Merge OpenSSL 1.0.2m.

This commit is contained in:
Jung-uk Kim 2017-11-02 18:04:29 +00:00
commit 47902a71f3
510 changed files with 3031 additions and 747 deletions

View File

@ -2,6 +2,44 @@
OpenSSL CHANGES OpenSSL CHANGES
_______________ _______________
This is a high-level summary of the most important changes.
For a full list of changes, see the git commit log; for example,
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.0.2l and 1.0.2m [2 Nov 2017]
*) bn_sqrx8x_internal carry bug on x86_64
There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients.
This only affects processors that support the BMI1, BMI2 and ADX extensions
like Intel Broadwell (5th generation) and later or AMD Ryzen.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3736)
[Andy Polyakov]
*) Malformed X.509 IPAddressFamily could cause OOB read
If an X.509 certificate has a malformed IPAddressFamily extension,
OpenSSL could do a one-byte buffer overread. The most likely result
would be an erroneous display of the certificate in text format.
This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3735)
[Rich Salz]
Changes between 1.0.2k and 1.0.2l [25 May 2017] Changes between 1.0.2k and 1.0.2l [25 May 2017]
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target

View File

@ -190,10 +190,8 @@
the failure that isn't a problem in OpenSSL itself (like a missing the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself, or malfunctioning bc). If it is a problem with OpenSSL itself,
try removing any compiler optimization flags from the CFLAG line try removing any compiler optimization flags from the CFLAG line
in Makefile.ssl and run "make clean; make". Please send a bug in Makefile.ssl and run "make clean; make". To report a bug please open an
report to <openssl-bugs@openssl.org>, including the output of issue on GitHub, at https://github.com/openssl/openssl/issues.
"make report" in order to be added to the request tracker at
http://www.openssl.org/support/rt.html.
4. If everything tests ok, install OpenSSL with 4. If everything tests ok, install OpenSSL with

View File

@ -4,7 +4,7 @@
## Makefile for OpenSSL ## Makefile for OpenSSL
## ##
VERSION=1.0.2l VERSION=1.0.2m
MAJOR=1 MAJOR=1
MINOR=0.2 MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0 SHLIB_VERSION_NUMBER=1.0.0

View File

@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
o config now recognises 64-bit mingw and chooses mingw64 instead of mingw o config now recognises 64-bit mingw and chooses mingw64 instead of mingw

View File

@ -1,5 +1,5 @@
OpenSSL 1.0.2l 25 May 2017 OpenSSL 1.0.2m 2 Nov 2017
Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

View File

@ -1985,10 +1985,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* Lets add the extensions, if there are any */ /* Lets add the extensions, if there are any */
if (ext_sect) { if (ext_sect) {
X509V3_CTX ctx; X509V3_CTX ctx;
if (ci->version == NULL)
if ((ci->version = ASN1_INTEGER_new()) == NULL)
goto err;
ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
/* /*
* Free the current entries if any, there should not be any I believe * Free the current entries if any, there should not be any I believe
@ -2051,6 +2047,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err; goto err;
} }
{
STACK_OF(X509_EXTENSION) *exts = ci->extensions;
if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
/* Make it an X509 v3 certificate. */
if (!X509_set_version(ret, 2))
goto err;
}
/* Set the right value for the noemailDN option */ /* Set the right value for the noemailDN option */
if (email_dn == 0) { if (email_dn == 0) {
if (!X509_set_subject_name(ret, dn_subject)) if (!X509_set_subject_name(ret, dn_subject))

View File

@ -1667,6 +1667,8 @@ int MAIN(int argc, char **argv)
if (strstr(mbuf, "/stream:features>")) if (strstr(mbuf, "/stream:features>"))
goto shut; goto shut;
seen = BIO_read(sbio, mbuf, BUFSIZZ); seen = BIO_read(sbio, mbuf, BUFSIZZ);
if (seen <= 0)
goto shut;
mbuf[seen] = 0; mbuf[seen] = 0;
} }
BIO_printf(sbio, BIO_printf(sbio,

View File

@ -3017,7 +3017,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
PEM_write_bio_X509(io, peer); PEM_write_bio_X509(io, peer);
} else } else
BIO_puts(io, "no client certificate available\n"); BIO_puts(io, "no client certificate available\n");
BIO_puts(io, "</BODY></HTML>\r\n\r\n"); BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break; break;
} else if ((www == 2 || www == 3) } else if ((www == 2 || www == 3)
&& (strncmp("GET /", buf, 5) == 0)) { && (strncmp("GET /", buf, 5) == 0)) {

View File

@ -307,7 +307,8 @@ static SIGRETTYPE sig_done(int sig)
# if !defined(SIGALRM) # if !defined(SIGALRM)
# define SIGALRM # define SIGALRM
# endif # endif
static unsigned int lapse, schlock; static volatile unsigned int lapse;
static volatile unsigned int schlock;
static void alarm_win32(unsigned int secs) static void alarm_win32(unsigned int secs)
{ {
lapse = secs * 1000; lapse = secs * 1000;
@ -725,6 +726,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "no EVP given\n"); BIO_printf(bio_err, "no EVP given\n");
goto end; goto end;
} }
evp_md = NULL;
evp_cipher = EVP_get_cipherbyname(*argv); evp_cipher = EVP_get_cipherbyname(*argv);
if (!evp_cipher) { if (!evp_cipher) {
evp_md = EVP_get_digestbyname(*argv); evp_md = EVP_get_digestbyname(*argv);

View File

@ -5,7 +5,7 @@
* 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -185,20 +185,23 @@ int MAIN(int argc, char **argv)
} }
e = setup_engine(bio_err, engine, 0); e = setup_engine(bio_err, engine, 0);
if (keyfile) { if (keyfile != NULL) {
pkey = load_key(bio_err, pkey = load_key(bio_err,
strcmp(keyfile, "-") ? keyfile : NULL, strcmp(keyfile, "-") ? keyfile : NULL,
FORMAT_PEM, 1, passin, e, "private key"); FORMAT_PEM, 1, passin, e, "private key");
if (!pkey) { if (pkey == NULL)
goto end; goto end;
}
spki = NETSCAPE_SPKI_new(); spki = NETSCAPE_SPKI_new();
if (challenge) if (spki == NULL)
goto end;
if (challenge != NULL)
ASN1_STRING_set(spki->spkac->challenge, ASN1_STRING_set(spki->spkac->challenge,
challenge, (int)strlen(challenge)); challenge, (int)strlen(challenge));
NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_set_pubkey(spki, pkey);
NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
spkstr = NETSCAPE_SPKI_b64_encode(spki); spkstr = NETSCAPE_SPKI_b64_encode(spki);
if (spkstr == NULL)
goto end;
if (outfile) if (outfile)
out = BIO_new_file(outfile, "w"); out = BIO_new_file(outfile, "w");
@ -253,7 +256,7 @@ int MAIN(int argc, char **argv)
spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
if (!spki) { if (spki == NULL) {
BIO_printf(bio_err, "Error loading SPKAC\n"); BIO_printf(bio_err, "Error loading SPKAC\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@ -282,9 +285,9 @@ int MAIN(int argc, char **argv)
pkey = NETSCAPE_SPKI_get_pubkey(spki); pkey = NETSCAPE_SPKI_get_pubkey(spki);
if (verify) { if (verify) {
i = NETSCAPE_SPKI_verify(spki, pkey); i = NETSCAPE_SPKI_verify(spki, pkey);
if (i > 0) if (i > 0) {
BIO_printf(bio_err, "Signature OK\n"); BIO_printf(bio_err, "Signature OK\n");
else { } else {
BIO_printf(bio_err, "Signature Failure\n"); BIO_printf(bio_err, "Signature Failure\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;

