Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security fixes: 

*) Prevent padding oracle in AES-NI CBC MAC check

     A MITM attacker can use a padding oracle attack to decrypt traffic
     when the connection uses an AES CBC cipher and the server support
     AES-NI.

     This issue was introduced as part of the fix for Lucky 13 padding
     attack (CVE-2013-0169). The padding check was rewritten to be in
     constant time by making sure that always the same bytes are read and
     compared against either the MAC or padding bytes. But it no longer
     checked that there was enough data to have both the MAC and padding
     bytes.

     This issue was reported by Juraj Somorovsky using TLS-Attacker.
     (CVE-2016-2107)
     [Kurt Roeckx]

  *) Fix EVP_EncodeUpdate overflow

     An overflow can occur in the EVP_EncodeUpdate() function which is used for
     Base64 encoding of binary data. If an attacker is able to supply very large
     amounts of input data then a length check can overflow resulting in a heap
     corruption.

     Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
     the PEM_write_bio* family of functions. These are mainly used within the
     OpenSSL command line applications, so any application which processes data
     from an untrusted source and outputs it as a PEM file should be considered
     vulnerable to this issue. User applications that call these APIs directly
     with large amounts of untrusted data may also be vulnerable.

     This issue was reported by Guido Vranken.
     (CVE-2016-2105)
     [Matt Caswell]

  *) Fix EVP_EncryptUpdate overflow

     An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
     is able to supply very large amounts of input data after a previous call to
     EVP_EncryptUpdate() with a partial block then a length check can overflow
     resulting in a heap corruption. Following an analysis of all OpenSSL
     internal usage of the EVP_EncryptUpdate() function all usage is one of two
     forms. The first form is where the EVP_EncryptUpdate() call is known to be
     the first called function after an EVP_EncryptInit(), and therefore that
     specific call must be safe. The second form is where the length passed to
     EVP_EncryptUpdate() can be seen from the code to be some small value and
     therefore there is no possibility of an overflow. Since all instances are
     one of these two forms, it is believed that there can be no overflows in
     internal code due to this problem. It should be noted that
     EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
     Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
     of these calls have also been analysed too and it is believed there are no
     instances in internal usage where an overflow could occur.

     This issue was reported by Guido Vranken.
     (CVE-2016-2106)
     [Matt Caswell]

  *) Prevent ASN.1 BIO excessive memory allocation

     When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
     a short invalid encoding can casuse allocation of large amounts of memory
     potentially consuming excessive resources or exhausting memory.

     Any application parsing untrusted data through d2i BIO functions is
     affected. The memory based functions such as d2i_X509() are *not* affected.
     Since the memory based functions are used by the TLS library, TLS
     applications are not affected.

     This issue was reported by Brian Carpenter.
     (CVE-2016-2109)
     [Stephen Henson]

  *) EBCDIC overread

     ASN1 Strings that are over 1024 bytes can cause an overread in applications
     using the X509_NAME_oneline() function on EBCDIC systems. This could result
     in arbitrary stack data being returned in the buffer.

     This issue was reported by Guido Vranken.
     (CVE-2016-2176)
     [Matt Caswell]

  *) Modify behavior of ALPN to invoke callback after SNI/servername
     callback, such that updates to the SSL_CTX affect ALPN.
     [Todd Short]

  *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
     default.
     [Kurt Roeckx]

  *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
     methods are enabled and ssl2 is disabled the methods return NULL.
     [Kurt Roeckx]
This commit is contained in:
christos 2016-05-03 17:10:26 +00:00
parent 404b1d0271
commit 43fd2ac1eb
25 changed files with 341 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/external/bsd/openssl/dist/apps/pkcs7.c vendored
View File

@ -235,12 +235,16 @@ int MAIN(int argc, char **argv)
i = OBJ_obj2nid(p7->type);
switch (i) {
case NID_pkcs7_signed:
if (p7->d.sign != NULL) {
certs = p7->d.sign->cert;
crls = p7->d.sign->crl;
}
break;
case NID_pkcs7_signedAndEnveloped:
if (p7->d.signed_and_enveloped != NULL) {
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
}
break;
default:
break;

