Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
*) Malformed ECParameters causes infinite loop
When processing an ECParameters structure OpenSSL enters an infinite loop
if the curve specified is over a specially malformed binary polynomial
field.
This can be used to perform denial of service against any
system which processes public keys, certificate requests or
certificates. This includes TLS clients and TLS servers with
client authentication enabled.
This issue was reported to OpenSSL by Joseph Barr-Pixton.
(CVE-2015-1788)
[Andy Polyakov]
*) Exploitable out-of-bounds read in X509_cmp_time
X509_cmp_time does not properly check the length of the ASN1_TIME
string and can read a few bytes out of bounds. In addition,
X509_cmp_time accepts an arbitrary number of fractional seconds in the
time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in
a DoS on applications that verify certificates or CRLs. TLS clients
that verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.
This issue was reported to OpenSSL by Robert Swiecki (Google), and
independently by Hanno Böck.
(CVE-2015-1789)
[Emilia Käsper]
*) PKCS7 crash with missing EnvelopedContent
The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.
This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-1790)
[Emilia Käsper]
*) CMS verify infinite loop with unknown hash function
When verifying a signedData message the CMS code can enter an infinite loop
if presented with an unknown hash function OID. This can be used to perform
denial of service against any system which verifies signedData messages using
the CMS code.
This issue was reported to OpenSSL by Johannes Bauer.
(CVE-2015-1792)
[Stephen Henson]
*) Race condition handling NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when attempting to
reuse a previous ticket then a race condition can occur potentially leading to
a double free of the ticket data.
(CVE-2015-1791)
[Matt Caswell]
*) Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]
This commit is contained in:
christos
parent
49e70f47cc
commit
9cae6e10c2
26
crypto/external/bsd/openssl/dist/Makefile.org
vendored
26
crypto/external/bsd/openssl/dist/Makefile.org
vendored
@ -184,7 +184,7 @@ WTARFILE= $(NAME)-win.tar
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
|
||||
all: Makefile build_all
|
||||
|
||||
# as we stick to -e, CLEARENV ensures that local variables in lower
|
||||
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
|
||||
@ -270,7 +270,10 @@ reflect:
|
||||
sub_all: build_all
|
||||
build_all: build_libs build_apps build_tests build_tools
|
||||
|
||||
build_libs: build_crypto build_ssl build_engines
|
||||
build_libs: build_libcrypto build_libssl openssl.pc
|
||||
|
||||
build_libcrypto: build_crypto build_engines libcrypto.pc
|
||||
build_libssl: build_ssl libssl.pc
|
||||
|
||||
build_crypto:
|
||||
@dir=crypto; target=all; $(BUILD_ONE_CMD)
|
||||
@ -459,6 +462,9 @@ tests: rehash
|
||||
report:
|
||||
@$(PERL) util/selftest.pl
|
||||
|
||||
update: errors stacks util/libeay.num util/ssleay.num TABLE
|
||||
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
depend:
|
||||
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
@ -483,26 +489,10 @@ util/libeay.num::
|
||||
util/ssleay.num::
|
||||
$(PERL) util/mkdef.pl ssl update
|
||||
|
||||
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
|
||||
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
|
||||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
|
||||
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
|
||||
crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
|
||||
$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
|
||||
|
||||
apps/openssl-vms.cnf: apps/openssl.cnf
|
||||
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
|
||||
|
||||
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
|
||||
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
|
||||
|
||||
|
||||
TABLE: Configure
|
||||
(echo 'Output of `Configure TABLE'"':"; \
|
||||
$(PERL) Configure TABLE) > TABLE
|
||||
|
||||
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
|
||||
|
||||
# Build distribution tar-file. As the list of files returned by "find" is
|
||||
# pretty long, on several platforms a "too many arguments" error or similar
|
||||
# would occur. Therefore the list of files is temporarily stored into a file
|
||||
|
||||
19
crypto/external/bsd/openssl/dist/apps/Makefile
vendored
19
crypto/external/bsd/openssl/dist/apps/Makefile
vendored
@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
|
||||
sreq.o: req.c
|
||||
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
|
||||
|
||||
openssl-vms.cnf: openssl.cnf
|
||||
$(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
|
||||
|
||||
@ -127,12 +130,12 @@ links:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
depend:
|
||||
@if [ -z "$(THIS)" ]; then \
|
||||
$(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
|
||||
else \
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
|
||||
fi
|
||||
update: openssl-vms.cnf local_depend
|
||||
|
||||
depend: local_depend
|
||||
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
||||
local_depend:
|
||||
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
|
||||
|
||||
dclean:
|
||||
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
|
||||
@ -144,10 +147,10 @@ clean:
|
||||
rm -f req
|
||||
|
||||
$(DLIBSSL):
|
||||
(cd ..; $(MAKE) DIRS=ssl all)
|
||||
(cd ..; $(MAKE) build_libssl)
|
||||
|
||||
$(DLIBCRYPTO):
|
||||
(cd ..; $(MAKE) DIRS=crypto all)
|
||||
(cd ..; $(MAKE) build_libcrypto)
|
||||
|
||||
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
|
||||
$(RM) $(EXE)
|
||||
|
||||
6
crypto/external/bsd/openssl/dist/apps/apps.c