View File

@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type)
int i; int i;
if (id == NULL) if (id == NULL)
return -1; return -1;
if (type == DB_SRP_INDEX) if (type == DB_SRP_INDEX) {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i); pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (pp[DB_srptype][0] == DB_SRP_INDEX if (pp[DB_srptype][0] == DB_SRP_INDEX
&& !strcmp(id, pp[DB_srpid])) && !strcmp(id, pp[DB_srpid]))
return i; return i;
} else }
} else {
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
pp = sk_OPENSSL_PSTRING_value(db->db->data, i); pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type)
&& !strcmp(id, pp[DB_srpid])) && !strcmp(id, pp[DB_srpid]))
return i; return i;
} }
}
return -1; return -1;
} }
@ -177,8 +179,8 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
char **irow; char **irow;
int i; int i;
if ((irow = irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1));
(char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { if (irow == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n"); BIO_printf(bio_err, "Memory allocation failure\n");
return 0; return 0;
} }
@ -205,30 +207,32 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
char *srp_usersalt, const char *g, const char *N, char *srp_usersalt, const char *g, const char *N,
const char *passin, BIO *bio, int verbose) const char *passin, BIO *bio, int verbose)
{ {
char password[1024]; char password[1025];
PW_CB_DATA cb_tmp; PW_CB_DATA cb_tmp;
char *verifier = NULL; char *verifier = NULL;
char *gNid = NULL; char *gNid = NULL;
int len;
cb_tmp.prompt_info = user; cb_tmp.prompt_info = user;
cb_tmp.password = passin; cb_tmp.password = passin;
if (password_callback(password, 1024, 0, &cb_tmp) > 0) { len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
if (len > 0) {
password[len] = 0;
VERBOSE BIO_printf(bio, VERBOSE BIO_printf(bio,
"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, srp_verifier, srp_usersalt, g, N); user, srp_verifier, srp_usersalt, g, N);
BIO_printf(bio, "Pass %s\n", password); VVERBOSE BIO_printf(bio, "Pass %s\n", password);
if (! if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
(gNid = &verifier, N, g))) {
SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
g))) {
BIO_printf(bio, "Internal error validating SRP verifier\n"); BIO_printf(bio, "Internal error validating SRP verifier\n");
} else { } else {
if (strcmp(verifier, srp_verifier)) if (strcmp(verifier, srp_verifier))
gNid = NULL; gNid = NULL;
OPENSSL_free(verifier); OPENSSL_free(verifier);
} }
OPENSSL_cleanse(password, len);
} }
return gNid; return gNid;
} }
@ -237,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_verifier,
char **srp_usersalt, char *g, char *N, char **srp_usersalt, char *g, char *N,
char *passout, BIO *bio, int verbose) char *passout, BIO *bio, int verbose)
{ {
char password[1024]; char password[1025];
PW_CB_DATA cb_tmp; PW_CB_DATA cb_tmp;
char *gNid = NULL; char *gNid = NULL;
char *salt = NULL; char *salt = NULL;
int len;
cb_tmp.prompt_info = user; cb_tmp.prompt_info = user;
cb_tmp.password = passout; cb_tmp.password = passout;
if (password_callback(password, 1024, 1, &cb_tmp) > 0) { len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
if (len > 0) {
password[len] = 0;
VERBOSE BIO_printf(bio, VERBOSE BIO_printf(bio,
"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
user, g, N); user, g, N);
if (! if (!(gNid = SRP_create_verifier(user, password, &salt,
(gNid = srp_verifier, N, g))) {
SRP_create_verifier(user, password, &salt, srp_verifier, N,
g))) {
BIO_printf(bio, "Internal error creating SRP verifier\n"); BIO_printf(bio, "Internal error creating SRP verifier\n");
} else } else {
*srp_usersalt = salt; *srp_usersalt = salt;
}
OPENSSL_cleanse(password, len);
VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
gNid, salt, *srp_verifier); gNid, salt, *srp_verifier);
@ -314,9 +321,9 @@ int MAIN(int argc, char **argv)
argc--; argc--;
argv++; argv++;
while (argc >= 1 && badops == 0) { while (argc >= 1 && badops == 0) {
if (strcmp(*argv, "-verbose") == 0) if (strcmp(*argv, "-verbose") == 0) {
verbose++; verbose++;
else if (strcmp(*argv, "-config") == 0) { } else if (strcmp(*argv, "-config") == 0) {
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
configfile = *(++argv); configfile = *(++argv);
@ -328,15 +335,15 @@ int MAIN(int argc, char **argv)
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
dbfile = *(++argv); dbfile = *(++argv);
} else if (strcmp(*argv, "-add") == 0) } else if (strcmp(*argv, "-add") == 0) {
add_user = 1; add_user = 1;
else if (strcmp(*argv, "-delete") == 0) } else if (strcmp(*argv, "-delete") == 0) {
delete_user = 1; delete_user = 1;
else if (strcmp(*argv, "-modify") == 0) } else if (strcmp(*argv, "-modify") == 0) {
modify_user = 1; modify_user = 1;
else if (strcmp(*argv, "-list") == 0) } else if (strcmp(*argv, "-list") == 0) {
list_user = 1; list_user = 1;
else if (strcmp(*argv, "-gn") == 0) { } else if (strcmp(*argv, "-gn") == 0) {
if (--argc < 1) if (--argc < 1)
goto bad; goto bad;
gN = *(++argv); gN = *(++argv);
@ -366,8 +373,9 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "unknown option %s\n", *argv); BIO_printf(bio_err, "unknown option %s\n", *argv);
badops = 1; badops = 1;
break; break;
} else } else {
break; break;
}
argc--; argc--;
argv++; argv++;
@ -388,7 +396,7 @@ int MAIN(int argc, char **argv)
"Need at least one user for options -add, -delete, -modify. \n"); "Need at least one user for options -add, -delete, -modify. \n");
badops = 1; badops = 1;
} }
if ((passin || passout) && argc != 1) { if ((passargin || passargout) && argc != 1) {
BIO_printf(bio_err, BIO_printf(bio_err,
"-passin, -passout arguments only valid with one user.\n"); "-passin, -passout arguments only valid with one user.\n");
badops = 1; badops = 1;
@ -706,9 +714,9 @@ int MAIN(int argc, char **argv)
doupdatedb = 1; doupdatedb = 1;
} }
} }
if (--argc > 0) if (--argc > 0) {
user = *(argv++); user = *(argv++);
else { } else {
user = NULL; user = NULL;
list_user = 0; list_user = 0;
} }

View File

@ -193,4 +193,3 @@ REQUEST: foreach (@ARGV) {
STDERR->printflush(", $output written.\n") if $options{v}; STDERR->printflush(", $output written.\n") if $options{v};
} }
$curl->cleanup(); $curl->cleanup();
WWW::Curl::Easy::global_cleanup();

View File

@ -680,7 +680,7 @@ tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c tasn_fre.o: ../../include/openssl/symhacks.h asn1_int.h tasn_fre.c
tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@ -688,7 +688,7 @@ tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c tasn_new.o: ../../include/openssl/symhacks.h asn1_int.h tasn_new.c
tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h
tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h

View File

@ -56,6 +56,7 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
#include <limits.h>
#include <stdio.h> #include <stdio.h>
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>
@ -136,6 +137,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
goto err; goto err;
} }
if (len > INT_MAX) {
i = ASN1_R_STRING_TOO_LONG;
goto err;
}
if ((a == NULL) || ((*a) == NULL)) { if ((a == NULL) || ((*a) == NULL)) {
if ((ret = M_ASN1_BIT_STRING_new()) == NULL) if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
return (NULL); return (NULL);

View File

@ -0,0 +1,63 @@
/* asn1t.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* Internal ASN1 template structures and functions: not for application use */
void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);

View File

@ -61,9 +61,7 @@
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include "asn1_int.h"
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine);
/* Free up an ASN1 structure */ /* Free up an ASN1 structure */
@ -77,8 +75,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
asn1_item_combine_free(pval, it, 0); asn1_item_combine_free(pval, it, 0);
} }
static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
int combine)
{ {
const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_TEMPLATE *tt = NULL, *seqtt;
const ASN1_EXTERN_FUNCS *ef; const ASN1_EXTERN_FUNCS *ef;

View File

@ -63,6 +63,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <string.h> #include <string.h>
#include "asn1_int.h"
static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine); int combine);
@ -199,7 +200,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 1; return 1;
memerr2: memerr2:
ASN1_item_ex_free(pval, it); asn1_item_combine_free(pval, it, combine);
memerr: memerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG
@ -209,7 +210,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
return 0; return 0;
auxerr2: auxerr2:
ASN1_item_ex_free(pval, it); asn1_item_combine_free(pval, it, combine);
auxerr: auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG

View File

@ -523,19 +523,11 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
int X509_NAME_set(X509_NAME **xn, X509_NAME *name) int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
{ {
X509_NAME *in; if ((name = X509_NAME_dup(name)) == NULL)
return 0;
if (!xn || !name) X509_NAME_free(*xn);
return (0); *xn = name;
return 1;
if (*xn != name) {
in = X509_NAME_dup(name);
if (in != NULL) {
X509_NAME_free(*xn);
*xn = in;
}
}
return (*xn != NULL);
} }
IMPLEMENT_STACK_OF(X509_NAME_ENTRY) IMPLEMENT_STACK_OF(X509_NAME_ENTRY)

View File

@ -106,10 +106,14 @@ X509_PKEY *X509_PKEY_new(void)
X509_PKEY *ret = NULL; X509_PKEY *ret = NULL;
ASN1_CTX c; ASN1_CTX c;
M_ASN1_New_Malloc(ret, X509_PKEY); ret = OPENSSL_malloc(sizeof(X509_PKEY));
if (ret == NULL) {
c.line = __LINE__;
goto err;
}
ret->version = 0; ret->version = 0;
M_ASN1_New(ret->enc_algor, X509_ALGOR_new); ret->enc_algor = X509_ALGOR_new();
M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new); ret->enc_pkey = M_ASN1_OCTET_STRING_new();
ret->dec_pkey = NULL; ret->dec_pkey = NULL;
ret->key_length = 0; ret->key_length = 0;
ret->key_data = NULL; ret->key_data = NULL;
@ -117,8 +121,15 @@ X509_PKEY *X509_PKEY_new(void)
ret->cipher.cipher = NULL; ret->cipher.cipher = NULL;
memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
ret->references = 1; ret->references = 1;
return (ret); if (ret->enc_algor == NULL || ret->enc_pkey == NULL) {
M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); c.line = __LINE__;
goto err;
}
return ret;
err:
X509_PKEY_free(ret);
ASN1_MAC_H_err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE, c.line);
return NULL;
} }
void X509_PKEY_free(X509_PKEY *x) void X509_PKEY_free(X509_PKEY *x)

View File

@ -3090,11 +3090,19 @@ $code.=<<___;
.align 32 .align 32
.Lsqrx8x_break: .Lsqrx8x_break:
sub 16+8(%rsp),%r8 # consume last carry xor $zero,$zero
sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
adcx $zero,%r8
mov 24+8(%rsp),$carry # initial $tptr, borrow $carry mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
adcx $zero,%r9
mov 0*8($aptr),%rdx # a[8], modulo-scheduled mov 0*8($aptr),%rdx # a[8], modulo-scheduled
xor %ebp,%ebp # xor $zero,$zero adc \$0,%r10
mov %r8,0*8($tptr) mov %r8,0*8($tptr)
adc \$0,%r11
adc \$0,%r12
adc \$0,%r13
adc \$0,%r14
adc \$0,%r15
cmp $carry,$tptr # cf=0, of=0 cmp $carry,$tptr # cf=0, of=0
je .Lsqrx8x_outer_loop je .Lsqrx8x_outer_loop

View File

@ -145,7 +145,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
int i, bits, ret = 0; int i, bits, ret = 0;
BIGNUM *v, *rr; BIGNUM *v, *rr;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1; return -1;
@ -245,7 +246,9 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
if (BN_is_odd(m)) { if (BN_is_odd(m)) {
# ifdef MONT_EXP_WORD # ifdef MONT_EXP_WORD
if (a->top == 1 && !a->neg if (a->top == 1 && !a->neg
&& (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) { && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)
&& (BN_get_flags(a, BN_FLG_CONSTTIME) == 0)
&& (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) {
BN_ULONG A = a->d[0]; BN_ULONG A = a->d[0];
ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL); ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
} else } else
@ -277,7 +280,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
BIGNUM *val[TABLE_SIZE]; BIGNUM *val[TABLE_SIZE];
BN_RECP_CTX recp; BN_RECP_CTX recp;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1; return -1;
@ -411,7 +416,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
BIGNUM *val[TABLE_SIZE]; BIGNUM *val[TABLE_SIZE];
BN_MONT_CTX *mont = NULL; BN_MONT_CTX *mont = NULL;
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
} }
@ -1217,7 +1224,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
#define BN_TO_MONTGOMERY_WORD(r, w, mont) \ #define BN_TO_MONTGOMERY_WORD(r, w, mont) \
(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1; return -1;
@ -1348,7 +1356,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
/* Table of variables obtained from 'ctx' */ /* Table of variables obtained from 'ctx' */
BIGNUM *val[TABLE_SIZE]; BIGNUM *val[TABLE_SIZE];
if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0
|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return -1; return -1;

