src - FreeBSD source tree

diff options


context:
space:
mode:

author	Jung-uk Kim <jkim@FreeBSD.org>	2017-01-26 18:32:12 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2017-01-26 18:32:12 +0000
commit	5315173646e65b5025be33013edc33eb9658e683 (patch)
tree	06e2ebfcb3177eeb3cba0775d8e3ed98577e77da /crypto
parent	e656c34a188598ebce6423c4fbc4860921d41be4 (diff)
download	src-5315173646e65b5025be33013edc33eb9658e683.tar.gz src-5315173646e65b5025be33013edc33eb9658e683.zip

Import OpenSSL 1.0.2k.vendor/openssl/1.0.2k

Notes

Notes: svn path=/vendor-crypto/openssl/dist/; revision=312823 svn path=/vendor-crypto/openssl/1.0.2k/; revision=312824; tag=vendor/openssl/1.0.2k

Diffstat (limited to 'crypto')

-rwxr-xr-x

crypto/aes/asm/aes-s390x.pl

-rw-r--r--

crypto/asn1/p5_pbev2.c

-rw-r--r--

crypto/asn1/x_crl.c

-rwxr-xr-x

crypto/bn/asm/x86_64-mont.pl

-rwxr-xr-x

crypto/bn/asm/x86_64-mont5.pl

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

crypto/cms/cms_kari.c

-rw-r--r--

crypto/dh/dh_key.c

-rw-r--r--

crypto/dsa/dsa_pmeth.c

-rw-r--r--

crypto/ec/ec2_mult.c

-rw-r--r--

crypto/ecdh/ech_ossl.c

-rw-r--r--

crypto/err/err.c

-rw-r--r--

crypto/evp/e_aes.c

-rw-r--r--

crypto/evp/e_rc4_hmac_md5.c

-rw-r--r--

crypto/evp/evp.h

-rw-r--r--

crypto/evp/evp_err.c

-rw-r--r--

crypto/evp/pmeth_fn.c

-rw-r--r--

crypto/evp/pmeth_lib.c

-rw-r--r--

crypto/modes/ctr128.c

-rw-r--r--

crypto/opensslv.h

-rwxr-xr-x

crypto/perlasm/x86_64-xlate.pl

-rw-r--r--

crypto/rsa/rsa_gen.c

-rw-r--r--

crypto/rsa/rsa_oaep.c

-rw-r--r--

crypto/rsa/rsa_pmeth.c

-rw-r--r--

crypto/s390xcap.c

-rw-r--r--

crypto/ui/ui_lib.c

138

-rw-r--r--

crypto/ui/ui_openssl.c

30 files changed, 215 insertions, 184 deletions

diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
index 76ca8e52198a..a8f4d29d1ce5 100755
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl

@@ -1568,8 +1568,8 @@ ___

}

########################################################################

-# void AES_xts_encrypt(const char *inp,char *out,size_t len,

-# const AES_KEY *key1, const AES_KEY *key2,

+# void AES_xts_encrypt(const unsigned char *inp, unsigned char *out,

+# size_t len, const AES_KEY *key1, const AES_KEY *key2,

# const unsigned char iv[16]);

{

@@ -1937,8 +1937,8 @@ $code.=<<___;

br $ra

.size AES_xts_encrypt,.-AES_xts_encrypt

___

-# void AES_xts_decrypt(const char *inp,char *out,size_t len,

-# const AES_KEY *key1, const AES_KEY *key2,

+# void AES_xts_decrypt(const unsigned char *inp, unsigned char *out,

+# size_t len, const AES_KEY *key1, const AES_KEY *key2,

# const unsigned char iv[16]);

$code.=<<___;

diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index 388053e0a1bf..4c037d3d2cae 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c

@@ -91,12 +91,11 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,

unsigned char *salt, int saltlen,

unsigned char *aiv, int prf_nid)

{

- X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;

+ X509_ALGOR *scheme = NULL, *ret = NULL;

int alg_nid, keylen;

EVP_CIPHER_CTX ctx;

unsigned char iv[EVP_MAX_IV_LENGTH];

PBE2PARAM *pbe2 = NULL;

