aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/armcap.c15
-rw-r--r--crypto/asn1/a_object.c15
-rw-r--r--crypto/asn1/a_strex.c4
-rw-r--r--crypto/asn1/asn1_lib.c14
-rw-r--r--crypto/asn1/asn1_par.c3
-rw-r--r--crypto/asn1/bio_asn1.c7
-rw-r--r--crypto/asn1/bio_ndef.c7
-rw-r--r--crypto/asn1/d2i_pr.c73
-rw-r--r--crypto/asn1/t_spki.c4
-rw-r--r--crypto/bio/b_addr.c4
-rw-r--r--crypto/bio/b_sock2.c5
-rw-r--r--crypto/bn/bn_div.c9
-rwxr-xr-xcrypto/chacha/asm/chacha-x86_64.pl54
-rw-r--r--crypto/dsa/dsa_prn.c14
-rw-r--r--crypto/ec/ec2_oct.c43
-rw-r--r--crypto/ec/ec_asn1.c7
-rw-r--r--crypto/engine/eng_devcrypto.c17
-rw-r--r--crypto/err/openssl.txt5
-rw-r--r--crypto/evp/e_aes.c192
-rw-r--r--crypto/evp/e_camellia.c10
-rw-r--r--crypto/evp/evp_enc.c2
-rw-r--r--crypto/hmac/hm_ameth.c5
-rw-r--r--crypto/modes/cbc128.c8
-rw-r--r--crypto/modes/gcm128.c6
-rw-r--r--crypto/o_time.c6
-rw-r--r--crypto/pkcs12/p12_key.c4
-rw-r--r--crypto/poly1305/poly1305_ameth.c4
-rw-r--r--crypto/ppccap.c6
-rw-r--r--crypto/rand/rand_lib.c8
-rw-r--r--crypto/rand/rand_unix.c10
-rw-r--r--crypto/rsa/rsa_prn.c8
-rw-r--r--crypto/rsa/rsa_ssl.c2
-rw-r--r--crypto/siphash/siphash_ameth.c4
-rw-r--r--crypto/sm2/sm2_crypt.c29
-rw-r--r--crypto/sm2/sm2_pmeth.c4
-rw-r--r--crypto/sparcv9cap.c3
-rw-r--r--crypto/srp/srp_vfy.c13
-rw-r--r--crypto/store/loader_file.c3
-rw-r--r--crypto/ts/ts_rsp_verify.c3
-rw-r--r--crypto/ts/ts_verify_ctx.c4
-rw-r--r--crypto/uid.c8
-rw-r--r--crypto/x509/t_x509.c6
-rw-r--r--crypto/x509/x509_vfy.c12
-rw-r--r--crypto/x509/x509_vpm.c6
-rw-r--r--crypto/x509v3/v3_akey.c40
-rw-r--r--crypto/x509v3/v3_alt.c12
-rw-r--r--crypto/x509v3/v3_cpols.c11
-rw-r--r--crypto/x509v3/v3_ncons.c79
-rw-r--r--crypto/x509v3/v3_pci.c5
-rw-r--r--crypto/x509v3/v3_utl.c60
-rw-r--r--crypto/x509v3/v3err.c6
51 files changed, 580 insertions, 299 deletions
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 8bf96f10214f..c5685bde5891 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -68,6 +68,12 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
+# elif defined(__ANDROID_API__)
+/* see https://developer.android.google.cn/ndk/guides/cpu-features */
+# if __ANDROID_API__ >= 18
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+# endif
# endif
# if defined(__FreeBSD__)
# include <sys/param.h>
@@ -88,6 +94,15 @@ static unsigned long getauxval(unsigned long key)
# endif
/*
+ * Android: according to https://developer.android.com/ndk/guides/cpu-features,
+ * getauxval is supported starting with API level 18
+ */
+# if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+# endif
+
+/*
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* AArch64 used AT_HWCAP.
*/
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index d67a723c9611..8ade9e50a7cb 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -286,16 +286,13 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
}
}
- /*
- * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
- * ->ln
- */
if ((a == NULL) || ((*a) == NULL) ||
!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
if ((ret = ASN1_OBJECT_new()) == NULL)
return NULL;
- } else
+ } else {
ret = (*a);
+ }
p = *pp;
/* detach data from object */
@@ -313,6 +310,12 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
}
memcpy(data, p, length);
+ /* If there are dynamic strings, free them here, and clear the flag */
+ if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) {
+ OPENSSL_free((char *)ret->sn);
+ OPENSSL_free((char *)ret->ln);
+ ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;
+ }
/* reattach data to object, after which it remains const */
ret->data = data;
ret->length = length;
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 4879b33785e9..284dde274c9f 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -280,6 +280,8 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
t.type = str->type;
t.value.ptr = (char *)str;
der_len = i2d_ASN1_TYPE(&t, NULL);
+ if (der_len <= 0)
+ return -1;
if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
return -1;
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 366afc5f6c6b..3d99d1383d42 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -292,7 +292,12 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
}
if ((size_t)str->length <= len || str->data == NULL) {
c = str->data;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ /* No NUL terminator in fuzzing builds */
+ str->data = OPENSSL_realloc(c, len);
+#else
str->data = OPENSSL_realloc(c, len + 1);
+#endif
if (str->data == NULL) {
ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
str->data = c;
@@ -302,8 +307,13 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
str->length = len;
if (data != NULL) {
memcpy(str->data, data, len);
- /* an allowance for strings :-) */
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ /*
+ * Add a NUL terminator. This should not be necessary - but we add it as
+ * a safety precaution
+ */
str->data[len] = '\0';
+#endif
}
return 1;
}
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 3f10c7cb94c5..a32fa47f2206 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -325,6 +325,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
}
if (BIO_puts(bp, "]") <= 0)
goto end;
+ dump_cont = 0;
}
if (!nl) {
diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
index 86ee56632305..914d77c866c6 100644
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -138,6 +138,11 @@ static int asn1_bio_free(BIO *b)
if (ctx == NULL)
return 0;
+ if (ctx->prefix_free != NULL)
+ ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+ if (ctx->suffix_free != NULL)
+ ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+
OPENSSL_free(ctx->buf);
OPENSSL_free(ctx);
BIO_set_data(b, NULL);
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index 6222c99074de..760e4846a474 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -113,6 +113,8 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
ndef_aux = *(NDEF_SUPPORT **)parg;
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+ if (derlen < 0)
+ return 0;
if ((p = OPENSSL_malloc(derlen)) == NULL) {
ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
return 0;
@@ -140,6 +142,9 @@ static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,
ndef_aux = *(NDEF_SUPPORT **)parg;
+ if (ndef_aux == NULL)
+ return 0;
+
OPENSSL_free(ndef_aux->derbuf);
ndef_aux->derbuf = NULL;
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 7b127d2092fa..2094963036fe 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -78,13 +78,53 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
* type
*/
+static EVP_PKEY *key_as_pkcs8(const unsigned char **pp, long length, int *carry_on)
+{
+ const unsigned char *p = *pp;
+ PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+ EVP_PKEY *ret;
+
+ if (p8 == NULL)
+ return NULL;
+
+ ret = EVP_PKCS82PKEY(p8);
+ if (ret == NULL)
+ *carry_on = 0;
+
+ PKCS8_PRIV_KEY_INFO_free(p8);
+
+ if (ret != NULL)
+ *pp = p;
+
+ return ret;
+}
+
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
long length)
{
STACK_OF(ASN1_TYPE) *inkey;
const unsigned char *p;
int keytype;
+ EVP_PKEY *ret = NULL;
+ int carry_on = 1;
+
+ ERR_set_mark();
+ ret = key_as_pkcs8(pp, length, &carry_on);
+ if (ret != NULL) {
+ ERR_clear_last_mark();
+ if (a != NULL)
+ *a = ret;
+ return ret;
+ }
+
+ if (carry_on == 0) {
+ ERR_clear_last_mark();
+ ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
+ ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+ return NULL;
+ }
p = *pp;
+
/*
* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
* analyzing it we can determine the passed structure: this assumes the
@@ -100,28 +140,15 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
keytype = EVP_PKEY_DSA;
else if (sk_ASN1_TYPE_num(inkey) == 4)
keytype = EVP_PKEY_EC;
- else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
- * traditional format */
- PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
- EVP_PKEY *ret;
-
- sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
- if (!p8) {
- ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
- ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
- return NULL;
- }
- ret = EVP_PKCS82PKEY(p8);
- PKCS8_PRIV_KEY_INFO_free(p8);
- if (ret == NULL)
- return NULL;
- *pp = p;
- if (a) {
- *a = ret;
- }
- return ret;
- } else
+ else
keytype = EVP_PKEY_RSA;
sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
- return d2i_PrivateKey(keytype, a, pp, length);
+
+ ret = d2i_PrivateKey(keytype, a, pp, length);
+ if (ret != NULL)
+ ERR_pop_to_mark();
+ else
+ ERR_clear_last_mark();
+
+ return ret;
}
diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
index 51b56d0aa9f7..3d4aea8ad9a4 100644
--- a/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -38,7 +38,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
}
chal = spki->spkac->challenge;
if (chal->length)
- BIO_printf(out, " Challenge String: %s\n", chal->data);
+ BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data);
i = OBJ_obj2nid(spki->sig_algor.algorithm);
BIO_printf(out, " Signature Algorithm: %s",
(i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index b023bbda406b..8ea32bce401b 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -689,7 +689,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
hints.ai_protocol = protocol;
# ifdef AI_ADDRCONFIG
# ifdef AF_UNSPEC
- if (family == AF_UNSPEC)
+ if (host != NULL && family == AF_UNSPEC)
# endif
hints.ai_flags |= AI_ADDRCONFIG;
# endif
diff --git a/crypto/bio/b_sock2.c b/crypto/bio/b_sock2.c
index 335dfabc6180..104ff31b0d2e 100644
--- a/crypto/bio/b_sock2.c
+++ b/crypto/bio/b_sock2.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -243,7 +243,8 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options)
}
}
-# ifdef IPV6_V6ONLY
+ /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */
+# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
if (BIO_ADDR_family(addr) == AF_INET6) {
/*
* Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 286d69c895fd..0da9f39b31a9 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -268,7 +268,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
BIGNUM *tmp, *snum, *sdiv, *res;
BN_ULONG *resp, *wnum, *wnumtop;
BN_ULONG d0, d1;
- int num_n, div_n;
+ int num_n, div_n, num_neg;
assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
@@ -326,7 +326,8 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
/* Setup quotient */
if (!bn_wexpand(res, loop))
goto err;
- res->neg = (num->neg ^ divisor->neg);
+ num_neg = num->neg;
+ res->neg = (num_neg ^ divisor->neg);
res->top = loop;
res->flags |= BN_FLG_FIXED_TOP;
resp = &(res->d[loop]);
@@ -442,7 +443,7 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
*--resp = q;
}
/* snum holds remainder, it's as wide as divisor */
- snum->neg = num->neg;
+ snum->neg = num_neg;
snum->top = div_n;
snum->flags |= BN_FLG_FIXED_TOP;
if (rm != NULL)
diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl
index 227ee59ff2ba..c0e5d863dcb2 100755
--- a/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/chacha/asm/chacha-x86_64.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -471,7 +471,7 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round
&por ($b,$t);
}
-my $xframe = $win64 ? 32+8 : 8;
+my $xframe = $win64 ? 160+8 : 8;
$code.=<<___;
.type ChaCha20_ssse3,\@function,5
@@ -2499,7 +2499,7 @@ sub AVX512ROUND { # critical path is 14 "SIMD ticks" per round
&vprold ($b,$b,7);
}
-my $xframe = $win64 ? 32+8 : 8;
+my $xframe = $win64 ? 160+8 : 8;
$code.=<<___;
.type ChaCha20_avx512,\@function,5
@@ -2515,8 +2515,16 @@ ChaCha20_avx512:
sub \$64+$xframe,%rsp
___
$code.=<<___ if ($win64);
- movaps %xmm6,-0x28(%r9)
- movaps %xmm7,-0x18(%r9)
+ movaps %xmm6,-0xa8(%r9)
+ movaps %xmm7,-0x98(%r9)
+ movaps %xmm8,-0x88(%r9)
+ movaps %xmm9,-0x78(%r9)
+ movaps %xmm10,-0x68(%r9)
+ movaps %xmm11,-0x58(%r9)
+ movaps %xmm12,-0x48(%r9)
+ movaps %xmm13,-0x38(%r9)
+ movaps %xmm14,-0x28(%r9)
+ movaps %xmm15,-0x18(%r9)
.Lavx512_body:
___
$code.=<<___;
@@ -2683,8 +2691,16 @@ $code.=<<___;
vzeroall
___
$code.=<<___ if ($win64);
- movaps -0x28(%r9),%xmm6
- movaps -0x18(%r9),%xmm7
+ movaps -0xa8(%r9),%xmm6
+ movaps -0x98(%r9),%xmm7
+ movaps -0x88(%r9),%xmm8
+ movaps -0x78(%r9),%xmm9
+ movaps -0x68(%r9),%xmm10
+ movaps -0x58(%r9),%xmm11
+ movaps -0x48(%r9),%xmm12
+ movaps -0x38(%r9),%xmm13
+ movaps -0x28(%r9),%xmm14
+ movaps -0x18(%r9),%xmm15
___
$code.=<<___;
lea (%r9),%rsp
@@ -2711,8 +2727,16 @@ ChaCha20_avx512vl:
sub \$64+$xframe,%rsp
___
$code.=<<___ if ($win64);
- movaps %xmm6,-0x28(%r9)
- movaps %xmm7,-0x18(%r9)
+ movaps %xmm6,-0xa8(%r9)
+ movaps %xmm7,-0x98(%r9)
+ movaps %xmm8,-0x88(%r9)
+ movaps %xmm9,-0x78(%r9)
+ movaps %xmm10,-0x68(%r9)
+ movaps %xmm11,-0x58(%r9)
+ movaps %xmm12,-0x48(%r9)
+ movaps %xmm13,-0x38(%r9)
+ movaps %xmm14,-0x28(%r9)
+ movaps %xmm15,-0x18(%r9)
.Lavx512vl_body:
___
$code.=<<___;
@@ -2836,8 +2860,16 @@ $code.=<<___;
vzeroall
___
$code.=<<___ if ($win64);
- movaps -0x28(%r9),%xmm6
- movaps -0x18(%r9),%xmm7
+ movaps -0xa8(%r9),%xmm6
+ movaps -0x98(%r9),%xmm7
+ movaps -0x88(%r9),%xmm8
+ movaps -0x78(%r9),%xmm9
+ movaps -0x68(%r9),%xmm10
+ movaps -0x58(%r9),%xmm11
+ movaps -0x48(%r9),%xmm12
+ movaps -0x38(%r9),%xmm13
+ movaps -0x28(%r9),%xmm14
+ movaps -0x18(%r9),%xmm15
___
$code.=<<___;
lea (%r9),%rsp
diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c
index a4a1fd5650e4..070b881e1fae 100644
--- a/crypto/dsa/dsa_prn.c
+++ b/crypto/dsa/dsa_prn.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -49,9 +49,11 @@ int DSA_print(BIO *bp, const DSA *x, int off)
EVP_PKEY *pk;
int ret;
pk = EVP_PKEY_new();
- if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+ if (pk == NULL)
return 0;
- ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+ ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
+ if (ret)
+ ret = EVP_PKEY_print_private(bp, pk, off, NULL);
EVP_PKEY_free(pk);
return ret;
}
@@ -61,9 +63,11 @@ int DSAparams_print(BIO *bp, const DSA *x)
EVP_PKEY *pk;
int ret;
pk = EVP_PKEY_new();
- if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+ if (pk == NULL)
return 0;
- ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
+ ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
+ if (ret)
+ ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
EVP_PKEY_free(pk);
return ret;
}
diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index 48543265eeab..788e6501fbcd 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -247,9 +247,21 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
return 0;
}
- form = buf[0];
- y_bit = form & 1;
- form = form & ~1U;
+
+ /*
+ * The first octet is the point converison octet PC, see X9.62, page 4
+ * and section 4.4.2. It must be:
+ * 0x00 for the point at infinity
+ * 0x02 or 0x03 for compressed form
+ * 0x04 for uncompressed form
+ * 0x06 or 0x07 for hybrid form.