View File

@ -524,6 +524,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif #endif
if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0)
BN_set_flags(a, BN_FLG_CONSTTIME);
a->top = b->top; a->top = b->top;
a->neg = b->neg; a->neg = b->neg;
bn_check_top(a); bn_check_top(a);

View File

@ -394,6 +394,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
tmod.dmax = 2; tmod.dmax = 2;
tmod.neg = 0; tmod.neg = 0;
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(&tmod, BN_FLG_CONSTTIME);
mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) # if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)

View File

@ -1032,46 +1032,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
rr->top = top; rr->top = top;
goto end; goto end;
} }
# if 0
if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) {
BIGNUM *tmp_bn = (BIGNUM *)b;
if (bn_wexpand(tmp_bn, al) == NULL)
goto err;
tmp_bn->d[bl] = 0;
bl++;
i--;
} else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
BIGNUM *tmp_bn = (BIGNUM *)a;
if (bn_wexpand(tmp_bn, bl) == NULL)
goto err;
tmp_bn->d[al] = 0;
al++;
i++;
}
if (i == 0) {
/* symmetric and > 4 */
/* 16 or larger */
j = BN_num_bits_word((BN_ULONG)al);
j = 1 << (j - 1);
k = j + j;
t = BN_CTX_get(ctx);
if (al == j) { /* exact multiple */
if (bn_wexpand(t, k * 2) == NULL)
goto err;
if (bn_wexpand(rr, k * 2) == NULL)
goto err;
bn_mul_recursive(rr->d, a->d, b->d, al, t->d);
} else {
if (bn_wexpand(t, k * 4) == NULL)
goto err;
if (bn_wexpand(rr, k * 4) == NULL)
goto err;
bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d);
}
rr->top = top;
goto end;
}
# endif
} }
#endif /* BN_RECURSION */ #endif /* BN_RECURSION */
if (bn_wexpand(rr, top) == NULL) if (bn_wexpand(rr, top) == NULL)

View File

@ -217,6 +217,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
BN_CTX_start(ctx); BN_CTX_start(ctx);
t = BN_CTX_get(ctx); t = BN_CTX_get(ctx);
if (t == NULL)
goto err;
for (i = 0; i < 1000; i++) { for (i = 0; i < 1000; i++) {
if (!BN_rand(Xq, nbits, 1, 0)) if (!BN_rand(Xq, nbits, 1, 0))
@ -255,10 +257,12 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
int ret = 0; int ret = 0;
BN_CTX_start(ctx); BN_CTX_start(ctx);
if (!Xp1) if (Xp1 == NULL)
Xp1 = BN_CTX_get(ctx); Xp1 = BN_CTX_get(ctx);
if (!Xp2) if (Xp2 == NULL)
Xp2 = BN_CTX_get(ctx); Xp2 = BN_CTX_get(ctx);
if (Xp1 == NULL || Xp2 == NULL)
goto error;
if (!BN_rand(Xp1, 101, 0, 0)) if (!BN_rand(Xp1, 101, 0, 0))
goto error; goto error;

View File

@ -469,11 +469,18 @@ void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr)
} }
} }
#ifdef OPENSSL_FIPS
extern int FIPS_crypto_threadid_set_callback(void (*func) (CRYPTO_THREADID *));
#endif
int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *)) int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *))
{ {
if (threadid_callback) if (threadid_callback)
return 0; return 0;
threadid_callback = func; threadid_callback = func;
#ifdef OPENSSL_FIPS
FIPS_crypto_threadid_set_callback(func);
#endif
return 1; return 1;
} }

View File

@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dh_gen.o: ../cryptlib.h dh_gen.c dh_gen.o: ../cryptlib.h dh_gen.c
dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

View File

@ -257,11 +257,13 @@ DH *DH_get_1024_160(void);
DH *DH_get_2048_224(void); DH *DH_get_2048_224(void);
DH *DH_get_2048_256(void); DH *DH_get_2048_256(void);
# ifndef OPENSSL_NO_CMS
/* RFC2631 KDF */ /* RFC2631 KDF */
int DH_KDF_X9_42(unsigned char *out, size_t outlen, int DH_KDF_X9_42(unsigned char *out, size_t outlen,
const unsigned char *Z, size_t Zlen, const unsigned char *Z, size_t Zlen,
ASN1_OBJECT *key_oid, ASN1_OBJECT *key_oid,
const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
# endif
# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \

View File

@ -51,6 +51,9 @@
* ==================================================================== * ====================================================================
*/ */
#include <e_os.h>
#ifndef OPENSSL_NO_CMS
#include <string.h> #include <string.h>
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/evp.h> #include <openssl/evp.h>
@ -185,3 +188,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
EVP_MD_CTX_cleanup(&mctx); EVP_MD_CTX_cleanup(&mctx);
return rv; return rv;
} }
#endif

View File

@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
case EVP_PKEY_CTRL_DH_KDF_TYPE: case EVP_PKEY_CTRL_DH_KDF_TYPE:
if (p1 == -2) if (p1 == -2)
return dctx->kdf_type; return dctx->kdf_type;
#ifdef OPENSSL_NO_CMS
if (p1 != EVP_PKEY_DH_KDF_NONE)
#else
if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
#endif
return -2; return -2;
dctx->kdf_type = p1; dctx->kdf_type = p1;
return 1; return 1;
@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
return ret; return ret;
*keylen = ret; *keylen = ret;
return 1; return 1;
} else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { }
#ifndef OPENSSL_NO_CMS
else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
unsigned char *Z = NULL; unsigned char *Z = NULL;
size_t Zlen = 0; size_t Zlen = 0;
if (!dctx->kdf_outlen || !dctx->kdf_oid) if (!dctx->kdf_outlen || !dctx->kdf_oid)
@ -479,6 +485,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
} }
return ret; return ret;
} }
#endif
return 1; return 1;
} }

View File

@ -258,6 +258,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
goto dsaerr; goto dsaerr;
} }
BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
goto dsaerr; goto dsaerr;

View File

@ -482,6 +482,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
} else { } else {
p = BN_CTX_get(ctx); p = BN_CTX_get(ctx);
q = BN_CTX_get(ctx); q = BN_CTX_get(ctx);
if (q == NULL)
goto err;
} }
if (!BN_lshift(test, BN_value_one(), L - 1)) if (!BN_lshift(test, BN_value_one(), L - 1))

View File

@ -224,7 +224,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
{ {
BN_CTX *ctx; BN_CTX *ctx;
BIGNUM k, kq, *K, *kinv = NULL, *r = NULL; BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
BIGNUM l, m;
int ret = 0; int ret = 0;
int q_bits;
if (!dsa->p || !dsa->q || !dsa->g) { if (!dsa->p || !dsa->q || !dsa->g) {
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
@ -233,6 +235,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BN_init(&k); BN_init(&k);
BN_init(&kq); BN_init(&kq);
BN_init(&l);
BN_init(&m);
if (ctx_in == NULL) { if (ctx_in == NULL) {
if ((ctx = BN_CTX_new()) == NULL) if ((ctx = BN_CTX_new()) == NULL)
@ -243,6 +247,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
if ((r = BN_new()) == NULL) if ((r = BN_new()) == NULL)
goto err; goto err;
/* Preallocate space */
q_bits = BN_num_bits(dsa->q);
if (!BN_set_bit(&k, q_bits)
|| !BN_set_bit(&l, q_bits)
|| !BN_set_bit(&m, q_bits))
goto err;
/* Get random k */ /* Get random k */
do do
if (!BN_rand_range(&k, dsa->q)) if (!BN_rand_range(&k, dsa->q))
@ -263,25 +274,24 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
/* Compute r = (g^k mod p) mod q */ /* Compute r = (g^k mod p) mod q */
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
if (!BN_copy(&kq, &k)) /*
* We do not want timing information to leak the length of k, so we
* compute G^k using an equivalent scalar of fixed bit-length.
*
* We unconditionally perform both of these additions to prevent a
* small timing information leakage. We then choose the sum that is
* one bit longer than the modulus.
*
* TODO: revisit the BN_copy aiming for a memory access agnostic
* conditional copy.
*/
if (!BN_add(&l, &k, dsa->q)
|| !BN_add(&m, &l, dsa->q)
|| !BN_copy(&kq, BN_num_bits(&l) > q_bits ? &l : &m))
goto err; goto err;
BN_set_flags(&kq, BN_FLG_CONSTTIME); BN_set_flags(&kq, BN_FLG_CONSTTIME);
/*
* We do not want timing information to leak the length of k, so we
* compute g^k using an equivalent exponent of fixed length. (This
* is a kludge that we need because the BN_mod_exp_mont() does not
* let us specify the desired timing behaviour.)
*/
if (!BN_add(&kq, &kq, dsa->q))
goto err;
if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
if (!BN_add(&kq, &kq, dsa->q))
goto err;
}
K = &kq; K = &kq;
} else { } else {
K = &k; K = &k;
@ -314,7 +324,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BN_CTX_free(ctx); BN_CTX_free(ctx);
BN_clear_free(&k); BN_clear_free(&k);
BN_clear_free(&kq); BN_clear_free(&kq);
return (ret); BN_clear_free(&l);
BN_clear_free(&m);
return ret;
} }
static int dsa_do_verify(const unsigned char *dgst, int dgst_len, static int dsa_do_verify(const unsigned char *dgst, int dgst_len,