vendored
6
crypto/external/bsd/openssl/dist/apps/apps.c
vendored
@ -572,7 +572,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
|
||||
char *prompt = NULL;
|
||||
|
||||
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
|
||||
if(!prompt) {
|
||||
if (!prompt) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
UI_free(ui);
|
||||
return 0;
|
||||
@ -586,7 +586,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
|
||||
PW_MIN_LENGTH, bufsiz - 1);
|
||||
if (ok >= 0 && verify) {
|
||||
buff = (char *)OPENSSL_malloc(bufsiz);
|
||||
if(!buff) {
|
||||
if (!buff) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
UI_free(ui);
|
||||
OPENSSL_free(prompt);
|
||||
@ -2238,6 +2238,8 @@ int args_verify(char ***pargs, int *pargc,
|
||||
flags |= X509_V_FLAG_NOTIFY_POLICY;
|
||||
else if (!strcmp(arg, "-check_ss_sig"))
|
||||
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
|
||||
else if (!strcmp(arg, "-no_alt_chains"))
|
||||
flags |= X509_V_FLAG_NO_ALT_CHAINS;
|
||||
else
|
||||
return 0;
|
||||
|
||||
|
||||
@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
|
||||
{
|
||||
CONF *cnf = NULL;
|
||||
int len;
|
||||
long errline;
|
||||
long errline = 0;
|
||||
unsigned char *p;
|
||||
ASN1_TYPE *atyp = NULL;
|
||||
|
||||
|
||||
2
crypto/external/bsd/openssl/dist/apps/cms.c
vendored
2
crypto/external/bsd/openssl/dist/apps/cms.c
vendored
@ -580,6 +580,8 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
BIO_printf(bio_err,
|
||||
|
||||
@ -130,7 +130,7 @@
|
||||
# undef PROG
|
||||
# define PROG dhparam_main
|
||||
|
||||
# define DEFBITS 512
|
||||
# define DEFBITS 2048
|
||||
|
||||
/*-
|
||||
* -inform arg - input format - default PEM (DER or PEM)
|
||||
@ -254,7 +254,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
" -5 generate parameters using 5 as the generator value\n");
|
||||
BIO_printf(bio_err,
|
||||
" numbits number of bits in to generate (default 512)\n");
|
||||
" numbits number of bits in to generate (default 2048)\n");
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,
|
||||
" -engine e use engine e, possibly a hardware device.\n");
|
||||
|
||||
13
crypto/external/bsd/openssl/dist/apps/enc.c
vendored
13
crypto/external/bsd/openssl/dist/apps/enc.c
vendored
@ -548,9 +548,14 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
OPENSSL_cleanse(str, strlen(str));
|
||||
}
|
||||
if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
|
||||
BIO_printf(bio_err, "invalid hex iv value\n");
|
||||
goto end;
|
||||
if (hiv != NULL) {
|
||||
int siz = EVP_CIPHER_iv_length(cipher);
|
||||
if (siz == 0) {
|
||||
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
|
||||
} else if (!set_hex(hiv, iv, sizeof iv)) {
|
||||
BIO_printf(bio_err, "invalid hex iv value\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if ((hiv == NULL) && (str == NULL)
|
||||
&& EVP_CIPHER_iv_length(cipher) != 0) {
|
||||
@ -562,7 +567,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "iv undefined\n");
|
||||
goto end;
|
||||
}
|
||||
if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
|
||||
if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
|
||||
BIO_printf(bio_err, "invalid hex key value\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -80,7 +80,7 @@
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
# define DEFBITS 512
|
||||
# define DEFBITS 2048
|
||||
# undef PROG
|
||||
# define PROG gendh_main
|
||||
|
||||
|
||||
3
crypto/external/bsd/openssl/dist/apps/s_cb.c
vendored
3
crypto/external/bsd/openssl/dist/apps/s_cb.c
vendored
@ -111,6 +111,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h> /* for memcpy() */
|
||||
#define USE_SOCKETS
|
||||
#define NON_MAIN
|
||||
#include "apps.h"
|
||||
@ -747,7 +748,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
|
||||
|
||||
/* Initialize a random secret */
|
||||
if (!cookie_initialized) {
|
||||
if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
|
||||
if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
|
||||
BIO_printf(bio_err, "error setting random cookie secret\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -441,6 +441,8 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
BIO_printf(bio_err,
|
||||
|
||||
4
crypto/external/bsd/openssl/dist/apps/srp.c
vendored
4
crypto/external/bsd/openssl/dist/apps/srp.c
vendored
@ -435,7 +435,7 @@ int MAIN(int argc, char **argv)
|
||||
# ifdef OPENSSL_SYS_VMS
|
||||
len = strlen(s) + sizeof(CONFIG_FILE);
|
||||
tofree = OPENSSL_malloc(len);
|
||||
if(!tofree) {
|
||||
if (!tofree) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
goto err;
|
||||
}
|
||||
@ -443,7 +443,7 @@ int MAIN(int argc, char **argv)
|
||||
# else
|
||||
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
|
||||
tofree = OPENSSL_malloc(len);
|
||||
if(!tofree) {
|
||||
if (!tofree) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
|
||||
if (ret == 1) {
|
||||
BIO_printf(bio_err,
|
||||
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
|
||||
BIO_printf(bio_err, " [-attime timestamp]");
|
||||
BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err, " [-engine e]");
|
||||
#endif
|
||||
|
||||
@ -93,6 +93,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
else {
|
||||
ret = a->length;
|
||||
i = a->data[0];
|
||||
if (ret == 1 && i == 0)
|
||||
neg = 0;
|
||||
if (!neg && (i > 127)) {
|
||||
pad = 1;
|
||||
pb = 0;
|
||||
@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
p += a->length - 1;
|
||||
i = a->length;
|
||||
/* Copy zeros to destination as long as source is zero */
|
||||
while (!*n) {
|
||||
while (!*n && i > 1) {
|
||||
*(p--) = 0;
|
||||
n--;
|
||||
i--;
|
||||
@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
|
||||
