Import OpenSSL 1.1.1j.

This commit is contained in:
Jung-uk Kim 2021-02-16 14:54:02 -05:00
parent c25134eb4f
commit 4f55bd5321
157 changed files with 432 additions and 201 deletions

View File

@ -13,6 +13,8 @@ Ben Kaduk
Bernd Edlinger
Bodo Möller
David Benjamin
David von Oheimb
Dmitry Belyavskiy (Дмитрий Белявский)
Emilia Käsper
Eric Young
Geoff Thorpe
@ -22,14 +24,19 @@ Lutz Jänicke
Mark J. Cox
Matt Caswell
Matthias St. Pierre
Nicola Tuveri
Nils Larsch
Patrick Steuer
Paul Dale
Paul C. Sutton
Paul Yang
Ralf S. Engelschall
Rich Salz
Richard Levitte
Shane Lontis
Stephen Henson
Steve Marquess
Tim Hudson
Tomáš Mráz
Ulf Möller
Viktor Dukhovni

37
CHANGES
View File

@ -7,6 +7,43 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
*) Fixed the X509_issuer_and_serial_hash() function. It attempts to
create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it was failing to correctly
handle any errors that may occur while parsing the issuer field (which might
occur if the issuer field is maliciously constructed). This may subsequently
result in a NULL pointer deref and a crash leading to a potential denial of
service attack.
(CVE-2021-23841)
[Matt Caswell]
*) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
padding mode to correctly check for rollback attacks. This is considered a
bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is
CVE-2021-23839.
[Matt Caswell]
*) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
functions. Previously they could overflow the output length argument in some
cases where the input length is close to the maximum permissable length for
an integer on the platform. In such cases the return value from the function
call would be 1 (indicating success), but the output length value would be
negative. This could cause applications to behave incorrectly or crash.
(CVE-2021-23840)
[Matt Caswell]
*) Fixed SRP_Calc_client_key so that it runs in constant time. The previous
implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This
could be exploited in a side channel attack to recover the password. Since
the attack is local host only this is outside of the current OpenSSL
threat model and therefore no CVE is assigned.
Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
issue.
[Matt Caswell]
Changes between 1.1.1h and 1.1.1i [8 Dec 2020]
*) Fixed NULL pointer deref in the GENERAL_NAME_cmp function

View File

@ -41,8 +41,8 @@ guidelines:
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features. Clean builds
via Travis and AppVeyor are required, and they are started automatically
platforms: try to ensure you only use portable features. Clean builds via
GitHub Actions and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can

View File

@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -1201,6 +1201,10 @@ foreach (keys %useradd) {
# At this point, we can forget everything about %user and %useradd,
# because it's now all been merged into the corresponding $config entry
if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
disable('static', 'pic', 'threads');
}
# Allow overriding the build file name
$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
@ -1521,10 +1525,6 @@ if ($strict_warnings)
}
}
if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
disable('static', 'pic', 'threads');
}
$config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings'
? @strict_warnings_collection
: ( $_ ) }
@ -2611,19 +2611,22 @@ _____
}
print "\nEnabled features:\n\n";
foreach my $what (@disablables) {
print " $what\n" unless $disabled{$what};
print " $what\n"
unless grep { $_ =~ /^${what}$/ } keys %disabled;
}
print "\nDisabled features:\n\n";
foreach my $what (@disablables) {
if ($disabled{$what}) {
print " $what", ' ' x ($longest - length($what) + 1),
"[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1);
print $disabled_info{$what}->{macro}
if $disabled_info{$what}->{macro};
my @what2 = grep { $_ =~ /^${what}$/ } keys %disabled;
my $what3 = $what2[0];
if ($what3) {
print " $what3", ' ' x ($longest - length($what3) + 1),
"[$disabled{$what3}]", ' ' x ($longest2 - length($disabled{$what3}) + 1);
print $disabled_info{$what3}->{macro}
if $disabled_info{$what3}->{macro};
print ' (skip ',
join(', ', @{$disabled_info{$what}->{skipped}}),
join(', ', @{$disabled_info{$what3}->{skipped}}),
')'
if $disabled_info{$what}->{skipped};
if $disabled_info{$what3}->{skipped};
print "\n";
}
}

