From 4f55bd5321b72491d4eff396e4928e9ab0706735 Mon Sep 17 00:00:00 2001 From: Jung-uk Kim Date: Tue, 16 Feb 2021 14:54:02 -0500 Subject: Import OpenSSL 1.1.1j. --- crypto/aes/asm/aes-armv4.pl | 0 crypto/aes/asm/aes-c64xplus.pl | 0 crypto/aes/asm/aes-mips.pl | 0 crypto/aes/asm/aes-parisc.pl | 0 crypto/aes/asm/aes-ppc.pl | 0 crypto/aes/asm/aes-s390x.pl | 0 crypto/aes/asm/aesfx-sparcv9.pl | 0 crypto/aes/asm/aesni-mb-x86_64.pl | 0 crypto/aes/asm/aesni-sha1-x86_64.pl | 0 crypto/aes/asm/aesni-sha256-x86_64.pl | 0 crypto/aes/asm/aesni-x86.pl | 0 crypto/aes/asm/aesni-x86_64.pl | 0 crypto/aes/asm/aest4-sparcv9.pl | 0 crypto/aes/asm/bsaes-armv7.pl | 0 crypto/aes/asm/vpaes-ppc.pl | 0 crypto/aes/asm/vpaes-x86.pl | 0 crypto/aes/asm/vpaes-x86_64.pl | 0 crypto/armcap.c | 19 ++++++++++++++++++- crypto/armv4cpuid.pl | 0 crypto/asn1/charmap.h | 2 +- crypto/bn/asm/armv4-gf2m.pl | 0 crypto/bn/asm/armv4-mont.pl | 0 crypto/bn/asm/c64xplus-gf2m.pl | 0 crypto/bn/asm/ia64-mont.pl | 0 crypto/bn/asm/mips-mont.pl | 0 crypto/bn/asm/mips.pl | 0 crypto/bn/asm/parisc-mont.pl | 0 crypto/bn/asm/ppc-mont.pl | 0 crypto/bn/asm/ppc64-mont.pl | 0 crypto/bn/asm/s390x-gf2m.pl | 0 crypto/bn/asm/s390x-mont.pl | 0 crypto/bn/asm/s390x.S | 0 crypto/bn/asm/sparcv9-gf2m.pl | 0 crypto/bn/asm/sparcv9-mont.pl | 0 crypto/bn/asm/via-mont.pl | 0 crypto/bn/asm/vis3-mont.pl | 0 crypto/bn/asm/x86-gf2m.pl | 0 crypto/bn/asm/x86_64-gf2m.pl | 0 crypto/bn/bn_const.c | 0 crypto/bn/bn_prime.h | 2 +- crypto/c64xpluscpuid.pl | 0 crypto/camellia/asm/cmll-x86.pl | 0 crypto/camellia/asm/cmll-x86_64.pl | 0 crypto/camellia/asm/cmllt4-sparcv9.pl | 0 crypto/conf/conf_def.c | 16 +++++++++++++++- crypto/conf/conf_def.h | 2 +- crypto/des/asm/dest4-sparcv9.pl | 0 crypto/dh/dh_key.c | 33 ++++++++++++++++++++++++++++++--- crypto/ec/asm/ecp_nistz256-armv8.pl | 0 crypto/err/openssl.txt | 3 ++- crypto/evp/evp_enc.c | 27 +++++++++++++++++++++++++++ crypto/evp/evp_err.c | 4 +++- crypto/md5/asm/md5-sparcv9.pl | 0 crypto/mem_sec.c | 8 +++++++- crypto/modes/asm/aesni-gcm-x86_64.pl | 0 crypto/modes/asm/ghash-armv4.pl | 0 crypto/modes/asm/ghash-c64xplus.pl | 0 crypto/modes/asm/ghash-parisc.pl | 0 crypto/modes/asm/ghash-s390x.pl | 0 crypto/modes/asm/ghash-sparcv9.pl | 0 crypto/modes/asm/ghash-x86.pl | 0 crypto/modes/asm/ghash-x86_64.pl | 0 crypto/modes/asm/ghashv8-armx.pl | 0 crypto/objects/obj_dat.h | 2 +- crypto/objects/obj_xref.h | 2 +- crypto/objects/objxref.pl | 0 crypto/ocsp/ocsp_cl.c | 0 crypto/ocsp/ocsp_ext.c | 0 crypto/ocsp/ocsp_lib.c | 0 crypto/ocsp/ocsp_srv.c | 0 crypto/pariscid.pl | 0 crypto/perlasm/sparcv9_modes.pl | 0 crypto/perlasm/x86gas.pl | 0 crypto/perlasm/x86masm.pl | 0 crypto/poly1305/asm/poly1305-armv4.pl | 13 ++++++++----- crypto/ppccap.c | 20 +++++++++++++++++++- crypto/rc4/asm/rc4-c64xplus.pl | 0 crypto/rc4/asm/rc4-md5-x86_64.pl | 0 crypto/rc4/asm/rc4-parisc.pl | 0 crypto/rc4/asm/rc4-s390x.pl | 0 crypto/rsa/rsa_ssl.c | 10 ++++++++-- crypto/sha/asm/sha1-armv4-large.pl | 0 crypto/sha/asm/sha1-armv8.pl | 0 crypto/sha/asm/sha1-c64xplus.pl | 0 crypto/sha/asm/sha1-mb-x86_64.pl | 0 crypto/sha/asm/sha1-mips.pl | 0 crypto/sha/asm/sha1-parisc.pl | 0 crypto/sha/asm/sha1-s390x.pl | 0 crypto/sha/asm/sha1-sparcv9.pl | 0 crypto/sha/asm/sha1-sparcv9a.pl | 0 crypto/sha/asm/sha1-thumb.pl | 0 crypto/sha/asm/sha256-586.pl | 0 crypto/sha/asm/sha256-armv4.pl | 0 crypto/sha/asm/sha256-c64xplus.pl | 0 crypto/sha/asm/sha256-mb-x86_64.pl | 0 crypto/sha/asm/sha512-586.pl | 0 crypto/sha/asm/sha512-armv4.pl | 0 crypto/sha/asm/sha512-armv8.pl | 0 crypto/sha/asm/sha512-c64xplus.pl | 0 crypto/sha/asm/sha512-mips.pl | 0 crypto/sha/asm/sha512-s390x.pl | 0 crypto/sha/asm/sha512-sparcv9.pl | 0 crypto/srp/srp_lib.c | 13 +++++++++---- crypto/vms_rms.h | 0 crypto/whrlpool/asm/wp-mmx.pl | 0 crypto/whrlpool/asm/wp-x86_64.pl | 0 crypto/x509/x509_cmp.c | 24 ++++++++++++++---------- crypto/x509/x509_vfy.c | 15 ++++++--------- crypto/x509/x_all.c | 4 ++-- crypto/x509/x_attrib.c | 5 ++++- crypto/x509v3/v3_purp.c | 14 +++++++++----- 111 files changed, 186 insertions(+), 52 deletions(-) mode change 100755 => 100644 crypto/aes/asm/aes-armv4.pl mode change 100755 => 100644 crypto/aes/asm/aes-c64xplus.pl mode change 100755 => 100644 crypto/aes/asm/aes-mips.pl mode change 100755 => 100644 crypto/aes/asm/aes-parisc.pl mode change 100755 => 100644 crypto/aes/asm/aes-ppc.pl mode change 100755 => 100644 crypto/aes/asm/aes-s390x.pl mode change 100755 => 100644 crypto/aes/asm/aesfx-sparcv9.pl mode change 100755 => 100644 crypto/aes/asm/aesni-mb-x86_64.pl mode change 100755 => 100644 crypto/aes/asm/aesni-sha1-x86_64.pl mode change 100755 => 100644 crypto/aes/asm/aesni-sha256-x86_64.pl mode change 100755 => 100644 crypto/aes/asm/aesni-x86.pl mode change 100755 => 100644 crypto/aes/asm/aesni-x86_64.pl mode change 100755 => 100644 crypto/aes/asm/aest4-sparcv9.pl mode change 100755 => 100644 crypto/aes/asm/bsaes-armv7.pl mode change 100755 => 100644 crypto/aes/asm/vpaes-ppc.pl mode change 100755 => 100644 crypto/aes/asm/vpaes-x86.pl mode change 100755 => 100644 crypto/aes/asm/vpaes-x86_64.pl mode change 100755 => 100644 crypto/armv4cpuid.pl mode change 100755 => 100644 crypto/bn/asm/armv4-gf2m.pl mode change 100755 => 100644 crypto/bn/asm/armv4-mont.pl mode change 100755 => 100644 crypto/bn/asm/c64xplus-gf2m.pl mode change 100755 => 100644 crypto/bn/asm/ia64-mont.pl mode change 100755 => 100644 crypto/bn/asm/mips-mont.pl mode change 100755 => 100644 crypto/bn/asm/mips.pl mode change 100755 => 100644 crypto/bn/asm/parisc-mont.pl mode change 100755 => 100644 crypto/bn/asm/ppc-mont.pl mode change 100755 => 100644 crypto/bn/asm/ppc64-mont.pl mode change 100755 => 100644 crypto/bn/asm/s390x-gf2m.pl mode change 100755 => 100644 crypto/bn/asm/s390x-mont.pl mode change 100755 => 100644 crypto/bn/asm/s390x.S mode change 100755 => 100644 crypto/bn/asm/sparcv9-gf2m.pl mode change 100755 => 100644 crypto/bn/asm/sparcv9-mont.pl mode change 100755 => 100644 crypto/bn/asm/via-mont.pl mode change 100755 => 100644 crypto/bn/asm/vis3-mont.pl mode change 100755 => 100644 crypto/bn/asm/x86-gf2m.pl mode change 100755 => 100644 crypto/bn/asm/x86_64-gf2m.pl mode change 100755 => 100644 crypto/bn/bn_const.c mode change 100755 => 100644 crypto/c64xpluscpuid.pl mode change 100755 => 100644 crypto/camellia/asm/cmll-x86.pl mode change 100755 => 100644 crypto/camellia/asm/cmll-x86_64.pl mode change 100755 => 100644 crypto/camellia/asm/cmllt4-sparcv9.pl mode change 100755 => 100644 crypto/des/asm/dest4-sparcv9.pl mode change 100755 => 100644 crypto/ec/asm/ecp_nistz256-armv8.pl mode change 100755 => 100644 crypto/md5/asm/md5-sparcv9.pl mode change 100755 => 100644 crypto/modes/asm/aesni-gcm-x86_64.pl mode change 100755 => 100644 crypto/modes/asm/ghash-armv4.pl mode change 100755 => 100644 crypto/modes/asm/ghash-c64xplus.pl mode change 100755 => 100644 crypto/modes/asm/ghash-parisc.pl mode change 100755 => 100644 crypto/modes/asm/ghash-s390x.pl mode change 100755 => 100644 crypto/modes/asm/ghash-sparcv9.pl mode change 100755 => 100644 crypto/modes/asm/ghash-x86.pl mode change 100755 => 100644 crypto/modes/asm/ghash-x86_64.pl mode change 100755 => 100644 crypto/modes/asm/ghashv8-armx.pl mode change 100755 => 100644 crypto/objects/objxref.pl mode change 100755 => 100644 crypto/ocsp/ocsp_cl.c mode change 100755 => 100644 crypto/ocsp/ocsp_ext.c mode change 100755 => 100644 crypto/ocsp/ocsp_lib.c mode change 100755 => 100644 crypto/ocsp/ocsp_srv.c mode change 100755 => 100644 crypto/pariscid.pl mode change 100755 => 100644 crypto/perlasm/sparcv9_modes.pl mode change 100755 => 100644 crypto/perlasm/x86gas.pl mode change 100755 => 100644 crypto/perlasm/x86masm.pl mode change 100755 => 100644 