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (BN_is_negative(bn))
|
||||
if (BN_is_negative(bn) && !BN_is_zero(bn))
|
||||
ret->type = V_ASN1_NEG_INTEGER;
|
||||
else
|
||||
ret->type = V_ASN1_INTEGER;
|
||||
|
||||
@ -74,6 +74,8 @@
|
||||
#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
|
||||
|
||||
#define ASN1_FLAG_EXP_MAX 20
|
||||
/* Maximum number of nested sequences */
|
||||
#define ASN1_GEN_SEQ_MAX_DEPTH 50
|
||||
|
||||
/* Input formats */
|
||||
|
||||
@ -110,13 +112,16 @@ typedef struct {
|
||||
int exp_count;
|
||||
} tag_exp_arg;
|
||||
|
||||
static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
|
||||
int *perr);
|
||||
static int bitstr_cb(const char *elem, int len, void *bitstr);
|
||||
static int asn1_cb(const char *elem, int len, void *bitstr);
|
||||
static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
|
||||
int exp_constructed, int exp_pad, int imp_ok);
|
||||
static int parse_tagging(const char *vstart, int vlen, int *ptag,
|
||||
int *pclass);
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
|
||||
int depth, int *perr);
|
||||
static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
|
||||
static int asn1_str2tag(const char *tagstr, int len);
|
||||
|
||||
@ -132,6 +137,16 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
|
||||
}
|
||||
|
||||
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
|
||||
{
|
||||
int err = 0;
|
||||
ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
|
||||
if (err)
|
||||
ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
|
||||
int *perr)
|
||||
{
|
||||
ASN1_TYPE *ret;
|
||||
tag_exp_arg asn1_tags;
|
||||
@ -152,17 +167,22 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
|
||||
asn1_tags.imp_class = -1;
|
||||
asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
|
||||
asn1_tags.exp_count = 0;
|
||||
if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
|
||||
if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
|
||||
*perr = ASN1_R_UNKNOWN_TAG;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ((asn1_tags.utype == V_ASN1_SEQUENCE)
|
||||
|| (asn1_tags.utype == V_ASN1_SET)) {
|
||||
if (!cnf) {
|
||||
ASN1err(ASN1_F_ASN1_GENERATE_V3,
|
||||
ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
|
||||
*perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
|
||||
return NULL;
|
||||
}
|
||||
ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
|
||||
if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
|
||||
*perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
|
||||
return NULL;
|
||||
}
|
||||
ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
|
||||
} else
|
||||
ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
|
||||
|
||||
@ -280,7 +300,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
|
||||
int tmp_tag, tmp_class;
|
||||
|
||||
if (elem == NULL)
|
||||
return 0;
|
||||
return -1;
|
||||
|
||||
for (i = 0, p = elem; i < len; p++, i++) {
|
||||
/* Look for the ':' in name value pairs */
|
||||
@ -353,7 +373,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
|
||||
break;
|
||||
|
||||
case ASN1_GEN_FLAG_FORMAT:
|
||||
if(!vstart) {
|
||||
if (!vstart) {
|
||||
ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
|
||||
return -1;
|
||||
}
|
||||
@ -435,7 +455,8 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
|
||||
|
||||
/* Handle multiple types: SET and SEQUENCE */
|
||||
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
|
||||
int depth, int *perr)
|
||||
{
|
||||
ASN1_TYPE *ret = NULL;
|
||||
STACK_OF(ASN1_TYPE) *sk = NULL;
|
||||
@ -454,7 +475,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
|
||||
goto bad;
|
||||
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
|
||||
ASN1_TYPE *typ =
|
||||
ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
|
||||
generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
|
||||
depth + 1, perr);
|
||||
if (!typ)
|
||||
goto bad;
|
||||
if (!sk_ASN1_TYPE_push(sk, typ))
|
||||
|
||||
@ -162,7 +162,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
|
||||
|
||||
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
|
||||
p = OPENSSL_malloc(derlen);
|
||||
if(!p)
|
||||
if (!p)
|
||||
return 0;
|
||||
|
||||
ndef_aux->derbuf = p;
|
||||
@ -232,7 +232,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
|
||||
|
||||
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
|
||||
p = OPENSSL_malloc(derlen);
|
||||
if(!p)
|
||||
if (!p)
|
||||
return 0;
|
||||
|
||||
ndef_aux->derbuf = p;
|
||||
|
||||
@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||
else
|
||||
asn1_cb = 0;
|
||||
|
||||
if (!combine)
|
||||
*pval = NULL;
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
if (it->sname)
|
||||
CRYPTO_push_info(it->sname);
|
||||
|
||||
@ -290,7 +290,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
|
||||
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
|
||||
const ASN1_TEMPLATE *seqtt;
|
||||
seqtt = asn1_do_adb(fld, tt, 1);
|
||||
if(!seqtt)
|
||||
if (!seqtt)
|
||||
return 0;
|
||||
tmpfld = asn1_get_field_ptr(fld, seqtt);
|
||||
if (!asn1_template_print_ctx(out, tmpfld,
|
||||
|
||||
@ -177,7 +177,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
||||
/* Save start position */
|
||||
q = *pp;
|
||||
|
||||
if(!a || *a == NULL) {
|
||||
if (!a || *a == NULL) {
|
||||
freeret = 1;
|
||||
}
|
||||
ret = d2i_X509(a, pp, length);
|
||||
@ -192,7 +192,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
||||
goto err;
|
||||
return ret;
|
||||
err:
|
||||
if(freeret) {
|
||||
if (freeret) {
|
||||
X509_free(ret);
|
||||
if (a)
|
||||
*a = NULL;
|
||||
|
||||
@ -72,6 +72,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -73,6 +73,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -704,32 +704,29 @@ doapr_outch(char **sbuffer,