4
crypto/external/bsd/openssl/dist/crypto/asn1/a_bytes.c vendored
View File

@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
} else {
if (len != 0) {
if ((ret->length < len) || (ret->data == NULL)) {
if (ret->data != NULL)
OPENSSL_free(ret->data);
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL) {
i = ERR_R_MALLOC_FAILURE;
goto err;
}
if (ret->data != NULL)
OPENSSL_free(ret->data);
} else
s = ret->data;
memcpy(s, p, (int)len);

18
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_lib.c vendored
View File

@ -63,7 +63,7 @@
#include <openssl/asn1_mac.h>
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
int max);
long max);
static void asn1_put_length(unsigned char **pp, int length);
const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
}
*ptag = tag;
*pclass = xclass;
if (!asn1_get_length(&p, &inf, plength, (int)max))
if (!asn1_get_length(&p, &inf, plength, max))
goto err;
if (inf && !(ret & V_ASN1_CONSTRUCTED))
@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
}
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
int max)
long max)
{
const unsigned char *p = *pp;
unsigned long ret = 0;
unsigned int i;
unsigned long i;
if (max-- < 1)
return (0);
return 0;
if (*p == 0x80) {
*inf = 1;
ret = 0;
@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
*inf = 0;
i = *p & 0x7f;
if (*(p++) & 0x80) {
if (i > sizeof(long))
if (i > sizeof(ret) || max < (long)i)
return 0;
if (max-- == 0)
return (0);
while (i-- > 0) {
ret <<= 8L;
ret |= *(p++);
if (max-- == 0)
return (0);
}
} else
ret = i;
@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
return 0;
*pp = p;
*rl = (long)ret;
return (1);
return 1;
}
/*

17
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c vendored
View File

@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
goto end;
if (j & V_ASN1_CONSTRUCTED) {
const unsigned char *sp;
ep = p + len;
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
goto end;
}
if ((j == 0x21) && (len == 0)) {
sp = p;
for (;;) {
r = asn1_parse2(bp, &p, (long)(tot - p),
offset + (p - *pp), depth + 1,
@ -190,18 +193,24 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
ret = 0;
goto end;
}
if ((r == 2) || (p >= tot))
if ((r == 2) || (p >= tot)) {
len = p - sp;
break;
}
} else
}
} else {
long tmp = len;
while (p < ep) {
r = asn1_parse2(bp, &p, (long)len,
offset + (p - *pp), depth + 1,
sp = p;
r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
indent, dump);
if (r == 0) {
ret = 0;
goto end;
}
tmp -= p - sp;
}
}
} else if (xclass != 0) {
p += len;

3
crypto/external/bsd/openssl/dist/crypto/asn1/t_x509.c vendored
View File

@ -140,7 +140,8 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
goto err;
bs = X509_get_serialNumber(x);
if (bs->length <= (int)sizeof(long)) {
if (bs->length < (int)sizeof(long)
|| (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {
l = ASN1_INTEGER_get(bs);
if (bs->type == V_ASN1_NEG_INTEGER) {
l = -l;

11
crypto/external/bsd/openssl/dist/crypto/asn1/x_name.c vendored
View File

@ -66,6 +66,13 @@
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
/*
* Maximum length of X509_NAME: much larger than anything we should
* ever see in practice.
*/
#define X509_NAME_MAX (1024 * 1024)
static int x509_name_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
if (len > X509_NAME_MAX) {
ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
return 0;
}
q = p;
/* Get internal representation of Name */

16
crypto/external/bsd/openssl/dist/crypto/asn1/x_x509.c vendored
View File

@ -201,9 +201,19 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
int i2d_X509_AUX(X509 *a, unsigned char **pp)
{
int length;
int length, tmplen;
unsigned char *start = pp != NULL ? *pp : NULL;
length = i2d_X509(a, pp);
if (a)
length += i2d_X509_CERT_AUX(a->aux, pp);
if (length < 0 || a == NULL)
return length;
tmplen = i2d_X509_CERT_AUX(a->aux, pp);
if (tmplen < 0) {
if (start != NULL)
*pp = start;
return tmplen;
}
length += tmplen;
return length;
}

15
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86-mont.pl vendored
View File

