedef __int128_t int128_t;
typedef uint8_t u8; typedef uint8_t u8;
typedef uint32_t u32; typedef uint32_t u32;
typedef uint64_t u64; typedef uint64_t u64;
typedef int64_t s64;
/* /*
* The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We * The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We
@ -161,9 +160,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn)
unsigned num_bytes; unsigned num_bytes;
/* BN_bn2bin eats leading zeroes */ /* BN_bn2bin eats leading zeroes */
memset(b_out, 0, sizeof b_out); memset(b_out, 0, sizeof(b_out));
num_bytes = BN_num_bytes(bn); num_bytes = BN_num_bytes(bn);
if (num_bytes > sizeof b_out) { if (num_bytes > sizeof(b_out)) {
ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
return 0; return 0;
} }
@ -182,8 +181,8 @@ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in)
{ {
felem_bytearray b_in, b_out; felem_bytearray b_in, b_out;
smallfelem_to_bin32(b_in, in); smallfelem_to_bin32(b_in, in);
flip_endian(b_out, b_in, sizeof b_out); flip_endian(b_out, b_in, sizeof(b_out));
return BN_bin2bn(b_out, sizeof b_out, out); return BN_bin2bn(b_out, sizeof(b_out), out);
} }
/*- /*-
@ -392,7 +391,7 @@ static void felem_shrink(smallfelem out, const felem in)
{ {
felem tmp; felem tmp;
u64 a, b, mask; u64 a, b, mask;
s64 high, low; u64 high, low;
static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */ static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */
/* Carry 2->3 */ /* Carry 2->3 */
@ -433,29 +432,31 @@ static void felem_shrink(smallfelem out, const felem in)
* In order to make space in tmp[3] for the carry from 2 -> 3, we * In order to make space in tmp[3] for the carry from 2 -> 3, we
* conditionally subtract kPrime if tmp[3] is large enough. * conditionally subtract kPrime if tmp[3] is large enough.
*/ */
high = tmp[3] >> 64; high = (u64)(tmp[3] >> 64);
/* As tmp[3] < 2^65, high is either 1 or 0 */ /* As tmp[3] < 2^65, high is either 1 or 0 */
high <<= 63; high = 0 - high;
high >>= 63;
/*- /*-
* high is: * high is:
* all ones if the high word of tmp[3] is 1 * all ones if the high word of tmp[3] is 1
* all zeros if the high word of tmp[3] if 0 */ * all zeros if the high word of tmp[3] if 0
low = tmp[3]; */
mask = low >> 63; low = (u64)tmp[3];
mask = 0 - (low >> 63);
/*- /*-
* mask is: * mask is:
* all ones if the MSB of low is 1 * all ones if the MSB of low is 1
* all zeros if the MSB of low if 0 */ * all zeros if the MSB of low if 0
*/
low &= bottom63bits; low &= bottom63bits;
low -= kPrime3Test; low -= kPrime3Test;
/* if low was greater than kPrime3Test then the MSB is zero */ /* if low was greater than kPrime3Test then the MSB is zero */
low = ~low; low = ~low;
low >>= 63; low = 0 - (low >> 63);
/*- /*-
* low is: * low is:
* all ones if low was > kPrime3Test * all ones if low was > kPrime3Test
* all zeros if low was <= kPrime3Test */ * all zeros if low was <= kPrime3Test
*/
mask = (mask & low) | high; mask = (mask & low) | high;
tmp[0] -= mask & kPrime[0]; tmp[0] -= mask & kPrime[0];
tmp[1] -= mask & kPrime[1]; tmp[1] -= mask & kPrime[1];
@ -889,7 +890,7 @@ static void felem_contract(smallfelem out, const felem in)
equal &= equal << 4; equal &= equal << 4;
equal &= equal << 2; equal &= equal << 2;
equal &= equal << 1; equal &= equal << 1;
equal = ((s64) equal) >> 63; equal = 0 - (equal >> 63);
all_equal_so_far &= equal; all_equal_so_far &= equal;
} }
@ -956,7 +957,7 @@ static limb smallfelem_is_zero(const smallfelem small)
is_zero &= is_zero << 4; is_zero &= is_zero << 4;
is_zero &= is_zero << 2; is_zero &= is_zero << 2;
is_zero &= is_zero << 1; is_zero &= is_zero << 1;
is_zero = ((s64) is_zero) >> 63; is_zero = 0 - (is_zero >> 63);
is_p = (small[0] ^ kPrime[0]) | is_p = (small[0] ^ kPrime[0]) |
(small[1] ^ kPrime[1]) | (small[1] ^ kPrime[1]) |
@ -968,7 +969,7 @@ static limb smallfelem_is_zero(const smallfelem small)
is_p &= is_p << 4; is_p &= is_p << 4;
is_p &= is_p << 2; is_p &= is_p << 2;
is_p &= is_p << 1; is_p &= is_p << 1;
is_p = ((s64) is_p) >> 63; is_p = 0 - (is_p >> 63);
is_zero |= is_p; is_zero |= is_p;
@ -1820,7 +1821,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void)
static NISTP256_PRE_COMP *nistp256_pre_comp_new() static NISTP256_PRE_COMP *nistp256_pre_comp_new()
{ {
NISTP256_PRE_COMP *ret = NULL; NISTP256_PRE_COMP *ret = NULL;
ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof *ret); ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof(*ret));
if (!ret) { if (!ret) {
ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
return ret; return ret;
@ -1867,7 +1868,7 @@ static void nistp256_pre_comp_clear_free(void *pre_)
if (i > 0) if (i > 0)
return; return;
OPENSSL_cleanse(pre, sizeof *pre); OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre); OPENSSL_free(pre);
} }