|
||||
/* If we haven't at least one buffer, someone has doe a big booboo */
|
||||
assert(*sbuffer != NULL || buffer != NULL);
|
||||
|
||||
if (buffer) {
|
||||
while (*currlen >= *maxlen) {
|
||||
if (*buffer == NULL) {
|
||||
if (*maxlen == 0)
|
||||
*maxlen = 1024;
|
||||
*buffer = OPENSSL_malloc(*maxlen);
|
||||
if(!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
if (*currlen > 0) {
|
||||
assert(*sbuffer != NULL);
|
||||
memcpy(*buffer, *sbuffer, *currlen);
|
||||
}
|
||||
*sbuffer = NULL;
|
||||
} else {
|
||||
*maxlen += 1024;
|
||||
*buffer = OPENSSL_realloc(*buffer, *maxlen);
|
||||
if(!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
/* |currlen| must always be <= |*maxlen| */
|
||||
assert(*currlen <= *maxlen);
|
||||
|
||||
if (buffer && *currlen == *maxlen) {
|
||||
*maxlen += 1024;
|
||||
if (*buffer == NULL) {
|
||||
*buffer = OPENSSL_malloc(*maxlen);
|
||||
if (!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
if (*currlen > 0) {
|
||||
assert(*sbuffer != NULL);
|
||||
memcpy(*buffer, *sbuffer, *currlen);
|
||||
}
|
||||
*sbuffer = NULL;
|
||||
} else {
|
||||
*buffer = OPENSSL_realloc(*buffer, *maxlen);
|
||||
if (!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
}
|
||||
/* What to do if *buffer is NULL? */
|
||||
assert(*sbuffer != NULL || *buffer != NULL);
|
||||
}
|
||||
|
||||
if (*currlen < *maxlen) {
|
||||
|
||||
@ -139,7 +139,8 @@ static int nbiof_read(BIO *b, char *out, int outl)
|
||||
|
||||
BIO_clear_retry_flags(b);
|
||||
#if 1
|
||||
RAND_pseudo_bytes(&n, 1);
|
||||
if (RAND_pseudo_bytes(&n, 1) < 0)
|
||||
return -1;
|
||||
num = (n & 0x07);
|
||||
|
||||
if (outl > num)
|
||||
@ -178,7 +179,8 @@ static int nbiof_write(BIO *b, const char *in, int inl)
|
||||
num = nt->lwn;
|
||||
nt->lwn = 0;
|
||||
} else {
|
||||
RAND_pseudo_bytes(&n, 1);
|
||||
if (RAND_pseudo_bytes(&n, 1) < 0)
|
||||
return -1;
|
||||
num = (n & 7);
|
||||
}
|
||||
|
||||
|
||||
@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in)
|
||||
|
||||
/* copy app data */
|
||||
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
|
||||
&bio->ex_data))
|
||||
&bio->ex_data)) {
|
||||
BIO_free(new_bio);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (ret == NULL) {
|
||||
eoc = new_bio;
|
||||
@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in)
|
||||
}
|
||||
return (ret);
|
||||
err:
|
||||
if (ret != NULL)
|
||||
BIO_free(ret);
|
||||
BIO_free_all(ret);
|
||||
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
|
||||
@ -299,16 +299,17 @@ static void dgram_adjust_rcv_timeout(BIO *b)
|
||||
|
||||
/* Calculate time left until timer expires */
|
||||
memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
|
||||
timeleft.tv_sec -= timenow.tv_sec;
|
||||
timeleft.tv_usec -= timenow.tv_usec;
|
||||
if (timeleft.tv_usec < 0) {
|
||||
if (timeleft.tv_usec < timenow.tv_usec) {
|
||||
timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
|
||||
timeleft.tv_sec--;
|
||||
timeleft.tv_usec += 1000000;
|
||||
} else {
|
||||
timeleft.tv_usec -= timenow.tv_usec;
|
||||
}
|
||||
|
||||
if (timeleft.tv_sec < 0) {
|
||||
if (timeleft.tv_sec < timenow.tv_sec) {
|
||||
timeleft.tv_sec = 0;
|
||||
timeleft.tv_usec = 1;
|
||||
} else {
|
||||
timeleft.tv_sec -= timenow.tv_sec;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -953,7 +954,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
|
||||
*/
|
||||
sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
|
||||
authchunks = OPENSSL_malloc(sockopt_len);
|
||||
if(!authchunks) {
|
||||
if (!authchunks) {
|
||||
BIO_vfree(bio);
|
||||
return (NULL);
|
||||
}
|
||||
@ -1293,7 +1294,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
|
||||
(socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
|
||||
authchunks = OPENSSL_malloc(optlen);
|
||||
if (!authchunks) {
|
||||
BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR);
|
||||
BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
memset(authchunks, 0, sizeof(optlen));
|
||||
@ -1364,8 +1365,8 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
|
||||
if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) {
|
||||
char *tmp;
|
||||
data->saved_message.bio = b;
|
||||
if(!(tmp = OPENSSL_malloc(inl))) {
|
||||
BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR);
|
||||
if (!(tmp = OPENSSL_malloc(inl))) {
|
||||
BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
if (data->saved_message.data)
|
||||
|
||||
@ -167,6 +167,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: bn_prime.h depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
/* crypto/bn/bn_err.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = {
|
||||
{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
|
||||
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
|
||||
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
|
||||
{ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
|
||||
{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
|
||||
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
|
||||
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
|
||||
@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = {
|
||||
{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
|
||||
{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
|
||||
{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
|
||||
{ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
|
||||
{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
|
||||
{0, NULL}
|
||||
};
|
||||
@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = {
|
||||
{ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
|
||||
{ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