- ASN1_OBJECT *obj;

alg_nid = EVP_CIPHER_type(cipher);

if (alg_nid == NID_undef) {

@@ -104,7 +103,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,

ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);

goto err;

}

- obj = OBJ_nid2obj(alg_nid);

if (!(pbe2 = PBE2PARAM_new()))

goto merr;

@@ -112,7 +110,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,

/* Setup the AlgorithmIdentifier for the encryption scheme */

scheme = pbe2->encryption;

- scheme->algorithm = obj;

+ scheme->algorithm = OBJ_nid2obj(alg_nid);

if (!(scheme->parameter = ASN1_TYPE_new()))

goto merr;

@@ -188,11 +186,9 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,

err:

PBE2PARAM_free(pbe2);

/* Note 'scheme' is freed as part of pbe2 */

- X509_ALGOR_free(kalg);

X509_ALGOR_free(ret);

return NULL;

}

X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,

diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 027950330d8b..c78ded89ef12 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c

@@ -254,6 +254,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,

for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {

int nid;

ext = sk_X509_EXTENSION_value(exts, idx);

nid = OBJ_obj2nid(ext->object);

if (nid == NID_freshest_crl)

@@ -263,7 +264,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,

if ((nid == NID_issuing_distribution_point)

|| (nid == NID_authority_key_identifier)

|| (nid == NID_delta_crl))

- break;;

+ continue;

crl->flags |= EXFLAG_CRITICAL;

break;

}

diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl
index 044fd7ecc0fd..80492d8e6381 100755
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl

@@ -1148,18 +1148,17 @@ $code.=<<___;

mulx 2*8($aptr),%r15,%r13 # ...

adox -3*8($tptr),%r11

adcx %r15,%r12

- adox $zero,%r12

+ adox -2*8($tptr),%r12

adcx $zero,%r13

+ adox $zero,%r13

mov $bptr,8(%rsp) # off-load &b[i]

- .byte 0x67

mov $mi,%r15

imulq 24(%rsp),$mi # "t[0]"*n0

xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0

mulx 3*8($aptr),%rax,%r14

mov $mi,%rdx

- adox -2*8($tptr),%r12

adcx %rax,%r13

adox -1*8($tptr),%r13

adcx $zero,%r14

diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
index f1fbb45b532b..3bb0cdf5bd39 100755
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl

@@ -1925,6 +1925,7 @@ __bn_sqr8x_reduction:

.align 32

.L8x_tail_done:

+ xor %rax,%rax

add (%rdx),%r8 # can this overflow?

adc \$0,%r9

adc \$0,%r10

@@ -1932,10 +1933,8 @@ __bn_sqr8x_reduction:

adc \$0,%r12

adc \$0,%r13

adc \$0,%r14

- adc \$0,%r15 # can't overflow, because we

- # started with "overhung" part

- # of multiplication

- xor %rax,%rax

+ adc \$0,%r15

+ adc \$0,%rax

neg $carry

.L8x_no_tail:

@@ -3375,6 +3374,7 @@ __bn_sqrx8x_reduction:

.align 32

.Lsqrx8x_tail_done:

+ xor %rax,%rax

add 24+8(%rsp),%r8 # can this overflow?

adc \$0,%r9

adc \$0,%r10

@@ -3382,10 +3382,8 @@ __bn_sqrx8x_reduction:

adc \$0,%r12

adc \$0,%r13

adc \$0,%r14

- adc \$0,%r15 # can't overflow, because we

- # started with "overhung" part

- # of multiplication

- mov $carry,%rax # xor %rax,%rax

+ adc \$0,%r15

+ adc \$0,%rax

sub 16+8(%rsp),$carry # mov 16(%rsp),%cf

.Lsqrx8x_no_tail: # %cf is 0 if jumped here

@@ -3400,7 +3398,7 @@ __bn_sqrx8x_reduction:

adc 8*5($tptr),%r13

adc 8*6($tptr),%r14

adc 8*7($tptr),%r15

- adc %rax,%rax # top-most carry

+ adc \$0,%rax # top-most carry

mov 32+8(%rsp),%rbx # n0

mov 8*8($tptr,%rcx),%rdx # modulo-scheduled "%r8"