@ -85,6 +85,21 @@ $frame=32; # size of above frame rounded up to 16n
&and ("esp",-64); # align to cache line
# Some OSes, *cough*-dows, insist on stack being "wired" to
# physical memory in strictly sequential manner, i.e. if stack
# allocation spans two pages, then reference to farmost one can
# be punishable by SEGV. But page walking can do good even on
# other OSes, because it guarantees that villain thread hits
# the guard page before it can make damage to innocent one...
&mov ("eax","ebp");
&sub ("eax","esp");
&and ("eax",-4096);
&set_label("page_walk");
&mov ("edx",&DWP(0,"esp","eax"));
&sub ("eax",4096);
&data_byte(0x2e);
&jnc (&label("page_walk"));
################################# load argument block...
&mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
&mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap

40
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont.pl vendored
View File

@ -91,6 +91,20 @@ bn_mul_mont:
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul_body:
# Some OSes, *cough*-dows, insist on stack being "wired" to
# physical memory in strictly sequential manner, i.e. if stack
# allocation spans two pages, then reference to farmost one can
# be punishable by SEGV. But page walking can do good even on
# other OSes, because it guarantees that villain thread hits
# the guard page before it can make damage to innocent one...
sub %rsp,%r11
and \$-4096,%r11
.Lmul_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x66,0x2e # predict non-taken
jnc .Lmul_page_walk
mov $bp,%r12 # reassign $bp
___
$bp="%r12";
@ -296,6 +310,14 @@ bn_mul4x_mont:
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul4x_body:
sub %rsp,%r11
and \$-4096,%r11
.Lmul4x_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x2e # predict non-taken
jnc .Lmul4x_page_walk
mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
mov %rdx,%r12 # reassign $bp
___
@ -707,6 +729,7 @@ $code.=<<___;
.align 16
bn_sqr4x_mont:
.Lsqr4x_enter:
mov %rsp,%rax
push %rbx
push %rbp
push %r12
@ -715,12 +738,23 @@ bn_sqr4x_mont:
push %r15
shl \$3,${num}d # convert $num to bytes
xor %r10,%r10
mov %rsp,%r11 # put aside %rsp
sub $num,%r10 # -$num
neg $num # -$num
mov ($n0),$n0 # *n0
lea -72(%rsp,%r10,2),%rsp # alloca(frame+2*$num)
lea -72(%rsp,$num,2),%rsp # alloca(frame+2*$num)
and \$-1024,%rsp # minimize TLB usage
sub %rsp,%r11
and \$-4096,%r11
.Lsqr4x_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x2e # predict non-taken
jnc .Lsqr4x_page_walk
mov $num,%r10
neg $num # restore $num
lea -48(%rax),%r11 # restore saved %rsp
##############################################################
# Stack layout
#

22
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl vendored
View File

@ -84,6 +84,20 @@ bn_mul_mont_gather5:
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul_body:
# Some OSes, *cough*-dows, insist on stack being "wired" to
# physical memory in strictly sequential manner, i.e. if stack
# allocation spans two pages, then reference to farmost one can
# be punishable by SEGV. But page walking can do good even on
# other OSes, because it guarantees that villain thread hits
# the guard page before it can make damage to innocent one...
sub %rsp,%rax
and \$-4096,%rax
.Lmul_page_walk:
mov (%rsp,%rax),%r11
sub \$4096,%rax
.byte 0x2e # predict non-taken
jnc .Lmul_page_walk
lea 128($bp),%r12 # reassign $bp (+size optimization)
___
$bp="%r12";
@ -407,6 +421,14 @@ bn_mul4x_mont_gather5:
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul4x_body:
sub %rsp,%rax
and \$-4096,%rax
.Lmul4x_page_walk:
mov (%rsp,%rax),%r11
sub \$4096,%rax
.byte 0x2e # predict non-taken
jnc .Lmul4x_page_walk
mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
lea 128(%rdx),%r12 # reassign $bp (+size optimization)
___

4
crypto/external/bsd/openssl/dist/crypto/comp/comp.h vendored
View File

@ -4,6 +4,10 @@
# include <openssl/crypto.h>
# ifdef OPENSSL_NO_COMP
# error COMP is disabled.
# endif
#ifdef __cplusplus
extern "C" {
#endif

