aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2021-02-16 19:54:02 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2021-02-16 19:54:02 +0000
commit4f55bd5321b72491d4eff396e4928e9ab0706735 (patch)
tree46adf486ba58f712ebd071b5d2dbeda04c45833b
parentc25134eb4f5842c16f8f372a1e28849794d70883 (diff)
downloadsrc-4f55bd5321b72491d4eff396e4928e9ab0706735.tar.gz
src-4f55bd5321b72491d4eff396e4928e9ab0706735.zip
Import OpenSSL 1.1.1j.vendor/openssl/1.1.1j
-rw-r--r--AUTHORS7
-rw-r--r--CHANGES37
-rw-r--r--CONTRIBUTING4
-rwxr-xr-xConfigure29
-rw-r--r--INSTALL15
-rw-r--r--NEWS10
-rw-r--r--README2
-rwxr-xr-x[-rw-r--r--]apps/ca.c53
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aes-armv4.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aes-c64xplus.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aes-mips.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aes-parisc.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aes-ppc.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aes-s390x.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aesfx-sparcv9.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aesni-mb-x86_64.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aesni-sha1-x86_64.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aesni-sha256-x86_64.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aesni-x86.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aesni-x86_64.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/aest4-sparcv9.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/bsaes-armv7.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/vpaes-ppc.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/vpaes-x86.pl0
-rw-r--r--[-rwxr-xr-x]crypto/aes/asm/vpaes-x86_64.pl0
-rw-r--r--crypto/armcap.c19
-rw-r--r--[-rwxr-xr-x]crypto/armv4cpuid.pl0
-rw-r--r--crypto/asn1/charmap.h2
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/armv4-gf2m.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/armv4-mont.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/c64xplus-gf2m.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/ia64-mont.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/mips-mont.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/mips.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/parisc-mont.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/ppc-mont.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/ppc64-mont.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/s390x-gf2m.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/s390x-mont.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/s390x.S0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/sparcv9-gf2m.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/sparcv9-mont.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/via-mont.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/vis3-mont.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/x86-gf2m.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/asm/x86_64-gf2m.pl0
-rw-r--r--[-rwxr-xr-x]crypto/bn/bn_const.c0
-rw-r--r--crypto/bn/bn_prime.h2
-rw-r--r--[-rwxr-xr-x]crypto/c64xpluscpuid.pl0
-rw-r--r--[-rwxr-xr-x]crypto/camellia/asm/cmll-x86.pl0
-rw-r--r--[-rwxr-xr-x]crypto/camellia/asm/cmll-x86_64.pl0
-rw-r--r--[-rwxr-xr-x]crypto/camellia/asm/cmllt4-sparcv9.pl0
-rw-r--r--crypto/conf/conf_def.c16
-rw-r--r--crypto/conf/conf_def.h2
-rw-r--r--[-rwxr-xr-x]crypto/des/asm/dest4-sparcv9.pl0
-rw-r--r--crypto/dh/dh_key.c33
-rw-r--r--[-rwxr-xr-x]crypto/ec/asm/ecp_nistz256-armv8.pl0
-rw-r--r--crypto/err/openssl.txt3
-rw-r--r--crypto/evp/evp_enc.c27
-rw-r--r--crypto/evp/evp_err.c4
-rw-r--r--[-rwxr-xr-x]crypto/md5/asm/md5-sparcv9.pl0
-rw-r--r--crypto/mem_sec.c8
-rw-r--r--[-rwxr-xr-x]crypto/modes/asm/aesni-gcm-x86_64.pl0
-rw-r--r--[-rwxr-xr-x]crypto/modes/asm/ghash-armv4.pl0
-rw-r--r--[-rwxr-xr-x]crypto/modes/asm/ghash-c64xplus.pl0
-rw-r--r--[-rwxr-xr-x]crypto/modes/asm/ghash-parisc.pl0
-rw-r--r--[-rwxr-xr-x]crypto/modes/asm/ghash-s390x.pl0
-rw-r--r--[-rwxr-xr-x]crypto/modes/asm/ghash-sparcv9.pl0
-rw-r--r--[-rwxr-xr-x]crypto/modes/asm/ghash-x86.pl0
-rw-r--r--[-rwxr-xr-x]crypto/modes/asm/ghash-x86_64.pl0
-rw-r--r--[-rwxr-xr-x]crypto/modes/asm/ghashv8-armx.pl0
-rw-r--r--crypto/objects/obj_dat.h2
-rw-r--r--crypto/objects/obj_xref.h2
-rw-r--r--[-rwxr-xr-x]crypto/objects/objxref.pl0
-rw-r--r--[-rwxr-xr-x]crypto/ocsp/ocsp_cl.c0
-rw-r--r--[-rwxr-xr-x]crypto/ocsp/ocsp_ext.c0
-rw-r--r--[-rwxr-xr-x]crypto/ocsp/ocsp_lib.c0
-rw-r--r--[-rwxr-xr-x]crypto/ocsp/ocsp_srv.c0
-rw-r--r--[-rwxr-xr-x]crypto/pariscid.pl0
-rw-r--r--[-rwxr-xr-x]crypto/perlasm/sparcv9_modes.pl0
-rw-r--r--[-rwxr-xr-x]crypto/perlasm/x86gas.pl0
-rw-r--r--[-rwxr-xr-x]crypto/perlasm/x86masm.pl0
-rwxr-xr-xcrypto/poly1305/asm/poly1305-armv4.pl13
-rw-r--r--crypto/ppccap.c20
-rw-r--r--[-rwxr-xr-x]crypto/rc4/asm/rc4-c64xplus.pl0
-rw-r--r--[-rwxr-xr-x]crypto/rc4/asm/rc4-md5-x86_64.pl0
-rw-r--r--[-rwxr-xr-x]crypto/rc4/asm/rc4-parisc.pl0
-rw-r--r--[-rwxr-xr-x]crypto/rc4/asm/rc4-s390x.pl0
-rw-r--r--crypto/rsa/rsa_ssl.c10
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha1-armv4-large.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha1-armv8.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha1-c64xplus.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha1-mb-x86_64.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha1-mips.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha1-parisc.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha1-s390x.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha1-sparcv9.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha1-sparcv9a.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha1-thumb.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha256-586.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha256-armv4.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha256-c64xplus.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha256-mb-x86_64.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha512-586.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha512-armv4.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha512-armv8.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha512-c64xplus.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha512-mips.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha512-s390x.pl0
-rw-r--r--[-rwxr-xr-x]crypto/sha/asm/sha512-sparcv9.pl0
-rw-r--r--crypto/srp/srp_lib.c13
-rw-r--r--[-rwxr-xr-x]crypto/vms_rms.h0
-rw-r--r--[-rwxr-xr-x]crypto/whrlpool/asm/wp-mmx.pl0
-rw-r--r--[-rwxr-xr-x]crypto/whrlpool/asm/wp-x86_64.pl0
-rw-r--r--crypto/x509/x509_cmp.c24
-rw-r--r--crypto/x509/x509_vfy.c15
-rw-r--r--crypto/x509/x_all.c4
-rw-r--r--crypto/x509/x_attrib.c5
-rw-r--r--crypto/x509v3/v3_purp.c14
-rw-r--r--doc/man1/ca.pod4
-rw-r--r--doc/man1/cms.pod4
-rw-r--r--doc/man1/crl2pkcs7.pod4
-rw-r--r--doc/man1/dgst.pod4
-rw-r--r--doc/man1/dsa.pod6
-rw-r--r--doc/man1/ec.pod6
-rw-r--r--doc/man1/enc.pod4
-rw-r--r--doc/man1/genpkey.pod4
-rw-r--r--doc/man1/genrsa.pod4
-rw-r--r--doc/man1/pkcs12.pod14
-rw-r--r--doc/man1/pkcs8.pod6
-rw-r--r--doc/man1/pkey.pod6
-rw-r--r--doc/man1/pkeyutl.pod4
-rw-r--r--doc/man1/req.pod6
-rw-r--r--doc/man1/rsa.pod6
-rw-r--r--doc/man1/s_client.pod4
-rw-r--r--doc/man1/s_server.pod4
-rw-r--r--doc/man1/smime.pod4
-rw-r--r--doc/man1/spkac.pod4
-rw-r--r--doc/man1/storeutl.pod4
-rw-r--r--doc/man1/ts.pod4
-rw-r--r--doc/man1/x509.pod4
-rw-r--r--doc/man3/DH_generate_key.pod27
-rw-r--r--doc/man3/OCSP_sendreq_new.pod28
-rw-r--r--doc/man3/OPENSSL_malloc.pod2
-rw-r--r--doc/man3/X509_get_extension_flags.pod11
-rw-r--r--[-rwxr-xr-x]engines/asm/e_padlock-x86.pl0
-rw-r--r--[-rwxr-xr-x]engines/asm/e_padlock-x86_64.pl0
-rw-r--r--include/openssl/evperr.h7
-rw-r--r--include/openssl/obj_mac.h2
-rw-r--r--include/openssl/opensslv.h4
-rw-r--r--include/openssl/x509v3.h7
-rw-r--r--ssl/d1_lib.c11
-rw-r--r--ssl/record/rec_layer_d1.c5
-rw-r--r--ssl/ssl_local.h3
-rw-r--r--ssl/statem/extensions.c5
-rw-r--r--ssl/statem/statem_clnt.c3
-rw-r--r--ssl/statem/statem_lib.c15
157 files changed, 433 insertions, 202 deletions
diff --git a/AUTHORS b/AUTHORS
index ac93b2e7b975..dac46f8b7e08 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -13,6 +13,8 @@ Ben Kaduk
Bernd Edlinger
Bodo Möller
David Benjamin
+David von Oheimb
+Dmitry Belyavskiy (Дмитрий Белявский)
Emilia Käsper
Eric Young
Geoff Thorpe
@@ -22,14 +24,19 @@ Lutz Jänicke
Mark J. Cox
Matt Caswell
Matthias St. Pierre
+Nicola Tuveri
Nils Larsch
+Patrick Steuer
Paul Dale
Paul C. Sutton
+Paul Yang
Ralf S. Engelschall
Rich Salz
Richard Levitte
+Shane Lontis
Stephen Henson
Steve Marquess
Tim Hudson
+Tomáš Mráz
Ulf Möller
Viktor Dukhovni
diff --git a/CHANGES b/CHANGES
index 37dd60b726ee..1ab64b35c9a4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,43 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
+
+ *) Fixed the X509_issuer_and_serial_hash() function. It attempts to
+ create a unique hash value based on the issuer and serial number data
+ contained within an X509 certificate. However it was failing to correctly
+ handle any errors that may occur while parsing the issuer field (which might
+ occur if the issuer field is maliciously constructed). This may subsequently
+ result in a NULL pointer deref and a crash leading to a potential denial of
+ service attack.