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 1670f01d1d8c..195a7867a46b 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c

@@ -180,8 +180,9 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

goto err;

}

- if (r != rr)

- BN_copy(r, rr);

+ if (r != rr && BN_copy(r, rr) == NULL)

+ goto err;

ret = 1;

err:

BN_CTX_end(ctx);

diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
index b174850b6bb1..3c618dc30708 100644
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c

@@ -1083,8 +1083,9 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)

end:

#endif

bn_correct_top(rr);

- if (r != rr)

- BN_copy(r, rr);

+ if (r != rr && BN_copy(r, rr) == NULL)

+ goto err;

ret = 1;

err:

bn_check_top(r);

diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 1d256874c9d2..8177fd294772 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c

@@ -283,7 +283,8 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,

BIGNUM *t;

if ((t = BN_CTX_get(ctx)) == NULL)

goto err;

- BN_copy(t, a);

+ if (BN_copy(t, a) == NULL)

+ goto err;

t->neg = 0;

A = t;

} else

diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
index 3ca69879ee2d..256d26e8dbec 100644
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c

@@ -143,8 +143,9 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)

rr->top = max - 1;

else

rr->top = max;

- if (rr != r)

- BN_copy(r, rr);

+ if (r != rr && BN_copy(r, rr) == NULL)

+ goto err;

ret = 1;

err:

bn_check_top(rr);

diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index 2cfcdb29cd50..ee283172d3d8 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c

@@ -401,9 +401,12 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,

* Pick a cipher based on content encryption cipher. If it is DES3 use

* DES3 wrap otherwise use AES wrap similar to key size.

+#ifndef OPENSSL_NO_DES

if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)

kekcipher = EVP_des_ede3_wrap();

- else if (keylen <= 16)

+ else

+#endif

+ if (keylen <= 16)

kekcipher = EVP_aes_128_wrap();

else if (keylen <= 24)

kekcipher = EVP_aes_192_wrap();

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 1d80fb2c5f60..387558f1467c 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c

@@ -223,6 +223,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)

goto err;

BN_CTX_start(ctx);

tmp = BN_CTX_get(ctx);

+ if (tmp == NULL)

+ goto err;

if (dh->priv_key == NULL) {

DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);

diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
index 42b8bb086251..78724839b524 100644
--- a/crypto/dsa/dsa_pmeth.c
+++ b/crypto/dsa/dsa_pmeth.c

@@ -180,7 +180,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)

DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);

return 0;

}

- dctx->md = p2;

+ dctx->pmd = p2;

return 1;

case EVP_PKEY_CTRL_MD:

diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
index 68cc8771d5eb..1f9cc00aead6 100644
--- a/crypto/ec/ec2_mult.c
+++ b/crypto/ec/ec2_mult.c

@@ -267,7 +267,7 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,

BN_CTX *ctx)

{

BIGNUM *x1, *x2, *z1, *z2;

- int ret = 0, i;

+ int ret = 0, i, group_top;

BN_ULONG mask, word;

if (r == point) {

@@ -297,10 +297,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,

x2 = &r->X;

z2 = &r->Y;

- bn_wexpand(x1, group->field.top);

- bn_wexpand(z1, group->field.top);

- bn_wexpand(x2, group->field.top);

- bn_wexpand(z2, group->field.top);

+ group_top = group->field.top;

+ if (bn_wexpand(x1, group_top) == NULL

+ || bn_wexpand(z1, group_top) == NULL

+ || bn_wexpand(x2, group_top) == NULL

+ || bn_wexpand(z2, group_top) == NULL)

+ goto err;

if (!BN_GF2m_mod_arr(x1, &point->X, group->poly))

goto err; /* x1 = x */

@@ -329,14 +331,14 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,

for (; i >= 0; i--) {

word = scalar->d[i];

while (mask) {

- BN_consttime_swap(word & mask, x1, x2, group->field.top);

- BN_consttime_swap(word & mask, z1, z2, group->field.top);

+ BN_consttime_swap(word & mask, x1, x2, group_top);

