asgardius/virtualx-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

openssl: Sync with upstream 1.0.2l

Browse source
This commit is contained in:
Rémi Verschelde 2017-05-27 17:50:43 +02:00
parent 996f1ae29e
commit 67305d1b0a
208 changed files with 3126 additions and 1711 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
thirdparty/README.md vendored
View file

@ -268,6 +268,7 @@ Files extracted from the upstream source:
- e_os.h - e_os.h
- Apply the Godot-specific patches in the `patches/` folder. - Apply the Godot-specific patches in the `patches/` folder.
## opus ## opus
- Upstream: https://opus-codec.org - Upstream: https://opus-codec.org

3
thirdparty/openssl/crypto/LPdir_nyi.c vendored
View file

@ -1,6 +1,3 @@
/*
* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.

4
thirdparty/openssl/crypto/LPdir_unix.c vendored
View file

@ -1,7 +1,3 @@
/*
* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
* $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.

4
thirdparty/openssl/crypto/LPdir_win32.c vendored
View file

@ -1,7 +1,3 @@
/*
* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
* $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.

4
thirdparty/openssl/crypto/LPdir_wince.c vendored
View file

@ -1,7 +1,3 @@
/*
* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
* $
*/
/* /*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org> * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved. * All rights reserved.

3
thirdparty/openssl/crypto/asn1/a_bitstr.c vendored
View file

@ -114,10 +114,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
*(p++) = (unsigned char)bits; *(p++) = (unsigned char)bits;
d = a->data; d = a->data;
if (len > 0) {
memcpy(p, d, len); memcpy(p, d, len);
p += len; p += len;
if (len > 0)
p[-1] &= (0xff << bits); p[-1] &= (0xff << bits);
}
*pp = p; *pp = p;
return (ret); return (ret);
} }

58
thirdparty/openssl/crypto/asn1/a_bytes.c vendored
View file

@ -60,7 +60,12 @@
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c); static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c,
int depth);
static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a,
const unsigned char **pp, long length,
int Ptag, int Pclass, int depth,
int *perr);
/* /*
* type is a 'bitmap' of acceptable string types. * type is a 'bitmap' of acceptable string types.
*/ */
@ -99,7 +104,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
ret = (*a); ret = (*a);
if (len != 0) { if (len != 0) {
s = (unsigned char *)OPENSSL_malloc((int)len + 1); s = OPENSSL_malloc((int)len + 1);
if (s == NULL) { if (s == NULL) {
i = ERR_R_MALLOC_FAILURE; i = ERR_R_MALLOC_FAILURE;
goto err; goto err;
@ -154,15 +159,38 @@ int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
return (r); return (r);
} }
/*
* Maximum recursion depth of d2i_ASN1_bytes(): much more than should be
* encountered in pratice.
*/
#define ASN1_BYTES_MAXDEPTH 20
ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
long length, int Ptag, int Pclass) long length, int Ptag, int Pclass)
{
int err = 0;
ASN1_STRING *s = int_d2i_ASN1_bytes(a, pp, length, Ptag, Pclass, 0, &err);
if (err != 0)
ASN1err(ASN1_F_D2I_ASN1_BYTES, err);
return s;
}
static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a,
const unsigned char **pp, long length,
int Ptag, int Pclass,
int depth, int *perr)
{ {
ASN1_STRING *ret = NULL; ASN1_STRING *ret = NULL;
const unsigned char *p; const unsigned char *p;
unsigned char *s; unsigned char *s;
long len; long len;
int inf, tag, xclass; int inf, tag, xclass;
int i = 0;
if (depth > ASN1_BYTES_MAXDEPTH) {
*perr = ASN1_R_NESTED_ASN1_STRING;
return NULL;
}
if ((a == NULL) || ((*a) == NULL)) { if ((a == NULL) || ((*a) == NULL)) {
if ((ret = ASN1_STRING_new()) == NULL) if ((ret = ASN1_STRING_new()) == NULL)
@ -173,18 +201,19 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
p = *pp; p = *pp;
inf = ASN1_get_object(&p, &len, &tag, &xclass, length); inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) { if (inf & 0x80) {
i = ASN1_R_BAD_OBJECT_HEADER; *perr = ASN1_R_BAD_OBJECT_HEADER;
goto err; goto err;
} }
if (tag != Ptag) { if (tag != Ptag) {
i = ASN1_R_WRONG_TAG; *perr = ASN1_R_WRONG_TAG;
goto err; goto err;
} }
if (inf & V_ASN1_CONSTRUCTED) { if (inf & V_ASN1_CONSTRUCTED) {
ASN1_const_CTX c; ASN1_const_CTX c;
c.error = 0;
c.pp = pp; c.pp = pp;
c.p = p; c.p = p;
c.inf = inf; c.inf = inf;
@ -192,17 +221,18 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
c.tag = Ptag; c.tag = Ptag;
c.xclass = Pclass; c.xclass = Pclass;
c.max = (length == 0) ? 0 : (p + length); c.max = (length == 0) ? 0 : (p + length);
if (!asn1_collate_primitive(ret, &c)) if (!asn1_collate_primitive(ret, &c, depth)) {
*perr = c.error;
goto err; goto err;
else { } else {
p = c.p; p = c.p;
} }
} else { } else {
if (len != 0) { if (len != 0) {
if ((ret->length < len) || (ret->data == NULL)) { if ((ret->length < len) || (ret->data == NULL)) {
s = (unsigned char *)OPENSSL_malloc((int)len + 1); s = OPENSSL_malloc((int)len + 1);
if (s == NULL) { if (s == NULL) {
i = ERR_R_MALLOC_FAILURE; *perr = ERR_R_MALLOC_FAILURE;
goto err; goto err;
} }
if (ret->data != NULL) if (ret->data != NULL)
@ -230,7 +260,6 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
err: err:
if ((ret != NULL) && ((a == NULL) || (*a != ret))) if ((ret != NULL) && ((a == NULL) || (*a != ret)))
ASN1_STRING_free(ret); ASN1_STRING_free(ret);
ASN1err(ASN1_F_D2I_ASN1_BYTES, i);
return (NULL); return (NULL);
} }
@ -242,7 +271,8 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
* There have been a few bug fixes for this function from Paul Keogh * There have been a few bug fixes for this function from Paul Keogh
* <paul.keogh@sse.ie>, many thanks to him * <paul.keogh@sse.ie>, many thanks to him
*/ */
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c) static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c,
int depth)
{ {
ASN1_STRING *os = NULL; ASN1_STRING *os = NULL;
BUF_MEM b; BUF_MEM b;
@ -270,9 +300,8 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
} }
c->q = c->p; c->q = c->p;
if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass) if (int_d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass,
== NULL) { depth + 1, &c->error) == NULL) {
c->error = ERR_R_ASN1_LIB;
goto err; goto err;
} }
@ -297,7 +326,6 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
ASN1_STRING_free(os); ASN1_STRING_free(os);
return (1); return (1);
err: err:
ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
if (os != NULL) if (os != NULL)
ASN1_STRING_free(os); ASN1_STRING_free(os);
if (b.data != NULL) if (b.data != NULL)

8
thirdparty/openssl/crypto/asn1/a_digest.c vendored
View file

@ -86,8 +86,10 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
p = str; p = str;
i2d(data, &p); i2d(data, &p);
if (!EVP_Digest(str, i, md, len, type, NULL)) if (!EVP_Digest(str, i, md, len, type, NULL)) {
OPENSSL_free(str);
return 0; return 0;
}
OPENSSL_free(str); OPENSSL_free(str);
return (1); return (1);
} }
@ -104,8 +106,10 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
if (!str) if (!str)
return (0); return (0);
if (!EVP_Digest(str, i, md, len, type, NULL)) if (!EVP_Digest(str, i, md, len, type, NULL)) {
OPENSSL_free(str);
return 0; return 0;
}
OPENSSL_free(str); OPENSSL_free(str);
return (1); return (1);
} }

2
thirdparty/openssl/crypto/asn1/a_gentm.c vendored
View file

@ -202,7 +202,7 @@ int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
if (a[o] == 'Z') if (a[o] == 'Z')
o++; o++;
else if ((a[o] == '+') || (a[o] == '-')) { else if ((a[o] == '+') || (a[o] == '-')) {
int offsign = a[o] == '-' ? -1 : 1, offset = 0; int offsign = a[o] == '-' ? 1 : -1, offset = 0;
o++; o++;
if (o + 4 > l) if (o + 4 > l)
goto err; goto err;

10
thirdparty/openssl/crypto/asn1/a_object.c vendored
View file

@ -73,7 +73,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
return (0); return (0);
objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
if (pp == NULL) if (pp == NULL || objsize == -1)
return objsize; return objsize;
p = *pp; p = *pp;
@ -174,8 +174,12 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
if (!tmp) if (!tmp)
goto err; goto err;
} }
while (blsize--) while (blsize--) {
tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); BN_ULONG t = BN_div_word(bl, 0x80L);
if (t == (BN_ULONG)-1)
goto err;
tmp[i++] = (unsigned char)t;
}
} else { } else {
for (;;) { for (;;) {

9
thirdparty/openssl/crypto/asn1/a_set.c vendored
View file

@ -57,6 +57,7 @@
*/ */
#include <stdio.h> #include <stdio.h>
#include <limits.h>
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/asn1_mac.h> #include <openssl/asn1_mac.h>
@ -98,10 +99,14 @@ int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
if (a == NULL) if (a == NULL)
return (0); return (0);
for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) {
int tmplen = i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
if (tmplen > INT_MAX - ret)
return -1;
ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL); ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
}
r = ASN1_object_size(1, ret, ex_tag); r = ASN1_object_size(1, ret, ex_tag);
if (pp == NULL) if (pp == NULL || r == -1)
return (r); return (r);
p = *pp; p = *pp;

2
thirdparty/openssl/crypto/asn1/a_strex.c vendored
View file

@ -337,7 +337,7 @@ static const signed char tag2nbyte[] = {
-1, -1, -1, -1, -1, /* 5-9 */ -1, -1, -1, -1, -1, /* 5-9 */
-1, -1, 0, -1, /* 10-13 */ -1, -1, 0, -1, /* 10-13 */
-1, -1, -1, -1, /* 15-17 */ -1, -1, -1, -1, /* 15-17 */
-1, 1, 1, /* 18-20 */ 1, 1, 1, /* 18-20 */
-1, 1, 1, 1, /* 21-24 */ -1, 1, 1, 1, /* 21-24 */
-1, 1, -1, /* 25-27 */ -1, 1, -1, /* 25-27 */
4, -1, 2 /* 28-30 */ 4, -1, 2 /* 28-30 */

4
thirdparty/openssl/crypto/asn1/a_strnid.c vendored
View file

@ -192,7 +192,8 @@ static const ASN1_STRING_TABLE tbl_standard[] = {
{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
{NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
}; };
static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
@ -250,6 +251,7 @@ int ASN1_STRING_TABLE_add(int nid,
} }
tmp->flags = flags | STABLE_FLAGS_MALLOC; tmp->flags = flags | STABLE_FLAGS_MALLOC;
tmp->nid = nid; tmp->nid = nid;
tmp->minsize = tmp->maxsize = -1;
new_nid = 1; new_nid = 1;
} else } else
tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;

24
thirdparty/openssl/crypto/asn1/a_time.c vendored
View file

@ -137,7 +137,7 @@ int ASN1_TIME_check(ASN1_TIME *t)
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
ASN1_GENERALIZEDTIME **out) ASN1_GENERALIZEDTIME **out)
{ {
ASN1_GENERALIZEDTIME *ret; ASN1_GENERALIZEDTIME *ret = NULL;
char *str; char *str;
int newlen; int newlen;
@ -146,22 +146,21 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
if (!out || !*out) { if (!out || !*out) {
if (!(ret = ASN1_GENERALIZEDTIME_new())) if (!(ret = ASN1_GENERALIZEDTIME_new()))
return NULL; goto err;
if (out) } else {
*out = ret;
} else
ret = *out; ret = *out;
}
/* If already GeneralizedTime just copy across */ /* If already GeneralizedTime just copy across */
if (t->type == V_ASN1_GENERALIZEDTIME) { if (t->type == V_ASN1_GENERALIZEDTIME) {
if (!ASN1_STRING_set(ret, t->data, t->length)) if (!ASN1_STRING_set(ret, t->data, t->length))
return NULL; goto err;
return ret; goto done;
} }
/* grow the string */ /* grow the string */
if (!ASN1_STRING_set(ret, NULL, t->length + 2)) if (!ASN1_STRING_set(ret, NULL, t->length + 2))
return NULL; goto err;
/* ASN1_STRING_set() allocated 'len + 1' bytes. */ /* ASN1_STRING_set() allocated 'len + 1' bytes. */
newlen = t->length + 2 + 1; newlen = t->length + 2 + 1;
str = (char *)ret->data; str = (char *)ret->data;
@ -173,9 +172,18 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
BUF_strlcat(str, (char *)t->data, newlen); BUF_strlcat(str, (char *)t->data, newlen);
done:
if (out != NULL && *out == NULL)
*out = ret;
return ret; return ret;
err:
if (out == NULL || *out != ret)
ASN1_GENERALIZEDTIME_free(ret);
return NULL;
} }
int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
{ {
ASN1_TIME t; ASN1_TIME t;

2
thirdparty/openssl/crypto/asn1/a_utctm.c vendored
View file

@ -172,7 +172,7 @@ int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
if (a[o] == 'Z') if (a[o] == 'Z')
o++; o++;
else if ((a[o] == '+') || (a[o] == '-')) { else if ((a[o] == '+') || (a[o] == '-')) {
int offsign = a[o] == '-' ? -1 : 1, offset = 0; int offsign = a[o] == '-' ? 1 : -1, offset = 0;
o++; o++;
if (o + 4 > l) if (o + 4 > l)
goto err; goto err;

2
thirdparty/openssl/crypto/asn1/ameth_lib.c vendored
View file

@ -93,7 +93,9 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
&eckey_asn1_meth, &eckey_asn1_meth,
#endif #endif
&hmac_asn1_meth, &hmac_asn1_meth,
#ifndef OPENSSL_NO_CMAC
&cmac_asn1_meth, &cmac_asn1_meth,
#endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
&dhx_asn1_meth &dhx_asn1_meth
#endif #endif