17
crypto/ec/ecp_nistp521.c
View File

@ -49,7 +49,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit
typedef uint8_t u8; typedef uint8_t u8;
typedef uint64_t u64; typedef uint64_t u64;
typedef int64_t s64;
/* /*
* The underlying field. P521 operates over GF(2^521-1). We can serialise an * The underlying field. P521 operates over GF(2^521-1). We can serialise an
@ -185,9 +184,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn)
unsigned num_bytes; unsigned num_bytes;
/* BN_bn2bin eats leading zeroes */ /* BN_bn2bin eats leading zeroes */
memset(b_out, 0, sizeof b_out); memset(b_out, 0, sizeof(b_out));
num_bytes = BN_num_bytes(bn); num_bytes = BN_num_bytes(bn);
if (num_bytes > sizeof b_out) { if (num_bytes > sizeof(b_out)) {
ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
return 0; return 0;
} }
@ -206,8 +205,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
{ {
felem_bytearray b_in, b_out; felem_bytearray b_in, b_out;
felem_to_bin66(b_in, in); felem_to_bin66(b_in, in);
flip_endian(b_out, b_in, sizeof b_out); flip_endian(b_out, b_in, sizeof(b_out));
return BN_bin2bn(b_out, sizeof b_out, out); return BN_bin2bn(b_out, sizeof(b_out), out);
} }
/*- /*-
@ -852,7 +851,7 @@ static limb felem_is_zero(const felem in)
* We know that ftmp[i] < 2^63, therefore the only way that the top bit * We know that ftmp[i] < 2^63, therefore the only way that the top bit
* can be set is if is_zero was 0 before the decrement. * can be set is if is_zero was 0 before the decrement.
*/ */
is_zero = ((s64) is_zero) >> 63; is_zero = 0 - (is_zero >> 63);
is_p = ftmp[0] ^ kPrime[0]; is_p = ftmp[0] ^ kPrime[0];
is_p |= ftmp[1] ^ kPrime[1]; is_p |= ftmp[1] ^ kPrime[1];
@ -865,7 +864,7 @@ static limb felem_is_zero(const felem in)
is_p |= ftmp[8] ^ kPrime[8]; is_p |= ftmp[8] ^ kPrime[8];
is_p--; is_p--;
is_p = ((s64) is_p) >> 63; is_p = 0 - (is_p >> 63);
is_zero |= is_p; is_zero |= is_p;
return is_zero; return is_zero;
@ -936,7 +935,7 @@ static void felem_contract(felem out, const felem in)
is_p &= is_p << 4; is_p &= is_p << 4;
is_p &= is_p << 2; is_p &= is_p << 2;
is_p &= is_p << 1; is_p &= is_p << 1;
is_p = ((s64) is_p) >> 63; is_p = 0 - (is_p >> 63);
is_p = ~is_p; is_p = ~is_p;
/* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */ /* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */
@ -962,7 +961,7 @@ static void felem_contract(felem out, const felem in)
is_greater |= is_greater << 4; is_greater |= is_greater << 4;
is_greater |= is_greater << 2; is_greater |= is_greater << 2;
is_greater |= is_greater << 1; is_greater |= is_greater << 1;
is_greater = ((s64) is_greater) >> 63; is_greater = 0 - (is_greater >> 63);
out[0] -= kPrime[0] & is_greater; out[0] -= kPrime[0] & is_greater;
out[1] -= kPrime[1] & is_greater; out[1] -= kPrime[1] & is_greater;

