Compare commits
53 Commits
OpenSSL_0_
...
OpenSSL_0_
| Author | SHA1 | Date | |
|---|---|---|---|
|
0823ddc56e | ||
|
|
ad6567965d | ||
|
|
582f1f41d4 | ||
|
|
fa57f74a39 | ||
|
|
92f9a8bf38 | ||
|
|
39bcfb129e | ||
|
|
50d3049930 | ||
|
|
8b4fd12b0d | ||
|
|
17689e7dc6 | ||
|
|
f803a417f7 | ||
|
|
9759ff0cd9 | ||
|
|
f9603f2673 | ||
|
|
467daf6b6e | ||
|
|
113d36a3fb | ||
|
|
f16093d2d6 | ||
|
|
aeff907218 | ||
|
|
f3b555a601 | ||
|
|
c0de854c9d | ||
|
|
155ca14ea9 | ||
|
|
303845a3b5 | ||
|
|
1a38987de0 | ||
|
|
5d28381ae4 | ||
|
|
eeda966123 | ||
|
|
c5b0f5c463 | ||
|
|
32fbe9149e | ||
|
|
246b35a96e | ||
|
|
79cc5417a4 | ||
|
|
db8334be06 | ||
|
|
fcc5e899aa | ||
|
|
b78c9e4a2b | ||
|
|
c380bff888 | ||
|
|
6655ac4e45 | ||
|
|
c7395fb999 | ||
|
|
d53f920365 | ||
|
|
65c588c140 | ||
|
|
544e3e3b69 | ||
|
|
497d0b00dc | ||
|
|
674341f1b0 | ||
|
|
c58f4f73bd | ||
|
|
c85c1e08ce | ||
|
|
c2f5de13cd | ||
|
|
01320ad3b9 | ||
|
|
a065737afb | ||
|
|
241cff623e | ||
|
|
8a8ba07167 | ||
|
|
1b4a8df38f | ||
|
|
6d4655c27e | ||
|
|
9eca2cbc16 | ||
|
|
d7efe7ea18 | ||
|
|
49fa6b6c2d | ||
|
|
d64a227f1f | ||
|
|
6844c12968 | ||
|
|
ead95e760c |
145
CHANGES
145
CHANGES
@@ -2,9 +2,150 @@
|
||||
OpenSSL CHANGES
|
||||
_______________
|
||||
|
||||
Changes between 0.9.8ze and 0.9.8zf [xx XXX xxxx]
|
||||
Changes between 0.9.8zf and 0.9.8zg [11 Jun 2015]
|
||||
|
||||
*)
|
||||
*) Malformed ECParameters causes infinite loop
|
||||
|
||||
When processing an ECParameters structure OpenSSL enters an infinite loop
|
||||
if the curve specified is over a specially malformed binary polynomial
|
||||
field.
|
||||
|
||||
This can be used to perform denial of service against any
|
||||
system which processes public keys, certificate requests or
|
||||
certificates. This includes TLS clients and TLS servers with
|
||||
client authentication enabled.
|
||||
|
||||
This issue was reported to OpenSSL by Joseph Barr-Pixton.
|
||||
(CVE-2015-1788)
|
||||
[Andy Polyakov]
|
||||
|
||||
*) Exploitable out-of-bounds read in X509_cmp_time
|
||||
|
||||
X509_cmp_time does not properly check the length of the ASN1_TIME
|
||||
string and can read a few bytes out of bounds. In addition,
|
||||
X509_cmp_time accepts an arbitrary number of fractional seconds in the
|
||||
time string.
|
||||
|
||||
An attacker can use this to craft malformed certificates and CRLs of
|
||||
various sizes and potentially cause a segmentation fault, resulting in
|
||||
a DoS on applications that verify certificates or CRLs. TLS clients
|
||||
that verify CRLs are affected. TLS clients and servers with client
|
||||
authentication enabled may be affected if they use custom verification
|
||||
callbacks.
|
||||
|
||||
This issue was reported to OpenSSL by Robert Swiecki (Google), and
|
||||
independently by Hanno B<>ck.
|
||||
(CVE-2015-1789)
|
||||
[Emilia K<>sper]
|
||||
|
||||
*) PKCS7 crash with missing EnvelopedContent
|
||||
|
||||
The PKCS#7 parsing code does not handle missing inner EncryptedContent
|
||||
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
|
||||
with missing content and trigger a NULL pointer dereference on parsing.
|
||||
|
||||
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
|
||||
structures from untrusted sources are affected. OpenSSL clients and
|
||||
servers are not affected.
|
||||
|
||||
This issue was reported to OpenSSL by Michal Zalewski (Google).
|
||||
(CVE-2015-1790)
|
||||
[Emilia K<>sper]
|
||||
|
||||
*) CMS verify infinite loop with unknown hash function
|
||||
|
||||
When verifying a signedData message the CMS code can enter an infinite loop
|
||||
if presented with an unknown hash function OID. This can be used to perform
|
||||
denial of service against any system which verifies signedData messages using
|
||||
the CMS code.
|
||||
This issue was reported to OpenSSL by Johannes Bauer.
|
||||
(CVE-2015-1792)
|
||||
[Stephen Henson]
|
||||
|
||||
*) Race condition handling NewSessionTicket
|
||||
|
||||
If a NewSessionTicket is received by a multi-threaded client when attempting to
|
||||
reuse a previous ticket then a race condition can occur potentially leading to
|
||||
a double free of the ticket data.
|
||||
(CVE-2015-1791)
|
||||
[Matt Caswell]
|
||||
|
||||
Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]
|
||||
|
||||
*) Segmentation fault in ASN1_TYPE_cmp fix
|
||||
|
||||
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
|
||||
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
|
||||
certificate signature algorithm consistency this can be used to crash any
|
||||
certificate verification operation and exploited in a DoS attack. Any
|
||||
application which performs certificate verification is vulnerable including
|
||||
OpenSSL clients and servers which enable client authentication.
|
||||
(CVE-2015-0286)
|
||||
[Stephen Henson]
|
||||
|
||||
*) ASN.1 structure reuse memory corruption fix
|
||||
|
||||
Reusing a structure in ASN.1 parsing may allow an attacker to cause
|
||||
memory corruption via an invalid write. Such reuse is and has been
|
||||
strongly discouraged and is believed to be rare.
|
||||
|
||||
Applications that parse structures containing CHOICE or ANY DEFINED BY
|
||||
components may be affected. Certificate parsing (d2i_X509 and related
|
||||
functions) are however not affected. OpenSSL clients and servers are
|
||||
not affected.