+ (CVE-2021-23841)
+ [Matt Caswell]
+
+ *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks. This is considered a
+ bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is
+ CVE-2021-23839.
+ [Matt Caswell]
+
+ *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
+ functions. Previously they could overflow the output length argument in some
+ cases where the input length is close to the maximum permissable length for
+ an integer on the platform. In such cases the return value from the function
+ call would be 1 (indicating success), but the output length value would be
+ negative. This could cause applications to behave incorrectly or crash.
+ (CVE-2021-23840)
+ [Matt Caswell]
+
+ *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous
+ implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This
+ could be exploited in a side channel attack to recover the password. Since
+ the attack is local host only this is outside of the current OpenSSL
+ threat model and therefore no CVE is assigned.
+
+ Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
+ issue.
+ [Matt Caswell]
+
Changes between 1.1.1h and 1.1.1i [8 Dec 2020]
*) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
diff --git a/CONTRIBUTING b/CONTRIBUTING
index 57be75ce2b8a..83c0dde12819 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -41,8 +41,8 @@ guidelines:
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
- platforms: try to ensure you only use portable features. Clean builds
- via Travis and AppVeyor are required, and they are started automatically
+ platforms: try to ensure you only use portable features. Clean builds via
+ GitHub Actions and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
diff --git a/Configure b/Configure
index 1d73d06e1b3b..b286dd0678bb 100755
--- a/Configure
+++ b/Configure
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -1201,6 +1201,10 @@ foreach (keys %useradd) {
# At this point, we can forget everything about %user and %useradd,
# because it's now all been merged into the corresponding $config entry
+if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
+ disable('static', 'pic', 'threads');
+}
+
# Allow overriding the build file name
$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
@@ -1521,10 +1525,6 @@ if ($strict_warnings)
}
}
-if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
- disable('static', 'pic', 'threads');
-}
-
$config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings'
? @strict_warnings_collection
: ( $_ ) }
@@ -2611,19 +2611,22 @@ _____
}
print "\nEnabled features:\n\n";
foreach my $what (@disablables) {
- print " $what\n" unless $disabled{$what};
+ print " $what\n"
+ unless grep { $_ =~ /^${what}$/ } keys %disabled;
}
print "\nDisabled features:\n\n";
foreach my $what (@disablables) {
- if ($disabled{$what}) {
- print " $what", ' ' x ($longest - length($what) + 1),
- "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1);
- print $disabled_info{$what}->{macro}
- if $disabled_info{$what}->{macro};
+ my @what2 = grep { $_ =~ /^${what}$/ } keys %disabled;
+ my $what3 = $what2[0];
+ if ($what3) {
+ print " $what3", ' ' x ($longest - length($what3) + 1),
+ "[$disabled{$what3}]", ' ' x ($longest2 - length($disabled{$what3}) + 1);
+ print $disabled_info{$what3}->{macro}
+ if $disabled_info{$what3}->{macro};
print ' (skip ',
- join(', ', @{$disabled_info{$what}->{skipped}}),
+ join(', ', @{$disabled_info{$what3}->{skipped}}),
')'
- if $disabled_info{$what}->{skipped};
+ if $disabled_info{$what3}->{skipped};
print "\n";
}
}
diff --git a/INSTALL b/INSTALL
index f5118428b3bc..f3ac727183f0 100644
--- a/INSTALL
+++ b/INSTALL
@@ -106,8 +106,7 @@
This will build and install OpenSSL in the default location, which is:
Unix: normal installation directories under /usr/local
- OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the
- OpenSSL version number with underscores instead of periods.
+ OpenVMS: SYS$COMMON:[OPENSSL]
Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
The installation directory should be appropriately protected to ensure
@@ -116,7 +115,9 @@
your Operating System it is recommended that you do not overwrite the system
version and instead install to somewhere else.
- If you want to install it anywhere else, run config like this:
+ If you want to install it anywhere else, run config like this (the options
+ --prefix and --openssldir are explained further down, and the values shown
+ here are mere examples):
On Unix:
@@ -198,7 +199,7 @@
Unix: /usr/local
Windows: C:\Program Files\OpenSSL
or C:\Program Files (x86)\OpenSSL
- OpenVMS: SYS$COMMON:[OPENSSL-'version']
+ OpenVMS: SYS$COMMON:[OPENSSL]
--release
Build OpenSSL without debugging symbols. This is the default.
@@ -961,9 +962,9 @@
share/doc/openssl/html/man7
Contains the HTML rendition of the man-pages.
- OpenVMS ('arch' is replaced with the architecture name, "Alpha"
- or "ia64", 'sover' is replaced with the shared library version
- (0101 for 1.1), and 'pz' is replaced with the pointer size
+ OpenVMS ('arch' is replaced with the architecture name, "ALPHA"
+ or "IA64", 'sover' is replaced with the shared library version
+ (0101 for 1.1.x), and 'pz' is replaced with the pointer size
OpenSSL was built with):
[.EXE.'arch'] Contains the openssl binary.