|
||||
{ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
|
||||
{ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
|
||||
{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
|
||||
{ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
|
||||
{ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
|
||||
@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] = {
|
||||
{ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
|
||||
{ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
|
||||
{ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
|
||||
{ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
|
||||
{ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
|
||||
{ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
|
||||
{ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
|
||||
|
||||
@ -694,9 +694,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
||||
}
|
||||
# else
|
||||
{
|
||||
int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy
|
||||
* of p */
|
||||
top = p->top;
|
||||
int i;
|
||||
int ubits = BN_num_bits(u);
|
||||
int vbits = BN_num_bits(v); /* v is copy of p */
|
||||
int top = p->top;
|
||||
BN_ULONG *udp, *bdp, *vdp, *cdp;
|
||||
|
||||
bn_wexpand(u, top);
|
||||
@ -740,8 +741,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
||||
ubits--;
|
||||
}
|
||||
|
||||
if (ubits <= BN_BITS2 && udp[0] == 1)
|
||||
break;
|
||||
if (ubits <= BN_BITS2) {
|
||||
if (udp[0] == 0) /* poly was reducible */
|
||||
goto err;
|
||||
if (udp[0] == 1)
|
||||
break;
|
||||
}
|
||||
|
||||
if (ubits < vbits) {
|
||||
i = ubits;
|
||||
|
||||
@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
|
||||
char *buf;
|
||||
char *p;
|
||||
|
||||
buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
|
||||
if (a->neg && BN_is_zero(a)) {
|
||||
/* "-0" == 3 bytes including NULL terminator */
|
||||
buf = OPENSSL_malloc(3);
|
||||
} else {
|
||||
buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
|
||||
}
|
||||
if (buf == NULL) {
|
||||
BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
|
||||
@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
|
||||
int ret = 0, bit, bytes, mask;
|
||||
time_t tim;
|
||||
|
||||
if (bits < 0 || (bits == 1 && top > 0)) {
|
||||
BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (bits == 0) {
|
||||
BN_zero(rnd);
|
||||
return 1;
|
||||
@ -157,7 +162,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
|
||||
unsigned char c;
|
||||
|
||||
for (i = 0; i < bytes; i++) {
|
||||
RAND_pseudo_bytes(&c, 1);
|
||||
if (RAND_pseudo_bytes(&c, 1) < 0)
|
||||
goto err;
|
||||
if (c >= 128 && i > 0)
|
||||
buf[i] = buf[i - 1];
|
||||
else if (c < 42)
|
||||
@ -168,7 +174,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
|
||||
}
|
||||
#endif
|
||||
|
||||
if (top != -1) {
|
||||
if (top >= 0) {
|
||||
if (top) {
|
||||
if (bit == 0) {
|
||||
buf[0] = 1;
|
||||
|
||||
@ -137,6 +137,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
|
||||
bn_check_top(r);
|
||||
bn_check_top(a);
|
||||
|
||||
if (n < 0) {
|
||||
BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
|
||||
return 0;
|
||||
}
|
||||
|
||||
r->neg = a->neg;
|
||||
nw = n / BN_BITS2;
|
||||
if (bn_wexpand(r, a->top + nw + 1) == NULL)
|
||||
@ -174,6 +179,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
|
||||
bn_check_top(r);
|
||||
bn_check_top(a);
|
||||
|
||||
if (n < 0) {
|
||||
BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
|
||||
return 0;
|
||||
}
|
||||
|
||||
nw = n / BN_BITS2;
|
||||
rb = n % BN_BITS2;
|
||||
lb = BN_BITS2 - rb;
|
||||
|
||||
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -73,6 +73,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -69,6 +69,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -126,6 +126,8 @@ EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
|
||||
|
||||
void CMAC_CTX_free(CMAC_CTX *ctx)
|
||||
{
|
||||
if (!ctx)
|
||||
return;
|
||||
CMAC_CTX_cleanup(ctx);
|
||||
OPENSSL_free(ctx);
|
||||
}
|
||||
|
||||
@ -67,6 +67,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *upto)
|
||||
BIO_free(f);
|
||||
f = tbio;
|
||||
}
|
||||
while (f != upto);
|
||||
while (f && f != upto);
|
||||
} else
|
||||
BIO_free_all(f);
|
||||
}
|
||||
|
||||
@ -64,6 +64,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
|
||||
|
||||
@ -64,6 +64,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
|
||||
|
||||
@ -94,6 +94,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -96,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
|
||||
const unsigned char *cp;
|
||||
static int start = 1;
|
||||
|
||||
if (len < 0)
|
||||
return -1;
|
||||
|
||||
if (outbuf == NULL) {
|
||||
outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
|
||||
if (outbuf == NULL)
|
||||
@ -132,7 +135,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
|
||||
if (len < 8) {
|
||||
cp = shortbuf;
|
||||
memcpy(shortbuf, buf, len);
|
||||
RAND_pseudo_bytes(shortbuf + len, 8 - len);
|
||||
if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) {
|
||||
return -1;
|
||||
}
|
||||
rnum = 8;
|
||||
} else {
|
||||
cp = buf;
|
||||
|
||||
@ -63,6 +63,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -135,7 +135,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
|
||||
dh = pkey->pkey.dh;
|
||||
|
||||
str = ASN1_STRING_new();
|
||||
if(!str) {
|
||||
if (!str) {
|
||||
DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -63,6 +63,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -202,7 +202,8 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
|
||||
goto err;
|
||||
|
||||
if (!seed_len) {
|
||||
RAND_pseudo_bytes(seed, qsize);
|
||||
if (RAND_pseudo_bytes(seed, qsize) < 0)
|
||||
goto err;
|