|
||||
(CVE-2015-0287)
|
||||
[Stephen Henson]
|
||||
|
||||
*) PKCS7 NULL pointer dereferences fix
|
||||
|
||||
The PKCS#7 parsing code does not handle missing outer ContentInfo
|
||||
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
|
||||
missing content and trigger a NULL pointer dereference on parsing.
|
||||
|
||||
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
|
||||
otherwise parse PKCS#7 structures from untrusted sources are
|
||||
affected. OpenSSL clients and servers are not affected.
|
||||
|
||||
This issue was reported to OpenSSL by Michal Zalewski (Google).
|
||||
(CVE-2015-0289)
|
||||
[Emilia K<>sper]
|
||||
|
||||
*) DoS via reachable assert in SSLv2 servers fix
|
||||
|
||||
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
|
||||
servers that both support SSLv2 and enable export cipher suites by sending
|
||||
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
|
||||
|
||||
This issue was discovered by Sean Burford (Google) and Emilia K<>sper
|
||||
(OpenSSL development team).
|
||||
(CVE-2015-0293)
|
||||
[Emilia K<>sper]
|
||||
|
||||
*) Use After Free following d2i_ECPrivatekey error fix
|
||||
|
||||
A malformed EC private key file consumed via the d2i_ECPrivateKey function
|
||||
could cause a use after free condition. This, in turn, could cause a double
|
||||
free in several private key parsing functions (such as d2i_PrivateKey
|
||||
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
|
||||
for applications that receive EC private keys from untrusted
|
||||
sources. This scenario is considered rare.
|
||||
|
||||
This issue was discovered by the BoringSSL project and fixed in their
|
||||
commit 517073cd4b.
|
||||
(CVE-2015-0209)
|
||||
[Matt Caswell]
|
||||
|
||||
*) X509_to_X509_REQ NULL pointer deref fix
|
||||
|
||||
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
|
||||
the certificate key is invalid. This function is rarely used in practice.
|
||||
|
||||
This issue was discovered by Brian Carpenter.
|
||||
(CVE-2015-0288)
|
||||
[Stephen Henson]
|
||||
|
||||
*) Removed the export and SSLv2 ciphers from the DEFAULT ciphers
|
||||
[Kurt Roeckx]
|
||||
|
||||
Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015]
|
||||
|
||||
|
||||
18
NEWS
18
NEWS
@@ -5,9 +5,23 @@
|
||||
This file gives a brief overview of the major changes between each OpenSSL
|
||||
release. For more details please read the CHANGES file.
|
||||
|
||||
Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [under development]
|
||||
Major changes between OpenSSL 0.9.8zf and OpenSSL 0.9.8zg [11 Jun 2015]
|
||||
|
||||
o
|
||||
o Malformed ECParameters causes infinite loop (CVE-2015-1788)
|
||||
o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
|
||||
o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
|
||||
o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
|
||||
o Race condition handling NewSessionTicket (CVE-2015-1791)
|
||||
|
||||
Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [19 Mar 2015]
|
||||
|
||||
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
|
||||
o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
|
||||
o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
|
||||
o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
|
||||
o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
|
||||
o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
|
||||
o Removed the export ciphers from the DEFAULT ciphers
|
||||
|
||||
Major changes between OpenSSL 0.9.8zd and OpenSSL 0.9.8ze [15 Jan 2015]
|
||||
|
||||
|
||||
2
README
2
README
@@ -1,5 +1,5 @@
|
||||
|
||||
OpenSSL 0.9.8zf-dev
|
||||
OpenSSL 0.9.8zg 11 Jun 2015
|
||||
|
||||
Copyright (c) 1998-2011 The OpenSSL Project
|
||||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
|
||||
|
||||
@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
else {
|
||||
ret = a->length;
|
||||
i = a->data[0];
|
||||
if (ret == 1 && i == 0)
|
||||
neg = 0;
|
||||
if (!neg && (i > 127)) {
|
||||
pad = 1;
|
||||
pb = 0;
|
||||
@@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
|
||||
p += a->length - 1;
|
||||
i = a->length;
|
||||
/* Copy zeros to destination as long as source is zero */
|
||||
while (!*n) {
|
||||
while (!*n && i > 1) {
|
||||
*(p--) = 0;
|
||||
n--;
|
||||
i--;
|
||||
@@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
|
||||
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (BN_is_negative(bn))
|
||||
if (BN_is_negative(bn) && !BN_is_zero(bn))
|
||||
ret->type = V_ASN1_NEG_INTEGER;
|
||||
else
|
||||
ret->type = V_ASN1_INTEGER;
|
||||
|
||||
@@ -116,6 +116,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
|
||||
case V_ASN1_OBJECT:
|
||||
result = OBJ_cmp(a->value.object, b->value.object);
|
||||
break;
|
||||
case V_ASN1_BOOLEAN:
|
||||
result = a->value.boolean - b->value.boolean;
|
||||
break;
|
||||
case V_ASN1_NULL:
|
||||
result = 0; /* They do not have content. */
|
||||
break;
|
||||
|
||||
@@ -68,7 +68,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
|
||||
/* Since the structure must still be valid use ASN1_OP_FREE_PRE */
|
||||
if (operation == ASN1_OP_FREE_PRE) {
|
||||
PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
|
||||
if (key->pkey->value.octet_string)
|
||||
if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING
|
||||
&& key->pkey->value.octet_string != NULL)
|
||||
OPENSSL_cleanse(key->pkey->value.octet_string->data,
|
||||
key->pkey->value.octet_string->length);
|
||||
}
|
||||
|
||||