diff --git a/NEWS b/NEWS
index 98f6791a8b79..3cce52506645 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,16 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
+
+ o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+ function (CVE-2021-23841)
+ o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks
+ o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+ EVP_DecryptUpdate functions (CVE-2021-23840)
+ o Fixed SRP_Calc_client_key so that it runs in constant time
+
Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
diff --git a/README b/README
index 6325127b5693..da5629f92c81 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1i 8 Dec 2020
+ OpenSSL 1.1.1j 16 Feb 2021
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/apps/ca.c b/apps/ca.c
index 6c9b1e57bc67..390ac37493c8 100644..100755
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2223,62 +2223,51 @@ static int get_certificate_status(const char *serial, CA_DB *db)
static int do_updatedb(CA_DB *db)
{
- ASN1_UTCTIME *a_tm = NULL;
+ ASN1_TIME *a_tm = NULL;
int i, cnt = 0;
- int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
- char **rrow, *a_tm_s;
+ char **rrow;
- a_tm = ASN1_UTCTIME_new();
+ a_tm = ASN1_TIME_new();
if (a_tm == NULL)
return -1;
- /* get actual time and make a string */
+ /* get actual time */
if (X509_gmtime_adj(a_tm, 0) == NULL) {
- ASN1_UTCTIME_free(a_tm);
+ ASN1_TIME_free(a_tm);
return -1;
}
- a_tm_s = app_malloc(a_tm->length + 1, "time string");
-
- memcpy(a_tm_s, a_tm->data, a_tm->length);
- a_tm_s[a_tm->length] = '\0';
-
- if (strncmp(a_tm_s, "49", 2) <= 0)
- a_y2k = 1;
- else
- a_y2k = 0;
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (rrow[DB_type][0] == DB_TYPE_VAL) {
/* ignore entries that are not valid */
- if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
- db_y2k = 1;
- else
- db_y2k = 0;
+ ASN1_TIME *exp_date = NULL;
- if (db_y2k == a_y2k) {
- /* all on the same y2k side */
- if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
- rrow[DB_type][0] = DB_TYPE_EXP;
- rrow[DB_type][1] = '\0';
- cnt++;
+ exp_date = ASN1_TIME_new();
+ if (exp_date == NULL) {
+ ASN1_TIME_free(a_tm);
+ return -1;
+ }
- BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
- }
- } else if (db_y2k < a_y2k) {
+ if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) {
+ ASN1_TIME_free(a_tm);
+ ASN1_TIME_free(exp_date);
+ return -1;
+ }
+
+ if (ASN1_TIME_compare(exp_date, a_tm) <= 0) {
rrow[DB_type][0] = DB_TYPE_EXP;
rrow[DB_type][1] = '\0';
cnt++;
BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
}
-
+ ASN1_TIME_free(exp_date);
}
}
- ASN1_UTCTIME_free(a_tm);
- OPENSSL_free(a_tm_s);
+ ASN1_TIME_free(a_tm);
return cnt;
}
diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
index 1112eef50c0b..1112eef50c0b 100755..100644
--- a/crypto/aes/asm/aes-armv4.pl
+++ b/crypto/aes/asm/aes-armv4.pl
diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl
index cad3fcd06e36..cad3fcd06e36 100755..100644
--- a/crypto/aes/asm/aes-c64xplus.pl
+++ b/crypto/aes/asm/aes-c64xplus.pl
diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl
index b5601e90ea3f..b5601e90ea3f 100755..100644
--- a/crypto/aes/asm/aes-mips.pl
+++ b/crypto/aes/asm/aes-mips.pl
diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl
index 5b07fac3d004..5b07fac3d004 100755..100644
--- a/crypto/aes/asm/aes-parisc.pl
+++ b/crypto/aes/asm/aes-parisc.pl
diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl
index bb4ee84ae337..bb4ee84ae337 100755..100644
--- a/crypto/aes/asm/aes-ppc.pl
+++ b/crypto/aes/asm/aes-ppc.pl
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
index 4cb8f4331742..4cb8f4331742 100755..100644
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl
index 1678c4f786f2..1678c4f786f2 100755..100644
--- a/crypto/aes/asm/aesfx-sparcv9.pl
+++ b/crypto/aes/asm/aesfx-sparcv9.pl
diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl
index a80cfdc13948..a80cfdc13948 100755..100644
--- a/crypto/aes/asm/aesni-mb-x86_64.pl
+++ b/crypto/aes/asm/aesni-mb-x86_64.pl
diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl
index 04fd13be5e09..04fd13be5e09 100755..100644
--- a/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha1-x86_64.pl
diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl
index ff9b18507da0..ff9b18507da0 100755..100644
--- a/crypto/aes/asm/aesni-sha256-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha256-x86_64.pl
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
index fe2b26542ab6..fe2b26542ab6 100755..100644
--- a/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/aes/asm/aesni-x86.pl
diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl
index f8c2e2393438..f8c2e2393438 100755..100644
--- a/crypto/aes/asm/aesni-x86_64.pl
+++ b/crypto/aes/asm/aesni-x86_64.pl
diff --git a/crypto/aes/asm/aest4-sparcv9.pl b/crypto/aes/asm/aest4-sparcv9.pl
index 478c97eb6feb..478c97eb6feb 100755..100644
--- a/crypto/aes/asm/aest4-sparcv9.pl
+++ b/crypto/aes/asm/aest4-sparcv9.pl
diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
index 2b9f241ce8b0..2b9f241ce8b0 100755..100644
--- a/crypto/aes/asm/bsaes-armv7.pl
+++ b/crypto/aes/asm/bsaes-armv7.pl
diff --git a/crypto/aes/asm/vpaes-ppc.pl b/crypto/aes/asm/vpaes-ppc.pl
index 0260a5c9bff0..0260a5c9bff0 100755..100644
--- a/crypto/aes/asm/vpaes-ppc.pl
+++ b/crypto/aes/asm/vpaes-ppc.pl
diff --git a/crypto/aes/asm/vpaes-x86.pl b/crypto/aes/asm/vpaes-x86.pl
index fb02a413345a..fb02a413345a 100755..100644
--- a/crypto/aes/asm/vpaes-x86.pl
+++ b/crypto/aes/asm/vpaes-x86.pl
diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl
index 099a686a4d5d..099a686a4d5d 100755..100644
--- a/crypto/aes/asm/vpaes-x86_64.pl
+++ b/crypto/aes/asm/vpaes-x86_64.pl
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 58e54f0da2e1..8bf96f10214f 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,6 +69,23 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# endif
+# if defined(__FreeBSD__)
+# include <sys/param.h>
+# if __FreeBSD_version >= 1200000
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+
+static unsigned long getauxval(unsigned long key)
+{
+ unsigned long val = 0ul;
+
+ if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
+ return 0ul;
+
+ return val;
+}
+# endif
+# endif
/*
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl
index d1b71f836f10..d1b71f836f10 100755..100644
--- a/crypto/armv4cpuid.pl
+++ b/crypto/armv4cpuid.pl
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index cac354c6bf33..e234c9e615d0 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/asn1/charmap.pl
*
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl
index 3a83cb855007..3a83cb855007 100755..100644
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl
index eadc8bbf6322..eadc8bbf6322 100755..100644
--- a/crypto/bn/asm/armv4-mont.pl
+++ b/crypto/bn/asm/armv4-mont.pl
diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl
index 3bb8d120e96a..3bb8d120e96a 100755..100644
--- a/crypto/bn/asm/c64xplus-gf2m.pl
+++ b/crypto/bn/asm/c64xplus-gf2m.pl
diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl
index 7a4e74d71942..7a4e74d71942 100755..100644
--- a/crypto/bn/asm/ia64-mont.pl
+++ b/crypto/bn/asm/ia64-mont.pl
diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl
index 3b79a4b186d7..3b79a4b186d7 100755..100644
--- a/crypto/bn/asm/mips-mont.pl
+++ b/crypto/bn/asm/mips-mont.pl
diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
index 8ad715bda4d4..8ad715bda4d4 100755..100644
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl
index 6a7c714a156e..6a7c714a156e 100755..100644
--- a/crypto/bn/asm/parisc-mont.pl
+++ b/crypto/bn/asm/parisc-mont.pl
diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl
index 278314c57bd6..278314c57bd6 100755..100644
--- a/crypto/bn/asm/ppc-mont.pl
+++ b/crypto/bn/asm/ppc-mont.pl
diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl
index b55fd46c824f..b55fd46c824f 100755..100644
--- a/crypto/bn/asm/ppc64-mont.pl
+++ b/crypto/bn/asm/ppc64-mont.pl
diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl
index a7e4b8a97d30..a7e4b8a97d30 100755..100644
--- a/crypto/bn/asm/s390x-gf2m.pl
+++ b/crypto/bn/asm/s390x-gf2m.pl
diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl
index bc8c8951e060..bc8c8951e060 100755..100644
--- a/crypto/bn/asm/s390x-mont.pl
+++ b/crypto/bn/asm/s390x-mont.pl
diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S
index b666c41a88a4..b666c41a88a4 100755..100644
--- a/crypto/bn/asm/s390x.S
+++ b/crypto/bn/asm/s390x.S
diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl
index 238a93dca56c..238a93dca56c 100755..100644
--- a/crypto/bn/asm/sparcv9-gf2m.pl
+++ b/crypto/bn/asm/sparcv9-gf2m.pl
diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl
index d1a3c2bc4343..d1a3c2bc4343 100755..100644
--- a/crypto/bn/asm/sparcv9-mont.pl
+++ b/crypto/bn/asm/sparcv9-mont.pl
diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl
index 9dbc8d458792..9dbc8d458792 100755..100644
--- a/crypto/bn/asm/via-mont.pl
+++ b/crypto/bn/asm/via-mont.pl
diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl
index d797af8745dc..d797af8745dc 100755..100644
--- a/crypto/bn/asm/vis3-mont.pl
+++ b/crypto/bn/asm/vis3-mont.pl
diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl
index 436d90b11ea4..436d90b11ea4 100755..100644
--- a/crypto/bn/asm/x86-gf2m.pl
+++ b/crypto/bn/asm/x86-gf2m.pl
diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl
index 655f13c89ee8..655f13c89ee8 100755..100644
--- a/crypto/bn/asm/x86_64-gf2m.pl
+++ b/crypto/bn/asm/x86_64-gf2m.pl
diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c
index 39dd61202ad7..39dd61202ad7 100755..100644
--- a/crypto/bn/bn_const.c
+++ b/crypto/bn/bn_const.c
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index ba48244534b0..1a25c285773a 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/bn/bn_prime.pl
*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl
index 9aeee574ebf8..9aeee574ebf8 100755..100644
--- a/crypto/c64xpluscpuid.pl
+++ b/crypto/c64xpluscpuid.pl
diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl
index cd514acfae4a..cd514acfae4a 100755..100644
--- a/crypto/camellia/asm/cmll-x86.pl
+++ b/crypto/camellia/asm/cmll-x86.pl
diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl
index 59e1840160ff..59e1840160ff 100755..100644
--- a/crypto/camellia/asm/cmll-x86_64.pl
+++ b/crypto/camellia/asm/cmll-x86_64.pl
diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl
index 71a40f6af90c..71a40f6af90c 100755..100644
--- a/crypto/camellia/asm/cmllt4-sparcv9.pl
+++ b/crypto/camellia/asm/cmllt4-sparcv9.pl
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 3d710f12ae07..31c02cc49e22 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -185,6 +185,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
BUF_MEM *buff = NULL;
char *s, *p, *end;
int again;
+ int first_call = 1;
long eline = 0;
char btmp[DECIMAL_SIZE(eline) + 1];
CONF_VALUE *v = NULL, *tv;
@@ -233,6 +234,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
BIO_gets(in, p, CONFBUFSIZE - 1);
p[CONFBUFSIZE - 1] = '\0';
ii = i = strlen(p);
+ if (first_call) {
+ /* Other BOMs imply unsupported multibyte encoding,
+ * so don't strip them and let the error raise */
+ const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF};
+
+ if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) {
+ memmove(p, p + 3, i - 3);
+ p[i - 3] = 0;
+ i -= 3;
+ ii -= 3;
+ }
+ first_call = 0;
+ }
if (i == 0 && !again) {
/* the currently processed BIO is at EOF */
BIO *parent;
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index 2ced300e40d6..1e4a03e10bbd 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/conf/keysets.pl
*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl
index 5c92a52b7957..5c92a52b7957 100755..100644
--- a/crypto/des/asm/dest4-sparcv9.pl
+++ b/crypto/des/asm/dest4-sparcv9.pl
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index daffdf74dd37..117f2fa883ff 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -25,18 +25,45 @@ int DH_generate_key(DH *dh)
return dh->meth->generate_key(dh);
}
+/*-
+ * NB: This function is inherently not constant time due to the
+ * RFC 5246 (8.1.2) padding style that strips leading zero bytes.