View File

@ -1178,19 +1178,18 @@ __ecp_nistz256_sqr_montx:
adox $t1, $acc5 adox $t1, $acc5
.byte 0x67,0x67 .byte 0x67,0x67
mulx %rdx, $t0, $t4 mulx %rdx, $t0, $t4
mov $acc0, %rdx mov .Lpoly+8*3(%rip), %rdx
adox $t0, $acc6 adox $t0, $acc6
shlx $a_ptr, $acc0, $t0 shlx $a_ptr, $acc0, $t0
adox $t4, $acc7 adox $t4, $acc7
shrx $a_ptr, $acc0, $t4 shrx $a_ptr, $acc0, $t4
mov .Lpoly+8*3(%rip), $t1 mov %rdx,$t1
# reduction step 1 # reduction step 1
add $t0, $acc1 add $t0, $acc1
adc $t4, $acc2 adc $t4, $acc2
mulx $t1, $t0, $acc0 mulx $acc0, $t0, $acc0
mov $acc1, %rdx
adc $t0, $acc3 adc $t0, $acc3
shlx $a_ptr, $acc1, $t0 shlx $a_ptr, $acc1, $t0
adc \$0, $acc0 adc \$0, $acc0
@ -1200,8 +1199,7 @@ __ecp_nistz256_sqr_montx:
add $t0, $acc2 add $t0, $acc2
adc $t4, $acc3 adc $t4, $acc3
mulx $t1, $t0, $acc1 mulx $acc1, $t0, $acc1
mov $acc2, %rdx
adc $t0, $acc0 adc $t0, $acc0
shlx $a_ptr, $acc2, $t0 shlx $a_ptr, $acc2, $t0
adc \$0, $acc1 adc \$0, $acc1
@ -1211,8 +1209,7 @@ __ecp_nistz256_sqr_montx:
add $t0, $acc3 add $t0, $acc3
adc $t4, $acc0 adc $t4, $acc0
mulx $t1, $t0, $acc2 mulx $acc2, $t0, $acc2
mov $acc3, %rdx
adc $t0, $acc1 adc $t0, $acc1
shlx $a_ptr, $acc3, $t0 shlx $a_ptr, $acc3, $t0
adc \$0, $acc2 adc \$0, $acc2
@ -1222,12 +1219,12 @@ __ecp_nistz256_sqr_montx:
add $t0, $acc0 add $t0, $acc0
adc $t4, $acc1 adc $t4, $acc1
mulx $t1, $t0, $acc3 mulx $acc3, $t0, $acc3
adc $t0, $acc2 adc $t0, $acc2
adc \$0, $acc3 adc \$0, $acc3
xor $t3, $t3 # cf=0 xor $t3, $t3
adc $acc0, $acc4 # accumulate upper half add $acc0, $acc4 # accumulate upper half
mov .Lpoly+8*1(%rip), $a_ptr mov .Lpoly+8*1(%rip), $a_ptr
adc $acc1, $acc5 adc $acc1, $acc5
mov $acc4, $acc0 mov $acc4, $acc0
@ -1236,8 +1233,7 @@ __ecp_nistz256_sqr_montx:
mov $acc5, $acc1 mov $acc5, $acc1
adc \$0, $t3 adc \$0, $t3
xor %eax, %eax # cf=0 sub \$-1, $acc4 # .Lpoly[0]
sbb \$-1, $acc4 # .Lpoly[0]
mov $acc6, $acc2 mov $acc6, $acc2
sbb $a_ptr, $acc5 # .Lpoly[1] sbb $a_ptr, $acc5 # .Lpoly[1]
sbb \$0, $acc6 # .Lpoly[2] sbb \$0, $acc6 # .Lpoly[2]

View File

@ -247,6 +247,8 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
BN_CTX_free(new_ctx); BN_CTX_free(new_ctx);
if (mont != NULL) if (mont != NULL)
BN_MONT_CTX_free(mont); BN_MONT_CTX_free(mont);
if (one != NULL)
BN_free(one);
return ret; return ret;
} }

View File

@ -716,7 +716,7 @@ static limb felem_is_zero(const felem in)
return (zero | two224m96p1 | two225m97p2); return (zero | two224m96p1 | two225m97p2);
} }
static limb felem_is_zero_int(const felem in) static int felem_is_zero_int(const void *in)
{ {
return (int)(felem_is_zero(in) & ((limb) 1)); return (int)(felem_is_zero(in) & ((limb) 1));
} }
@ -1391,7 +1391,6 @@ static void make_points_affine(size_t num, felem points[ /* num */ ][3],
sizeof(felem), sizeof(felem),
tmp_felems, tmp_felems,
(void (*)(void *))felem_one, (void (*)(void *))felem_one,
(int (*)(const void *))
felem_is_zero_int, felem_is_zero_int,
(void (*)(void *, const void *)) (void (*)(void *, const void *))
felem_assign, felem_assign,

View File

@ -977,7 +977,7 @@ static limb smallfelem_is_zero(const smallfelem small)
return result; return result;
} }
static int smallfelem_is_zero_int(const smallfelem small) static int smallfelem_is_zero_int(const void *small)
{ {
return (int)(smallfelem_is_zero(small) & ((limb) 1)); return (int)(smallfelem_is_zero(small) & ((limb) 1));
} }
@ -1979,7 +1979,6 @@ static void make_points_affine(size_t num, smallfelem points[][3],
sizeof(smallfelem), sizeof(smallfelem),
tmp_smallfelems, tmp_smallfelems,
(void (*)(void *))smallfelem_one, (void (*)(void *))smallfelem_one,
(int (*)(const void *))
smallfelem_is_zero_int, smallfelem_is_zero_int,
(void (*)(void *, const void *)) (void (*)(void *, const void *))
smallfelem_assign, smallfelem_assign,

View File

@ -871,7 +871,7 @@ static limb felem_is_zero(const felem in)
return is_zero; return is_zero;
} }
static int felem_is_zero_int(const felem in) static int felem_is_zero_int(const void *in)
{ {
return (int)(felem_is_zero(in) & ((limb) 1)); return (int)(felem_is_zero(in) & ((limb) 1));
} }
@ -1787,7 +1787,6 @@ static void make_points_affine(size_t num, felem points[][3],
sizeof(felem), sizeof(felem),
tmp_felems, tmp_felems,
(void (*)(void *))felem_one, (void (*)(void *))felem_one,
(int (*)(const void *))
felem_is_zero_int, felem_is_zero_int,
(void (*)(void *, const void *)) (void (*)(void *, const void *))
felem_assign, felem_assign,

View File

@ -225,9 +225,16 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
*/ */
ecdh_data_free(ecdh_data); ecdh_data_free(ecdh_data);
ecdh_data = (ECDH_DATA *)data; ecdh_data = (ECDH_DATA *)data;
} else if (EC_KEY_get_key_method_data(key, ecdh_data_dup,
ecdh_data_free,
ecdh_data_free) != ecdh_data) {
/* Or an out of memory error in EC_KEY_insert_key_method_data. */
ecdh_data_free(ecdh_data);
return NULL;
} }
} else } else {
ecdh_data = (ECDH_DATA *)data; ecdh_data = (ECDH_DATA *)data;
}
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD) if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) { && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {

View File

@ -203,9 +203,16 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
*/ */
ecdsa_data_free(ecdsa_data); ecdsa_data_free(ecdsa_data);
ecdsa_data = (ECDSA_DATA *)data; ecdsa_data = (ECDSA_DATA *)data;
} else if (EC_KEY_get_key_method_data(key, ecdsa_data_dup,
ecdsa_data_free,
ecdsa_data_free) != ecdsa_data) {
/* Or an out of memory error in EC_KEY_insert_key_method_data. */
ecdsa_data_free(ecdsa_data);
return NULL;
} }
} else } else {
ecdsa_data = (ECDSA_DATA *)data; ecdsa_data = (ECDSA_DATA *)data;
}
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD) if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) { && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) {

View File

@ -95,6 +95,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
EC_POINT *tmp_point = NULL; EC_POINT *tmp_point = NULL;
const EC_GROUP *group; const EC_GROUP *group;
int ret = 0; int ret = 0;
int order_bits;
if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
@ -126,6 +127,13 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
goto err; goto err;
} }
/* Preallocate space */
order_bits = BN_num_bits(order);
if (!BN_set_bit(k, order_bits)
|| !BN_set_bit(r, order_bits)
|| !BN_set_bit(X, order_bits))
goto err;
do { do {
/* get random k */ /* get random k */
do do
@ -139,13 +147,19 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
/* /*
* We do not want timing information to leak the length of k, so we * We do not want timing information to leak the length of k, so we
* compute G*k using an equivalent scalar of fixed bit-length. * compute G*k using an equivalent scalar of fixed bit-length.
*
* We unconditionally perform both of these additions to prevent a
* small timing information leakage. We then choose the sum that is
* one bit longer than the order. This guarantees the code
* path used in the constant time implementations elsewhere.
*
* TODO: revisit the BN_copy aiming for a memory access agnostic
* conditional copy.
*/ */
if (!BN_add(r, k, order)
if (!BN_add(k, k, order)) || !BN_add(X, r, order)
|| !BN_copy(k, BN_num_bits(r) > order_bits ? r : X))
goto err; goto err;
if (BN_num_bits(k) <= BN_num_bits(order))
if (!BN_add(k, k, order))
goto err;
/* compute r the x-coordinate of generator * k */ /* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {

View File

@ -725,6 +725,8 @@ void ERR_put_error(int lib, int func, int reason, const char *file, int line)
} }
#endif #endif
es = ERR_get_state(); es = ERR_get_state();
if (es == NULL)
return;
es->top = (es->top + 1) % ERR_NUM_ERRORS; es->top = (es->top + 1) % ERR_NUM_ERRORS;
if (es->top == es->bottom) if (es->top == es->bottom)
@ -742,6 +744,8 @@ void ERR_clear_error(void)
ERR_STATE *es; ERR_STATE *es;
es = ERR_get_state(); es = ERR_get_state();
if (es == NULL)
return;
for (i = 0; i < ERR_NUM_ERRORS; i++) { for (i = 0; i < ERR_NUM_ERRORS; i++) {
err_clear(es, i); err_clear(es, i);
@ -806,6 +810,8 @@ static unsigned long get_error_values(int inc, int top, const char **file,
unsigned long ret; unsigned long ret;
es = ERR_get_state(); es = ERR_get_state();
if (es == NULL)
return 0;
if (inc && top) { if (inc && top) {
if (file) if (file)
@ -1016,7 +1022,6 @@ void ERR_remove_state(unsigned long pid)
ERR_STATE *ERR_get_state(void) ERR_STATE *ERR_get_state(void)
{ {
static ERR_STATE fallback;
ERR_STATE *ret, tmp, *tmpp = NULL; ERR_STATE *ret, tmp, *tmpp = NULL;
int i; int i;
CRYPTO_THREADID tid; CRYPTO_THREADID tid;
@ -1030,7 +1035,7 @@ ERR_STATE *ERR_get_state(void)
if (ret == NULL) { if (ret == NULL) {
ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
if (ret == NULL) if (ret == NULL)
return (&fallback); return NULL;
CRYPTO_THREADID_cpy(&ret->tid, &tid); CRYPTO_THREADID_cpy(&ret->tid, &tid);
ret->top = 0; ret->top = 0;
ret->bottom = 0; ret->bottom = 0;
@ -1042,7 +1047,7 @@ ERR_STATE *ERR_get_state(void)
/* To check if insertion failed, do a get. */ /* To check if insertion failed, do a get. */
if (ERRFN(thread_get_item) (ret) != ret) { if (ERRFN(thread_get_item) (ret) != ret) {
ERR_STATE_free(ret); /* could not insert it */ ERR_STATE_free(ret); /* could not insert it */
return (&fallback); return NULL;
} }
/* /*
* If a race occured in this function and we came second, tmpp is the * If a race occured in this function and we came second, tmpp is the
@ -1066,10 +1071,10 @@ void ERR_set_error_data(char *data, int flags)
int i; int i;
es = ERR_get_state(); es = ERR_get_state();
if (es == NULL)
return;
i = es->top; i = es->top;
if (i == 0)
i = ERR_NUM_ERRORS - 1;
err_clear_data(es, i); err_clear_data(es, i);
es->err_data[i] = data; es->err_data[i] = data;
@ -1121,6 +1126,8 @@ int ERR_set_mark(void)
ERR_STATE *es; ERR_STATE *es;
es = ERR_get_state(); es = ERR_get_state();
if (es == NULL)
return 0;
if (es->bottom == es->top) if (es->bottom == es->top)
return 0; return 0;
@ -1133,6 +1140,8 @@ int ERR_pop_to_mark(void)
ERR_STATE *es; ERR_STATE *es;
es = ERR_get_state(); es = ERR_get_state();
if (es == NULL)
return 0;
while (es->bottom != es->top while (es->bottom != es->top
&& (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) { && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {

View File

@ -579,12 +579,17 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255; maxpad &= 255;
ret &= constant_time_ge(maxpad, pad); mask = constant_time_ge(maxpad, pad);
ret &= mask;
/*
* If pad is invalid then we will fail the above test but we must
* continue anyway because we are in constant time code. However,
* we'll use the maxpad value instead of the supplied pad to make
* sure we perform well defined pointer arithmetic.
*/
pad = constant_time_select(mask, pad, maxpad);
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
ret &= (int)mask;
key->aux.tls_aad[plen - 2] = inp_len >> 8; key->aux.tls_aad[plen - 2] = inp_len >> 8;
key->aux.tls_aad[plen - 1] = inp_len; key->aux.tls_aad[plen - 1] = inp_len;

View File

@ -507,10 +507,12 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
* to identify it and avoid stitch invocation. So that after we * to identify it and avoid stitch invocation. So that after we
* establish that current CPU supports AVX, we even see if it's * establish that current CPU supports AVX, we even see if it's
* either even XOP-capable Bulldozer-based or GenuineIntel one. * either even XOP-capable Bulldozer-based or GenuineIntel one.
* But SHAEXT-capable go ahead...
*/ */
if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */ if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */
((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */
| (OPENSSL_ia32cap_P[0] & (1<<30))) && /* "Intel CPU"? */ ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */
| (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */
plen > (sha_off + iv) && plen > (sha_off + iv) &&
(blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) {
SHA256_Update(&key->md, in + iv, sha_off); SHA256_Update(&key->md, in + iv, sha_off);
@ -590,12 +592,17 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255; maxpad &= 255;
ret &= constant_time_ge(maxpad, pad); mask = constant_time_ge(maxpad, pad);
ret &= mask;
/*
* If pad is invalid then we will fail the above test but we must
* continue anyway because we are in constant time code. However,
* we'll use the maxpad value instead of the supplied pad to make
* sure we perform well defined pointer arithmetic.
*/
pad = constant_time_select(mask, pad, maxpad);
inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
ret &= (int)mask;
key->aux.tls_aad[plen - 2] = inp_len >> 8; key->aux.tls_aad[plen - 2] = inp_len >> 8;
key->aux.tls_aad[plen - 1] = inp_len; key->aux.tls_aad[plen - 1] = inp_len;

View File

@ -1363,6 +1363,98 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
const char *type, const char *type,
const char *value)); const char *value));
void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
int (**pinit) (EVP_PKEY_CTX *ctx));
void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
int (**pcopy) (EVP_PKEY_CTX *dst,
EVP_PKEY_CTX *src));
void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
void (**pcleanup) (EVP_PKEY_CTX *ctx));
void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
int (**pparamgen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey));
void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
int (**pkeygen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey));
void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
int (**psign_init) (EVP_PKEY_CTX *ctx),
int (**psign) (EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
int (**pverify_init) (EVP_PKEY_CTX *ctx),
int (**pverify) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
size_t siglen,
const unsigned char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
int (**pverify_recover_init) (EVP_PKEY_CTX
*ctx),
int (**pverify_recover) (EVP_PKEY_CTX
*ctx,
unsigned char
*sig,
size_t *siglen,
const unsigned
char *tbs,
size_t tbslen));
void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
int (**psignctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**psignctx) (EVP_PKEY_CTX *ctx,
unsigned char *sig,
size_t *siglen,
EVP_MD_CTX *mctx));
void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**pverifyctx) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
int siglen,
EVP_MD_CTX *mctx));
void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
int (**pencryptfn) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen));
void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
int (**pdecrypt) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen));
void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
int (**pderive_init) (EVP_PKEY_CTX *ctx),
int (**pderive) (EVP_PKEY_CTX *ctx,
unsigned char *key,
size_t *keylen));
void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
void *p2),
int (**pctrl_str) (EVP_PKEY_CTX *ctx,
const char *type,
const char *value));
void EVP_add_alg_module(void); void EVP_add_alg_module(void);
/* BEGIN ERROR CODES */ /* BEGIN ERROR CODES */

View File

@ -97,7 +97,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
int verify) int verify)
{ {
int ret; int ret = -1;
char buff[BUFSIZ]; char buff[BUFSIZ];
UI *ui; UI *ui;
@ -105,16 +105,18 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
prompt = prompt_string; prompt = prompt_string;
ui = UI_new(); ui = UI_new();
if (ui == NULL) if (ui == NULL)
return -1; return ret;
UI_add_input_string(ui, prompt, 0, buf, min, if (UI_add_input_string(ui, prompt, 0, buf, min,
(len >= BUFSIZ) ? BUFSIZ - 1 : len); (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0
if (verify) || (verify
UI_add_verify_string(ui, prompt, 0, && UI_add_verify_string(ui, prompt, 0, buff, min,
buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len, (len >= BUFSIZ) ? BUFSIZ - 1 : len,
buf); buf) < 0))
goto end;
ret = UI_process(ui); ret = UI_process(ui);
UI_free(ui);
OPENSSL_cleanse(buff, BUFSIZ); OPENSSL_cleanse(buff, BUFSIZ);
end:
UI_free(ui);
return ret; return ret;
} }

View File

@ -589,3 +589,170 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
pmeth->ctrl = ctrl; pmeth->ctrl = ctrl;
pmeth->ctrl_str = ctrl_str; pmeth->ctrl_str = ctrl_str;
} }
void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
int (**pinit) (EVP_PKEY_CTX *ctx))
{
*pinit = pmeth->init;
}
void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth,
int (**pcopy) (EVP_PKEY_CTX *dst,
EVP_PKEY_CTX *src))
{
*pcopy = pmeth->copy;
}
void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth,
void (**pcleanup) (EVP_PKEY_CTX *ctx))
{
*pcleanup = pmeth->cleanup;
}
void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth,
int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
int (**pparamgen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey))
{
if (pparamgen_init)
*pparamgen_init = pmeth->paramgen_init;
if (pparamgen)
*pparamgen = pmeth->paramgen;
}
void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth,
int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
int (**pkeygen) (EVP_PKEY_CTX *ctx,
EVP_PKEY *pkey))
{
if (pkeygen_init)
*pkeygen_init = pmeth->keygen_init;
if (pkeygen)
*pkeygen = pmeth->keygen;
}
void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth,
int (**psign_init) (EVP_PKEY_CTX *ctx),
int (**psign) (EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs,
size_t tbslen))
{
if (psign_init)
*psign_init = pmeth->sign_init;
if (psign)
*psign = pmeth->sign;
}
void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth,
int (**pverify_init) (EVP_PKEY_CTX *ctx),
int (**pverify) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
size_t siglen,
const unsigned char *tbs,
size_t tbslen))
{
if (pverify_init)
*pverify_init = pmeth->verify_init;
if (pverify)
*pverify = pmeth->verify;
}
void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth,
int (**pverify_recover_init) (EVP_PKEY_CTX
*ctx),
int (**pverify_recover) (EVP_PKEY_CTX
*ctx,
unsigned char
*sig,
size_t *siglen,
const unsigned
char *tbs,
size_t tbslen))
{
if (pverify_recover_init)
*pverify_recover_init = pmeth->verify_recover_init;
if (pverify_recover)
*pverify_recover = pmeth->verify_recover;
}
void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth,
int (**psignctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**psignctx) (EVP_PKEY_CTX *ctx,
unsigned char *sig,
size_t *siglen,
EVP_MD_CTX *mctx))
{
if (psignctx_init)
*psignctx_init = pmeth->signctx_init;
if (psignctx)
*psignctx = pmeth->signctx;
}
void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth,
int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
EVP_MD_CTX *mctx),
int (**pverifyctx) (EVP_PKEY_CTX *ctx,
const unsigned char *sig,
int siglen,
EVP_MD_CTX *mctx))
{
if (pverifyctx_init)
*pverifyctx_init = pmeth->verifyctx_init;
if (pverifyctx)
*pverifyctx = pmeth->verifyctx;
}
void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth,
int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
int (**pencryptfn) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen))
{
if (pencrypt_init)
*pencrypt_init = pmeth->encrypt_init;
if (pencryptfn)
*pencryptfn = pmeth->encrypt;
}
void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth,
int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
int (**pdecrypt) (EVP_PKEY_CTX *ctx,
unsigned char *out,
size_t *outlen,
const unsigned char *in,
size_t inlen))
{
if (pdecrypt_init)
*pdecrypt_init = pmeth->decrypt_init;
if (pdecrypt)
*pdecrypt = pmeth->decrypt;
}
void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth,
int (**pderive_init) (EVP_PKEY_CTX *ctx),
int (**pderive) (EVP_PKEY_CTX *ctx,
unsigned char *key,
size_t *keylen))
{
if (pderive_init)
*pderive_init = pmeth->derive_init;
if (pderive)
*pderive = pmeth->derive;
}
void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
void *p2),
int (**pctrl_str) (EVP_PKEY_CTX *ctx,
const char *type,
const char *value))
{
if (pctrl)
*pctrl = pmeth->ctrl;
if (pctrl_str)
*pctrl_str = pmeth->ctrl_str;
}