+ BN_consttime_swap(word & mask, z1, z2, group_top);

if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx))

goto err;

if (!gf2m_Mdouble(group, x1, z1, ctx))

goto err;

- BN_consttime_swap(word & mask, x1, x2, group->field.top);

- BN_consttime_swap(word & mask, z1, z2, group->field.top);

+ BN_consttime_swap(word & mask, x1, x2, group_top);

+ BN_consttime_swap(word & mask, z1, z2, group_top);

mask >>= 1;

}

mask = BN_TBIT;

diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index df115cc262e5..d3b05247fe37 100644
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c

@@ -212,7 +212,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,

BN_CTX_end(ctx);

if (ctx)

BN_CTX_free(ctx);

- if (buf)

+ if (buf) {

+ OPENSSL_cleanse(buf, buflen);

OPENSSL_free(buf);

+ }

return (ret);

}

diff --git a/crypto/err/err.c b/crypto/err/err.c
index e77d963b6b15..52dc9a5ddd87 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c

@@ -868,6 +868,9 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len)

const char *ls, *fs, *rs;

unsigned long l, f, r;

+ if (len == 0)

+ return;

l = ERR_GET_LIB(e);

f = ERR_GET_FUNC(e);

r = ERR_GET_REASON(e);

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 1734a823c1e5..7c62d327a1f6 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c

@@ -155,10 +155,10 @@ void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,

const unsigned char ivec[AES_BLOCK_SIZE]);

# endif

# ifdef AES_XTS_ASM

-void AES_xts_encrypt(const char *inp, char *out, size_t len,

+void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,

const AES_KEY *key1, const AES_KEY *key2,

const unsigned char iv[16]);

-void AES_xts_decrypt(const char *inp, char *out, size_t len,

+void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,

const AES_KEY *key1, const AES_KEY *key2,

const unsigned char iv[16]);

# endif

diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 5e92855dfdc0..93cfe3f1074f 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c

@@ -269,6 +269,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,

len = p[arg - 2] << 8 | p[arg - 1];

if (!ctx->encrypt) {

+ if (len < MD5_DIGEST_LENGTH)

+ return -1;

len -= MD5_DIGEST_LENGTH;

p[arg - 2] = len >> 8;

p[arg - 1] = len;

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 39ab7937d256..d258ef870a36 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h

@@ -1370,6 +1370,7 @@ void EVP_add_alg_module(void);

* The following lines are auto generated by the script mkerr.pl. Any changes

* made after this point may be overwritten when the script is next run.

void ERR_load_EVP_strings(void);

/* Error codes for the EVP functions. */

@@ -1489,6 +1490,7 @@ void ERR_load_EVP_strings(void);

# define EVP_R_INPUT_NOT_INITIALIZED 111

# define EVP_R_INVALID_DIGEST 152

# define EVP_R_INVALID_FIPS_MODE 168

+# define EVP_R_INVALID_KEY 171

# define EVP_R_INVALID_KEY_LENGTH 130

# define EVP_R_INVALID_OPERATION 148

# define EVP_R_IV_TOO_LARGE 102

@@ -1528,7 +1530,7 @@ void ERR_load_EVP_strings(void);

# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109

# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110

-#ifdef __cplusplus

+# ifdef __cplusplus

}

-#endif

+# endif

#endif

diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 15cf5532b382..bcd841eb7792 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c

@@ -1,6 +1,6 @@

/* crypto/evp/evp_err.c */

/* ====================================================================

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

@@ -192,6 +192,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {

{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},

{ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},

{ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},

+ {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},

{ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},

{ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},

{ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"},

diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index a8b7f2f6d579..727869e3ee87 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c

@@ -65,20 +65,22 @@

#include "evp_locl.h"

#define M_check_autoarg(ctx, arg, arglen, err) \

- if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \

- { \

- size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \

- if (!arg) \

- { \

- *arglen = pksize; \

- return 1; \

- } \

- else if (*arglen < pksize) \

- { \

- EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\

- return 0; \

- } \

- }

+ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \

+ size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \

+ \

+ if (pksize == 0) { \

+ EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \

+ return 0; \

+ } \

+ if (!arg) { \

+ *arglen = pksize; \

+ return 1; \

+ } \

+ if (*arglen < pksize) { \

+ EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \

+ return 0; \

+ } \

+ }

int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)

