diff options
Diffstat (limited to 'crypto')
111 files changed, 186 insertions, 52 deletions
diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl index 1112eef50c0b..1112eef50c0b 100755..100644 --- a/crypto/aes/asm/aes-armv4.pl +++ b/crypto/aes/asm/aes-armv4.pl diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl index cad3fcd06e36..cad3fcd06e36 100755..100644 --- a/crypto/aes/asm/aes-c64xplus.pl +++ b/crypto/aes/asm/aes-c64xplus.pl diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl index b5601e90ea3f..b5601e90ea3f 100755..100644 --- a/crypto/aes/asm/aes-mips.pl +++ b/crypto/aes/asm/aes-mips.pl diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl index 5b07fac3d004..5b07fac3d004 100755..100644 --- a/crypto/aes/asm/aes-parisc.pl +++ b/crypto/aes/asm/aes-parisc.pl diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl index bb4ee84ae337..bb4ee84ae337 100755..100644 --- a/crypto/aes/asm/aes-ppc.pl +++ b/crypto/aes/asm/aes-ppc.pl diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index 4cb8f4331742..4cb8f4331742 100755..100644 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl index 1678c4f786f2..1678c4f786f2 100755..100644 --- a/crypto/aes/asm/aesfx-sparcv9.pl +++ b/crypto/aes/asm/aesfx-sparcv9.pl diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl index a80cfdc13948..a80cfdc13948 100755..100644 --- a/crypto/aes/asm/aesni-mb-x86_64.pl +++ b/crypto/aes/asm/aesni-mb-x86_64.pl diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl index 04fd13be5e09..04fd13be5e09 100755..100644 --- a/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/crypto/aes/asm/aesni-sha1-x86_64.pl diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl index ff9b18507da0..ff9b18507da0 100755..100644 --- a/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/crypto/aes/asm/aesni-sha256-x86_64.pl diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl index fe2b26542ab6..fe2b26542ab6 100755..100644 --- a/crypto/aes/asm/aesni-x86.pl +++ b/crypto/aes/asm/aesni-x86.pl diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl index f8c2e2393438..f8c2e2393438 100755..100644 --- a/crypto/aes/asm/aesni-x86_64.pl +++ b/crypto/aes/asm/aesni-x86_64.pl diff --git a/crypto/aes/asm/aest4-sparcv9.pl b/crypto/aes/asm/aest4-sparcv9.pl index 478c97eb6feb..478c97eb6feb 100755..100644 --- a/crypto/aes/asm/aest4-sparcv9.pl +++ b/crypto/aes/asm/aest4-sparcv9.pl diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl index 2b9f241ce8b0..2b9f241ce8b0 100755..100644 --- a/crypto/aes/asm/bsaes-armv7.pl +++ b/crypto/aes/asm/bsaes-armv7.pl diff --git a/crypto/aes/asm/vpaes-ppc.pl b/crypto/aes/asm/vpaes-ppc.pl index 0260a5c9bff0..0260a5c9bff0 100755..100644 --- a/crypto/aes/asm/vpaes-ppc.pl +++ b/crypto/aes/asm/vpaes-ppc.pl diff --git a/crypto/aes/asm/vpaes-x86.pl b/crypto/aes/asm/vpaes-x86.pl index fb02a413345a..fb02a413345a 100755..100644 --- a/crypto/aes/asm/vpaes-x86.pl +++ b/crypto/aes/asm/vpaes-x86.pl diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl index 099a686a4d5d..099a686a4d5d 100755..100644 --- a/crypto/aes/asm/vpaes-x86_64.pl +++ b/crypto/aes/asm/vpaes-x86_64.pl diff --git a/crypto/armcap.c b/crypto/armcap.c index 58e54f0da2e1..8bf96f10214f 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,6 +69,23 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); # define OSSL_IMPLEMENT_GETAUXVAL # endif # endif +# if defined(__FreeBSD__) +# include <sys/param.h> +# if __FreeBSD_version >= 1200000 +# include <sys/auxv.h> +# define OSSL_IMPLEMENT_GETAUXVAL + +static unsigned long getauxval(unsigned long key) +{ + unsigned long val = 0ul; + + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; + + return val; +} +# endif +# endif /* * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl index d1b71f836f10..d1b71f836f10 100755..100644 --- a/crypto/armv4cpuid.pl +++ b/crypto/armv4cpuid.pl diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h index cac354c6bf33..e234c9e615d0 100644 --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index 3a83cb855007..3a83cb855007 100755..100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index eadc8bbf6322..eadc8bbf6322 100755..100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl index 3bb8d120e96a..3bb8d120e96a 100755..100644 --- a/crypto/bn/asm/c64xplus-gf2m.pl +++ b/crypto/bn/asm/c64xplus-gf2m.pl diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl index 