26
thirdparty/openssl/crypto/asn1/asn1_lib.c vendored
View file

@ -256,26 +256,30 @@ static void asn1_put_length(unsigned char **pp, int length)
int ASN1_object_size(int constructed, int length, int tag) int ASN1_object_size(int constructed, int length, int tag)
{ {
int ret; int ret = 1;
if (length < 0)
ret = length; return -1;
ret++;
if (tag >= 31) { if (tag >= 31) {
while (tag > 0) { while (tag > 0) {
tag >>= 7; tag >>= 7;
ret++; ret++;
} }
} }
if (constructed == 2) if (constructed == 2) {
return ret + 3; ret += 3;
} else {
ret++; ret++;
if (length > 127) { if (length > 127) {
while (length > 0) { int tmplen = length;
length >>= 8; while (tmplen > 0) {
tmplen >>= 8;
ret++; ret++;
} }
} }
return (ret); }
if (ret >= INT_MAX - length)
return -1;
return ret + length;
} }
static int _asn1_Finish(ASN1_const_CTX *c) static int _asn1_Finish(ASN1_const_CTX *c)
@ -324,7 +328,7 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length)
return (0); return (0);
} }
if (c->inf == (1 | V_ASN1_CONSTRUCTED)) if (c->inf == (1 | V_ASN1_CONSTRUCTED))
c->slen = *length + *(c->pp) - c->p; c->slen = *length;
c->eos = 0; c->eos = 0;
return (1); return (1);
} }
@ -366,7 +370,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
else else
len = strlen(data); len = strlen(data);
} }
if ((str->length < len) || (str->data == NULL)) { if ((str->length <= len) || (str->data == NULL)) {
c = str->data; c = str->data;
if (c == NULL) if (c == NULL)
str->data = OPENSSL_malloc(len + 1); str->data = OPENSSL_malloc(len + 1);

4
thirdparty/openssl/crypto/asn1/asn_mime.c vendored
View file

@ -289,7 +289,7 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
if ((flags & SMIME_DETACHED) && data) { if ((flags & SMIME_DETACHED) && data) {
/* We want multipart/signed */ /* We want multipart/signed */
/* Generate a random boundary */ /* Generate a random boundary */
if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0) if (RAND_bytes((unsigned char *)bound, 32) <= 0)
return 0; return 0;
for (i = 0; i < 32; i++) { for (i = 0; i < 32; i++) {
c = bound[i] & 0xf; c = bound[i] & 0xf;
@ -623,6 +623,8 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
if (bpart) if (bpart)
sk_BIO_push(parts, bpart); sk_BIO_push(parts, bpart);
bpart = BIO_new(BIO_s_mem()); bpart = BIO_new(BIO_s_mem());
if (bpart == NULL)
return 1;
BIO_set_mem_eof_return(bpart, 0); BIO_set_mem_eof_return(bpart, 0);
} else if (eol) } else if (eol)
BIO_write(bpart, "\r\n", 2); BIO_write(bpart, "\r\n", 2);

6
thirdparty/openssl/crypto/asn1/bio_asn1.c vendored
View file

@ -170,10 +170,12 @@ static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
ctx->copylen = 0; ctx->copylen = 0;
ctx->asn1_class = V_ASN1_UNIVERSAL; ctx->asn1_class = V_ASN1_UNIVERSAL;
ctx->asn1_tag = V_ASN1_OCTET_STRING; ctx->asn1_tag = V_ASN1_OCTET_STRING;
ctx->ex_buf = 0; ctx->ex_buf = NULL;
ctx->ex_pos = 0;
ctx->ex_len = 0; ctx->ex_len = 0;
ctx->ex_pos = 0;
ctx->state = ASN1_STATE_START; ctx->state = ASN1_STATE_START;
ctx->prefix = ctx->prefix_free = ctx->suffix = ctx->suffix_free = NULL;
ctx->ex_arg = NULL;
return 1; return 1;
} }

1
thirdparty/openssl/crypto/asn1/bio_ndef.c vendored
View file

@ -136,6 +136,7 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
ndef_aux->ndef_bio = sarg.ndef_bio; ndef_aux->ndef_bio = sarg.ndef_bio;
ndef_aux->boundary = sarg.boundary; ndef_aux->boundary = sarg.boundary;
ndef_aux->out = out; ndef_aux->out = out;
ndef_aux->derbuf = NULL;
BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux); BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);

8
thirdparty/openssl/crypto/asn1/d2i_pr.c vendored
View file

@ -97,15 +97,17 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
if (!ret->ameth->old_priv_decode || if (!ret->ameth->old_priv_decode ||
!ret->ameth->old_priv_decode(ret, &p, length)) { !ret->ameth->old_priv_decode(ret, &p, length)) {
if (ret->ameth->priv_decode) { if (ret->ameth->priv_decode) {
EVP_PKEY *tmp;
PKCS8_PRIV_KEY_INFO *p8 = NULL; PKCS8_PRIV_KEY_INFO *p8 = NULL;
p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
if (!p8) if (!p8)
goto err; goto err;
EVP_PKEY_free(ret); tmp = EVP_PKCS82PKEY(p8);
ret = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8); PKCS8_PRIV_KEY_INFO_free(p8);
if (ret == NULL) if (tmp == NULL)
goto err; goto err;
EVP_PKEY_free(ret);
ret = tmp;
} else { } else {
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err; goto err;

6
thirdparty/openssl/crypto/asn1/f_enum.c vendored
View file

@ -138,7 +138,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
bufp = (unsigned char *)buf; bufp = (unsigned char *)buf;
if (first) { if (first) {
first = 0; first = 0;
if ((bufp[0] == '0') && (buf[1] == '0')) { if ((bufp[0] == '0') && (bufp[1] == '0')) {
bufp += 2; bufp += 2;
i -= 2; i -= 2;
} }
@ -160,8 +160,6 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
i * 2); i * 2);
if (sp == NULL) { if (sp == NULL) {
ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
if (s != NULL)
OPENSSL_free(s);
goto err; goto err;
} }
s = sp; s = sp;
@ -199,5 +197,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
err_sl: err_sl:
ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE); ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
} }
if (ret != 1)
OPENSSL_free(s);
return (ret); return (ret);
} }

6
thirdparty/openssl/crypto/asn1/f_int.c vendored
View file

@ -152,7 +152,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
bufp = (unsigned char *)buf; bufp = (unsigned char *)buf;
if (first) { if (first) {
first = 0; first = 0;
if ((bufp[0] == '0') && (buf[1] == '0')) { if ((bufp[0] == '0') && (bufp[1] == '0')) {
bufp += 2; bufp += 2;
i -= 2; i -= 2;
} }
@ -172,8 +172,6 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
sp = OPENSSL_realloc_clean(s, slen, num + i * 2); sp = OPENSSL_realloc_clean(s, slen, num + i * 2);
if (sp == NULL) { if (sp == NULL) {
ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
if (s != NULL)
OPENSSL_free(s);
goto err; goto err;
} }
s = sp; s = sp;
@ -211,5 +209,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
err_sl: err_sl:
ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
} }
if (ret != 1)
OPENSSL_free(s);
return (ret); return (ret);
} }

4
thirdparty/openssl/crypto/asn1/f_string.c vendored
View file

@ -166,8 +166,6 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
i * 2); i * 2);
if (sp == NULL) { if (sp == NULL) {
ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
if (s != NULL)
OPENSSL_free(s);
goto err; goto err;
} }
s = sp; s = sp;
@ -205,5 +203,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
err_sl: err_sl:
ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE); ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
} }
if (ret != 1)
OPENSSL_free(s);
return (ret); return (ret);
} }

7
thirdparty/openssl/crypto/asn1/i2d_pr.c vendored
View file

@ -69,10 +69,13 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
} }
if (a->ameth && a->ameth->priv_encode) { if (a->ameth && a->ameth->priv_encode) {
PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp); int ret = 0;
if (p8 != NULL) {
ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
PKCS8_PRIV_KEY_INFO_free(p8); PKCS8_PRIV_KEY_INFO_free(p8);
}
return ret; return ret;
} }
ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
return (-1); return -1;
} }

2
thirdparty/openssl/crypto/asn1/p5_pbe.c vendored
View file

@ -101,7 +101,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
sstr = ASN1_STRING_data(pbe->salt); sstr = ASN1_STRING_data(pbe->salt);
if (salt) if (salt)
memcpy(sstr, salt, saltlen); memcpy(sstr, salt, saltlen);
else if (RAND_pseudo_bytes(sstr, saltlen) < 0) else if (RAND_bytes(sstr, saltlen) <= 0)
goto err; goto err;
if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {

12
thirdparty/openssl/crypto/asn1/p5_pbev2.c vendored
View file

@ -91,12 +91,11 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
unsigned char *salt, int saltlen, unsigned char *salt, int saltlen,
unsigned char *aiv, int prf_nid) unsigned char *aiv, int prf_nid)
{ {
X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; X509_ALGOR *scheme = NULL, *ret = NULL;
int alg_nid, keylen; int alg_nid, keylen;
EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX ctx;
unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH];
PBE2PARAM *pbe2 = NULL; PBE2PARAM *pbe2 = NULL;
ASN1_OBJECT *obj;
alg_nid = EVP_CIPHER_type(cipher); alg_nid = EVP_CIPHER_type(cipher);
if (alg_nid == NID_undef) { if (alg_nid == NID_undef) {
@ -104,7 +103,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
goto err; goto err;
} }
obj = OBJ_nid2obj(alg_nid);
if (!(pbe2 = PBE2PARAM_new())) if (!(pbe2 = PBE2PARAM_new()))
goto merr; goto merr;
@ -112,7 +110,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
/* Setup the AlgorithmIdentifier for the encryption scheme */ /* Setup the AlgorithmIdentifier for the encryption scheme */
scheme = pbe2->encryption; scheme = pbe2->encryption;
scheme->algorithm = obj; scheme->algorithm = OBJ_nid2obj(alg_nid);
if (!(scheme->parameter = ASN1_TYPE_new())) if (!(scheme->parameter = ASN1_TYPE_new()))
goto merr; goto merr;
@ -120,7 +118,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
if (EVP_CIPHER_iv_length(cipher)) { if (EVP_CIPHER_iv_length(cipher)) {
if (aiv) if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
goto err; goto err;
} }
@ -188,11 +186,9 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
err: err:
PBE2PARAM_free(pbe2); PBE2PARAM_free(pbe2);
/* Note 'scheme' is freed as part of pbe2 */ /* Note 'scheme' is freed as part of pbe2 */
X509_ALGOR_free(kalg);
X509_ALGOR_free(ret); X509_ALGOR_free(ret);
return NULL; return NULL;
} }
X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
@ -225,7 +221,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
if (salt) if (salt)
memcpy(osalt->data, salt, saltlen); memcpy(osalt->data, salt, saltlen);
else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0) else if (RAND_bytes(osalt->data, saltlen) <= 0)
goto merr; goto merr;
if (iter <= 0) if (iter <= 0)

1
thirdparty/openssl/crypto/asn1/t_req.c vendored
View file

@ -196,6 +196,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
if (BIO_puts(bp, ":") <= 0) if (BIO_puts(bp, ":") <= 0)
goto err; goto err;
if ((type == V_ASN1_PRINTABLESTRING) || if ((type == V_ASN1_PRINTABLESTRING) ||
(type == V_ASN1_UTF8STRING) ||
(type == V_ASN1_T61STRING) || (type == V_ASN1_T61STRING) ||
(type == V_ASN1_IA5STRING)) { (type == V_ASN1_IA5STRING)) {
if (BIO_write(bp, (char *)bs->data, bs->length) if (BIO_write(bp, (char *)bs->data, bs->length)

9
thirdparty/openssl/crypto/asn1/tasn_dec.c vendored
View file

@ -400,7 +400,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
if (tt->flags & ASN1_TFLG_ADB_MASK) { if (tt->flags & ASN1_TFLG_ADB_MASK) {
const ASN1_TEMPLATE *seqtt; const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval; ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 1); seqtt = asn1_do_adb(pval, tt, 0);
if (seqtt == NULL)
continue;
pseqval = asn1_get_field_ptr(pval, seqtt); pseqval = asn1_get_field_ptr(pval, seqtt);
ASN1_template_free(pseqval, seqtt); ASN1_template_free(pseqval, seqtt);
} }
@ -411,7 +413,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_TEMPLATE *seqtt; const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval; ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 1); seqtt = asn1_do_adb(pval, tt, 1);
if (!seqtt) if (seqtt == NULL)
goto err; goto err;
pseqval = asn1_get_field_ptr(pval, seqtt); pseqval = asn1_get_field_ptr(pval, seqtt);
/* Have we ran out of data? */ /* Have we ran out of data? */
@ -476,7 +478,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
for (; i < it->tcount; tt++, i++) { for (; i < it->tcount; tt++, i++) {
const ASN1_TEMPLATE *seqtt; const ASN1_TEMPLATE *seqtt;
seqtt = asn1_do_adb(pval, tt, 1); seqtt = asn1_do_adb(pval, tt, 1);
if (!seqtt) if (seqtt == NULL)
goto err; goto err;
if (seqtt->flags & ASN1_TFLG_OPTIONAL) { if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
ASN1_VALUE **pseqval; ASN1_VALUE **pseqval;
@ -671,6 +673,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
} }
len -= p - q; len -= p - q;
if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item));
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }

24
thirdparty/openssl/crypto/asn1/tasn_enc.c vendored
View file

@ -59,6 +59,7 @@
#include <stddef.h> #include <stddef.h>
#include <string.h> #include <string.h>
#include <limits.h>
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/asn1.h> #include <openssl/asn1.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
@ -216,17 +217,19 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
const ASN1_TEMPLATE *seqtt; const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval; ASN1_VALUE **pseqval;
int tmplen;
seqtt = asn1_do_adb(pval, tt, 1); seqtt = asn1_do_adb(pval, tt, 1);
if (!seqtt) if (!seqtt)
return 0; return 0;
pseqval = asn1_get_field_ptr(pval, seqtt); pseqval = asn1_get_field_ptr(pval, seqtt);
/* FIXME: check for errors in enhanced version */ tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass);
seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt, if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
-1, aclass); return -1;
seqcontlen += tmplen;
} }
seqlen = ASN1_object_size(ndef, seqcontlen, tag); seqlen = ASN1_object_size(ndef, seqcontlen, tag);
if (!out) if (!out || seqlen == -1)
return seqlen; return seqlen;
/* Output SEQUENCE header */ /* Output SEQUENCE header */
ASN1_put_object(out, ndef, seqcontlen, tag, aclass); ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
@ -339,19 +342,24 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
/* Determine total length of items */ /* Determine total length of items */
skcontlen = 0; skcontlen = 0;
for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
int tmplen;
skitem = sk_ASN1_VALUE_value(sk, i); skitem = sk_ASN1_VALUE_value(sk, i);
skcontlen += ASN1_item_ex_i2d(&skitem, NULL, tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
ASN1_ITEM_ptr(tt->item),
-1, iclass); -1, iclass);
if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
return -1;
skcontlen += tmplen;
} }
sklen = ASN1_object_size(ndef, skcontlen, sktag); sklen = ASN1_object_size(ndef, skcontlen, sktag);
if (sklen == -1)
return -1;
/* If EXPLICIT need length of surrounding tag */ /* If EXPLICIT need length of surrounding tag */
if (flags & ASN1_TFLG_EXPTAG) if (flags & ASN1_TFLG_EXPTAG)
ret = ASN1_object_size(ndef, sklen, ttag); ret = ASN1_object_size(ndef, sklen, ttag);
else else
ret = sklen; ret = sklen;
if (!out) if (!out || ret == -1)
return ret; return ret;
/* Now encode this lot... */ /* Now encode this lot... */
@ -380,7 +388,7 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
return 0; return 0;
/* Find length of EXPLICIT tag */ /* Find length of EXPLICIT tag */
ret = ASN1_object_size(ndef, i, ttag); ret = ASN1_object_size(ndef, i, ttag);
if (out) { if (out && ret != -1) {
/* Output tag and item */ /* Output tag and item */
ASN1_put_object(out, ndef, i, ttag, tclass); ASN1_put_object(out, ndef, i, ttag, tclass);
ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass); ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);

11
thirdparty/openssl/crypto/asn1/tasn_new.c vendored
View file

@ -158,7 +158,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
} }
asn1_set_choice_selector(pval, -1, it); asn1_set_choice_selector(pval, -1, it);
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
goto auxerr; goto auxerr2;
break; break;
case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_NDEF_SEQUENCE:
@ -186,10 +186,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
pseqval = asn1_get_field_ptr(pval, tt); pseqval = asn1_get_field_ptr(pval, tt);
if (!ASN1_template_new(pseqval, tt)) if (!ASN1_template_new(pseqval, tt))
goto memerr; goto memerr2;
} }
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
goto auxerr; goto auxerr2;
break; break;
} }
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG
@ -198,6 +198,8 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
#endif #endif
return 1; return 1;
memerr2:
ASN1_item_ex_free(pval, it);
memerr: memerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG
@ -206,9 +208,10 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
#endif #endif
return 0; return 0;
auxerr2:
ASN1_item_ex_free(pval, it);
auxerr: auxerr:
ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
ASN1_item_ex_free(pval, it);
#ifdef CRYPTO_MDEBUG #ifdef CRYPTO_MDEBUG
if (it->sname) if (it->sname)
CRYPTO_pop_info(); CRYPTO_pop_info();

14
thirdparty/openssl/crypto/asn1/tasn_prn.c vendored
View file

@ -204,7 +204,8 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
} else } else
asn1_cb = 0; asn1_cb = 0;
if (*fld == NULL) { if (((it->itype != ASN1_ITYPE_PRIMITIVE)
|| (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) {
if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) { if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
return 0; return 0;
@ -446,6 +447,8 @@ static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
char *s; char *s;
int ret = 1; int ret = 1;
s = i2s_ASN1_INTEGER(NULL, str); s = i2s_ASN1_INTEGER(NULL, str);
if (s == NULL)
return 0;
if (BIO_puts(out, s) <= 0) if (BIO_puts(out, s) <= 0)
ret = 0; ret = 0;
OPENSSL_free(s); OPENSSL_free(s);
@ -496,11 +499,16 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
return 0; return 0;
if (pf && pf->prim_print) if (pf && pf->prim_print)
return pf->prim_print(out, fld, it, indent, pctx); return pf->prim_print(out, fld, it, indent, pctx);
if (it->itype == ASN1_ITYPE_MSTRING) {
str = (ASN1_STRING *)*fld; str = (ASN1_STRING *)*fld;
if (it->itype == ASN1_ITYPE_MSTRING)
utype = str->type & ~V_ASN1_NEG; utype = str->type & ~V_ASN1_NEG;
else } else {
utype = it->utype; utype = it->utype;
if (utype == V_ASN1_BOOLEAN)
str = NULL;
else
str = (ASN1_STRING *)*fld;
}
if (utype == V_ASN1_ANY) { if (utype == V_ASN1_ANY) {
ASN1_TYPE *atype = (ASN1_TYPE *)*fld; ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
utype = atype->type; utype = atype->type;

2
thirdparty/openssl/crypto/asn1/tasn_utl.c vendored
View file

@ -234,7 +234,7 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
sfld = offset2ptr(*pval, adb->offset); sfld = offset2ptr(*pval, adb->offset);
/* Check if NULL */ /* Check if NULL */
if (!sfld) { if (*sfld == NULL) {
if (!adb->null_tt) if (!adb->null_tt)
goto err; goto err;
return adb->null_tt; return adb->null_tt;

15
thirdparty/openssl/crypto/asn1/x_bignum.c vendored
View file

@ -78,6 +78,8 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
const ASN1_ITEM *it); const ASN1_ITEM *it);
static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int utype, char *free_cont, const ASN1_ITEM *it); int utype, char *free_cont, const ASN1_ITEM *it);
static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
int indent, const ASN1_PCTX *pctx);
static ASN1_PRIMITIVE_FUNCS bignum_pf = { static ASN1_PRIMITIVE_FUNCS bignum_pf = {
NULL, 0, NULL, 0,
@ -85,7 +87,8 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = {
bn_free, bn_free,
0, 0,
bn_c2i, bn_c2i,
bn_i2c bn_i2c,
bn_print
}; };
ASN1_ITEM_start(BIGNUM) ASN1_ITEM_start(BIGNUM)
@ -151,3 +154,13 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
} }
return 1; return 1;
} }
static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
int indent, const ASN1_PCTX *pctx)
{
if (!BN_print(out, *(BIGNUM **)pval))
return 0;
if (BIO_puts(out, "\n") <= 0)
return 0;
return 1;
}

3
thirdparty/openssl/crypto/asn1/x_crl.c vendored
View file

@ -254,6 +254,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
int nid; int nid;
ext = sk_X509_EXTENSION_value(exts, idx); ext = sk_X509_EXTENSION_value(exts, idx);
nid = OBJ_obj2nid(ext->object); nid = OBJ_obj2nid(ext->object);
if (nid == NID_freshest_crl) if (nid == NID_freshest_crl)
@ -263,7 +264,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
if ((nid == NID_issuing_distribution_point) if ((nid == NID_issuing_distribution_point)
|| (nid == NID_authority_key_identifier) || (nid == NID_authority_key_identifier)
|| (nid == NID_delta_crl)) || (nid == NID_delta_crl))
break;; continue;
crl->flags |= EXFLAG_CRITICAL; crl->flags |= EXFLAG_CRITICAL;
break; break;
} }

28
thirdparty/openssl/crypto/asn1/x_long.c vendored
View file

@ -126,7 +126,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
* set. * set.
*/ */
if (ltmp < 0) if (ltmp < 0)
utmp = -ltmp - 1; utmp = 0 - (unsigned long)ltmp - 1;
else else
utmp = ltmp; utmp = ltmp;
clen = BN_num_bits_word(utmp); clen = BN_num_bits_word(utmp);
@ -155,19 +155,41 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int utype, char *free_cont, const ASN1_ITEM *it) int utype, char *free_cont, const ASN1_ITEM *it)
{ {
int neg, i; int neg = -1, i;
long ltmp; long ltmp;
unsigned long utmp = 0; unsigned long utmp = 0;
char *cp = (char *)pval; char *cp = (char *)pval;
if (len) {
/*
* Check possible pad byte. Worst case, we're skipping past actual
* content, but since that's only with 0x00 and 0xff and we set neg
* accordingly, the result will be correct in the end anyway.
*/
switch (cont[0]) {
case 0xff:
cont++;
len--;
neg = 1;
break;
case 0:
cont++;
len--;
neg = 0;
break;
}
}
if (len > (int)sizeof(long)) { if (len > (int)sizeof(long)) {
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
return 0; return 0;
} }
if (neg == -1) {
/* Is it negative? */ /* Is it negative? */
if (len && (cont[0] & 0x80)) if (len && (cont[0] & 0x80))
neg = 1; neg = 1;
else else
neg = 0; neg = 0;
}
utmp = 0; utmp = 0;
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
utmp <<= 8; utmp <<= 8;
@ -178,8 +200,8 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
} }
ltmp = (long)utmp; ltmp = (long)utmp;
if (neg) { if (neg) {
ltmp++;
ltmp = -ltmp; ltmp = -ltmp;
ltmp--;
} }
if (ltmp == it->size) { if (ltmp == it->size) {
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);

41
thirdparty/openssl/crypto/asn1/x_name.c vendored
View file

@ -178,6 +178,16 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
*pval = NULL; *pval = NULL;
} }
static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_free(ne);
}
static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
}
static int x509_name_ex_d2i(ASN1_VALUE **val, static int x509_name_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long len, const unsigned char **in, long len,
const ASN1_ITEM *it, int tag, int aclass, const ASN1_ITEM *it, int tag, int aclass,
@ -199,10 +209,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
int i, j, ret; int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries; STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry; X509_NAME_ENTRY *entry;
if (len > X509_NAME_MAX) { if (len > X509_NAME_MAX)
ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG); len = X509_NAME_MAX;
return 0;
}
q = p; q = p;
/* Get internal representation of Name */ /* Get internal representation of Name */
@ -230,13 +238,14 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
entry->set = i; entry->set = i;
if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
goto err; goto err;
sk_X509_NAME_ENTRY_set(entries, j, NULL);
} }
sk_X509_NAME_ENTRY_free(entries);
} }
sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
ret = x509_name_canon(nm.x); ret = x509_name_canon(nm.x);
if (!ret) if (!ret)
goto err; goto err;
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
local_sk_X509_NAME_ENTRY_free);
nm.x->modified = 0; nm.x->modified = 0;
*val = nm.a; *val = nm.a;
*in = p; *in = p;
@ -244,6 +253,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
err: err:
if (nm.x != NULL) if (nm.x != NULL)
X509_NAME_free(nm.x); X509_NAME_free(nm.x);
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
local_sk_X509_NAME_ENTRY_pop_free);
ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0; return 0;
} }
@ -269,16 +280,6 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
return ret; return ret;
} }
static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_free(ne);
}
static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
}
static int x509_name_encode(X509_NAME *a) static int x509_name_encode(X509_NAME *a)
{ {
union { union {
@ -301,8 +302,10 @@ static int x509_name_encode(X509_NAME *a)
entries = sk_X509_NAME_ENTRY_new_null(); entries = sk_X509_NAME_ENTRY_new_null();
if (!entries) if (!entries)
goto memerr; goto memerr;
if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) {
sk_X509_NAME_ENTRY_free(entries);
goto memerr; goto memerr;
}
set = entry->set; set = entry->set;
} }
if (!sk_X509_NAME_ENTRY_push(entries, entry)) if (!sk_X509_NAME_ENTRY_push(entries, entry))
@ -372,8 +375,10 @@ static int x509_name_canon(X509_NAME *a)
entries = sk_X509_NAME_ENTRY_new_null(); entries = sk_X509_NAME_ENTRY_new_null();
if (!entries) if (!entries)
goto err; goto err;
if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
sk_X509_NAME_ENTRY_free(entries);
goto err; goto err;
}
set = entry->set; set = entry->set;
} }
tmpentry = X509_NAME_ENTRY_new(); tmpentry = X509_NAME_ENTRY_new();

54
thirdparty/openssl/crypto/asn1/x_x509.c vendored
View file

@ -199,12 +199,26 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
return NULL; return NULL;
} }
int i2d_X509_AUX(X509 *a, unsigned char **pp) /*
* Serialize trusted certificate to *pp or just return the required buffer
* length if pp == NULL. We ultimately want to avoid modifying *pp in the
* error path, but that depends on similar hygiene in lower-level functions.
* Here we avoid compounding the problem.
*/
static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
{ {
int length, tmplen; int length, tmplen;
unsigned char *start = pp != NULL ? *pp : NULL; unsigned char *start = pp != NULL ? *pp : NULL;
OPENSSL_assert(pp == NULL || *pp != NULL);
/*
* This might perturb *pp on error, but fixing that belongs in i2d_X509()
* not here. It should be that if a == NULL length is zero, but we check
* both just in case.
*/
length = i2d_X509(a, pp); length = i2d_X509(a, pp);
if (length < 0 || a == NULL) if (length <= 0 || a == NULL)
return length; return length;
tmplen = i2d_X509_CERT_AUX(a->aux, pp); tmplen = i2d_X509_CERT_AUX(a->aux, pp);
@ -218,6 +232,42 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
return length; return length;
} }
/*
* Serialize trusted certificate to *pp, or just return the required buffer
* length if pp == NULL.
*
* When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
* we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
* the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
* allocated buffer.
*/
int i2d_X509_AUX(X509 *a, unsigned char **pp)
{
int length;
unsigned char *tmp;
/* Buffer provided by caller */
if (pp == NULL || *pp != NULL)
return i2d_x509_aux_internal(a, pp);
/* Obtain the combined length */
if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
return length;
/* Allocate requisite combined storage */
*pp = tmp = OPENSSL_malloc(length);
if (tmp == NULL)
return -1; /* Push error onto error stack? */
/* Encode, but keep *pp at the originally malloced pointer */
length = i2d_x509_aux_internal(a, &tmp);
if (length <= 0) {
OPENSSL_free(*pp);
*pp = NULL;
}
return length;
}
int i2d_re_X509_tbs(X509 *x, unsigned char **pp) int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
{ {
x->cert_info->enc.modified = 1; x->cert_info->enc.modified = 1;