{

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 9668b3a9bcfb..d06686290459 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c

@@ -199,6 +199,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)

EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)

{

EVP_PKEY_METHOD *pmeth;

pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD));

if (!pmeth)

return NULL;

@@ -207,33 +208,6 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)

pmeth->pkey_id = id;

pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;

- pmeth->init = 0;

- pmeth->copy = 0;

- pmeth->cleanup = 0;

- pmeth->paramgen_init = 0;

- pmeth->paramgen = 0;

- pmeth->keygen_init = 0;

- pmeth->keygen = 0;

- pmeth->sign_init = 0;

- pmeth->sign = 0;

- pmeth->verify_init = 0;

- pmeth->verify = 0;

- pmeth->verify_recover_init = 0;

- pmeth->verify_recover = 0;

- pmeth->signctx_init = 0;

- pmeth->signctx = 0;

- pmeth->verifyctx_init = 0;

- pmeth->verifyctx = 0;

- pmeth->encrypt_init = 0;

- pmeth->encrypt = 0;

- pmeth->decrypt_init = 0;

- pmeth->decrypt = 0;

- pmeth->derive_init = 0;

- pmeth->derive = 0;

- pmeth->ctrl = 0;

- pmeth->ctrl_str = 0;

return pmeth;

}

diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c
index bcafd6b6bfb1..d4b22728e623 100644
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c

@@ -100,7 +100,7 @@ static void ctr128_inc_aligned(unsigned char *counter)

--n;

d = data[n] += c;

/* did addition carry? */

- c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);

+ c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);

} while (n);

}

#endif

diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 88faad652259..645dd0793f32 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h

@@ -30,11 +30,11 @@ extern "C" {

* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for

* major minor fix final patch/beta)

-# define OPENSSL_VERSION_NUMBER 0x100020afL

+# define OPENSSL_VERSION_NUMBER 0x100020bfL

# ifdef OPENSSL_FIPS

-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016"

+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k-fips 26 Jan 2017"

# else

-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016"

+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k 26 Jan 2017"

# endif

# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index 7a3dd04b0f9d..b7ae40b4dbfa 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl

@@ -250,11 +250,18 @@ my %globals;

$self->{base} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;

# Solaris /usr/ccs/bin/as can't handle multiplications

- # in $self->{label}, new gas requires sign extension...

+ # in $self->{label}...

use integer;

$self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;

$self->{label} =~ s/\b([0-9]+\s*[\*\/\%]\s*[0-9]+)\b/eval($1)/eg;

- $self->{label} =~ s/\b([0-9]+)\b/$1<<32>>32/eg;

+ # Some assemblers insist on signed presentation of 32-bit

+ # offsets, but sign extension is a tricky business in perl...

+ if ((1<<31)<<1) {

+ $self->{label} =~ s/\b([0-9]+)\b/$1<<32>>32/eg;

+ } else {

+ $self->{label} =~ s/\b([0-9]+)\b/$1>>0/eg;

+ }

if (!$self->{label} && $self->{index} && $self->{scale}==1 &&

$self->{base} =~ /(rbp|r13)/) {

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 7f7dca39fd08..082c8da2efc2 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c

@@ -142,7 +142,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,

if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))

goto err;

- BN_copy(rsa->e, e_value);

+ if (BN_copy(rsa->e, e_value) == NULL)

+ goto err;

/* generate p and q */

for (;;) {

diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 9c2a943cf778..19d28c6f0e60 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c

@@ -89,17 +89,21 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,

}

if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)

- return 0;

+ goto err;

for (i = 0; i < emlen - mdlen; i++)

db[i] ^= dbmask[i];

if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)

- return 0;

+ goto err;

for (i = 0; i < mdlen; i++)

seed[i] ^= seedmask[i];

OPENSSL_free(dbmask);

return 1;

+ err:

+ OPENSSL_free(dbmask);

+ return 0;

}

int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 94db87a0637d..ac583bf60b01 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c

@@ -373,6 +373,10 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,

if (rctx->pad_mode == RSA_PKCS1_PADDING)

return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,

sig, siglen, rsa);