+ * For compressed or hybrid forms, we store the last bit of buf[0] as
+ * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
+ * We error if buf[0] contains any but the above values.
+ */
+ y_bit = buf[0] & 1;
+ form = buf[0] & ~1U;
+
if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
&& (form != POINT_CONVERSION_UNCOMPRESSED)
&& (form != POINT_CONVERSION_HYBRID)) {
@@ -261,6 +273,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
return 0;
}
+ /* The point at infinity is represented by a single zero octet. */
if (form == 0) {
if (len != 1) {
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
@@ -312,11 +325,23 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
goto err;
}
if (form == POINT_CONVERSION_HYBRID) {
- if (!group->meth->field_div(group, yxi, y, x, ctx))
- goto err;
- if (y_bit != BN_is_odd(yxi)) {
- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- goto err;
+ /*
+ * Check that the form in the encoding was set correctly
+ * according to X9.62 4.4.2.a, 4(c), see also first paragraph
+ * of X9.62, 4.4.1.b.
+ */
+ if (BN_is_zero(x)) {
+ if (y_bit != 0) {
+ ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+ goto err;
+ }
+ } else {
+ if (!group->meth->field_div(group, yxi, y, x, ctx))
+ goto err;
+ if (y_bit != BN_is_odd(yxi)) {
+ ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+ goto err;
+ }
}
}
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 7b7c75ce8443..c8ee1e6f1762 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -761,7 +761,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
ret->seed_len = params->curve->seed->length;
}
- if (!params->order || !params->base || !params->base->data) {
+ if (params->order == NULL
+ || params->base == NULL
+ || params->base->data == NULL
+ || params->base->length == 0) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
goto err;
}
diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c
index 49e9ce1af33b..84a3b7dbec75 100644
--- a/crypto/engine/eng_devcrypto.c
+++ b/crypto/engine/eng_devcrypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -758,8 +758,9 @@ static int devcrypto_unload(ENGINE *e)
void engine_load_devcrypto_int()
{
ENGINE *e = NULL;
+ int fd;
- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+ if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
#ifndef ENGINE_DEVCRYPTO_DEBUG
if (errno != ENOENT)
#endif
@@ -767,6 +768,18 @@ void engine_load_devcrypto_int()
return;
}
+#ifdef CRIOGET
+ if (ioctl(fd, CRIOGET, &cfd) < 0) {
+ fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
+ close(fd);
+ cfd = -1;
+ return;
+ }
+ close(fd);
+#else
+ cfd = fd;
+#endif
+
if ((e = ENGINE_new()) == NULL
|| !ENGINE_set_destroy_function(e, devcrypto_unload)) {
ENGINE_free(e);
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 7e1776375df7..902e97b84355 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1160,6 +1160,7 @@ SSL_F_FINAL_EC_PT_FORMATS:485:final_ec_pt_formats
SSL_F_FINAL_EMS:486:final_ems
SSL_F_FINAL_KEY_SHARE:503:final_key_share
SSL_F_FINAL_MAXFRAGMENTLEN:557:final_maxfragmentlen
+SSL_F_FINAL_PSK:639:final_psk
SSL_F_FINAL_RENEGOTIATE:483:final_renegotiate
SSL_F_FINAL_SERVER_NAME:558:final_server_name
SSL_F_FINAL_SIG_ALGS:497:final_sig_algs
@@ -1652,6 +1653,7 @@ X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED
X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING
X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER
X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS
+X509V3_F_I2V_AUTHORITY_KEYID:173:i2v_AUTHORITY_KEYID
X509V3_F_LEVEL_ADD_NODE:168:level_add_node
X509V3_F_NOTICE_SECTION:132:notice_section
X509V3_F_NREF_NOS:133:nref_nos
@@ -1692,6 +1694,7 @@ X509V3_F_V2I_SUBJECT_ALT:154:v2i_subject_alt
X509V3_F_V2I_TLS_FEATURE:165:v2i_TLS_FEATURE
X509V3_F_V3_GENERIC_EXTENSION:116:v3_generic_extension
X509V3_F_X509V3_ADD1_I2D:140:X509V3_add1_i2d
+X509V3_F_X509V3_ADD_LEN_VALUE:174:x509v3_add_len_value
X509V3_F_X509V3_ADD_VALUE:105:X509V3_add_value
X509V3_F_X509V3_EXT_ADD:104:X509V3_EXT_add
X509V3_F_X509V3_EXT_ADD_ALIAS:106:X509V3_EXT_add_alias
@@ -2741,6 +2744,7 @@ SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert
SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert
SSL_R_MISSING_FATAL:256:missing fatal
SSL_R_MISSING_PARAMETERS:290:missing parameters
+SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension
SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate
SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert
SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert
@@ -2784,6 +2788,7 @@ SSL_R_NO_VALID_SCTS:216:no valid scts
SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback
SSL_R_NULL_SSL_CTX:195:null ssl ctx
SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed
+SSL_R_OCSP_CALLBACK_FAILURE:294:ocsp callback failure
SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned
SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\
old session compression algorithm not returned
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 405ddbf9bf09..a1d3ab90fa61 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -611,22 +611,22 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
*/
void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key,
unsigned char *ivec);
@@ -1168,9 +1168,9 @@ typedef struct {
static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
-# define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
-# define S390X_aes_192_cbc_CAPABLE 1
-# define S390X_aes_256_cbc_CAPABLE 1
+# define S390X_aes_128_cbc_CAPABLE 0 /* checked by callee */
+# define S390X_aes_192_cbc_CAPABLE 0
+# define S390X_aes_256_cbc_CAPABLE 0
# define S390X_AES_CBC_CTX EVP_AES_KEY
# define s390x_aes_cbc_init_key aes_init_key
@@ -1190,11 +1190,11 @@ static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
- cctx->fc = S390X_AES_FC(keylen);
- if (!enc)
- cctx->fc |= S390X_DECRYPT;
+ cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);
+
+ if (key != NULL)
+ memcpy(cctx->km.param.k, key, keylen);
- memcpy(cctx->km.param.k, key, keylen);
return 1;
}
@@ -1222,14 +1222,17 @@ static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
- memcpy(cctx->kmo.param.cv, iv, ivlen);
- memcpy(cctx->kmo.param.k, key, keylen);
cctx->fc = S390X_AES_FC(keylen);
+
+ if (key != NULL)
+ memcpy(cctx->kmo.param.k, key, keylen);
+
cctx->res = 0;
+ memcpy(cctx->kmo.param.cv, oiv, ivlen);
return 1;
}
@@ -1237,9 +1240,12 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
int n = cctx->res;
int rem;
+ memcpy(cctx->kmo.param.cv, iv, ivlen);
while (n && len) {
*out = *in ^ cctx->kmo.param.cv[n];