@@ -302,9 +302,16 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
case ASN1_ITYPE_CHOICE:
|
||||
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
|
||||
goto auxerr;
|
||||
|
||||
/* Allocate structure */
|
||||
if (!*pval && !ASN1_item_ex_new(pval, it)) {
|
||||
if (*pval) {
|
||||
/* Free up and zero CHOICE value if initialised */
|
||||
i = asn1_get_choice_selector(pval, it);
|
||||
if ((i >= 0) && (i < it->tcount)) {
|
||||
tt = it->templates + i;
|
||||
pchptr = asn1_get_field_ptr(pval, tt);
|
||||
ASN1_template_free(pchptr, tt);
|
||||
asn1_set_choice_selector(pval, -1, it);
|
||||
}
|
||||
} else if (!ASN1_item_ex_new(pval, it)) {
|
||||
ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
|
||||
goto err;
|
||||
}
|
||||
@@ -384,6 +391,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
||||
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
|
||||
goto auxerr;
|
||||
|
||||
/* Free up and zero any ADB found */
|
||||
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
|
||||
if (tt->flags & ASN1_TFLG_ADB_MASK) {
|
||||
const ASN1_TEMPLATE *seqtt;
|
||||
ASN1_VALUE **pseqval;
|
||||
seqtt = asn1_do_adb(pval, tt, 1);
|
||||
pseqval = asn1_get_field_ptr(pval, seqtt);
|
||||
ASN1_template_free(pseqval, seqtt);
|
||||
}
|
||||
}
|
||||
|
||||
/* Get each field entry */
|
||||
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
|
||||
const ASN1_TEMPLATE *seqtt;
|
||||
|
||||
@@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
||||
else
|
||||
asn1_cb = 0;
|
||||
|
||||
if (!combine)
|
||||
*pval = NULL;
|
||||
|
||||
#ifdef CRYPTO_MDEBUG
|
||||
if (it->sname)
|
||||
CRYPTO_push_info(it->sname);
|
||||
|
||||
@@ -98,46 +98,55 @@ ASN1_ITEM_end(CBIGNUM)
|
||||
|
||||
static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
|
||||
{
|
||||
*pval = (ASN1_VALUE *)BN_new();
|
||||
if(*pval) return 1;
|
||||
else return 0;
|
||||
*pval = (ASN1_VALUE *)BN_new();
|
||||
if (*pval)
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
|
||||
{
|
||||
if(!*pval) return;
|
||||
if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
|
||||
else BN_free((BIGNUM *)*pval);
|
||||
*pval = NULL;
|
||||
if (!*pval)
|
||||
return;
|
||||
if (it->size & BN_SENSITIVE)
|
||||
BN_clear_free((BIGNUM *)*pval);
|
||||
else
|
||||
BN_free((BIGNUM *)*pval);
|
||||
*pval = NULL;
|
||||
}
|
||||
|
||||
static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
|
||||
static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
|
||||
const ASN1_ITEM *it)
|
||||
{
|
||||
BIGNUM *bn;
|
||||
int pad;
|
||||
if(!*pval) return -1;
|
||||
bn = (BIGNUM *)*pval;
|
||||
/* If MSB set in an octet we need a padding byte */
|
||||
if(BN_num_bits(bn) & 0x7) pad = 0;
|
||||
else pad = 1;
|
||||
if(cont) {
|
||||
if(pad) *cont++ = 0;
|
||||
BN_bn2bin(bn, cont);
|
||||
}
|
||||
return pad + BN_num_bytes(bn);
|
||||
BIGNUM *bn;
|
||||
int pad;
|
||||
if (!*pval)
|
||||
return -1;
|
||||
bn = (BIGNUM *)*pval;
|
||||
/* If MSB set in an octet we need a padding byte */
|
||||
if (BN_num_bits(bn) & 0x7)
|
||||
pad = 0;
|
||||
else
|
||||
pad = 1;
|
||||
if (cont) {
|
||||
if (pad)
|
||||
*cont++ = 0;
|
||||
BN_bn2bin(bn, cont);
|
||||
}
|
||||
return pad + BN_num_bytes(bn);
|
||||
}
|
||||
|
||||
static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
||||
int utype, char *free_cont, const ASN1_ITEM *it)
|
||||
{
|
||||
BIGNUM *bn;
|
||||
if(!*pval) bn_new(pval, it);
|
||||
bn = (BIGNUM *)*pval;
|
||||
if(!BN_bin2bn(cont, len, bn)) {
|
||||
bn_free(pval, it);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
BIGNUM *bn;
|
||||
if (!*pval)
|
||||
bn_new(pval, it);
|
||||
bn = (BIGNUM *)*pval;
|
||||
if (!BN_bin2bn(cont, len, bn)) {
|
||||
bn_free(pval, it);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -94,81 +94,94 @@ ASN1_ITEM_end(ZLONG)
|
||||
|
||||
static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
|
||||
{
|
||||
*(long *)pval = it->size;
|
||||
return 1;
|
||||
*(long *)pval = it->size;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
|
||||
{
|
||||
*(long *)pval = it->size;
|
||||
*(long *)pval = it->size;
|
||||
}
|
||||
|
||||
static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
|
||||
static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
|
||||
const ASN1_ITEM *it)
|
||||
{
|
||||
long ltmp;
|
||||
unsigned long utmp;
|
||||
int clen, pad, i;
|
||||
/* this exists to bypass broken gcc optimization */
|
||||
char *cp = (char *)pval;
|
||||
long ltmp;
|
||||
unsigned long utmp;
|
||||
int clen, pad, i;
|
||||
/* this exists to bypass broken gcc optimization */
|
||||
char *cp = (char *)pval;
|
||||
|
||||
/* use memcpy, because we may not be long aligned */
|
||||
memcpy(<mp, cp, sizeof(long));
|
||||
/* use memcpy, because we may not be long aligned */
|
||||
memcpy(<mp, cp, sizeof(long));
|
||||
|
||||
if(ltmp == it->size) return -1;
|
||||
/* Convert the long to positive: we subtract one if negative so
|
||||
* we can cleanly handle the padding if only the MSB of the leading
|
||||
* octet is set.
|
||||
*/
|
||||
if(ltmp < 0) utmp = -ltmp - 1;
|
||||
else utmp = ltmp;
|
||||
clen = BN_num_bits_word(utmp);
|
||||
/* If MSB of leading octet set we need to pad */
|
||||
if(!(clen & 0x7)) pad = 1;
|
||||
else pad = 0;
|
||||
if (ltmp == it->size)
|
||||
return -1;
|
||||
/*
|
||||
* Convert the long to positive: we subtract one if negative so we can
|
||||
* cleanly handle the padding if only the MSB of the leading octet is
|
||||
* set.