8
thirdparty/openssl/crypto/bio/b_print.c vendored
View file

@ -423,9 +423,15 @@ _dopr(char **sbuffer,
break; break;
} }
} }
/*
* We have to truncate if there is no dynamic buffer and we have filled the
* static buffer.
*/
if (buffer == NULL) {
*truncated = (currlen > *maxlen - 1); *truncated = (currlen > *maxlen - 1);
if (*truncated) if (*truncated)
currlen = *maxlen - 1; currlen = *maxlen - 1;
}
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
return 0; return 0;
*retlen = currlen - 1; *retlen = currlen - 1;
@ -496,7 +502,7 @@ fmtint(char **sbuffer,
if (!(flags & DP_F_UNSIGNED)) { if (!(flags & DP_F_UNSIGNED)) {
if (value < 0) { if (value < 0) {
signvalue = '-'; signvalue = '-';
uvalue = -value; uvalue = -(unsigned LLONG)value;
} else if (flags & DP_F_PLUS) } else if (flags & DP_F_PLUS)
signvalue = '+'; signvalue = '+';
else if (flags & DP_F_SPACE) else if (flags & DP_F_SPACE)

4
thirdparty/openssl/crypto/bio/bf_nbio.c vendored
View file

@ -139,7 +139,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
BIO_clear_retry_flags(b); BIO_clear_retry_flags(b);
#if 1 #if 1
if (RAND_pseudo_bytes(&n, 1) < 0) if (RAND_bytes(&n, 1) <= 0)
return -1; return -1;
num = (n & 0x07); num = (n & 0x07);
@ -179,7 +179,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
num = nt->lwn; num = nt->lwn;
nt->lwn = 0; nt->lwn = 0;
} else { } else {
if (RAND_pseudo_bytes(&n, 1) < 0) if (RAND_bytes(&n, 1) <= 0)
return -1; return -1;
num = (n & 7); num = (n & 7);
} }

3
thirdparty/openssl/crypto/bio/bio_cb.c vendored
View file

@ -78,6 +78,9 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio);
/* Ignore errors and continue printing the other information. */
if (len < 0)
len = 0;
p = buf + len; p = buf + len;
p_maxlen = sizeof(buf) - len; p_maxlen = sizeof(buf) - len;

19
thirdparty/openssl/crypto/bio/bss_bio.c vendored
View file

@ -149,9 +149,13 @@ static int bio_new(BIO *bio)
return 0; return 0;
b->peer = NULL; b->peer = NULL;
b->closed = 0;
b->len = 0;
b->offset = 0;
/* enough for one TLS record (just a default) */ /* enough for one TLS record (just a default) */
b->size = 17 * 1024; b->size = 17 * 1024;
b->buf = NULL; b->buf = NULL;
b->request = 0;
bio->ptr = b; bio->ptr = b;
return 1; return 1;
@ -655,15 +659,14 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
break; break;
case BIO_CTRL_EOF: case BIO_CTRL_EOF:
{ if (b->peer != NULL) {
BIO *other_bio = ptr; struct bio_bio_st *peer_b = b->peer->ptr;
if (other_bio) { if (peer_b->len == 0 && peer_b->closed)
struct bio_bio_st *other_b = other_bio->ptr; ret = 1;
else
assert(other_b != NULL); ret = 0;
ret = other_b->len == 0 && other_b->closed; } else {
} else
ret = 1; ret = 1;
} }
break; break;

24
thirdparty/openssl/crypto/bio/bss_file.c vendored
View file

@ -174,7 +174,11 @@ BIO *BIO_new_file(const char *filename, const char *mode)
if (file == NULL) { if (file == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error()); SYSerr(SYS_F_FOPEN, get_last_sys_error());
ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
if (errno == ENOENT) if (errno == ENOENT
# ifdef ENXIO
|| errno == ENXIO
# endif
)
BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE); BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
else else
BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB); BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
@ -283,6 +287,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
FILE *fp = (FILE *)b->ptr; FILE *fp = (FILE *)b->ptr;
FILE **fpp; FILE **fpp;
char p[4]; char p[4];
int st;
switch (cmd) { switch (cmd) {
case BIO_C_FILE_SEEK: case BIO_C_FILE_SEEK:
@ -314,8 +319,11 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) # if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
# define _IOB_ENTRIES 20 # define _IOB_ENTRIES 20
# endif # endif
# if defined(_IOB_ENTRIES)
/* Safety net to catch purely internal BIO_set_fp calls */ /* Safety net to catch purely internal BIO_set_fp calls */
# if defined(_MSC_VER) && _MSC_VER>=1900
if (ptr == stdin || ptr == stdout || ptr == stderr)
BIO_clear_flags(b, BIO_FLAGS_UPLINK);
# elif defined(_IOB_ENTRIES)
if ((size_t)ptr >= (size_t)stdin && if ((size_t)ptr >= (size_t)stdin &&
(size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES))
BIO_clear_flags(b, BIO_FLAGS_UPLINK); BIO_clear_flags(b, BIO_FLAGS_UPLINK);
@ -420,10 +428,14 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
b->shutdown = (int)num; b->shutdown = (int)num;
break; break;
case BIO_CTRL_FLUSH: case BIO_CTRL_FLUSH:
if (b->flags & BIO_FLAGS_UPLINK) st = b->flags & BIO_FLAGS_UPLINK
UP_fflush(b->ptr); ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr);
else if (st == EOF) {
fflush((FILE *)b->ptr); SYSerr(SYS_F_FFLUSH, get_last_sys_error());
ERR_add_error_data(1, "fflush()");
BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
ret = 0;
}
break; break;
case BIO_CTRL_DUP: case BIO_CTRL_DUP:
ret = 1; ret = 1;

2
thirdparty/openssl/crypto/bio/bss_rtcp.c vendored
View file

@ -170,6 +170,8 @@ static int rtcp_new(BIO *bi)
bi->num = 0; bi->num = 0;
bi->flags = 0; bi->flags = 0;
bi->ptr = OPENSSL_malloc(sizeof(struct rpc_ctx)); bi->ptr = OPENSSL_malloc(sizeof(struct rpc_ctx));
if (bi->ptr == NULL)
return (0);
ctx = (struct rpc_ctx *)bi->ptr; ctx = (struct rpc_ctx *)bi->ptr;
ctx->filled = 0; ctx->filled = 0;
ctx->pos = 0; ctx->pos = 0;

2
thirdparty/openssl/crypto/bn/asm/x86_64-gcc.c vendored
View file

@ -194,7 +194,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
BN_ULONG ret, waste; BN_ULONG ret, waste;
asm("divq %4":"=a"(ret), "=d"(waste) asm("divq %4":"=a"(ret), "=d"(waste)
: "a"(l), "d"(h), "g"(d) : "a"(l), "d"(h), "r"(d)
: "cc"); : "cc");
return ret; return ret;

4
thirdparty/openssl/crypto/bn/bn_div.c vendored
View file

@ -155,7 +155,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
({ asm volatile ( \ ({ asm volatile ( \
"divl %4" \ "divl %4" \
: "=a"(q), "=d"(rem) \ : "=a"(q), "=d"(rem) \
: "a"(n1), "d"(n0), "g"(d0) \ : "a"(n1), "d"(n0), "r"(d0) \
: "cc"); \ : "cc"); \
q; \ q; \
}) })
@ -170,7 +170,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
({ asm volatile ( \ ({ asm volatile ( \
"divq %4" \ "divq %4" \
: "=a"(q), "=d"(rem) \ : "=a"(q), "=d"(rem) \
: "a"(n1), "d"(n0), "g"(d0) \ : "a"(n1), "d"(n0), "r"(d0) \
: "cc"); \ : "cc"); \
q; \ q; \
}) })

5
thirdparty/openssl/crypto/bn/bn_exp.c vendored
View file

@ -180,8 +180,9 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
goto err; goto err;
} }
} }
if (r != rr) if (r != rr && BN_copy(r, rr) == NULL)
BN_copy(r, rr); goto err;
ret = 1; ret = 1;
err: err:
BN_CTX_end(ctx); BN_CTX_end(ctx);

2
thirdparty/openssl/crypto/bn/bn_lib.c vendored
View file

@ -569,7 +569,7 @@ void BN_clear(BIGNUM *a)
{ {
bn_check_top(a); bn_check_top(a);
if (a->d != NULL) if (a->d != NULL)
memset(a->d, 0, a->dmax * sizeof(a->d[0])); OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
a->top = 0; a->top = 0;
a->neg = 0; a->neg = 0;
} }

5
thirdparty/openssl/crypto/bn/bn_mul.c vendored
View file

@ -1083,8 +1083,9 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
end: end:
#endif #endif
bn_correct_top(rr); bn_correct_top(rr);
if (r != rr) if (r != rr && BN_copy(r, rr) == NULL)
BN_copy(r, rr); goto err;
ret = 1; ret = 1;
err: err:
bn_check_top(r); bn_check_top(r);

23
thirdparty/openssl/crypto/bn/bn_prime.c vendored
View file

@ -252,7 +252,6 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
BN_CTX *ctx = NULL; BN_CTX *ctx = NULL;
BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
BN_MONT_CTX *mont = NULL; BN_MONT_CTX *mont = NULL;
const BIGNUM *A = NULL;
if (BN_cmp(a, BN_value_one()) <= 0) if (BN_cmp(a, BN_value_one()) <= 0)
return 0; return 0;
@ -278,24 +277,14 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
goto err; goto err;
BN_CTX_start(ctx); BN_CTX_start(ctx);
/* A := abs(a) */
if (a->neg) {
BIGNUM *t;
if ((t = BN_CTX_get(ctx)) == NULL)
goto err;
BN_copy(t, a);
t->neg = 0;
A = t;
} else
A = a;
A1 = BN_CTX_get(ctx); A1 = BN_CTX_get(ctx);
A1_odd = BN_CTX_get(ctx); A1_odd = BN_CTX_get(ctx);
check = BN_CTX_get(ctx); check = BN_CTX_get(ctx);
if (check == NULL) if (check == NULL)
goto err; goto err;
/* compute A1 := A - 1 */ /* compute A1 := a - 1 */
if (!BN_copy(A1, A)) if (!BN_copy(A1, a))
goto err; goto err;
if (!BN_sub_word(A1, 1)) if (!BN_sub_word(A1, 1))
goto err; goto err;
@ -311,11 +300,11 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
if (!BN_rshift(A1_odd, A1, k)) if (!BN_rshift(A1_odd, A1, k))
goto err; goto err;
/* Montgomery setup for computations mod A */ /* Montgomery setup for computations mod a */
mont = BN_MONT_CTX_new(); mont = BN_MONT_CTX_new();
if (mont == NULL) if (mont == NULL)
goto err; goto err;
if (!BN_MONT_CTX_set(mont, A, ctx)) if (!BN_MONT_CTX_set(mont, a, ctx))
goto err; goto err;
for (i = 0; i < checks; i++) { for (i = 0; i < checks; i++) {
@ -323,9 +312,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
goto err; goto err;
if (!BN_add_word(check, 1)) if (!BN_add_word(check, 1))
goto err; goto err;
/* now 1 <= check < A */ /* now 1 <= check < a */
j = witness(check, A, A1, A1_odd, k, ctx, mont); j = witness(check, a, A1, A1_odd, k, ctx, mont);
if (j == -1) if (j == -1)
goto err; goto err;
if (j) { if (j) {

35
thirdparty/openssl/crypto/bn/bn_print.c vendored
View file

@ -72,12 +72,9 @@ char *BN_bn2hex(const BIGNUM *a)
char *buf; char *buf;
char *p; char *p;
if (a->neg && BN_is_zero(a)) { if (BN_is_zero(a))
/* "-0" == 3 bytes including NULL terminator */ return OPENSSL_strdup("0");
buf = OPENSSL_malloc(3);
} else {
buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
}
if (buf == NULL) { if (buf == NULL) {
BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
goto err; goto err;
@ -85,8 +82,6 @@ char *BN_bn2hex(const BIGNUM *a)
p = buf; p = buf;
if (a->neg) if (a->neg)
*(p++) = '-'; *(p++) = '-';
if (BN_is_zero(a))
*(p++) = '0';
for (i = a->top - 1; i >= 0; i--) { for (i = a->top - 1; i >= 0; i--) {
for (j = BN_BITS2 - 8; j >= 0; j -= 8) { for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
/* strip leading zeros */ /* strip leading zeros */
@ -111,6 +106,7 @@ char *BN_bn2dec(const BIGNUM *a)
char *p; char *p;
BIGNUM *t = NULL; BIGNUM *t = NULL;
BN_ULONG *bn_data = NULL, *lp; BN_ULONG *bn_data = NULL, *lp;
int bn_data_num;
/*- /*-
* get an upper bound for the length of the decimal integer * get an upper bound for the length of the decimal integer
@ -120,9 +116,9 @@ char *BN_bn2dec(const BIGNUM *a)
*/ */
i = BN_num_bits(a) * 3; i = BN_num_bits(a) * 3;
num = (i / 10 + i / 1000 + 1) + 1; num = (i / 10 + i / 1000 + 1) + 1;
bn_data = bn_data_num = num / BN_DEC_NUM + 1;
(BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG)); bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
buf = (char *)OPENSSL_malloc(num + 3); buf = OPENSSL_malloc(num + 3);
if ((buf == NULL) || (bn_data == NULL)) { if ((buf == NULL) || (bn_data == NULL)) {
BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE); BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
goto err; goto err;
@ -140,9 +136,12 @@ char *BN_bn2dec(const BIGNUM *a)
if (BN_is_negative(t)) if (BN_is_negative(t))
*p++ = '-'; *p++ = '-';
i = 0;
while (!BN_is_zero(t)) { while (!BN_is_zero(t)) {
if (lp - bn_data >= bn_data_num)
goto err;
*lp = BN_div_word(t, BN_DEC_CONV); *lp = BN_div_word(t, BN_DEC_CONV);
if (*lp == (BN_ULONG)-1)
goto err;
lp++; lp++;
} }
lp--; lp--;
@ -240,10 +239,12 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
} }
ret->top = h; ret->top = h;
bn_correct_top(ret); bn_correct_top(ret);
ret->neg = neg;
*bn = ret; *bn = ret;
bn_check_top(ret); bn_check_top(ret);
/* Don't set the negative flag if it's zero. */
if (ret->top != 0)
ret->neg = neg;
return (num); return (num);
err: err:
if (*bn == NULL) if (*bn == NULL)
@ -295,7 +296,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
if (j == BN_DEC_NUM) if (j == BN_DEC_NUM)
j = 0; j = 0;
l = 0; l = 0;
while (*a) { while (--i >= 0) {
l *= 10; l *= 10;
l += *a - '0'; l += *a - '0';
a++; a++;
@ -306,11 +307,13 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
j = 0; j = 0;
} }
} }
ret->neg = neg;
bn_correct_top(ret); bn_correct_top(ret);
*bn = ret; *bn = ret;
bn_check_top(ret); bn_check_top(ret);
/* Don't set the negative flag if it's zero. */
if (ret->top != 0)
ret->neg = neg;
return (num); return (num);
err: err:
if (*bn == NULL) if (*bn == NULL)
@ -321,6 +324,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
int BN_asc2bn(BIGNUM **bn, const char *a) int BN_asc2bn(BIGNUM **bn, const char *a)
{ {
const char *p = a; const char *p = a;
if (*p == '-') if (*p == '-')
p++; p++;
@ -331,7 +335,8 @@ int BN_asc2bn(BIGNUM **bn, const char *a)
if (!BN_dec2bn(bn, p)) if (!BN_dec2bn(bn, p))
return 0; return 0;
} }
if (*a == '-') /* Don't set the negative flag if it's zero. */
if (*a == '-' && (*bn)->top != 0)
(*bn)->neg = 1; (*bn)->neg = 1;
return 1; return 1;
} }

