src - FreeBSD source tree

diff options


context:
space:
mode:

author	Jung-uk Kim <jkim@FreeBSD.org>	2021-09-01 02:23:22 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2021-09-01 02:23:22 +0000
commit	c1d1798abd60f12527b70443cb7d0b9cd78ef7b1 (patch)
tree	1ac1ccb6b23135a8b57efdff5c4a84ad03202f7a /crypto
parent	94fa08a4bcdfbb3434b025d67d014af3b18e5380 (diff)
download	src-c1d1798abd60f12527b70443cb7d0b9cd78ef7b1.tar.gz src-c1d1798abd60f12527b70443cb7d0b9cd78ef7b1.zip

Import OpenSSL 1.1.1lvendor/openssl/1.1.1l

Diffstat (limited to 'crypto')

-rw-r--r--

crypto/armcap.c

-rw-r--r--

crypto/asn1/a_object.c

-rw-r--r--

crypto/asn1/a_strex.c

-rw-r--r--

crypto/asn1/asn1_lib.c

-rw-r--r--

crypto/asn1/bio_asn1.c

-rw-r--r--

crypto/asn1/bio_ndef.c

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rwxr-xr-x

crypto/chacha/asm/chacha-x86_64.pl

-rw-r--r--

crypto/dsa/dsa_prn.c

-rw-r--r--

crypto/ec/ec2_oct.c

-rw-r--r--

crypto/ec/ec_asn1.c

-rw-r--r--

crypto/err/openssl.txt

-rw-r--r--

crypto/evp/e_aes.c

192

-rw-r--r--

crypto/evp/e_camellia.c

-rw-r--r--

crypto/hmac/hm_ameth.c

-rw-r--r--

crypto/pkcs12/p12_key.c

-rw-r--r--

crypto/poly1305/poly1305_ameth.c

-rw-r--r--

crypto/ppccap.c

-rw-r--r--

crypto/rand/rand_unix.c

-rw-r--r--

crypto/rsa/rsa_prn.c

-rw-r--r--

crypto/siphash/siphash_ameth.c

-rw-r--r--

crypto/sm2/sm2_crypt.c

-rw-r--r--

crypto/sm2/sm2_pmeth.c

-rw-r--r--

crypto/sparcv9cap.c

-rw-r--r--

crypto/srp/srp_vfy.c

-rw-r--r--

crypto/store/loader_file.c

-rw-r--r--

crypto/ts/ts_rsp_verify.c

-rw-r--r--

crypto/ts/ts_verify_ctx.c

-rw-r--r--

crypto/uid.c

-rw-r--r--

crypto/x509/t_x509.c

-rw-r--r--

crypto/x509/x509_vpm.c

-rw-r--r--

crypto/x509v3/v3_akey.c

-rw-r--r--

crypto/x509v3/v3_alt.c

-rw-r--r--

crypto/x509v3/v3_cpols.c

-rw-r--r--

crypto/x509v3/v3_ncons.c

-rw-r--r--

crypto/x509v3/v3_pci.c

-rw-r--r--

crypto/x509v3/v3_utl.c

-rw-r--r--

crypto/x509v3/v3err.c

42 files changed, 533 insertions, 278 deletions

diff --git a/crypto/armcap.c b/crypto/armcap.c
index 8bf96f10214f..c5685bde5891 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c

@@ -68,6 +68,12 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));

# include <sys/auxv.h>

# define OSSL_IMPLEMENT_GETAUXVAL

# endif

+# elif defined(__ANDROID_API__)

+/* see https://developer.android.google.cn/ndk/guides/cpu-features */

+# if __ANDROID_API__ >= 18

+# include <sys/auxv.h>

+# define OSSL_IMPLEMENT_GETAUXVAL

+# endif

# endif

# if defined(__FreeBSD__)

# include <sys/param.h>

@@ -88,6 +94,15 @@ static unsigned long getauxval(unsigned long key)

# endif

+ * Android: according to https://developer.android.com/ndk/guides/cpu-features,

+ * getauxval is supported starting with API level 18

+ */

+# if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18

+# include <sys/auxv.h>

+# define OSSL_IMPLEMENT_GETAUXVAL

+# endif

+/*

* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas

* AArch64 used AT_HWCAP.

diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index d67a723c9611..8ade9e50a7cb 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -286,16 +286,13 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,

}

- /*

- * only the ASN1_OBJECTs from the 'table' will have values for ->sn or

- * ->ln

- */

if ((a == NULL) || ((*a) == NULL) ||

!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {

if ((ret = ASN1_OBJECT_new()) == NULL)

return NULL;

- } else

+ } else {

ret = (*a);

+ }

p = *pp;

/* detach data from object */

@@ -313,6 +310,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,

ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;

}

memcpy(data, p, length);

+ /* If there are dynamic strings, free them here, and clear the flag */

+ if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) {

+ OPENSSL_free((char *)ret->sn);

+ OPENSSL_free((char *)ret->ln);

+ ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;

+ }

/* reattach data to object, after which it remains const */

ret->data = data;

ret->length = length;

diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 4879b33785e9..284dde274c9f 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -280,6 +280,8 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,

t.type = str->type;

t.value.ptr = (char *)str;

der_len = i2d_ASN1_TYPE(&t, NULL);

+ if (der_len <= 0)

+ return -1;

if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {

ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);

return -1;

diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 366afc5f6c6b..3d99d1383d42 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -292,7 +292,12 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)

}

if ((size_t)str->length <= len || str->data == NULL) {

c = str->data;

+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION

+ /* No NUL terminator in fuzzing builds */

+ str->data = OPENSSL_realloc(c, len);

+#else

str->data = OPENSSL_realloc(c, len + 1);

+#endif

if (str->data == NULL) {

ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);

str->data = c;

@@ -302,8 +307,13 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)

str->length = len;

if (data != NULL) {

memcpy(str->data, data, len);

- /* an allowance for strings :-) */

+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION

+ /*

+ * Add a NUL terminator. This should not be necessary - but we add it as

+ * a safety precaution

+ */

str->data[len] = '\0';

+#endif

}

return 1;

}

diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
index 86ee56632305..914d77c866c6 100644
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -138,6 +138,11 @@ static int asn1_bio_free(BIO *b)

if (ctx == NULL)

return 0;

+ if (ctx->prefix_free != NULL)

+ ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);

+ if (ctx->suffix_free != NULL)

+ ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);

OPENSSL_free(ctx->buf);

OPENSSL_free(ctx);

BIO_set_data(b, NULL);

diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index d7d7d80eea91..760e4846a474 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c

@@ -142,6 +142,9 @@ static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,

ndef_aux = *(NDEF_SUPPORT **)parg;

+ if (ndef_aux == NULL)

+ return 0;

OPENSSL_free(ndef_aux->derbuf);

ndef_aux->derbuf = NULL;

diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 7b127d2092fa..2094963036fe 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -78,13 +78,53 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,

* type

+static EVP_PKEY *key_as_pkcs8(const unsigned char **pp, long length, int *carry_on)

+ const unsigned char *p = *pp;

+ PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);

+ EVP_PKEY *ret;

+ if (p8 == NULL)