7a4e74d71942..7a4e74d71942 100755..100644 --- a/crypto/bn/asm/ia64-mont.pl +++ b/crypto/bn/asm/ia64-mont.pl diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl index 3b79a4b186d7..3b79a4b186d7 100755..100644 --- a/crypto/bn/asm/mips-mont.pl +++ b/crypto/bn/asm/mips-mont.pl diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index 8ad715bda4d4..8ad715bda4d4 100755..100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl index 6a7c714a156e..6a7c714a156e 100755..100644 --- a/crypto/bn/asm/parisc-mont.pl +++ b/crypto/bn/asm/parisc-mont.pl diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl index 278314c57bd6..278314c57bd6 100755..100644 --- a/crypto/bn/asm/ppc-mont.pl +++ b/crypto/bn/asm/ppc-mont.pl diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl index b55fd46c824f..b55fd46c824f 100755..100644 --- a/crypto/bn/asm/ppc64-mont.pl +++ b/crypto/bn/asm/ppc64-mont.pl diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl index a7e4b8a97d30..a7e4b8a97d30 100755..100644 --- a/crypto/bn/asm/s390x-gf2m.pl +++ b/crypto/bn/asm/s390x-gf2m.pl diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl index bc8c8951e060..bc8c8951e060 100755..100644 --- a/crypto/bn/asm/s390x-mont.pl +++ b/crypto/bn/asm/s390x-mont.pl diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S index b666c41a88a4..b666c41a88a4 100755..100644 --- a/crypto/bn/asm/s390x.S +++ b/crypto/bn/asm/s390x.S diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl index 238a93dca56c..238a93dca56c 100755..100644 --- a/crypto/bn/asm/sparcv9-gf2m.pl +++ b/crypto/bn/asm/sparcv9-gf2m.pl diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl index d1a3c2bc4343..d1a3c2bc4343 100755..100644 --- a/crypto/bn/asm/sparcv9-mont.pl +++ b/crypto/bn/asm/sparcv9-mont.pl diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl index 9dbc8d458792..9dbc8d458792 100755..100644 --- a/crypto/bn/asm/via-mont.pl +++ b/crypto/bn/asm/via-mont.pl diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl index d797af8745dc..d797af8745dc 100755..100644 --- a/crypto/bn/asm/vis3-mont.pl +++ b/crypto/bn/asm/vis3-mont.pl diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl index 436d90b11ea4..436d90b11ea4 100755..100644 --- a/crypto/bn/asm/x86-gf2m.pl +++ b/crypto/bn/asm/x86-gf2m.pl diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl index 655f13c89ee8..655f13c89ee8 100755..100644 --- a/crypto/bn/asm/x86_64-gf2m.pl +++ b/crypto/bn/asm/x86_64-gf2m.pl diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c index 39dd61202ad7..39dd61202ad7 100755..100644 --- a/crypto/bn/bn_const.c +++ b/crypto/bn/bn_const.c diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index ba48244534b0..1a25c285773a 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl index 9aeee574ebf8..9aeee574ebf8 100755..100644 --- a/crypto/c64xpluscpuid.pl +++ b/crypto/c64xpluscpuid.pl diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl index cd514acfae4a..cd514acfae4a 100755..100644 --- a/crypto/camellia/asm/cmll-x86.pl +++ b/crypto/camellia/asm/cmll-x86.pl diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl index 59e1840160ff..59e1840160ff 100755..100644 --- a/crypto/camellia/asm/cmll-x86_64.pl +++ b/crypto/camellia/asm/cmll-x86_64.pl diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl index 71a40f6af90c..71a40f6af90c 100755..100644 --- a/crypto/camellia/asm/cmllt4-sparcv9.pl +++ b/crypto/camellia/asm/cmllt4-sparcv9.pl diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 3d710f12ae07..31c02cc49e22 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -185,6 +185,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BUF_MEM *buff = NULL; char *s, *p, *end; int again; + int first_call = 1; long eline = 0; char btmp[DECIMAL_SIZE(eline) + 1]; CONF_VALUE *v = NULL, *tv; @@ -233,6 +234,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BIO_gets(in, p, CONFBUFSIZE - 1); p[CONFBUFSIZE - 1] = '\0'; ii = i = strlen(p); + if (first_call) { + /* Other BOMs imply unsupported multibyte encoding, + * so don't strip them and let the error raise */ + const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; + + if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) { + memmove(p, p + 3, i - 3); + p[i - 3] = 0; + i -= 3; + ii -= 3; + } + first_call = 0; + } if (i == 0 && !again) { /* the currently processed BIO is at EOF */ BIO *parent; diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h index 