2
crypto/ec/ecp_nistz256.c
View File

@ -1504,7 +1504,7 @@ static void ecp_nistz256_pre_comp_clear_free(void *pre_)
32 * sizeof(unsigned char) * (1 << pre->w) * 2 * 37); 32 * sizeof(unsigned char) * (1 << pre->w) * 2 * 37);
OPENSSL_free(pre->precomp_storage); OPENSSL_free(pre->precomp_storage);
} }
OPENSSL_cleanse(pre, sizeof *pre); OPENSSL_cleanse(pre, sizeof(*pre));
OPENSSL_free(pre); OPENSSL_free(pre);
} }

2
crypto/ec/ecp_smpl.c
View File

@ -1270,7 +1270,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
if (tmp == NULL || tmp_Z == NULL) if (tmp == NULL || tmp_Z == NULL)
goto err; goto err;
prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0]));
if (prod_Z == NULL) if (prod_Z == NULL)
goto err; goto err;
for (i = 0; i < num; i++) { for (i = 0; i < num; i++) {

14
crypto/ec/ectest.c
View File

@ -469,7 +469,7 @@ static void prime_field_tests(void)
len = len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
sizeof buf, ctx); sizeof(buf), ctx);
if (len == 0) if (len == 0)
ABORT; ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx)) if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@ -482,7 +482,7 @@ static void prime_field_tests(void)
len = len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
sizeof buf, ctx); sizeof(buf), ctx);
if (len == 0) if (len == 0)
ABORT; ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx)) if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@ -494,7 +494,7 @@ static void prime_field_tests(void)
fprintf(stdout, "%02X", buf[i]); fprintf(stdout, "%02X", buf[i]);
len = len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
ctx); ctx);
if (len == 0) if (len == 0)
ABORT; ABORT;
@ -1206,7 +1206,7 @@ static void char2_field_tests(void)
# ifdef OPENSSL_EC_BIN_PT_COMP # ifdef OPENSSL_EC_BIN_PT_COMP
len = len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
sizeof buf, ctx); sizeof(buf), ctx);
if (len == 0) if (len == 0)
ABORT; ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx)) if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@ -1220,7 +1220,7 @@ static void char2_field_tests(void)
len = len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
sizeof buf, ctx); sizeof(buf), ctx);
if (len == 0) if (len == 0)
ABORT; ABORT;
if (!EC_POINT_oct2point(group, P, buf, len, ctx)) if (!EC_POINT_oct2point(group, P, buf, len, ctx))
@ -1234,7 +1234,7 @@ static void char2_field_tests(void)
/* Change test based on whether binary point compression is enabled or not. */ /* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP # ifdef OPENSSL_EC_BIN_PT_COMP
len = len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
ctx); ctx);
if (len == 0) if (len == 0)
ABORT; ABORT;
@ -1844,7 +1844,7 @@ int main(int argc, char *argv[])
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ERR_load_crypto_strings(); ERR_load_crypto_strings();
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */
prime_field_tests(); prime_field_tests();
puts(""); puts("");

2
crypto/ecdh/ecdhtest.c
View File

@ -490,7 +490,7 @@ int main(int argc, char *argv[])
CRYPTO_malloc_init(); CRYPTO_malloc_init();
# endif # endif
RAND_seed(rnd_seed, sizeof rnd_seed); RAND_seed(rnd_seed, sizeof(rnd_seed));
out = BIO_new(BIO_s_file()); out = BIO_new(BIO_s_file());
if (out == NULL) if (out == NULL)