View File

@ -473,7 +473,14 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
if (j < mx) if (j < mx)
mx = j; mx = j;
if (mx > 0) { if (mx > 0) {
if (!CRYPTO_set_ex_data(to, mx - 1, NULL)) /*
* Make sure the ex_data stack is at least |mx| elements long to avoid
* issues in the for loop that follows; so go get the |mx|'th element
* (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
* to itself. This is normally a no-op; but ensures the stack is the
* proper size
*/
if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
goto skip; goto skip;
storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
if (!storage) if (!storage)

View File

@ -101,6 +101,24 @@
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/lhash.h> #include <openssl/lhash.h>
/*
* A hashing implementation that appears to be based on the linear hashing
* alogrithm:
* https://en.wikipedia.org/wiki/Linear_hashing
*
* Litwin, Witold (1980), "Linear hashing: A new tool for file and table
* addressing", Proc. 6th Conference on Very Large Databases: 212223
* http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf
*
* From the wikipedia article "Linear hashing is used in the BDB Berkeley
* database system, which in turn is used by many software systems such as
* OpenLDAP, using a C implementation derived from the CACM article and first
* published on the Usenet in 1988 by Esmond Pitt."
*
* The CACM paper is available here:
* https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf
*/
const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT; const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
#undef MIN_NODES #undef MIN_NODES
@ -108,7 +126,7 @@ const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */
#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */
static void expand(_LHASH *lh); static int expand(_LHASH *lh);
static void contract(_LHASH *lh); static void contract(_LHASH *lh);
static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
@ -182,8 +200,9 @@ void *lh_insert(_LHASH *lh, void *data)
void *ret; void *ret;
lh->error = 0; lh->error = 0;
if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)
expand(lh); && !expand(lh))
return NULL;
rn = getrn(lh, data, &hash); rn = getrn(lh, data, &hash);
@ -300,19 +319,37 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
} }
static void expand(_LHASH *lh) static int expand(_LHASH *lh)
{ {
LHASH_NODE **n, **n1, **n2, *np; LHASH_NODE **n, **n1, **n2, *np;
unsigned int p, i, j; unsigned int p, pmax, nni, j;
unsigned long hash, nni; unsigned long hash;
nni = lh->num_alloc_nodes;
p = lh->p;
pmax = lh->pmax;
if (p + 1 >= pmax) {
j = nni * 2;
n = OPENSSL_realloc(lh->b, (int)(sizeof(LHASH_NODE *) * j));
if (n == NULL) {
lh->error++;
return 0;
}
lh->b = n;
memset(n + nni, 0, sizeof(*n) * (j - nni));
lh->pmax = nni;
lh->num_alloc_nodes = j;
lh->num_expand_reallocs++;
lh->p = 0;
} else {
lh->p++;
}
lh->num_nodes++; lh->num_nodes++;
lh->num_expands++; lh->num_expands++;
p = (int)lh->p++;
n1 = &(lh->b[p]); n1 = &(lh->b[p]);
n2 = &(lh->b[p + (int)lh->pmax]); n2 = &(lh->b[p + pmax]);
*n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */ *n2 = NULL;
nni = lh->num_alloc_nodes;
for (np = *n1; np != NULL;) { for (np = *n1; np != NULL;) {
#ifndef OPENSSL_NO_HASH_COMP #ifndef OPENSSL_NO_HASH_COMP
@ -330,25 +367,7 @@ static void expand(_LHASH *lh)
np = *n1; np = *n1;
} }
if ((lh->p) >= lh->pmax) { return 1;
j = (int)lh->num_alloc_nodes * 2;
n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
(int)(sizeof(LHASH_NODE *) * j));
if (n == NULL) {
lh->error++;
lh->num_nodes--;
lh->p = 0;
return;
}
/* else */
for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */
n[i] = NULL; /* 02/03/92 eay */
lh->pmax = lh->num_alloc_nodes;
lh->num_alloc_nodes = j;
lh->num_expand_reallocs++;
lh->p = 0;
lh->b = n;
}
} }
static void contract(_LHASH *lh) static void contract(_LHASH *lh)

View File

@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
goto end; goto end;
} }
} }
} else if (certs != NULL) {
untrusted = certs;
} else { } else {
untrusted = bs->certs; untrusted = bs->certs;
} }

View File

@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta) * major minor fix final patch/beta)
*/ */
# define OPENSSL_VERSION_NUMBER 0x100020cfL # define OPENSSL_VERSION_NUMBER 0x100020dfL
# ifdef OPENSSL_FIPS # ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2l-fips 25 May 2017" # define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-fips 2 Nov 2017"
# else # else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2l-freebsd 25 May 2017" # define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-freebsd 2 Nov 2017"
# endif # endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

View File

@ -536,7 +536,8 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
((c >= '0') && (c <= '9')))) ((c >= '0') && (c <= '9'))))
break; break;
#else #else
if (!(isupper(c) || (c == '-') || isdigit(c))) if (!(isupper((unsigned char)c) || (c == '-')
|| isdigit((unsigned char)c)))
break; break;
#endif #endif
header++; header++;

View File

@ -178,6 +178,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
} }
p8inf = PKCS8_decrypt(p8, psbuf, klen); p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8); X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
if (!p8inf) if (!p8inf)
return NULL; return NULL;
ret = EVP_PKCS82PKEY(p8inf); ret = EVP_PKCS82PKEY(p8inf);

View File

@ -120,6 +120,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
} }
p8inf = PKCS8_decrypt(p8, psbuf, klen); p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8); X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
if (!p8inf) if (!p8inf)
goto p8err; goto p8err;
ret = EVP_PKCS82PKEY(p8inf); ret = EVP_PKCS82PKEY(p8inf);

View File

@ -84,6 +84,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
{ {
STACK_OF(X509) *ocerts = NULL; STACK_OF(X509) *ocerts = NULL;
X509 *x = NULL; X509 *x = NULL;
if (pkey)
*pkey = NULL;
if (cert)
*cert = NULL;
/* Check for NULL PKCS12 structure */ /* Check for NULL PKCS12 structure */
if (!p12) { if (!p12) {
@ -92,11 +98,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
return 0; return 0;
} }
if (pkey)
*pkey = NULL;
if (cert)
*cert = NULL;
/* Check the mac */ /* Check the mac */
/* /*
@ -125,7 +126,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
if (!ocerts) { if (!ocerts) {
PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE); PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
return 0; goto err;
} }
if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
@ -163,10 +164,14 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
err: err:
if (pkey && *pkey) if (pkey) {
EVP_PKEY_free(*pkey); EVP_PKEY_free(*pkey);
if (cert && *cert) *pkey = NULL;
}
if (cert) {
X509_free(*cert); X509_free(*cert);
*cert = NULL;
}
if (x) if (x)
X509_free(x); X509_free(x);
if (ocerts) if (ocerts)

View File

@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
return 2; return 2;
} }
#ifndef OPENSSL_NO_CMS
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
X509_ALGOR **pmaskHash) X509_ALGOR **pmaskHash)
{ {
@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
return pss; return pss;
} }
#ifndef OPENSSL_NO_CMS
static int rsa_cms_decrypt(CMS_RecipientInfo *ri) static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
{ {
EVP_PKEY_CTX *pkctx; EVP_PKEY_CTX *pkctx;

View File

@ -237,10 +237,14 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
RSA_R_OAEP_DECODING_ERROR); RSA_R_OAEP_DECODING_ERROR);
cleanup: cleanup:
if (db != NULL) if (db != NULL) {
OPENSSL_cleanse(db, dblen);
OPENSSL_free(db); OPENSSL_free(db);
if (em != NULL) }
if (em != NULL) {
OPENSSL_cleanse(em, num);
OPENSSL_free(em); OPENSSL_free(em);
}
return mlen; return mlen;
} }

View File

@ -255,8 +255,6 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
* We can't continue in constant-time because we need to copy the result * We can't continue in constant-time because we need to copy the result
* and we cannot fake its length. This unavoidably leaks timing * and we cannot fake its length. This unavoidably leaks timing
* information at the API boundary. * information at the API boundary.
* TODO(emilia): this could be addressed at the call site,
* see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
*/ */
if (!good) { if (!good) {
mlen = -1; mlen = -1;
@ -266,8 +264,10 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
memcpy(to, em + msg_index, mlen); memcpy(to, em + msg_index, mlen);
err: err:
if (em != NULL) if (em != NULL) {
OPENSSL_cleanse(em, num);
OPENSSL_free(em); OPENSSL_free(em);
}
if (mlen == -1) if (mlen == -1)
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
RSA_R_PKCS_DECODING_ERROR); RSA_R_PKCS_DECODING_ERROR);