2ced300e40d6..1e4a03e10bbd 100644 --- a/crypto/conf/conf_def.h +++ b/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl index 5c92a52b7957..5c92a52b7957 100755..100644 --- a/crypto/des/asm/dest4-sparcv9.pl +++ b/crypto/des/asm/dest4-sparcv9.pl diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index daffdf74dd37..117f2fa883ff 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,18 +25,45 @@ int DH_generate_key(DH *dh) return dh->meth->generate_key(dh); } +/*- + * NB: This function is inherently not constant time due to the + * RFC 5246 (8.1.2) padding style that strips leading zero bytes. + */ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { - return dh->meth->compute_key(key, pub_key, dh); + int ret = 0, i; + volatile size_t npad = 0, mask = 1; + + /* compute the key; ret is constant unless compute_key is external */ + if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) + return ret; + + /* count leading zero bytes, yet still touch all bytes */ + for (i = 0; i < ret; i++) { + mask &= !key[i]; + npad += mask; + } + + /* unpad key */ + ret -= npad; + /* key-dependent memory access, potentially leaking npad / ret */ + memmove(key, key + npad, ret); + /* key-dependent memory access, potentially leaking npad / ret */ + memset(key + ret, 0, npad); + + return ret; } int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) { int rv, pad; + + /* rv is constant unless compute_key is external */ rv = dh->meth->compute_key(key, pub_key, dh); if (rv <= 0) return rv; pad = BN_num_bytes(dh->p) - rv; + /* pad is constant (zero) unless compute_key is external */ if (pad > 0) { memmove(key + pad, key, rv); memset(key, 0, pad); @@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } - ret = BN_bn2bin(tmp, key); + ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p)); err: BN_CTX_end(ctx); BN_CTX_free(ctx); diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl index e93e18f29f19..e93e18f29f19 100755..100644 --- a/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/crypto/ec/asm/ecp_nistz256-armv8.pl diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 815460b24f67..7e1776375df7 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2283,6 +2283,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ operation not supported for this keytype EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized +EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers EVP_R_PBKDF2_ERROR:181:pbkdf2 error EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index b9b6490fe069..0843caf4f0a4 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -8,6 +8,7 @@ */ #include <stdio.h> +#include <limits.h> #include <assert.h> #include "internal/cryptlib.h" #include <openssl/evp.h> @@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } else { j = bl - i; + + /* + * Once we've processed the first j bytes from in, the amount of + * data left that is a multiple of the block length is: + * (inl - j) & ~(bl - 1) + * We must ensure that this amount of data, plus the one block that + * we process from ctx->buf does not exceed INT_MAX + */ + if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { + EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, + EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(&(ctx->buf[i]), in, j); inl -= j; in += j; @@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; } + /* + * final_used is only ever set if buf_len is 0. Therefore the maximum + * length output we will ever see from evp_EncryptDecryptUpdate is + * the maximum multiple of the block length that is <= inl, or just: + * inl & ~(b - 1) + * Since final_used has been set then the final output length is: + * (inl & ~(b - 1)) + b + * This must never exceed INT_MAX + */ + if ((inl & ~(b - 1)) > INT_MAX - b) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(out, ctx->final, b); out += b; fix_len = 1; diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 05481d827fb4..32ac0125de24 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), + "output would overflow"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl index 3595e3d32fc9..3595e3d32fc9 100755..100644 --- a/crypto/md5/asm/md5-sparcv9.pl +++ b/crypto/md5/asm/md5-sparcv9.pl diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index b5f959ba15d5..222c786cbaef 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -34,6 +34,12 @@ # include <errno.h> # endif # endif +# if