+ */
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
- return dh->meth->compute_key(key, pub_key, dh);
+ int ret = 0, i;
+ volatile size_t npad = 0, mask = 1;
+
+ /* compute the key; ret is constant unless compute_key is external */
+ if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
+ return ret;
+
+ /* count leading zero bytes, yet still touch all bytes */
+ for (i = 0; i < ret; i++) {
+ mask &= !key[i];
+ npad += mask;
+ }
+
+ /* unpad key */
+ ret -= npad;
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memmove(key, key + npad, ret);
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memset(key + ret, 0, npad);
+
+ return ret;
}
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
+
+ /* rv is constant unless compute_key is external */
rv = dh->meth->compute_key(key, pub_key, dh);
if (rv <= 0)
return rv;
pad = BN_num_bytes(dh->p) - rv;
+ /* pad is constant (zero) unless compute_key is external */
if (pad > 0) {
memmove(key + pad, key, rv);
memset(key, 0, pad);
@@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
- ret = BN_bn2bin(tmp, key);
+ ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl
index e93e18f29f19..e93e18f29f19 100755..100644
--- a/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/crypto/ec/asm/ecp_nistz256-armv8.pl
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 815460b24f67..7e1776375df7 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -2283,6 +2283,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
operation not supported for this keytype
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
+EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index b9b6490fe069..0843caf4f0a4 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -8,6 +8,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include <assert.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
@@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
} else {
j = bl - i;
+
+ /*
+ * Once we've processed the first j bytes from in, the amount of
+ * data left that is a multiple of the block length is:
+ * (inl - j) & ~(bl - 1)
+ * We must ensure that this amount of data, plus the one block that
+ * we process from ctx->buf does not exceed INT_MAX
+ */
+ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
+ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
+ EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(&(ctx->buf[i]), in, j);
inl -= j;
in += j;
@@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
+ /*
+ * final_used is only ever set if buf_len is 0. Therefore the maximum
+ * length output we will ever see from evp_EncryptDecryptUpdate is
+ * the maximum multiple of the block length that is <= inl, or just:
+ * inl & ~(b - 1)
+ * Since final_used has been set then the final output length is:
+ * (inl & ~(b - 1)) + b
+ * This must never exceed INT_MAX
+ */
+ if ((inl & ~(b - 1)) > INT_MAX - b) {
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 05481d827fb4..32ac0125de24 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
"operaton not initialized"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
+ "output would overflow"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl
index 3595e3d32fc9..3595e3d32fc9 100755..100644
--- a/crypto/md5/asm/md5-sparcv9.pl
+++ b/crypto/md5/asm/md5-sparcv9.pl
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index b5f959ba15d5..222c786cbaef 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -34,6 +34,12 @@
# include <errno.h>
# endif
# endif
+# if defined(__FreeBSD__)
+# define MADV_DONTDUMP MADV_NOCORE
+# endif
+# if !defined(MAP_CONCEAL)
+# define MAP_CONCEAL 0
+# endif
# include <sys/param.h>
# include <sys/stat.h>
# include <fcntl.h>
@@ -442,7 +448,7 @@ static int sh_init(size_t size, int minsize)
if (1) {
#ifdef MAP_ANON
sh.map_result = mmap(NULL, sh.map_size,
- PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
+ PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
} else {
#endif
int fd;
diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl
index 60f03e4fe25b..60f03e4fe25b 100755..100644
--- a/crypto/modes/asm/aesni-gcm-x86_64.pl
+++ b/crypto/modes/asm/aesni-gcm-x86_64.pl
diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
index d84ac6f2bf43..d84ac6f2bf43 100755..100644
--- a/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/modes/asm/ghash-armv4.pl
diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl
index 5826dcbdfe64..5826dcbdfe64 100755..100644
--- a/crypto/modes/asm/ghash-c64xplus.pl
+++ b/crypto/modes/asm/ghash-c64xplus.pl
diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl
index d798b7abf490..d798b7abf490 100755..100644
--- a/crypto/modes/asm/ghash-parisc.pl
+++ b/crypto/modes/asm/ghash-parisc.pl
diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl
index 2f3ca295bdca..2f3ca295bdca 100755..100644
--- a/crypto/modes/asm/ghash-s390x.pl
+++ b/crypto/modes/asm/ghash-s390x.pl
diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl
index ccebc74b4e97..ccebc74b4e97 100755..100644
--- a/crypto/modes/asm/ghash-sparcv9.pl
+++ b/crypto/modes/asm/ghash-sparcv9.pl
diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl
index 4183d99b68b1..4183d99b68b1 100755..100644
--- a/crypto/modes/asm/ghash-x86.pl
+++ b/crypto/modes/asm/ghash-x86.pl
diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl
index 9bdba41d1de5..9bdba41d1de5 100755..100644
--- a/crypto/modes/asm/ghash-x86_64.pl
+++ b/crypto/modes/asm/ghash-x86_64.pl
diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl
index d0e398b50ae0..d0e398b50ae0 100755..100644
--- a/crypto/modes/asm/ghashv8-armx.pl
+++ b/crypto/modes/asm/ghashv8-armx.pl
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index d1b1bc7faf91..24b49a2df258 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/objects/obj_dat.pl
*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index 1ca04bbff19f..5c3561ab7d7e 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by objxref.pl
*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl
index ce76cadae31c..ce76cadae31c 100755..100644
--- a/crypto/objects/objxref.pl
+++ b/crypto/objects/objxref.pl
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index 55ffd45c6ec0..55ffd45c6ec0 100755..100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index f6c387ffb7d7..f6c387ffb7d7 100755..100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 37ac6c03fd04..37ac6c03fd04 100755..100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
index e35fc52fd944..e35fc52fd944 100755..100644
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl
index f4d364754a1f..f4d364754a1f 100755..100644
--- a/crypto/pariscid.pl
+++ b/crypto/pariscid.pl
diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl
index b9922e031893..b9922e031893 100755..100644
--- a/crypto/perlasm/sparcv9_modes.pl
+++ b/crypto/perlasm/sparcv9_modes.pl
diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl
index 5c7ea3880e4d..5c7ea3880e4d 100755..100644
--- a/crypto/perlasm/x86gas.pl
+++ b/crypto/perlasm/x86gas.pl
diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl
index dffee762115f..dffee762115f 100755..100644
--- a/crypto/perlasm/x86masm.pl
+++ b/crypto/perlasm/x86masm.pl
diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl
index f77e1170f66b..70f46cd140aa 100755
--- a/crypto/poly1305/asm/poly1305-armv4.pl
+++ b/crypto/poly1305/asm/poly1305-armv4.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -133,10 +133,10 @@ poly1305_init:
# ifdef __thumb2__
itete eq
# endif
- addeq r12,r11,#(poly1305_emit-.Lpoly1305_init)
- addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init)
- addeq r11,r11,#(poly1305_blocks-.Lpoly1305_init)
- addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init)
+ addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init)
+ addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init)
+ addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init)
+ addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init)
# endif
# ifdef __thumb2__
orr r12,r12,#1 @ thumb-ify address
