mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-12-02 19:22:47 +00:00
MFC: r284283
Merge OpenSSL 1.0.1n.
This commit is contained in:
parent
b3f8877a9e
commit
be71513b0f
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/stable/10/; revision=284285
@ -2,6 +2,77 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
|
||||
|
||||
*) Malformed ECParameters causes infinite loop
|
||||
|
||||
When processing an ECParameters structure OpenSSL enters an infinite loop
|
||||
if the curve specified is over a specially malformed binary polynomial
|
||||
field.
|
||||
|
||||
This can be used to perform denial of service against any
|
||||
system which processes public keys, certificate requests or
|
||||
certificates. This includes TLS clients and TLS servers with
|
||||
client authentication enabled.
|
||||
|
||||
This issue was reported to OpenSSL by Joseph Barr-Pixton.
|
||||
(CVE-2015-1788)
|
||||
[Andy Polyakov]
|
||||
|
||||
*) Exploitable out-of-bounds read in X509_cmp_time
|
||||
|
||||
X509_cmp_time does not properly check the length of the ASN1_TIME
|
||||
string and can read a few bytes out of bounds. In addition,
|
||||
X509_cmp_time accepts an arbitrary number of fractional seconds in the
|
||||
time string.
|
||||
|
||||
An attacker can use this to craft malformed certificates and CRLs of
|
||||
various sizes and potentially cause a segmentation fault, resulting in
|
||||
a DoS on applications that verify certificates or CRLs. TLS clients
|
||||
that verify CRLs are affected. TLS clients and servers with client
|
||||
authentication enabled may be affected if they use custom verification
|
||||
callbacks.
|
||||
|
||||
This issue was reported to OpenSSL by Robert Swiecki (Google), and
|
||||
independently by Hanno Böck.
|
||||
(CVE-2015-1789)
|
||||
[Emilia Käsper]
|
||||
|
||||
*) PKCS7 crash with missing EnvelopedContent
|
||||
|
||||
The PKCS#7 parsing code does not handle missing inner EncryptedContent
|
||||
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
|
||||
with missing content and trigger a NULL pointer dereference on parsing.
|
||||
|
||||
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
|
||||
structures from untrusted sources are affected. OpenSSL clients and
|
||||
servers are not affected.
|
||||
|
||||
This issue was reported to OpenSSL by Michal Zalewski (Google).
|
||||
(CVE-2015-1790)
|
||||
[Emilia Käsper]
|
||||
|
||||
*) CMS verify infinite loop with unknown hash function
|
||||
|
||||
When verifying a signedData message the CMS code can enter an infinite loop
|
||||
if presented with an unknown hash function OID. This can be used to perform
|
||||
denial of service against any system which verifies signedData messages using
|
||||
the CMS code.
|
||||
This issue was reported to OpenSSL by Johannes Bauer.
|
||||
(CVE-2015-1792)
|
||||
[Stephen Henson]
|
||||
|
||||
*) Race condition handling NewSessionTicket
|
||||
|
||||
If a NewSessionTicket is received by a multi-threaded client when attempting to
|
||||
reuse a previous ticket then a race condition can occur potentially leading to
|
||||
a double free of the ticket data.
|
||||
(CVE-2015-1791)
|
||||
[Matt Caswell]
|
||||
|
||||
*) Reject DH handshakes with parameters shorter than 768 bits.
|
||||
[Kurt Roeckx and Emilia Kasper]
|
||||
|
||||
Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
|
||||
|
||||
*) Segmentation fault in ASN1_TYPE_cmp fix
|
||||
|
@ -230,12 +230,12 @@ my %table=(
|
||||
|
||||
#### SPARC Solaris with GNU C setups
|
||||
"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
|
||||
"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
|
||||
####
|
||||
"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
|
||||
#### SPARC Solaris with Sun C setups
|
||||
@ -252,7 +252,7 @@ my %table=(
|
||||
|
||||
#### SunOS configs, assuming sparc for the gcc one.
|
||||
#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
|
||||
"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
|
||||
"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
|
||||
|
||||
#### IRIX 5.x configs
|
||||
# -mips2 flag is added by ./config when appropriate.
|
||||
@ -379,7 +379,7 @@ my %table=(
|
||||
#### SPARC Linux setups
|
||||
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
|
||||
# assisted with debugging of following two configs.
|
||||
"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
# it's a real mess with -mcpu=ultrasparc option under Linux, but
|
||||
# -Wa,-Av8plus should do the trick no matter what.
|
||||
"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
@ -413,7 +413,7 @@ my %table=(
|
||||
"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
|
||||
"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
|
||||
# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
|
||||
|
@ -4,7 +4,7 @@
|
||||
## Makefile for OpenSSL
|
||||
##
|
||||
|
||||
VERSION=1.0.1m
|
||||
VERSION=1.0.1n
|
||||
MAJOR=1
|
||||
MINOR=0.1
|
||||
SHLIB_VERSION_NUMBER=1.0.0
|
||||
@ -186,7 +186,7 @@ WTARFILE= $(NAME)-win.tar
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
|
||||
all: Makefile build_all
|
||||
|
||||
# as we stick to -e, CLEARENV ensures that local variables in lower
|
||||
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
|
||||
@ -272,7 +272,10 @@ reflect:
|
||||
sub_all: build_all
|
||||
build_all: build_libs build_apps build_tests build_tools
|
||||
|
||||
build_libs: build_crypto build_ssl build_engines
|
||||
build_libs: build_libcrypto build_libssl openssl.pc
|
||||
|
||||
build_libcrypto: build_crypto build_engines libcrypto.pc
|
||||
build_libssl: build_ssl libssl.pc
|
||||
|
||||
build_crypto:
|
||||
@dir=crypto; target=all; $(BUILD_ONE_CMD)
|
||||
@ -461,6 +464,9 @@ tests: rehash
|
||||
report:
|
||||
@$(PERL) util/selftest.pl
|
||||
|
||||
update: errors stacks util/libeay.num util/ssleay.num TABLE
|
||||
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
depend:
|
||||
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
@ -485,26 +491,10 @@ util/libeay.num::
|
||||
util/ssleay.num::
|
||||
$(PERL) util/mkdef.pl ssl update
|
||||
|
||||
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
|
||||
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
|
||||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
|
||||
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
|
||||
crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
|
||||
$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
|
||||
|
||||
apps/openssl-vms.cnf: apps/openssl.cnf
|
||||
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
|
||||
|
||||
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
|
||||
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
|
||||
|
||||
|
||||
TABLE: Configure
|
||||
(echo 'Output of `Configure TABLE'"':"; \
|
||||
$(PERL) Configure TABLE) > TABLE
|
||||
|
||||
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
|
||||
|
||||
# Build distribution tar-file. As the list of files returned by "find" is
|
||||
# pretty long, on several platforms a "too many arguments" error or similar
|
||||
# would occur. Therefore the list of files is temporarily stored into a file
|
||||
|
@ -184,7 +184,7 @@ WTARFILE= $(NAME)-win.tar
|
||||
EXHEADER= e_os2.h
|
||||
HEADER= e_os.h
|
||||
|
||||
all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
|
||||
all: Makefile build_all
|
||||
|
||||
# as we stick to -e, CLEARENV ensures that local variables in lower
|
||||
# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
|
||||
@ -270,7 +270,10 @@ reflect:
|
||||
sub_all: build_all
|
||||
build_all: build_libs build_apps build_tests build_tools
|
||||
|
||||
build_libs: build_crypto build_ssl build_engines
|
||||
build_libs: build_libcrypto build_libssl openssl.pc
|
||||
|
||||
build_libcrypto: build_crypto build_engines libcrypto.pc
|
||||
build_libssl: build_ssl libssl.pc
|
||||
|
||||
build_crypto:
|
||||
@dir=crypto; target=all; $(BUILD_ONE_CMD)
|
||||
@ -459,6 +462,9 @@ tests: rehash
|
||||
report:
|
||||
@$(PERL) util/selftest.pl
|
||||
|
||||
update: errors stacks util/libeay.num util/ssleay.num TABLE
|
||||
@set -e; target=update; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
depend:
|
||||
@set -e; target=depend; $(RECURSIVE_BUILD_CMD)
|
||||
|
||||
@ -483,26 +489,10 @@ util/libeay.num::
|
||||
util/ssleay.num::
|
||||
$(PERL) util/mkdef.pl ssl update
|
||||
|
||||
crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
|
||||
$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
|
||||
crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
|
||||
$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
|
||||
crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
|
||||
$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
|
||||
|
||||
apps/openssl-vms.cnf: apps/openssl.cnf
|
||||
$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
|
||||
|
||||
crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
|
||||
$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
|
||||
|
||||
|
||||
TABLE: Configure
|
||||
(echo 'Output of `Configure TABLE'"':"; \
|
||||
$(PERL) Configure TABLE) > TABLE
|
||||
|
||||
update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
|
||||
|
||||
# Build distribution tar-file. As the list of files returned by "find" is
|
||||
# pretty long, on several platforms a "too many arguments" error or similar
|
||||
# would occur. Therefore the list of files is temporarily stored into a file
|
||||
|
@ -5,6 +5,14 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
|
||||
|
||||