crypto/rc4/asm/rc4-c64xplus.pl mode change 100755 => 100644 crypto/rc4/asm/rc4-md5-x86_64.pl mode change 100755 => 100644 crypto/rc4/asm/rc4-parisc.pl mode change 100755 => 100644 crypto/rc4/asm/rc4-s390x.pl mode change 100755 => 100644 crypto/sha/asm/sha1-armv4-large.pl mode change 100755 => 100644 crypto/sha/asm/sha1-armv8.pl mode change 100755 => 100644 crypto/sha/asm/sha1-c64xplus.pl mode change 100755 => 100644 crypto/sha/asm/sha1-mb-x86_64.pl mode change 100755 => 100644 crypto/sha/asm/sha1-mips.pl mode change 100755 => 100644 crypto/sha/asm/sha1-parisc.pl mode change 100755 => 100644 crypto/sha/asm/sha1-s390x.pl mode change 100755 => 100644 crypto/sha/asm/sha1-sparcv9.pl mode change 100755 => 100644 crypto/sha/asm/sha1-sparcv9a.pl mode change 100755 => 100644 crypto/sha/asm/sha1-thumb.pl mode change 100755 => 100644 crypto/sha/asm/sha256-586.pl mode change 100755 => 100644 crypto/sha/asm/sha256-armv4.pl mode change 100755 => 100644 crypto/sha/asm/sha256-c64xplus.pl mode change 100755 => 100644 crypto/sha/asm/sha256-mb-x86_64.pl mode change 100755 => 100644 crypto/sha/asm/sha512-586.pl mode change 100755 => 100644 crypto/sha/asm/sha512-armv4.pl mode change 100755 => 100644 crypto/sha/asm/sha512-armv8.pl mode change 100755 => 100644 crypto/sha/asm/sha512-c64xplus.pl mode change 100755 => 100644 crypto/sha/asm/sha512-mips.pl mode change 100755 => 100644 crypto/sha/asm/sha512-s390x.pl mode change 100755 => 100644 crypto/sha/asm/sha512-sparcv9.pl mode change 100755 => 100644 crypto/vms_rms.h mode change 100755 => 100644 crypto/whrlpool/asm/wp-mmx.pl mode change 100755 => 100644 crypto/whrlpool/asm/wp-x86_64.pl (limited to 'crypto') diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aest4-sparcv9.pl b/crypto/aes/asm/aest4-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/vpaes-ppc.pl b/crypto/aes/asm/vpaes-ppc.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/vpaes-x86.pl b/crypto/aes/asm/vpaes-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/armcap.c b/crypto/armcap.c index 58e54f0da2e1..8bf96f10214f 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,6 +69,23 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); # define OSSL_IMPLEMENT_GETAUXVAL # endif # endif +# if defined(__FreeBSD__) +# include +# if __FreeBSD_version >= 1200000 +# include +# define OSSL_IMPLEMENT_GETAUXVAL + +static unsigned long getauxval(unsigned long key) +{ + unsigned long val = 0ul; + + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; + + return val; +} +# endif +# endif /* * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl old mode 100755 new mode 100644 diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h index cac354c6bf33..e234c9e615d0 100644 --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index ba48244534b0..1a25c285773a 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl old mode 100755 new mode 100644 diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 3d710f12ae07..31c02cc49e22 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -185,6 +185,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BUF_MEM *buff = NULL; char *s, *p, *end; int again; + int first_call = 1; long eline = 0; char btmp[DECIMAL_SIZE(eline) + 1]; CONF_VALUE *v = NULL, *tv; @@ -233,6 +234,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BIO_gets(in, p, CONFBUFSIZE - 1); p[CONFBUFSIZE - 1] = '\0'; ii = i = strlen(p); + if (first_call) { + /* Other BOMs imply unsupported multibyte encoding, + * so don't strip them and let the error raise */ + const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; + + if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) { + memmove(p, p + 3, i - 3); + p[i - 3] = 0; + i -= 3; + ii -= 3; + } + first_call = 0; + } if (i == 0 && !again) { /* the currently processed BIO is at EOF */ BIO *parent; diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h