12
crypto/engine/eng_cryptodev.c
View File

@ -1057,7 +1057,7 @@ static int crparam2bn(struct crparam *crp, BIGNUM *a)
return (-1); return (-1);
for (i = 0; i < bytes; i++) for (i = 0; i < bytes; i++)
pd[i] = crp->crp_p[bytes - i - 1]; pd[i] = ((char *)crp->crp_p)[bytes - i - 1];
BN_bin2bn(pd, bytes, a); BN_bin2bn(pd, bytes, a);
free(pd); free(pd);
@ -1133,7 +1133,7 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return (ret); return (ret);
} }
memset(&kop, 0, sizeof kop); memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_MOD_EXP; kop.crk_op = CRK_MOD_EXP;
/* inputs: a^p % m */ /* inputs: a^p % m */
@ -1184,7 +1184,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
return (0); return (0);
} }
memset(&kop, 0, sizeof kop); memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_MOD_EXP_CRT; kop.crk_op = CRK_MOD_EXP_CRT;
/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
if (bn2crparam(rsa->p, &kop.crk_param[0])) if (bn2crparam(rsa->p, &kop.crk_param[0]))
@ -1287,7 +1287,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
goto err; goto err;
} }
memset(&kop, 0, sizeof kop); memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DSA_SIGN; kop.crk_op = CRK_DSA_SIGN;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
@ -1330,7 +1330,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
struct crypt_kop kop; struct crypt_kop kop;
int dsaret = 1; int dsaret = 1;
memset(&kop, 0, sizeof kop); memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DSA_VERIFY; kop.crk_op = CRK_DSA_VERIFY;
/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
@ -1403,7 +1403,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
keylen = BN_num_bits(dh->p); keylen = BN_num_bits(dh->p);
memset(&kop, 0, sizeof kop); memset(&kop, 0, sizeof(kop));
kop.crk_op = CRK_DH_COMPUTE_KEY; kop.crk_op = CRK_DH_COMPUTE_KEY;
/* inputs: dh->priv_key pub_key dh->p key */ /* inputs: dh->priv_key pub_key dh->p key */

7
crypto/engine/eng_table.c
View File

@ -1,5 +1,5 @@
/* ==================================================================== /* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved. * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -159,6 +159,11 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
} }
fnd->funct = NULL; fnd->funct = NULL;
(void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd); (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) {
sk_ENGINE_free(fnd->sk);
OPENSSL_free(fnd);
goto end;
}
} }
/* A registration shouldn't add duplciate entries */ /* A registration shouldn't add duplciate entries */
(void)sk_ENGINE_delete_ptr(fnd->sk, e); (void)sk_ENGINE_delete_ptr(fnd->sk, e);

4
crypto/err/err.c
View File

@ -602,8 +602,8 @@ static void build_SYS_str_reasons(void)
char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
char *src = strerror(i); char *src = strerror(i);
if (src != NULL) { if (src != NULL) {
strncpy(*dest, src, sizeof *dest); strncpy(*dest, src, sizeof(*dest));
(*dest)[sizeof *dest - 1] = '\0'; (*dest)[sizeof(*dest) - 1] = '\0';
str->string = *dest; str->string = *dest;
} }
} }

2
crypto/err/err_prn.c
View File

@ -77,7 +77,7 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
CRYPTO_THREADID_current(&cur); CRYPTO_THREADID_current(&cur);
es = CRYPTO_THREADID_hash(&cur); es = CRYPTO_THREADID_hash(&cur);
while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
ERR_error_string_n(l, buf, sizeof buf); ERR_error_string_n(l, buf, sizeof(buf));
BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
file, line, (flags & ERR_TXT_STRING) ? data : ""); file, line, (flags & ERR_TXT_STRING) ? data : "");
if (cb(buf2, strlen(buf2), u) <= 0) if (cb(buf2, strlen(buf2), u) <= 0)

8
crypto/evp/bio_b64.c
View File

@ -330,6 +330,14 @@ static int b64_read(BIO *b, char *out, int outl)
(unsigned char *)ctx->tmp, i); (unsigned char *)ctx->tmp, i);
ctx->tmp_len = 0; ctx->tmp_len = 0;
} }
/*
* If eof or an error was signalled, then the condition
* 'ctx->cont <= 0' will prevent b64_read() from reading
* more data on subsequent calls. This assignment was
* deleted accidentally in commit 5562cfaca4f3.
*/
ctx->cont = i;
ctx->buf_off = 0; ctx->buf_off = 0;
if (i < 0) { if (i < 0) {
ret_code = 0; ret_code = 0;