@@ -352,6 +352,7 @@ $code.=<<___;
.type poly1305_emit,%function
.align 5
poly1305_emit:
+.Lpoly1305_emit:
stmdb sp!,{r4-r11}
.Lpoly1305_emit_enter:
@@ -671,6 +672,7 @@ poly1305_init_neon:
.type poly1305_blocks_neon,%function
.align 5
poly1305_blocks_neon:
+.Lpoly1305_blocks_neon:
ldr ip,[$ctx,#36] @ is_base2_26
ands $len,$len,#-16
beq .Lno_data_neon
@@ -1157,6 +1159,7 @@ poly1305_blocks_neon:
.type poly1305_emit_neon,%function
.align 5
poly1305_emit_neon:
+.Lpoly1305_emit_neon:
ldr ip,[$ctx,#36] @ is_base2_26
stmdb sp!,{r4-r11}
diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index b12cd949ccfe..e51156468ae5 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -214,6 +214,24 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
# endif
#endif
+#if defined(__FreeBSD__)
+# include <sys/param.h>
+# if __FreeBSD_version >= 1200000
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+
+static unsigned long getauxval(unsigned long key)
+{
+ unsigned long val = 0ul;
+
+ if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
+ return 0ul;
+
+ return val;
+}
+# endif
+#endif
+
/* I wish <sys/auxv.h> was universally available */
#define HWCAP 16 /* AT_HWCAP */
#define HWCAP_PPC64 (1U << 30)
diff --git a/crypto/rc4/asm/rc4-c64xplus.pl b/crypto/rc4/asm/rc4-c64xplus.pl
index b12d044af465..b12d044af465 100755..100644
--- a/crypto/rc4/asm/rc4-c64xplus.pl
+++ b/crypto/rc4/asm/rc4-c64xplus.pl
diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl
index 7aa5c21bd836..7aa5c21bd836 100755..100644
--- a/crypto/rc4/asm/rc4-md5-x86_64.pl
+++ b/crypto/rc4/asm/rc4-md5-x86_64.pl
diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl
index 631e742b739d..631e742b739d 100755..100644
--- a/crypto/rc4/asm/rc4-parisc.pl
+++ b/crypto/rc4/asm/rc4-parisc.pl
diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl
index dded0b75e7f9..dded0b75e7f9 100755..100644
--- a/crypto/rc4/asm/rc4-s390x.pl
+++ b/crypto/rc4/asm/rc4-s390x.pl
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index 1f155be175da..ecdb3cee1fa3 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -55,7 +55,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
/*
* Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
- * if nul delimiter is not preceded by 8 consecutive 0x03 bytes. It also
+ * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also
* preserves error code reporting for backward compatibility.
*/
int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
@@ -122,7 +122,13 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
RSA_R_NULL_BEFORE_BLOCK_MISSING);
mask = ~good;
- good &= constant_time_ge(threes_in_row, 8);
+ /*
+ * Reject if nul delimiter is preceded by 8 consecutive 0x03 bytes. Note
+ * that RFC5246 incorrectly states this the other way around, i.e. reject
+ * if it is not preceded by 8 consecutive 0x03 bytes. However this is
+ * corrected in subsequent errata for that RFC.
+ */
+ good &= constant_time_lt(threes_in_row, 8);
err = constant_time_select_int(mask | good, err,
RSA_R_SSLV3_ROLLBACK_ATTACK);
mask = ~good;
diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl
index 52d426bb29f8..52d426bb29f8 100755..100644
--- a/crypto/sha/asm/sha1-armv4-large.pl
+++ b/crypto/sha/asm/sha1-armv4-large.pl
diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl
index 557cabc018e0..557cabc018e0 100755..100644
--- a/crypto/sha/asm/sha1-armv8.pl
+++ b/crypto/sha/asm/sha1-armv8.pl
diff --git a/crypto/sha/asm/sha1-c64xplus.pl b/crypto/sha/asm/sha1-c64xplus.pl
index ceec503a9829..ceec503a9829 100755..100644
--- a/crypto/sha/asm/sha1-c64xplus.pl
+++ b/crypto/sha/asm/sha1-c64xplus.pl
diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl
index 47c588715163..47c588715163 100755..100644
--- a/crypto/sha/asm/sha1-mb-x86_64.pl
+++ b/crypto/sha/asm/sha1-mb-x86_64.pl
diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl
index c293cd3bfa4e..c293cd3bfa4e 100755..100644
--- a/crypto/sha/asm/sha1-mips.pl
+++ b/crypto/sha/asm/sha1-mips.pl
diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl
index 70ef7956abfa..70ef7956abfa 100755..100644
--- a/crypto/sha/asm/sha1-parisc.pl
+++ b/crypto/sha/asm/sha1-parisc.pl
diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl
index 653a6cb50a8a..653a6cb50a8a 100755..100644
--- a/crypto/sha/asm/sha1-s390x.pl
+++ b/crypto/sha/asm/sha1-s390x.pl
diff --git a/crypto/sha/asm/sha1-sparcv9.pl b/crypto/sha/asm/sha1-sparcv9.pl
index 8c23d85a3d09..8c23d85a3d09 100755..100644
--- a/crypto/sha/asm/sha1-sparcv9.pl
+++ b/crypto/sha/asm/sha1-sparcv9.pl
diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl
index 4e90da4b8bc9..4e90da4b8bc9 100755..100644
--- a/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/crypto/sha/asm/sha1-sparcv9a.pl
diff --git a/crypto/sha/asm/sha1-thumb.pl b/crypto/sha/asm/sha1-thumb.pl
index b53e0bee052d..b53e0bee052d 100755..100644
--- a/crypto/sha/asm/sha1-thumb.pl
+++ b/crypto/sha/asm/sha1-thumb.pl
diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl
index 7523dbc165fa..7523dbc165fa 100755..100644
--- a/crypto/sha/asm/sha256-586.pl
+++ b/crypto/sha/asm/sha256-586.pl
diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl
index d120febb4832..d120febb4832 100755..100644
--- a/crypto/sha/asm/sha256-armv4.pl
+++ b/crypto/sha/asm/sha256-armv4.pl
diff --git a/crypto/sha/asm/sha256-c64xplus.pl b/crypto/sha/asm/sha256-c64xplus.pl
index b2d00e4fb1ab..b2d00e4fb1ab 100755..100644
--- a/crypto/sha/asm/sha256-c64xplus.pl
+++ b/crypto/sha/asm/sha256-c64xplus.pl
diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl
index c8cc6efac95c..c8cc6efac95c 100755..100644
--- a/crypto/sha/asm/sha256-mb-x86_64.pl
+++ b/crypto/sha/asm/sha256-mb-x86_64.pl
diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl
index 66b6e96f9ded..66b6e96f9ded 100755..100644
--- a/crypto/sha/asm/sha512-586.pl
+++ b/crypto/sha/asm/sha512-586.pl
diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl
index e9c5e0ce7687..e9c5e0ce7687 100755..100644
--- a/crypto/sha/asm/sha512-armv4.pl
+++ b/crypto/sha/asm/sha512-armv4.pl
diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl
index 3188c905ea2d..3188c905ea2d 100755..100644
--- a/crypto/sha/asm/sha512-armv8.pl
+++ b/crypto/sha/asm/sha512-armv8.pl
diff --git a/crypto/sha/asm/sha512-c64xplus.pl b/crypto/sha/asm/sha512-c64xplus.pl
index 4263fb1349aa..4263fb1349aa 100755..100644
--- a/crypto/sha/asm/sha512-c64xplus.pl
+++ b/crypto/sha/asm/sha512-c64xplus.pl
diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl
index 15acd5308dda..15acd5308dda 100755..100644
--- a/crypto/sha/asm/sha512-mips.pl
+++ b/crypto/sha/asm/sha512-mips.pl
diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl
index 9752fed4ea26..9752fed4ea26 100755..100644
--- a/crypto/sha/asm/sha512-s390x.pl
+++ b/crypto/sha/asm/sha512-s390x.pl
diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl
index 54429d34e398..54429d34e398 100755..100644
--- a/crypto/sha/asm/sha512-sparcv9.pl
+++ b/crypto/sha/asm/sha512-sparcv9.pl
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 4f417de0c989..ce3504825c53 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -177,6 +177,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
const BIGNUM *x, const BIGNUM *a, const BIGNUM *u)
{
BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
+ BIGNUM *xtmp = NULL;
BN_CTX *bn_ctx;
if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL
@@ -185,10 +186,13 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
if ((tmp = BN_new()) == NULL ||
(tmp2 = BN_new()) == NULL ||
- (tmp3 = BN_new()) == NULL)
+ (tmp3 = BN_new()) == NULL ||
+ (xtmp = BN_new()) == NULL)
goto err;
- if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
+ BN_with_flags(xtmp, x, BN_FLG_CONSTTIME);
+ BN_set_flags(tmp, BN_FLG_CONSTTIME);
+ if (!BN_mod_exp(tmp, g, xtmp, N, bn_ctx))
goto err;
if ((k = srp_Calc_k(N, g)) == NULL)
goto err;
@@ -196,7 +200,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
goto err;
if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
goto err;
- if (!BN_mul(tmp3, u, x, bn_ctx))