+ return NULL;

+ ret = EVP_PKCS82PKEY(p8);

+ if (ret == NULL)

+ *carry_on = 0;

+ PKCS8_PRIV_KEY_INFO_free(p8);

+ if (ret != NULL)

+ *pp = p;

+ return ret;

EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,

long length)

{

STACK_OF(ASN1_TYPE) *inkey;

const unsigned char *p;

int keytype;

+ EVP_PKEY *ret = NULL;

+ int carry_on = 1;

+ ERR_set_mark();

+ ret = key_as_pkcs8(pp, length, &carry_on);

+ if (ret != NULL) {

+ ERR_clear_last_mark();

+ if (a != NULL)

+ *a = ret;

+ return ret;

+ }

+ if (carry_on == 0) {

+ ERR_clear_last_mark();

+ ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,

+ ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

+ return NULL;

+ }

p = *pp;

* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by

* analyzing it we can determine the passed structure: this assumes the

@@ -100,28 +140,15 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,

keytype = EVP_PKEY_DSA;

else if (sk_ASN1_TYPE_num(inkey) == 4)

keytype = EVP_PKEY_EC;

- else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not

- * traditional format */

- PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);

- EVP_PKEY *ret;

- sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);

- if (!p8) {

- ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,

- ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);

- return NULL;

- }

- ret = EVP_PKCS82PKEY(p8);

- PKCS8_PRIV_KEY_INFO_free(p8);

- if (ret == NULL)

- return NULL;

- *pp = p;

- if (a) {

- *a = ret;

- }

- return ret;

- } else

+ else

keytype = EVP_PKEY_RSA;

sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);

- return d2i_PrivateKey(keytype, a, pp, length);

+ ret = d2i_PrivateKey(keytype, a, pp, length);

+ if (ret != NULL)

+ ERR_pop_to_mark();

+ else

+ ERR_clear_last_mark();

+ return ret;

}

diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
index 51b56d0aa9f7..3d4aea8ad9a4 100644
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)

}

chal = spki->spkac->challenge;

if (chal->length)

- BIO_printf(out, " Challenge String: %s\n", chal->data);

+ BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data);

i = OBJ_obj2nid(spki->sig_algor.algorithm);

BIO_printf(out, " Signature Algorithm: %s",

(i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));

diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index b023bbda406b..8ea32bce401b 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -689,7 +689,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,

hints.ai_protocol = protocol;

# ifdef AI_ADDRCONFIG

# ifdef AF_UNSPEC

- if (family == AF_UNSPEC)

+ if (host != NULL && family == AF_UNSPEC)

# endif

hints.ai_flags |= AI_ADDRCONFIG;

# endif

diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c
index 335dfabc6180..104ff31b0d2e 100644
--- a/crypto/bio/b_sock2.c
+++ b/crypto/bio/b_sock2.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -243,7 +243,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)

}

-# ifdef IPV6_V6ONLY

+ /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */

+# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)

if (BIO_ADDR_family(addr) == AF_INET6) {

* Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.

diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 286d69c895fd..0da9f39b31a9 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -268,7 +268,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,

BIGNUM *tmp, *snum, *sdiv, *res;

BN_ULONG *resp, *wnum, *wnumtop;

BN_ULONG d0, d1;

- int num_n, div_n;

+ int num_n, div_n, num_neg;

assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);

@@ -326,7 +326,8 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,

/* Setup quotient */

if (!bn_wexpand(res, loop))

goto err;

- res->neg = (num->neg ^ divisor->neg);

+ num_neg = num->neg;

+ res->neg = (num_neg ^ divisor->neg);

res->top = loop;

res->flags |= BN_FLG_FIXED_TOP;

resp = &(res->d[loop]);

@@ -442,7 +443,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,

*--resp = q;

}

/* snum holds remainder, it's as wide as divisor */

- snum->neg = num->neg;

+ snum->neg = num_neg;

snum->top = div_n;

snum->flags |= BN_FLG_FIXED_TOP;

if (rm != NULL)

diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl
index 227ee59ff2ba..c0e5d863dcb2 100755
--- a/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/chacha/asm/chacha-x86_64.pl

@@ -1,5 +1,5 @@

#! /usr/bin/env perl

# Licensed under the OpenSSL license (the "License"). You may not use

# this file except in compliance with the License. You can obtain a copy

@@ -471,7 +471,7 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round

&por ($b,$t);

}

-my $xframe = $win64 ? 32+8 : 8;

+my $xframe = $win64 ? 160+8 : 8;

$code.=<<___;

.type ChaCha20_ssse3,\@function,5

@@ -2499,7 +2499,7 @@ sub AVX512ROUND { # critical path is 14 "SIMD ticks" per round

&vprold ($b,$b,7);

}

-my $xframe = $win64 ? 32+8 : 8;

+my $xframe = $win64 ? 160+8 : 8;

$code.=<<___;

.type ChaCha20_avx512,\@function,5

@@ -2515,8 +2515,16 @@ ChaCha20_avx512:

sub \$64+$xframe,%rsp

___

$code.=<<___ if ($win64);

- movaps %xmm6,-0x28(%r9)

- movaps %xmm7,-0x18(%r9)

+ movaps %xmm6,-0xa8(%r9)

+ movaps %xmm7,-0x98(%r9)

+ movaps %xmm8,-0x88(%r9)

+ movaps %xmm9,-0x78(%r9)

+ movaps %xmm10,-0x68(%r9)

+ movaps %xmm11,-0x58(%r9)

+ movaps %xmm12,-0x48(%r9)

+ movaps %xmm13,-0x38(%r9)

+ movaps %xmm14,-0x28(%r9)

+ movaps %xmm15,-0x18(%r9)

.Lavx512_body:

___

$code.=<<___;

@@ -2683,8 +2691,16 @@ $code.=<<___;

vzeroall

___

$code.=<<___ if ($win64);

- movaps -0x28(%r9),%xmm6

- movaps -0x18(%r9),%xmm7

+ movaps -0xa8(%r9),%xmm6

+ movaps -0x98(%r9),%xmm7

+ movaps -0x88(%r9),%xmm8

+ movaps -0x78(%r9),%xmm9

+ movaps -0x68(%r9),%xmm10

+ movaps -0x58(%r9),%xmm11

+ movaps -0x48(%r9),%xmm12

+ movaps -0x38(%r9),%xmm13

+ movaps -0x28(%r9),%xmm14

+ movaps -0x18(%r9),%xmm15

___

$code.=<<___;

lea (%r9),%rsp

@@ -2711,8 +2727,16 @@ ChaCha20_avx512vl:

sub \$64+$xframe,%rsp

___

$code.=<<___ if ($win64);

- movaps %xmm6,-0x28(%r9)

- movaps %xmm7,-0x18(%r9)

+ movaps %xmm6,-0xa8(%r9)

+ movaps %xmm7,-0x98(%r9)

+ movaps %xmm8,-0x88(%r9)

+ movaps %xmm9,-0x78(%r9)

+ movaps %xmm10,-0x68(%r9)

+ movaps %xmm11,-0x58(%r9)

+ movaps %xmm12,-0x48(%r9)