View File

@ -180,27 +180,25 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
* FIPS mode. * FIPS mode.
*/ */
static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx) static int pkey_fips_check_rsa(const RSA *rsa, const EVP_MD **pmd,
const EVP_MD **pmgf1md)
{ {
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
int rv = -1; int rv = -1;
if (!FIPS_mode()) if (!FIPS_mode())
return 0; return 0;
if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
rv = 0; rv = 0;
if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv) if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
return -1; return -1;
if (rctx->md) { if (*pmd != NULL) {
const EVP_MD *fmd; *pmd = FIPS_get_digestbynid(EVP_MD_type(*pmd));
fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md)); if (*pmd == NULL || !((*pmd)->flags & EVP_MD_FLAG_FIPS))
if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
return rv; return rv;
} }
if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) { if (*pmgf1md != NULL) {
const EVP_MD *fmd; *pmgf1md = FIPS_get_digestbynid(EVP_MD_type(*pmgf1md));
fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md)); if (*pmgf1md == NULL || !((*pmgf1md)->flags & EVP_MD_FLAG_FIPS))
if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
return rv; return rv;
} }
return 1; return 1;
@ -214,27 +212,27 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
int ret; int ret;
RSA_PKEY_CTX *rctx = ctx->data; RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa; RSA *rsa = ctx->pkey->pkey.rsa;
const EVP_MD *md = rctx->md;
const EVP_MD *mgf1md = rctx->mgf1md;
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
ret = pkey_fips_check_ctx(ctx); ret = pkey_fips_check_rsa(rsa, &md, &mgf1md);
if (ret < 0) { if (ret < 0) {
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return -1; return -1;
} }
#endif #endif
if (rctx->md) { if (md != NULL) {
if (tbslen != (size_t)EVP_MD_size(rctx->md)) { if (tbslen != (size_t)EVP_MD_size(md)) {
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
return -1; return -1;
} }
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (ret > 0) { if (ret > 0) {
unsigned int slen; unsigned int slen;
ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
rctx->pad_mode, rctx->saltlen, mgf1md, sig, &slen);
rctx->saltlen,
rctx->mgf1md, sig, &slen);
if (ret > 0) if (ret > 0)
*siglen = slen; *siglen = slen;
else else
@ -243,12 +241,12 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
} }
#endif #endif
if (EVP_MD_type(rctx->md) == NID_mdc2) { if (EVP_MD_type(md) == NID_mdc2) {
unsigned int sltmp; unsigned int sltmp;
if (rctx->pad_mode != RSA_PKCS1_PADDING) if (rctx->pad_mode != RSA_PKCS1_PADDING)
return -1; return -1;
ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen, sig, &sltmp,
tbs, tbslen, sig, &sltmp, rsa); rsa);
if (ret <= 0) if (ret <= 0)
return ret; return ret;
@ -263,23 +261,20 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
return -1; return -1;
} }
memcpy(rctx->tbuf, tbs, tbslen); memcpy(rctx->tbuf, tbs, tbslen);
rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(md));
ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
sig, rsa, RSA_X931_PADDING); sig, rsa, RSA_X931_PADDING);
} else if (rctx->pad_mode == RSA_PKCS1_PADDING) { } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
unsigned int sltmp; unsigned int sltmp;
ret = RSA_sign(EVP_MD_type(rctx->md), ret = RSA_sign(EVP_MD_type(md), tbs, tbslen, sig, &sltmp, rsa);
tbs, tbslen, sig, &sltmp, rsa);
if (ret <= 0) if (ret <= 0)
return ret; return ret;
ret = sltmp; ret = sltmp;
} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
if (!setup_tbuf(rctx, ctx)) if (!setup_tbuf(rctx, ctx))
return -1; return -1;
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs,
rctx->tbuf, tbs, md, mgf1md, rctx->saltlen))
rctx->md, rctx->mgf1md,
rctx->saltlen))
return -1; return -1;
ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
sig, rsa, RSA_NO_PADDING); sig, rsa, RSA_NO_PADDING);
@ -348,32 +343,31 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
{ {
RSA_PKEY_CTX *rctx = ctx->data; RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa; RSA *rsa = ctx->pkey->pkey.rsa;
const EVP_MD *md = rctx->md;
const EVP_MD *mgf1md = rctx->mgf1md;
size_t rslen; size_t rslen;
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
int rv; int rv = pkey_fips_check_rsa(rsa, &md, &mgf1md);
rv = pkey_fips_check_ctx(ctx);
if (rv < 0) { if (rv < 0) {
RSAerr(RSA_F_PKEY_RSA_VERIFY, RSAerr(RSA_F_PKEY_RSA_VERIFY,
RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return -1; return -1;
} }
#endif #endif
if (rctx->md) { if (md != NULL) {
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (rv > 0) { if (rv > 0) {
return FIPS_rsa_verify_digest(rsa, return FIPS_rsa_verify_digest(rsa, tbs, tbslen, md, rctx->pad_mode,
tbs, tbslen, rctx->saltlen, mgf1md, sig, siglen);
rctx->md,
rctx->pad_mode,
rctx->saltlen,
rctx->mgf1md, sig, siglen);
} }
#endif #endif
if (rctx->pad_mode == RSA_PKCS1_PADDING) if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, return RSA_verify(EVP_MD_type(md), tbs, tbslen,
sig, siglen, rsa); sig, siglen, rsa);
if (tbslen != (size_t)EVP_MD_size(rctx->md)) { if (tbslen != (size_t)EVP_MD_size(md)) {
RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
return -1; return -1;
} }
@ -388,8 +382,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
rsa, RSA_NO_PADDING); rsa, RSA_NO_PADDING);
if (ret <= 0) if (ret <= 0)
return 0; return 0;
ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, md, mgf1md,
rctx->md, rctx->mgf1md,
rctx->tbuf, rctx->saltlen); rctx->tbuf, rctx->saltlen);
if (ret <= 0) if (ret <= 0)
return 0; return 0;

View File

@ -520,6 +520,7 @@ int UI_process(UI *ui)
} }
} }
} }
err: err:
if (ui->meth->ui_close_session != NULL if (ui->meth->ui_close_session != NULL
&& ui->meth->ui_close_session(ui) <= 0) && ui->meth->ui_close_session(ui) <= 0)

View File

@ -166,7 +166,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
goto reconsider; goto reconsider;
} else } else
#endif #endif
if (bits >= 8) { if (bits > 8) {
b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap))); b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
b &= 0xff; b &= 0xff;
if (bitrem) if (bitrem)
@ -183,7 +183,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
} }
if (bitrem) if (bitrem)
c->data[byteoff] = b << (8 - bitrem); c->data[byteoff] = b << (8 - bitrem);
} else { /* remaining less than 8 bits */ } else { /* remaining less than or equal to 8 bits */
b = (inp[0] << inpgap) & 0xff; b = (inp[0] << inpgap) & 0xff;
if (bitrem) if (bitrem)

View File

@ -402,6 +402,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
if (!hent) { if (!hent) {
hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
if (hent == NULL) { if (hent == NULL) {
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
goto finish; goto finish;
} }

View File

@ -92,12 +92,12 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
long argl, char **ret) long argl, char **ret)
{ {
int ok = 0; int ok = 0;
char *file; const char *file;
switch (cmd) { switch (cmd) {
case X509_L_FILE_LOAD: case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) { if (argl == X509_FILETYPE_DEFAULT) {
file = (char *)getenv(X509_get_default_cert_file_env()); file = getenv(X509_get_default_cert_file_env());
if (file) if (file)
ok = (X509_load_cert_crl_file(ctx, file, ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0); X509_FILETYPE_PEM) != 0);
@ -140,7 +140,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
if (type == X509_FILETYPE_PEM) { if (type == X509_FILETYPE_PEM) {
for (;;) { for (;;) {
x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); x = PEM_read_bio_X509_AUX(in, NULL, NULL, "");
if (x == NULL) { if (x == NULL) {
if ((ERR_GET_REASON(ERR_peek_last_error()) == if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0)) { PEM_R_NO_START_LINE) && (count > 0)) {
@ -199,7 +199,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
if (type == X509_FILETYPE_PEM) { if (type == X509_FILETYPE_PEM) {
for (;;) { for (;;) {
x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); x = PEM_read_bio_X509_CRL(in, NULL, NULL, "");
if (x == NULL) { if (x == NULL) {
if ((ERR_GET_REASON(ERR_peek_last_error()) == if ((ERR_GET_REASON(ERR_peek_last_error()) ==
PEM_R_NO_START_LINE) && (count > 0)) { PEM_R_NO_START_LINE) && (count > 0)) {
@ -253,7 +253,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
return 0; return 0;
} }
inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); inf = PEM_X509_INFO_read_bio(in, NULL, NULL, "");
BIO_free(in); BIO_free(in);
if (!inf) { if (!inf) {
X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);

View File

@ -732,6 +732,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
{ {
int ret; int ret;
int calc_ret;
X509_POLICY_TREE *tree = NULL; X509_POLICY_TREE *tree = NULL;
STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
*ptree = NULL; *ptree = NULL;
@ -800,16 +801,19 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
/* Tree is not empty: continue */ /* Tree is not empty: continue */
ret = tree_calculate_authority_set(tree, &auth_nodes); calc_ret = tree_calculate_authority_set(tree, &auth_nodes);
if (!calc_ret)
goto error;
ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
if (calc_ret == 2)
sk_X509_POLICY_NODE_free(auth_nodes);
if (!ret) if (!ret)
goto error; goto error;
if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
goto error;
if (ret == 2)
sk_X509_POLICY_NODE_free(auth_nodes);
if (tree) if (tree)
*ptree = tree; *ptree = tree;

View File

@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
*/ */
unsigned int v3_addr_get_afi(const IPAddressFamily *f) unsigned int v3_addr_get_afi(const IPAddressFamily *f)
{ {
return ((f != NULL && if (f == NULL
f->addressFamily != NULL && f->addressFamily->data != NULL) || f->addressFamily == NULL
? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1])) || f->addressFamily->data == NULL
: 0); || f->addressFamily->length < 2)
return 0;
return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
} }
/* /*

View File

@ -231,6 +231,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
oth = OTHERNAME_new(); oth = OTHERNAME_new();
if (!oth) if (!oth)
return 0; return 0;
ASN1_TYPE_free(oth->value);
oth->type_id = oid; oth->type_id = oid;
oth->value = value; oth->value = value;
GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth); GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);