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
|
||||
o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
|
||||
o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
|
||||
o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
|
||||
o Race condition handling NewSessionTicket (CVE-2015-1791)
|
||||
|
||||
Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
|
||||
|
||||
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 1.0.1m 19 Mar 2015
|
||||
OpenSSL 1.0.1n 11 Jun 2015
|
||||
|
||||
Copyright (c) 1998-2011 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
|
||||
sreq.o: req.c
|
||||
$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
|
||||
|
||||
openssl-vms.cnf: openssl.cnf
|
||||
$(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
|
||||
|
||||
files:
|
||||
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
|
||||
|
||||
@ -127,12 +130,12 @@ links:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
depend:
|
||||
@if [ -z "$(THIS)" ]; then \
|
||||
$(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
|
||||
else \
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
|
||||
fi
|
||||
update: openssl-vms.cnf local_depend
|
||||
|
||||
depend: local_depend
|
||||
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
||||
local_depend:
|
||||
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
|
||||
|
||||
dclean:
|
||||
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
|
||||
@ -144,10 +147,10 @@ clean:
|
||||
rm -f req
|
||||
|
||||
$(DLIBSSL):
|
||||
(cd ..; $(MAKE) DIRS=ssl all)
|
||||
(cd ..; $(MAKE) build_libssl)
|
||||
|
||||
$(DLIBCRYPTO):
|
||||
(cd ..; $(MAKE) DIRS=crypto all)
|
||||
(cd ..; $(MAKE) build_libcrypto)
|
||||
|
||||
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
|
||||
$(RM) $(EXE)
|
||||
|
@ -572,7 +572,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
|
||||
char *prompt = NULL;
|
||||
|
||||
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
|
||||
if(!prompt) {
|
||||
if (!prompt) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
UI_free(ui);
|
||||
return 0;
|
||||
@ -586,7 +586,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
|
||||
PW_MIN_LENGTH, bufsiz - 1);
|
||||
if (ok >= 0 && verify) {
|
||||
buff = (char *)OPENSSL_malloc(bufsiz);
|
||||
if(!buff) {
|
||||
if (!buff) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
UI_free(ui);
|
||||
OPENSSL_free(prompt);
|
||||
@ -2238,6 +2238,8 @@ int args_verify(char ***pargs, int *pargc,
|
||||
flags |= X509_V_FLAG_NOTIFY_POLICY;
|
||||
else if (!strcmp(arg, "-check_ss_sig"))
|
||||
flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
|
||||
else if (!strcmp(arg, "-no_alt_chains"))
|
||||
flags |= X509_V_FLAG_NO_ALT_CHAINS;
|
||||
else
|
||||
return 0;
|
||||
|
||||
|
@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
|
||||
{
|
||||
CONF *cnf = NULL;
|
||||
int len;
|
||||
long errline;
|
||||
long errline = 0;
|
||||
unsigned char *p;
|
||||
ASN1_TYPE *atyp = NULL;
|
||||
|
||||
|
@ -558,7 +558,7 @@ int MAIN(int argc, char **argv)
|
||||
#ifdef OPENSSL_SYS_VMS
|
||||
len = strlen(s) + sizeof(CONFIG_FILE);
|
||||
tofree = OPENSSL_malloc(len);
|
||||
if(!tofree) {
|
||||
if (!tofree) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
goto err;
|
||||
}
|
||||
@ -566,7 +566,7 @@ int MAIN(int argc, char **argv)
|
||||
#else
|
||||
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
|
||||
tofree = OPENSSL_malloc(len);
|
||||
if(!tofree) {
|
||||
if (!tofree) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
goto err;
|
||||
}
|
||||
@ -2803,7 +2803,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
ASN1_GENERALIZEDTIME *comp_time = NULL;
|
||||
tmp = BUF_strdup(str);
|
||||
|
||||
if(!tmp) {
|
||||
if (!tmp) {
|
||||
BIO_printf(bio_err, "memory allocation failure\n");
|
||||
goto err;
|
||||
}
|
||||
@ -2825,7 +2825,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
|
||||
if (prevtm) {
|
||||
*prevtm = ASN1_UTCTIME_new();
|
||||
if(!*prevtm) {
|
||||
if (!*prevtm) {
|
||||
BIO_printf(bio_err, "memory allocation failure\n");
|
||||
goto err;
|
||||
}
|
||||
@ -2869,7 +2869,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
|
||||
goto err;
|
||||
}
|
||||
comp_time = ASN1_GENERALIZEDTIME_new();
|
||||
if(!comp_time) {
|
||||
if (!comp_time) {
|
||||
BIO_printf(bio_err, "memory allocation failure\n");
|
||||
goto err;
|
||||
}
|
||||
|
@ -580,6 +580,8 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
BIO_printf(bio_err,
|
||||
|
@ -130,7 +130,7 @@
|
||||
# undef PROG
|
||||
# define PROG dhparam_main
|
||||
|
||||
# define DEFBITS 512
|
||||
# define DEFBITS 2048
|
||||
|
||||
/*-
|
||||
* -inform arg - input format - default PEM (DER or PEM)
|
||||
@ -254,7 +254,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
" -5 generate parameters using 5 as the generator value\n");
|
||||
BIO_printf(bio_err,
|
||||
" numbits number of bits in to generate (default 512)\n");
|
||||
" numbits number of bits in to generate (default 2048)\n");
|
||||
# ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err,
|
||||
" -engine e use engine e, possibly a hardware device.\n");
|
||||
|
@ -548,9 +548,14 @@ int MAIN(int argc, char **argv)
|
||||
else
|
||||
OPENSSL_cleanse(str, strlen(str));
|
||||
}
|
||||
if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
|
||||
BIO_printf(bio_err, "invalid hex iv value\n");
|
||||
goto end;
|
||||
if (hiv != NULL) {
|
||||
int siz = EVP_CIPHER_iv_length(cipher);
|
||||
if (siz == 0) {
|
||||
BIO_printf(bio_err, "warning: iv not use by this cipher\n");
|
||||
} else if (!set_hex(hiv, iv, sizeof iv)) {
|
||||
BIO_printf(bio_err, "invalid hex iv value\n");
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
if ((hiv == NULL) && (str == NULL)
|
||||
&& EVP_CIPHER_iv_length(cipher) != 0) {
|
||||
@ -562,7 +567,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err, "iv undefined\n");
|
||||
goto end;
|
||||
}
|
||||
if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
|
||||
if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
|
||||
BIO_printf(bio_err, "invalid hex key value\n");
|
||||
goto end;
|
||||
}
|
||||
|
@ -80,7 +80,7 @@
|
||||
# include <openssl/x509.h>
|
||||
# include <openssl/pem.h>
|
||||
|
||||
# define DEFBITS 512
|
||||
# define DEFBITS 2048
|
||||
# undef PROG
|
||||
# define PROG gendh_main
|
||||
|
||||
|
@ -518,6 +518,8 @@ int MAIN(int argc, char **argv)
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err,
|
||||
"-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-VAfile file validator certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
|
@ -111,6 +111,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h> /* for memcpy() */
|
||||
#define USE_SOCKETS
|
||||
#define NON_MAIN
|
||||
#include "apps.h"
|
||||
@ -747,7 +748,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
|
||||
|
||||
/* Initialize a random secret */
|
||||
if (!cookie_initialized) {
|
||||
if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
|
||||
if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
|
||||
BIO_printf(bio_err, "error setting random cookie secret\n");
|
||||
return 0;
|
||||
}
|
||||
|
@ -322,6 +322,8 @@ static void sc_usage(void)
|
||||
" -pass arg - private key file pass phrase source\n");
|
||||
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err,
|
||||
" -no_alt_chains - only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
" -reconnect - Drop and re-make the connection with the same Session-ID\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -547,7 +549,7 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
|
||||
PW_CB_DATA cb_tmp;
|
||||
int l;
|
||||
|
||||
if(!pass) {
|
||||
if (!pass) {
|
||||
BIO_printf(bio_err, "Malloc failure\n");
|
||||
return NULL;
|
||||
}
|
||||
@ -1177,13 +1179,12 @@ int MAIN(int argc, char **argv)
|
||||
if (!set_cert_key_stuff(ctx, cert, key))
|
||||
goto end;
|
||||
|
||||
if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
|
||||
(!SSL_CTX_set_default_verify_paths(ctx))) {
|
||||
/*
|
||||
* BIO_printf(bio_err,"error setting default verify locations\n");
|
||||
*/
|
||||
if ((CAfile || CApath)
|
||||
&& !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
|
||||
ERR_print_errors(bio_err);
|
||||
}
|
||||
if (!SSL_CTX_set_default_verify_paths(ctx)) {
|
||||
ERR_print_errors(bio_err);
|
||||
/* goto end; */
|
||||
}
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (servername != NULL) {
|
||||
|
@ -219,7 +219,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
|
||||
unsigned int *id_len);
|
||||
#ifndef OPENSSL_NO_DH
|
||||
static DH *load_dh_param(const char *dhfile);
|
||||
static DH *get_dh512(void);
|
||||
static DH *get_dh2048(void);
|
||||
#endif
|
||||
|
||||
#ifdef MONOLITH
|
||||
@ -227,30 +227,48 @@ static void s_server_init(void);
|
||||
#endif
|
||||
|
||||
#ifndef OPENSSL_NO_DH
|
||||
static unsigned char dh512_p[] = {
|
||||
0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
|
||||
0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
|
||||
0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
|
||||
0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
|
||||
0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
|
||||
0x47, 0x74, 0xE8, 0x33,
|
||||
static unsigned char dh2048_p[] = {
|
||||
0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
|
||||
0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
|
||||
0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
|
||||
0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
|
||||
0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
