diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/asn1/asn1_par.c | 3 | ||||
| -rw-r--r-- | crypto/asn1/bio_ndef.c | 4 | ||||
| -rw-r--r-- | crypto/engine/eng_devcrypto.c | 17 | ||||
| -rw-r--r-- | crypto/evp/evp_enc.c | 2 | ||||
| -rw-r--r-- | crypto/modes/cbc128.c | 8 | ||||
| -rw-r--r-- | crypto/modes/gcm128.c | 6 | ||||
| -rw-r--r-- | crypto/o_time.c | 6 | ||||
| -rw-r--r-- | crypto/rand/rand_lib.c | 8 | ||||
| -rw-r--r-- | crypto/rsa/rsa_ssl.c | 2 | ||||
| -rw-r--r-- | crypto/x509/x509_vfy.c | 12 |
10 files changed, 47 insertions, 21 deletions
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 3f10c7cb94c5..a32fa47f2206 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -325,6 +325,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, } if (BIO_puts(bp, "]") <= 0) goto end; + dump_cont = 0; } if (!nl) { diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index 6222c99074de..d7d7d80eea91 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -113,6 +113,8 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) ndef_aux = *(NDEF_SUPPORT **)parg; derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); + if (derlen < 0) + return 0; if ((p = OPENSSL_malloc(derlen)) == NULL) { ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c index 49e9ce1af33b..84a3b7dbec75 100644 --- a/crypto/engine/eng_devcrypto.c +++ b/crypto/engine/eng_devcrypto.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -758,8 +758,9 @@ static int devcrypto_unload(ENGINE *e) void engine_load_devcrypto_int() { ENGINE *e = NULL; + int fd; - if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { + if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) { #ifndef ENGINE_DEVCRYPTO_DEBUG if (errno != ENOENT) #endif @@ -767,6 +768,18 @@ void engine_load_devcrypto_int() return; } +#ifdef CRIOGET + if (ioctl(fd, CRIOGET, &cfd) < 0) { + fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno)); + close(fd); + cfd = -1; + return; + } + close(fd); +#else + cfd = fd; +#endif + if ((e = ENGINE_new()) == NULL || !ENGINE_set_destroy_function(e, devcrypto_unload)) { ENGINE_free(e); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 0843caf4f0a4..e3c165d48e08 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c index c85e37c6a546..15a14be70872 100644 --- a/crypto/modes/cbc128.c +++ b/crypto/modes/cbc128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,7 +69,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, in += 16; out += 16; } - memcpy(ivec, iv, 16); + if (ivec != iv) + memcpy(ivec, iv, 16); } void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, @@ -114,7 +115,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, out += 16; } } - memcpy(ivec, iv, 16); + if (ivec != iv) + memcpy(ivec, iv, 16); } else { if (STRICT_ALIGNMENT && ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 0c0bf3cda5b5..8304efff48be 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1385,8 +1385,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) { - size_t c = in[i]; - out[i] = c ^ ctx->EKi.t[i]; + size_t c = in_t[i]; + out_t[i] = c ^ ctx->EKi.t[i]; ctx->Xi.t[i] ^= c; } GCM_MUL(ctx); diff --git a/crypto/o_time.c b/crypto/o_time.c index 3502edda6238..3fa70c45af83 100644 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -133,8 +133,8 @@ int OPENSSL_gmtime_diff(int *pday, int *psec, static int julian_adj(const struct tm *tm, int off_day, long offset_sec, long *pday, int *psec) { - int offset_hms, offset_day; - long time_jd; + int offset_hms; + long offset_day, time_jd; int time_year, time_month, time_day; /* split offset into days and day seconds */ offset_day = offset_sec / SECS_PER_DAY; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index ba3a29e58468..5c72fad8ca26 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -432,9 +432,13 @@ err: RAND_POOL *rand_pool_new(int entropy_requested, int secure, size_t min_len, size_t max_len) { - RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); + RAND_POOL *pool; size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure); + if (!RUN_ONCE(&rand_init, do_rand_init)) + return NULL; + + pool = OPENSSL_zalloc(sizeof(*pool)); if (pool == NULL) { RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index ecdb3cee1fa3..e1c755ae460b 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 0c71b2e8b4ad..20a36e763c5d 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -524,15 +524,19 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ret = 1; break; } - if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { + if (ret > 0 + && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { /* Check for presence of explicit elliptic curve parameters */ ret = check_curve(x); - if (ret < 0) + if (ret < 0) { ctx->error = X509_V_ERR_UNSPECIFIED; - else if (ret == 0) + ret = 0; + } else if (ret == 0) { ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS; + } } - if ((x->ex_flags & EXFLAG_CA) == 0 + if (ret > 0 + && (x->ex_flags & EXFLAG_CA) == 0 && x->ex_pathlen != -1 && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) { ctx->error = X509_V_ERR_INVALID_EXTENSION; |