8
crypto/evp/digest.c
View File

@ -124,12 +124,12 @@
void EVP_MD_CTX_init(EVP_MD_CTX *ctx) void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{ {
memset(ctx, '\0', sizeof *ctx); memset(ctx, '\0', sizeof(*ctx));
} }
EVP_MD_CTX *EVP_MD_CTX_create(void) EVP_MD_CTX *EVP_MD_CTX_create(void)
{ {
EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
if (ctx) if (ctx)
EVP_MD_CTX_init(ctx); EVP_MD_CTX_init(ctx);
@ -316,7 +316,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
} else } else
tmp_buf = NULL; tmp_buf = NULL;
EVP_MD_CTX_cleanup(out); EVP_MD_CTX_cleanup(out);
memcpy(out, in, sizeof *out); memcpy(out, in, sizeof(*out));
if (in->md_data && out->digest->ctx_size) { if (in->md_data && out->digest->ctx_size) {
if (tmp_buf) if (tmp_buf)
@ -402,7 +402,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
FIPS_md_ctx_cleanup(ctx); FIPS_md_ctx_cleanup(ctx);
#endif #endif
memset(ctx, '\0', sizeof *ctx); memset(ctx, '\0', sizeof(*ctx));
return 1; return 1;
} }

4
crypto/evp/e_aes.c
View File

@ -1,5 +1,5 @@
/* ==================================================================== /* ====================================================================
* Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -1089,6 +1089,8 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
ctx->iv, &ctx->num, ctx->encrypt, dat->block); ctx->iv, &ctx->num, ctx->encrypt, dat->block);
len -= MAXBITCHUNK; len -= MAXBITCHUNK;
out += MAXBITCHUNK;
in += MAXBITCHUNK;
} }
if (len) if (len)
CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,

4
crypto/evp/e_camellia.c
View File

@ -1,6 +1,6 @@
/* crypto/evp/e_camellia.c */ /* crypto/evp/e_camellia.c */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved. * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -356,6 +356,8 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
ctx->iv, &ctx->num, ctx->encrypt, dat->block); ctx->iv, &ctx->num, ctx->encrypt, dat->block);
len -= MAXBITCHUNK; len -= MAXBITCHUNK;
out += MAXBITCHUNK;
in += MAXBITCHUNK;
} }
if (len) if (len)
CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,

10
crypto/evp/evp_enc.c
View File

@ -85,7 +85,7 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
{ {
EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
if (ctx) if (ctx)
EVP_CIPHER_CTX_init(ctx); EVP_CIPHER_CTX_init(ctx);
return ctx; return ctx;
@ -402,7 +402,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
} }
b = ctx->cipher->block_size; b = ctx->cipher->block_size;
OPENSSL_assert(b <= sizeof ctx->buf); OPENSSL_assert(b <= sizeof(ctx->buf));
if (b == 1) { if (b == 1) {
*outl = 0; *outl = 0;
return 1; return 1;
@ -454,7 +454,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
return EVP_EncryptUpdate(ctx, out, outl, in, inl); return EVP_EncryptUpdate(ctx, out, outl, in, inl);
b = ctx->cipher->block_size; b = ctx->cipher->block_size;
OPENSSL_assert(b <= sizeof ctx->final); OPENSSL_assert(b <= sizeof(ctx->final));
if (ctx->final_used) { if (ctx->final_used) {
memcpy(out, ctx->final, b); memcpy(out, ctx->final, b);
@ -520,7 +520,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
return (0); return (0);
} }
OPENSSL_assert(b <= sizeof ctx->final); OPENSSL_assert(b <= sizeof(ctx->final));
/* /*
* The following assumes that the ciphertext has been authenticated. * The following assumes that the ciphertext has been authenticated.
@ -651,7 +651,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
#endif #endif
EVP_CIPHER_CTX_cleanup(out); EVP_CIPHER_CTX_cleanup(out);
memcpy(out, in, sizeof *out); memcpy(out, in, sizeof(*out));
if (in->cipher_data && in->cipher->ctx_size) { if (in->cipher_data && in->cipher->ctx_size) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);

4
crypto/evp/evp_locl.h
View File

@ -4,7 +4,7 @@
* 2000. * 2000.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -116,7 +116,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (inl<chunk) chunk=inl;\ if (inl<chunk) chunk=inl;\
while(inl && inl>=chunk)\ while(inl && inl>=chunk)\
{\ {\
cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
inl-=chunk;\ inl-=chunk;\
in +=chunk;\ in +=chunk;\
out+=chunk;\ out+=chunk;\

4
crypto/evp/evp_pbe.c
View File

@ -161,9 +161,9 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
char obj_tmp[80]; char obj_tmp[80];
EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);
if (!pbe_obj) if (!pbe_obj)
BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); BUF_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
else else
i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj);
ERR_add_error_data(2, "TYPE=", obj_tmp); ERR_add_error_data(2, "TYPE=", obj_tmp);
return 0; return 0;
} }