+ if (tbslen != (size_t)EVP_MD_size(rctx->md)) {

+ RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);

+ return -1;

+ }

if (rctx->pad_mode == RSA_X931_PADDING) {

if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0)

return 0;

diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
index 47d6b6ff511c..cf8c372c05aa 100644
--- a/crypto/s390xcap.c
+++ b/crypto/s390xcap.c

@@ -3,6 +3,7 @@

#include <string.h>

#include <setjmp.h>

#include <signal.h>

+#include "cryptlib.h"

extern unsigned long OPENSSL_s390xcap_P[];

diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index d25b4f37bd11..3cc067c3b7ee 100644
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c

@@ -164,7 +164,7 @@ static int general_allocate_string(UI *ui, const char *prompt,

UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,

type, input_flags, result_buf);

- if (s) {

+ if (s != NULL) {

if (allocate_string_stack(ui) >= 0) {

s->_.string_data.result_minsize = minsize;

s->_.string_data.result_maxsize = maxsize;

@@ -197,8 +197,8 @@ static int general_allocate_boolean(UI *ui,

} else if (cancel_chars == NULL) {

UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);

} else {

- for (p = ok_chars; *p; p++) {

- if (strchr(cancel_chars, *p)) {

+ for (p = ok_chars; *p != '\0'; p++) {

+ if (strchr(cancel_chars, *p) != NULL) {

UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,

UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);

}

@@ -207,7 +207,7 @@ static int general_allocate_boolean(UI *ui,

s = general_allocate_prompt(ui, prompt, prompt_freeable,

type, input_flags, result_buf);

- if (s) {

+ if (s != NULL) {

if (allocate_string_stack(ui) >= 0) {

s->_.boolean_data.action_desc = action_desc;

s->_.boolean_data.ok_chars = ok_chars;

@@ -243,7 +243,7 @@ int UI_dup_input_string(UI *ui, const char *prompt, int flags,

{

char *prompt_copy = NULL;

- if (prompt) {

+ if (prompt != NULL) {

prompt_copy = BUF_strdup(prompt);

if (prompt_copy == NULL) {

UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);

@@ -271,7 +271,7 @@ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,

{

char *prompt_copy = NULL;

- if (prompt) {

+ if (prompt != NULL) {

prompt_copy = BUF_strdup(prompt);

if (prompt_copy == NULL) {

UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);

@@ -302,7 +302,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,

char *ok_chars_copy = NULL;

char *cancel_chars_copy = NULL;

- if (prompt) {

+ if (prompt != NULL) {

prompt_copy = BUF_strdup(prompt);

if (prompt_copy == NULL) {

UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);

@@ -310,7 +310,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,

}

- if (action_desc) {

+ if (action_desc != NULL) {

action_desc_copy = BUF_strdup(action_desc);

if (action_desc_copy == NULL) {

UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);

@@ -318,7 +318,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,

}

- if (ok_chars) {

+ if (ok_chars != NULL) {

ok_chars_copy = BUF_strdup(ok_chars);

if (ok_chars_copy == NULL) {

UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);

@@ -326,7 +326,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,

}

- if (cancel_chars) {

+ if (cancel_chars != NULL) {

cancel_chars_copy = BUF_strdup(cancel_chars);

if (cancel_chars_copy == NULL) {

UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);

@@ -359,7 +359,7 @@ int UI_dup_info_string(UI *ui, const char *text)

{

char *text_copy = NULL;

- if (text) {

+ if (text != NULL) {

text_copy = BUF_strdup(text);

if (text_copy == NULL) {

UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);

@@ -381,7 +381,7 @@ int UI_dup_error_string(UI *ui, const char *text)

{

char *text_copy = NULL;

- if (text) {

+ if (text != NULL) {

text_copy = BUF_strdup(text);

if (text_copy == NULL) {

UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);

@@ -397,7 +397,7 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,

{

char *prompt = NULL;

- if (ui->meth->ui_construct_prompt)

+ if (ui->meth->ui_construct_prompt != NULL)

prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);

else {

char prompt1[] = "Enter ";