n = (n + 1) & 0xf;
@@ -1268,6 +1274,7 @@ static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
+ memcpy(iv, cctx->kmo.param.cv, ivlen);
cctx->res = n;
return 1;
}
@@ -1287,18 +1294,18 @@ static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
- cctx->fc = S390X_AES_FC(keylen);
- cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */
- if (!enc)
- cctx->fc |= S390X_DECRYPT;
+ cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)
+ | (16 << 24); /* 16 bytes cipher feedback */
+
+ if (key != NULL)
+ memcpy(cctx->kmf.param.k, key, keylen);
cctx->res = 0;
- memcpy(cctx->kmf.param.cv, iv, ivlen);
- memcpy(cctx->kmf.param.k, key, keylen);
+ memcpy(cctx->kmf.param.cv, oiv, ivlen);
return 1;
}
@@ -1308,10 +1315,13 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
int n = cctx->res;
int rem;
unsigned char tmp;
+ memcpy(cctx->kmf.param.cv, iv, ivlen);
while (n && len) {
tmp = *in;
*out = cctx->kmf.param.cv[n] ^ tmp;
@@ -1344,6 +1354,7 @@ static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
}
+ memcpy(iv, cctx->kmf.param.cv, ivlen);
cctx->res = n;
return 1;
}
@@ -1360,17 +1371,18 @@ static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *ivec, int enc)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
- const unsigned char *iv = EVP_CIPHER_CTX_original_iv(ctx);
+ const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
const int keylen = EVP_CIPHER_CTX_key_length(ctx);
const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
- cctx->fc = S390X_AES_FC(keylen);
- cctx->fc |= 1 << 24; /* 1 byte cipher feedback */
- if (!enc)
- cctx->fc |= S390X_DECRYPT;
+ cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)
+ | (1 << 24); /* 1 byte cipher feedback flag */
- memcpy(cctx->kmf.param.cv, iv, ivlen);
- memcpy(cctx->kmf.param.k, key, keylen);
+ if (key != NULL)
+ memcpy(cctx->kmf.param.k, key, keylen);
+
+ cctx->res = 0;
+ memcpy(cctx->kmf.param.cv, oiv, ivlen);
return 1;
}
@@ -1378,8 +1390,12 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+ const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+ unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+ memcpy(cctx->kmf.param.cv, iv, ivlen);
s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+ memcpy(iv, cctx->kmf.param.cv, ivlen);
return 1;
}
@@ -1393,9 +1409,9 @@ static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len);
-# define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
-# define S390X_aes_192_ctr_CAPABLE 1
-# define S390X_aes_256_ctr_CAPABLE 1
+# define S390X_aes_128_ctr_CAPABLE 0 /* checked by callee */
+# define S390X_aes_192_ctr_CAPABLE 0
+# define S390X_aes_256_ctr_CAPABLE 0
# define S390X_AES_CTR_CTX EVP_AES_KEY
# define s390x_aes_ctr_init_key aes_init_key
@@ -1563,8 +1579,7 @@ static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,
/*-
* Initialize context structure. Code is big-endian.
*/
-static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
- const unsigned char *iv)
+static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx)
{
ctx->kma.param.t.g[0] = 0;
ctx->kma.param.t.g[1] = 0;
@@ -1575,12 +1590,11 @@ static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx,
ctx->kreslen = 0;
if (ctx->ivlen == 12) {
- memcpy(&ctx->kma.param.j0, iv, ctx->ivlen);
+ memcpy(&ctx->kma.param.j0, ctx->iv, ctx->ivlen);
ctx->kma.param.j0.w[3] = 1;
ctx->kma.param.cv.w = 1;
} else {
/* ctx->iv has the right size and is already padded. */
- memcpy(ctx->iv, iv, ctx->ivlen);
s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
ctx->fc, &ctx->kma.param);
ctx->fc |= S390X_KMA_HS;
@@ -1694,7 +1708,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
if (gctx->iv_gen == 0 || gctx->key_set == 0)
return 0;
- s390x_aes_gcm_setiv(gctx, gctx->iv);
+ s390x_aes_gcm_setiv(gctx);
if (arg <= 0 || arg > gctx->ivlen)
arg = gctx->ivlen;
@@ -1714,7 +1728,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
- s390x_aes_gcm_setiv(gctx, gctx->iv);
+ s390x_aes_gcm_setiv(gctx);
gctx->iv_set = 1;
return 1;
@@ -1770,43 +1784,36 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
}
/*-
- * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned.
+ * Set key or iv or enc/dec. Returns 1 on success. Otherwise 0 is returned.
*/
static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc)
{
S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
- int keylen;
+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);
- if (iv == NULL && key == NULL)
- return 1;
+ gctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);
if (key != NULL) {
- keylen = EVP_CIPHER_CTX_key_length(ctx);
+ gctx->fc &= ~S390X_KMA_HS;
memcpy(&gctx->kma.param.k, key, keylen);
-
- gctx->fc = S390X_AES_FC(keylen);
- if (!enc)
- gctx->fc |= S390X_DECRYPT;
-
- if (iv == NULL && gctx->iv_set)
- iv = gctx->iv;
-
- if (iv != NULL) {
- s390x_aes_gcm_setiv(gctx, iv);
- gctx->iv_set = 1;
- }
gctx->key_set = 1;
- } else {
- if (gctx->key_set)
- s390x_aes_gcm_setiv(gctx, iv);
- else
- memcpy(gctx->iv, iv, gctx->ivlen);
+ }
- gctx->iv_set = 1;
+ if (iv != NULL) {
+ memcpy(gctx->iv, iv, gctx->ivlen);
gctx->iv_gen = 0;
+ gctx->iv_set = 1;
}
+
+ if (gctx->key_set && gctx->iv_set)
+ s390x_aes_gcm_setiv(gctx);
+
+ gctx->fc &= ~(S390X_KMA_LPC | S390X_KMA_LAAD);
+ gctx->areslen = 0;
+ gctx->mreslen = 0;
+ gctx->kreslen = 0;
return 1;
}
@@ -1895,7 +1902,6 @@ static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* recall that we already did en-/decrypt gctx->mres
* and returned it to caller... */
OPENSSL_cleanse(tmp, gctx->mreslen);
- gctx->iv_set = 0;
enc = EVP_CIPHER_CTX_encrypting(ctx);
if (enc) {
@@ -1929,8 +1935,8 @@ static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
}
# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX
-# define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
-# define S390X_aes_256_xts_CAPABLE 1
+# define S390X_aes_128_xts_CAPABLE 0 /* checked by callee */
+# define S390X_aes_256_xts_CAPABLE 0
# define s390x_aes_xts_init_key aes_xts_init_key
static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
@@ -2134,9 +2140,10 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, size_t len)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
- unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+ const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ unsigned char iv[EVP_MAX_IV_LENGTH];
if (out != in
|| len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
@@ -2152,8 +2159,9 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
* Get explicit iv (sequence number). We already have fixed iv
* (server/client_write_iv) here.