index 2ced300e40d6..1e4a03e10bbd 100644 --- a/crypto/conf/conf_def.h +++ b/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index daffdf74dd37..117f2fa883ff 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,18 +25,45 @@ int DH_generate_key(DH *dh) return dh->meth->generate_key(dh); } +/*- + * NB: This function is inherently not constant time due to the + * RFC 5246 (8.1.2) padding style that strips leading zero bytes. + */ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { - return dh->meth->compute_key(key, pub_key, dh); + int ret = 0, i; + volatile size_t npad = 0, mask = 1; + + /* compute the key; ret is constant unless compute_key is external */ + if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) + return ret; + + /* count leading zero bytes, yet still touch all bytes */ + for (i = 0; i < ret; i++) { + mask &= !key[i]; + npad += mask; + } + + /* unpad key */ + ret -= npad; + /* key-dependent memory access, potentially leaking npad / ret */ + memmove(key, key + npad, ret); + /* key-dependent memory access, potentially leaking npad / ret */ + memset(key + ret, 0, npad); + + return ret; } int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) { int rv, pad; + + /* rv is constant unless compute_key is external */ rv = dh->meth->compute_key(key, pub_key, dh); if (rv <= 0) return rv; pad = BN_num_bytes(dh->p) - rv; + /* pad is constant (zero) unless compute_key is external */ if (pad > 0) { memmove(key + pad, key, rv); memset(key, 0, pad); @@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } - ret = BN_bn2bin(tmp, key); + ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p)); err: BN_CTX_end(ctx); BN_CTX_free(ctx); diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl old mode 100755 new mode 100644 diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 815460b24f67..7e1776375df7 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2283,6 +2283,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ operation not supported for this keytype EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized +EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers EVP_R_PBKDF2_ERROR:181:pbkdf2 error EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index b9b6490fe069..0843caf4f0a4 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -8,6 +8,7 @@ */ #include +#include #include #include "internal/cryptlib.h" #include @@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } else { j = bl - i; + + /* + * Once we've processed the first j bytes from in, the amount of + * data left that is a multiple of the block length is: + * (inl - j) & ~(bl - 1) + * We must ensure that this amount of data, plus the one block that + * we process from ctx->buf does not exceed INT_MAX + */ + if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { + EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, + EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(&(ctx->buf[i]), in, j); inl -= j; in += j; @@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; } + /* + * final_used is only ever set if buf_len is 0. Therefore the maximum + * length output we will ever see from evp_EncryptDecryptUpdate is + * the maximum multiple of the block length that is <= inl, or just: + * inl & ~(b - 1) + * Since final_used has been set then the final output length is: + * (inl & ~(b - 1)) + b + * This must never exceed INT_MAX + */ + if ((inl & ~(b - 1)) > INT_MAX - b) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(out, ctx->final, b); out += b; fix_len = 1; diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 05481d827fb4..32ac0125de24 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), + "output would overflow"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index b5f959ba15d5..222c786cbaef 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -34,6 +34,12 @@ # include # endif # endif +# if defined(__FreeBSD__) +# define MADV_DONTDUMP MADV_NOCORE +# endif +# if !defined(MAP_CONCEAL) +# define MAP_CONCEAL 0 +# endif # include # include # include @@ -442,7 +448,7 @@ static int sh_init(size_t size, int minsize) if (1) { #ifdef MAP_ANON sh.map_result = mmap(NULL, sh.map_size, - PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0); + PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0); } else { #endif int fd; diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl old mode 100755 new mode 100644 diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index d1b1bc7faf91..24b49a2df258 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index 1ca04bbff19f..5c3561ab7d7e 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c old mode 100755 new mode 100644 diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c old mode 100755 new mode 100644 diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl old mode 100755 new mode 100644 diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl old mode 100755 new mode 100644 diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl old mode 100755 new mode 100644 diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl old mode 100755 new mode 100644 diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl index f77e1170f66b..70f46cd140aa 100755 --- a/crypto/poly1305/asm/poly1305-armv4.pl +++ b/crypto/poly1305/asm/poly1305-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -133,10 +133,10 @@ poly1305_init: # ifdef __thumb2__ itete eq # endif - addeq r12,r11,#(poly1305_emit-.Lpoly1305_init) - addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init) - addeq r11,r11,#(poly1305_blocks-.Lpoly1305_init) - addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init) + addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init) + addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init) + addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init) + addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init) # endif # ifdef __thumb2__ orr r12,r12,#1 @ thumb-ify address @@ -352,6 +352,7 @@ $code.=<<___; .type poly1305_emit,%function .align 5 poly1305_emit: +.Lpoly1305_emit: stmdb sp!,{r4-r11} .Lpoly1305_emit_enter: @@ -671,6 +672,7 @@ poly1305_init_neon: .type poly1305_blocks_neon,%function .align 5 poly1305_blocks_neon: +.Lpoly1305_blocks_neon: ldr ip,[$ctx,#36] @ is_base2_26 ands $len,$len,#-16 beq .Lno_data_neon @@ -1157,6 +1159,7 @@ poly1305_blocks_neon: .type poly1305_emit_neon,%function .align 5 poly1305_emit_neon: +.Lpoly1305_emit_neon: ldr ip,[$ctx,#36] @ is_base2_26 stmdb sp!,{r4-r11} diff --git a/crypto/ppccap.c b/crypto/ppccap.c index b12cd949ccfe..e51156468ae5 100644 --- a/crypto/ppccap.c +++ b/crypto/ppccap.c @@ -1,5 +1,5 @@ /* - * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -214,6 +214,24 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) # endif #endif +#if defined(__FreeBSD__) +# include +# if __FreeBSD_version >= 1200000 +# include +# define OSSL_IMPLEMENT_GETAUXVAL + +static unsigned long getauxval(unsigned long key) +{ + unsigned long val = 0ul; + + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; + + return val; +} +# endif +#endif + /* I wish was universally available */ #define HWCAP 16 /* AT_HWCAP */ #define HWCAP_PPC64 (1U << 30) diff --git a/crypto/rc4/asm/rc4-c64xplus.pl b/crypto/rc4/asm/rc4-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl old mode 100755 new mode 100644 diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 1f155be175da..ecdb3cee1fa3 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -55,7 +55,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, /* * Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding - * if nul delimiter is not preceded by 8 consecutive 0x03 bytes. It also + * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also * preserves error code reporting for backward compatibility. */ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, @@ -122,7 +122,13 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSA_R_NULL_BEFORE_BLOCK_MISSING); mask = ~good; - good &= constant_time_ge(threes_in_row, 8); + /* + * Reject if nul delimiter is preceded by 8 consecutive 0x03 bytes. Note + * that RFC5246 incorrectly states this the other way around, i.e. reject + * if it is not preceded by 8 consecutive 0x03 bytes. However this is + * corrected in subsequent errata for that RFC. + */ + good &= constant_time_lt(threes_in_row, 8); err = constant_time_select_int(mask | good, err, RSA_R_SSLV3_ROLLBACK_ATTACK); mask = ~good; diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-c64xplus.pl b/crypto/sha/asm/sha1-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-sparcv9.pl b/crypto/sha/asm/sha1-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha1-thumb.pl b/crypto/sha/asm/sha1-thumb.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha256-c64xplus.pl b/crypto/sha/asm/sha256-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-c64xplus.pl b/crypto/sha/asm/sha512-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 4f417de0c989..ce3504825c53 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2004, EdelKey Project. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -177,6 +177,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) { BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL; + BIGNUM *xtmp = NULL; BN_CTX *bn_ctx; if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL @@ -185,10 +186,13 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, if ((tmp = BN_new()) == NULL || (tmp2 = BN_new()) == NULL || - (tmp3 = BN_new()) == NULL) + (tmp3 = BN_new()) == NULL || + (xtmp = BN_new()) == NULL) goto err; - if (!BN_mod_exp(tmp, g, x, N, bn_ctx)) + BN_with_flags(xtmp, x, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + if (!BN_mod_exp(tmp, g, xtmp, N, bn_ctx)) goto err; if ((k = srp_Calc_k(N, g)) == NULL) goto err; @@ -196,7 +200,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, goto err; if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx)) goto err; - if (!BN_mul(tmp3, u, x, bn_ctx)) + if (!BN_mul(tmp3, u, xtmp, bn_ctx)) goto err; if (!BN_add(tmp2, a, tmp3)) goto err; @@ -208,6 +212,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, err: BN_CTX_free(bn_ctx); + BN_free(xtmp); BN_clear_free(tmp); BN_clear_free(tmp2); BN_clear_free(tmp3); diff --git a/crypto/vms_rms.h b/crypto/vms_rms.h old mode 100755 new mode 100644 diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl old mode 100755 new mode 100644 diff --git a/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/whrlpool/asm/wp-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index ad620af0aff4..1d8d2d7b28e9 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,6 +39,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) if (ctx == NULL) goto err; f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); + if (f == NULL) + goto err; if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) goto err; if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) @@ -133,19 +135,21 @@ unsigned long X509_subject_name_hash_old(X509 *x) */ int X509_cmp(const X509 *a, const X509 *b) { - int rv; + int rv = 0; if (a == b) /* for efficiency */ return 0; - /* ensure hash is valid */ - if (X509_check_purpose((X509 *)a, -1, 0) != 1) - return -2; - if (X509_check_purpose((X509 *)b, -1, 0) != 1) - return -2; - - rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); - if (rv) + + /* try to make sure hash is valid */ + (void)X509_check_purpose((X509 *)a, -1, 0); + (void)X509_check_purpose((X509 *)b, -1, 0); + + if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0 + && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) + rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + if (rv != 0) return rv; + /* Check for match against stored encoding too */ if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { if (a->cert_info.enc.len < b->cert_info.enc.len) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 730a0160ff0a..0c71b2e8b4ad 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -323,9 +323,10 @@ static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert) } /* - * Find in given STACK_OF(X509) sk a non-expired issuer cert (if any) of given cert x. - * The issuer must not be the same as x and must not yet be in ctx->chain, where the - * exceptional case x is self-issued and ctx->chain has just one element is allowed. + * Find in given STACK_OF(X509) sk an issuer cert of given cert x. + * The issuer must not yet be in ctx->chain, where the exceptional case + * that x is self-issued and ctx->chain has just one element is allowed. + * Prefer the first one that is not expired, else take the last expired one. */ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) { @@ -334,11 +335,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) for (i = 0; i < sk_X509_num(sk); i++) { issuer = sk_X509_value(sk, i); - /* - * Below check 'issuer != x' is an optimization and safety precaution: - * Candidate issuer cert cannot be the same as the subject cert 'x'. - */ - if (issuer != x && ctx->check_issued(ctx, x, issuer) + if (ctx->check_issued(ctx, x, issuer) && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1) || !sk_X509_contains(ctx->chain, issuer))) { rv = issuer; diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index aa5ccba44899..a4e9cdaee837 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -363,7 +363,7 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0 - && (data->ex_flags & EXFLAG_INVALID) == 0) { + && (data->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) { /* Asking for SHA1 and we already computed it. */ if (len != NULL) *len = sizeof(data->sha1_hash); diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c index 813c5b01c3ae..7342c4f6bcb5 100644 --- a/crypto/x509/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -37,10 +37,13 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) { X509_ATTRIBUTE *ret = NULL; ASN1_TYPE *val = NULL; + ASN1_OBJECT *oid; + if ((oid = OBJ_nid2obj(nid)) == NULL) + return NULL; if ((ret = X509_ATTRIBUTE_new()) == NULL) return NULL; - ret->object = OBJ_nid2obj(nid); + ret->object = oid; if ((val = ASN1_TYPE_new()) == NULL) goto err; if (!sk_ASN1_TYPE_push(ret->set, val)) diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 2b06dba05398..a1aeb4e4c60b 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -348,14 +348,17 @@ static int setup_crldp(X509 *x) /* Check that issuer public key algorithm matches subject signature algorithm */ static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject) { - int pkey_nid; + int pkey_sig_nid, subj_sig_nid; if (pkey == NULL) return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; + if (OBJ_find_sigid_algs(EVP_PKEY_base_id(pkey), + NULL, &pkey_sig_nid) == 0) + pkey_sig_nid = EVP_PKEY_base_id(pkey); if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), - NULL, &pkey_nid) == 0) + NULL, &subj_sig_nid) == 0) return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; - if (EVP_PKEY_type(pkey_nid) != EVP_PKEY_base_id(pkey)) + if (pkey_sig_nid != EVP_PKEY_type(subj_sig_nid)) return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; return X509_V_OK; } @@ -391,7 +394,8 @@ static void x509v3_cache_extensions(X509 *x) } if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) - x->ex_flags |= EXFLAG_INVALID; + x->ex_flags |= (EXFLAG_NO_FINGERPRINT | EXFLAG_INVALID); + /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; -- cgit v1.2.3