+ movaps %xmm13,-0x38(%r9)

+ movaps %xmm14,-0x28(%r9)

+ movaps %xmm15,-0x18(%r9)

.Lavx512vl_body:

___

$code.=<<___;

@@ -2836,8 +2860,16 @@ $code.=<<___;

vzeroall

___

$code.=<<___ if ($win64);

- movaps -0x28(%r9),%xmm6

- movaps -0x18(%r9),%xmm7

+ movaps -0xa8(%r9),%xmm6

+ movaps -0x98(%r9),%xmm7

+ movaps -0x88(%r9),%xmm8

+ movaps -0x78(%r9),%xmm9

+ movaps -0x68(%r9),%xmm10

+ movaps -0x58(%r9),%xmm11

+ movaps -0x48(%r9),%xmm12

+ movaps -0x38(%r9),%xmm13

+ movaps -0x28(%r9),%xmm14

+ movaps -0x18(%r9),%xmm15

___

$code.=<<___;

lea (%r9),%rsp

diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c
index a4a1fd5650e4..070b881e1fae 100644
--- a/crypto/dsa/dsa_prn.c
+++ b/crypto/dsa/dsa_prn.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -49,9 +49,11 @@ int DSA_print(BIO *bp, const DSA *x, int off)

EVP_PKEY *pk;

int ret;

pk = EVP_PKEY_new();

- if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))

+ if (pk == NULL)

return 0;

- ret = EVP_PKEY_print_private(bp, pk, off, NULL);

+ ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);

+ if (ret)

+ ret = EVP_PKEY_print_private(bp, pk, off, NULL);

EVP_PKEY_free(pk);

return ret;

}

@@ -61,9 +63,11 @@ int DSAparams_print(BIO *bp, const DSA *x)

EVP_PKEY *pk;

int ret;

pk = EVP_PKEY_new();

- if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))

+ if (pk == NULL)

return 0;

- ret = EVP_PKEY_print_params(bp, pk, 4, NULL);

+ ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);

+ if (ret)

+ ret = EVP_PKEY_print_params(bp, pk, 4, NULL);

EVP_PKEY_free(pk);

return ret;

}

diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index 48543265eeab..788e6501fbcd 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

@@ -247,9 +247,21 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,

ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);

return 0;

}

- form = buf[0];

- y_bit = form & 1;

- form = form & ~1U;

+ /*

+ * The first octet is the point converison octet PC, see X9.62, page 4

+ * and section 4.4.2. It must be:

+ * 0x00 for the point at infinity

+ * 0x02 or 0x03 for compressed form

+ * 0x04 for uncompressed form

+ * 0x06 or 0x07 for hybrid form.

+ * For compressed or hybrid forms, we store the last bit of buf[0] as

+ * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.

+ * We error if buf[0] contains any but the above values.

+ */

+ y_bit = buf[0] & 1;

+ form = buf[0] & ~1U;

if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)

&& (form != POINT_CONVERSION_UNCOMPRESSED)

&& (form != POINT_CONVERSION_HYBRID)) {

@@ -261,6 +273,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,

return 0;

}

+ /* The point at infinity is represented by a single zero octet. */

if (form == 0) {

if (len != 1) {

ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

@@ -312,11 +325,23 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,

goto err;

}

if (form == POINT_CONVERSION_HYBRID) {

- if (!group->meth->field_div(group, yxi, y, x, ctx))

- goto err;

- if (y_bit != BN_is_odd(yxi)) {

- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);

- goto err;

+ /*

+ * Check that the form in the encoding was set correctly

+ * according to X9.62 4.4.2.a, 4(c), see also first paragraph

+ * of X9.62, 4.4.1.b.

+ */

+ if (BN_is_zero(x)) {

+ if (y_bit != 0) {

+ ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);

+ goto err;

+ }

+ } else {

+ if (!group->meth->field_div(group, yxi, y, x, ctx))

+ goto err;

+ if (y_bit != BN_is_odd(yxi)) {

+ ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);

+ goto err;

+ }

}

diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 7b7c75ce8443..c8ee1e6f1762 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -761,7 +761,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)

ret->seed_len = params->curve->seed->length;

}

- if (!params->order || !params->base || !params->base->data) {

+ if (params->order == NULL

+ || params->base == NULL

+ || params->base->data == NULL

+ || params->base->length == 0) {

ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);

goto err;

}

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 7e1776375df7..902e97b84355 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt

@@ -1160,6 +1160,7 @@ SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats

SSL_F_FINAL_EMS:486:final_ems

SSL_F_FINAL_KEY_SHARE:503:final_key_share

SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen

+SSL_F_FINAL_PSK:639:final_psk

SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate

SSL_F_FINAL_SERVER_NAME:558:final_server_name

SSL_F_FINAL_SIG_ALGS:497:final_sig_algs

@@ -1652,6 +1653,7 @@ X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED

X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING

X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER

X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS

+X509V3_F_I2V_AUTHORITY_KEYID:173:i2v_AUTHORITY_KEYID

X509V3_F_LEVEL_ADD_NODE:168:level_add_node

X509V3_F_NOTICE_SECTION:132:notice_section

X509V3_F_NREF_NOS:133:nref_nos

@@ -1692,6 +1694,7 @@ X509V3_F_V2I_SUBJECT_ALT:154:v2i_subject_alt

X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE

X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension

X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d

+X509V3_F_X509V3_ADD_LEN_VALUE:174:x509v3_add_len_value

X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value

X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add

X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias

@@ -2741,6 +2744,7 @@ SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert

SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert

SSL_R_MISSING_FATAL:256:missing fatal

SSL_R_MISSING_PARAMETERS:290:missing parameters

+SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension

SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate

SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert

SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert

@@ -2784,6 +2788,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts

SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback

SSL_R_NULL_SSL_CTX:195:null ssl ctx

SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed

+SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure

SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned

SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\

old session compression algorithm not returned

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 405ddbf9bf09..a1d3ab90fa61 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -611,22 +611,22 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out,

void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,

size_t len, const AES_KEY *key,

- unsigned char *ivec);

+ unsigned char *ivec, int /*unused*/);

void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,

size_t len, const AES_KEY *key,

- unsigned char *ivec);

+ unsigned char *ivec, int /*unused*/);

void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,

size_t len, const AES_KEY *key,

- unsigned char *ivec);

+ unsigned char *ivec, int /*unused*/);

void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,

size_t len, const AES_KEY *key,

- unsigned char *ivec);

+ unsigned char *ivec, int /*unused*/);

void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,

size_t len, const AES_KEY *key,

- unsigned char *ivec);

+ unsigned char *ivec, int /*unused*/);

void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,

size_t len, const AES_KEY *key,

- unsigned char *ivec);

+ unsigned char *ivec, int /*unused*/);

void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,

size_t blocks, const AES_KEY *key,

unsigned char *ivec);

@@ -1168,9 +1168,9 @@ typedef struct {

static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,

const unsigned char *iv, int enc);

-# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */

-# define S390X_aes_192_cbc_CAPABLE 1

-# define S390X_aes_256_cbc_CAPABLE 1

+# define S390X_aes_128_cbc_CAPABLE 0 /* checked by callee */

+# define S390X_aes_192_cbc_CAPABLE 0

+# define S390X_aes_256_cbc_CAPABLE 0

# define S390X_AES_CBC_CTX EVP_AES_KEY

# define s390x_aes_cbc_init_key aes_init_key

@@ -1190,11 +1190,11 @@ static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,

S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);

const int keylen = EVP_CIPHER_CTX_key_length(ctx);

- cctx->fc = S390X_AES_FC(keylen);

- if (!enc)

- cctx->fc |= S390X_DECRYPT;

+ cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);

+ if (key != NULL)

+ memcpy(cctx->km.param.k, key, keylen);

- memcpy(cctx->km.param.k, key, keylen);

return 1;

}

@@ -1222,14 +1222,17 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,

const unsigned char *ivec, int enc)

{

S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);

- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);

+ const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);

const int keylen = EVP_CIPHER_CTX_key_length(ctx);

const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);

- memcpy(cctx->kmo.param.cv, iv, ivlen);

- memcpy(cctx->kmo.param.k, key, keylen);

cctx->fc = S390X_AES_FC(keylen);

+ if (key != NULL)

+ memcpy(cctx->kmo.param.k, key, keylen);

cctx->res = 0;

+ memcpy(cctx->kmo.param.cv, oiv, ivlen);

return 1;

}

@@ -1237,9 +1240,12 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

const unsigned char *in, size_t len)

{

S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);

+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);

+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);

int n = cctx->res;

int rem;

+ memcpy(cctx->kmo.param.cv, iv, ivlen);

while (n && len) {

*out = *in ^ cctx->kmo.param.cv[n];

n = (n + 1) & 0xf;

@@ -1268,6 +1274,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

}

+ memcpy(iv, cctx->kmo.param.cv, ivlen);

cctx->res = n;

return 1;

}

@@ -1287,18 +1294,18 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,

const unsigned char *ivec, int enc)

{

S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);

- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);

+ const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);

const int keylen = EVP_CIPHER_CTX_key_length(ctx);

const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);

- cctx->fc = S390X_AES_FC(keylen);

- cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */

- if (!enc)

- cctx->fc |= S390X_DECRYPT;

+ cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)

+ | (16 << 24); /* 16 bytes cipher feedback */

+ if (key != NULL)

+ memcpy(cctx->kmf.param.k, key, keylen);

cctx->res = 0;

- memcpy(cctx->kmf.param.cv, iv, ivlen);

- memcpy(cctx->kmf.param.k, key, keylen);

+ memcpy(cctx->kmf.param.cv, oiv, ivlen);

return 1;

}

@@ -1308,10 +1315,13 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);

const int keylen = EVP_CIPHER_CTX_key_length(ctx);

const int enc = EVP_CIPHER_CTX_encrypting(ctx);

+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);

+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);

int n = cctx->res;

int rem;

unsigned char tmp;

+ memcpy(cctx->kmf.param.cv, iv, ivlen);

while (n && len) {

tmp = *in;

*out = cctx->kmf.param.cv[n] ^ tmp;

@@ -1344,6 +1354,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

}

+ memcpy(iv, cctx->kmf.param.cv, ivlen);

cctx->res = n;

return 1;

}

@@ -1360,17 +1371,18 @@ static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,

const unsigned char *ivec, int enc)

{

S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);

- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);

+ const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);

const int keylen = EVP_CIPHER_CTX_key_length(ctx);

const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);

- cctx->fc = S390X_AES_FC(keylen);

- cctx->fc |= 1 << 24; /* 1 byte cipher feedback */

- if (!enc)

- cctx->fc |= S390X_DECRYPT;

+ cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)

+ | (1 << 24); /* 1 byte cipher feedback flag */

- memcpy(cctx->kmf.param.cv, iv, ivlen);

- memcpy(cctx->kmf.param.k, key, keylen);

+ if (key != NULL)

+ memcpy(cctx->kmf.param.k, key, keylen);

+ cctx->res = 0;

+ memcpy(cctx->kmf.param.cv, oiv, ivlen);

return 1;

}

@@ -1378,8 +1390,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

const unsigned char *in, size_t len)

{

S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);

+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);

+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);

+ memcpy(cctx->kmf.param.cv, iv, ivlen);

s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);

+ memcpy(iv, cctx->kmf.param.cv, ivlen);

return 1;

}

@@ -1393,9 +1409,9 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

const unsigned char *in, size_t len);

-# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */

-# define S390X_aes_192_ctr_CAPABLE 1

-# define S390X_aes_256_ctr_CAPABLE 1

+# define S390X_aes_128_ctr_CAPABLE 0 /* checked by callee */

+# define S390X_aes_192_ctr_CAPABLE 0

+# define S390X_aes_256_ctr_CAPABLE 0

# define S390X_AES_CTR_CTX EVP_AES_KEY

# define s390x_aes_ctr_init_key aes_init_key

@@ -1563,8 +1579,7 @@ static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,

/*-

* Initialize context structure. Code is big-endian.

-static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,

- const unsigned char *iv)

+static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx)

{

ctx->kma.param.t.g[0] = 0;

ctx->kma.param.t.g[1] = 0;

@@ -1575,12 +1590,11 @@ static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,

ctx->kreslen = 0;

if (ctx->ivlen == 12) {

- memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);

+ memcpy(&ctx->kma.param.j0, ctx->iv, ctx->ivlen);

ctx->kma.param.j0.w[3] = 1;

ctx->kma.param.cv.w = 1;

} else {

/* ctx->iv has the right size and is already padded. */

- memcpy(ctx->iv, iv, ctx->ivlen);

s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,

ctx->fc, &ctx->kma.param);

ctx->fc |= S390X_KMA_HS;

@@ -1694,7 +1708,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)

if (gctx->iv_gen == 0 || gctx->key_set == 0)

return 0;

- s390x_aes_gcm_setiv(gctx, gctx->iv);

+ s390x_aes_gcm_setiv(gctx);

if (arg <= 0 || arg > gctx->ivlen)

arg = gctx->ivlen;

@@ -1714,7 +1728,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)

return 0;

memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);

- s390x_aes_gcm_setiv(gctx, gctx->iv);

+ s390x_aes_gcm_setiv(gctx);

gctx->iv_set = 1;

return 1;

@@ -1770,43 +1784,36 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)

}

/*-

- * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.