@@ -408,7 +408,7 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,

if (object_desc == NULL)

return NULL;

len = sizeof(prompt1) - 1 + strlen(object_desc);

- if (object_name)

+ if (object_name != NULL)

len += sizeof(prompt2) - 1 + strlen(object_name);

len += sizeof(prompt3) - 1;

@@ -417,7 +417,7 @@ char *UI_construct_prompt(UI *ui, const char *object_desc,

return NULL;

BUF_strlcpy(prompt, prompt1, len + 1);

BUF_strlcat(prompt, object_desc, len + 1);

- if (object_name) {

+ if (object_name != NULL) {

BUF_strlcat(prompt, prompt2, len + 1);

BUF_strlcat(prompt, object_name, len + 1);

}

@@ -459,7 +459,8 @@ static int print_error(const char *str, size_t len, UI *ui)

uis.type = UIT_ERROR;

uis.out_string = str;

- if (ui->meth->ui_write_string && !ui->meth->ui_write_string(ui, &uis))

+ if (ui->meth->ui_write_string != NULL

+ && ui->meth->ui_write_string(ui, &uis) <= 0)

return -1;

return 0;

}

@@ -468,24 +469,28 @@ int UI_process(UI *ui)

{

int i, ok = 0;

- if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))

- return -1;

+ if (ui->meth->ui_open_session != NULL

+ && ui->meth->ui_open_session(ui) <= 0) {

+ ok = -1;

+ goto err;

+ }

if (ui->flags & UI_FLAG_PRINT_ERRORS)

ERR_print_errors_cb((int (*)(const char *, size_t, void *))

print_error, (void *)ui);

for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {

- if (ui->meth->ui_write_string

- && !ui->meth->ui_write_string(ui,

- sk_UI_STRING_value(ui->strings, i)))

+ if (ui->meth->ui_write_string != NULL

+ && (ui->meth->ui_write_string(ui,

+ sk_UI_STRING_value(ui->strings, i))

+ <= 0))

{

ok = -1;

goto err;

}

- if (ui->meth->ui_flush)

+ if (ui->meth->ui_flush != NULL)

switch (ui->meth->ui_flush(ui)) {

case -1: /* Interrupt/Cancel/something... */

ok = -2;

@@ -499,7 +504,7 @@ int UI_process(UI *ui)

}

for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {

- if (ui->meth->ui_read_string) {

+ if (ui->meth->ui_read_string != NULL) {

switch (ui->meth->ui_read_string(ui,

sk_UI_STRING_value(ui->strings,

i))) {

@@ -516,7 +521,8 @@ int UI_process(UI *ui)

}

err:

- if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))

+ if (ui->meth->ui_close_session != NULL

+ && ui->meth->ui_close_session(ui) <= 0)

return -1;

return ok;

}

@@ -612,49 +618,49 @@ void UI_destroy_method(UI_METHOD *ui_method)

int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui))

{

- if (method) {

+ if (method != NULL) {

method->ui_open_session = opener;

return 0;

- } else

- return -1;

+ }

+ return -1;

}

int UI_method_set_writer(UI_METHOD *method,

int (*writer) (UI *ui, UI_STRING *uis))

{

- if (method) {

+ if (method != NULL) {

method->ui_write_string = writer;

return 0;

- } else

- return -1;

+ }

+ return -1;

}

int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui))

{

- if (method) {

+ if (method != NULL) {

method->ui_flush = flusher;

return 0;

- } else

- return -1;

+ }

+ return -1;

}

int UI_method_set_reader(UI_METHOD *method,

int (*reader) (UI *ui, UI_STRING *uis))

{

- if (method) {

+ if (method != NULL) {

method->ui_read_string = reader;

return 0;

- } else

- return -1;

+ }

+ return -1;

}

int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))

{

- if (method) {

+ if (method != NULL) {

method->ui_close_session = closer;

return 0;

- } else

- return -1;

+ }

+ return -1;

}

int UI_method_set_prompt_constructor(UI_METHOD *method,

@@ -664,55 +670,55 @@ int UI_method_set_prompt_constructor(UI_METHOD *method,

const char

*object_name))