*/
- memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
- s390x_aes_ccm_setiv(cctx, ivec, len);
+ memcpy(iv, ivec, sizeof(iv));
+ memcpy(iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+ s390x_aes_ccm_setiv(cctx, iv, len);
/* Process aad (sequence number|type|version|length) */
s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);
@@ -2180,42 +2188,35 @@ static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
/*-
- * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is
- * returned.
+ * Set key or iv or enc/dec. Returns 1 if successful.
+ * Otherwise 0 is returned.
*/
static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *key,
const unsigned char *iv, int enc)
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
- unsigned char *ivec;
- int keylen;
+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+ unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
- if (iv == NULL && key == NULL)
- return 1;
+ cctx->aes.ccm.fc = S390X_AES_FC(keylen);
if (key != NULL) {
- keylen = EVP_CIPHER_CTX_key_length(ctx);
- cctx->aes.ccm.fc = S390X_AES_FC(keylen);
memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
-
- /* Store encoded m and l. */
- cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
- | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
- memset(cctx->aes.ccm.nonce.b + 1, 0,
- sizeof(cctx->aes.ccm.nonce.b));
- cctx->aes.ccm.blocks = 0;
-
cctx->aes.ccm.key_set = 1;
}
-
if (iv != NULL) {
- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
-
cctx->aes.ccm.iv_set = 1;
}
+ /* Store encoded m and l. */
+ cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
+ | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
+ memset(cctx->aes.ccm.nonce.b + 1, 0, sizeof(cctx->aes.ccm.nonce.b) - 1);
+
+ cctx->aes.ccm.blocks = 0;
+ cctx->aes.ccm.len_set = 0;
return 1;
}
@@ -2230,8 +2231,9 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{
S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+ const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
+ unsigned char *buf;
int rv;
- unsigned char *buf, *ivec;
if (!cctx->aes.ccm.key_set)
return -1;
@@ -2253,7 +2255,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (out == NULL) {
/* Update(): Pass message length. */
if (in == NULL) {
- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
s390x_aes_ccm_setiv(cctx, ivec, len);
cctx->aes.ccm.len_set = 1;
@@ -2279,7 +2280,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
* In case message length was not previously set explicitly via
* Update(), set it now.
*/
- ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
s390x_aes_ccm_setiv(cctx, ivec, len);
cctx->aes.ccm.len_set = 1;
@@ -2304,9 +2304,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
if (rv == -1)
OPENSSL_cleanse(out, len);
- cctx->aes.ccm.iv_set = 0;
- cctx->aes.ccm.tag_set = 0;
- cctx->aes.ccm.len_set = 0;
return rv;
}
}
@@ -2414,9 +2411,6 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
- cctx->aes.ccm.tag_set = 0;
- cctx->aes.ccm.iv_set = 0;
- cctx->aes.ccm.len_set = 0;
return 1;
case EVP_CTRL_COPY:
@@ -2453,7 +2447,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
nid##_##keylen##_##nmode,blocksize, \
keylen / 8, \
ivlen, \
- flags | EVP_CIPH_##MODE##_MODE, \
+ flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \
s390x_aes_##mode##_init_key, \
s390x_aes_##mode##_cipher, \
NULL, \
@@ -2490,7 +2484,7 @@ static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \
blocksize, \
(EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8, \
ivlen, \
- flags | EVP_CIPH_##MODE##_MODE, \
+ flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE, \
s390x_aes_##mode##_init_key, \
s390x_aes_##mode##_cipher, \
s390x_aes_##mode##_cleanup, \
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index 502d6936cc13..f8c019801267 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -55,16 +55,16 @@ void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
- unsigned char *ivec);
+ unsigned char *ivec, int /*unused*/);
void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
size_t blocks, const CAMELLIA_KEY *key,
unsigned char *ivec);
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 0843caf4f0a4..e3c165d48e08 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c
index 638f61b5863a..f871e4fe71e5 100644
--- a/crypto/hmac/hm_ameth.c
+++ b/crypto/hmac/hm_ameth.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,7 +47,8 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
- return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+ /* the ameth pub_cmp must return 1 on match, 0 on mismatch */
+ return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
}
static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c
index c85e37c6a546..15a14be70872 100644
--- a/crypto/modes/cbc128.c
+++ b/crypto/modes/cbc128.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,7 +69,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
in += 16;
out += 16;
}
- memcpy(ivec, iv, 16);
+ if (ivec != iv)
+ memcpy(ivec, iv, 16);
}
void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
@@ -114,7 +115,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
out += 16;
}
}
- memcpy(ivec, iv, 16);
+ if (ivec != iv)
+ memcpy(ivec, iv, 16);
} else {
if (STRICT_ALIGNMENT &&
((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 0c0bf3cda5b5..8304efff48be 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1385,8 +1385,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
else
ctx->Yi.d[3] = ctr;
for (i = 0; i < 16 / sizeof(size_t); ++i) {
- size_t c = in[i];
- out[i] = c ^ ctx->EKi.t[i];
+ size_t c = in_t[i];
+ out_t[i] = c ^ ctx->EKi.t[i];
ctx->Xi.t[i] ^= c;
}
GCM_MUL(ctx);
diff --git a/crypto/o_time.c b/crypto/o_time.c
index 3502edda6238..3fa70c45af83 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -133,8 +133,8 @@ int OPENSSL_gmtime_diff(int *pday, int *psec,
static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
long *pday, int *psec)
{
- int offset_hms, offset_day;
- long time_jd;
+ int offset_hms;
+ long offset_day, time_jd;
int time_year, time_month, time_day;
/* split offset into days and day seconds */
offset_day = offset_sec / SECS_PER_DAY;
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index ab31a6129500..03eda2664251 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -101,7 +101,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
#endif
v = EVP_MD_block_size(md_type);
u = EVP_MD_size(md_type);
- if (u < 0 || v <= 0)
+ if (u <= 0 || v <= 0)
goto err;
D = OPENSSL_malloc(v);
Ai = OPENSSL_malloc(u);
diff --git a/crypto/poly1305/poly1305_ameth.c b/crypto/poly1305/poly1305_ameth.c
index 0c8a91dc79dc..0dddf79626e3 100644
--- a/crypto/poly1305/poly1305_ameth.c
+++ b/crypto/poly1305/poly1305_ameth.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -43,7 +43,7 @@ static int poly1305_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
- return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+ return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
}
static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
diff --git a/crypto/ppccap.c b/crypto/ppccap.c
index e51156468ae5..eeaa47cc6b41 100644
--- a/crypto/ppccap.c
+++ b/crypto/ppccap.c
@@ -211,6 +211,12 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
# if __GLIBC_PREREQ(2, 16)
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
+# elif defined(__ANDROID_API__)
+/* see https://developer.android.google.cn/ndk/guides/cpu-features */
+# if __ANDROID_API__ >= 18
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+# endif
# endif
#endif