4
crypto/external/bsd/openssl/dist/crypto/evp/digest.c vendored
View File

@ -200,8 +200,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
}
#endif
if (ctx->digest != type) {
if (ctx->digest && ctx->digest->ctx_size)
if (ctx->digest && ctx->digest->ctx_size) {
OPENSSL_free(ctx->md_data);
ctx->md_data = NULL;
}
ctx->digest = type;
if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
ctx->update = type->update;

3
crypto/external/bsd/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c vendored
View File

@ -59,6 +59,7 @@
# include <openssl/aes.h>
# include <openssl/sha.h>
# include "evp_locl.h"
# include "constant_time_locl.h"
# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
@ -286,6 +287,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
ret &= constant_time_ge(maxpad, pad);
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;

12
crypto/external/bsd/openssl/dist/crypto/evp/encode.c vendored
View File

@ -57,6 +57,7 @@
*/
#include <stdio.h>
#include <limits.h>
#include "cryptlib.h"
#include <openssl/evp.h>
@ -151,13 +152,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int i, j;
unsigned int total = 0;
size_t total = 0;
*outl = 0;
if (inl <= 0)
return;
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
if ((ctx->num + inl) < ctx->length) {
if (ctx->length - ctx->num > inl) {
memcpy(&(ctx->enc_data[ctx->num]), in, inl);
ctx->num += inl;
return;
@ -174,7 +175,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
*out = '\0';
total = j + 1;
}
while (inl >= ctx->length) {
while (inl >= ctx->length && total <= INT_MAX) {
j = EVP_EncodeBlock(out, in, ctx->length);
in += ctx->length;
inl -= ctx->length;
@ -183,6 +184,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
*out = '\0';
total += j + 1;
}
if (total > INT_MAX) {
/* Too much output data! */
*outl = 0;
return;
}
if (inl != 0)
memcpy(&(ctx->enc_data[0]), in, inl);
ctx->num = inl;

2
crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c vendored
View File

@ -344,7 +344,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
if (enc != NULL) {
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
if (objstr == NULL) {
if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
goto err;
}

7
crypto/external/bsd/openssl/dist/crypto/pem/pvkfmt.c vendored
View File

@ -131,6 +131,10 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
# define MS_PVKMAGIC 0xb0b5f11eL
/* Salt length for PVK files */
# define PVK_SALTLEN 0x10
/* Maximum length in PVK header */
# define PVK_MAX_KEYLEN 102400
/* Maximum salt length */
# define PVK_MAX_SALTLEN 10240
static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
unsigned int bitlen, int ispub);
@ -644,6 +648,9 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
*psaltlen = read_ledword(&p);
*pkeylen = read_ledword(&p);
if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
return 0;
if (is_encrypted && !*psaltlen) {
PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
return 0;

1
crypto/external/bsd/openssl/dist/crypto/x509/x509.h vendored
View File

@ -1281,6 +1281,7 @@ void ERR_load_X509_strings(void);
# define X509_R_LOADING_CERT_DIR 103
# define X509_R_LOADING_DEFAULTS 104
# define X509_R_METHOD_NOT_SUPPORTED 124
# define X509_R_NAME_TOO_LONG 134
# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
# define X509_R_PUBLIC_KEY_DECODE_ERROR 125
# define X509_R_PUBLIC_KEY_ENCODE_ERROR 126

1
crypto/external/bsd/openssl/dist/crypto/x509/x509_err.c vendored
View File

@ -145,6 +145,7 @@ static ERR_STRING_DATA X509_str_reasons[] = {
{ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
{ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
{ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
"no cert set for us to verify"},
{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"},