15
INSTALL
View File

@ -106,8 +106,7 @@
This will build and install OpenSSL in the default location, which is:
Unix: normal installation directories under /usr/local
OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the
OpenSSL version number with underscores instead of periods.
OpenVMS: SYS$COMMON:[OPENSSL]
Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
The installation directory should be appropriately protected to ensure
@ -116,7 +115,9 @@
your Operating System it is recommended that you do not overwrite the system
version and instead install to somewhere else.
If you want to install it anywhere else, run config like this:
If you want to install it anywhere else, run config like this (the options
--prefix and --openssldir are explained further down, and the values shown
here are mere examples):
On Unix:
@ -198,7 +199,7 @@
Unix: /usr/local
Windows: C:\Program Files\OpenSSL
or C:\Program Files (x86)\OpenSSL
OpenVMS: SYS$COMMON:[OPENSSL-'version']
OpenVMS: SYS$COMMON:[OPENSSL]
--release
Build OpenSSL without debugging symbols. This is the default.
@ -961,9 +962,9 @@
share/doc/openssl/html/man7
Contains the HTML rendition of the man-pages.
OpenVMS ('arch' is replaced with the architecture name, "Alpha"
or "ia64", 'sover' is replaced with the shared library version
(0101 for 1.1), and 'pz' is replaced with the pointer size
OpenVMS ('arch' is replaced with the architecture name, "ALPHA"
or "IA64", 'sover' is replaced with the shared library version
(0101 for 1.1.x), and 'pz' is replaced with the pointer size
OpenSSL was built with):
[.EXE.'arch'] Contains the openssl binary.

10
NEWS
View File

@ -5,6 +5,16 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
function (CVE-2021-23841)
o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
padding mode to correctly check for rollback attacks
o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
EVP_DecryptUpdate functions (CVE-2021-23840)
o Fixed SRP_Calc_client_key so that it runs in constant time
Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)

2
README
View File

@ -1,5 +1,5 @@
OpenSSL 1.1.1i 8 Dec 2020
OpenSSL 1.1.1j 16 Feb 2021
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

55
apps/ca.c Normal file → Executable file
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -2223,62 +2223,51 @@ static int get_certificate_status(const char *serial, CA_DB *db)
static int do_updatedb(CA_DB *db)
{
ASN1_UTCTIME *a_tm = NULL;
ASN1_TIME *a_tm = NULL;
int i, cnt = 0;
int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
char **rrow, *a_tm_s;
char **rrow;
a_tm = ASN1_UTCTIME_new();
a_tm = ASN1_TIME_new();
if (a_tm == NULL)
return -1;
/* get actual time and make a string */
/* get actual time */
if (X509_gmtime_adj(a_tm, 0) == NULL) {
ASN1_UTCTIME_free(a_tm);
ASN1_TIME_free(a_tm);
return -1;
}
a_tm_s = app_malloc(a_tm->length + 1, "time string");
memcpy(a_tm_s, a_tm->data, a_tm->length);
a_tm_s[a_tm->length] = '\0';
if (strncmp(a_tm_s, "49", 2) <= 0)
a_y2k = 1;
else
a_y2k = 0;
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (rrow[DB_type][0] == DB_TYPE_VAL) {
/* ignore entries that are not valid */
if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
db_y2k = 1;
else
db_y2k = 0;
ASN1_TIME *exp_date = NULL;
if (db_y2k == a_y2k) {
/* all on the same y2k side */
if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
exp_date = ASN1_TIME_new();
if (exp_date == NULL) {
ASN1_TIME_free(a_tm);
return -1;
}
if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) {
ASN1_TIME_free(a_tm);
ASN1_TIME_free(exp_date);
return -1;
}
if (ASN1_TIME_compare(exp_date, a_tm) <= 0) {
rrow[DB_type][0] = DB_TYPE_EXP;
rrow[DB_type][1] = '\0';
cnt++;
BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
}
} else if (db_y2k < a_y2k) {
rrow[DB_type][0] = DB_TYPE_EXP;
rrow[DB_type][1] = '\0';
cnt++;
BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
}
ASN1_TIME_free(exp_date);
}
}
ASN1_UTCTIME_free(a_tm);
OPENSSL_free(a_tm_s);
ASN1_TIME_free(a_tm);
return cnt;
}