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index ba3a29e58468..5c72fad8ca26 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -432,9 +432,13 @@ err:
RAND_POOL *rand_pool_new(int entropy_requested, int secure,
size_t min_len, size_t max_len)
{
- RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+ RAND_POOL *pool;
size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
+ if (!RUN_ONCE(&rand_init, do_rand_init))
+ return NULL;
+
+ pool = OPENSSL_zalloc(sizeof(*pool));
if (pool == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index ec6be791b37f..43f1069d151d 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -34,6 +34,9 @@
#if defined(__OpenBSD__)
# include <sys/param.h>
#endif
+#if defined(__APPLE__)
+# include <CommonCrypto/CommonRandom.h>
+#endif
#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
# include <sys/types.h>
@@ -378,6 +381,11 @@ static ssize_t syscall_random(void *buf, size_t buflen)
if (errno != ENOSYS)
return -1;
}
+# elif defined(__APPLE__)
+ if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
+ return (ssize_t)buflen;
+
+ return -1;
# else
union {
void *p;
diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c
index b5f4bce2a3e6..23df448a5212 100644
--- a/crypto/rsa/rsa_prn.c
+++ b/crypto/rsa/rsa_prn.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -34,9 +34,11 @@ int RSA_print(BIO *bp, const RSA *x, int off)
EVP_PKEY *pk;
int ret;
pk = EVP_PKEY_new();
- if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
+ if (pk == NULL)
return 0;
- ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+ ret = EVP_PKEY_set1_RSA(pk, (RSA *)x);
+ if (ret)
+ ret = EVP_PKEY_print_private(bp, pk, off, NULL);
EVP_PKEY_free(pk);
return ret;
}
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index ecdb3cee1fa3..e1c755ae460b 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/siphash/siphash_ameth.c b/crypto/siphash/siphash_ameth.c
index 2da6dfec8025..7fce76390ef4 100644
--- a/crypto/siphash/siphash_ameth.c
+++ b/crypto/siphash/siphash_ameth.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -44,7 +44,7 @@ static int siphash_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
static int siphash_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
{
- return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b));
+ return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
}
static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index ef505f64412b..83b97f4edc88 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
* Ported from Ribose contributions from Botan.
*
@@ -61,29 +61,20 @@ static size_t ec_field_size(const EC_GROUP *group)
return field_size;
}
-int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
- size_t *pt_size)
+int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size)
{
- const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
- const int md_size = EVP_MD_size(digest);
- size_t overhead;
+ struct SM2_Ciphertext_st *sm2_ctext = NULL;
- if (md_size < 0) {
- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST);
- return 0;
- }
- if (field_size == 0) {
- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD);
- return 0;
- }
+ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
- overhead = 10 + 2 * field_size + (size_t)md_size;
- if (msg_len <= overhead) {
+ if (sm2_ctext == NULL) {
SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING);
return 0;
}
- *pt_size = msg_len - overhead;
+ *pt_size = sm2_ctext->C2->length;
+ SM2_Ciphertext_free(sm2_ctext);
+
return 1;
}
@@ -303,6 +294,10 @@ int sm2_decrypt(const EC_KEY *key,
C2 = sm2_ctext->C2->data;
C3 = sm2_ctext->C3->data;
msg_len = sm2_ctext->C2->length;
+ if (*ptext_len < (size_t)msg_len) {
+ SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
+ goto done;
+ }
ctx = BN_CTX_new();
if (ctx == NULL) {
diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c
index b42a14c32f26..0e722b910b57 100644
--- a/crypto/sm2/sm2_pmeth.c
+++ b/crypto/sm2/sm2_pmeth.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -151,7 +151,7 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
if (out == NULL) {
- if (!sm2_plaintext_size(ec, md, inlen, outlen))
+ if (!sm2_plaintext_size(in, inlen, outlen))
return -1;
else
return 1;
diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c
index ff1a983ac98b..b3cb3d4be958 100644
--- a/crypto/sparcv9cap.c
+++ b/crypto/sparcv9cap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -16,6 +16,7 @@
#include <unistd.h>
#include <openssl/bn.h>
#include "internal/cryptlib.h"
+#include "bn/bn_local.h" /* for definition of bn_mul_mont */
#include "sparc_arch.h"
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 3dd2ab050757..394e1180dfa4 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -684,7 +684,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
BIGNUM *x = NULL;
BN_CTX *bn_ctx = BN_CTX_new();
unsigned char tmp2[MAX_LEN];
- BIGNUM *salttmp = NULL;
+ BIGNUM *salttmp = NULL, *verif;
if ((user == NULL) ||
(pass == NULL) ||
@@ -707,17 +707,18 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
if (x == NULL)
goto err;
- *verifier = BN_new();
- if (*verifier == NULL)
+ verif = BN_new();
+ if (verif == NULL)
goto err;
- if (!BN_mod_exp(*verifier, g, x, N, bn_ctx)) {
- BN_clear_free(*verifier);
+ if (!BN_mod_exp(verif, g, x, N, bn_ctx)) {
+ BN_clear_free(verif);
goto err;
}
result = 1;
*salt = salttmp;
+ *verifier = verif;
err:
if (salt != NULL && *salt != salttmp)
diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c
index 9c9e3bd08506..32e7b9f65a41 100644
--- a/crypto/store/loader_file.c
+++ b/crypto/store/loader_file.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -370,6 +370,7 @@ static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
mem->data = (char *)new_data;
mem->max = mem->length = (size_t)new_data_len;
X509_SIG_free(p8);
+ p8 = NULL;
store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
if (store_info == NULL) {
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index c2e7abd67f50..7fe3d27e74a2 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -612,6 +612,7 @@ static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
err:
EVP_MD_CTX_free(md_ctx);
X509_ALGOR_free(*md_alg);
+ *md_alg = NULL;
OPENSSL_free(*imprint);
*imprint_len = 0;
*imprint = 0;
diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c
index 1e80e0d37029..32cd2f542bb7 100644
--- a/crypto/ts/ts_verify_ctx.c
+++ b/crypto/ts/ts_verify_ctx.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -126,6 +126,8 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
goto err;
msg = imprint->hashed_msg;
ret->imprint_len = ASN1_STRING_length(msg);
+ if (ret->imprint_len <= 0)
+ goto err;
if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
goto err;
memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);
diff --git a/crypto/uid.c b/crypto/uid.c
index 65b1171039fe..5e3315eeb2e3 100644
--- a/crypto/uid.c
+++ b/crypto/uid.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -36,6 +36,12 @@ int OPENSSL_issetugid(void)
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
+# elif defined(__ANDROID_API__)
+/* see https://developer.android.google.cn/ndk/guides/cpu-features */
+# if __ANDROID_API__ >= 18
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+# endif
# endif
int OPENSSL_issetugid(void)
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 12d807f705ed..ece987a6bdbe 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -365,9 +365,9 @@ int X509_aux_print(BIO *out, X509 *x, int indent)
BIO_puts(out, "\n");
} else
BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
- alias = X509_alias_get0(x, NULL);