defined(__FreeBSD__) +# define MADV_DONTDUMP MADV_NOCORE +# endif +# if !defined(MAP_CONCEAL) +# define MAP_CONCEAL 0 +# endif # include <sys/param.h> # include <sys/stat.h> # include <fcntl.h> @@ -442,7 +448,7 @@ static int sh_init(size_t size, int minsize) if (1) { #ifdef MAP_ANON sh.map_result = mmap(NULL, sh.map_size, - PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0); + PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0); } else { #endif int fd; diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl index 60f03e4fe25b..60f03e4fe25b 100755..100644 --- a/crypto/modes/asm/aesni-gcm-x86_64.pl +++ b/crypto/modes/asm/aesni-gcm-x86_64.pl diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index d84ac6f2bf43..d84ac6f2bf43 100755..100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl index 5826dcbdfe64..5826dcbdfe64 100755..100644 --- a/crypto/modes/asm/ghash-c64xplus.pl +++ b/crypto/modes/asm/ghash-c64xplus.pl diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl index d798b7abf490..d798b7abf490 100755..100644 --- a/crypto/modes/asm/ghash-parisc.pl +++ b/crypto/modes/asm/ghash-parisc.pl diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl index 2f3ca295bdca..2f3ca295bdca 100755..100644 --- a/crypto/modes/asm/ghash-s390x.pl +++ b/crypto/modes/asm/ghash-s390x.pl diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl index ccebc74b4e97..ccebc74b4e97 100755..100644 --- a/crypto/modes/asm/ghash-sparcv9.pl +++ b/crypto/modes/asm/ghash-sparcv9.pl diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl index 4183d99b68b1..4183d99b68b1 100755..100644 --- a/crypto/modes/asm/ghash-x86.pl +++ b/crypto/modes/asm/ghash-x86.pl diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl index 9bdba41d1de5..9bdba41d1de5 100755..100644 --- a/crypto/modes/asm/ghash-x86_64.pl +++ b/crypto/modes/asm/ghash-x86_64.pl diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index d0e398b50ae0..d0e398b50ae0 100755..100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index d1b1bc7faf91..24b49a2df258 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index 1ca04bbff19f..5c3561ab7d7e 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl index ce76cadae31c..ce76cadae31c 100755..100644 --- a/crypto/objects/objxref.pl +++ b/crypto/objects/objxref.pl diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 55ffd45c6ec0..55ffd45c6ec0 100755..100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index f6c387ffb7d7..f6c387ffb7d7 100755..100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 37ac6c03fd04..37ac6c03fd04 100755..100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index e35fc52fd944..e35fc52fd944 100755..100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl index f4d364754a1f..f4d364754a1f 100755..100644 --- a/crypto/pariscid.pl +++ b/crypto/pariscid.pl diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl index b9922e031893..b9922e031893 100755..100644 --- a/crypto/perlasm/sparcv9_modes.pl +++ b/crypto/perlasm/sparcv9_modes.pl diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl index 5c7ea3880e4d..5c7ea3880e4d 100755..100644 --- a/crypto/perlasm/x86gas.pl +++ b/crypto/perlasm/x86gas.pl diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl index dffee762115f..dffee762115f 100755..100644 --- a/crypto/perlasm/x86masm.pl +++ b/crypto/perlasm/x86masm.pl diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl index f77e1170f66b..70f46cd140aa 100755 --- a/crypto/poly1305/asm/poly1305-armv4.pl +++ b/crypto/poly1305/asm/poly1305-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -133,10 +133,10 @@ poly1305_init: # ifdef __thumb2__ itete eq # endif - addeq r12,r11,#(poly1305_emit-.Lpoly1305_init) - addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init) - addeq r11,r11,#(poly1305_blocks-.Lpoly1305_init) - addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init) + addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init) + addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init) + addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init) + addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init) # endif # ifdef __thumb2__ orr r12,r12,#1 @ thumb-ify address @@ -352,6 +352,7 @@ $code.