|
||||
0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
|
||||
0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
|
||||
0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
|
||||
0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
|
||||
0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
|
||||
0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
|
||||
0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
|
||||
0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
|
||||
0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
|
||||
0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
|
||||
0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
|
||||
0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
|
||||
0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
|
||||
0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
|
||||
0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
|
||||
0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
|
||||
0xE9,0x32,0x0B,0x3B,
|
||||
};
|
||||
|
||||
static unsigned char dh512_g[] = {
|
||||
static unsigned char dh2048_g[] = {
|
||||
0x02,
|
||||
};
|
||||
|
||||
static DH *get_dh512(void)
|
||||
DH *get_dh2048()
|
||||
{
|
||||
DH *dh = NULL;
|
||||
DH *dh;
|
||||
|
||||
if ((dh = DH_new()) == NULL)
|
||||
return (NULL);
|
||||
dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
|
||||
dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
|
||||
if ((dh->p == NULL) || (dh->g == NULL))
|
||||
return (NULL);
|
||||
return (dh);
|
||||
return NULL;
|
||||
dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
|
||||
dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
|
||||
if (dh->p == NULL || dh->g == NULL) {
|
||||
DH_free(dh);
|
||||
return NULL;
|
||||
}
|
||||
return dh;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -522,6 +540,8 @@ static void sv_usage(void)
|
||||
BIO_printf(bio_err, " -state - Print the SSL states\n");
|
||||
BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
|
||||
BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
|
||||
BIO_printf(bio_err,
|
||||
" -no_alt_chains - only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
" -nocert - Don't use any certificates (Anon-DH)\n");
|
||||
BIO_printf(bio_err,
|
||||
@ -720,7 +740,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl)
|
||||
num = inl;
|
||||
wbuf =
|
||||
(EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
|
||||
if(!wbuf)
|
||||
if (!wbuf)
|
||||
return 0;
|
||||
OPENSSL_free(b->ptr);
|
||||
|
||||
@ -998,7 +1018,7 @@ int MAIN(int argc, char *argv[])
|
||||
int off = 0;
|
||||
int no_tmp_rsa = 0, no_dhe = 0, nocert = 0;
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
int no_ecdhe;
|
||||
int no_ecdhe = 0;
|
||||
#endif
|
||||
int state = 0;
|
||||
const SSL_METHOD *meth = NULL;
|
||||
@ -1654,7 +1674,11 @@ int MAIN(int argc, char *argv[])
|
||||
BIO_printf(bio_s_out, "Setting temp DH parameters\n");
|
||||
} else {
|
||||
BIO_printf(bio_s_out, "Using default temp DH parameters\n");
|
||||
dh = get_dh512();
|
||||
dh = get_dh2048();
|
||||
if (dh == NULL) {
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
(void)BIO_flush(bio_s_out);
|
||||
|
||||
@ -2251,8 +2275,10 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
ret = 1;
|
||||
goto err;
|
||||
}
|
||||
l += k;
|
||||
i -= k;
|
||||
if (k > 0) {
|
||||
l += k;
|
||||
i -= k;
|
||||
}
|
||||
if (i <= 0)
|
||||
break;
|
||||
}
|
||||
@ -2916,7 +2942,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
|
||||
{
|
||||
unsigned int count = 0;
|
||||
do {
|
||||
RAND_pseudo_bytes(id, *id_len);
|
||||
if (RAND_pseudo_bytes(id, *id_len) < 0)
|
||||
return 0;
|
||||
/*
|
||||
* Prefix the session_id with the required prefix. NB: If our prefix
|
||||
* is too long, clip it - but there will be worse effects anyway, eg.
|
||||
|
@ -302,7 +302,7 @@ static int parseArgs(int argc, char **argv)
|
||||
if (--argc < 1)
|
||||
goto bad;
|
||||
maxTime = atoi(*(++argv));
|
||||
if(maxTime <= 0) {
|
||||
if (maxTime <= 0) {
|
||||
BIO_printf(bio_err, "time must be > 0\n");
|
||||
badop = 1;
|
||||
}
|
||||
|
@ -441,6 +441,8 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf(bio_err,
|
||||
"-CApath dir trusted certificates directory\n");
|
||||
BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
|
||||
BIO_printf(bio_err,
|
||||
"-no_alt_chains only ever use the first certificate chain found\n");
|
||||
BIO_printf(bio_err,
|
||||
"-crl_check check revocation status of signer's certificate using CRLs\n");
|
||||
BIO_printf(bio_err,
|
||||
|
@ -435,7 +435,7 @@ int MAIN(int argc, char **argv)
|
||||
# ifdef OPENSSL_SYS_VMS
|
||||
len = strlen(s) + sizeof(CONFIG_FILE);
|
||||
tofree = OPENSSL_malloc(len);
|
||||
if(!tofree) {
|
||||
if (!tofree) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
goto err;
|
||||
}
|
||||
@ -443,7 +443,7 @@ int MAIN(int argc, char **argv)
|
||||
# else
|
||||
len = strlen(s) + sizeof(CONFIG_FILE) + 1;
|
||||
tofree = OPENSSL_malloc(len);
|
||||
if(!tofree) {
|
||||
if (!tofree) {
|
||||
BIO_printf(bio_err, "Out of memory\n");
|
||||
goto err;
|
||||
}
|
||||
|
@ -227,7 +227,7 @@ int MAIN(int argc, char **argv)
|
||||
if (ret == 1) {
|
||||
BIO_printf(bio_err,
|
||||
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
|
||||
BIO_printf(bio_err, " [-attime timestamp]");
|
||||
BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
BIO_printf(bio_err, " [-engine e]");
|
||||
#endif
|
||||
|
@ -126,12 +126,17 @@ install:
|
||||
lint:
|
||||
@target=lint; $(RECURSIVE_MAKE)
|
||||
|
||||
depend:
|
||||
update: local_depend
|
||||
@[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
|
||||
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
||||
|
||||
depend: local_depend
|
||||
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
|
||||
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
||||
local_depend:
|
||||
@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
|
||||
@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
|
||||
@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
|
||||
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
|
||||
|
||||
clean:
|
||||
rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
|
||||
|
@ -106,6 +106,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -93,6 +93,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
else {
|
||||
ret = a->length;
|
||||
i = a->data[0];
|
||||
if (ret == 1 && i == 0)
|
||||
neg = 0;
|
||||
if (!neg && (i > 127)) {
|
||||
pad = 1;
|
||||
pb = 0;
|
||||
@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
p += a->length - 1;
|
||||
i = a->length;
|
||||
/* Copy zeros to destination as long as source is zero */
|
||||
while (!*n) {
|
||||
while (!*n && i > 1) {
|
||||
*(p--) = 0;
|
||||
n--;
|
||||
i--;
|
||||
@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
|
||||
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (BN_is_negative(bn))
|
||||
if (BN_is_negative(bn) && !BN_is_zero(bn))
|
||||
ret->type = V_ASN1_NEG_INTEGER;
|
||||
else
|
||||
ret->type = V_ASN1_INTEGER;
|
||||
|
@ -74,6 +74,8 @@
|
||||
#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
|
||||
|
||||
#define ASN1_FLAG_EXP_MAX 20
|
||||
/* Maximum number of nested sequences */
|
||||
#define ASN1_GEN_SEQ_MAX_DEPTH 50
|
||||
|
||||
/* Input formats */
|
||||
|
||||
@ -110,13 +112,16 @@ typedef struct {
|
||||
int exp_count;
|
||||
} tag_exp_arg;
|
||||
|
||||
static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
|
||||
int *perr);
|
||||
static int bitstr_cb(const char *elem, int len, void *bitstr);
|
||||
static int asn1_cb(const char *elem, int len, void *bitstr);
|
||||
static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
|
||||
int exp_constructed, int exp_pad, int imp_ok);
|
||||
static int parse_tagging(const char *vstart, int vlen, int *ptag,
|
||||
int *pclass);
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
|
||||
int depth, int *perr);
|
||||
static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
|
||||
static int asn1_str2tag(const char *tagstr, int len);
|
||||
|
||||
@ -132,6 +137,16 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
|
||||
}
|
||||
|
||||
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
|
||||
{
|
||||
int err = 0;
|
||||
ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
|
||||
if (err)
|
||||
ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
|
||||
int *perr)
|
||||
{
|
||||
ASN1_TYPE *ret;
|
||||
tag_exp_arg asn1_tags;
|
||||
@ -152,17 +167,22 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
|
||||
asn1_tags.imp_class = -1;
|
||||
asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
|
||||
asn1_tags.exp_count = 0;
|
||||
if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
|
||||
if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
|
||||
*perr = ASN1_R_UNKNOWN_TAG;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ((asn1_tags.utype == V_ASN1_SEQUENCE)
|
||||
|| (asn1_tags.utype == V_ASN1_SET)) {
|
||||
if (!cnf) {
|
||||
ASN1err(ASN1_F_ASN1_GENERATE_V3,
|
||||
ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
|
||||
*perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
|
||||
return NULL;
|
||||
}
|
||||
ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
|
||||
if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
|
||||
*perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
|
||||
return NULL;
|
||||
}
|
||||
ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
|
||||
} else
|
||||
ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