|
||||
*/
|
||||
if (ltmp < 0)
|
||||
utmp = -ltmp - 1;
|
||||
else
|
||||
utmp = ltmp;
|
||||
clen = BN_num_bits_word(utmp);
|
||||
/* If MSB of leading octet set we need to pad */
|
||||
if (!(clen & 0x7))
|
||||
pad = 1;
|
||||
else
|
||||
pad = 0;
|
||||
|
||||
/* Convert number of bits to number of octets */
|
||||
clen = (clen + 7) >> 3;
|
||||
/* Convert number of bits to number of octets */
|
||||
clen = (clen + 7) >> 3;
|
||||
|
||||
if(cont) {
|
||||
if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
|
||||
for(i = clen - 1; i >= 0; i--) {
|
||||
cont[i] = (unsigned char)(utmp & 0xff);
|
||||
if(ltmp < 0) cont[i] ^= 0xff;
|
||||
utmp >>= 8;
|
||||
}
|
||||
if (cont) {
|
||||
if (pad)
|
||||
*cont++ = (ltmp < 0) ? 0xff : 0;
|
||||
for (i = clen - 1; i >= 0; i--) {
|
||||
cont[i] = (unsigned char)(utmp & 0xff);
|
||||
if (ltmp < 0)
|
||||
cont[i] ^= 0xff;
|
||||
utmp >>= 8;
|
||||
}
|
||||
return clen + pad;
|
||||
}
|
||||
return clen + pad;
|
||||
}
|
||||
|
||||
static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
||||
int utype, char *free_cont, const ASN1_ITEM *it)
|
||||
{
|
||||
int neg, i;
|
||||
long ltmp;
|
||||
unsigned long utmp = 0;
|
||||
char *cp = (char *)pval;
|
||||
if(len > (int)sizeof(long)) {
|
||||
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
|
||||
return 0;
|
||||
}
|
||||
/* Is it negative? */
|
||||
if(len && (cont[0] & 0x80)) neg = 1;
|
||||
else neg = 0;
|
||||
utmp = 0;
|
||||
for(i = 0; i < len; i++) {
|
||||
utmp <<= 8;
|
||||
if(neg) utmp |= cont[i] ^ 0xff;
|
||||
else utmp |= cont[i];
|
||||
}
|
||||
ltmp = (long)utmp;
|
||||
if(neg) {
|
||||
ltmp++;
|
||||
ltmp = -ltmp;
|
||||
}
|
||||
if(ltmp == it->size) {
|
||||
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
|
||||
return 0;
|
||||
}
|
||||
memcpy(cp, <mp, sizeof(long));
|
||||
return 1;
|
||||
int neg, i;
|
||||
long ltmp;
|
||||
unsigned long utmp = 0;
|
||||
char *cp = (char *)pval;
|
||||
if (len > (int)sizeof(long)) {
|
||||
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
|
||||
return 0;
|
||||
}
|
||||
/* Is it negative? */
|
||||
if (len && (cont[0] & 0x80))
|
||||
neg = 1;
|
||||
else
|
||||
neg = 0;
|
||||
utmp = 0;
|
||||
for (i = 0; i < len; i++) {
|
||||
utmp <<= 8;
|
||||
if (neg)
|
||||
utmp |= cont[i] ^ 0xff;
|
||||
else
|
||||
utmp |= cont[i];
|
||||
}
|
||||
ltmp = (long)utmp;
|
||||
if (neg) {
|
||||
ltmp++;
|
||||
ltmp = -ltmp;
|
||||
}
|
||||
if (ltmp == it->size) {
|
||||
ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
|
||||
return 0;
|
||||
}
|
||||
memcpy(cp, <mp, sizeof(long));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -179,8 +179,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
||||
{
|
||||
const unsigned char *q;
|
||||
X509 *ret;
|
||||
int freeret = 0;
|
||||
|
||||
/* Save start position */
|
||||
q = *pp;
|
||||
|
||||
if (!a || *a == NULL) {
|
||||
freeret = 1;
|
||||
}
|
||||
ret = d2i_X509(a, pp, length);
|
||||
/* If certificate unreadable then forget it */
|
||||
if (!ret)
|
||||
@@ -193,7 +199,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
|
||||
goto err;
|
||||
return ret;
|
||||
err:
|
||||
X509_free(ret);
|
||||
if (freeret) {
|
||||
X509_free(ret);
|
||||
if (a)
|
||||
*a = NULL;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
@@ -871,6 +871,7 @@ void ERR_load_BN_strings(void);
|
||||
# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
|
||||
# define BN_F_BN_GF2M_MOD_SQR 136
|
||||
# define BN_F_BN_GF2M_MOD_SQRT 137
|
||||
# define BN_F_BN_LSHIFT 145
|
||||
# define BN_F_BN_MOD_EXP2_MONT 118
|
||||
# define BN_F_BN_MOD_EXP_MONT 109
|
||||
# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
|
||||
@@ -886,12 +887,14 @@ void ERR_load_BN_strings(void);
|
||||
# define BN_F_BN_NEW 113
|
||||
# define BN_F_BN_RAND 114
|
||||
# define BN_F_BN_RAND_RANGE 122
|
||||
# define BN_F_BN_RSHIFT 146
|
||||
# define BN_F_BN_USUB 115
|
||||
|
||||
/* Reason codes. */
|
||||
# define BN_R_ARG2_LT_ARG3 100
|
||||
# define BN_R_BAD_RECIPROCAL 101
|
||||
# define BN_R_BIGNUM_TOO_LONG 114
|
||||
# define BN_R_BITS_TOO_SMALL 118
|
||||
# define BN_R_CALLED_WITH_EVEN_MODULUS 102
|
||||
# define BN_R_DIV_BY_ZERO 103
|
||||
# define BN_R_ENCODING_ERROR 104
|
||||
@@ -899,6 +902,7 @@ void ERR_load_BN_strings(void);
|
||||
# define BN_R_INPUT_NOT_REDUCED 110
|
||||
# define BN_R_INVALID_LENGTH 106
|
||||
# define BN_R_INVALID_RANGE 115
|
||||
# define BN_R_INVALID_SHIFT 119
|
||||
# define BN_R_NOT_A_SQUARE 111
|
||||
# define BN_R_NOT_INITIALIZED 107
|
||||
# define BN_R_NO_INVERSE 108
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/* crypto/bn/bn_err.c */
|
||||
/* ====================================================================
|
||||
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
|
||||
* Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = {
|
||||
{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
|
||||
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
|
||||
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
|
||||
{ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
|
||||
{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
|
||||
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
|
||||
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
|
||||
@@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = {
|
||||
{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
|
||||
{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
|
||||
{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
|
||||
{ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
|
||||
{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
|
||||
{0, NULL}
|
||||
};
|
||||
@@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = {
|
||||
{ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
|
||||
{ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
|
||||
{ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
|
||||
{ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"},
|
||||
{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
|
||||
{ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
|
||||
{ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
|
||||
@@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] = {
|
||||
{ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
|
||||
{ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
|
||||
{ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
|
||||
{ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"},
|
||||
{ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
|
||||
{ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
|
||||
{ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
|
||||
|
||||
@@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
|
||||
char *buf;
|
||||
char *p;
|
||||
|
||||
buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
|
||||
if (a->neg && BN_is_zero(a)) {
|
||||
/* "-0" == 3 bytes including NULL terminator */
|
||||
buf = OPENSSL_malloc(3);
|
||||
} else {
|
||||
buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
|
||||
}
|
||||
if (buf == NULL) {
|
||||
BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
|
||||
@@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
|
||||
int ret = 0, bit, bytes, mask;
|
||||
time_t tim;
|
||||
|
||||
if (bits < 0 || (bits == 1 && top > 0)) {
|
||||
BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (bits == 0) {
|
||||
BN_zero(rnd);
|
||||
return 1;
|
||||
@@ -168,7 +173,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
|
||||
}
|
||||
#endif
|
||||
|
||||
if (top != -1) {
|
||||
if (top >= 0) {
|
||||
if (top) {
|
||||
if (bit == 0) {
|
||||
buf[0] = 1;
|
||||
|
||||
@@ -133,6 +133,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
|
||||
bn_check_top(r);
|
||||
bn_check_top(a);
|
||||
|
||||
if (n < 0) {
|
||||
BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
|
||||
return 0;
|
||||
}
|
||||
|
||||
r->neg = a->neg;
|
||||
nw = n / BN_BITS2;
|
||||
if (bn_wexpand(r, a->top + nw + 1) == NULL)
|
||||
@@ -170,6 +175,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
|
||||
bn_check_top(r);
|
||||
bn_check_top(a);
|
||||
|
||||
if (n < 0) {
|
||||
BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
|
||||
return 0;
|
||||
}
|
||||
|
||||
nw = n / BN_BITS2;
|
||||
rb = n % BN_BITS2;
|
||||
lb = BN_BITS2 - rb;
|
||||
|
||||
@@ -722,7 +722,15 @@ int test_sqr(BIO *bp, BN_CTX *ctx)
|
||||
if (BN_cmp(c, d)) {
|
||||
fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
|
||||
"different results!\n");
|
||||
#ifdef OPENSSL_FIPS
|
||||
/*
|
||||
* This test fails if we are linked to the FIPS module. Unfortunately
|
||||
* that can't be fixed so we print out the error but continue anyway.