+ alias = X509_alias_get0(x, &i);
if (alias)
- BIO_printf(out, "%*sAlias: %s\n", indent, "", alias);
+ BIO_printf(out, "%*sAlias: %.*s\n", indent, "", i, alias);
keyid = X509_keyid_get0(x, &keyidlen);
if (keyid) {
BIO_printf(out, "%*sKey Id: ", indent, "");
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 0c71b2e8b4ad..20a36e763c5d 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -524,15 +524,19 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
ret = 1;
break;
}
- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
+ if (ret > 0
+ && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
/* Check for presence of explicit elliptic curve parameters */
ret = check_curve(x);
- if (ret < 0)
+ if (ret < 0) {
ctx->error = X509_V_ERR_UNSPECIFIED;
- else if (ret == 0)
+ ret = 0;
+ } else if (ret == 0) {
ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;
+ }
}
- if ((x->ex_flags & EXFLAG_CA) == 0
+ if (ret > 0
+ && (x->ex_flags & EXFLAG_CA) == 0
&& x->ex_pathlen != -1
&& (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
ctx->error = X509_V_ERR_INVALID_EXTENSION;
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 68b681d5ee85..535f169a29e7 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -199,7 +199,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
return 0;
}
- /* Copy the host flags if and only if we're copying the host list */
+ x509_verify_param_copy(hostflags, 0);
+
if (test_x509_verify_param_copy(hosts, NULL)) {
sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
dest->hosts = NULL;
@@ -208,7 +209,6 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
if (dest->hosts == NULL)
return 0;
- dest->hostflags = src->hostflags;
}
}
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
index d9f770433cfb..33b1933d7228 100644
--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -39,20 +39,48 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
STACK_OF(CONF_VALUE)
*extlist)
{
- char *tmp;
+ char *tmp = NULL;
+ STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist;
+
if (akeyid->keyid) {
tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
- X509V3_add_value("keyid", tmp, &extlist);
+ if (tmp == NULL) {
+ X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (!X509V3_add_value("keyid", tmp, &extlist)) {
+ OPENSSL_free(tmp);
+ X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
+ goto err;
+ }
OPENSSL_free(tmp);
}
- if (akeyid->issuer)
- extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+ if (akeyid->issuer) {
+ tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+ if (tmpextlist == NULL) {
+ X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
+ goto err;
+ }
+ extlist = tmpextlist;
+ }
if (akeyid->serial) {
tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
- X509V3_add_value("serial", tmp, &extlist);
+ if (tmp == NULL) {
+ X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!X509V3_add_value("serial", tmp, &extlist)) {
+ OPENSSL_free(tmp);
+ X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
+ goto err;
+ }
OPENSSL_free(tmp);
}
return extlist;
+ err:
+ if (origextlist == NULL)
+ sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free);
+ return NULL;
}
/*-
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index 4dce0041012e..7c32d4031d11 100644
--- a/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -9,6 +9,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
+#include "crypto/x509.h"
#include <openssl/conf.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"
@@ -99,17 +100,20 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
break;
case GEN_EMAIL:
- if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret))
+ if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data,
+ gen->d.ia5->length, &ret))
return NULL;
break;
case GEN_DNS:
- if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret))
+ if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data,
+ gen->d.ia5->length, &ret))
return NULL;
break;
case GEN_URI:
- if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret))
+ if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data,
+ gen->d.ia5->length, &ret))
return NULL;
break;
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 1d12c899125c..09804b58482c 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -422,7 +422,8 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
qualinfo = sk_POLICYQUALINFO_value(quals, i);
switch (OBJ_obj2nid(qualinfo->pqualid)) {
case NID_id_qt_cps:
- BIO_printf(out, "%*sCPS: %s\n", indent, "",
+ BIO_printf(out, "%*sCPS: %.*s\n", indent, "",
+ qualinfo->d.cpsuri->length,
qualinfo->d.cpsuri->data);
break;
@@ -447,7 +448,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
if (notice->noticeref) {
NOTICEREF *ref;
ref = notice->noticeref;
- BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+ BIO_printf(out, "%*sOrganization: %.*s\n", indent, "",
+ ref->organization->length,
ref->organization->data);
BIO_printf(out, "%*sNumber%s: ", indent, "",
sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
@@ -470,7 +472,8 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
BIO_puts(out, "\n");
}
if (notice->exptext)
- BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
+ BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
+ notice->exptext->length,
notice->exptext->data);
}
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 2a7b4f0992a8..d985aa91dacd 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -63,8 +63,31 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
+#define IA5_OFFSET_LEN(ia5base, offset) \
+ ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data))
+
+/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the
+ * starting point to search from
+ */
+# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start))
+
+/* Like memrrchr but for ASN1_IA5STRING */
+static char *ia5memrchr(ASN1_IA5STRING *str, int c)
+{
+ int i;
+
+ for (i = str->length; i > 0 && str->data[i - 1] != c; i--);
+
+ if (i == 0)
+ return NULL;
+
+ return (char *)&str->data[i - 1];
+}
+
/*
- * We cannot use strncasecmp here because that applies locale specific rules.
+ * We cannot use strncasecmp here because that applies locale specific rules. It
+ * also doesn't work with ASN1_STRINGs that may have embedded NUL characters.
* For example in Turkish 'I' is not the uppercase character for 'i'. We need to
* do a simple ASCII case comparison ignoring the locale (that is why we use
* numeric constants below).
@@ -89,20 +112,12 @@ static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
/* c1 > c2 */
return 1;
- } else if (*s1 == 0) {
- /* If we get here we know that *s2 == 0 too */
- return 0;
}
}
return 0;
}
-static int ia5casecmp(const char *s1, const char *s2)
-{
- return ia5ncasecmp(s1, s2, SIZE_MAX);
-}
-
static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
@@ -337,7 +352,7 @@ static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
--utf8_length;
/* Reject *embedded* NULs */
- if ((size_t)utf8_length != strlen((char *)utf8_value)) {
+ if (memchr(utf8_value, 0, utf8_length) != NULL) {
OPENSSL_free(utf8_value);
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
}
@@ -536,9 +551,14 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
{
char *baseptr = (char *)base->data;
char *dnsptr = (char *)dns->data;
+
/* Empty matches everything */
- if (!*baseptr)
+ if (base->length == 0)
return X509_V_OK;
+
+ if (dns->length < base->length)
+ return X509_V_ERR_PERMITTED_VIOLATION;
+
/*
* Otherwise can add zero or more components on the left so compare RHS
* and if dns is longer and expect '.' as preceding character.