0
crypto/aes/asm/aes-armv4.pl Executable file → Normal file
View File

0
crypto/aes/asm/aes-c64xplus.pl Executable file → Normal file
View File

0
crypto/aes/asm/aes-mips.pl Executable file → Normal file
View File

0
crypto/aes/asm/aes-parisc.pl Executable file → Normal file
View File

0
crypto/aes/asm/aes-ppc.pl Executable file → Normal file
View File

0
crypto/aes/asm/aes-s390x.pl Executable file → Normal file
View File

0
crypto/aes/asm/aesfx-sparcv9.pl Executable file → Normal file
View File

0
crypto/aes/asm/aesni-mb-x86_64.pl Executable file → Normal file
View File

0
crypto/aes/asm/aesni-sha1-x86_64.pl Executable file → Normal file
View File

0
crypto/aes/asm/aesni-sha256-x86_64.pl Executable file → Normal file
View File

0
crypto/aes/asm/aesni-x86.pl Executable file → Normal file
View File

0
crypto/aes/asm/aesni-x86_64.pl Executable file → Normal file
View File

0
crypto/aes/asm/aest4-sparcv9.pl Executable file → Normal file
View File

0
crypto/aes/asm/bsaes-armv7.pl Executable file → Normal file
View File

0
crypto/aes/asm/vpaes-ppc.pl Executable file → Normal file
View File

0
crypto/aes/asm/vpaes-x86.pl Executable file → Normal file
View File

0
crypto/aes/asm/vpaes-x86_64.pl Executable file → Normal file
View File

View File

@ -1,5 +1,5 @@
/*
* Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -69,6 +69,23 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# endif
# if defined(__FreeBSD__)
# include <sys/param.h>
# if __FreeBSD_version >= 1200000
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
static unsigned long getauxval(unsigned long key)
{
unsigned long val = 0ul;
if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
return 0ul;
return val;
}
# endif
# endif
/*
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas

0
crypto/armv4cpuid.pl Executable file → Normal file
View File

View File

@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/asn1/charmap.pl
*
* Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

0
crypto/bn/asm/armv4-gf2m.pl Executable file → Normal file
View File

0
crypto/bn/asm/armv4-mont.pl Executable file → Normal file
View File

0
crypto/bn/asm/c64xplus-gf2m.pl Executable file → Normal file
View File

0
crypto/bn/asm/ia64-mont.pl Executable file → Normal file
View File

0
crypto/bn/asm/mips-mont.pl Executable file → Normal file
View File

0
crypto/bn/asm/mips.pl Executable file → Normal file
View File

0
crypto/bn/asm/parisc-mont.pl Executable file → Normal file
View File

0
crypto/bn/asm/ppc-mont.pl Executable file → Normal file
View File

0
crypto/bn/asm/ppc64-mont.pl Executable file → Normal file
View File

0
crypto/bn/asm/s390x-gf2m.pl Executable file → Normal file
View File

0
crypto/bn/asm/s390x-mont.pl Executable file → Normal file
View File

0
crypto/bn/asm/s390x.S Executable file → Normal file
View File

0
crypto/bn/asm/sparcv9-gf2m.pl Executable file → Normal file
View File

0
crypto/bn/asm/sparcv9-mont.pl Executable file → Normal file
View File

0
crypto/bn/asm/via-mont.pl Executable file → Normal file
View File

0
crypto/bn/asm/vis3-mont.pl Executable file → Normal file
View File

0
crypto/bn/asm/x86-gf2m.pl Executable file → Normal file
View File

0
crypto/bn/asm/x86_64-gf2m.pl Executable file → Normal file
View File

0
crypto/bn/bn_const.c Executable file → Normal file
View File

View File

@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/bn/bn_prime.pl
*
* Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

0
crypto/c64xpluscpuid.pl Executable file → Normal file
View File

0
crypto/camellia/asm/cmll-x86.pl Executable file → Normal file
View File

0
crypto/camellia/asm/cmll-x86_64.pl Executable file → Normal file
View File

0
crypto/camellia/asm/cmllt4-sparcv9.pl Executable file → Normal file
View File

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -185,6 +185,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
BUF_MEM *buff = NULL;
char *s, *p, *end;
int again;
int first_call = 1;
long eline = 0;
char btmp[DECIMAL_SIZE(eline) + 1];
CONF_VALUE *v = NULL, *tv;
@ -233,6 +234,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
BIO_gets(in, p, CONFBUFSIZE - 1);
p[CONFBUFSIZE - 1] = '\0';
ii = i = strlen(p);
if (first_call) {
/* Other BOMs imply unsupported multibyte encoding,
* so don't strip them and let the error raise */
const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF};
if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) {
memmove(p, p + 3, i - 3);
p[i - 3] = 0;
i -= 3;
ii -= 3;
}
first_call = 0;
}
if (i == 0 && !again) {
/* the currently processed BIO is at EOF */
BIO *parent;

View File

@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/conf/keysets.pl
*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at