View File

@ -107,6 +107,47 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
/*
* We cannot use strncasecmp here because that applies locale specific rules.
* For example in Turkish 'I' is not the uppercase character for 'i'. We need to
* do a simple ASCII case comparison ignoring the locale (that is why we use
* numeric constants below).
*/
static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
{
for (; n > 0; n--, s1++, s2++) {
if (*s1 != *s2) {
unsigned char c1 = (unsigned char)*s1, c2 = (unsigned char)*s2;
/* Convert to lower case */
if (c1 >= 0x41 /* A */ && c1 <= 0x5A /* Z */)
c1 += 0x20;
if (c2 >= 0x41 /* A */ && c2 <= 0x5A /* Z */)
c2 += 0x20;
if (c1 == c2)
continue;
if (c1 < c2)
return -1;
/* c1 > c2 */
return 1;
} else if (*s1 == 0) {
/* If we get here we know that *s2 == 0 too */
return 0;
}
}
return 0;
}
static int ia5casecmp(const char *s1, const char *s2)
{
/* No portable definition of SIZE_MAX, so we use (size_t)(-1) instead */
return ia5ncasecmp(s1, s2, (size_t)(-1));
}
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{ {
@ -384,7 +425,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_ERR_PERMITTED_VIOLATION;
} }
if (strcasecmp(baseptr, dnsptr)) if (ia5casecmp(baseptr, dnsptr))
return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK; return X509_V_OK;
@ -404,7 +445,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
if (!baseat && (*baseptr == '.')) { if (!baseat && (*baseptr == '.')) {
if (eml->length > base->length) { if (eml->length > base->length) {
emlptr += eml->length - base->length; emlptr += eml->length - base->length;
if (!strcasecmp(baseptr, emlptr)) if (ia5casecmp(baseptr, emlptr) == 0)
return X509_V_OK; return X509_V_OK;
} }
return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_ERR_PERMITTED_VIOLATION;
@ -425,7 +466,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
} }
emlptr = emlat + 1; emlptr = emlat + 1;
/* Just have hostname left to match: case insensitive */ /* Just have hostname left to match: case insensitive */
if (strcasecmp(baseptr, emlptr)) if (ia5casecmp(baseptr, emlptr))
return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK; return X509_V_OK;
@ -464,14 +505,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
if (*baseptr == '.') { if (*baseptr == '.') {
if (hostlen > base->length) { if (hostlen > base->length) {
p = hostptr + hostlen - base->length; p = hostptr + hostlen - base->length;
if (!strncasecmp(p, baseptr, base->length)) if (ia5ncasecmp(p, baseptr, base->length) == 0)
return X509_V_OK; return X509_V_OK;
} }
return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_ERR_PERMITTED_VIOLATION;
} }
if ((base->length != (int)hostlen) if ((base->length != (int)hostlen)
|| strncasecmp(hostptr, baseptr, hostlen)) || ia5ncasecmp(hostptr, baseptr, hostlen))
return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK; return X509_V_OK;

View File

@ -136,8 +136,19 @@ OPENSSL_ia32_cpuid:
or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs
and \$15,%ah and \$15,%ah
cmp \$15,%ah # examine Family ID cmp \$15,%ah # examine Family ID
jne .Lnotintel jne .LnotP4
or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR
.LnotP4:
cmp \$6,%ah
jne .Lnotintel
and \$0x0fff0ff0,%eax
cmp \$0x00050670,%eax # Knights Landing
je .Lknights
cmp \$0x00080650,%eax # Knights Mill (according to sde)
jne .Lnotintel
.Lknights:
and \$0xfbffffff,%ecx # clear XSAVE flag to mimic Silvermont
.Lnotintel: .Lnotintel:
bt \$28,%edx # test hyper-threading bit bt \$28,%edx # test hyper-threading bit
jnc .Lgeneric jnc .Lgeneric
@ -162,6 +173,10 @@ OPENSSL_ia32_cpuid:
mov \$7,%eax mov \$7,%eax
xor %ecx,%ecx xor %ecx,%ecx
cpuid cpuid
bt \$26,%r9d # check XSAVE bit, cleared on Knights
jc .Lnotknights
and \$0xfff7ffff,%ebx # clear ADCX/ADOX flag
.Lnotknights:
mov %ebx,8(%rdi) # save extended feature flags mov %ebx,8(%rdi) # save extended feature flags
.Lno_extended_info: .Lno_extended_info:
@ -175,7 +190,7 @@ OPENSSL_ia32_cpuid:
.Lclear_avx: .Lclear_avx:
mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11) mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11)
and %eax,%r9d # clear AVX, FMA and AMD XOP bits and %eax,%r9d # clear AVX, FMA and AMD XOP bits
andl \$0xffffffdf,8(%rdi) # cleax AVX2, ~(1<<5) andl \$0xffffffdf,8(%rdi) # clear AVX2, ~(1<<5)
.Ldone: .Ldone:
shl \$32,%r9 shl \$32,%r9
mov %r10d,%eax mov %r10d,%eax

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-asn1parse,
asn1parse - ASN.1 parsing tool asn1parse - ASN.1 parsing tool
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME =head1 NAME
openssl-ca,
ca - sample minimal CA application ca - sample minimal CA application
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-ciphers,
ciphers - SSL cipher display and cipher list tool. ciphers - SSL cipher display and cipher list tool.
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-cms,
cms - CMS utility cms - CMS utility
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-crl,
crl - CRL utility crl - CRL utility
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-crl2pkcs7,
crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates. crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-dgst,
dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-dhparam,
dhparam - DH parameter manipulation and generation dhparam - DH parameter manipulation and generation
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-dsa,
dsa - DSA key processing dsa - DSA key processing
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-dsaparam,
dsaparam - DSA parameter manipulation and generation dsaparam - DSA parameter manipulation and generation
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-ec,
ec - EC key processing ec - EC key processing
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-ecparam,
ecparam - EC parameter manipulation and generation ecparam - EC parameter manipulation and generation
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-enc,
enc - symmetric cipher routines enc - symmetric cipher routines
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-errstr,
errstr - lookup error codes errstr - lookup error codes
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-gendsa,
gendsa - generate a DSA private key from a set of parameters gendsa - generate a DSA private key from a set of parameters
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-genpkey,
genpkey - generate a private key genpkey - generate a private key
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-genrsa,
genrsa - generate an RSA private key genrsa - generate an RSA private key
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-nseq,
nseq - create or examine a netscape certificate sequence nseq - create or examine a netscape certificate sequence
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-ocsp,
ocsp - Online Certificate Status Protocol utility ocsp - Online Certificate Status Protocol utility
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-passwd,
passwd - compute password hashes passwd - compute password hashes
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME =head1 NAME
openssl-pkcs12,
pkcs12 - PKCS#12 file utility pkcs12 - PKCS#12 file utility
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-pkcs7,
pkcs7 - PKCS#7 utility pkcs7 - PKCS#7 utility
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-pkcs8,
pkcs8 - PKCS#8 format private key conversion tool pkcs8 - PKCS#8 format private key conversion tool
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME =head1 NAME
openssl-pkey,
pkey - public or private key processing tool pkey - public or private key processing tool
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME =head1 NAME
openssl-pkeyparam,
pkeyparam - public key algorithm parameter processing tool pkeyparam - public key algorithm parameter processing tool
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-pkeyutl,
pkeyutl - public key algorithm utility pkeyutl - public key algorithm utility
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-rand,
rand - generate pseudo-random bytes rand - generate pseudo-random bytes
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME =head1 NAME
openssl-req,
req - PKCS#10 certificate request and certificate generating utility. req - PKCS#10 certificate request and certificate generating utility.
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -3,6 +3,7 @@
=head1 NAME =head1 NAME
openssl-rsa,
rsa - RSA key processing tool rsa - RSA key processing tool
=head1 SYNOPSIS =head1 SYNOPSIS

View File

@ -2,6 +2,7 @@
=head1 NAME =head1 NAME
openssl-rsautl,
rsautl - RSA utility rsautl - RSA utility
=head1 SYNOPSIS =head1 SYNOPSIS
@ -105,7 +106,7 @@ Recover the signed data
Examine the raw signed data: Examine the raw signed data:
openssl rsautl -verify -in file -inkey key.pem -raw -hexdump openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................

View File

@ -3,6 +3,7 @@
=head1 NAME =head1 NAME
openssl-s_client,
s_client - SSL/TLS client program s_client - SSL/TLS client program
=head1 SYNOPSIS =head1 SYNOPSIS
@ -197,12 +198,14 @@ Can be used to override the implicit B<-ign_eof> after B<-quiet>.
=item B<-psk_identity identity> =item B<-psk_identity identity>
Use the PSK identity B<identity> when using a PSK cipher suite. Use the PSK identity B<identity> when using a PSK cipher suite.
The default value is "Client_identity" (without the quotes).
=item B<-psk key> =item B<-psk key>
Use the PSK key B<key> when using a PSK cipher suite. The key is Use the PSK key B<key> when using a PSK cipher suite. The key is
given as a hexadecimal number without leading 0x, for example -psk given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d. 1a2b3c4d.
This option must be provided in order to use a PSK cipher.
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>

View File

@ -3,6 +3,7 @@
=head1 NAME =head1 NAME
openssl-s_server,
s_server - SSL/TLS server program s_server - SSL/TLS server program
=head1 SYNOPSIS =head1 SYNOPSIS
@ -219,6 +220,7 @@ Use the PSK identity hint B<hint> when using a PSK cipher suite.
Use the PSK key B<key> when using a PSK cipher suite. The key is Use the PSK key B<key> when using a PSK cipher suite. The key is
given as a hexadecimal number without leading 0x, for example -psk given as a hexadecimal number without leading 0x, for example -psk
1a2b3c4d. 1a2b3c4d.
This option must be provided in order to use a PSK cipher.
=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
@ -403,10 +405,6 @@ a web browser the command:
can be used for example. can be used for example.
Most web browsers (in particular Netscape and MSIE) only support RSA cipher
suites, so they cannot connect to servers which don't use a certificate
carrying an RSA key or a version of OpenSSL with RSA disabled.
Although specifying an empty list of CAs when requesting a client certificate Although specifying an empty list of CAs when requesting a client certificate
is strictly speaking a protocol violation, some SSL clients interpret this to is strictly speaking a protocol violation, some SSL clients interpret this to
mean any CA is acceptable. This is useful for debugging purposes. mean any CA is acceptable. This is useful for debugging purposes.

Some files were not shown because too many files have changed in this diff Show More