+ if (!BN_mul(tmp3, u, xtmp, bn_ctx))
goto err;
if (!BN_add(tmp2, a, tmp3))
goto err;
@@ -208,6 +212,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
err:
BN_CTX_free(bn_ctx);
+ BN_free(xtmp);
BN_clear_free(tmp);
BN_clear_free(tmp2);
BN_clear_free(tmp3);
diff --git a/crypto/vms_rms.h b/crypto/vms_rms.h
index 3b994a0aba2c..3b994a0aba2c 100755..100644
--- a/crypto/vms_rms.h
+++ b/crypto/vms_rms.h
diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl
index 176be50a67f2..176be50a67f2 100755..100644
--- a/crypto/whrlpool/asm/wp-mmx.pl
+++ b/crypto/whrlpool/asm/wp-mmx.pl
diff --git a/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/whrlpool/asm/wp-x86_64.pl
index b4fcd8be3c75..b4fcd8be3c75 100755..100644
--- a/crypto/whrlpool/asm/wp-x86_64.pl
+++ b/crypto/whrlpool/asm/wp-x86_64.pl
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index ad620af0aff4..1d8d2d7b28e9 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -39,6 +39,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
if (ctx == NULL)
goto err;
f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
+ if (f == NULL)
+ goto err;
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
@@ -133,19 +135,21 @@ unsigned long X509_subject_name_hash_old(X509 *x)
*/
int X509_cmp(const X509 *a, const X509 *b)
{
- int rv;
+ int rv = 0;
if (a == b) /* for efficiency */
return 0;
- /* ensure hash is valid */
- if (X509_check_purpose((X509 *)a, -1, 0) != 1)
- return -2;
- if (X509_check_purpose((X509 *)b, -1, 0) != 1)
- return -2;
-
- rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
- if (rv)
+
+ /* try to make sure hash is valid */
+ (void)X509_check_purpose((X509 *)a, -1, 0);
+ (void)X509_check_purpose((X509 *)b, -1, 0);
+
+ if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0
+ && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0)
+ rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+ if (rv != 0)
return rv;
+
/* Check for match against stored encoding too */
if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
if (a->cert_info.enc.len < b->cert_info.enc.len)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 730a0160ff0a..0c71b2e8b4ad 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -323,9 +323,10 @@ static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert)
}
/*
- * Find in given STACK_OF(X509) sk a non-expired issuer cert (if any) of given cert x.
- * The issuer must not be the same as x and must not yet be in ctx->chain, where the
- * exceptional case x is self-issued and ctx->chain has just one element is allowed.
+ * Find in given STACK_OF(X509) sk an issuer cert of given cert x.
+ * The issuer must not yet be in ctx->chain, where the exceptional case
+ * that x is self-issued and ctx->chain has just one element is allowed.
+ * Prefer the first one that is not expired, else take the last expired one.
*/
static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
{
@@ -334,11 +335,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
for (i = 0; i < sk_X509_num(sk); i++) {
issuer = sk_X509_value(sk, i);
- /*
- * Below check 'issuer != x' is an optimization and safety precaution:
- * Candidate issuer cert cannot be the same as the subject cert 'x'.
- */
- if (issuer != x && ctx->check_issued(ctx, x, issuer)
+ if (ctx->check_issued(ctx, x, issuer)
&& (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
|| !sk_X509_contains(ctx->chain, issuer))) {
rv = issuer;
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index aa5ccba44899..a4e9cdaee837 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -363,7 +363,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
unsigned int *len)
{
if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0
- && (data->ex_flags & EXFLAG_INVALID) == 0) {
+ && (data->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) {
/* Asking for SHA1 and we already computed it. */
if (len != NULL)
*len = sizeof(data->sha1_hash);
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c
index 813c5b01c3ae..7342c4f6bcb5 100644
--- a/crypto/x509/x_attrib.c
+++ b/crypto/x509/x_attrib.c
@@ -37,10 +37,13 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
{
X509_ATTRIBUTE *ret = NULL;
ASN1_TYPE *val = NULL;
+ ASN1_OBJECT *oid;
+ if ((oid = OBJ_nid2obj(nid)) == NULL)
+ return NULL;
if ((ret = X509_ATTRIBUTE_new()) == NULL)
return NULL;
- ret->object = OBJ_nid2obj(nid);
+ ret->object = oid;
if ((val = ASN1_TYPE_new()) == NULL)
goto err;
if (!sk_ASN1_TYPE_push(ret->set, val))
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 2b06dba05398..a1aeb4e4c60b 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -348,14 +348,17 @@ static int setup_crldp(X509 *x)
/* Check that issuer public key algorithm matches subject signature algorithm */
static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject)
{
- int pkey_nid;
+ int pkey_sig_nid, subj_sig_nid;
if (pkey == NULL)
return X509_V_ERR_NO_ISSUER_PUBLIC_KEY;
+ if (OBJ_find_sigid_algs(EVP_PKEY_base_id(pkey),
+ NULL, &pkey_sig_nid) == 0)
+ pkey_sig_nid = EVP_PKEY_base_id(pkey);
if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm),
- NULL, &pkey_nid) == 0)
+ NULL, &subj_sig_nid) == 0)
return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM;
- if (EVP_PKEY_type(pkey_nid) != EVP_PKEY_base_id(pkey))
+ if (pkey_sig_nid != EVP_PKEY_type(subj_sig_nid))
return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH;
return X509_V_OK;
}
@@ -391,7 +394,8 @@ static void x509v3_cache_extensions(X509 *x)
}
if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL))
- x->ex_flags |= EXFLAG_INVALID;
+ x->ex_flags |= (EXFLAG_NO_FINGERPRINT | EXFLAG_INVALID);
+
/* V1 should mean no extensions ... */
if (!X509_get_version(x))
x->ex_flags |= EXFLAG_V1;
diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod
index 159d9d812565..4380d869eaa7 100644
--- a/doc/man1/ca.pod
+++ b/doc/man1/ca.pod
@@ -163,7 +163,7 @@ self-signed certificate.
=item B<-passin arg>
The key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-notext>
@@ -759,7 +759,7 @@ L<config(5)>, L<x509v3_config(5)>
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod
index 72cd9b5d4e9e..2caf3ef4d156 100644
--- a/doc/man1/cms.pod
+++ b/doc/man1/cms.pod
@@ -465,7 +465,7 @@ or to modify default parameters for ECDH.
=item B<-passin arg>
The private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-rand file...>
@@ -735,7 +735,7 @@ The -no_alt_chains option was added in OpenSSL 1.0.2b.
=head1 COPYRIGHT
-Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/crl2pkcs7.pod b/doc/man1/crl2pkcs7.pod
index f58a442b5bc9..3fcb737b7070 100644
--- a/doc/man1/crl2pkcs7.pod
+++ b/doc/man1/crl2pkcs7.pod
@@ -56,7 +56,7 @@ output by default.
Specifies a filename containing one or more certificates in B<PEM> format.
All certificates in the file will be added to the PKCS#7 structure. This
-option can be used more than once to read certificates form multiple
+option can be used more than once to read certificates from multiple
files.
=item B<-nocrl>
@@ -96,7 +96,7 @@ L<pkcs7(1)>
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod
index 4c6034cdd6ce..8d48c9aed6d6 100644
--- a/doc/man1/dgst.pod
+++ b/doc/man1/dgst.pod
@@ -109,7 +109,7 @@ Names and values of these options are algorithm-specific.
=item B<-passin arg>
The private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-verify filename>
@@ -241,7 +241,7 @@ The FIPS-related options were removed in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/dsa.pod b/doc/man1/dsa.pod
index fb6cbf122aec..752c22063e9c 100644
--- a/doc/man1/dsa.pod
+++ b/doc/man1/dsa.pod
@@ -75,7 +75,7 @@ prompted for.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -87,7 +87,7 @@ filename.
=item B<-passout arg>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
@@ -172,7 +172,7 @@ L<genrsa(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/ec.pod b/doc/man1/ec.pod
index 4d368e20ae19..41ffc6cb6379 100644
--- a/doc/man1/ec.pod
+++ b/doc/man1/ec.pod
@@ -68,7 +68,7 @@ prompted for.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -80,7 +80,7 @@ filename.