{

- if (method) {

+ if (method != NULL) {

method->ui_construct_prompt = prompt_constructor;

return 0;

- } else

- return -1;

+ }

+ return -1;

}

-int (*UI_method_get_opener(UI_METHOD *method)) (UI *) {

- if (method)

+int (*UI_method_get_opener(UI_METHOD *method)) (UI *)

+ if (method != NULL)

return method->ui_open_session;

- else

- return NULL;

+ return NULL;

}

-int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) {

- if (method)

+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *)

+ if (method != NULL)

return method->ui_write_string;

- else

- return NULL;

+ return NULL;

}

-int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) {

- if (method)

+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *)

+ if (method != NULL)

return method->ui_flush;

- else

- return NULL;

+ return NULL;

}

-int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) {

- if (method)

+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *)

+ if (method != NULL)

return method->ui_read_string;

- else

- return NULL;

+ return NULL;

}

-int (*UI_method_get_closer(UI_METHOD *method)) (UI *) {

- if (method)

+int (*UI_method_get_closer(UI_METHOD *method)) (UI *)

+ if (method != NULL)

return method->ui_close_session;

- else

- return NULL;

+ return NULL;

}

char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *,

const char *,

- const char *) {

- if (method)

+ const char *)

+ if (method != NULL)

return method->ui_construct_prompt;

- else

- return NULL;

+ return NULL;

}

enum UI_string_types UI_get_string_type(UI_STRING *uis)

diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 9ab259b8f605..17d14f58427a 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c

@@ -440,7 +440,7 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)

# else

p = fgets(result, maxsize, tty_in);

# endif

- if (!p)

+ if (p == NULL)

goto error;

if (feof(tty_in))

goto error;

@@ -509,18 +509,31 @@ static int open_console(UI *ui)

is_a_tty = 0;

else

# endif

+# ifdef ENODEV

+ /*

+ * MacOS X returns ENODEV (Operation not supported by device),

+ * which seems appropriate.

+ */

+ if (errno == ENODEV)

+ is_a_tty = 0;

+ else

+# endif

return 0;

}

#endif

#ifdef OPENSSL_SYS_VMS

status = sys$assign(&terminal, &channel, 0, 0);

+ /* if there isn't a TT device, something is very wrong */

if (status != SS$_NORMAL)

return 0;

- status =

- sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,

- 0, 0);

+ status = sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12,

+ 0, 0, 0, 0);

+ /* If IO$_SENSEMODE doesn't work, this is not a terminal device */

if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

- return 0;

+ is_a_tty = 0;

#endif

return 1;

}

@@ -537,14 +550,15 @@ static int noecho_console(UI *ui)

return 0;

#endif

#ifdef OPENSSL_SYS_VMS

- tty_new[0] = tty_orig[0];

- tty_new[1] = tty_orig[1] | TT$M_NOECHO;

- tty_new[2] = tty_orig[2];

- status =

- sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,

- 0);

- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

- return 0;

+ if (is_a_tty) {

+ tty_new[0] = tty_orig[0];

+ tty_new[1] = tty_orig[1] | TT$M_NOECHO;

+ tty_new[2] = tty_orig[2];

+ status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,

+ 0, 0, 0, 0);

+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

+ return 0;

+ }

#endif

return 1;

}

@@ -561,14 +575,15 @@ static int echo_console(UI *ui)

return 0;

#endif

#ifdef OPENSSL_SYS_VMS

- tty_new[0] = tty_orig[0];

- tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;

- tty_new[2] = tty_orig[2];

- status =

- sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,

- 0);

- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

- return 0;

+ if (is_a_tty) {

+ tty_new[0] = tty_orig[0];

+ tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;

+ tty_new[2] = tty_orig[2];

+ status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,

+ 0, 0, 0, 0);

+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

+ return 0;

+ }

#endif

return 1;

}

@@ -581,6 +596,8 @@ static int close_console(UI *ui)

fclose(tty_out);

#ifdef OPENSSL_SYS_VMS

status = sys$dassgn(channel);

+ if (status != SS$_NORMAL)

+ return 0;

#endif

CRYPTO_w_unlock(CRYPTO_LOCK_UI);