|
||||
|
||||
@ -280,7 +300,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
|
||||
int tmp_tag, tmp_class;
|
||||
|
||||
if (elem == NULL)
|
||||
return 0;
|
||||
return -1;
|
||||
|
||||
for (i = 0, p = elem; i < len; p++, i++) {
|
||||
/* Look for the ':' in name value pairs */
|
||||
@ -353,7 +373,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
|
||||
break;
|
||||
|
||||
case ASN1_GEN_FLAG_FORMAT:
|
||||
if(!vstart) {
|
||||
if (!vstart) {
|
||||
ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
|
||||
return -1;
|
||||
}
|
||||
@ -435,7 +455,8 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
|
||||
|
||||
/* Handle multiple types: SET and SEQUENCE */
|
||||
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
|
||||
static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
|
||||
int depth, int *perr)
|
||||
{
|
||||
ASN1_TYPE *ret = NULL;
|
||||
STACK_OF(ASN1_TYPE) *sk = NULL;
|
||||
@ -454,7 +475,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
|
||||
goto bad;
|
||||
for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
|
||||
ASN1_TYPE *typ =
|
||||
ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
|
||||
generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
|
||||
depth + 1, perr);
|
||||
if (!typ)
|
||||
goto bad;
|
||||
if (!sk_ASN1_TYPE_push(sk, typ))
|
||||
|
@ -289,7 +289,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
|
||||
if ((flags & SMIME_DETACHED) && data) {
|
||||
/* We want multipart/signed */
|
||||
/* Generate a random boundary */
|
||||
RAND_pseudo_bytes((unsigned char *)bound, 32);
|
||||
if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
|
||||
return 0;
|
||||
for (i = 0; i < 32; i++) {
|
||||
c = bound[i] & 0xf;
|
||||
if (c < 10)
|
||||
|
@ -162,7 +162,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
|
||||
|
||||
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
|
||||
p = OPENSSL_malloc(derlen);
|
||||
if(!p)
|
||||
if (!p)
|
||||
return 0;
|
||||
|
||||
ndef_aux->derbuf = p;
|
||||
@ -232,7 +232,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
|
||||
|
||||
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
|
||||
p = OPENSSL_malloc(derlen);
|
||||
if(!p)
|
||||
if (!p)
|
||||
return 0;
|
||||
|
||||
ndef_aux->derbuf = p;
|
||||
|
@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||
else
|
||||
asn1_cb = 0;
|
||||
|
||||
if (!combine)
|
||||
*pval = NULL;
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
if (it->sname)
|
||||
CRYPTO_push_info(it->sname);
|
||||
|
@ -290,7 +290,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
|
||||
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
|
||||
const ASN1_TEMPLATE *seqtt;
|
||||
seqtt = asn1_do_adb(fld, tt, 1);
|
||||
if(!seqtt)
|
||||
if (!seqtt)
|
||||
return 0;
|
||||
tmpfld = asn1_get_field_ptr(fld, seqtt);
|
||||
if (!asn1_template_print_ctx(out, tmpfld,
|
||||
|
@ -177,7 +177,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
||||
/* Save start position */
|
||||
q = *pp;
|
||||
|
||||
if(!a || *a == NULL) {
|
||||
if (!a || *a == NULL) {
|
||||
freeret = 1;
|
||||
}
|
||||
ret = d2i_X509(a, pp, length);
|
||||
@ -192,7 +192,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
||||
goto err;
|
||||
return ret;
|
||||
err:
|
||||
if(freeret) {
|
||||
if (freeret) {
|
||||
X509_free(ret);
|
||||
if (a)
|
||||
*a = NULL;
|
||||
|
@ -72,6 +72,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -73,6 +73,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -704,32 +704,29 @@ doapr_outch(char **sbuffer,
|
||||
/* If we haven't at least one buffer, someone has doe a big booboo */
|
||||
assert(*sbuffer != NULL || buffer != NULL);
|
||||
|
||||
if (buffer) {
|
||||
while (*currlen >= *maxlen) {
|
||||
if (*buffer == NULL) {
|
||||
if (*maxlen == 0)
|
||||
*maxlen = 1024;
|
||||
*buffer = OPENSSL_malloc(*maxlen);
|
||||
if(!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
if (*currlen > 0) {
|
||||
assert(*sbuffer != NULL);
|
||||
memcpy(*buffer, *sbuffer, *currlen);
|
||||
}
|
||||
*sbuffer = NULL;
|
||||
} else {
|
||||
*maxlen += 1024;
|
||||
*buffer = OPENSSL_realloc(*buffer, *maxlen);
|
||||
if(!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
/* |currlen| must always be <= |*maxlen| */
|
||||
assert(*currlen <= *maxlen);
|
||||
|
||||
if (buffer && *currlen == *maxlen) {
|
||||
*maxlen += 1024;
|
||||
if (*buffer == NULL) {
|
||||
*buffer = OPENSSL_malloc(*maxlen);
|
||||
if (!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
if (*currlen > 0) {
|
||||
assert(*sbuffer != NULL);
|
||||
memcpy(*buffer, *sbuffer, *currlen);
|
||||
}
|
||||
*sbuffer = NULL;
|
||||
} else {
|
||||
*buffer = OPENSSL_realloc(*buffer, *maxlen);
|
||||
if (!*buffer) {
|
||||
/* Panic! Can't really do anything sensible. Just return */
|
||||
return;
|
||||
}
|
||||
}
|
||||
/* What to do if *buffer is NULL? */
|
||||
assert(*sbuffer != NULL || *buffer != NULL);
|
||||
}
|
||||
|
||||
if (*currlen < *maxlen) {
|
||||
|
@ -139,7 +139,8 @@ static int nbiof_read(BIO *b, char *out, int outl)
|
||||
|
||||
BIO_clear_retry_flags(b);
|
||||
#if 1
|
||||
RAND_pseudo_bytes(&n, 1);
|
||||
if (RAND_pseudo_bytes(&n, 1) < 0)
|
||||
return -1;
|
||||
num = (n & 0x07);
|
||||
|
||||
if (outl > num)
|
||||
@ -178,7 +179,8 @@ static int nbiof_write(BIO *b, const char *in, int inl)
|
||||
num = nt->lwn;
|
||||
nt->lwn = 0;
|
||||
} else {
|
||||
RAND_pseudo_bytes(&n, 1);
|
||||
if (RAND_pseudo_bytes(&n, 1) < 0)
|
||||
return -1;
|
||||
num = (n & 7);
|
||||
}
|
||||
|
||||
|
@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in)
|
||||
|
||||
/* copy app data */
|
||||
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
|
||||
&bio->ex_data))
|
||||
&bio->ex_data)) {
|
||||
BIO_free(new_bio);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (ret == NULL) {
|
||||
eoc = new_bio;
|
||||
@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in)
|
||||
}
|
||||
return (ret);
|
||||
err:
|
||||
if (ret != NULL)
|
||||
BIO_free(ret);
|
||||
BIO_free_all(ret);
|
||||
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
|
@ -299,16 +299,17 @@ static void dgram_adjust_rcv_timeout(BIO *b)
|
||||
|
||||
/* Calculate time left until timer expires */
|
||||
memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
|
||||
timeleft.tv_sec -= timenow.tv_sec;
|
||||
timeleft.tv_usec -= timenow.tv_usec;
|
||||
if (timeleft.tv_usec < 0) {
|
||||
if (timeleft.tv_usec < timenow.tv_usec) {
|
||||
timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
|
||||
timeleft.tv_sec--;
|
||||
timeleft.tv_usec += 1000000;
|
||||
} else {
|
||||
timeleft.tv_usec -= timenow.tv_usec;
|
||||
}
|
||||
|
||||
if (timeleft.tv_sec < 0) {
|
||||
if (timeleft.tv_sec < timenow.tv_sec) {
|
||||
timeleft.tv_sec = 0;
|
||||
timeleft.tv_usec = 1;
|
||||
} else {
|
||||
timeleft.tv_sec -= timenow.tv_sec;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -953,7 +954,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
|
||||
*/
|
||||
sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
|
||||
authchunks = OPENSSL_malloc(sockopt_len);
|
||||
if(!authchunks) {
|
||||
if (!authchunks) {
|
||||
BIO_vfree(bio);
|
||||
return (NULL);
|
||||
}
|
||||
@ -1293,7 +1294,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
|
||||
(socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
|
||||
authchunks = OPENSSL_malloc(optlen);
|
||||
if (!authchunks) {
|
||||
BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR);
|
||||
BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
memset(authchunks, 0, sizeof(optlen));
|
||||
@ -1364,8 +1365,8 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
|
||||
if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) {
|
||||
char *tmp;
|
||||
data->saved_message.bio = b;
|
||||
if(!(tmp = OPENSSL_malloc(inl))) {
|
||||
BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR);
|
||||
if (!(tmp = OPENSSL_malloc(inl))) {
|
||||
BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
|
||||
return -1;
|
||||
}
|
||||
if (data->saved_message.data)
|
||||
|
@ -167,6 +167,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: bn_prime.h depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -797,6 +797,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
|
||||
* wouldn't be constructed with top!=dmax. */ \
|
||||
BN_ULONG *_not_const; \
|
||||
memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
|
||||
/* Debug only - safe to ignore error return */ \
|
||||
RAND_pseudo_bytes(&_tmp_char, 1); \
|
||||
memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
|
||||
(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
|
||||
@ -910,6 +911,7 @@ void ERR_load_BN_strings(void);
|
||||
# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
|
||||
# define BN_F_BN_GF2M_MOD_SQR 136
|
||||
# define BN_F_BN_GF2M_MOD_SQRT 137
|
||||
# define BN_F_BN_LSHIFT 145
|
||||
# define BN_F_BN_MOD_EXP2_MONT 118
|
||||
# define BN_F_BN_MOD_EXP_MONT 109
|
||||
# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
|
||||
@ -925,12 +927,14 @@ void ERR_load_BN_strings(void);
|
||||
# define BN_F_BN_NEW 113
|
||||
# define BN_F_BN_RAND 114
|
||||
# define BN_F_BN_RAND_RANGE 122
|
||||
# define BN_F_BN_RSHIFT 146
|
||||
# define BN_F_BN_USUB 115
|
||||
|
||||
/* Reason codes. */
|
||||
# define BN_R_ARG2_LT_ARG3 100
|
||||
# define BN_R_BAD_RECIPROCAL 101
|
||||
# define BN_R_BIGNUM_TOO_LONG 114
|
||||
# define BN_R_BITS_TOO_SMALL 118
|
||||
# define BN_R_CALLED_WITH_EVEN_MODULUS 102
|
||||
# define BN_R_DIV_BY_ZERO 103
|
||||