2
crypto/evp/evp_test.c
View File

@ -506,7 +506,7 @@ int main(int argc, char **argv)
int an = 0; int an = 0;
int tn = 0; int tn = 0;
if (!fgets((char *)line, sizeof line, f)) if (!fgets((char *)line, sizeof(line), f))
break; break;
if (line[0] == '#' || line[0] == '\n') if (line[0] == '#' || line[0] == '\n')
continue; continue;

6
crypto/evp/openbsd_hw.c
View File

@ -111,7 +111,7 @@ static int dev_crypto_init(session_op *ses)
close(cryptodev_fd); close(cryptodev_fd);
} }
assert(ses); assert(ses);
memset(ses, '\0', sizeof *ses); memset(ses, '\0', sizeof(*ses));
return 1; return 1;
} }
@ -164,7 +164,7 @@ static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
assert(CDATA(ctx)); assert(CDATA(ctx));
assert(!dev_failed); assert(!dev_failed);
memset(&cryp, '\0', sizeof cryp); memset(&cryp, '\0', sizeof(cryp));
cryp.ses = CDATA(ctx)->ses; cryp.ses = CDATA(ctx)->ses;
cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
cryp.flags = 0; cryp.flags = 0;
@ -329,7 +329,7 @@ static int do_digest(int ses, unsigned char *md, const void *data, int len)
return 1; return 1;
} }
memset(&cryp, '\0', sizeof cryp); memset(&cryp, '\0', sizeof(cryp));
cryp.ses = ses; cryp.ses = ses;
cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check
* it */ * it */

2
crypto/evp/p5_crpt2.c
View File

@ -262,7 +262,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
goto err; goto err;
} }
keylen = EVP_CIPHER_CTX_key_length(ctx); keylen = EVP_CIPHER_CTX_key_length(ctx);
OPENSSL_assert(keylen <= sizeof key); OPENSSL_assert(keylen <= sizeof(key));
/* Decode parameter */ /* Decode parameter */

2
crypto/hmac/hmac.c
View File

@ -234,7 +234,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx)
EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->i_ctx);
EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx);
EVP_MD_CTX_cleanup(&ctx->md_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx);
OPENSSL_cleanse(ctx, sizeof *ctx); OPENSSL_cleanse(ctx, sizeof(*ctx));
} }
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,

12
crypto/jpake/jpake.c
View File

@ -108,14 +108,14 @@ static void JPAKE_CTX_release(JPAKE_CTX *ctx)
OPENSSL_free(ctx->p.peer_name); OPENSSL_free(ctx->p.peer_name);
OPENSSL_free(ctx->p.name); OPENSSL_free(ctx->p.name);
memset(ctx, '\0', sizeof *ctx); memset(ctx, '\0', sizeof(*ctx));
} }
JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
const BIGNUM *secret) const BIGNUM *secret)
{ {
JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx); JPAKE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
if (ctx == NULL) if (ctx == NULL)
return NULL; return NULL;
@ -460,7 +460,7 @@ void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a)
int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx) int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx)
{ {
quickhashbn(send->hhk, ctx->key); quickhashbn(send->hhk, ctx->key);
SHA1(send->hhk, sizeof send->hhk, send->hhk); SHA1(send->hhk, sizeof(send->hhk), send->hhk);
return 1; return 1;
} }
@ -470,8 +470,8 @@ int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received)
unsigned char hhk[SHA_DIGEST_LENGTH]; unsigned char hhk[SHA_DIGEST_LENGTH];
quickhashbn(hhk, ctx->key); quickhashbn(hhk, ctx->key);
SHA1(hhk, sizeof hhk, hhk); SHA1(hhk, sizeof(hhk), hhk);
if (memcmp(hhk, received->hhk, sizeof hhk)) { if (memcmp(hhk, received->hhk, sizeof(hhk))) {
JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS,
JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH); JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
return 0; return 0;
@ -499,7 +499,7 @@ int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received)
unsigned char hk[SHA_DIGEST_LENGTH]; unsigned char hk[SHA_DIGEST_LENGTH];
quickhashbn(hk, ctx->key); quickhashbn(hk, ctx->key);
if (memcmp(hk, received->hk, sizeof hk)) { if (memcmp(hk, received->hk, sizeof(hk))) {
JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH); JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH);
return 0; return 0;
} }