=item B<-passout arg>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-des|-des3|-idea>
@@ -193,7 +193,7 @@ L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
=head1 COPYRIGHT
-Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod
index 7bba89ee0783..3c7b6c42ea2c 100644
--- a/doc/man1/enc.pod
+++ b/doc/man1/enc.pod
@@ -76,7 +76,7 @@ The output filename, standard output by default.
=item B<-pass arg>
The password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-e>
@@ -428,7 +428,7 @@ The B<-list> option was added in OpenSSL 1.1.1e.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/genpkey.pod b/doc/man1/genpkey.pod
index 1ba54d486619..6a681ef3d219 100644
--- a/doc/man1/genpkey.pod
+++ b/doc/man1/genpkey.pod
@@ -44,7 +44,7 @@ This specifies the output format DER or PEM. The default format is PEM.
=item B<-pass arg>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-I<cipher>>
@@ -325,7 +325,7 @@ The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/genrsa.pod b/doc/man1/genrsa.pod
index a9c994ffb18a..8bd3799ea926 100644
--- a/doc/man1/genrsa.pod
+++ b/doc/man1/genrsa.pod
@@ -51,7 +51,7 @@ standard output is used.
=item B<-passout arg>
The output file password source. For more information about the format
-of B<arg> see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+of B<arg> see L<openssl(1)/Pass Phrase Options>.
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
@@ -118,7 +118,7 @@ L<gendsa(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod
index fdaf6e49cd1d..ac0397a945a9 100644
--- a/doc/man1/pkcs12.pod
+++ b/doc/man1/pkcs12.pod
@@ -78,14 +78,12 @@ default. They are all written in PEM format.
=item B<-passin arg>
The PKCS#12 file (i.e. input file) password source. For more information about
-the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-L<openssl(1)>.
+the format of B<arg> see L<openssl(1)/Pass Phrase Options>.
=item B<-passout arg>
Pass phrase source to encrypt any outputted private keys with. For more
-information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
-in L<openssl(1)>.
+information about the format of B<arg> see L<openssl(1)/Pass Phrase Options>.
=item B<-password arg>
@@ -206,14 +204,12 @@ displays them.
=item B<-pass arg>, B<-passout arg>
The PKCS#12 file (i.e. output file) password source. For more information about
-the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-L<openssl(1)>.
+the format of B<arg> see L<openssl(1)/Pass Phrase Options>.
=item B<-passin password>
Pass phrase source to decrypt any input private keys with. For more information
-about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-L<openssl(1)>.
+about the format of B<arg> see L<openssl(1)/Pass Phrase Options>.
=item B<-chain>
@@ -383,7 +379,7 @@ L<pkcs8(1)>
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkcs8.pod b/doc/man1/pkcs8.pod
index 9efc8bc11e77..dba75fc8d41d 100644
--- a/doc/man1/pkcs8.pod
+++ b/doc/man1/pkcs8.pod
@@ -75,7 +75,7 @@ prompted for.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -87,7 +87,7 @@ filename.
=item B<-passout arg>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-iter count>
@@ -309,7 +309,7 @@ The B<-iter> option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkey.pod b/doc/man1/pkey.pod
index 9569fe0e412d..1c29092793fd 100644
--- a/doc/man1/pkey.pod
+++ b/doc/man1/pkey.pod
@@ -57,7 +57,7 @@ prompted for.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -69,7 +69,7 @@ filename.
=item B<-passout password>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-traditional>
@@ -158,7 +158,7 @@ L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
=head1 COPYRIGHT
-Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
index ae24fdc10045..3b350efadd4f 100644
--- a/doc/man1/pkeyutl.pod
+++ b/doc/man1/pkeyutl.pod
@@ -74,7 +74,7 @@ The key format PEM, DER or ENGINE. Default is PEM.
=item B<-passin arg>
The input key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-peerkey file>
@@ -327,7 +327,7 @@ L<EVP_PKEY_CTX_set_hkdf_md(3)>, L<EVP_PKEY_CTX_set_tls1_prf_md(3)>
=head1 COPYRIGHT
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/req.pod b/doc/man1/req.pod
index 730c59079d67..539b843803ed 100644
--- a/doc/man1/req.pod
+++ b/doc/man1/req.pod
@@ -91,7 +91,7 @@ Names and values of these options are algorithm-specific.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -101,7 +101,7 @@ default.
=item B<-passout arg>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-text>
@@ -695,7 +695,7 @@ L<x509v3_config(5)>
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/rsa.pod b/doc/man1/rsa.pod
index 37f64616c00f..fddd828b9fc4 100644
--- a/doc/man1/rsa.pod
+++ b/doc/man1/rsa.pod
@@ -75,7 +75,7 @@ prompted for.
=item B<-passin arg>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out filename>
@@ -87,7 +87,7 @@ filename.
=item B<-passout password>
The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
@@ -195,7 +195,7 @@ L<gendsa(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 132778b4d907..743b2db2ba43 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -258,7 +258,7 @@ Extra certificate and private key format respectively.
=item B<-pass arg>
the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-verify depth>
@@ -828,7 +828,7 @@ The B<-name> option was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index c78a677abcfc..9fdac4919038 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -297,7 +297,7 @@ The private format to use: DER or PEM. PEM is the default.
=item B<-pass val>
The private key password source. For more information about the format of B<val>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-dcert infile>, B<-dkey infile>
@@ -845,7 +845,7 @@ The
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/smime.pod b/doc/man1/smime.pod
index 7f224fdc5e9d..bf40d04cae4b 100644
--- a/doc/man1/smime.pod
+++ b/doc/man1/smime.pod
@@ -295,7 +295,7 @@ specified, the argument is given to the engine as a key identifier.
=item B<-passin arg>
The private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-rand file...>
@@ -514,7 +514,7 @@ The -no_alt_chains option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/spkac.pod b/doc/man1/spkac.pod
index 655f1358074a..87e1b4bbcaa8 100644
--- a/doc/man1/spkac.pod
+++ b/doc/man1/spkac.pod
@@ -60,7 +60,7 @@ The default is PEM.
=item B<-passin password>
The input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-challenge string>
@@ -145,7 +145,7 @@ L<ca(1)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/storeutl.pod b/doc/man1/storeutl.pod
index a8d82bfb612b..3d2cb60bdc13 100644
--- a/doc/man1/storeutl.pod
+++ b/doc/man1/storeutl.pod
@@ -51,7 +51,7 @@ this option prevents output of the PEM data.
=item B<-passin arg>
the key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-text>
@@ -123,7 +123,7 @@ The B<openssl> B<storeutl> app was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod
index ee700a8f6ea4..9e1ffd5d083d 100644
--- a/doc/man1/ts.pod
+++ b/doc/man1/ts.pod
@@ -242,7 +242,7 @@ The name of the file containing a DER encoded timestamp request. (Optional)
=item B<-passin> password_src
Specifies the password source for the private key of the TSA. See
-B<PASS PHRASE ARGUMENTS> in L<openssl(1)>. (Optional)
+L<openssl(1)/Pass Phrase Options>. (Optional)
=item B<-signer> tsa_cert.pem
@@ -665,7 +665,7 @@ L<config(5)>
=head1 COPYRIGHT
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 98d285e414b9..3c9b2f2263e3 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -376,7 +376,7 @@ Names and values of these options are algorithm-specific.
=item B<-passin arg>
The key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+see L<openssl(1)/Pass Phrase Options>.
=item B<-clrext>
@@ -932,7 +932,7 @@ the old form must have their links rebuilt using B<c_rehash> or similar.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod
index 297e7fbf47b5..72726661a1d7 100644
--- a/doc/man3/DH_generate_key.pod
+++ b/doc/man3/DH_generate_key.pod
@@ -2,7 +2,8 @@
=head1 NAME
-DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+DH_generate_key, DH_compute_key, DH_compute_key_padded - perform
+Diffie-Hellman key exchange
=head1 SYNOPSIS
@@ -10,14 +11,16 @@ DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
int DH_generate_key(DH *dh);
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+ int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
=head1 DESCRIPTION
DH_generate_key() performs the first step of a Diffie-Hellman key
exchange by generating private and public DH values. By calling
-DH_compute_key(), these are combined with the other party's public
-value to compute the shared key.
+DH_compute_key() or DH_compute_key_padded(), these are combined with
+the other party's public value to compute the shared key.
DH_generate_key() expects B<dh> to contain the shared parameters
B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
@@ -28,6 +31,14 @@ published.
DH_compute_key() computes the shared secret from the private DH value
in B<dh> and the other party's public value in B<pub_key> and stores
it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
+The padding style is RFC 5246 (8.1.2) that strips leading zero bytes.
+It is not constant time due to the leading zero bytes being stripped.
+The return value should be considered public.
+
+DH_compute_key_padded() is similar but stores a fixed number of bytes.