|
||||
*/
|
||||
fprintf(stderr, " FIPS build: ignoring.\n");
|
||||
#else
|
||||
goto err;
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Regression test for a BN_sqr overflow bug. */
|
||||
|
||||
@@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *upto)
|
||||
BIO_free(f);
|
||||
f = tbio;
|
||||
}
|
||||
while (f != upto);
|
||||
while (f && f != upto);
|
||||
} else
|
||||
BIO_free_all(f);
|
||||
}
|
||||
|
||||
327
crypto/des/spr.h
327
crypto/des/spr.h
@@ -58,180 +58,155 @@
|
||||
|
||||
OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = {
|
||||
{
|
||||
/* nibble 0 */
|
||||
0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
|
||||
0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
|
||||
0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
|
||||
0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
|
||||
0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
|
||||
0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
|
||||
0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
|
||||
0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
|
||||
0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
|
||||
0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
|
||||
0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
|
||||
0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
|
||||
0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
|
||||
0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
|
||||
0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
|
||||
0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
|
||||
}, {
|
||||
/* nibble 1 */
|
||||
0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
|
||||
0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
|
||||
0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
|
||||
0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
|
||||
0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
|
||||
0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
|
||||
0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
|
||||
0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
|
||||
0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
|
||||
0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
|
||||
0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
|
||||
0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
|
||||
0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
|
||||
0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
|
||||
0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
|
||||
0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
|
||||
}, {
|
||||
/* nibble 2 */
|
||||
0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
|
||||
0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
|
||||
0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
|
||||
0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
|
||||
0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
|
||||
0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
|
||||
0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
|
||||
0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
|
||||
0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
|
||||
0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
|
||||
0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
|
||||
0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
|
||||
0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
|
||||
0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
|
||||
0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
|
||||
0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
|
||||
}, {
|
||||
/* nibble 3 */
|
||||
0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
|
||||
0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
|
||||
0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
|
||||
0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
|
||||
0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
|
||||
0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
|
||||
0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
|
||||
0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
|
||||
0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
|
||||
0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
|
||||
0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
|
||||
0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
|
||||
0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
|
||||
0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
|
||||
0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
|
||||
0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
|
||||
}, {
|
||||
/* nibble 4 */
|
||||
0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
|
||||
0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
|
||||
0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
|
||||
0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
|
||||
0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
|
||||
0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
|
||||
0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
|
||||
0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
|
||||
0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
|
||||
0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
|
||||
0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
|
||||
0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
|
||||
0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
|
||||
0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
|
||||
0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
|
||||
0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
|
||||
}, {
|
||||
/* nibble 5 */
|
||||
0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
|
||||
0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
|
||||
0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
|
||||
0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
|
||||
0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
|
||||
0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
|
||||
0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
|
||||
0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
|
||||
0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
|
||||
0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
|
||||
0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
|
||||
0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
|
||||
0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
|
||||
0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
|
||||
0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
|
||||
0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
|
||||
}, {
|
||||
/* nibble 6 */
|
||||
0x00004000L, 0x00000200L, 0x01000200L,
|
||||
0x01000004L,
|
||||
0x01004204L, 0x00004004L, 0x00004200L,
|
||||
0x00000000L,
|
||||
0x01000000L, 0x01000204L, 0x00000204L,
|
||||
0x01004000L,
|
||||
0x00000004L, 0x01004200L, 0x01004000L,
|
||||
0x00000204L,
|
||||
0x01000204L, 0x00004000L, 0x00004004L,
|
||||
0x01004204L,
|
||||
0x00000000L, 0x01000200L, 0x01000004L,
|
||||
0x00004200L,
|
||||
0x01004004L, 0x00004204L, 0x01004200L,
|
||||
0x00000004L,
|
||||
0x00004204L, 0x01004004L, 0x00000200L,
|
||||
0x01000000L,
|
||||
0x00004204L, 0x01004000L, 0x01004004L,
|
||||
0x00000204L,
|
||||
0x00004000L, 0x00000200L, 0x01000000L,
|
||||
0x01004004L,
|
||||
0x01000204L, 0x00004204L, 0x00004200L,
|
||||
0x00000000L,
|
||||
0x00000200L, 0x01000004L, 0x00000004L,
|
||||
0x01000200L,
|
||||
0x00000000L, 0x01000204L, 0x01000200L,
|
||||
0x00004200L,
|
||||
0x00000204L, 0x00004000L, 0x01004204L,
|
||||
0x01000000L,
|
||||
0x01004200L, 0x00000004L, 0x00004004L,
|
||||
0x01004204L,
|
||||
0x01000004L, 0x01004200L, 0x01004000L,
|
||||
0x00004004L,
|
||||
}, {
|
||||
/* nibble 7 */