6
crypto/md2/md2_dgst.c
View File

@ -122,9 +122,9 @@ const char *MD2_options(void)
fips_md_init(MD2) fips_md_init(MD2)
{ {
c->num = 0; c->num = 0;
memset(c->state, 0, sizeof c->state); memset(c->state, 0, sizeof(c->state));
memset(c->cksm, 0, sizeof c->cksm); memset(c->cksm, 0, sizeof(c->cksm));
memset(c->data, 0, sizeof c->data); memset(c->data, 0, sizeof(c->data));
return 1; return 1;
} }

2
crypto/md4/md4.c
View File

@ -102,7 +102,7 @@ void do_fp(FILE *f)
fd = fileno(f); fd = fileno(f);
MD4_Init(&c); MD4_Init(&c);
for (;;) { for (;;) {
i = read(fd, buf, sizeof buf); i = read(fd, buf, sizeof(buf));
if (i <= 0) if (i <= 0)
break; break;
MD4_Update(&c, buf, (unsigned long)i); MD4_Update(&c, buf, (unsigned long)i);

18
crypto/mem_dbg.c
View File

@ -56,7 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -633,16 +633,22 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
APP_INFO *amip; APP_INFO *amip;
int ami_cnt; int ami_cnt;
struct tm *lcl = NULL; struct tm *lcl = NULL;
struct tm result = {0};
CRYPTO_THREADID ti; CRYPTO_THREADID ti;
#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) #define BUF_REMAIN (sizeof(buf) - (size_t)(bufp - buf))
if (m->addr == (char *)l->bio) if (m->addr == (char *)l->bio)
return; return;
if (options & V_CRYPTO_MDEBUG_TIME) { if (options & V_CRYPTO_MDEBUG_TIME) {
# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \
!defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \
(!defined(OPENSSL_SYS_VMS) || defined(localtime_r))
lcl = localtime_r(&m->time, &result);
# else
lcl = localtime(&m->time); lcl = localtime(&m->time);
# endif
BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
lcl->tm_hour, lcl->tm_min, lcl->tm_sec); lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
bufp += strlen(bufp); bufp += strlen(bufp);
@ -679,7 +685,7 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
ami_cnt++; ami_cnt++;
memset(buf, '>', ami_cnt); memset(buf, '>', ami_cnt);
BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
" thread=%lu, file=%s, line=%d, info=\"", " thread=%lu, file=%s, line=%d, info=\"",
CRYPTO_THREADID_hash(&amip->threadid), amip->file, CRYPTO_THREADID_hash(&amip->threadid), amip->file,
amip->line); amip->line);
@ -689,10 +695,10 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
buf_len = 128 - 3; buf_len = 128 - 3;
} else { } else {
BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); BUF_strlcpy(buf + buf_len, amip->info, sizeof(buf) - buf_len);
buf_len = strlen(buf); buf_len = strlen(buf);
} }
BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
BIO_puts(l->bio, buf); BIO_puts(l->bio, buf);

5
crypto/o_init.c
View File

@ -58,6 +58,11 @@
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
# include <openssl/fips.h> # include <openssl/fips.h>
# include <openssl/rand.h> # include <openssl/rand.h>
# ifndef OPENSSL_NO_DEPRECATED
/* the prototype is missing in <openssl/fips.h> */
void FIPS_crypto_set_id_callback(unsigned long (*func)(void));
# endif
#endif #endif
/* /*

8
crypto/o_time.c
View File

@ -8,7 +8,7 @@
* 2008. * 2008.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved. * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -105,7 +105,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
{ {
struct tm *ts = NULL; struct tm *ts = NULL;
#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) #if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_SUNOS)
if (gmtime_r(timer, result) == NULL) if (gmtime_r(timer, result) == NULL)
return NULL; return NULL;
ts = result; ts = result;
@ -141,14 +141,14 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
pitem->ileb_64$w_mbo = 1; pitem->ileb_64$w_mbo = 1;
pitem->ileb_64$w_code = LNM$_STRING; pitem->ileb_64$w_code = LNM$_STRING;
pitem->ileb_64$l_mbmo = -1; pitem->ileb_64$l_mbmo = -1;
pitem->ileb_64$q_length = sizeof (logvalue); pitem->ileb_64$q_length = sizeof(logvalue);
pitem->ileb_64$pq_bufaddr = logvalue; pitem->ileb_64$pq_bufaddr = logvalue;
pitem->ileb_64$pq_retlen_addr = (unsigned __int64 *) &reslen; pitem->ileb_64$pq_retlen_addr = (unsigned __int64 *) &reslen;
pitem++; pitem++;
/* Last item of the item list is null terminated */ /* Last item of the item list is null terminated */
pitem->ileb_64$q_length = pitem->ileb_64$w_code = 0; pitem->ileb_64$q_length = pitem->ileb_64$w_code = 0;
# else # else
pitem->ile3$w_length = sizeof (logvalue); pitem->ile3$w_length = sizeof(logvalue);
pitem->ile3$w_code = LNM$_STRING; pitem->ile3$w_code = LNM$_STRING;
pitem->ile3$ps_bufaddr = logvalue; pitem->ile3$ps_bufaddr = logvalue;
pitem->ile3$ps_retlen_addr = (unsigned short int *) &reslen; pitem->ile3$ps_retlen_addr = (unsigned short int *) &reslen;