+ * Set key or iv or enc/dec. Returns 1 on success. Otherwise 0 is returned.

static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,

const unsigned char *key,

const unsigned char *iv, int enc)

{

S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);

- int keylen;

+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);

- if (iv == NULL && key == NULL)

- return 1;

+ gctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);

if (key != NULL) {

- keylen = EVP_CIPHER_CTX_key_length(ctx);

+ gctx->fc &= ~S390X_KMA_HS;

memcpy(&gctx->kma.param.k, key, keylen);

- gctx->fc = S390X_AES_FC(keylen);

- if (!enc)

- gctx->fc |= S390X_DECRYPT;

- if (iv == NULL && gctx->iv_set)

- iv = gctx->iv;

- if (iv != NULL) {

- s390x_aes_gcm_setiv(gctx, iv);

- gctx->iv_set = 1;

- }

gctx->key_set = 1;

- } else {

- if (gctx->key_set)

- s390x_aes_gcm_setiv(gctx, iv);

- else

- memcpy(gctx->iv, iv, gctx->ivlen);

+ }

- gctx->iv_set = 1;

+ if (iv != NULL) {

+ memcpy(gctx->iv, iv, gctx->ivlen);

gctx->iv_gen = 0;

+ gctx->iv_set = 1;

}

+ if (gctx->key_set && gctx->iv_set)

+ s390x_aes_gcm_setiv(gctx);

+ gctx->fc &= ~(S390X_KMA_LPC | S390X_KMA_LAAD);

+ gctx->areslen = 0;

+ gctx->mreslen = 0;

+ gctx->kreslen = 0;

return 1;

}

@@ -1895,7 +1902,6 @@ static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

/* recall that we already did en-/decrypt gctx->mres

* and returned it to caller... */

OPENSSL_cleanse(tmp, gctx->mreslen);

- gctx->iv_set = 0;

enc = EVP_CIPHER_CTX_encrypting(ctx);

if (enc) {

@@ -1929,8 +1935,8 @@ static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)

}

# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX

-# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */

-# define S390X_aes_256_xts_CAPABLE 1

+# define S390X_aes_128_xts_CAPABLE 0 /* checked by callee */

+# define S390X_aes_256_xts_CAPABLE 0

# define s390x_aes_xts_init_key aes_xts_init_key

static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,

@@ -2134,9 +2140,10 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

const unsigned char *in, size_t len)

{

S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);

- unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);

+ const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);

unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);

const int enc = EVP_CIPHER_CTX_encrypting(ctx);

+ unsigned char iv[EVP_MAX_IV_LENGTH];

if (out != in

|| len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))

@@ -2152,8 +2159,9 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

* Get explicit iv (sequence number). We already have fixed iv

* (server/client_write_iv) here.

- memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);

- s390x_aes_ccm_setiv(cctx, ivec, len);

+ memcpy(iv, ivec, sizeof(iv));

+ memcpy(iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);

+ s390x_aes_ccm_setiv(cctx, iv, len);

/* Process aad (sequence number|type|version|length) */

s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);

@@ -2180,42 +2188,35 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

}

/*-

- * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is

- * returned.

+ * Set key or iv or enc/dec. Returns 1 if successful.

+ * Otherwise 0 is returned.

static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,

const unsigned char *key,

const unsigned char *iv, int enc)

{

S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);

- unsigned char *ivec;

- int keylen;

+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);

+ unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);

- if (iv == NULL && key == NULL)

- return 1;

+ cctx->aes.ccm.fc = S390X_AES_FC(keylen);

if (key != NULL) {

- keylen = EVP_CIPHER_CTX_key_length(ctx);

- cctx->aes.ccm.fc = S390X_AES_FC(keylen);

memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);

- /* Store encoded m and l. */

- cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)

- | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;

- memset(cctx->aes.ccm.nonce.b + 1, 0,

- sizeof(cctx->aes.ccm.nonce.b));

- cctx->aes.ccm.blocks = 0;

cctx->aes.ccm.key_set = 1;

}

if (iv != NULL) {

- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);

memcpy(ivec, iv, 15 - cctx->aes.ccm.l);

cctx->aes.ccm.iv_set = 1;

}

+ /* Store encoded m and l. */

+ cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)

+ | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;

+ memset(cctx->aes.ccm.nonce.b + 1, 0, sizeof(cctx->aes.ccm.nonce.b) - 1);

+ cctx->aes.ccm.blocks = 0;

+ cctx->aes.ccm.len_set = 0;

return 1;

}

@@ -2230,8 +2231,9 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

{

S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);

const int enc = EVP_CIPHER_CTX_encrypting(ctx);

+ const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);

+ unsigned char *buf;

int rv;

- unsigned char *buf, *ivec;

if (!cctx->aes.ccm.key_set)

return -1;

@@ -2253,7 +2255,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

if (out == NULL) {

/* Update(): Pass message length. */

if (in == NULL) {

- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);

s390x_aes_ccm_setiv(cctx, ivec, len);

cctx->aes.ccm.len_set = 1;

@@ -2279,7 +2280,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

* In case message length was not previously set explicitly via

* Update(), set it now.

- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);

s390x_aes_ccm_setiv(cctx, ivec, len);

cctx->aes.ccm.len_set = 1;

@@ -2304,9 +2304,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

if (rv == -1)

OPENSSL_cleanse(out, len);

- cctx->aes.ccm.iv_set = 0;

- cctx->aes.ccm.tag_set = 0;

- cctx->aes.ccm.len_set = 0;

return rv;

}

@@ -2414,9 +2411,6 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)

return 0;

memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);

- cctx->aes.ccm.tag_set = 0;

- cctx->aes.ccm.iv_set = 0;

- cctx->aes.ccm.len_set = 0;

return 1;

case EVP_CTRL_COPY:

@@ -2453,7 +2447,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \

nid##_##keylen##_##nmode,blocksize, \

keylen / 8, \

ivlen, \

- flags | EVP_CIPH_##MODE##_MODE, \

+ flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \

s390x_aes_##mode##_init_key, \

s390x_aes_##mode##_cipher, \

NULL, \

@@ -2490,7 +2484,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \

blocksize, \

(EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \

ivlen, \

- flags | EVP_CIPH_##MODE##_MODE, \

+ flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \

s390x_aes_##mode##_init_key, \

s390x_aes_##mode##_cipher, \

s390x_aes_##mode##_cleanup, \

diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index 502d6936cc13..f8c019801267 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -55,16 +55,16 @@ void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,

void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,

size_t len, const CAMELLIA_KEY *key,

- unsigned char *ivec);

+ unsigned char *ivec, int /*unused*/);

void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,

size_t len, const CAMELLIA_KEY *key,

- unsigned char *ivec);

+ unsigned char *ivec, int /*unused*/);

void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,

size_t len, const CAMELLIA_KEY *key,

- unsigned char *ivec);

+ unsigned char *ivec, int /*unused*/);

void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,

size_t len, const CAMELLIA_KEY *key,

- unsigned char *ivec);

+ unsigned char *ivec, int /*unused*/);

void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,

size_t blocks, const CAMELLIA_KEY *key,

unsigned char *ivec);

diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c
index 638f61b5863a..f871e4fe71e5 100644
--- a/crypto/hmac/hm_ameth.c
+++ b/crypto/hmac/hm_ameth.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -47,7 +47,8 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)

static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)

{

- return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));

+ /* the ameth pub_cmp must return 1 on match, 0 on mismatch */

+ return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;

}

static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,

diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index ab31a6129500..03eda2664251 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -101,7 +101,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,

#endif

v = EVP_MD_block_size(md_type);

u = EVP_MD_size(md_type);

- if (u < 0 || v <= 0)

+ if (u <= 0 || v <= 0)

goto err;

D = OPENSSL_malloc(v);