=<<___; .type poly1305_emit,%function .align 5 poly1305_emit: +.Lpoly1305_emit: stmdb sp!,{r4-r11} .Lpoly1305_emit_enter: @@ -671,6 +672,7 @@ poly1305_init_neon: .type poly1305_blocks_neon,%function .align 5 poly1305_blocks_neon: +.Lpoly1305_blocks_neon: ldr ip,[$ctx,#36] @ is_base2_26 ands $len,$len,#-16 beq .Lno_data_neon @@ -1157,6 +1159,7 @@ poly1305_blocks_neon: .type poly1305_emit_neon,%function .align 5 poly1305_emit_neon: +.Lpoly1305_emit_neon: ldr ip,[$ctx,#36] @ is_base2_26 stmdb sp!,{r4-r11} diff --git a/crypto/ppccap.c b/crypto/ppccap.c index b12cd949ccfe..e51156468ae5 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -214,6 +214,24 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) # endif #endif +#if defined(__FreeBSD__) +# include <sys/param.h> +# if __FreeBSD_version >= 1200000 +# include <sys/auxv.h> +# define OSSL_IMPLEMENT_GETAUXVAL + +static unsigned long getauxval(unsigned long key) +{ + unsigned long val = 0ul; + + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; + + return val; +} +# endif +#endif + /* I wish <sys/auxv.h> was universally available */ #define HWCAP 16 /* AT_HWCAP */ #define HWCAP_PPC64 (1U << 30) diff --git a/crypto/rc4/asm/rc4-c64xplus.pl b/crypto/rc4/asm/rc4-c64xplus.pl index b12d044af465..b12d044af465 100755..100644 --- a/crypto/rc4/asm/rc4-c64xplus.pl +++ b/crypto/rc4/asm/rc4-c64xplus.pl diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl index 7aa5c21bd836..7aa5c21bd836 100755..100644 --- a/crypto/rc4/asm/rc4-md5-x86_64.pl +++ b/crypto/rc4/asm/rc4-md5-x86_64.pl diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl index 631e742b739d..631e742b739d 100755..100644 --- a/crypto/rc4/asm/rc4-parisc.pl +++ b/crypto/rc4/asm/rc4-parisc.pl diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl index dded0b75e7f9..dded0b75e7f9 100755..100644 --- a/crypto/rc4/asm/rc4-s390x.pl +++ b/crypto/rc4/asm/rc4-s390x.pl diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 1f155be175da..ecdb3cee1fa3 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -55,7 +55,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, /* * Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding - * if nul delimiter is not preceded by 8 consecutive 0x03 bytes. It also + * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also * preserves error code reporting for backward compatibility. */ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, @@ -122,7 +122,13 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSA_R_NULL_BEFORE_BLOCK_MISSING); mask = ~good; - good &= constant_time_ge(threes_in_row, 8); + /* + * Reject if nul delimiter is preceded by 8 consecutive 0x03 bytes. Note + * that RFC5246 incorrectly states this the other way around, i.e. reject + * if it is not preceded by 8 consecutive 0x03 bytes. However this is + * corrected in subsequent errata for that RFC. + */ + good &= constant_time_lt(threes_in_row, 8); err = constant_time_select_int(mask | good, err, RSA_R_SSLV3_ROLLBACK_ATTACK); mask = ~good; diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index 52d426bb29f8..52d426bb29f8 100755..100644 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl index 557cabc018e0..557cabc018e0 100755..100644 --- a/crypto/sha/asm/sha1-armv8.pl +++ b/crypto/sha/asm/sha1-armv8.pl diff --git a/crypto/sha/asm/sha1-c64xplus.pl b/crypto/sha/asm/sha1-c64xplus.pl index ceec503a9829..ceec503a9829 100755..100644 --- a/crypto/sha/asm/sha1-c64xplus.pl +++ b/crypto/sha/asm/sha1-c64xplus.pl diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl index 47c588715163..47c588715163 100755..100644 --- a/crypto/sha/asm/sha1-mb-x86_64.pl +++ b/crypto/sha/asm/sha1-mb-x86_64.pl diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl index c293cd3bfa4e..c293cd3bfa4e 100755..100644 --- a/crypto/sha/asm/sha1-mips.pl +++ b/crypto/sha/asm/sha1-mips.pl diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl index 70ef7956abfa..70ef7956abfa 100755..100644 --- a/crypto/sha/asm/sha1-parisc.pl +++ b/crypto/sha/asm/sha1-parisc.pl diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl index 653a6cb50a8a..653a6cb50a8a 100755..100644 --- a/crypto/sha/asm/sha1-s390x.pl +++ b/crypto/sha/asm/sha1-s390x.pl diff --git a/crypto/sha/asm/sha1-sparcv9.pl b/crypto/sha/asm/sha1-sparcv9.pl index 8c23d85a3d09..8c23d85a3d09 100755..100644 --- a/crypto/sha/asm/sha1-sparcv9.pl +++ b/crypto/sha/asm/sha1-sparcv9.pl diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl index 4e90da4b8bc9..4e90da4b8bc9 100755..100644 --- a/crypto/sha/asm/sha1-sparcv9a.pl +++ b/crypto/sha/asm/sha1-sparcv9a.pl diff --git