||||
seed_is_random = 1;
|
||||
} else {
|
||||
seed_is_random = 0;
|
||||
|
||||
@ -106,23 +106,23 @@ static DSA_METHOD openssl_dsa_meth = {
|
||||
#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
|
||||
do { \
|
||||
int _tmp_res53; \
|
||||
if((dsa)->meth->dsa_mod_exp) \
|
||||
if ((dsa)->meth->dsa_mod_exp) \
|
||||
_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
|
||||
(a2), (p2), (m), (ctx), (in_mont)); \
|
||||
else \
|
||||
_tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
|
||||
(m), (ctx), (in_mont)); \
|
||||
if(!_tmp_res53) err_instr; \
|
||||
if (!_tmp_res53) err_instr; \
|
||||
} while(0)
|
||||
#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
|
||||
do { \
|
||||
int _tmp_res53; \
|
||||
if((dsa)->meth->bn_mod_exp) \
|
||||
if ((dsa)->meth->bn_mod_exp) \
|
||||
_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
|
||||
(m), (ctx), (m_ctx)); \
|
||||
else \
|
||||
_tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
|
||||
if(!_tmp_res53) err_instr; \
|
||||
if (!_tmp_res53) err_instr; \
|
||||
} while(0)
|
||||
|
||||
const DSA_METHOD *DSA_OpenSSL(void)
|
||||
|
||||
@ -63,6 +63,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
|
||||
* honest. For one thing, I think I have to return a negative value for any
|
||||
* error because possible DSO_ctrl() commands may return values such as
|
||||
* "size"s that can legitimately be zero (making the standard
|
||||
* "if(DSO_cmd(...))" form that works almost everywhere else fail at odd
|
||||
* "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
|
||||
* times. I'd prefer "output" values to be passed by reference and the return
|
||||
* value as success/failure like usual ... but we conform when we must... :-)
|
||||
*/
|
||||
|
||||
@ -539,7 +539,7 @@ static char *vms_name_converter(DSO *dso, const char *filename)
|
||||
{
|
||||
int len = strlen(filename);
|
||||
char *not_translated = OPENSSL_malloc(len + 1);
|
||||
if(not_translated)
|
||||
if (not_translated)
|
||||
strcpy(not_translated, filename);
|
||||
return (not_translated);
|
||||
}
|
||||
|
||||
@ -70,6 +70,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -387,7 +387,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
}
|
||||
|
||||
/* test required by X9.62 */
|
||||
if (!EC_POINT_is_on_curve(group, point, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
|
||||
ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -314,7 +314,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
|
||||
goto err;
|
||||
|
||||
/* testing whether the pub_key is on the elliptic curve */
|
||||
if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
|
||||
if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -451,14 +451,6 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
|
||||
int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
|
||||
|
||||
/* method functions in ec2_mult.c */
|
||||
int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
const BIGNUM *scalar, size_t num,
|
||||
const EC_POINT *points[], const BIGNUM *scalars[],
|
||||
BN_CTX *);
|
||||
int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
|
||||
int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
|
||||
|
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
/* method functions in ecp_nistp224.c */
|
||||
int ec_GFp_nistp224_group_init(EC_GROUP *group);
|
||||
|
||||
@ -934,6 +934,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
|
||||
return group->meth->is_at_infinity(group, point);
|
||||
}
|
||||
|
||||
/*
|
||||
* Check whether an EC_POINT is on the curve or not. Note that the return
|
||||
* value for this function should NOT be treated as a boolean. Return values:
|
||||
* 1: The point is on the curve
|
||||
* 0: The point is not on the curve
|
||||
* -1: An error occurred
|
||||
*/
|
||||
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
|
||||
BN_CTX *ctx)
|
||||
{
|
||||
|
||||
@ -338,12 +338,14 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
|
||||
|
||||
if (buf == NULL)
|
||||
return 1;
|
||||
if (off) {
|
||||
if (off > 0) {
|
||||
if (off > 128)
|
||||
off = 128;
|
||||
memset(str, ' ', off);
|
||||
if (BIO_write(fp, str, off) <= 0)
|
||||
return 0;
|
||||
} else {
|
||||
off = 0;
|
||||
}
|
||||
|
||||
if (BIO_printf(fp, "%s", name) <= 0)
|
||||
|
||||
@ -413,7 +413,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
}
|
||||
|
||||
/* test required by X9.62 */
|
||||
if (!EC_POINT_is_on_curve(group, point, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -62,6 +62,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -62,6 +62,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -296,8 +296,8 @@ int test_builtin(BIO *out)
|
||||
int nid, ret = 0;
|
||||
|
||||
/* fill digest values with some random data */
|
||||
if (!RAND_pseudo_bytes(digest, 20) ||
|
||||
!RAND_pseudo_bytes(wrong_digest, 20)) {
|
||||
if (RAND_pseudo_bytes(digest, 20) <= 0 ||
|
||||
RAND_pseudo_bytes(wrong_digest, 20) <= 0) {
|
||||
BIO_printf(out, "ERROR: unable to get random data\n");
|
||||
goto builtin_err;
|
||||
}
|
||||
|
||||
@ -351,6 +351,8 @@ void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
|
||||
ENGINE_PILE_DOALL dall;
|
||||
dall.cb = cb;
|
||||
dall.arg = arg;
|
||||
lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
|
||||
ENGINE_PILE_DOALL, &dall);
|
||||
if (table)
|
||||
lh_ENGINE_PILE_doall_arg(&table->piles,
|
||||
LHASH_DOALL_ARG_FN(int_cb),
|
||||
ENGINE_PILE_DOALL, &dall);
|
||||
}
|
||||
|
||||
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -491,7 +491,8 @@ static int sig_out(BIO *b)
|
||||
* FIXME: there's absolutely no guarantee this makes any sense at all,
|
||||
* particularly now EVP_MD_CTX has been restructured.