# define BN_R_ENCODING_ERROR 104
|
||||
@ -938,6 +942,7 @@ void ERR_load_BN_strings(void);
|
||||
# define BN_R_INPUT_NOT_REDUCED 110
|
||||
# define BN_R_INVALID_LENGTH 106
|
||||
# define BN_R_INVALID_RANGE 115
|
||||
# define BN_R_INVALID_SHIFT 119
|
||||
# define BN_R_NOT_A_SQUARE 111
|
||||
# define BN_R_NOT_INITIALIZED 107
|
||||
# define BN_R_NO_INVERSE 108
|
||||
|
@ -1,6 +1,6 @@
|
||||
/* crypto/bn/bn_err.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = {
|
||||
{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
|
||||
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
|
||||
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
|
||||
{ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
|
||||
{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
|
||||
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
|
||||
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
|
||||
@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = {
|
||||
{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
|
||||
{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
|
||||
{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
|
||||
{ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
|
||||
{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
|
||||
{0, NULL}
|
||||
};
|
||||
@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = {
|
||||
{ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
|
||||
{ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
|
||||
{ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
|
||||
{ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
|
||||
{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
|
||||
{ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
|
||||
{ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
|
||||
@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] = {
|
||||
{ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
|
||||
{ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
|
||||
{ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
|
||||
{ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
|
||||
{ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
|
||||
{ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
|
||||
{ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
|
||||
|
@ -694,9 +694,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
||||
}
|
||||
# else
|
||||
{
|
||||
int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy
|
||||
* of p */
|
||||
top = p->top;
|
||||
int i;
|
||||
int ubits = BN_num_bits(u);
|
||||
int vbits = BN_num_bits(v); /* v is copy of p */
|
||||
int top = p->top;
|
||||
BN_ULONG *udp, *bdp, *vdp, *cdp;
|
||||
|
||||
bn_wexpand(u, top);
|
||||
@ -740,8 +741,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
||||
ubits--;
|
||||
}
|
||||
|
||||
if (ubits <= BN_BITS2 && udp[0] == 1)
|
||||
break;
|
||||
if (ubits <= BN_BITS2) {
|
||||
if (udp[0] == 0) /* poly was reducible */
|
||||
goto err;
|
||||
if (udp[0] == 1)
|
||||
break;
|
||||
}
|
||||
|
||||
if (ubits < vbits) {
|
||||
i = ubits;
|
||||
|
@ -276,7 +276,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
|
||||
# endif
|
||||
# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
|
||||
# if defined(__GNUC__) && __GNUC__>=2
|
||||
# if __GNUC__>=4 && __GNUC_MINOR__>=4
|
||||
# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4)
|
||||
/* "h" constraint is no more since 4.4 */
|
||||
# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64)
|
||||
# define BN_UMULT_LOHI(low,high,a,b) ({ \
|
||||
|
@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
|
||||
char *buf;
|
||||
char *p;
|
||||
|
||||
buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
|
||||
if (a->neg && BN_is_zero(a)) {
|
||||
/* "-0" == 3 bytes including NULL terminator */
|
||||
buf = OPENSSL_malloc(3);
|
||||
} else {
|
||||
buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
|
||||
}
|
||||
if (buf == NULL) {
|
||||
BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
|
@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
|
||||
int ret = 0, bit, bytes, mask;
|
||||
time_t tim;
|
||||
|
||||
if (bits < 0 || (bits == 1 && top > 0)) {
|
||||
BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (bits == 0) {
|
||||
BN_zero(rnd);
|
||||
return 1;
|
||||
@ -157,7 +162,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
|
||||
unsigned char c;
|
||||
|
||||
for (i = 0; i < bytes; i++) {
|
||||
RAND_pseudo_bytes(&c, 1);
|
||||
if (RAND_pseudo_bytes(&c, 1) < 0)
|
||||
goto err;
|
||||
if (c >= 128 && i > 0)
|
||||
buf[i] = buf[i - 1];
|
||||
else if (c < 42)
|
||||
@ -168,7 +174,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
|
||||
}
|
||||
#endif
|
||||
|
||||
if (top != -1) {
|
||||
if (top >= 0) {
|
||||
if (top) {
|
||||
if (bit == 0) {
|
||||
buf[0] = 1;
|
||||
|
@ -137,6 +137,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
|
||||
bn_check_top(r);
|
||||
bn_check_top(a);
|
||||
|
||||
if (n < 0) {
|
||||
BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
|
||||
return 0;
|
||||
}
|
||||
|
||||
r->neg = a->neg;
|
||||
nw = n / BN_BITS2;
|
||||
if (bn_wexpand(r, a->top + nw + 1) == NULL)
|
||||
@ -174,6 +179,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
|
||||
bn_check_top(r);
|
||||
bn_check_top(a);
|
||||
|
||||
if (n < 0) {
|
||||
BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
|
||||
return 0;
|
||||
}
|
||||
|
||||
nw = n / BN_BITS2;
|
||||
rb = n % BN_BITS2;
|
||||
lb = BN_BITS2 - rb;
|
||||
|
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a)
|
||||
return;
|
||||
|
||||
if (a->data != NULL) {
|
||||
memset(a->data, 0, (unsigned int)a->max);
|
||||
OPENSSL_cleanse(a->data, a->max);
|
||||
OPENSSL_free(a->data);
|
||||
}
|
||||
OPENSSL_free(a);
|
||||
|
@ -73,6 +73,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -69,6 +69,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -126,6 +126,8 @@ EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
|
||||
|
||||
void CMAC_CTX_free(CMAC_CTX *ctx)
|
||||
{
|
||||
if (!ctx)
|
||||
return;
|
||||
CMAC_CTX_cleanup(ctx);
|
||||
OPENSSL_free(ctx);
|
||||
}
|
||||
|
@ -67,6 +67,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -231,7 +231,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
|
||||
return 0;
|
||||
}
|
||||
tmp = OPENSSL_malloc(inlen);
|
||||
if(!tmp)
|
||||
if (!tmp)
|
||||
return 0;
|
||||
/* setup IV by decrypting last two blocks */
|
||||
EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
|
||||
@ -297,8 +297,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
|
||||
out[3] = in[2] ^ 0xFF;
|
||||
memcpy(out + 4, in, inlen);
|
||||
/* Add random padding to end */
|
||||
if (olen > inlen + 4)
|
||||
RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
|
||||
if (olen > inlen + 4
|
||||
&& RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0)
|
||||
return 0;
|
||||
/* Encrypt twice */
|
||||
EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
|
||||
EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
|
||||
|
@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *upto)
|
||||
BIO_free(f);
|
||||
f = tbio;
|
||||
}
|
||||
while (f != upto);
|
||||
while (f && f != upto);
|
||||
} else
|
||||
BIO_free_all(f);
|
||||
}
|
||||
|
@ -64,6 +64,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
|
||||
|
@ -64,6 +64,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
|
||||
|
@ -806,8 +806,6 @@ int OPENSSL_isservice(void)
|
||||
if (_OPENSSL_isservice.p != (void *)-1)
|
||||
return (*_OPENSSL_isservice.f) ();
|
||||
|
||||
(void)GetDesktopWindow(); /* return value is ignored */
|
||||
|
||||
h = GetProcessWindowStation();
|
||||
if (h == NULL)
|
||||
return -1;
|
||||
|
@ -94,6 +94,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -455,8 +455,10 @@ void doencryption(void)
|
||||
rem = l % 8;
|
||||
len = l - rem;
|
||||
if (feof(DES_IN)) {
|
||||
for (i = 7 - rem; i > 0; i--)
|
||||
RAND_pseudo_bytes(buf + l++, 1);
|
||||
for (i = 7 - rem; i > 0; i--) {
|
||||
if (RAND_pseudo_bytes(buf + l++, 1) < 0)
|
||||
goto problems;
|
||||
}
|
||||
buf[l++] = rem;
|
||||
ex = 1;
|
||||
len += rem;
|
||||
|
@ -96,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
|
||||
const unsigned char *cp;
|
||||
static int start = 1;
|
||||
|
||||
if (len < 0)
|
||||
return -1;
|
||||
|
||||
if (outbuf == NULL) {
|
||||
outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
|
||||
if (outbuf == NULL)
|
||||
@ -132,7 +135,9 @@ int DES_enc_write(int fd, const void *_buf, int len,
|
||||
if (len < 8) {
|
||||
cp = shortbuf;
|
||||
memcpy(shortbuf, buf, len);
|
||||
RAND_pseudo_bytes(shortbuf + len, 8 - len);
|
||||
if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) {
|
||||
return -1;
|
||||
}
|
||||
rnum = 8;
|
||||
} else {
|
||||
cp = buf;
|
||||
|
@ -63,6 +63,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -135,7 +135,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
|
||||
dh = pkey->pkey.dh;
|
||||
|
||||
str = ASN1_STRING_new();
|
||||
if(!str) {
|
||||
if (!str) {
|
||||
DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
@ -63,6 +63,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -202,7 +202,8 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
|
||||
goto err;
|
||||
|
||||
if (!seed_len) {
|
||||
RAND_pseudo_bytes(seed, qsize);
|
||||
if (RAND_pseudo_bytes(seed, qsize) < 0)
|
||||
goto err;
|
||||
seed_is_random = 1;
|
||||
} else {
|
||||
seed_is_random = 0;
|
||||
|
@ -106,23 +106,23 @@ static DSA_METHOD openssl_dsa_meth = {
|
||||
#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