Ai = OPENSSL_malloc(u);

diff --git a/crypto/poly1305/poly1305_ameth.c b/crypto/poly1305/poly1305_ameth.c
index 0c8a91dc79dc..0dddf79626e3 100644
--- a/crypto/poly1305/poly1305_ameth.c
+++ b/crypto/poly1305/poly1305_ameth.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -43,7 +43,7 @@ static int poly1305_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)

static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)

{

- return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));

+ return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;

}

static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,

diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index e51156468ae5..eeaa47cc6b41 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c

@@ -211,6 +211,12 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)

# if __GLIBC_PREREQ(2, 16)

# include <sys/auxv.h>

# define OSSL_IMPLEMENT_GETAUXVAL

+# elif defined(__ANDROID_API__)

+/* see https://developer.android.google.cn/ndk/guides/cpu-features */

+# if __ANDROID_API__ >= 18

+# include <sys/auxv.h>

+# define OSSL_IMPLEMENT_GETAUXVAL

+# endif

# endif

#endif

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index ec6be791b37f..43f1069d151d 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -34,6 +34,9 @@

#if defined(__OpenBSD__)

# include <sys/param.h>

#endif

+#if defined(__APPLE__)

+# include <CommonCrypto/CommonRandom.h>

+#endif

#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)

# include <sys/types.h>

@@ -378,6 +381,11 @@ static ssize_t syscall_random(void *buf, size_t buflen)

if (errno != ENOSYS)

return -1;

}

+# elif defined(__APPLE__)

+ if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)

+ return (ssize_t)buflen;

+ return -1;

# else

union {

void *p;

diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c
index b5f4bce2a3e6..23df448a5212 100644
--- a/crypto/rsa/rsa_prn.c
+++ b/crypto/rsa/rsa_prn.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -34,9 +34,11 @@ int RSA_print(BIO *bp, const RSA *x, int off)

EVP_PKEY *pk;

int ret;

pk = EVP_PKEY_new();

- if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x))

+ if (pk == NULL)

return 0;

- ret = EVP_PKEY_print_private(bp, pk, off, NULL);

+ ret = EVP_PKEY_set1_RSA(pk, (RSA *)x);

+ if (ret)

+ ret = EVP_PKEY_print_private(bp, pk, off, NULL);

EVP_PKEY_free(pk);

return ret;

}

diff --git a/crypto/siphash/siphash_ameth.c b/crypto/siphash/siphash_ameth.c
index 2da6dfec8025..7fce76390ef4 100644
--- a/crypto/siphash/siphash_ameth.c
+++ b/crypto/siphash/siphash_ameth.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -44,7 +44,7 @@ static int siphash_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)

static int siphash_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)

{

- return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));

+ return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;

}

static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,

diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index ef505f64412b..83b97f4edc88 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c

@@ -1,5 +1,5 @@

* Ported from Ribose contributions from Botan.

@@ -61,29 +61,20 @@ static size_t ec_field_size(const EC_GROUP *group)

return field_size;

}

-int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,

- size_t *pt_size)

+int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size)

{

- const size_t field_size = ec_field_size(EC_KEY_get0_group(key));

- const int md_size = EVP_MD_size(digest);

- size_t overhead;

+ struct SM2_Ciphertext_st *sm2_ctext = NULL;

- if (md_size < 0) {

- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST);

- return 0;

- }

- if (field_size == 0) {

- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD);

- return 0;

- }

+ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);

- overhead = 10 + 2 * field_size + (size_t)md_size;

- if (msg_len <= overhead) {

+ if (sm2_ctext == NULL) {

SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING);

return 0;

}

- *pt_size = msg_len - overhead;

+ *pt_size = sm2_ctext->C2->length;

+ SM2_Ciphertext_free(sm2_ctext);

return 1;

}

@@ -303,6 +294,10 @@ int sm2_decrypt(const EC_KEY *key,

C2 = sm2_ctext->C2->data;

C3 = sm2_ctext->C3->data;

msg_len = sm2_ctext->C2->length;

+ if (*ptext_len < (size_t)msg_len) {

+ SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);

+ goto done;

+ }

ctx = BN_CTX_new();

if (ctx == NULL) {

diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c
index b42a14c32f26..0e722b910b57 100644
--- a/crypto/sm2/sm2_pmeth.c
+++ b/crypto/sm2/sm2_pmeth.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -151,7 +151,7 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,

const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;

if (out == NULL) {

- if (!sm2_plaintext_size(ec, md, inlen, outlen))

+ if (!sm2_plaintext_size(in, inlen, outlen))

return -1;

else

return 1;

diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c
index ff1a983ac98b..b3cb3d4be958 100644
--- a/crypto/sparcv9cap.c
+++ b/crypto/sparcv9cap.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -16,6 +16,7 @@

#include <unistd.h>

#include <openssl/bn.h>

#include "internal/cryptlib.h"

+#include "bn/bn_local.h" /* for definition of bn_mul_mont */

#include "sparc_arch.h"

diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 3dd2ab050757..394e1180dfa4 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

@@ -684,7 +684,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,

BIGNUM *x = NULL;

BN_CTX *bn_ctx = BN_CTX_new();

unsigned char tmp2[MAX_LEN];

- BIGNUM *salttmp = NULL;

+ BIGNUM *salttmp = NULL, *verif;

if ((user == NULL) ||

(pass == NULL) ||

@@ -707,17 +707,18 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,

if (x == NULL)

goto err;

- *verifier = BN_new();

- if (*verifier == NULL)

+ verif = BN_new();

+ if (verif == NULL)

goto err;

- if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {

- BN_clear_free(*verifier);

+ if (!BN_mod_exp(verif, g, x, N, bn_ctx)) {

+ BN_clear_free(verif);

goto err;

}

result = 1;

*salt = salttmp;

+ *verifier = verif;

err:

if (salt != NULL && *salt != salttmp)

diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index 9c9e3bd08506..32e7b9f65a41 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -370,6 +370,7 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,

mem->data = (char *)new_data;

mem->max = mem->length = (size_t)new_data_len;

X509_SIG_free(p8);

+ p8 = NULL;

store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);

if (store_info == NULL) {

diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index c2e7abd67f50..7fe3d27e74a2 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -612,6 +612,7 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,

err:

EVP_MD_CTX_free(md_ctx);

X509_ALGOR_free(*md_alg);

+ *md_alg = NULL;

OPENSSL_free(*imprint);

*imprint_len = 0;

*imprint = 0;

diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
index 1e80e0d37029..32cd2f542bb7 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -126,6 +126,8 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)

goto err;

msg = imprint->hashed_msg;

ret->imprint_len = ASN1_STRING_length(msg);

+ if (ret->imprint_len <= 0)

+ goto err;

if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)

goto err;

memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);

diff --git a/crypto/uid.c b/crypto/uid.c
index 65b1171039fe..5e3315eeb2e3 100644
--- a/crypto/uid.c
+++ b/crypto/uid.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -36,6 +36,12 @@ int OPENSSL_issetugid(void)

# include <sys/auxv.h>

# define OSSL_IMPLEMENT_GETAUXVAL

# endif

+# elif defined(__ANDROID_API__)