|
||||
*/
|
||||
RAND_pseudo_bytes(md->md_data, md->digest->md_size);
|
||||
if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0)
|
||||
goto berr;
|
||||
memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
|
||||
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
|
||||
ctx->buf_len += md->digest->md_size;
|
||||
|
||||
@ -503,7 +503,12 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||
case EVP_CTRL_AEAD_TLS1_AAD:
|
||||
{
|
||||
unsigned char *p = ptr;
|
||||
unsigned int len = p[arg - 2] << 8 | p[arg - 1];
|
||||
unsigned int len;
|
||||
|
||||
if (arg != EVP_AEAD_TLS1_AAD_LEN)
|
||||
return -1;
|
||||
|
||||
len = p[arg - 2] << 8 | p[arg - 1];
|
||||
|
||||
if (ctx->encrypt) {
|
||||
key->payload_length = len;
|
||||
@ -520,8 +525,6 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||
AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
|
||||
- len);
|
||||
} else {
|
||||
if (arg > 13)
|
||||
arg = 13;
|
||||
memcpy(key->aux.tls_aad, ptr, arg);
|
||||
key->payload_length = arg;
|
||||
|
||||
|
||||
@ -54,6 +54,7 @@
|
||||
|
||||
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
|
||||
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/objects.h>
|
||||
# include <openssl/rc4.h>
|
||||
@ -210,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
|
||||
MD5_Final(mac, &key->md);
|
||||
|
||||
if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
|
||||
if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
|
||||
return 0;
|
||||
} else {
|
||||
MD5_Update(&key->md, out + md5_off, len - md5_off);
|
||||
@ -258,7 +259,12 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||
case EVP_CTRL_AEAD_TLS1_AAD:
|
||||
{
|
||||
unsigned char *p = ptr;
|
||||
unsigned int len = p[arg - 2] << 8 | p[arg - 1];
|
||||
unsigned int len;
|
||||
|
||||
if (arg != EVP_AEAD_TLS1_AAD_LEN)
|
||||
return -1;
|
||||
|
||||
len = p[arg - 2] << 8 | p[arg - 1];
|
||||
|
||||
if (!ctx->encrypt) {
|
||||
len -= MD5_DIGEST_LENGTH;
|
||||
|
||||
@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
unsigned int total = 0;
|
||||
|
||||
*outl = 0;
|
||||
if (inl == 0)
|
||||
if (inl <= 0)
|
||||
return;
|
||||
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
|
||||
if ((ctx->num + inl) < ctx->length) {
|
||||
|
||||
@ -103,7 +103,6 @@
|
||||
# define EVP_PKS_RSA 0x0100
|
||||
# define EVP_PKS_DSA 0x0200
|
||||
# define EVP_PKS_EC 0x0400
|
||||
# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
|
||||
|
||||
# define EVP_PKEY_NONE NID_undef
|
||||
# define EVP_PKEY_RSA NID_rsaEncryption
|
||||
@ -409,6 +408,9 @@ struct evp_cipher_st {
|
||||
/* Set the GCM invocation field, decrypt only */
|
||||
# define EVP_CTRL_GCM_SET_IV_INV 0x18
|
||||
|
||||
/* RFC 5246 defines additional data to be 13 bytes in length */
|
||||
# define EVP_AEAD_TLS1_AAD_LEN 13
|
||||
|
||||
/* GCM TLS constants */
|
||||
/* Length of fixed part of IV derived from PRF */
|
||||
# define EVP_GCM_TLS_FIXED_IV_LEN 4
|
||||
|
||||
@ -82,8 +82,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
|
||||
return 1;
|
||||
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
|
||||
return 0;
|
||||
if (EVP_CIPHER_CTX_iv_length(ctx))
|
||||
RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx));
|
||||
if (EVP_CIPHER_CTX_iv_length(ctx)
|
||||
&& RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
|
||||
return 0;
|
||||
|
||||
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
|
||||
return 0;
|
||||
|
||||
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -91,8 +91,14 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
|
||||
if (md != NULL) {
|
||||
reset = 1;
|
||||
ctx->md = md;
|
||||
} else
|
||||
} else if (ctx->md) {
|
||||
md = ctx->md;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!ctx->key_init && key == NULL)
|
||||
return 0;
|
||||
|
||||
if (key != NULL) {
|
||||
reset = 1;
|
||||
@ -107,13 +113,15 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
|
||||
&ctx->key_length))
|
||||
goto err;
|
||||
} else {
|
||||
OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key));
|
||||
if (len < 0 || len > (int)sizeof(ctx->key))
|
||||
return 0;
|
||||
memcpy(ctx->key, key, len);
|
||||
ctx->key_length = len;
|
||||
}
|
||||
if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
|
||||
memset(&ctx->key[ctx->key_length], 0,
|
||||
HMAC_MAX_MD_CBLOCK - ctx->key_length);
|
||||
ctx->key_init = 1;
|
||||
}
|
||||
|
||||
if (reset) {
|
||||
@ -151,6 +159,9 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
|
||||
if (FIPS_mode() && !ctx->i_ctx.engine)
|
||||
return FIPS_hmac_update(ctx, data, len);
|
||||
#endif
|
||||
if (!ctx->key_init)
|
||||
return 0;
|
||||
|
||||
return EVP_DigestUpdate(&ctx->md_ctx, data, len);
|
||||
}
|
||||
|
||||
@ -163,6 +174,9 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
|
||||
return FIPS_hmac_final(ctx, md, len);
|
||||
#endif
|
||||
|
||||
if (!ctx->key_init)
|
||||
goto err;
|
||||
|
||||
if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
|
||||
goto err;
|
||||
if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))
|
||||
@ -181,6 +195,8 @@ void HMAC_CTX_init(HMAC_CTX *ctx)
|
||||
EVP_MD_CTX_init(&ctx->i_ctx);
|
||||
EVP_MD_CTX_init(&ctx->o_ctx);
|
||||
EVP_MD_CTX_init(&ctx->md_ctx);
|
||||
ctx->key_init = 0;
|
||||
ctx->md = NULL;
|
||||
}
|
||||
|
||||
int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
|
||||
@ -191,8 +207,11 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
|
||||
goto err;
|
||||
if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
|
||||
goto err;
|
||||
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
|
||||
dctx->key_length = sctx->key_length;
|
||||
dctx->key_init = sctx->key_init;
|
||||
if (sctx->key_init) {
|
||||
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
|
||||
dctx->key_length = sctx->key_length;
|
||||
}
|
||||
dctx->md = sctx->md;
|
||||