24
crypto/external/bsd/openssl/dist/crypto/x509/x509_obj.c vendored
View File

@ -63,6 +63,13 @@
#include <openssl/x509.h>
#include <openssl/buffer.h>
/*
* Limit to ensure we don't overflow: much greater than
* anything enountered in practice.
*/
#define NAME_ONELINE_MAX (1024 * 1024)
char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
{
X509_NAME_ENTRY *ne;
@ -86,6 +93,8 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
goto err;
b->data[0] = '\0';
len = 200;
} else if (len == 0) {
return NULL;
}
if (a == NULL) {
if (b) {
@ -110,6 +119,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
type = ne->value->type;
num = ne->value->length;
if (num > NAME_ONELINE_MAX) {
X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
goto end;
}
q = ne->value->data;
#ifdef CHARSET_EBCDIC
if (type == V_ASN1_GENERALSTRING ||
@ -117,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
type == V_ASN1_PRINTABLESTRING ||
type == V_ASN1_TELETEXSTRING ||
type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
? sizeof ebcdic_buf : num);
if (num > (int)sizeof(ebcdic_buf))
num = sizeof(ebcdic_buf);
ascii2ebcdic(ebcdic_buf, q, num);
q = ebcdic_buf;
}
#endif
@ -154,6 +168,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
lold = l;
l += 1 + l1 + 1 + l2;
if (l > NAME_ONELINE_MAX) {
X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
goto end;
}
if (b != NULL) {
if (!BUF_MEM_grow(b, l + 1))
goto err;
@ -206,7 +224,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
return (p);
err:
X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
if (b != NULL)
end:
BUF_MEM_free(b);
return (NULL);
}

2
crypto/external/bsd/openssl/dist/doc/apps/ciphers.pod vendored
View File

@ -107,7 +107,7 @@ The following is a list of all permitted cipher strings and their meanings.
The default cipher list.
This is determined at compile time and is normally
B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>.
B<ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2>.
When used, this must be the first cipherstring specified.
=item B<COMPLEMENTOFDEFAULT>

127
crypto/external/bsd/openssl/dist/doc/crypto/EVP_EncodeInit.pod vendored Normal file
View File