a/crypto/sha/asm/sha1-thumb.pl b/crypto/sha/asm/sha1-thumb.pl index b53e0bee052d..b53e0bee052d 100755..100644 --- a/crypto/sha/asm/sha1-thumb.pl +++ b/crypto/sha/asm/sha1-thumb.pl diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl index 7523dbc165fa..7523dbc165fa 100755..100644 --- a/crypto/sha/asm/sha256-586.pl +++ b/crypto/sha/asm/sha256-586.pl diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index d120febb4832..d120febb4832 100755..100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl diff --git a/crypto/sha/asm/sha256-c64xplus.pl b/crypto/sha/asm/sha256-c64xplus.pl index b2d00e4fb1ab..b2d00e4fb1ab 100755..100644 --- a/crypto/sha/asm/sha256-c64xplus.pl +++ b/crypto/sha/asm/sha256-c64xplus.pl diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl index c8cc6efac95c..c8cc6efac95c 100755..100644 --- a/crypto/sha/asm/sha256-mb-x86_64.pl +++ b/crypto/sha/asm/sha256-mb-x86_64.pl diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl index 66b6e96f9ded..66b6e96f9ded 100755..100644 --- a/crypto/sha/asm/sha512-586.pl +++ b/crypto/sha/asm/sha512-586.pl diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index e9c5e0ce7687..e9c5e0ce7687 100755..100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl index 3188c905ea2d..3188c905ea2d 100755..100644 --- a/crypto/sha/asm/sha512-armv8.pl +++ b/crypto/sha/asm/sha512-armv8.pl diff --git a/crypto/sha/asm/sha512-c64xplus.pl b/crypto/sha/asm/sha512-c64xplus.pl index 4263fb1349aa..4263fb1349aa 100755..100644 --- a/crypto/sha/asm/sha512-c64xplus.pl +++ b/crypto/sha/asm/sha512-c64xplus.pl diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl index 15acd5308dda..15acd5308dda 100755..100644 --- a/crypto/sha/asm/sha512-mips.pl +++ b/crypto/sha/asm/sha512-mips.pl diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl index 9752fed4ea26..9752fed4ea26 100755..100644 --- a/crypto/sha/asm/sha512-s390x.pl +++ b/crypto/sha/asm/sha512-s390x.pl diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl index 54429d34e398..54429d34e398 100755..100644 --- a/crypto/sha/asm/sha512-sparcv9.pl +++ b/crypto/sha/asm/sha512-sparcv9.pl diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 4f417de0c989..ce3504825c53 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -177,6 +177,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) { BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL; + BIGNUM *xtmp = NULL; BN_CTX *bn_ctx; if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL @@ -185,10 +186,13 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, if ((tmp = BN_new()) == NULL || (tmp2 = BN_new()) == NULL || - (tmp3 = BN_new()) == NULL) + (tmp3 = BN_new()) == NULL || + (xtmp = BN_new()) == NULL) goto err; - if (!BN_mod_exp(tmp, g, x, N, bn_ctx)) + BN_with_flags(xtmp, x, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + if (!BN_mod_exp(tmp, g, xtmp, N, bn_ctx)) goto err; if ((k = srp_Calc_k(N, g)) == NULL) goto err; @@ -196,7 +200,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, goto err; if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx)) goto err; - if (!BN_mul(tmp3, u, x, bn_ctx)) + if (!BN_mul(tmp3, u, xtmp, bn_ctx)) goto err; if (!BN_add(tmp2, a, tmp3)) goto err; @@ -208,6 +212,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, err: BN_CTX_free(bn_ctx); + BN_free(xtmp); BN_clear_free(tmp); BN_clear_free(tmp2); BN_clear_free(tmp3); diff --git a/crypto/vms_rms.h b/crypto/vms_rms.h index 3b994a0aba2c..3b994a0aba2c 100755..100644 --- a/crypto/vms_rms.h +++ b/crypto/vms_rms.h diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl index 176be50a67f2..176be50a67f2 100755..100644 --- a/crypto/whrlpool/asm/wp-mmx.pl +++ b/crypto/whrlpool/asm/wp-mmx.pl diff --git a/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/whrlpool/asm/wp-x86_64.pl index b4fcd8be3c75..b4fcd8be3c75 100755..100644 --- a/crypto/whrlpool/asm/wp-x86_64.pl +++ b/crypto/whrlpool/asm/wp-x86_64.pl diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index ad620af0aff4..1d8d2d7b28e9 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,6 +39,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) if (ctx == NULL) goto err; f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); + if (f == NULL) + goto err; if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) goto err; if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) @@ -133,19 +135,21 @@ unsigned long