@@ -549,7 +569,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
return X509_V_ERR_PERMITTED_VIOLATION;
}
- if (ia5casecmp(baseptr, dnsptr))
+ if (ia5ncasecmp(baseptr, dnsptr, base->length))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
@@ -560,16 +580,17 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
{
const char *baseptr = (char *)base->data;
const char *emlptr = (char *)eml->data;
+ const char *baseat = ia5memrchr(base, '@');
+ const char *emlat = ia5memrchr(eml, '@');
+ size_t basehostlen, emlhostlen;
- const char *baseat = strchr(baseptr, '@');
- const char *emlat = strchr(emlptr, '@');
if (!emlat)
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
/* Special case: initial '.' is RHS match */
- if (!baseat && (*baseptr == '.')) {
+ if (!baseat && base->length > 0 && (*baseptr == '.')) {
if (eml->length > base->length) {
emlptr += eml->length - base->length;
- if (ia5casecmp(baseptr, emlptr) == 0)
+ if (ia5ncasecmp(baseptr, emlptr, base->length) == 0)
return X509_V_OK;
}
return X509_V_ERR_PERMITTED_VIOLATION;
@@ -589,8 +610,10 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
baseptr = baseat + 1;
}
emlptr = emlat + 1;
+ basehostlen = IA5_OFFSET_LEN(base, baseptr);
+ emlhostlen = IA5_OFFSET_LEN(eml, emlptr);
/* Just have hostname left to match: case insensitive */
- if (ia5casecmp(baseptr, emlptr))
+ if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen))
return X509_V_ERR_PERMITTED_VIOLATION;
return X509_V_OK;
@@ -601,10 +624,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
{
const char *baseptr = (char *)base->data;
const char *hostptr = (char *)uri->data;
- const char *p = strchr(hostptr, ':');
+ const char *p = ia5memchr(uri, (char *)uri->data, ':');
int hostlen;
+
/* Check for foo:// and skip past it */
- if (!p || (p[1] != '/') || (p[2] != '/'))
+ if (p == NULL
+ || IA5_OFFSET_LEN(uri, p) < 3
+ || p[1] != '/'
+ || p[2] != '/')
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
hostptr = p + 3;
@@ -612,13 +639,13 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
/* Look for a port indicator as end of hostname first */
- p = strchr(hostptr, ':');
+ p = ia5memchr(uri, hostptr, ':');
/* Otherwise look for trailing slash */
- if (!p)
- p = strchr(hostptr, '/');
+ if (p == NULL)
+ p = ia5memchr(uri, hostptr, '/');
- if (!p)
- hostlen = strlen(hostptr);
+ if (p == NULL)
+ hostlen = IA5_OFFSET_LEN(uri, hostptr);
else
hostlen = p - hostptr;
@@ -626,7 +653,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
/* Special case: initial '.' is RHS match */
- if (*baseptr == '.') {
+ if (base->length > 0 && *baseptr == '.') {
if (hostlen > base->length) {
p = hostptr + hostlen - base->length;
if (ia5ncasecmp(p, baseptr, base->length) == 0)
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 3d124fa6d95d..532d4e192fec 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -77,7 +77,8 @@ static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
BIO_puts(out, "\n");
if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
- BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
+ BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
+ pci->proxyPolicy->policy->length,
pci->proxyPolicy->policy->data);
return 1;
}
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 7281a7b917a8..f41c699b5af0 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -12,6 +12,7 @@
#include "e_os.h"
#include "internal/cryptlib.h"
#include <stdio.h>
+#include <string.h>
#include "crypto/ctype.h"
#include <openssl/conf.h>
#include <openssl/crypto.h>
@@ -34,17 +35,26 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen);
/* Add a CONF_VALUE name value pair to stack */
-int X509V3_add_value(const char *name, const char *value,
- STACK_OF(CONF_VALUE) **extlist)
+static int x509v3_add_len_value(const char *name, const char *value,
+ size_t vallen, STACK_OF(CONF_VALUE) **extlist)
{
CONF_VALUE *vtmp = NULL;
char *tname = NULL, *tvalue = NULL;
int sk_allocated = (*extlist == NULL);
- if (name && (tname = OPENSSL_strdup(name)) == NULL)
- goto err;
- if (value && (tvalue = OPENSSL_strdup(value)) == NULL)
+ if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)
goto err;
+ if (value != NULL && vallen > 0) {
+ /*
+ * We tolerate a single trailing NUL character, but otherwise no
+ * embedded NULs
+ */
+ if (memchr(value, 0, vallen - 1) != NULL)
+ goto err;
+ tvalue = OPENSSL_strndup(value, vallen);
+ if (tvalue == NULL)
+ goto err;
+ }
if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
goto err;
if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
@@ -56,7 +66,7 @@ int X509V3_add_value(const char *name, const char *value,
goto err;
return 1;
err:
- X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
+ X509V3err(X509V3_F_X509V3_ADD_LEN_VALUE, ERR_R_MALLOC_FAILURE);
if (sk_allocated) {
sk_CONF_VALUE_free(*extlist);
*extlist = NULL;
@@ -67,10 +77,26 @@ int X509V3_add_value(const char *name, const char *value,
return 0;
}
+int X509V3_add_value(const char *name, const char *value,
+ STACK_OF(CONF_VALUE) **extlist)
+{
+ return x509v3_add_len_value(name, value,
+ value != NULL ? strlen((const char *)value) : 0,
+ extlist);
+}
+
int X509V3_add_value_uchar(const char *name, const unsigned char *value,
STACK_OF(CONF_VALUE) **extlist)
{
- return X509V3_add_value(name, (const char *)value, extlist);
+ return x509v3_add_len_value(name, (const char *)value,
+ value != NULL ? strlen((const char *)value) : 0,
+ extlist);
+}
+
+int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
+ size_t vallen, STACK_OF(CONF_VALUE) **extlist)
+{
+ return x509v3_add_len_value(name, (const char *)value, vallen, extlist);
}
/* Free function for STACK_OF(CONF_VALUE) */
@@ -502,18 +528,26 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email
/* First some sanity checks */
if (email->type != V_ASN1_IA5STRING)
return 1;
- if (!email->data || !email->length)
+ if (email->data == NULL || email->length == 0)
+ return 1;
+ if (memchr(email->data, 0, email->length) != NULL)
return 1;
if (*sk == NULL)
*sk = sk_OPENSSL_STRING_new(sk_strcmp);
if (*sk == NULL)
return 0;
+
+ emtmp = OPENSSL_strndup((char *)email->data, email->length);
+ if (emtmp == NULL)
+ return 0;
+
/* Don't add duplicates */
- if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1)
+ if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {
+ OPENSSL_free(emtmp);
return 1;
- emtmp = OPENSSL_strdup((char *)email->data);
- if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
- OPENSSL_free(emtmp); /* free on push failure */
+ }
+ if (!sk_OPENSSL_STRING_push(*sk, emtmp)) {
+ OPENSSL_free(emtmp); /* free on push failure */
X509_email_free(*sk);
*sk = NULL;
return 0;
diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
index 4f2ea52a4a5f..8b2918a64fff 100644
--- a/crypto/x509v3/v3err.c
+++ b/crypto/x509v3/v3err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -39,6 +39,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = {
"i2s_ASN1_INTEGER"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0),
"i2v_AUTHORITY_INFO_ACCESS"},
+ {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_KEYID, 0),
+ "i2v_AUTHORITY_KEYID"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"},
@@ -104,6 +106,8 @@ static const ERR_STRING_DATA X509V3_str_functs[] = {
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0),
"v3_generic_extension"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"},
+ {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_LEN_VALUE, 0),
+ "x509v3_add_len_value"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0),
"X509V3_add_value"},
{ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"},