19
thirdparty/openssl/crypto/bn/bn_rand.c vendored
View file

@ -121,15 +121,14 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
int ret = 0, bit, bytes, mask; int ret = 0, bit, bytes, mask;
time_t tim; time_t tim;
if (bits < 0 || (bits == 1 && top > 0)) {
BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
return 0;
}
if (bits == 0) { if (bits == 0) {
if (top != -1 || bottom != 0)
goto toosmall;
BN_zero(rnd); BN_zero(rnd);
return 1; return 1;
} }
if (bits < 0 || (bits == 1 && top > 0))
goto toosmall;
bytes = (bits + 7) / 8; bytes = (bits + 7) / 8;
bit = (bits - 1) % 8; bit = (bits - 1) % 8;
@ -145,13 +144,9 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
time(&tim); time(&tim);
RAND_add(&tim, sizeof(tim), 0.0); RAND_add(&tim, sizeof(tim), 0.0);
if (pseudorand) { /* We ignore the value of pseudorand and always call RAND_bytes */
if (RAND_pseudo_bytes(buf, bytes) == -1)
goto err;
} else {
if (RAND_bytes(buf, bytes) <= 0) if (RAND_bytes(buf, bytes) <= 0)
goto err; goto err;
}
#if 1 #if 1
if (pseudorand == 2) { if (pseudorand == 2) {
@ -199,6 +194,10 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
} }
bn_check_top(rnd); bn_check_top(rnd);
return (ret); return (ret);
toosmall:
BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
return 0;
} }
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)

5
thirdparty/openssl/crypto/bn/bn_sqr.c vendored
View file

@ -143,8 +143,9 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
rr->top = max - 1; rr->top = max - 1;
else else
rr->top = max; rr->top = max;
if (rr != r) if (r != rr && BN_copy(r, rr) == NULL)
BN_copy(r, rr); goto err;
ret = 1; ret = 1;
err: err:
bn_check_top(rr); bn_check_top(rr);

22
thirdparty/openssl/crypto/bn/bn_word.c vendored
View file

@ -72,10 +72,32 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
if (w == 0) if (w == 0)
return (BN_ULONG)-1; return (BN_ULONG)-1;
#ifndef BN_LLONG
/*
* If |w| is too long and we don't have BN_ULLONG then we need to fall
* back to using BN_div_word
*/
if (w > ((BN_ULONG)1 << BN_BITS4)) {
BIGNUM *tmp = BN_dup(a);
if (tmp == NULL)
return (BN_ULONG)-1;
ret = BN_div_word(tmp, w);
BN_free(tmp);
return ret;
}
#endif
bn_check_top(a); bn_check_top(a);
w &= BN_MASK2; w &= BN_MASK2;
for (i = a->top - 1; i >= 0; i--) { for (i = a->top - 1; i >= 0; i--) {
#ifndef BN_LLONG #ifndef BN_LLONG
/*
* We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so
* | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are
* safe and will not overflow
*/
ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w; ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w; ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
#else #else

12
thirdparty/openssl/crypto/cms/cms_enc.c vendored
View file

@ -119,7 +119,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Generate a random IV if we need one */ /* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx); ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) { if (ivlen > 0) {
if (RAND_pseudo_bytes(iv, ivlen) <= 0) if (RAND_bytes(iv, ivlen) <= 0)
goto err; goto err;
piv = iv; piv = iv;
} }
@ -179,10 +179,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_INITIALISATION_ERROR); CMS_R_CIPHER_INITIALISATION_ERROR);
goto err; goto err;
} }
if (enc) {
if (piv) {
calg->parameter = ASN1_TYPE_new(); calg->parameter = ASN1_TYPE_new();
if (!calg->parameter) { if (calg->parameter == NULL) {
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE); CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
@ -191,6 +190,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err; goto err;
} }
/* If parameter type not set omit parameter */
if (calg->parameter->type == V_ASN1_UNDEF) {
ASN1_TYPE_free(calg->parameter);
calg->parameter = NULL;
}
} }
ok = 1; ok = 1;

3
thirdparty/openssl/crypto/cms/cms_ess.c vendored
View file

@ -107,8 +107,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
else { else {
if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
goto merr; goto merr;
if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0)
<= 0)
goto err; goto err;
} }

5
thirdparty/openssl/crypto/cms/cms_kari.c vendored
View file

@ -401,9 +401,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
* Pick a cipher based on content encryption cipher. If it is DES3 use * Pick a cipher based on content encryption cipher. If it is DES3 use
* DES3 wrap otherwise use AES wrap similar to key size. * DES3 wrap otherwise use AES wrap similar to key size.
*/ */
#ifndef OPENSSL_NO_DES
if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc) if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
kekcipher = EVP_des_ede3_wrap(); kekcipher = EVP_des_ede3_wrap();
else if (keylen <= 16) else
#endif
if (keylen <= 16)
kekcipher = EVP_aes_128_wrap(); kekcipher = EVP_aes_128_wrap();
else if (keylen <= 24) else if (keylen <= 24)
kekcipher = EVP_aes_192_wrap(); kekcipher = EVP_aes_192_wrap();

4
thirdparty/openssl/crypto/cms/cms_lib.c vendored
View file

@ -413,6 +413,8 @@ static STACK_OF(CMS_CertificateChoices)
return &cms->d.signedData->certificates; return &cms->d.signedData->certificates;
case NID_pkcs7_enveloped: case NID_pkcs7_enveloped:
if (cms->d.envelopedData->originatorInfo == NULL)
return NULL;
return &cms->d.envelopedData->originatorInfo->certificates; return &cms->d.envelopedData->originatorInfo->certificates;
default: default:
@ -488,6 +490,8 @@ static STACK_OF(CMS_RevocationInfoChoice)
return &cms->d.signedData->crls; return &cms->d.signedData->crls;
case NID_pkcs7_enveloped: case NID_pkcs7_enveloped:
if (cms->d.envelopedData->originatorInfo == NULL)
return NULL;
return &cms->d.envelopedData->originatorInfo->crls; return &cms->d.envelopedData->originatorInfo->crls;
default: default:

4
thirdparty/openssl/crypto/cms/cms_pwri.c vendored
View file

@ -134,7 +134,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
ivlen = EVP_CIPHER_CTX_iv_length(&ctx); ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
if (ivlen > 0) { if (ivlen > 0) {
if (RAND_pseudo_bytes(iv, ivlen) <= 0) if (RAND_bytes(iv, ivlen) <= 0)
goto err; goto err;
if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) { if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
@ -301,7 +301,7 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
memcpy(out + 4, in, inlen); memcpy(out + 4, in, inlen);
/* Add random padding to end */ /* Add random padding to end */
if (olen > inlen + 4 if (olen > inlen + 4
&& RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0) && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
return 0; return 0;
/* Encrypt twice */ /* Encrypt twice */
EVP_EncryptUpdate(ctx, out, &dummy, out, olen); EVP_EncryptUpdate(ctx, out, &dummy, out, olen);

23
thirdparty/openssl/crypto/comp/c_rle.c vendored
View file

@ -31,12 +31,11 @@ static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
unsigned int olen, unsigned char *in, unsigned int olen, unsigned char *in,
unsigned int ilen) unsigned int ilen)
{ {
/* int i; */ if (ilen == 0)
return 0;
if (ilen == 0 || olen < (ilen - 1)) { if (olen <= ilen)
/* ZZZZZZZZZZZZZZZZZZZZZZ */ return -1;
return (-1);
}
*(out++) = 0; *(out++) = 0;
memcpy(out, in, ilen); memcpy(out, in, ilen);
@ -49,14 +48,16 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
{ {
int i; int i;
if (olen < (ilen - 1)) { if (ilen == 0)
/* ZZZZZZZZZZZZZZZZZZZZZZ */ return 0;
return (-1);
} if (olen < (ilen - 1))
return -1;
i = *(in++); i = *(in++);
if (i == 0) { if (i != 0)
return -1;
memcpy(out, in, ilen - 1); memcpy(out, in, ilen - 1);
}
return (ilen - 1); return (ilen - 1);
} }

16
thirdparty/openssl/crypto/conf/conf_def.c vendored
View file

@ -69,6 +69,12 @@
#include <openssl/buffer.h> #include <openssl/buffer.h>
#include <openssl/err.h> #include <openssl/err.h>
/*
* The maximum length we can grow a value to after variable expansion. 64k
* should be more than enough for all reasonable uses.
*/
#define MAX_CONF_VALUE_LENGTH 65536
static char *eat_ws(CONF *conf, char *p); static char *eat_ws(CONF *conf, char *p);
static char *eat_alpha_numeric(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p);
static void clear_comments(CONF *conf, char *p); static void clear_comments(CONF *conf, char *p);
@ -530,6 +536,8 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
} else if (IS_EOF(conf, *from)) } else if (IS_EOF(conf, *from))
break; break;
else if (*from == '$') { else if (*from == '$') {
size_t newsize;
/* try to expand it */ /* try to expand it */
rrp = NULL; rrp = NULL;
s = &(from[1]); s = &(from[1]);
@ -584,8 +592,12 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE);
goto err; goto err;
} }
if (!BUF_MEM_grow_clean(buf, newsize = strlen(p) + buf->length - (e - from);
(strlen(p) + buf->length - (e - from)))) { if (newsize > MAX_CONF_VALUE_LENGTH) {
CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_EXPANSION_TOO_LONG);
goto err;
}
if (!BUF_MEM_grow_clean(buf, newsize)) {
CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE); CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }

4
thirdparty/openssl/crypto/conf/conf_def.h vendored
View file

@ -94,7 +94,7 @@
# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) # define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) # define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
#else /* CHARSET_EBCDIC */ #else /*CHARSET_EBCDIC*/
# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) # define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) # define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
@ -108,7 +108,7 @@
# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) # define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) # define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) # define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
#endif /* CHARSET_EBCDIC */ #endif /*CHARSET_EBCDIC*/
static unsigned short CONF_type_default[256] = { static unsigned short CONF_type_default[256] = {
0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,

2
thirdparty/openssl/crypto/conf/conf_err.c vendored
View file

@ -115,6 +115,8 @@ static ERR_STRING_DATA CONF_str_reasons[] = {
{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
"unable to create new section"}, "unable to create new section"},
{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"}, {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"},
{ERR_REASON(CONF_R_VARIABLE_EXPANSION_TOO_LONG),
"variable expansion too long"},
{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"}, {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"},
{0, NULL} {0, NULL}
}; };

4
thirdparty/openssl/crypto/conf/conf_mod.c vendored
View file

@ -288,6 +288,10 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
tmod->dso = dso; tmod->dso = dso;
tmod->name = BUF_strdup(name); tmod->name = BUF_strdup(name);
if (tmod->name == NULL) {
OPENSSL_free(tmod);
return NULL;
}
tmod->init = ifunc; tmod->init = ifunc;
tmod->finish = ffunc; tmod->finish = ffunc;
tmod->links = 0; tmod->links = 0;

2
thirdparty/openssl/crypto/des/des.c vendored
View file

@ -456,7 +456,7 @@ void doencryption(void)
len = l - rem; len = l - rem;
if (feof(DES_IN)) { if (feof(DES_IN)) {
for (i = 7 - rem; i > 0; i--) { for (i = 7 - rem; i > 0; i--) {
if (RAND_pseudo_bytes(buf + l++, 1) < 0) if (RAND_bytes(buf + l++, 1) <= 0)
goto problems; goto problems;
} }
buf[l++] = rem; buf[l++] = rem;

2
thirdparty/openssl/crypto/des/enc_writ.c vendored
View file

@ -135,7 +135,7 @@ int DES_enc_write(int fd, const void *_buf, int len,
if (len < 8) { if (len < 8) {
cp = shortbuf; cp = shortbuf;
memcpy(shortbuf, buf, len); memcpy(shortbuf, buf, len);
if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) { if (RAND_bytes(shortbuf + len, 8 - len) <= 0) {
return -1; return -1;
} }
rnum = 8; rnum = 8;