|
||||
do { \
|
||||
int _tmp_res53; \
|
||||
if((dsa)->meth->dsa_mod_exp) \
|
||||
if ((dsa)->meth->dsa_mod_exp) \
|
||||
_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
|
||||
(a2), (p2), (m), (ctx), (in_mont)); \
|
||||
else \
|
||||
_tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
|
||||
(m), (ctx), (in_mont)); \
|
||||
if(!_tmp_res53) err_instr; \
|
||||
if (!_tmp_res53) err_instr; \
|
||||
} while(0)
|
||||
#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
|
||||
do { \
|
||||
int _tmp_res53; \
|
||||
if((dsa)->meth->bn_mod_exp) \
|
||||
if ((dsa)->meth->bn_mod_exp) \
|
||||
_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
|
||||
(m), (ctx), (m_ctx)); \
|
||||
else \
|
||||
_tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
|
||||
if(!_tmp_res53) err_instr; \
|
||||
if (!_tmp_res53) err_instr; \
|
||||
} while(0)
|
||||
|
||||
const DSA_METHOD *DSA_OpenSSL(void)
|
||||
|
@ -63,6 +63,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
|
||||
* honest. For one thing, I think I have to return a negative value for any
|
||||
* error because possible DSO_ctrl() commands may return values such as
|
||||
* "size"s that can legitimately be zero (making the standard
|
||||
* "if(DSO_cmd(...))" form that works almost everywhere else fail at odd
|
||||
* "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
|
||||
* times. I'd prefer "output" values to be passed by reference and the return
|
||||
* value as success/failure like usual ... but we conform when we must... :-)
|
||||
*/
|
||||
|
@ -70,6 +70,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -387,7 +387,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
}
|
||||
|
||||
/* test required by X9.62 */
|
||||
if (!EC_POINT_is_on_curve(group, point, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
@ -1114,7 +1114,7 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
|
||||
{
|
||||
int ret = 0, ok = 0;
|
||||
unsigned char *buffer = NULL;
|
||||
size_t buf_len = 0, tmp_len;
|
||||
size_t buf_len = 0, tmp_len, bn_len;
|
||||
EC_PRIVATEKEY *priv_key = NULL;
|
||||
|
||||
if (a == NULL || a->group == NULL || a->priv_key == NULL ||
|
||||
@ -1130,18 +1130,32 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
|
||||
|
||||
priv_key->version = a->version;
|
||||
|
||||
buf_len = (size_t)BN_num_bytes(a->priv_key);
|
||||
bn_len = (size_t)BN_num_bytes(a->priv_key);
|
||||
|
||||
/* Octetstring may need leading zeros if BN is to short */
|
||||
|
||||
buf_len = (EC_GROUP_get_degree(a->group) + 7) / 8;
|
||||
|
||||
if (bn_len > buf_len) {
|
||||
ECerr(EC_F_I2D_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
|
||||
goto err;
|
||||
}
|
||||
|
||||
buffer = OPENSSL_malloc(buf_len);
|
||||
if (buffer == NULL) {
|
||||
ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!BN_bn2bin(a->priv_key, buffer)) {
|
||||
if (!BN_bn2bin(a->priv_key, buffer + buf_len - bn_len)) {
|
||||
ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (buf_len - bn_len > 0) {
|
||||
memset(buffer, 0, buf_len - bn_len);
|
||||
}
|
||||
|
||||
if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) {
|
||||
ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
|
||||
goto err;
|
||||
|
@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
|
||||
ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
@ -314,7 +314,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
|
||||
goto err;
|
||||
|
||||
/* testing whether the pub_key is on the elliptic curve */
|
||||
if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
|
||||
if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
@ -451,14 +451,6 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
|
||||
int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
|
||||
|
||||
/* method functions in ec2_mult.c */
|
||||
int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
|
||||
const BIGNUM *scalar, size_t num,
|
||||
const EC_POINT *points[], const BIGNUM *scalars[],
|
||||
BN_CTX *);
|
||||
int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
|
||||
int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
|
||||
|
||||
#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
|
||||
/* method functions in ecp_nistp224.c */
|
||||
int ec_GFp_nistp224_group_init(EC_GROUP *group);
|
||||
|
@ -934,6 +934,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
|
||||
return group->meth->is_at_infinity(group, point);
|
||||
}
|
||||
|
||||
/*
|
||||
* Check whether an EC_POINT is on the curve or not. Note that the return
|
||||
* value for this function should NOT be treated as a boolean. Return values:
|
||||
* 1: The point is on the curve
|
||||
* 0: The point is not on the curve
|
||||
* -1: An error occurred
|
||||
*/
|
||||
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
|
||||
BN_CTX *ctx)
|
||||
{
|
||||
|
@ -338,12 +338,14 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
|
||||
|
||||
if (buf == NULL)
|
||||
return 1;
|
||||
if (off) {
|
||||
if (off > 0) {
|
||||
if (off > 128)
|
||||
off = 128;
|
||||
memset(str, ' ', off);
|
||||
if (BIO_write(fp, str, off) <= 0)
|
||||
return 0;
|
||||
} else {
|
||||
off = 0;
|
||||
}
|
||||
|
||||
if (BIO_printf(fp, "%s", name) <= 0)
|
||||
|
@ -413,7 +413,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
}
|
||||
|
||||
/* test required by X9.62 */
|
||||
if (!EC_POINT_is_on_curve(group, point, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
@ -412,7 +412,7 @@ static void prime_field_tests(void)
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, Q, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
|
||||
if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
|
||||
ABORT;
|
||||
fprintf(stderr, "Point is not on curve: x = 0x");
|
||||
@ -544,7 +544,7 @@ static void prime_field_tests(void)
|
||||
ABORT;
|
||||
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
|
||||
ABORT;
|
||||
@ -593,7 +593,7 @@ static void prime_field_tests(void)
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
|
||||
ABORT;
|
||||
@ -646,7 +646,7 @@ static void prime_field_tests(void)
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn
|
||||
(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
|
||||
@ -705,7 +705,7 @@ static void prime_field_tests(void)
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
|
||||
"84F3B9CAC2FC632551"))
|
||||
@ -761,7 +761,7 @@ static void prime_field_tests(void)
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
|
||||
@ -820,7 +820,7 @@ static void prime_field_tests(void)
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
|
||||
@ -864,7 +864,7 @@ static void prime_field_tests(void)
|
||||
ABORT;
|
||||
if (!EC_POINT_dbl(group, P, P, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!EC_POINT_invert(group, Q, ctx))
|
||||
ABORT; /* P = -2Q */
|
||||
@ -1008,7 +1008,7 @@ static void prime_field_tests(void)
|
||||
# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
|
||||
if (!BN_hex2bn(&x, _x)) ABORT; \
|
||||
if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
|
||||
if (!BN_hex2bn(&z, _order)) ABORT; \
|
||||
if (!BN_hex2bn(&cof, _cof)) ABORT; \
|
||||
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
|
||||
@ -1026,7 +1026,7 @@ static void prime_field_tests(void)
|
||||
if (!BN_hex2bn(&x, _x)) ABORT; \
|
||||
if (!BN_hex2bn(&y, _y)) ABORT; \
|
||||
if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
|
||||
if (!BN_hex2bn(&z, _order)) ABORT; \
|
||||
if (!BN_hex2bn(&cof, _cof)) ABORT; \
|
||||
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
|
||||
@ -1157,7 +1157,7 @@ static void char2_field_tests(void)
|
||||
if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
|
||||
ABORT;
|
||||
# endif
|
||||
if (!EC_POINT_is_on_curve(group, Q, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
|
||||
/* Change test based on whether binary point compression is enabled or not. */
|
||||
# ifdef OPENSSL_EC_BIN_PT_COMP
|
||||
if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
|
||||
@ -1378,7 +1378,7 @@ static void char2_field_tests(void)
|
||||
ABORT;
|
||||
if (!EC_POINT_dbl(group, P, P, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!EC_POINT_invert(group, Q, ctx))
|
||||
ABORT; /* P = -2Q */
|
||||
|
@ -62,6 +62,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -62,6 +62,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -296,8 +296,8 @@ int test_builtin(BIO *out)
|
||||
int nid, ret = 0;
|
||||
|
||||
/* fill digest values with some random data */
|
||||
if (!RAND_pseudo_bytes(digest, 20) ||
|
||||
!RAND_pseudo_bytes(wrong_digest, 20)) {
|
||||
if (RAND_pseudo_bytes(digest, 20) <= 0 ||
|
||||
RAND_pseudo_bytes(wrong_digest, 20) <= 0) {
|
||||
BIO_printf(out, "ERROR: unable to get random data\n");
|
||||
goto builtin_err;
|
||||
}
|
||||
|
@ -71,6 +71,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -351,6 +351,8 @@ void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
|
||||
ENGINE_PILE_DOALL dall;
|
||||
dall.cb = cb;
|
||||
dall.arg = arg;
|
||||
lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
|
||||
ENGINE_PILE_DOALL, &dall);
|
||||
if (table)
|
||||
lh_ENGINE_PILE_doall_arg(&table->piles,
|
||||
LHASH_DOALL_ARG_FN(int_cb),
|
||||
ENGINE_PILE_DOALL, &dall);
|
||||
}
|
||||
|
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -86,6 +86,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
|
||||
|
@ -491,7 +491,8 @@ static int sig_out(BIO *b)
|
||||
* FIXME: there's absolutely no guarantee this makes any sense at all,
|
||||
* particularly now EVP_MD_CTX has been restructured.