+The padding style is NIST SP 800-56A (C.1) that retains leading zero bytes.
+It is constant time due to the leading zero bytes being retained.
+The return value should be considered public.
=head1 RETURN VALUES
@@ -36,15 +47,21 @@ DH_generate_key() returns 1 on success, 0 otherwise.
DH_compute_key() returns the size of the shared secret on success, -1
on error.
+DH_compute_key_padded() returns B<DH_size(dh)> on success, -1 on error.
+
The error codes can be obtained by L<ERR_get_error(3)>.
=head1 SEE ALSO
L<DH_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<DH_size(3)>
+=head1 HISTORY
+
+DH_compute_key_padded() was added in OpenSSL 1.0.2.
+
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod
index 16d5a21dfcae..65bdde88a2e1 100644
--- a/doc/man3/OCSP_sendreq_new.pod
+++ b/doc/man3/OCSP_sendreq_new.pod
@@ -2,9 +2,15 @@
=head1 NAME
-OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free,
-OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header,
-OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
+OCSP_sendreq_new,
+OCSP_sendreq_nbio,
+OCSP_REQ_CTX_free,
+OCSP_set_max_response_length,
+OCSP_REQ_CTX_add1_header,
+OCSP_REQ_CTX_set1_req,
+OCSP_sendreq_bio,
+OCSP_REQ_CTX_i2d
+- OCSP responder query functions
=head1 SYNOPSIS
@@ -26,6 +32,9 @@ OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
+ int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type,
+ const ASN1_ITEM *it, ASN1_VALUE *req);
+
=head1 DESCRIPTION
The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the
@@ -51,6 +60,15 @@ additional headers are set.
OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
function should be called after any calls to OCSP_REQ_CTX_add1_header().
+OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following:
+
+ OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request",
+ ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req)
+
+OCSP_REQ_CTX_i2d() sets the request context B<rctx> to have the request
+B<req>, which has the ASN.1 type B<it>.
+The B<content_type>, if not NULL, will be included in the HTTP request.
+The function should be called after all other headers have already been added.
OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
path B<path>, and the OCSP request B<req> with a response header maximum line
@@ -64,8 +82,8 @@ an error occurred.
OCSP_sendreq_nbio() returns B<1> if the operation was completed successfully,
B<-1> if the operation should be retried and B<0> if an error occurred.
-OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req() return B<1> for success
-and B<0> for failure.
+OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_set1_req(), and OCSP_REQ_CTX_i2d()
+return B<1> for success and B<0> for failure.
OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
responder or B<NULL> if an error occurred.
diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod
index c60e038309a1..9834a8f13147 100644
--- a/doc/man3/OPENSSL_malloc.pod
+++ b/doc/man3/OPENSSL_malloc.pod
@@ -104,7 +104,7 @@ before ultimately calling OPENSSL_free().
OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
Use OPENSSL_cleanse() with care if the memory is a mapping of a file.
-If the storage controller uses write compression, then its possible
+If the storage controller uses write compression, then it's possible
that sensitive tail bytes will survive zeroization because the block of
zeros will be compressed. If the storage controller uses wear leveling,
then the old sensitive data will not be overwritten; rather, a block of
diff --git a/doc/man3/X509_get_extension_flags.pod b/doc/man3/X509_get_extension_flags.pod
index 43c9c952c6b7..d958b22a489b 100644
--- a/doc/man3/X509_get_extension_flags.pod
+++ b/doc/man3/X509_get_extension_flags.pod
@@ -78,12 +78,17 @@ The certificate contains an unhandled critical extension.
=item B<EXFLAG_INVALID>
-Some certificate extension values are invalid or inconsistent. The
-certificate should be rejected.
+Some certificate extension values are invalid or inconsistent.
+The certificate should be rejected.
This bit may also be raised after an out-of-memory error while
processing the X509 object, so it may not be related to the processed
ASN1 object itself.
+=item B<EXFLAG_NO_FINGERPRINT>
+
+Failed to compute the internal SHA1 hash value of the certificate.
+This may be due to malloc failure or because no SHA1 implementation was found.
+
=item B<EXFLAG_INVALID_POLICY>
The NID_certificate_policies certificate extension is invalid or
@@ -194,7 +199,7 @@ X509_get_proxy_pathlen() were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/engines/asm/e_padlock-x86.pl b/engines/asm/e_padlock-x86.pl
index 5b097ce3ef9b..5b097ce3ef9b 100755..100644
--- a/engines/asm/e_padlock-x86.pl
+++ b/engines/asm/e_padlock-x86.pl
diff --git a/engines/asm/e_padlock-x86_64.pl b/engines/asm/e_padlock-x86_64.pl
index 09b0aaa48dfe..09b0aaa48dfe 100755..100644
--- a/engines/asm/e_padlock-x86_64.pl
+++ b/engines/asm/e_padlock-x86_64.pl
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index d2b26ea582de..b4ea90ae9df3 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,9 +11,7 @@
#ifndef HEADER_EVPERR_H
# define HEADER_EVPERR_H
-# ifndef HEADER_SYMHACKS_H
-# include <openssl/symhacks.h>
-# endif
+# include <openssl/symhacks.h>
# ifdef __cplusplus
extern "C"
@@ -179,6 +177,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
+# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
# define EVP_R_PARTIALLY_OVERLAPPING 162
# define EVP_R_PBKDF2_ERROR 181
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 483fc0509e19..eb812ed18dcc 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/objects/objects.pl
*
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index f5d660a467bc..cd5c23217a51 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1010109fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1i 8 Dec 2020"
+# define OPENSSL_VERSION_NUMBER 0x101010afL
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1j 16 Feb 2021"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 6c6eca38a582..90fa3592ce58 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -364,8 +364,9 @@ struct ISSUING_DIST_POINT_st {
# define EXFLAG_INVALID_POLICY 0x800
# define EXFLAG_FRESHEST 0x1000
-/* Self signed */
-# define EXFLAG_SS 0x2000
+# define EXFLAG_SS 0x2000 /* cert is apparently self-signed */
+
+# define EXFLAG_NO_FINGERPRINT 0x100000
# define KU_DIGITAL_SIGNATURE 0x0080
# define KU_NON_REPUDIATION 0x0040
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 2a15ee8ad965..afbf015216a3 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -142,10 +142,11 @@ void dtls1_free(SSL *s)
ssl3_free(s);
- dtls1_clear_queues(s);
-
- pqueue_free(s->d1->buffered_messages);
- pqueue_free(s->d1->sent_messages);
+ if (s->d1 != NULL) {
+ dtls1_clear_queues(s);
+ pqueue_free(s->d1->buffered_messages);
+ pqueue_free(s->d1->sent_messages);
+ }
OPENSSL_free(s->d1);
s->d1 = NULL;
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index e56c6b95958f..78d29594c666 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
{
+ if (rl->d == NULL)
+ return;
+
DTLS_RECORD_LAYER_clear(rl);
pqueue_free(rl->d->unprocessed_rcds.q);
pqueue_free(rl->d->processed_rcds.q);
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 8ddbde772965..8c3542a5422f 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -537,7 +537,6 @@ struct ssl_session_st {
int not_resumable;
/* This is the cert and type for the other end. */
X509 *peer;
- int peer_type;
/* Certificate chain peer sent. */
STACK_OF(X509) *peer_chain;
/*
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index c785ab785d38..9f51a6eb28d9 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -966,7 +966,8 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
* context, to avoid the confusing situation of having sess_accept_good
* exceed sess_accept (zero) for the new context.
*/
- if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx) {
+ if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx
+ && s->hello_retry_request == SSL_HRR_NONE) {
tsan_counter(&s->ctx->stats.sess_accept);
tsan_decr(&s->session_ctx->stats.sess_accept);
}
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 3420ce65c7c7..d84cc0460f4e 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -1960,7 +1960,6 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
goto err;
}
}
- s->session->peer_type = certidx;
X509_free(s->session->peer);
X509_up_ref(x);
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 364f77f08a4e..c3b6f8f4569a 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1504,8 +1504,8 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
/*
* Only called by servers. Returns 1 if the server has a TLSv1.3 capable
- * certificate type, or has PSK or a certificate callback configured. Otherwise
- * returns 0.
+ * certificate type, or has PSK or a certificate callback configured, or has
+ * a servername callback configured. Otherwise returns 0.
*/
static int is_tls13_capable(const SSL *s)
{
@@ -1515,6 +1515,17 @@ static int is_tls13_capable(const SSL *s)
EC_KEY *eckey;
#endif
+ if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
+ return 0;
+
+ /*
+ * A servername callback can change the available certs, so if a servername
+ * cb is set then we just assume TLSv1.3 will be ok
+ */
+ if (s->ctx->ext.servername_cb != NULL
+ || s->session_ctx->ext.servername_cb != NULL)
+ return 1;
+
#ifndef OPENSSL_NO_PSK
if (s->psk_server_callback != NULL)
return 1;