2
thirdparty/openssl/crypto/des/set_key.c vendored
View file

@ -120,7 +120,7 @@ int DES_check_key_parity(const_DES_cblock *key)
} }
/*- /*-
* Weak and semi week keys as take from * Weak and semi weak keys as taken from
* %A D.W. Davies * %A D.W. Davies
* %A W.L. Price * %A W.L. Price
* %T Security for Computer Networks * %T Security for Computer Networks

2
thirdparty/openssl/crypto/dh/dh_ameth.c vendored
View file

@ -519,7 +519,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
static int dh_missing_parameters(const EVP_PKEY *a) static int dh_missing_parameters(const EVP_PKEY *a)
{ {
if (!a->pkey.dh->p || !a->pkey.dh->g) if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
return 1; return 1;
return 0; return 0;
} }

2
thirdparty/openssl/crypto/dh/dh_key.c vendored
View file

@ -223,6 +223,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err; goto err;
BN_CTX_start(ctx); BN_CTX_start(ctx);
tmp = BN_CTX_get(ctx); tmp = BN_CTX_get(ctx);
if (tmp == NULL)
goto err;
if (dh->priv_key == NULL) { if (dh->priv_key == NULL) {
DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE); DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);

2
thirdparty/openssl/crypto/dsa/dsa_ameth.c vendored
View file

@ -350,7 +350,7 @@ static int dsa_missing_parameters(const EVP_PKEY *pkey)
{ {
DSA *dsa; DSA *dsa;
dsa = pkey->pkey.dsa; dsa = pkey->pkey.dsa;
if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
return 1; return 1;
return 0; return 0;
} }

7
thirdparty/openssl/crypto/dsa/dsa_gen.c vendored
View file

@ -185,6 +185,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
p = BN_CTX_get(ctx); p = BN_CTX_get(ctx);
test = BN_CTX_get(ctx); test = BN_CTX_get(ctx);
if (test == NULL)
goto err;
if (!BN_lshift(test, BN_value_one(), bits - 1)) if (!BN_lshift(test, BN_value_one(), bits - 1))
goto err; goto err;
@ -197,7 +200,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
goto err; goto err;
if (!seed_len || !seed_in) { if (!seed_len || !seed_in) {
if (RAND_pseudo_bytes(seed, qsize) < 0) if (RAND_bytes(seed, qsize) <= 0)
goto err; goto err;
seed_is_random = 1; seed_is_random = 1;
} else { } else {
@ -491,7 +494,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
goto err; goto err;
if (!seed_in) { if (!seed_in) {
if (RAND_pseudo_bytes(seed, seed_len) < 0) if (RAND_bytes(seed, seed_len) <= 0)
goto err; goto err;
} }
/* step 2 */ /* step 2 */

7
thirdparty/openssl/crypto/dsa/dsa_ossl.c vendored
View file

@ -247,11 +247,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
do do
if (!BN_rand_range(&k, dsa->q)) if (!BN_rand_range(&k, dsa->q))
goto err; goto err;
while (BN_is_zero(&k)) ; while (BN_is_zero(&k));
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
BN_set_flags(&k, BN_FLG_CONSTTIME); BN_set_flags(&k, BN_FLG_CONSTTIME);
} }
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
CRYPTO_LOCK_DSA, dsa->p, ctx)) CRYPTO_LOCK_DSA, dsa->p, ctx))
@ -264,6 +266,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
if (!BN_copy(&kq, &k)) if (!BN_copy(&kq, &k))
goto err; goto err;
BN_set_flags(&kq, BN_FLG_CONSTTIME);
/* /*
* We do not want timing information to leak the length of k, so we * We do not want timing information to leak the length of k, so we
* compute g^k using an equivalent exponent of fixed length. (This * compute g^k using an equivalent exponent of fixed length. (This
@ -282,6 +286,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
} else { } else {
K = &k; K = &k;
} }
DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
dsa->method_mont_p); dsa->method_mont_p);
if (!BN_mod(r, r, dsa->q, ctx)) if (!BN_mod(r, r, dsa->q, ctx))

2
thirdparty/openssl/crypto/dsa/dsa_pmeth.c vendored
View file

@ -180,7 +180,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
return 0; return 0;
} }
dctx->md = p2; dctx->pmd = p2;
return 1; return 1;
case EVP_PKEY_CTRL_MD: case EVP_PKEY_CTRL_MD:

20
thirdparty/openssl/crypto/ec/ec2_mult.c vendored
View file

@ -267,7 +267,7 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
BN_CTX *ctx) BN_CTX *ctx)
{ {
BIGNUM *x1, *x2, *z1, *z2; BIGNUM *x1, *x2, *z1, *z2;
int ret = 0, i; int ret = 0, i, group_top;
BN_ULONG mask, word; BN_ULONG mask, word;
if (r == point) { if (r == point) {
@ -297,10 +297,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
x2 = &r->X; x2 = &r->X;
z2 = &r->Y; z2 = &r->Y;
bn_wexpand(x1, group->field.top); group_top = group->field.top;
bn_wexpand(z1, group->field.top); if (bn_wexpand(x1, group_top) == NULL
bn_wexpand(x2, group->field.top); || bn_wexpand(z1, group_top) == NULL
bn_wexpand(z2, group->field.top); || bn_wexpand(x2, group_top) == NULL
|| bn_wexpand(z2, group_top) == NULL)
goto err;
if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) if (!BN_GF2m_mod_arr(x1, &point->X, group->poly))
goto err; /* x1 = x */ goto err; /* x1 = x */
@ -329,14 +331,14 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
for (; i >= 0; i--) { for (; i >= 0; i--) {
word = scalar->d[i]; word = scalar->d[i];
while (mask) { while (mask) {
BN_consttime_swap(word & mask, x1, x2, group->field.top); BN_consttime_swap(word & mask, x1, x2, group_top);
BN_consttime_swap(word & mask, z1, z2, group->field.top); BN_consttime_swap(word & mask, z1, z2, group_top);
if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx))
goto err; goto err;
if (!gf2m_Mdouble(group, x1, z1, ctx)) if (!gf2m_Mdouble(group, x1, z1, ctx))
goto err; goto err;
BN_consttime_swap(word & mask, x1, x2, group->field.top); BN_consttime_swap(word & mask, x1, x2, group_top);
BN_consttime_swap(word & mask, z1, z2, group->field.top); BN_consttime_swap(word & mask, z1, z2, group_top);
mask >>= 1; mask >>= 1;
} }
mask = BN_TBIT; mask = BN_TBIT;

36
thirdparty/openssl/crypto/ec/ec_ameth.c vendored
View file

@ -66,9 +66,12 @@
#endif #endif
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include "asn1_locl.h" #include "asn1_locl.h"
#include "ec_lcl.h"
#ifndef OPENSSL_NO_CMS
static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
#endif
static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
{ {
@ -221,6 +224,8 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
*pb = EC_KEY_get0_public_key(b->pkey.ec); *pb = EC_KEY_get0_public_key(b->pkey.ec);
if (group == NULL || pa == NULL || pb == NULL)
return -2;
r = EC_POINT_cmp(group, pa, pb, NULL); r = EC_POINT_cmp(group, pa, pb, NULL);
if (r == 0) if (r == 0)
return 1; return 1;
@ -299,15 +304,13 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{ {
EC_KEY *ec_key; EC_KEY ec_key = *(pkey->pkey.ec);
unsigned char *ep, *p; unsigned char *ep, *p;
int eplen, ptype; int eplen, ptype;
void *pval; void *pval;
unsigned int tmp_flags, old_flags; unsigned int old_flags;
ec_key = pkey->pkey.ec; if (!eckey_param2type(&ptype, &pval, &ec_key)) {
if (!eckey_param2type(&ptype, &pval, ec_key)) {
ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR); ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
return 0; return 0;
} }
@ -318,34 +321,31 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
* do not include the parameters in the SEC1 private key see PKCS#11 * do not include the parameters in the SEC1 private key see PKCS#11
* 12.11 * 12.11
*/ */
old_flags = EC_KEY_get_enc_flags(ec_key); old_flags = EC_KEY_get_enc_flags(&ec_key);
tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS);
EC_KEY_set_enc_flags(ec_key, tmp_flags);
eplen = i2d_ECPrivateKey(ec_key, NULL); eplen = i2d_ECPrivateKey(&ec_key, NULL);
if (!eplen) { if (!eplen) {
EC_KEY_set_enc_flags(ec_key, old_flags);
ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
return 0; return 0;
} }
ep = (unsigned char *)OPENSSL_malloc(eplen); ep = (unsigned char *)OPENSSL_malloc(eplen);
if (!ep) { if (!ep) {
EC_KEY_set_enc_flags(ec_key, old_flags);
ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
p = ep; p = ep;
if (!i2d_ECPrivateKey(ec_key, &p)) { if (!i2d_ECPrivateKey(&ec_key, &p)) {
EC_KEY_set_enc_flags(ec_key, old_flags);
OPENSSL_free(ep); OPENSSL_free(ep);
ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
return 0; return 0;
} }
/* restore old encoding flags */
EC_KEY_set_enc_flags(ec_key, old_flags);
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
ptype, pval, ep, eplen)) ptype, pval, ep, eplen)) {
OPENSSL_free(ep);
return 0; return 0;
}
return 1; return 1;
} }
@ -378,7 +378,7 @@ static int ec_bits(const EVP_PKEY *pkey)
static int ec_missing_parameters(const EVP_PKEY *pkey) static int ec_missing_parameters(const EVP_PKEY *pkey)
{ {
if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
return 1; return 1;
return 0; return 0;
} }
@ -398,6 +398,8 @@ static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
{ {
const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
*group_b = EC_KEY_get0_group(b->pkey.ec); *group_b = EC_KEY_get0_group(b->pkey.ec);
if (group_a == NULL || group_b == NULL)
return -2;
if (EC_GROUP_cmp(group_a, group_b, NULL)) if (EC_GROUP_cmp(group_a, group_b, NULL))
return 0; return 0;
else else

11
thirdparty/openssl/crypto/ec/ec_asn1.c vendored
View file

@ -62,17 +62,22 @@
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0]))
int EC_GROUP_get_basis_type(const EC_GROUP *group) int EC_GROUP_get_basis_type(const EC_GROUP *group)
{ {
int i = 0; int i;
if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
NID_X9_62_characteristic_two_field) NID_X9_62_characteristic_two_field)
/* everything else is currently not supported */ /* everything else is currently not supported */
return 0; return 0;
while (group->poly[i] != 0) /* Find the last non-zero element of group->poly[] */
i++; for (i = 0;
i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0;
i++)
continue;
if (i == 4) if (i == 4)
return NID_X9_62_ppBasis; return NID_X9_62_ppBasis;

9
thirdparty/openssl/crypto/ec/ec_key.c vendored
View file

@ -377,9 +377,9 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
return 0; return 0;
} }
ctx = BN_CTX_new(); ctx = BN_CTX_new();
if (!ctx) if (ctx == NULL)
goto err; return 0;
BN_CTX_start(ctx);
point = EC_POINT_new(key->group); point = EC_POINT_new(key->group);
if (!point) if (!point)
@ -432,9 +432,8 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
ok = 1; ok = 1;
err: err:
if (ctx) BN_CTX_end(ctx);
BN_CTX_free(ctx); BN_CTX_free(ctx);
if (point)
EC_POINT_free(point); EC_POINT_free(point);
return ok; return ok;

12
thirdparty/openssl/crypto/ec/ec_mult.c vendored
View file

@ -68,10 +68,14 @@
#include "ec_lcl.h" #include "ec_lcl.h"
/* /*
* This file implements the wNAF-based interleaving multi-exponentation method * This file implements the wNAF-based interleaving multi-exponentiation method
* (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>); * Formerly at:
* for multiplication with precomputation, we use wNAF splitting * http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp
* (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>). * You might now find it here:
* http://link.springer.com/chapter/10.1007%2F3-540-45537-X_13
* http://www.bmoeller.de/pdf/TI-01-08.multiexp.pdf
* For multiplication with precomputation, we use wNAF splitting, formerly at:
* http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp
*/ */
/* structure for precomputed multiples of the generator */ /* structure for precomputed multiples of the generator */

2
thirdparty/openssl/crypto/ec/eck_prn.c vendored
View file

@ -342,7 +342,7 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
size_t len, int off) size_t len, int off)
{ {
size_t i; size_t i;
char str[128]; char str[128 + 1 + 4];
if (buf == NULL) if (buf == NULL)
return 1; return 1;