+/* see https://developer.android.google.cn/ndk/guides/cpu-features */

+# if __ANDROID_API__ >= 18

+# include <sys/auxv.h>

+# define OSSL_IMPLEMENT_GETAUXVAL

+# endif

# endif

int OPENSSL_issetugid(void)

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 12d807f705ed..ece987a6bdbe 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -365,9 +365,9 @@ int X509_aux_print(BIO *out, X509 *x, int indent)

BIO_puts(out, "\n");

} else

BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");

- alias = X509_alias_get0(x, NULL);

+ alias = X509_alias_get0(x, &i);

if (alias)

- BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);

+ BIO_printf(out, "%*sAlias: %.*s\n", indent, "", i, alias);

keyid = X509_keyid_get0(x, &keyidlen);

if (keyid) {

BIO_printf(out, "%*sKey Id: ", indent, "");

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 68b681d5ee85..535f169a29e7 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -199,7 +199,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,

return 0;

}

- /* Copy the host flags if and only if we're copying the host list */

+ x509_verify_param_copy(hostflags, 0);

if (test_x509_verify_param_copy(hosts, NULL)) {

sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);

dest->hosts = NULL;

@@ -208,7 +209,6 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,

sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);

if (dest->hosts == NULL)

return 0;

- dest->hostflags = src->hostflags;

}

diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
index d9f770433cfb..33b1933d7228 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -39,20 +39,48 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,

STACK_OF(CONF_VALUE)

*extlist)

{

- char *tmp;

+ char *tmp = NULL;

+ STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist;

if (akeyid->keyid) {

tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);

- X509V3_add_value("keyid", tmp, &extlist);

+ if (tmp == NULL) {

+ X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);

+ return NULL;

+ }

+ if (!X509V3_add_value("keyid", tmp, &extlist)) {

+ OPENSSL_free(tmp);

+ X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);

+ goto err;

+ }

OPENSSL_free(tmp);

}

- if (akeyid->issuer)

- extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);

+ if (akeyid->issuer) {

+ tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);

+ if (tmpextlist == NULL) {

+ X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);

+ goto err;

+ }

+ extlist = tmpextlist;

+ }

if (akeyid->serial) {

tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);

- X509V3_add_value("serial", tmp, &extlist);

+ if (tmp == NULL) {

+ X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);

+ goto err;

+ }

+ if (!X509V3_add_value("serial", tmp, &extlist)) {

+ OPENSSL_free(tmp);

+ X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);

+ goto err;

+ }

OPENSSL_free(tmp);

}

return extlist;

+ err:

+ if (origextlist == NULL)

+ sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free);

+ return NULL;

}

/*-

diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index 4dce0041012e..7c32d4031d11 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -9,6 +9,7 @@

#include <stdio.h>

#include "internal/cryptlib.h"

+#include "crypto/x509.h"

#include <openssl/conf.h>

#include <openssl/x509v3.h>

#include "ext_dat.h"

@@ -99,17 +100,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,

break;

case GEN_EMAIL:

- if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))

+ if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data,

+ gen->d.ia5->length, &ret))

return NULL;

break;

case GEN_DNS:

- if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))

+ if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data,

+ gen->d.ia5->length, &ret))

return NULL;

break;

case GEN_URI:

- if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))

+ if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data,

+ gen->d.ia5->length, &ret))

return NULL;

break;

diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 1d12c899125c..09804b58482c 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -422,7 +422,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,

qualinfo = sk_POLICYQUALINFO_value(quals, i);

switch (OBJ_obj2nid(qualinfo->pqualid)) {

case NID_id_qt_cps:

- BIO_printf(out, "%*sCPS: %s\n", indent, "",

+ BIO_printf(out, "%*sCPS: %.*s\n", indent, "",

+ qualinfo->d.cpsuri->length,

qualinfo->d.cpsuri->data);

break;

@@ -447,7 +448,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)

if (notice->noticeref) {

NOTICEREF *ref;

ref = notice->noticeref;

- BIO_printf(out, "%*sOrganization: %s\n", indent, "",

+ BIO_printf(out, "%*sOrganization: %.*s\n", indent, "",

+ ref->organization->length,

ref->organization->data);

BIO_printf(out, "%*sNumber%s: ", indent, "",

sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");

@@ -470,7 +472,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)

BIO_puts(out, "\n");

}

if (notice->exptext)

- BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",

+ BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",

+ notice->exptext->length,

notice->exptext->data);

}

diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 2a7b4f0992a8..d985aa91dacd 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -63,8 +63,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {

IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)

IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)

+#define IA5_OFFSET_LEN(ia5base, offset) \

+ ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data))

+/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the

+ * starting point to search from

+ */

+# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start))

+/* Like memrrchr but for ASN1_IA5STRING */

+static char *ia5memrchr(ASN1_IA5STRING *str, int c)

+ int i;

+ for (i = str->length; i > 0 && str->data[i - 1] != c; i--);

+ if (i == 0)

+ return NULL;

+ return (char *)&str->data[i - 1];

- * We cannot use strncasecmp here because that applies locale specific rules.

+ * We cannot use strncasecmp here because that applies locale specific rules. It

+ * also doesn't work with ASN1_STRINGs that may have embedded NUL characters.

* For example in Turkish 'I' is not the uppercase character for 'i'. We need to

* do a simple ASCII case comparison ignoring the locale (that is why we use

* numeric constants below).

@@ -89,20 +112,12 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n)

/* c1 > c2 */

return 1;

- } else if (*s1 == 0) {

- /* If we get here we know that *s2 == 0 too */

- return 0;

}

return 0;

}

-static int ia5casecmp(const char *s1, const char *s2)

- return ia5ncasecmp(s1, s2, SIZE_MAX);

static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,

X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)

{

@@ -337,7 +352,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)

--utf8_length;

/* Reject *embedded* NULs */

- if ((size_t)utf8_length != strlen((char *)utf8_value)) {

+ if (memchr(utf8_value, 0, utf8_length) != NULL) {

OPENSSL_free(utf8_value);

return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;

}

@@ -536,9 +551,14 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)

{

char *baseptr = (char *)base->data;

char *dnsptr = (char *)dns->data;

/* Empty matches everything */

- if (!*baseptr)

+ if (base->length == 0)

return X509_V_OK;

+ if (dns->length < base->length)

+ return X509_V_ERR_PERMITTED_VIOLATION;

* Otherwise can add zero or more components on the left so compare RHS

* and if dns is longer and expect '.' as preceding character.