|
||||
0x20800080L, 0x20820000L, 0x00020080L,
|
||||
0x00000000L,
|
||||
0x20020000L, 0x00800080L, 0x20800000L,
|
||||
0x20820080L,
|
||||
0x00000080L, 0x20000000L, 0x00820000L,
|
||||
0x00020080L,
|
||||
0x00820080L, 0x20020080L, 0x20000080L,
|
||||
0x20800000L,
|
||||
0x00020000L, 0x00820080L, 0x00800080L,
|
||||
0x20020000L,
|
||||
0x20820080L, 0x20000080L, 0x00000000L,
|
||||
0x00820000L,
|
||||
0x20000000L, 0x00800000L, 0x20020080L,
|
||||
0x20800080L,
|
||||
0x00800000L, 0x00020000L, 0x20820000L,
|
||||
0x00000080L,
|
||||
0x00800000L, 0x00020000L, 0x20000080L,
|
||||
0x20820080L,
|
||||
0x00020080L, 0x20000000L, 0x00000000L,
|
||||
0x00820000L,
|
||||
0x20800080L, 0x20020080L, 0x20020000L,
|
||||
0x00800080L,
|
||||
0x20820000L, 0x00000080L, 0x00800080L,
|
||||
0x20020000L,
|
||||
0x20820080L, 0x00800000L, 0x20800000L,
|
||||
0x20000080L,
|
||||
0x00820000L, 0x00020080L, 0x20020080L,
|
||||
0x20800000L,
|
||||
0x00000080L, 0x20820000L, 0x00820080L,
|
||||
0x00000000L,
|
||||
0x20000000L, 0x20800080L, 0x00020000L,
|
||||
0x00820080L,
|
||||
}
|
||||
/* nibble 0 */
|
||||
0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
|
||||
0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
|
||||
0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
|
||||
0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
|
||||
0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
|
||||
0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
|
||||
0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
|
||||
0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
|
||||
0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
|
||||
0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
|
||||
0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
|
||||
0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
|
||||
0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
|
||||
0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
|
||||
0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
|
||||
0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
|
||||
},
|
||||
{
|
||||
/* nibble 1 */
|
||||
0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
|
||||
0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
|
||||
0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
|
||||
0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
|
||||
0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
|
||||
0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
|
||||
0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
|
||||
0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
|
||||
0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
|
||||
0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
|
||||
0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
|
||||
0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
|
||||
0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
|
||||
0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
|
||||
0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
|
||||
0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
|
||||
},
|
||||
{
|
||||
/* nibble 2 */
|
||||
0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
|
||||
0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
|
||||
0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
|
||||
0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
|
||||
0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
|
||||
0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
|
||||
0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
|
||||
0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
|
||||
0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
|
||||
0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
|
||||
0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
|
||||
0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
|
||||
0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
|
||||
0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
|
||||
0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
|
||||
0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
|
||||
},
|
||||
{
|
||||
/* nibble 3 */
|
||||
0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
|
||||
0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
|
||||
0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
|
||||
0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
|
||||
0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
|
||||
0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
|
||||
0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
|
||||
0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
|
||||
0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
|
||||
0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
|
||||
0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
|
||||
0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
|
||||
0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
|
||||
0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
|
||||
0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
|
||||
0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
|
||||
},
|
||||
{
|
||||
/* nibble 4 */
|
||||
0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
|
||||
0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
|
||||
0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
|
||||
0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
|
||||
0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
|
||||
0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
|
||||
0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
|
||||
0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
|
||||
0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
|
||||
0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
|
||||
0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
|
||||
0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
|
||||
0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
|
||||
0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
|
||||
0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
|
||||
0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
|
||||
},
|
||||
{
|
||||
/* nibble 5 */
|
||||
0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
|
||||
0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
|
||||
0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
|
||||
0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
|
||||
0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
|
||||
0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
|
||||
0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
|
||||
0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
|
||||
0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
|
||||
0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
|
||||
0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
|
||||
0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
|
||||
0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
|
||||
0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
|
||||
0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
|
||||
0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
|
||||
},
|
||||
{
|
||||
/* nibble 6 */
|
||||
0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
|
||||
0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
|
||||
0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
|
||||
0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
|
||||
0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
|
||||
0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
|
||||
0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
|
||||
0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
|
||||
0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
|