|
||||
*/
|
||||
RAND_pseudo_bytes(md->md_data, md->digest->md_size);
|
||||
if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0)
|
||||
goto berr;
|
||||
memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
|
||||
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
|
||||
ctx->buf_len += md->digest->md_size;
|
||||
|
@ -50,6 +50,7 @@
|
||||
|
||||
#include <openssl/opensslconf.h>
|
||||
#ifndef OPENSSL_NO_AES
|
||||
#include <openssl/crypto.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/err.h>
|
||||
# include <string.h>
|
||||
@ -753,7 +754,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
|
||||
|
||||
case EVP_CTRL_AEAD_TLS1_AAD:
|
||||
/* Save the AAD for later use */
|
||||
if (arg != 13)
|
||||
if (arg != EVP_AEAD_TLS1_AAD_LEN)
|
||||
return 0;
|
||||
memcpy(c->buf, ptr, arg);
|
||||
gctx->tls_aad_len = arg;
|
||||
@ -914,7 +915,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
/* Retrieve tag */
|
||||
CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
|
||||
/* If tag mismatch wipe buffer */
|
||||
if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
|
||||
if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
|
||||
OPENSSL_cleanse(out, len);
|
||||
goto err;
|
||||
}
|
||||
@ -1259,7 +1260,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
!CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
|
||||
unsigned char tag[16];
|
||||
if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
|
||||
if (!memcmp(tag, ctx->buf, cctx->M))
|
||||
if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M))
|
||||
rv = len;
|
||||
}
|
||||
}
|
||||
|
@ -503,7 +503,12 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||
case EVP_CTRL_AEAD_TLS1_AAD:
|
||||
{
|
||||
unsigned char *p = ptr;
|
||||
unsigned int len = p[arg - 2] << 8 | p[arg - 1];
|
||||
unsigned int len;
|
||||
|
||||
if (arg != EVP_AEAD_TLS1_AAD_LEN)
|
||||
return -1;
|
||||
|
||||
len = p[arg - 2] << 8 | p[arg - 1];
|
||||
|
||||
if (ctx->encrypt) {
|
||||
key->payload_length = len;
|
||||
@ -520,8 +525,6 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||
AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
|
||||
- len);
|
||||
} else {
|
||||
if (arg > 13)
|
||||
arg = 13;
|
||||
memcpy(key->aux.tls_aad, ptr, arg);
|
||||
key->payload_length = arg;
|
||||
|
||||
|
@ -54,6 +54,7 @@
|
||||
|
||||
#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
|
||||
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/objects.h>
|
||||
# include <openssl/rc4.h>
|
||||
@ -210,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
|
||||
MD5_Final(mac, &key->md);
|
||||
|
||||
if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
|
||||
if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
|
||||
return 0;
|
||||
} else {
|
||||
MD5_Update(&key->md, out + md5_off, len - md5_off);
|
||||
@ -258,7 +259,12 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
||||
case EVP_CTRL_AEAD_TLS1_AAD:
|
||||
{
|
||||
unsigned char *p = ptr;
|
||||
unsigned int len = p[arg - 2] << 8 | p[arg - 1];
|
||||
unsigned int len;
|
||||
|
||||
if (arg != EVP_AEAD_TLS1_AAD_LEN)
|
||||
return -1;
|
||||
|
||||
len = p[arg - 2] << 8 | p[arg - 1];
|
||||
|
||||
if (!ctx->encrypt) {
|
||||
len -= MD5_DIGEST_LENGTH;
|
||||
|
@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
|
||||
unsigned int total = 0;
|
||||
|
||||
*outl = 0;
|
||||
if (inl == 0)
|
||||
if (inl <= 0)
|
||||
return;
|
||||
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
|
||||
if ((ctx->num + inl) < ctx->length) {
|
||||
|
@ -103,7 +103,6 @@
|
||||
# define EVP_PKS_RSA 0x0100
|
||||
# define EVP_PKS_DSA 0x0200
|
||||
# define EVP_PKS_EC 0x0400
|
||||
# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
|
||||
|
||||
# define EVP_PKEY_NONE NID_undef
|
||||
# define EVP_PKEY_RSA NID_rsaEncryption
|
||||
@ -409,6 +408,9 @@ struct evp_cipher_st {
|
||||
/* Set the GCM invocation field, decrypt only */
|
||||
# define EVP_CTRL_GCM_SET_IV_INV 0x18
|
||||
|
||||
/* RFC 5246 defines additional data to be 13 bytes in length */
|
||||
# define EVP_AEAD_TLS1_AAD_LEN 13
|
||||
|
||||
/* GCM TLS constants */
|
||||
/* Length of fixed part of IV derived from PRF */
|
||||
# define EVP_GCM_TLS_FIXED_IV_LEN 4
|
||||
|
@ -82,8 +82,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
|
||||
return 1;
|
||||
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
|
||||
return 0;
|
||||
if (EVP_CIPHER_CTX_iv_length(ctx))
|
||||
RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx));
|
||||
if (EVP_CIPHER_CTX_iv_length(ctx)
|
||||
&& RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
|
||||
return 0;
|
||||
|
||||
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
|
||||
return 0;
|
||||
|
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -91,8 +91,14 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
|
||||
if (md != NULL) {
|
||||
reset = 1;
|
||||
ctx->md = md;
|
||||
} else
|
||||
} else if (ctx->md) {
|
||||
md = ctx->md;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!ctx->key_init && key == NULL)
|
||||
return 0;
|
||||
|
||||
if (key != NULL) {
|
||||
reset = 1;
|
||||
@ -107,13 +113,15 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
|
||||
&ctx->key_length))
|
||||
goto err;
|
||||
} else {
|
||||
OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key));
|
||||
if (len < 0 || len > (int)sizeof(ctx->key))
|
||||
return 0;
|
||||
memcpy(ctx->key, key, len);
|
||||
ctx->key_length = len;
|
||||
}
|
||||
if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
|
||||
memset(&ctx->key[ctx->key_length], 0,
|
||||
HMAC_MAX_MD_CBLOCK - ctx->key_length);
|
||||
ctx->key_init = 1;
|
||||
}
|
||||
|
||||
if (reset) {
|
||||
@ -151,6 +159,9 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
|
||||
if (FIPS_mode() && !ctx->i_ctx.engine)
|
||||
return FIPS_hmac_update(ctx, data, len);
|
||||
#endif
|
||||
if (!ctx->key_init)
|
||||
return 0;
|
||||
|
||||
return EVP_DigestUpdate(&ctx->md_ctx, data, len);
|
||||
}
|
||||
|
||||
@ -163,6 +174,9 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
|
||||
return FIPS_hmac_final(ctx, md, len);
|
||||
#endif
|
||||
|
||||
if (!ctx->key_init)
|
||||
goto err;
|
||||
|
||||
if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
|
||||
goto err;
|
||||
if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))
|
||||
@ -181,6 +195,8 @@ void HMAC_CTX_init(HMAC_CTX *ctx)
|
||||
EVP_MD_CTX_init(&ctx->i_ctx);
|
||||
EVP_MD_CTX_init(&ctx->o_ctx);
|
||||
EVP_MD_CTX_init(&ctx->md_ctx);
|
||||
ctx->key_init = 0;
|
||||
ctx->md = NULL;
|
||||
}
|
||||
|
||||
int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
|
||||
@ -191,8 +207,11 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
|
||||
goto err;
|
||||
if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
|
||||
goto err;
|
||||
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
|
||||
dctx->key_length = sctx->key_length;
|
||||
dctx->key_init = sctx->key_init;
|
||||
if (sctx->key_init) {
|
||||
memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
|
||||
dctx->key_length = sctx->key_length;
|
||||
}
|
||||
dctx->md = sctx->md;
|
||||
return 1;
|
||||
err:
|
||||
@ -232,6 +251,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
|
||||
HMAC_CTX_cleanup(&c);
|
||||
return md;
|
||||
err:
|
||||