return 1;
|
||||
err:
|
||||
@ -232,6 +251,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
|
||||
HMAC_CTX_cleanup(&c);
|
||||
return md;
|
||||
err:
|
||||
HMAC_CTX_cleanup(&c);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
@ -79,6 +79,7 @@ typedef struct hmac_ctx_st {
|
||||
EVP_MD_CTX o_ctx;
|
||||
unsigned int key_length;
|
||||
unsigned char key[HMAC_MAX_MD_CBLOCK];
|
||||
int key_init;
|
||||
} HMAC_CTX;
|
||||
|
||||
# define HMAC_size(e) (EVP_MD_size((e)->md))
|
||||
|
||||
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -32,6 +32,8 @@ install:
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -62,6 +62,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
|
||||
|
||||
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -62,6 +62,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -76,6 +76,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -89,6 +89,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -1622,7 +1622,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
|
||||
ctx->Xi.u[1] ^= ctx->EK0.u[1];
|
||||
|
||||
if (tag && len <= sizeof(ctx->Xi))
|
||||
return memcmp(ctx->Xi.c, tag, len);
|
||||
return CRYPTO_memcmp(ctx->Xi.c, tag, len);
|
||||
else
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -74,6 +74,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: obj_dat.h obj_mac.h obj_xref.h depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -142,7 +142,7 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca)
|
||||
return 0;
|
||||
}
|
||||
ret &= 0x3fffffffL;
|
||||
ret |= ca->type << 30L;
|
||||
ret |= ((unsigned long)ca->type) << 30L;
|
||||
return (ret);
|
||||
}
|
||||
|
||||
@ -400,6 +400,8 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
|
||||
j = (a->length - b->length);
|
||||
if (j)
|
||||
return (j);
|
||||
if (a->length == 0)
|
||||
return 0;
|
||||
return (memcmp(a->data, b->data, a->length));
|
||||
}
|
||||
|
||||
@ -415,6 +417,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
|
||||
if (a->nid != 0)
|
||||
return (a->nid);
|
||||
|
||||
if (a->length == 0)
|
||||
return NID_undef;
|
||||
|
||||
if (added != NULL) {
|
||||
ad.type = ADDED_DATA;
|
||||
ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
|
||||
|
||||
@ -8,9 +8,9 @@ The basic syntax for adding an object is as follows:
|
||||
|
||||
1 2 3 4 : shortName : Long Name
|
||||
|
||||
If the long name doesn't contain spaces, or no short name
|
||||
exists, the long name is used as basis for the base name
|
||||
in C. Otherwise, the short name is used.
|
||||
If Long Name contains only word characters and hyphen-minus
|
||||
(0x2D) or full stop (0x2E) then Long Name is used as basis
|
||||
for the base name in C. Otherwise, the shortName is used.
|
||||
|
||||
The base name (let's call it 'base') will then be used to
|
||||
create the C macros SN_base, LN_base, NID_base and OBJ_base.
|
||||
@ -22,7 +22,7 @@ Then there are some extra commands:
|
||||
|
||||
!Alias foo 1 2 3 4
|
||||
|
||||
This juts makes a name foo for an OID. The C macro
|
||||
This just makes a name foo for an OID. The C macro
|
||||
OBJ_foo will be created as a result.
|
||||
|
||||
!Cname foo
|
||||
|
||||
@ -67,7 +67,7 @@ while (<IN>)
|
||||
$myoid = &process_oid($myoid);
|
||||
}
|
||||
|
||||
if ($Cname eq "" && !($myln =~ / /))
|
||||
if ($Cname eq "" && ($myln =~ /^[_A-Za-z][\w.-]*$/ ))
|
||||
{
|
||||
$Cname = $myln;
|
||||
$Cname =~ s/\./_/g;
|
||||
|
||||
@ -64,6 +64,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
|
||||
|
||||
@ -361,8 +361,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
|
||||
ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
|
||||
if (val)
|
||||
memcpy(tmpval, val, len);
|
||||
else
|
||||
RAND_pseudo_bytes(tmpval, len);
|
||||
else if (RAND_pseudo_bytes(tmpval, len) < 0)
|
||||
goto err;
|
||||
if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
|
||||
&os, 0, X509V3_ADD_REPLACE))
|
||||
goto err;
|
||||
|
||||
@ -64,6 +64,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
|
||||
|
||||
@ -435,7 +435,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
|
||||
int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
|
||||
pem_password_cb *callback, void *u)
|
||||
{
|
||||
int i, j, o, klen;
|
||||
int i = 0, j, o, klen;
|
||||
long len;
|
||||
EVP_CIPHER_CTX ctx;
|
||||
unsigned char key[EVP_MAX_KEY_LENGTH];
|
||||
|
||||
@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
|
||||
if (kstr == buf)
|
||||
OPENSSL_cleanse(buf, klen);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
if (p8 == NULL)
|
||||
return 0;
|
||||
if (isder)
|
||||
ret = i2d_PKCS8_bio(bp, p8);
|
||||
else
|
||||
|
||||
@ -67,6 +67,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -60,6 +60,7 @@
|
||||
#ifndef OPENSSL_NO_HMAC
|
||||
# include <stdio.h>
|
||||
# include "cryptlib.h"
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/hmac.h>
|
||||
# include <openssl/rand.h>
|
||||
# include <openssl/pkcs12.h>
|
||||
@ -123,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
|
||||
return 0;
|
||||
}
|
||||
if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
|
||||
|| memcmp(mac, p12->mac->dinfo->digest->data, maclen))
|
||||
|| CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
|
||||
return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -68,6 +68,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -63,6 +63,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -149,7 +149,7 @@ int RAND_poll(void)
|
||||
if (DosQuerySysState) {
|
||||
char *buffer = OPENSSL_malloc(256 * 1024);
|
||||
|
||||
if(!buffer)
|
||||
if (!buffer)
|
||||
return 0;
|
||||
|
||||
if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) {
|
||||
|
||||
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -69,6 +69,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
@ -69,6 +69,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user