||||
0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
|
||||
0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
|
||||
0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
|
||||
0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
|
||||
0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
|
||||
0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
|
||||
0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
|
||||
},
|
||||
{
|
||||
/* nibble 7 */
|
||||
0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
|
||||
0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
|
||||
0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
|
||||
0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
|
||||
0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
|
||||
0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
|
||||
0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
|
||||
0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
|
||||
0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
|
||||
0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
|
||||
0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
|
||||
0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
|
||||
0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
|
||||
0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
|
||||
0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
|
||||
0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
|
||||
}
|
||||
};
|
||||
|
||||
@@ -107,23 +107,23 @@ static DSA_METHOD openssl_dsa_meth = {
|
||||
# define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
|
||||
do { \
|
||||
int _tmp_res53; \
|
||||
if((dsa)->meth->dsa_mod_exp) \
|
||||
if ((dsa)->meth->dsa_mod_exp) \
|
||||
_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
|
||||
(a2), (p2), (m), (ctx), (in_mont)); \
|
||||
else \
|
||||
_tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
|
||||
(m), (ctx), (in_mont)); \
|
||||
if(!_tmp_res53) err_instr; \
|
||||
if (!_tmp_res53) err_instr; \
|
||||
} while(0)
|
||||
# define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
|
||||
do { \
|
||||
int _tmp_res53; \
|
||||
if((dsa)->meth->bn_mod_exp) \
|
||||
if ((dsa)->meth->bn_mod_exp) \
|
||||
_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
|
||||
(m), (ctx), (m_ctx)); \
|
||||
else \
|
||||
_tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
|
||||
if(!_tmp_res53) err_instr; \
|
||||
if (!_tmp_res53) err_instr; \
|
||||
} while(0)
|
||||
|
||||
const DSA_METHOD *DSA_OpenSSL(void)
|
||||
|
||||
@@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
|
||||
* honest. For one thing, I think I have to return a negative value for any
|
||||
* error because possible DSO_ctrl() commands may return values such as
|
||||
* "size"s that can legitimately be zero (making the standard
|
||||
* "if(DSO_cmd(...))" form that works almost everywhere else fail at odd
|
||||
* "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
|
||||
* times. I'd prefer "output" values to be passed by reference and the return
|
||||
* value as success/failure like usual ... but we conform when we must... :-)
|
||||
*/
|
||||
|
||||
@@ -677,7 +677,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
}
|
||||
|
||||
/* test required by X9.62 */
|
||||
if (!EC_POINT_is_on_curve(group, point, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
|
||||
ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (a)
|
||||
*a = ret;
|
||||
} else
|
||||
ret = *a;
|
||||
|
||||
@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
|
||||
}
|
||||
}
|
||||
|
||||
if (a)
|
||||
*a = ret;
|
||||
ok = 1;
|
||||
err:
|
||||
if (!ok) {
|
||||
if (ret)
|
||||
if (ret && (a == NULL || *a != ret))
|
||||
EC_KEY_free(ret);
|
||||
ret = NULL;
|
||||
}
|
||||
@@ -1196,16 +1196,19 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
|
||||
ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
if (a)
|
||||
*a = ret;
|
||||
} else
|
||||
ret = *a;
|
||||
|
||||
if (!d2i_ECPKParameters(&ret->group, in, len)) {
|
||||
ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
|
||||
if (a == NULL || *a != ret)
|
||||
EC_KEY_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (a)
|
||||
*a = ret;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
|
||||
ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
|
||||
goto err;
|
||||
}
|
||||
if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -304,7 +304,7 @@ int EC_KEY_check_key(const EC_KEY *eckey)
|
||||
goto err;
|
||||
|
||||
/* testing whether the pub_key is on the elliptic curve */
|
||||
if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
|
||||
if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -993,6 +993,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
|
||||
return group->meth->is_at_infinity(group, point);
|
||||
}
|
||||
|
||||
/*
|
||||
* Check whether an EC_POINT is on the curve or not. Note that the return
|
||||
* value for this function should NOT be treated as a boolean. Return values:
|
||||
* 1: The point is on the curve
|
||||
* 0: The point is not on the curve
|
||||
* -1: An error occurred
|
||||
*/
|
||||
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
|
||||
BN_CTX *ctx)
|
||||
{
|
||||
|
||||
@@ -985,7 +985,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
|
||||
}
|
||||
|
||||
/* test required by X9.62 */
|
||||
if (!EC_POINT_is_on_curve(group, point, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
|
||||
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -303,7 +303,7 @@ void prime_field_tests()
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, Q, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
|
||||
if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
|
||||
ABORT;
|
||||
fprintf(stderr, "Point is not on curve: x = 0x");
|
||||
@@ -436,7 +436,7 @@ void prime_field_tests()
|
||||
ABORT;
|
||||
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
|
||||
ABORT;
|
||||
@@ -501,7 +501,7 @@ void prime_field_tests()
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
|
||||
ABORT;
|
||||
@@ -572,7 +572,7 @@ void prime_field_tests()
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn
|
||||
(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
|
||||
@@ -649,7 +649,7 @@ void prime_field_tests()
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
|
||||
"84F3B9CAC2FC632551"))
|
||||
@@ -723,7 +723,7 @@ void prime_field_tests()
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
|
||||
@@ -800,7 +800,7 @@ void prime_field_tests()
|
||||
ABORT;
|
||||
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
|
||||
"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
|
||||
@@ -862,7 +862,7 @@ void prime_field_tests()
|
||||
ABORT;
|
||||
if (!EC_POINT_dbl(group, P, P, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!EC_POINT_invert(group, Q, ctx))
|
||||
ABORT; /* P = -2Q */
|
||||
@@ -1004,7 +1004,7 @@ void prime_field_tests()
|
||||
# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
|
||||
if (!BN_hex2bn(&x, _x)) ABORT; \
|
||||
if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
|
||||
if (!BN_hex2bn(&z, _order)) ABORT; \
|
||||
if (!BN_hex2bn(&cof, _cof)) ABORT; \
|
||||
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
|
||||
@@ -1022,7 +1022,7 @@ void prime_field_tests()
|
||||
if (!BN_hex2bn(&x, _x)) ABORT; \
|
||||
if (!BN_hex2bn(&y, _y)) ABORT; \
|
||||
if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
|
||||
if (!BN_hex2bn(&z, _order)) ABORT; \
|
||||
if (!BN_hex2bn(&cof, _cof)) ABORT; \
|
||||
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
|
||||
@@ -1161,7 +1161,7 @@ void char2_field_tests()
|
||||
if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
|
||||
ABORT;
|
||||
# endif
|
||||
if (!EC_POINT_is_on_curve(group, Q, ctx)) {
|
||||
if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) {