111
thirdparty/openssl/crypto/ec/ecp_nistz256.c vendored
View file

@ -82,19 +82,36 @@ typedef struct ec_pre_comp_st {
} EC_PRE_COMP; } EC_PRE_COMP;
/* Functions implemented in assembly */ /* Functions implemented in assembly */
/* Modular mul by 2: res = 2*a mod P */ /*
void ecp_nistz256_mul_by_2(BN_ULONG res[P256_LIMBS], * Most of below mentioned functions *preserve* the property of inputs
const BN_ULONG a[P256_LIMBS]); * being fully reduced, i.e. being in [0, modulus) range. Simply put if
/* Modular div by 2: res = a/2 mod P */ * inputs are fully reduced, then output is too. Note that reverse is
void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS], * not true, in sense that given partially reduced inputs output can be
const BN_ULONG a[P256_LIMBS]); * either, not unlikely reduced. And "most" in first sentence refers to
/* Modular mul by 3: res = 3*a mod P */ * the fact that given the calculations flow one can tolerate that
void ecp_nistz256_mul_by_3(BN_ULONG res[P256_LIMBS], * addition, 1st function below, produces partially reduced result *if*
const BN_ULONG a[P256_LIMBS]); * multiplications by 2 and 3, which customarily use addition, fully
* reduce it. This effectively gives two options: a) addition produces
* fully reduced result [as long as inputs are, just like remaining
* functions]; b) addition is allowed to produce partially reduced
* result, but multiplications by 2 and 3 perform additional reduction
* step. Choice between the two can be platform-specific, but it was a)
* in all cases so far...
*/
/* Modular add: res = a+b mod P */ /* Modular add: res = a+b mod P */
void ecp_nistz256_add(BN_ULONG res[P256_LIMBS], void ecp_nistz256_add(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS], const BN_ULONG a[P256_LIMBS],
const BN_ULONG b[P256_LIMBS]); const BN_ULONG b[P256_LIMBS]);
/* Modular mul by 2: res = 2*a mod P */
void ecp_nistz256_mul_by_2(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS]);
/* Modular mul by 3: res = 3*a mod P */
void ecp_nistz256_mul_by_3(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS]);
/* Modular div by 2: res = a/2 mod P */
void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS]);
/* Modular sub: res = a-b mod P */ /* Modular sub: res = a-b mod P */
void ecp_nistz256_sub(BN_ULONG res[P256_LIMBS], void ecp_nistz256_sub(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS], const BN_ULONG a[P256_LIMBS],
@ -205,10 +222,12 @@ static BN_ULONG is_equal(const BN_ULONG a[P256_LIMBS],
return is_zero(res); return is_zero(res);
} }
static BN_ULONG is_one(const BN_ULONG a[P256_LIMBS]) static BN_ULONG is_one(const BIGNUM *z)
{ {
BN_ULONG res; BN_ULONG res = 0;
BN_ULONG *a = z->d;
if (z->top == (P256_LIMBS - P256_LIMBS / 8)) {
res = a[0] ^ ONE[0]; res = a[0] ^ ONE[0];
res |= a[1] ^ ONE[1]; res |= a[1] ^ ONE[1];
res |= a[2] ^ ONE[2]; res |= a[2] ^ ONE[2];
@ -217,9 +236,15 @@ static BN_ULONG is_one(const BN_ULONG a[P256_LIMBS])
res |= a[4] ^ ONE[4]; res |= a[4] ^ ONE[4];
res |= a[5] ^ ONE[5]; res |= a[5] ^ ONE[5];
res |= a[6] ^ ONE[6]; res |= a[6] ^ ONE[6];
/*
* no check for a[7] (being zero) on 32-bit platforms,
* because value of "one" takes only 7 limbs.
*/
}
res = is_zero(res);
} }
return is_zero(res); return res;
} }
static int ecp_nistz256_set_words(BIGNUM *a, BN_ULONG words[P256_LIMBS]) static int ecp_nistz256_set_words(BIGNUM *a, BN_ULONG words[P256_LIMBS])
@ -315,19 +340,16 @@ static void ecp_nistz256_point_add(P256_POINT *r,
const BN_ULONG *in2_y = b->Y; const BN_ULONG *in2_y = b->Y;
const BN_ULONG *in2_z = b->Z; const BN_ULONG *in2_z = b->Z;
/* We encode infinity as (0,0), which is not on the curve, /*
* so it is OK. */ * Infinity in encoded as (,,0)
in1infty = (in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] | */
in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]); in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]);
if (P256_LIMBS == 8) if (P256_LIMBS == 8)
in1infty |= (in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] | in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]);
in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]);
in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2infty = (in2_z[0] | in2_z[1] | in2_z[2] | in2_z[3]);
in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]);
if (P256_LIMBS == 8) if (P256_LIMBS == 8)
in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | in2infty |= (in2_z[4] | in2_z[5] | in2_z[6] | in2_z[7]);
in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]);
in1infty = is_zero(in1infty); in1infty = is_zero(in1infty);
in2infty = is_zero(in2infty); in2infty = is_zero(in2infty);
@ -416,15 +438,16 @@ static void ecp_nistz256_point_add_affine(P256_POINT *r,
const BN_ULONG *in2_y = b->Y; const BN_ULONG *in2_y = b->Y;
/* /*
* In affine representation we encode infty as (0,0), which is not on the * Infinity in encoded as (,,0)
* curve, so it is OK
*/ */
in1infty = (in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] | in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]);
in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]);
if (P256_LIMBS == 8) if (P256_LIMBS == 8)
in1infty |= (in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] | in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]);
in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]);
/*
* In affine representation we encode infinity as (0,0), which is
* not on the curve, so it is OK
*/
in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] |
in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]); in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]);
if (P256_LIMBS == 8) if (P256_LIMBS == 8)
@ -741,9 +764,8 @@ static int ecp_nistz256_is_affine_G(const EC_POINT *generator)
{ {
return (generator->X.top == P256_LIMBS) && return (generator->X.top == P256_LIMBS) &&
(generator->Y.top == P256_LIMBS) && (generator->Y.top == P256_LIMBS) &&
(generator->Z.top == (P256_LIMBS - P256_LIMBS / 8)) &&
is_equal(generator->X.d, def_xG) && is_equal(generator->X.d, def_xG) &&
is_equal(generator->Y.d, def_yG) && is_one(generator->Z.d); is_equal(generator->Y.d, def_yG) && is_one(&generator->Z);
} }
static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
@ -1249,6 +1271,8 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
} else } else
#endif #endif
{ {
BN_ULONG infty;
/* First window */ /* First window */
wvalue = (p_str[0] << 1) & mask; wvalue = (p_str[0] << 1) & mask;
index += window_size; index += window_size;
@ -1260,7 +1284,30 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
ecp_nistz256_neg(p.p.Z, p.p.Y); ecp_nistz256_neg(p.p.Z, p.p.Y);
copy_conditional(p.p.Y, p.p.Z, wvalue & 1); copy_conditional(p.p.Y, p.p.Z, wvalue & 1);
memcpy(p.p.Z, ONE, sizeof(ONE)); /*
* Since affine infinity is encoded as (0,0) and
* Jacobian ias (,,0), we need to harmonize them
* by assigning "one" or zero to Z.
*/
infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] |
p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
if (P256_LIMBS == 8)
infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
infty = 0 - is_zero(infty);
infty = ~infty;
p.p.Z[0] = ONE[0] & infty;
p.p.Z[1] = ONE[1] & infty;
p.p.Z[2] = ONE[2] & infty;
p.p.Z[3] = ONE[3] & infty;
if (P256_LIMBS == 8) {
p.p.Z[4] = ONE[4] & infty;
p.p.Z[5] = ONE[5] & infty;
p.p.Z[6] = ONE[6] & infty;
p.p.Z[7] = ONE[7] & infty;
}
for (i = 1; i < 37; i++) { for (i = 1; i < 37; i++) {
unsigned int off = (index - 1) / 8; unsigned int off = (index - 1) / 8;
@ -1331,7 +1378,7 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
!ecp_nistz256_set_words(&r->Z, p.p.Z)) { !ecp_nistz256_set_words(&r->Z, p.p.Z)) {
goto err; goto err;
} }
r->Z_is_one = is_one(p.p.Z) & 1; r->Z_is_one = is_one(&r->Z) & 1;
ret = 1; ret = 1;

4
thirdparty/openssl/crypto/ecdh/ech_ossl.c vendored
View file

@ -212,7 +212,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
BN_CTX_end(ctx); BN_CTX_end(ctx);
if (ctx) if (ctx)
BN_CTX_free(ctx); BN_CTX_free(ctx);
if (buf) if (buf) {
OPENSSL_cleanse(buf, buflen);
OPENSSL_free(buf); OPENSSL_free(buf);
}
return (ret); return (ret);
} }

34
thirdparty/openssl/crypto/engine/eng_cryptodev.c vendored
View file

@ -26,6 +26,7 @@
* *
*/ */
#include <string.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include <openssl/engine.h> #include <openssl/engine.h>
#include <openssl/evp.h> #include <openssl/evp.h>
@ -809,14 +810,15 @@ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) { if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
/* if application doesn't support one buffer */ /* if application doesn't support one buffer */
state->mac_data = char *mac_data =
OPENSSL_realloc(state->mac_data, state->mac_len + count); OPENSSL_realloc(state->mac_data, state->mac_len + count);
if (!state->mac_data) { if (mac_data == NULL) {
printf("cryptodev_digest_update: realloc failed\n"); printf("cryptodev_digest_update: realloc failed\n");
return (0); return (0);
} }
state->mac_data = mac_data;
memcpy(state->mac_data + state->mac_len, data, count); memcpy(state->mac_data + state->mac_len, data, count);
state->mac_len += count; state->mac_len += count;
@ -934,11 +936,15 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
return (0); return (0);
} }
dstate->mac_len = fstate->mac_len;
if (fstate->mac_len != 0) { if (fstate->mac_len != 0) {
if (fstate->mac_data != NULL) { if (fstate->mac_data != NULL) {
dstate->mac_data = OPENSSL_malloc(fstate->mac_len); dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
if (dstate->mac_data == NULL) {
printf("cryptodev_digest_init: malloc failed\n");
return 0;
}
memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len); memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
dstate->mac_len = fstate->mac_len;
} }
} }
@ -1064,8 +1070,7 @@ static void zapparams(struct crypt_kop *kop)
int i; int i;
for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) { for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
if (kop->crk_param[i].crp_p) OPENSSL_free(kop->crk_param[i].crp_p);
free(kop->crk_param[i].crp_p);
kop->crk_param[i].crp_p = NULL; kop->crk_param[i].crp_p = NULL;
kop->crk_param[i].crp_nbits = 0; kop->crk_param[i].crp_nbits = 0;
} }
@ -1078,16 +1083,25 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
int fd, ret = -1; int fd, ret = -1;
if ((fd = get_asym_dev_crypto()) < 0) if ((fd = get_asym_dev_crypto()) < 0)
return (ret); return ret;
if (r) { if (r) {
kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_malloc(rlen);
if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
return ret;
memset(kop->crk_param[kop->crk_iparams].crp_p, 0, (size_t)rlen);
kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
kop->crk_oparams++; kop->crk_oparams++;
} }
if (s) { if (s) {
kop->crk_param[kop->crk_iparams + 1].crp_p = kop->crk_param[kop->crk_iparams + 1].crp_p = OPENSSL_malloc(slen);
calloc(slen, sizeof(char)); /* No need to free the kop->crk_iparams parameter if it was allocated,
* callers of this routine have to free allocated parameters through
* zapparams both in case of success and failure
*/
if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL)
return ret;
memset(kop->crk_param[kop->crk_iparams + 1].crp_p, 0, (size_t)slen);
kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
kop->crk_oparams++; kop->crk_oparams++;
} }
@ -1100,7 +1114,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
ret = 0; ret = 0;
} }
return (ret); return ret;
} }
static int static int

4
thirdparty/openssl/crypto/err/err.c vendored
View file

@ -172,6 +172,7 @@ static ERR_STRING_DATA ERR_str_functs[] = {
# endif # endif
{ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"},
{ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, {ERR_PACK(0, SYS_F_FREAD, 0), "fread"},
{ERR_PACK(0, SYS_F_FFLUSH, 0), "fflush"},
{0, NULL}, {0, NULL},
}; };
@ -868,6 +869,9 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len)
const char *ls, *fs, *rs; const char *ls, *fs, *rs;
unsigned long l, f, r; unsigned long l, f, r;
if (len == 0)
return;
l = ERR_GET_LIB(e); l = ERR_GET_LIB(e);
f = ERR_GET_FUNC(e); f = ERR_GET_FUNC(e);
r = ERR_GET_REASON(e); r = ERR_GET_REASON(e);

17
thirdparty/openssl/crypto/evp/bio_enc.c vendored
View file

@ -201,9 +201,14 @@ static int enc_read(BIO *b, char *out, int outl)
break; break;
} }
} else { } else {
EVP_CipherUpdate(&(ctx->cipher), if (!EVP_CipherUpdate(&ctx->cipher,
(unsigned char *)ctx->buf, &ctx->buf_len, (unsigned char *)ctx->buf, &ctx->buf_len,
(unsigned char *)&(ctx->buf[BUF_OFFSET]), i); (unsigned char *)&(ctx->buf[BUF_OFFSET]),
i)) {
BIO_clear_retry_flags(b);
ctx->ok = 0;
return 0;
}
ctx->cont = 1; ctx->cont = 1;
/* /*
* Note: it is possible for EVP_CipherUpdate to decrypt zero * Note: it is possible for EVP_CipherUpdate to decrypt zero
@ -260,9 +265,13 @@ static int enc_write(BIO *b, const char *in, int inl)
ctx->buf_off = 0; ctx->buf_off = 0;
while (inl > 0) { while (inl > 0) {
n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
EVP_CipherUpdate(&(ctx->cipher), if (!EVP_CipherUpdate(&ctx->cipher,
(unsigned char *)ctx->buf, &ctx->buf_len, (unsigned char *)ctx->buf, &ctx->buf_len,
(unsigned char *)in, n); (unsigned char *)in, n)) {
BIO_clear_retry_flags(b);
ctx->ok = 0;
return 0;
}
inl -= n; inl -= n;
in += n; in += n;

2
thirdparty/openssl/crypto/evp/bio_ok.c vendored
View file

@ -491,7 +491,7 @@ static int sig_out(BIO *b)
* FIXME: there's absolutely no guarantee this makes any sense at all, * FIXME: there's absolutely no guarantee this makes any sense at all,
* particularly now EVP_MD_CTX has been restructured. * particularly now EVP_MD_CTX has been restructured.
*/ */
if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0) if (RAND_bytes(md->md_data, md->digest->md_size) <= 0)
goto berr; goto berr;
memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);

5
thirdparty/openssl/crypto/evp/c_all.c vendored
View file

@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void)
OPENSSL_cpuid_setup(); OPENSSL_cpuid_setup();
OpenSSL_add_all_ciphers(); OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
#ifndef OPENSSL_NO_ENGINE
# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
ENGINE_setup_bsd_cryptodev();
# endif
#endif
} }

14
thirdparty/openssl/crypto/evp/digest.c vendored
View file

@ -253,10 +253,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
{ {
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (FIPS_mode())
return FIPS_digestupdate(ctx, data, count); return FIPS_digestupdate(ctx, data, count);
#else
return ctx->update(ctx, data, count);
#endif #endif
return ctx->update(ctx, data, count);
} }
/* The caller can assume that this removes any secret data from the context */ /* The caller can assume that this removes any secret data from the context */
@ -271,10 +271,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
/* The caller can assume that this removes any secret data from the context */ /* The caller can assume that this removes any secret data from the context */
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{ {
#ifdef OPENSSL_FIPS
return FIPS_digestfinal(ctx, md, size);
#else
int ret; int ret;
#ifdef OPENSSL_FIPS
if (FIPS_mode())
return FIPS_digestfinal(ctx, md, size);
#endif
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret = ctx->digest->final(ctx, md); ret = ctx->digest->final(ctx, md);
@ -284,9 +285,8 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
ctx->digest->cleanup(ctx); ctx->digest->cleanup(ctx);
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
} }
memset(ctx->md_data, 0, ctx->digest->ctx_size); OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
return ret; return ret;
#endif
} }
int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)