@@ -549,7 +569,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)

return X509_V_ERR_PERMITTED_VIOLATION;

}

- if (ia5casecmp(baseptr, dnsptr))

+ if (ia5ncasecmp(baseptr, dnsptr, base->length))

return X509_V_ERR_PERMITTED_VIOLATION;

return X509_V_OK;

@@ -560,16 +580,17 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)

{

const char *baseptr = (char *)base->data;

const char *emlptr = (char *)eml->data;

+ const char *baseat = ia5memrchr(base, '@');

+ const char *emlat = ia5memrchr(eml, '@');

+ size_t basehostlen, emlhostlen;

- const char *baseat = strchr(baseptr, '@');

- const char *emlat = strchr(emlptr, '@');

if (!emlat)

return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;

/* Special case: initial '.' is RHS match */

- if (!baseat && (*baseptr == '.')) {

+ if (!baseat && base->length > 0 && (*baseptr == '.')) {

if (eml->length > base->length) {

emlptr += eml->length - base->length;

- if (ia5casecmp(baseptr, emlptr) == 0)

+ if (ia5ncasecmp(baseptr, emlptr, base->length) == 0)

return X509_V_OK;

}

return X509_V_ERR_PERMITTED_VIOLATION;

@@ -589,8 +610,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)

baseptr = baseat + 1;

}

emlptr = emlat + 1;

+ basehostlen = IA5_OFFSET_LEN(base, baseptr);

+ emlhostlen = IA5_OFFSET_LEN(eml, emlptr);

/* Just have hostname left to match: case insensitive */

- if (ia5casecmp(baseptr, emlptr))

+ if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen))

return X509_V_ERR_PERMITTED_VIOLATION;

return X509_V_OK;

@@ -601,10 +624,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)

{

const char *baseptr = (char *)base->data;

const char *hostptr = (char *)uri->data;

- const char *p = strchr(hostptr, ':');

+ const char *p = ia5memchr(uri, (char *)uri->data, ':');

int hostlen;

/* Check for foo:// and skip past it */

- if (!p || (p[1] != '/') || (p[2] != '/'))

+ if (p == NULL

+ || IA5_OFFSET_LEN(uri, p) < 3

+ || p[1] != '/'

+ || p[2] != '/')

return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;

hostptr = p + 3;

@@ -612,13 +639,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)

/* Look for a port indicator as end of hostname first */

- p = strchr(hostptr, ':');

+ p = ia5memchr(uri, hostptr, ':');

/* Otherwise look for trailing slash */

- if (!p)

- p = strchr(hostptr, '/');

+ if (p == NULL)

+ p = ia5memchr(uri, hostptr, '/');

- if (!p)

- hostlen = strlen(hostptr);

+ if (p == NULL)

+ hostlen = IA5_OFFSET_LEN(uri, hostptr);

else

hostlen = p - hostptr;

@@ -626,7 +653,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)

return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;

/* Special case: initial '.' is RHS match */

- if (*baseptr == '.') {

+ if (base->length > 0 && *baseptr == '.') {

if (hostlen > base->length) {

p = hostptr + hostlen - base->length;

if (ia5ncasecmp(p, baseptr, base->length) == 0)

diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 3d124fa6d95d..532d4e192fec 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,

i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);

BIO_puts(out, "\n");

if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)

- BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",

+ BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",

+ pci->proxyPolicy->policy->length,

pci->proxyPolicy->policy->data);

return 1;

}

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 7281a7b917a8..f41c699b5af0 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -12,6 +12,7 @@

#include "e_os.h"

#include "internal/cryptlib.h"

#include <stdio.h>

+#include <string.h>

#include "crypto/ctype.h"

#include <openssl/conf.h>

#include <openssl/crypto.h>

@@ -34,17 +35,26 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen);

/* Add a CONF_VALUE name value pair to stack */

-int X509V3_add_value(const char *name, const char *value,

- STACK_OF(CONF_VALUE) **extlist)

+static int x509v3_add_len_value(const char *name, const char *value,

+ size_t vallen, STACK_OF(CONF_VALUE) **extlist)

{

CONF_VALUE *vtmp = NULL;

char *tname = NULL, *tvalue = NULL;

int sk_allocated = (*extlist == NULL);

- if (name && (tname = OPENSSL_strdup(name)) == NULL)

- goto err;

- if (value && (tvalue = OPENSSL_strdup(value)) == NULL)

+ if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)

goto err;

+ if (value != NULL && vallen > 0) {

+ /*

+ * We tolerate a single trailing NUL character, but otherwise no

+ * embedded NULs

+ */

+ if (memchr(value, 0, vallen - 1) != NULL)

+ goto err;

+ tvalue = OPENSSL_strndup(value, vallen);

+ if (tvalue == NULL)

+ goto err;

+ }

if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)

goto err;

if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)

@@ -56,7 +66,7 @@ int X509V3_add_value(const char *name, const char *value,

goto err;

return 1;

err:

- X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);

+ X509V3err(X509V3_F_X509V3_ADD_LEN_VALUE, ERR_R_MALLOC_FAILURE);

if (sk_allocated) {

sk_CONF_VALUE_free(*extlist);

*extlist = NULL;

@@ -67,10 +77,26 @@ int X509V3_add_value(const char *name, const char *value,

return 0;

}

+int X509V3_add_value(const char *name, const char *value,

+ STACK_OF(CONF_VALUE) **extlist)

+ return x509v3_add_len_value(name, value,

+ value != NULL ? strlen((const char *)value) : 0,

+ extlist);

int X509V3_add_value_uchar(const char *name, const unsigned char *value,

STACK_OF(CONF_VALUE) **extlist)

{

- return X509V3_add_value(name, (const char *)value, extlist);

+ return x509v3_add_len_value(name, (const char *)value,

+ value != NULL ? strlen((const char *)value) : 0,

+ extlist);

+int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,

+ size_t vallen, STACK_OF(CONF_VALUE) **extlist)

+ return x509v3_add_len_value(name, (const char *)value, vallen, extlist);

}

/* Free function for STACK_OF(CONF_VALUE) */

@@ -502,18 +528,26 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email

/* First some sanity checks */

if (email->type != V_ASN1_IA5STRING)

return 1;

- if (!email->data || !email->length)

+ if (email->data == NULL || email->length == 0)

+ return 1;

+ if (memchr(email->data, 0, email->length) != NULL)

return 1;

if (*sk == NULL)

*sk = sk_OPENSSL_STRING_new(sk_strcmp);

if (*sk == NULL)

return 0;

+ emtmp = OPENSSL_strndup((char *)email->data, email->length);

+ if (emtmp == NULL)

+ return 0;

/* Don't add duplicates */

- if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)

+ if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {

+ OPENSSL_free(emtmp);

return 1;

- emtmp = OPENSSL_strdup((char *)email->data);

- if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) {

- OPENSSL_free(emtmp); /* free on push failure */

+ }

+ if (!sk_OPENSSL_STRING_push(*sk, emtmp)) {

+ OPENSSL_free(emtmp); /* free on push failure */

X509_email_free(*sk);

*sk = NULL;

return 0;

diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
index 4f2ea52a4a5f..8b2918a64fff 100644
--- a/crypto/x509v3/v3err.c
+++ b/crypto/x509v3/v3err.c

@@ -1,6 +1,6 @@

* Generated by util/mkerr.pl DO NOT EDIT

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -39,6 +39,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = {

"i2s_ASN1_INTEGER"},

{ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0),

"i2v_AUTHORITY_INFO_ACCESS"},

+ {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_KEYID, 0),

+ "i2v_AUTHORITY_KEYID"},

{ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"},

{ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"},

{ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"},

@@ -104,6 +106,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = {

{ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0),

"v3_generic_extension"},

{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"},

+ {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_LEN_VALUE, 0),

+ "x509v3_add_len_value"},

{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0),

"X509V3_add_value"},

{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"},