@ -0,0 +1,127 @@
=pod
=head1 NAME
EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock,
EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64
encode/decode routines
=head1 SYNOPSIS
#include <openssl/evp.h>
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl);
void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl);
int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
char *out, int *outl);
int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
=head1 DESCRIPTION
The EVP encode routines provide a high level interface to base 64 encoding and
decoding. Base 64 encoding converts binary data into a printable form that uses
the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3
bytes of binary data provided 4 bytes of base 64 encoded data will be produced
plus some occasional newlines (see below). If the input data length is not a
multiple of 3 then the output data will be padded at the end using the "="
character.
Encoding of binary data is performed in blocks of 48 input bytes (or less for
the final block). For each 48 byte input block encoded 64 bytes of base 64 data
is output plus an additional newline character (i.e. 65 bytes in total). The
final block (which may be less than 48 bytes) will output 4 bytes for every 3
bytes of input. If the data length is not divisible by 3 then a full 4 bytes is
still output for the final 1 or 2 bytes of input. Similarly a newline character
will also be output.
EVP_EncodeInit() initialises B<ctx> for the start of a new encoding operation.
EVP_EncodeUpdate() encode B<inl> bytes of data found in the buffer pointed to by
B<in>. The output is stored in the buffer B<out> and the number of bytes output
is stored in B<*outl>. It is the caller's responsibility to ensure that the
buffer at B<out> is sufficiently large to accommodate the output data. Only full
blocks of data (48 bytes) will be immediately processed and output by this
function. Any remainder is held in the B<ctx> object and will be processed by a
subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the
required size of the output buffer add together the value of B<inl> with the
amount of unprocessed data held in B<ctx> and divide the result by 48 (ignore
any remainder). This gives the number of blocks of data that will be processed.
Ensure the output buffer contains 65 bytes of storage for each block, plus an
additional byte for a NUL terminator. EVP_EncodeUpdate() may be called
repeatedly to process large amounts of input data. In the event of an error
EVP_EncodeUpdate() will set B<*outl> to 0.
EVP_EncodeFinal() must be called at the end of an encoding operation. It will
process any partial block of data remaining in the B<ctx> object. The output
data will be stored in B<out> and the length of the data written will be stored
in B<*outl>. It is the caller's responsibility to ensure that B<out> is
sufficiently large to accommodate the output data which will never be more than
65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
EVP_EncodeBlock() encodes a full block of input data in B<f> and of length
B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
output data will be produced. If B<dlen> is not divisible by 3 then the block is
encoded as a final block of data and the output is padded such that it is always
divisible by 4. Additionally a NUL terminator character will be added. For
example if 16 bytes of input data is provided then 24 bytes of encoded data is
created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of
the data generated I<without> the NUL terminator is returned from the function.
EVP_DecodeInit() initialises B<ctx> for the start of a new decoding operation.
EVP_DecodeUpdate() decodes B<inl> characters of data found in the buffer pointed
to by B<in>. The output is stored in the buffer B<out> and the number of bytes
output is stored in B<*outl>. It is the caller's responsibility to ensure that
the buffer at B<out> is sufficiently large to accommodate the output data. This
function will attempt to decode as much data as possible in 4 byte chunks. Any
whitespace, newline or carriage return characters are ignored. Any partial chunk
of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in
the B<ctx> object and processed by a subsequent call to EVP_DecodeUpdate(). If
any illegal base 64 characters are encountered or if the base 64 padding
character "=" is encountered in the middle of the data then the function returns
-1 to indicate an error. A return value of 0 or 1 indicates successful
processing of the data. A return value of 0 additionally indicates that the last
input data characters processed included the base 64 padding character "=" and
therefore no more non-padding character data is expected to be processed. For
every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and
line feeds), 3 bytes of binary output data will be produced (or less at the end
of the data where the padding character "=" has been used).
EVP_DecodeFinal() must be called at the end of a decoding operation. If there
is any unprocessed data still in B<ctx> then the input data must not have been
a multiple of 4 and therefore an error has occurred. The function will return -1
in this case. Otherwise the function returns 1 on success.
EVP_DecodeBlock() will decode the block of B<n> characters of base 64 data
contained in B<f> and store the result in B<t>. Any leading whitespace will be
trimmed as will any trailing whitespace, newlines, carriage returns or EOF
characters. After such trimming the length of the data in B<f> must be divisbile
by 4. For every 4 input bytes exactly 3 output bytes will be produced. The
output will be padded with 0 bits if necessary to ensure that the output is
always 3 bytes for every 4 input bytes. This function will return the length of
the data decoded or -1 on error.
=head1 RETURN VALUES
EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL
terminator.
EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned
then no more non-padding base 64 characters are expected.
EVP_DecodeFinal() returns -1 on error or 1 on success.
EVP_DecodeBlock() returns the length of the data decoded or -1 on error.
=head1 SEE ALSO
L<evp(3)>
=cut

5
crypto/external/bsd/openssl/dist/doc/crypto/evp.pod vendored
View File

@ -25,6 +25,10 @@ functions. The B<EVP_Digest>I<...> functions provide message digests.
The B<EVP_PKEY>I<...> functions provide a high level interface to
asymmetric algorithms.
The L<B<EVP_Encode>I<...>|EVP_EncodeInit(3)> and
L<B<EVP_Decode>I<...>|EVP_EncodeInit(3)> functions implement base 64 encoding
and decoding.
Algorithms are loaded with OpenSSL_add_all_algorithms(3).
All the symmetric algorithms (ciphers), digests and asymmetric algorithms
@ -49,6 +53,7 @@ L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
L<EVP_SealInit(3)|EVP_SealInit(3)>,
L<EVP_SignInit(3)|EVP_SignInit(3)>,
L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
L<EVP_EncodeInit(3)>,
L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
L<engine(3)|engine(3)>

14
crypto/external/bsd/openssl/dist/ssl/s2_meth.c vendored
View File

@ -57,7 +57,8 @@
*/
#include "ssl_locl.h"
#ifndef OPENSSL_NO_SSL2
#ifndef OPENSSL_NO_SSL2_METHOD
# ifndef OPENSSL_NO_SSL2
# include <stdio.h>
# include <openssl/objects.h>
@ -72,7 +73,16 @@ static const SSL_METHOD *ssl2_get_method(int ver)
IMPLEMENT_ssl2_meth_func(SSLv2_method,
ssl2_accept, ssl2_connect, ssl2_get_method)
#else /* !OPENSSL_NO_SSL2 */
# else /* !OPENSSL_NO_SSL2 */
const SSL_METHOD *SSLv2_method(void) { return NULL; }
const SSL_METHOD *SSLv2_client_method(void) { return NULL; }
const SSL_METHOD *SSLv2_server_method(void) { return NULL; }
# endif
#else /* !OPENSSL_NO_SSL2_METHOD */
# if PEDANTIC
static void *dummy = &dummy;

