aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asn1/asn1_par.c3
-rw-r--r--crypto/asn1/bio_ndef.c4
-rw-r--r--crypto/engine/eng_devcrypto.c17
-rw-r--r--crypto/evp/evp_enc.c2
-rw-r--r--crypto/modes/cbc128.c8
-rw-r--r--crypto/modes/gcm128.c6
-rw-r--r--crypto/o_time.c6
-rw-r--r--crypto/rand/rand_lib.c8
-rw-r--r--crypto/rsa/rsa_ssl.c2
-rw-r--r--crypto/x509/x509_vfy.c12
10 files changed, 47 insertions, 21 deletions
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 3f10c7cb94c5..a32fa47f2206 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -325,6 +325,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
}
if (BIO_puts(bp, "]") <= 0)
goto end;
+ dump_cont = 0;
}
if (!nl) {
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index 6222c99074de..d7d7d80eea91 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -113,6 +113,8 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
ndef_aux = *(NDEF_SUPPORT **)parg;
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+ if (derlen < 0)
+ return 0;
if ((p = OPENSSL_malloc(derlen)) == NULL) {
ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
return 0;
diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
index 49e9ce1af33b..84a3b7dbec75 100644
--- a/crypto/engine/eng_devcrypto.c
+++ b/crypto/engine/eng_devcrypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -758,8 +758,9 @@ static int devcrypto_unload(ENGINE *e)
void engine_load_devcrypto_int()
{
ENGINE *e = NULL;
+ int fd;
- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+ if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
#ifndef ENGINE_DEVCRYPTO_DEBUG
if (errno != ENOENT)
#endif
@@ -767,6 +768,18 @@ void engine_load_devcrypto_int()
return;
}
+#ifdef CRIOGET
+ if (ioctl(fd, CRIOGET, &cfd) < 0) {
+ fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
+ close(fd);
+ cfd = -1;
+ return;
+ }
+ close(fd);
+#else
+ cfd = fd;
+#endif
+
if ((e = ENGINE_new()) == NULL
|| !ENGINE_set_destroy_function(e, devcrypto_unload)) {
ENGINE_free(e);
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 0843caf4f0a4..e3c165d48e08 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c
index c85e37c6a546..15a14be70872 100644
--- a/crypto/modes/cbc128.c
+++ b/crypto/modes/cbc128.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,7 +69,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
in += 16;
out += 16;
}
- memcpy(ivec, iv, 16);
+ if (ivec != iv)
+ memcpy(ivec, iv, 16);
}
void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
@@ -114,7 +115,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
out += 16;
}
}
- memcpy(ivec, iv, 16);
+ if (ivec != iv)
+ memcpy(ivec, iv, 16);
} else {
if (STRICT_ALIGNMENT &&
((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 0c0bf3cda5b5..8304efff48be 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1385,8 +1385,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
else
ctx->Yi.d[3] = ctr;
for (i = 0; i < 16 / sizeof(size_t); ++i) {
- size_t c = in[i];
- out[i] = c ^ ctx->EKi.t[i];
+ size_t c = in_t[i];
+ out_t[i] = c ^ ctx->EKi.t[i];
ctx->Xi.t[i] ^= c;
}
GCM_MUL(ctx);
diff --git a/crypto/o_time.c b/crypto/o_time.c
index 3502edda6238..3fa70c45af83 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -133,8 +133,8 @@ int OPENSSL_gmtime_diff(int *pday, int *psec,
static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
long *pday, int *psec)
{
- int offset_hms, offset_day;
- long time_jd;
+ int offset_hms;
+ long offset_day, time_jd;
int time_year, time_month, time_day;
/* split offset into days and day seconds */
offset_day = offset_sec / SECS_PER_DAY;
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index ba3a29e58468..5c72fad8ca26 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -432,9 +432,13 @@ err:
RAND_POOL *rand_pool_new(int entropy_requested, int secure,
size_t min_len, size_t max_len)
{
- RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+ RAND_POOL *pool;
size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
+ if (!RUN_ONCE(&rand_init, do_rand_init))
+ return NULL;
+
+ pool = OPENSSL_zalloc(sizeof(*pool));
if (pool == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index ecdb3cee1fa3..e1c755ae460b 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 0c71b2e8b4ad..20a36e763c5d 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -524,15 +524,19 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
ret = 1;
break;
}
- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
+ if (ret > 0
+ && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
/* Check for presence of explicit elliptic curve parameters */
ret = check_curve(x);
- if (ret < 0)
+ if (ret < 0) {
ctx->error = X509_V_ERR_UNSPECIFIED;
- else if (ret == 0)
+ ret = 0;
+ } else if (ret == 0) {
ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;
+ }
}
- if ((x->ex_flags & EXFLAG_CA) == 0
+ if (ret > 0
+ && (x->ex_flags & EXFLAG_CA) == 0
&& x->ex_pathlen != -1
&& (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
ctx->error = X509_V_ERR_INVALID_EXTENSION;