HMAC_CTX_cleanup(&c);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -79,6 +79,7 @@ typedef struct hmac_ctx_st {
|
||||
EVP_MD_CTX o_ctx;
|
||||
unsigned int key_length;
|
||||
unsigned char key[HMAC_MAX_MD_CBLOCK];
|
||||
int key_init;
|
||||
} HMAC_CTX;
|
||||
|
||||
# define HMAC_size(e) (EVP_MD_size((e)->md))
|
||||
|
@ -85,7 +85,7 @@ static struct test_st {
|
||||
unsigned char data[64];
|
||||
int data_len;
|
||||
unsigned char *digest;
|
||||
} test[4] = {
|
||||
} test[8] = {
|
||||
{
|
||||
"", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54,
|
||||
(unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
|
||||
@ -113,10 +113,27 @@ static struct test_st {
|
||||
0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd
|
||||
}, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
|
||||
},
|
||||
{
|
||||
"", 0, "My test data", 12,
|
||||
(unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc"
|
||||
},
|
||||
{
|
||||
"", 0, "My test data", 12,
|
||||
(unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776"
|
||||
},
|
||||
{
|
||||
"123456", 6, "My test data", 12,
|
||||
(unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd"
|
||||
},
|
||||
{
|
||||
"12345", 5, "My test data again", 12,
|
||||
(unsigned char *)"7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb"
|
||||
}
|
||||
};
|
||||
# endif
|
||||
|
||||
static char *pt(unsigned char *md);
|
||||
static char *pt(unsigned char *md, unsigned int len);
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
# ifndef OPENSSL_NO_MD5
|
||||
@ -124,6 +141,9 @@ int main(int argc, char *argv[])
|
||||
char *p;
|
||||
# endif
|
||||
int err = 0;
|
||||
HMAC_CTX ctx, ctx2;
|
||||
unsigned char buf[EVP_MAX_MD_SIZE];
|
||||
unsigned int len;
|
||||
|
||||
# ifdef OPENSSL_NO_MD5
|
||||
printf("test skipped: MD5 disabled\n");
|
||||
@ -139,27 +159,167 @@ int main(int argc, char *argv[])
|
||||
for (i = 0; i < 4; i++) {
|
||||
p = pt(HMAC(EVP_md5(),
|
||||
test[i].key, test[i].key_len,
|
||||
test[i].data, test[i].data_len, NULL, NULL));
|
||||
test[i].data, test[i].data_len, NULL, NULL),
|
||||
MD5_DIGEST_LENGTH);
|
||||
|
||||
if (strcmp(p, (char *)test[i].digest) != 0) {
|
||||
printf("error calculating HMAC on %d entry'\n", i);
|
||||
printf("Error calculating HMAC on %d entry'\n", i);
|
||||
printf("got %s instead of %s\n", p, test[i].digest);
|
||||
err++;
|
||||
} else
|
||||
printf("test %d ok\n", i);
|
||||
}
|
||||
# endif /* OPENSSL_NO_MD5 */
|
||||
|
||||
/* test4 */
|
||||
HMAC_CTX_init(&ctx);
|
||||
if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) {
|
||||
printf("Should fail to initialise HMAC with empty MD and key (test 4)\n");
|
||||
err++;
|
||||
goto test5;
|
||||
}
|
||||
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
|
||||
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
|
||||
err++;
|
||||
goto test5;
|
||||
}
|
||||
if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) {
|
||||
printf("Should fail to initialise HMAC with empty key (test 4)\n");
|
||||
err++;
|
||||
goto test5;
|
||||
}
|
||||
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
|
||||
printf("Should fail HMAC_Update with ctx not set up (test 4)\n");
|
||||
err++;
|
||||
goto test5;
|
||||
}
|
||||
printf("test 4 ok\n");
|
||||
test5:
|
||||
HMAC_CTX_init(&ctx);
|
||||
if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) {
|
||||
printf("Should fail to initialise HMAC with empty MD (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
|
||||
printf("Should fail HMAC_Update with ctx not set up (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) {
|
||||
printf("Should fail to initialise HMAC with invalid key len(test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) {
|
||||
printf("Failed to initialise HMAC (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) {
|
||||
printf("Error updating HMAC with data (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Final(&ctx, buf, &len)) {
|
||||
printf("Error finalising data (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
p = pt(buf, len);
|
||||
if (strcmp(p, (char *)test[4].digest) != 0) {
|
||||
printf("Error calculating interim HMAC on test 5\n");
|
||||
printf("got %s instead of %s\n", p, test[4].digest);
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) {
|
||||
printf("Failed to reinitialise HMAC (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) {
|
||||
printf("Error updating HMAC with data (sha256) (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Final(&ctx, buf, &len)) {
|
||||
printf("Error finalising data (sha256) (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
p = pt(buf, len);
|
||||
if (strcmp(p, (char *)test[5].digest) != 0) {
|
||||
printf("Error calculating 2nd interim HMAC on test 5\n");
|
||||
printf("got %s instead of %s\n", p, test[5].digest);
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) {
|
||||
printf("Failed to reinitialise HMAC with key (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) {
|
||||
printf("Error updating HMAC with data (new key) (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
if (!HMAC_Final(&ctx, buf, &len)) {
|
||||
printf("Error finalising data (new key) (test 5)\n");
|
||||
err++;
|
||||
goto test6;
|
||||
}
|
||||
p = pt(buf, len);
|
||||
if (strcmp(p, (char *)test[6].digest) != 0) {
|
||||
printf("error calculating HMAC on test 5\n");
|
||||
printf("got %s instead of %s\n", p, test[6].digest);
|
||||
err++;
|
||||
} else {
|
||||
printf("test 5 ok\n");
|
||||
}
|
||||
test6:
|
||||
HMAC_CTX_init(&ctx);
|
||||
if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) {
|
||||
printf("Failed to initialise HMAC (test 6)\n");
|
||||
err++;
|
||||
goto end;
|
||||
}
|
||||
if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) {
|
||||
printf("Error updating HMAC with data (test 6)\n");
|
||||
err++;
|
||||
goto end;
|
||||
}
|
||||
if (!HMAC_CTX_copy(&ctx2, &ctx)) {
|
||||
printf("Failed to copy HMAC_CTX (test 6)\n");
|
||||
err++;
|
||||
goto end;
|
||||
}
|
||||
if (!HMAC_Final(&ctx2, buf, &len)) {
|
||||
printf("Error finalising data (test 6)\n");
|
||||
err++;
|
||||
goto end;
|
||||
}
|
||||
p = pt(buf, len);
|
||||
if (strcmp(p, (char *)test[7].digest) != 0) {
|
||||
printf("Error calculating HMAC on test 6\n");
|
||||
printf("got %s instead of %s\n", p, test[7].digest);
|
||||
err++;
|
||||
} else {
|
||||
printf("test 6 ok\n");
|
||||
}
|
||||
end:
|
||||
EXIT(err);
|
||||
return (0);
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_NO_MD5
|
||||
static char *pt(unsigned char *md)
|
||||
static char *pt(unsigned char *md, unsigned int len)
|
||||
{
|
||||
int i;
|
||||
unsigned int i;
|
||||
static char buf[80];
|
||||
|
||||
for (i = 0; i < MD5_DIGEST_LENGTH; i++)
|
||||
for (i = 0; i < len; i++)
|
||||
sprintf(&(buf[i * 2]), "%02x", md[i]);
|
||||
return (buf);
|
||||
}
|
||||
|
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -32,6 +32,8 @@ install:
|
||||
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
|
||||
done;
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
@ -62,6 +62,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
|
||||
|
@ -61,6 +61,8 @@ tests:
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
||||
update: depend
|
||||
|
||||
depend:
|
||||
@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
|
||||
$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user