X509_subject_name_hash_old(X509 *x) */ int X509_cmp(const X509 *a, const X509 *b) { - int rv; + int rv = 0; if (a == b) /* for efficiency */ return 0; - /* ensure hash is valid */ - if (X509_check_purpose((X509 *)a, -1, 0) != 1) - return -2; - if (X509_check_purpose((X509 *)b, -1, 0) != 1) - return -2; - - rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); - if (rv) + + /* try to make sure hash is valid */ + (void)X509_check_purpose((X509 *)a, -1, 0); + (void)X509_check_purpose((X509 *)b, -1, 0); + + if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0 + && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) + rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + if (rv != 0) return rv; + /* Check for match against stored encoding too */ if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { if (a->cert_info.enc.len < b->cert_info.enc.len) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 730a0160ff0a..0c71b2e8b4ad 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -323,9 +323,10 @@ static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert) } /* - * Find in given STACK_OF(X509) sk a non-expired issuer cert (if any) of given cert x. - * The issuer must not be the same as x and must not yet be in ctx->chain, where the - * exceptional case x is self-issued and ctx->chain has just one element is allowed. + * Find in given STACK_OF(X509) sk an issuer cert of given cert x. + * The issuer must not yet be in ctx->chain, where the exceptional case + * that x is self-issued and ctx->chain has just one element is allowed. + * Prefer the first one that is not expired, else take the last expired one. */ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) { @@ -334,11 +335,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) for (i = 0; i < sk_X509_num(sk); i++) { issuer = sk_X509_value(sk, i); - /* - * Below check 'issuer != x' is an optimization and safety precaution: - * Candidate issuer cert cannot be the same as the subject cert 'x'. - */ - if (issuer != x && ctx->check_issued(ctx, x, issuer) + if (ctx->check_issued(ctx, x, issuer) && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1) || !sk_X509_contains(ctx->chain, issuer))) { rv = issuer; diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index aa5ccba44899..a4e9cdaee837 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -363,7 +363,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0 - && (data->ex_flags & EXFLAG_INVALID) == 0) { + && (data->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) { /* Asking for SHA1 and we already computed it. */ if (len != NULL) *len = sizeof(data->sha1_hash); diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c index 813c5b01c3ae..7342c4f6bcb5 100644 --- a/crypto/x509/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -37,10 +37,13 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) { X509_ATTRIBUTE *ret = NULL; ASN1_TYPE *val = NULL; + ASN1_OBJECT *oid; + if ((oid = OBJ_nid2obj(nid)) == NULL) + return NULL; if ((ret = X509_ATTRIBUTE_new()) == NULL) return NULL; - ret->object = OBJ_nid2obj(nid); + ret->object = oid; if ((val = ASN1_TYPE_new()) == NULL) goto err; if (!sk_ASN1_TYPE_push(ret->set, val)) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 2b06dba05398..a1aeb4e4c60b 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -348,14 +348,17 @@ static int setup_crldp(X509 *x) /* Check that issuer public key algorithm matches subject signature algorithm */ static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) { - int pkey_nid; + int pkey_sig_nid, subj_sig_nid; if (pkey == NULL) return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; + if (OBJ_find_sigid_algs(EVP_PKEY_base_id(pkey), + NULL, &pkey_sig_nid) == 0) + pkey_sig_nid = EVP_PKEY_base_id(pkey); if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), - NULL, &pkey_nid) == 0) + NULL, &subj_sig_nid) == 0) return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; - if (EVP_PKEY_type(pkey_nid) != EVP_PKEY_base_id(pkey)) + if (pkey_sig_nid != EVP_PKEY_type(subj_sig_nid)) return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; return X509_V_OK; } @@ -391,7 +394,8 @@ static void x509v3_cache_extensions(X509 *x) } if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) - x->ex_flags |= EXFLAG_INVALID; + x->ex_flags |= (EXFLAG_NO_FINGERPRINT | EXFLAG_INVALID); + /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; |