8
crypto/external/bsd/openssl/dist/test/testfipsssl vendored
View File

@ -38,8 +38,12 @@ fi
echo test ssl3 is forbidden in FIPS mode
$ssltest -ssl3 $extra && exit 1
echo test ssl2 is forbidden in FIPS mode
$ssltest -ssl2 $extra && exit 1
if ../util/shlib_wrap.sh ../apps/openssl ciphers SSLv2 >/dev/null 2>&1; then
echo test ssl2 is forbidden in FIPS mode
$ssltest -ssl2 $extra && exit 1
else
echo ssl2 disabled: skipping test
fi
echo test tls1
$ssltest -tls1 $extra || exit 1

18
crypto/external/bsd/openssl/dist/util/libeay.num vendored
View File

@ -1065,8 +1065,8 @@ d2i_ASN1_BMPSTRING 1092 EXIST::FUNCTION:
i2d_ASN1_BMPSTRING 1093 EXIST::FUNCTION:
BIO_f_ber 1094 NOEXIST::FUNCTION:
BN_init 1095 EXIST::FUNCTION:
COMP_CTX_new 1096 EXIST::FUNCTION:
COMP_CTX_free 1097 EXIST::FUNCTION:
COMP_CTX_new 1096 EXIST::FUNCTION:COMP
COMP_CTX_free 1097 EXIST::FUNCTION:COMP
COMP_CTX_compress_block 1098 NOEXIST::FUNCTION:
COMP_CTX_expand_block 1099 NOEXIST::FUNCTION:
X509_STORE_CTX_get_ex_new_index 1100 EXIST::FUNCTION:
@ -1113,10 +1113,10 @@ PKCS7_digest_from_attributes 1140 EXIST::FUNCTION:
PKCS7_get_attribute 1141 EXIST::FUNCTION:
PKCS7_get_issuer_and_serial 1142 EXIST::FUNCTION:
PKCS7_get_signed_attribute 1143 EXIST::FUNCTION:
COMP_compress_block 1144 EXIST::FUNCTION:
COMP_expand_block 1145 EXIST::FUNCTION:
COMP_rle 1146 EXIST::FUNCTION:
COMP_zlib 1147 EXIST::FUNCTION:
COMP_compress_block 1144 EXIST::FUNCTION:COMP
COMP_expand_block 1145 EXIST::FUNCTION:COMP
COMP_rle 1146 EXIST::FUNCTION:COMP
COMP_zlib 1147 EXIST::FUNCTION:COMP
ms_time_diff 1148 NOEXIST::FUNCTION:
ms_time_new 1149 NOEXIST::FUNCTION:
ms_time_free 1150 NOEXIST::FUNCTION:
@ -1945,7 +1945,7 @@ ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE
ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE
BN_pseudo_rand_range 2523 EXIST::FUNCTION:
X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION:
ERR_load_COMP_strings 2525 EXIST::FUNCTION:
ERR_load_COMP_strings 2525 EXIST::FUNCTION:COMP
PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION:
ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@ -3545,8 +3545,8 @@ X509at_get0_data_by_OBJ 3931 EXIST::FUNCTION:
ASN1_TYPE_set1 3932 EXIST::FUNCTION:
ASN1_STRING_set0 3933 EXIST::FUNCTION:
i2d_X509_ALGORS 3934 EXIST::FUNCTION:
BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION:
COMP_zlib_cleanup 3936 EXIST::FUNCTION:
BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION:COMP
COMP_zlib_cleanup 3936 EXIST::FUNCTION:COMP
d2i_X509_ALGORS 3937 EXIST::FUNCTION:
CMS_ReceiptRequest_free 3938 EXIST::FUNCTION:CMS
PEM_write_CMS 3939 EXIST:!WIN16:FUNCTION:CMS