13
thirdparty/openssl/crypto/evp/e_aes.c vendored
View file

@ -155,10 +155,10 @@ void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
const unsigned char ivec[AES_BLOCK_SIZE]); const unsigned char ivec[AES_BLOCK_SIZE]);
# endif # endif
# ifdef AES_XTS_ASM # ifdef AES_XTS_ASM
void AES_xts_encrypt(const char *inp, char *out, size_t len, void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
const AES_KEY *key1, const AES_KEY *key2, const AES_KEY *key1, const AES_KEY *key2,
const unsigned char iv[16]); const unsigned char iv[16]);
void AES_xts_decrypt(const char *inp, char *out, size_t len, void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
const AES_KEY *key1, const AES_KEY *key2, const AES_KEY *key1, const AES_KEY *key2,
const unsigned char iv[16]); const unsigned char iv[16]);
# endif # endif
@ -1120,6 +1120,8 @@ BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS)
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{ {
EVP_AES_GCM_CTX *gctx = c->cipher_data; EVP_AES_GCM_CTX *gctx = c->cipher_data;
if (gctx == NULL)
return 0;
OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
if (gctx->iv != c->iv) if (gctx->iv != c->iv)
OPENSSL_free(gctx->iv); OPENSSL_free(gctx->iv);
@ -1235,10 +1237,15 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{ {
unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
/* Correct length for explicit IV */ /* Correct length for explicit IV */
if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
return 0;
len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
/* If decrypting correct for tag too */ /* If decrypting correct for tag too */
if (!c->encrypt) if (!c->encrypt) {
if (len < EVP_GCM_TLS_TAG_LEN)
return 0;
len -= EVP_GCM_TLS_TAG_LEN; len -= EVP_GCM_TLS_TAG_LEN;
}
c->buf[arg - 2] = len >> 8; c->buf[arg - 2] = len >> 8;
c->buf[arg - 1] = len & 0xff; c->buf[arg - 1] = len & 0xff;
} }

2
thirdparty/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c vendored
View file

@ -859,6 +859,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
key->payload_length = len; key->payload_length = len;
if ((key->aux.tls_ver = if ((key->aux.tls_ver =
p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
if (len < AES_BLOCK_SIZE)
return 0;
len -= AES_BLOCK_SIZE; len -= AES_BLOCK_SIZE;
p[arg - 2] = len >> 8; p[arg - 2] = len >> 8;
p[arg - 1] = len; p[arg - 1] = len;

6
thirdparty/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c vendored
View file

@ -825,15 +825,19 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
case EVP_CTRL_AEAD_TLS1_AAD: case EVP_CTRL_AEAD_TLS1_AAD:
{ {
unsigned char *p = ptr; unsigned char *p = ptr;
unsigned int len = p[arg - 2] << 8 | p[arg - 1]; unsigned int len;
if (arg != EVP_AEAD_TLS1_AAD_LEN) if (arg != EVP_AEAD_TLS1_AAD_LEN)
return -1; return -1;
len = p[arg - 2] << 8 | p[arg - 1];
if (ctx->encrypt) { if (ctx->encrypt) {
key->payload_length = len; key->payload_length = len;
if ((key->aux.tls_ver = if ((key->aux.tls_ver =
p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
if (len < AES_BLOCK_SIZE)
return 0;
len -= AES_BLOCK_SIZE; len -= AES_BLOCK_SIZE;
p[arg - 2] = len >> 8; p[arg - 2] = len >> 8;
p[arg - 1] = len; p[arg - 1] = len;

2
thirdparty/openssl/crypto/evp/e_des3.c vendored
View file

@ -212,6 +212,8 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
size_t n; size_t n;
unsigned char c[1], d[1]; unsigned char c[1], d[1];
if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
inl *= 8;
for (n = 0; n < inl; ++n) { for (n = 0; n < inl; ++n) {
c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
DES_ede3_cfb_encrypt(c, d, 1, 1, DES_ede3_cfb_encrypt(c, d, 1, 1,

6
thirdparty/openssl/crypto/evp/e_rc4_hmac_md5.c vendored
View file

@ -99,7 +99,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
return 1; return 1;
} }
# if !defined(OPENSSL_NO_ASM) && ( \ # if defined(RC4_ASM) && defined(MD5_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \ defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) || \ defined(_M_AMD64) || defined(_M_X64) || \
defined(__INTEL__) ) && \ defined(__INTEL__) ) && \
@ -254,6 +254,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
MD5_Init(&key->tail); MD5_Init(&key->tail);
MD5_Update(&key->tail, hmac_key, sizeof(hmac_key)); MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
return 1; return 1;
} }
case EVP_CTRL_AEAD_TLS1_AAD: case EVP_CTRL_AEAD_TLS1_AAD:
@ -267,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
len = p[arg - 2] << 8 | p[arg - 1]; len = p[arg - 2] << 8 | p[arg - 1];
if (!ctx->encrypt) { if (!ctx->encrypt) {
if (len < MD5_DIGEST_LENGTH)
return -1;
len -= MD5_DIGEST_LENGTH; len -= MD5_DIGEST_LENGTH;
p[arg - 2] = len >> 8; p[arg - 2] = len >> 8;
p[arg - 1] = len; p[arg - 1] = len;

3
thirdparty/openssl/crypto/evp/e_seed.c vendored
View file

@ -70,7 +70,8 @@ typedef struct {
} EVP_SEED_KEY; } EVP_SEED_KEY;
IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed, IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
16, 16, 16, 128, 0, seed_init_key, 0, 0, 0, 0) 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
seed_init_key, 0, 0, 0, 0)
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc) const unsigned char *iv, int enc)

11
thirdparty/openssl/crypto/evp/evp_enc.c vendored
View file

@ -170,7 +170,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if (FIPS_mode()) { if (FIPS_mode()) {
const EVP_CIPHER *fcipher; const EVP_CIPHER *fcipher = NULL;
if (cipher) if (cipher)
fcipher = evp_get_fips_cipher(cipher); fcipher = evp_get_fips_cipher(cipher);
if (fcipher) if (fcipher)
@ -182,6 +182,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
if (ctx->cipher->ctx_size) { if (ctx->cipher->ctx_size) {
ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
if (!ctx->cipher_data) { if (!ctx->cipher_data) {
ctx->cipher = NULL;
EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
@ -193,6 +194,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
ctx->cipher = NULL;
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0; return 0;
} }
@ -654,6 +656,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
if (in->cipher_data && in->cipher->ctx_size) { if (in->cipher_data && in->cipher->ctx_size) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
if (!out->cipher_data) { if (!out->cipher_data) {
out->cipher = NULL;
EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
@ -661,6 +664,10 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
} }
if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
out->cipher = NULL;
EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
return 0;
}
return 1; return 1;
} }

3
thirdparty/openssl/crypto/evp/evp_err.c vendored
View file

@ -1,6 +1,6 @@
/* crypto/evp/evp_err.c */ /* crypto/evp/evp_err.c */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -192,6 +192,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
{ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
{ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
{ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},
{ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
{ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"}, {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"},

22
thirdparty/openssl/crypto/evp/openbsd_hw.c vendored
View file

@ -133,6 +133,10 @@ static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher,
return 0; return 0;
CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY); CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY);
if (CDATA(ctx)->key == NULL {
err("CDATA(ctx)->key memory allocation failed");
return 0;
}
assert(ctx->cipher->iv_len <= MAX_HW_IV); assert(ctx->cipher->iv_len <= MAX_HW_IV);
@ -186,6 +190,11 @@ static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (((unsigned long)in & 3) || cinl != inl) { if (((unsigned long)in & 3) || cinl != inl) {
cin = OPENSSL_malloc(cinl); cin = OPENSSL_malloc(cinl);
if (cin == NULL) {
err("cin - memory allocation failed");
abort();
return 0;
}
memcpy(cin, in, inl); memcpy(cin, in, inl);
cryp.src = cin; cryp.src = cin;
} }
@ -334,6 +343,11 @@ static int do_digest(int ses, unsigned char *md, const void *data, int len)
char *dcopy; char *dcopy;
dcopy = OPENSSL_malloc(len); dcopy = OPENSSL_malloc(len);
if (dcopy == NULL) {
err("dcopy - memory allocation failed");
abort();
return 0;
}
memcpy(dcopy, data, len); memcpy(dcopy, data, len);
cryp.src = dcopy; cryp.src = dcopy;
cryp.dst = cryp.src; // FIXME!!! cryp.dst = cryp.src; // FIXME!!!
@ -364,6 +378,10 @@ static int dev_crypto_md5_update(EVP_MD_CTX *ctx, const void *data,
return do_digest(md_data->sess.ses, md_data->md, data, len); return do_digest(md_data->sess.ses, md_data->md, data, len);
md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len); md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len);
if (md_data->data == NULL) {
err("DEV_CRYPTO_MD5_UPDATE: unable to allocate memory");
abort();
}
memcpy(md_data->data + md_data->len, data, len); memcpy(md_data->data + md_data->len, data, len);
md_data->len += len; md_data->len += len;
@ -397,6 +415,10 @@ static int dev_crypto_md5_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
assert(from->digest->flags & EVP_MD_FLAG_ONESHOT); assert(from->digest->flags & EVP_MD_FLAG_ONESHOT);
to_md->data = OPENSSL_malloc(from_md->len); to_md->data = OPENSSL_malloc(from_md->len);
if (to_md->data == NULL) {
err("DEV_CRYPTO_MD5_COPY: unable to allocate memory");
abort();
}
memcpy(to_md->data, from_md->data, from_md->len); memcpy(to_md->data, from_md->data, from_md->len);
return 1; return 1;

8
thirdparty/openssl/crypto/evp/p_lib.c vendored
View file

@ -130,6 +130,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS); EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
goto err; goto err;
} }
if (!EVP_PKEY_missing_parameters(to)) {
if (EVP_PKEY_cmp_parameters(to, from) == 1)
return 1;
EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
return 0;
}
if (from->ameth && from->ameth->param_copy) if (from->ameth && from->ameth->param_copy)
return from->ameth->param_copy(to, from); return from->ameth->param_copy(to, from);
err: err:

16
thirdparty/openssl/crypto/evp/pmeth_fn.c vendored
View file

@ -65,17 +65,19 @@
#include "evp_locl.h" #include "evp_locl.h"
#define M_check_autoarg(ctx, arg, arglen, err) \ #define M_check_autoarg(ctx, arg, arglen, err) \
if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \
{ \
size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
if (!arg) \ \
{ \ if (pksize == 0) { \
EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \
return 0; \
} \
if (!arg) { \
*arglen = pksize; \ *arglen = pksize; \
return 1; \ return 1; \
} \ } \
else if (*arglen < pksize) \ if (*arglen < pksize) { \
{ \ EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
return 0; \ return 0; \
} \ } \
} }

4
thirdparty/openssl/crypto/evp/pmeth_gn.c vendored
View file

@ -149,8 +149,10 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
if (!ppkey) if (!ppkey)
return -1; return -1;
if (!*ppkey) if (*ppkey == NULL)
*ppkey = EVP_PKEY_new(); *ppkey = EVP_PKEY_new();
if (*ppkey == NULL)
return -1;
ret = ctx->pmeth->keygen(ctx, *ppkey); ret = ctx->pmeth->keygen(ctx, *ppkey);
if (ret <= 0) { if (ret <= 0) {

32
thirdparty/openssl/crypto/evp/pmeth_lib.c vendored
View file

@ -91,7 +91,9 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
&ec_pkey_meth, &ec_pkey_meth,
#endif #endif
&hmac_pkey_meth, &hmac_pkey_meth,
#ifndef OPENSSL_NO_CMAC
&cmac_pkey_meth, &cmac_pkey_meth,
#endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
&dhx_pkey_meth &dhx_pkey_meth
#endif #endif
@ -186,6 +188,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
if (pmeth->init) { if (pmeth->init) {
if (pmeth->init(ret) <= 0) { if (pmeth->init(ret) <= 0) {
ret->pmeth = NULL;
EVP_PKEY_CTX_free(ret); EVP_PKEY_CTX_free(ret);
return NULL; return NULL;
} }
@ -197,6 +200,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
{ {
EVP_PKEY_METHOD *pmeth; EVP_PKEY_METHOD *pmeth;
pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD)); pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD));
if (!pmeth) if (!pmeth)
return NULL; return NULL;
@ -205,33 +209,6 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
pmeth->pkey_id = id; pmeth->pkey_id = id;
pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
pmeth->init = 0;
pmeth->copy = 0;
pmeth->cleanup = 0;
pmeth->paramgen_init = 0;
pmeth->paramgen = 0;
pmeth->keygen_init = 0;
pmeth->keygen = 0;
pmeth->sign_init = 0;
pmeth->sign = 0;
pmeth->verify_init = 0;
pmeth->verify = 0;
pmeth->verify_recover_init = 0;
pmeth->verify_recover = 0;
pmeth->signctx_init = 0;
pmeth->signctx = 0;
pmeth->verifyctx_init = 0;
pmeth->verifyctx = 0;
pmeth->encrypt_init = 0;
pmeth->encrypt = 0;
pmeth->decrypt_init = 0;
pmeth->decrypt = 0;
pmeth->derive_init = 0;
pmeth->derive = 0;
pmeth->ctrl = 0;
pmeth->ctrl_str = 0;
return pmeth; return pmeth;
} }
@ -339,6 +316,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
if (pctx->pmeth->copy(rctx, pctx) > 0) if (pctx->pmeth->copy(rctx, pctx) > 0)
return rctx; return rctx;
rctx->pmeth = NULL;
EVP_PKEY_CTX_free(rctx); EVP_PKEY_CTX_free(rctx);
return NULL; return NULL;

Some files were not shown because too many files have changed in this diff Show more