0
crypto/des/asm/dest4-sparcv9.pl Executable file → Normal file
View File

View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -25,18 +25,45 @@ int DH_generate_key(DH *dh)
return dh->meth->generate_key(dh);
}
/*-
* NB: This function is inherently not constant time due to the
* RFC 5246 (8.1.2) padding style that strips leading zero bytes.
*/
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
return dh->meth->compute_key(key, pub_key, dh);
int ret = 0, i;
volatile size_t npad = 0, mask = 1;
/* compute the key; ret is constant unless compute_key is external */
if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
return ret;
/* count leading zero bytes, yet still touch all bytes */
for (i = 0; i < ret; i++) {
mask &= !key[i];
npad += mask;
}
/* unpad key */
ret -= npad;
/* key-dependent memory access, potentially leaking npad / ret */
memmove(key, key + npad, ret);
/* key-dependent memory access, potentially leaking npad / ret */
memset(key + ret, 0, npad);
return ret;
}
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
/* rv is constant unless compute_key is external */
rv = dh->meth->compute_key(key, pub_key, dh);
if (rv <= 0)
return rv;
pad = BN_num_bytes(dh->p) - rv;
/* pad is constant (zero) unless compute_key is external */
if (pad > 0) {
memmove(key + pad, key, rv);
memset(key, 0, pad);
@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
ret = BN_bn2bin(tmp, key);
ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);

0
crypto/ec/asm/ecp_nistz256-armv8.pl Executable file → Normal file
View File

View File

@ -1,4 +1,4 @@
# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -2283,6 +2283,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
operation not supported for this keytype
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\

View File

@ -8,6 +8,7 @@
*/
#include <stdio.h>
#include <limits.h>
#include <assert.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
} else {
j = bl - i;
/*
* Once we've processed the first j bytes from in, the amount of
* data left that is a multiple of the block length is:
* (inl - j) & ~(bl - 1)
* We must ensure that this amount of data, plus the one block that
* we process from ctx->buf does not exceed INT_MAX
*/
if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
EVP_R_OUTPUT_WOULD_OVERFLOW);
return 0;
}
memcpy(&(ctx->buf[i]), in, j);
inl -= j;
in += j;
@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
/*
* final_used is only ever set if buf_len is 0. Therefore the maximum
* length output we will ever see from evp_EncryptDecryptUpdate is
* the maximum multiple of the block length that is <= inl, or just:
* inl & ~(b - 1)
* Since final_used has been set then the final output length is:
* (inl & ~(b - 1)) + b
* This must never exceed INT_MAX
*/
if ((inl & ~(b - 1)) > INT_MAX - b) {
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
return 0;
}
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;

View File

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
"operaton not initialized"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
"output would overflow"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},

0
crypto/md5/asm/md5-sparcv9.pl Executable file → Normal file
View File

View File

@ -34,6 +34,12 @@
# include <errno.h>
# endif
# endif
# if defined(__FreeBSD__)
# define MADV_DONTDUMP MADV_NOCORE
# endif
# if !defined(MAP_CONCEAL)
# define MAP_CONCEAL 0
# endif
# include <sys/param.h>
# include <sys/stat.h>
# include <fcntl.h>
@ -442,7 +448,7 @@ static int sh_init(size_t size, int minsize)
if (1) {
#ifdef MAP_ANON
sh.map_result = mmap(NULL, sh.map_size,
PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
} else {
#endif
int fd;

0
crypto/modes/asm/aesni-gcm-x86_64.pl Executable file → Normal file
View File

0
crypto/modes/asm/ghash-armv4.pl Executable file → Normal file
View File

0
crypto/modes/asm/ghash-c64xplus.pl Executable file → Normal file
View File

0
crypto/modes/asm/ghash-parisc.pl Executable file → Normal file
View File

0
crypto/modes/asm/ghash-s390x.pl Executable file → Normal file
View File

0
crypto/modes/asm/ghash-sparcv9.pl Executable file → Normal file
View File

0
crypto/modes/asm/ghash-x86.pl Executable file → Normal file
View File

0
crypto/modes/asm/ghash-x86_64.pl Executable file → Normal file
View File

0
crypto/modes/asm/ghashv8-armx.pl Executable file → Normal file
View File

View File

@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/objects/obj_dat.pl
*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at

View File

@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by objxref.pl
*
* Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy

0
crypto/objects/objxref.pl Executable file → Normal file
View File

0
crypto/ocsp/ocsp_cl.c Executable file → Normal file
View File

0
crypto/ocsp/ocsp_ext.c Executable file → Normal file
View File

0
crypto/ocsp/ocsp_lib.c Executable file → Normal file
View File

0
crypto/ocsp/ocsp_srv.c Executable file → Normal file
View File

0
crypto/pariscid.pl Executable file → Normal file
View File

0
crypto/perlasm/sparcv9_modes.pl Executable file → Normal file
View File

0
crypto/perlasm/x86gas.pl Executable file → Normal file
View File

0
crypto/perlasm/x86masm.pl Executable file → Normal file
View File

View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -133,10 +133,10 @@ poly1305_init:
# ifdef __thumb2__
itete eq
# endif
addeq r12,r11,#(poly1305_emit-.Lpoly1305_init)
addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init)
addeq r11,r11,#(poly1305_blocks-.Lpoly1305_init)
addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init)
addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init)
addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init)
addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init)
addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init)
# endif
# ifdef __thumb2__
orr r12,r12,#1 @ thumb-ify address
@ -352,6 +352,7 @@ $code.=<<___;
.type poly1305_emit,%function
.align 5
poly1305_emit:
.Lpoly1305_emit:
stmdb sp!,{r4-r11}
.Lpoly1305_emit_enter:
@ -671,6 +672,7 @@ poly1305_init_neon:
.type poly1305_blocks_neon,%function
.align 5
poly1305_blocks_neon:
.Lpoly1305_blocks_neon:
ldr ip,[$ctx,#36] @ is_base2_26
ands $len,$len,#-16
beq .Lno_data_neon
@ -1157,6 +1159,7 @@ poly1305_blocks_neon:
.type poly1305_emit_neon,%function
.align 5
poly1305_emit_neon:
.Lpoly1305_emit_neon:
ldr ip,[$ctx,#36] @ is_base2_26
stmdb sp!,{r4-r11}

View File

@ -1,5 +1,5 @@
/*
* Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -214,6 +214,24 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
# endif
#endif
#if defined(__FreeBSD__)
# include <sys/param.h>
# if __FreeBSD_version >= 1200000
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
static unsigned long getauxval(unsigned long key)
{
unsigned long val = 0ul;
if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
return 0ul;
return val;
}
# endif
#endif
/* I wish <sys/auxv.h> was universally available */
#define HWCAP 16 /* AT_HWCAP */
#define HWCAP_PPC64 (1U << 30)

0
crypto/rc4/asm/rc4-c64xplus.pl Executable file → Normal file
View File

0
crypto/rc4/asm/rc4-md5-x86_64.pl Executable file → Normal file
View File

0
crypto/rc4/asm/rc4-parisc.pl Executable file → Normal file
View File

0
crypto/rc4/asm/rc4-s390x.pl Executable file → Normal file
View File

View File

@ -55,7 +55,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
/*
* Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
* if nul delimiter is not preceded by 8 consecutive 0x03 bytes. It also
* if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also
* preserves error code reporting for backward compatibility.
*/
int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
@ -122,7 +122,13 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
RSA_R_NULL_BEFORE_BLOCK_MISSING);
mask = ~good;
good &= constant_time_ge(threes_in_row, 8);
/*
* Reject if nul delimiter is preceded by 8 consecutive 0x03 bytes. Note
* that RFC5246 incorrectly states this the other way around, i.e. reject
* if it is not preceded by 8 consecutive 0x03 bytes. However this is
* corrected in subsequent errata for that RFC.
*/
good &= constant_time_lt(threes_in_row, 8);
err = constant_time_select_int(mask | good, err,
RSA_R_SSLV3_ROLLBACK_ATTACK);
mask = ~good;

0
crypto/sha/asm/sha1-armv4-large.pl Executable file → Normal file
View File

0
crypto/sha/asm/sha1-armv8.pl Executable file → Normal file
View File

0
crypto/sha/asm/sha1-c64xplus.pl Executable file → Normal file
View File

0
crypto/sha/asm/sha1-mb-x86_64.pl Executable file → Normal file
View File

0
crypto/sha/asm/sha1-mips.pl Executable file → Normal file
View File

0
crypto/sha/asm/sha1-parisc.pl Executable file → Normal file
View File

0
crypto/sha/asm/sha1-s390x.pl Executable file → Normal file
View File

0
crypto/sha/asm/sha1-sparcv9.pl Executable file → Normal file
View File

0
crypto/sha/asm/sha1-sparcv9a.pl Executable file → Normal file
View File

0
crypto/sha/asm/sha1-thumb.pl Executable file → Normal file
View File

0
crypto/sha/asm/sha256-586.pl Executable file → Normal file
View File

Some files were not shown because too many files have changed in this diff Show More