4
crypto/objects/o_names.c
View File

@ -312,13 +312,13 @@ void OBJ_NAME_do_all_sorted(int type,
d.type = type; d.type = type;
d.names = d.names =
OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof(*d.names));
/* Really should return an error if !d.names...but its a void function! */ /* Really should return an error if !d.names...but its a void function! */
if (d.names) { if (d.names) {
d.n = 0; d.n = 0;
OBJ_NAME_do_all(type, do_all_sorted_fn, &d); OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp);
for (n = 0; n < d.n; ++n) for (n = 0; n < d.n; ++n)
fn(d.names[n], arg); fn(d.names[n], arg);

28
crypto/objects/obj_dat.c
View File

@ -305,9 +305,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
for (i = ADDED_DATA; i <= ADDED_NID; i++) for (i = ADDED_DATA; i <= ADDED_NID; i++)
if (ao[i] != NULL) if (ao[i] != NULL)
OPENSSL_free(ao[i]); OPENSSL_free(ao[i]);
if (o != NULL) ASN1_OBJECT_free(o);
OPENSSL_free(o); return NID_undef;
return (NID_undef);
} }
ASN1_OBJECT *OBJ_nid2obj(int n) ASN1_OBJECT *OBJ_nid2obj(int n)
@ -591,7 +590,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
n += i; n += i;
OPENSSL_free(bndec); OPENSSL_free(bndec);
} else { } else {
BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l); BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l);
i = strlen(tbuf); i = strlen(tbuf);
if (buf && (buf_len > 0)) { if (buf && (buf_len > 0)) {
BUF_strlcpy(buf, tbuf, buf_len); BUF_strlcpy(buf, tbuf, buf_len);
@ -725,6 +724,10 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
return (p); return (p);
} }
/*
* Parse a BIO sink to create some extra oid's objects.
* Line format:<OID:isdigit or '.']><isspace><SN><isspace><LN>
*/
int OBJ_create_objects(BIO *in) int OBJ_create_objects(BIO *in)
{ {
MS_STATIC char buf[512]; MS_STATIC char buf[512];
@ -746,9 +749,9 @@ int OBJ_create_objects(BIO *in)
*(s++) = '\0'; *(s++) = '\0';
while (isspace((unsigned char)*s)) while (isspace((unsigned char)*s))
s++; s++;
if (*s == '\0') if (*s == '\0') {
s = NULL; s = NULL;
else { } else {
l = s; l = s;
while ((*l != '\0') && !isspace((unsigned char)*l)) while ((*l != '\0') && !isspace((unsigned char)*l))
l++; l++;
@ -756,15 +759,18 @@ int OBJ_create_objects(BIO *in)
*(l++) = '\0'; *(l++) = '\0';
while (isspace((unsigned char)*l)) while (isspace((unsigned char)*l))
l++; l++;
if (*l == '\0') if (*l == '\0') {
l = NULL; l = NULL;
} else }
} else {
l = NULL; l = NULL;
}
} }
} else } else {
s = NULL; s = NULL;
if ((o == NULL) || (*o == '\0')) }
return (num); if (*o == '\0')
return num;
if (!OBJ_create(o, s, l)) if (!OBJ_create(o, s, l))
return (num); return (num);
num++; num++;

6
crypto/opensslv.h
View File

@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta) * major minor fix final patch/beta)
*/ */
# define OPENSSL_VERSION_NUMBER 0x100020efL # define OPENSSL_VERSION_NUMBER 0x100020ffL
# ifdef OPENSSL_FIPS # ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-fips 7 Dec 2017" # define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018"
# else # else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n 7 Dec 2017" # define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o 27 Mar 2018"
# endif # endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

Some files were not shown because too many files have changed in this diff Show More