|
||||
/* Change test based on whether binary point compression is enabled or not. */
|
||||
# ifdef OPENSSL_EC_BIN_PT_COMP
|
||||
if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
|
||||
@@ -1382,7 +1382,7 @@ void char2_field_tests()
|
||||
ABORT;
|
||||
if (!EC_POINT_dbl(group, P, P, ctx))
|
||||
ABORT;
|
||||
if (!EC_POINT_is_on_curve(group, P, ctx))
|
||||
if (EC_POINT_is_on_curve(group, P, ctx) <= 0)
|
||||
ABORT;
|
||||
if (!EC_POINT_invert(group, Q, ctx))
|
||||
ABORT; /* P = -2Q */
|
||||
|
||||
@@ -511,42 +511,104 @@ static void * __fastcall \
|
||||
REP_XCRYPT(code) \
|
||||
}
|
||||
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, 0xc8)
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, 0xd0)
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, 0xe0)
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, 0xe8)
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8)
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0)
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0)
|
||||
PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8)
|
||||
|
||||
static int __fastcall padlock_xstore(void *outp, unsigned int code)
|
||||
{
|
||||
_asm mov edi, ecx
|
||||
_asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0}
|
||||
static void __fastcall padlock_reload_key(void)
|
||||
_asm mov edi,ecx
|
||||
_asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0
|
||||
}
|
||||
|
||||
static void __fastcall padlock_reload_key(void)
|
||||
{
|
||||
_asm pushfd _asm popfd}
|
||||
static void __fastcall padlock_verify_context(void *cdata)
|
||||
_asm pushfd
|
||||
_asm popfd
|
||||
}
|
||||
|
||||
static void __fastcall padlock_verify_context(void *cdata)
|
||||
{
|
||||
_asm {
|
||||
pushfd bt DWORD PTR[esp], 30 jnc skip cmp ecx,
|
||||
padlock_saved_context je skip popfd sub esp,
|
||||
4 skip:add esp, 4 mov padlock_saved_context,
|
||||
ecx}} static int padlock_available(void)
|
||||
_asm {
|
||||
pushfd
|
||||
bt DWORD PTR[esp],30
|
||||
jnc skip
|
||||
cmp ecx,padlock_saved_context
|
||||
je skip
|
||||
popfd
|
||||
sub esp,4
|
||||
skip: add esp,4
|
||||
mov padlock_saved_context,ecx
|
||||
}
|
||||
}
|
||||
|
||||
static int
|
||||
padlock_available(void)
|
||||
{
|
||||
_asm {
|
||||
pushfd pop eax mov ecx, eax xor eax,
|
||||
1 << 21 push eax popfd pushfd pop eax xor eax, ecx bt eax,
|
||||
21 jnc noluck mov eax, 0 cpuid xor eax, eax cmp ebx,
|
||||
'tneC' jne noluck cmp edx, 'Hrua' jne noluck cmp ecx,
|
||||
'slua' jne noluck mov eax, 0xC0000000 cpuid mov edx,
|
||||
eax xor eax, eax cmp edx, 0xC0000001 jb noluck mov eax,
|
||||
0xC0000001 cpuid xor eax, eax bt edx, 6 jnc skip_a bt edx,
|
||||
7 jnc skip_a mov padlock_use_ace, 1 inc eax skip_a:bt edx,
|
||||
2 jnc skip_r bt edx, 3 jnc skip_r mov padlock_use_rng,
|
||||
1 inc eax skip_r:noluck:}} static void __fastcall
|
||||
padlock_bswapl(void *key)
|
||||
_asm {
|
||||
pushfd
|
||||
pop eax
|
||||
mov ecx,eax
|
||||
xor eax,1<<21
|
||||
push eax
|
||||
popfd
|
||||
pushfd
|
||||
pop eax
|
||||
xor eax,ecx
|
||||
bt eax,21
|
||||
jnc noluck
|
||||
mov eax,0
|
||||
cpuid
|
||||
xor eax,eax
|
||||
cmp ebx,'tneC'
|
||||
jne noluck
|
||||
cmp edx,'Hrua'
|
||||
jne noluck
|
||||
cmp ecx,'slua'
|
||||
jne noluck
|
||||
mov eax,0xC0000000
|
||||
cpuid
|
||||
mov edx,eax
|
||||
xor eax,eax
|
||||
cmp edx,0xC0000001
|
||||
jb noluck
|
||||
mov eax,0xC0000001
|
||||
cpuid
|
||||
xor eax,eax
|
||||
bt edx,6
|
||||
jnc skip_a
|
||||
bt edx,7
|
||||
jnc skip_a
|
||||
mov padlock_use_ace,1
|
||||
inc eax
|
||||
skip_a: bt edx,2
|
||||
jnc skip_r
|
||||
bt edx,3
|
||||
jnc skip_r
|
||||
mov padlock_use_rng,1
|
||||
inc eax
|
||||
skip_r:
|
||||
noluck:
|
||||
}
|
||||
}
|
||||
|
||||
static void __fastcall padlock_bswapl(void *key)
|
||||
{
|
||||
_asm {
|
||||
pushfd cld mov esi, ecx mov edi, ecx mov ecx, 60 up:lodsd
|
||||
bswap eax stosd loop up popfd}}
|
||||
_asm {
|
||||
pushfd
|
||||
cld
|
||||
mov esi,ecx
|
||||
mov edi,ecx
|
||||
mov ecx,60
|
||||
up: lodsd
|
||||
bswap eax
|
||||
stosd
|
||||
loop up
|
||||
popfd
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* MS actually specifies status of Direction Flag and compiler even manages
|
||||
* to compile following as 'rep movsd' all by itself...
|
||||
|
||||
@@ -231,8 +231,7 @@
|
||||
# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
|
||||
*((c)++)=(unsigned char)(((l)>>16)&0xff), \
|
||||
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
|
||||
*((c)++)=(unsigned char)(((l) )&0xff), \
|
||||
l)
|
||||
*((c)++)=(unsigned char)(((l) )&0xff) )
|
||||
# endif
|
||||
|
||||
#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
|
||||
@@ -252,8 +251,8 @@
|
||||
# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
|
||||
# ifndef B_ENDIAN
|
||||
/* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
|
||||
# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l)
|
||||
# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l)
|
||||
# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4)
|
||||
# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4)
|
||||
# endif
|
||||
# endif
|
||||
|
||||
@@ -267,8 +266,7 @@
|
||||
# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
|
||||
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
|
||||
*((c)++)=(unsigned char)(((l)>>16)&0xff), \
|
||||
*((c)++)=(unsigned char)(((l)>>24)&0xff), \
|
||||
l)
|
||||
*((c)++)=(unsigned char)(((l)>>24)&0xff) )
|
||||
# endif
|
||||
|
||||
#endif
|
||||
|
||||
@@ -382,6 +382,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
|
||||
if (a->nid != 0)
|
||||
return (a->nid);
|
||||
|
||||
if (a->length == 0)
|
||||
return NID_undef;
|
||||
|
||||
if (added != NULL) {
|
||||
ad.type = ADDED_DATA;
|
||||
ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
|
||||
|
||||
@@ -118,9 +118,9 @@ open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
|
||||
print OUT <<'EOF';
|
||||
/* crypto/objects/obj_mac.h */
|
||||
|
||||
/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
|
||||
* following command:
|
||||
* perl objects.pl objects.txt obj_mac.num obj_mac.h
|
||||
/*
|
||||
* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following
|
||||
* command: perl objects.pl objects.txt obj_mac.num obj_mac.h
|
||||
*/
|
||||
|
||||
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
|
||||
@@ -129,21 +129,21 @@ print OUT <<'EOF';
|
||||
* This package is an SSL implementation written
|
||||
* by Eric Young (eay@cryptsoft.com).
|
||||
* The implementation was written so as to conform with Netscapes SSL.
|
||||
*
|
||||
*
|
||||
* This library is free for commercial and non-commercial use as long as
|
||||
* the following conditions are aheared to. The following conditions
|
||||
* apply to all code found in this distribution, be it the RC4, RSA,
|
||||
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
* included with this distribution is covered by the same copyright terms
|
||||
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
*
|
||||
*
|
||||
* Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
* the code are not to be removed.
|
||||
* If this package is used in a product, Eric Young should be given attribution
|
||||
* as the author of the parts of the library used.
|
||||
* This can be in the form of a textual message at program startup or
|
||||
* in documentation (online or textual) provided with the package.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@@ -158,10 +158,10 @@ print OUT <<'EOF';
|
||||
* Eric Young (eay@cryptsoft.com)"
|
||||
* The word 'cryptographic' can be left out if the rouines from the library
|
||||
* being used are not cryptographic related :-).
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* 4. If you include any Windows specific code (or a derivative thereof) from
|
||||
* the apps directory (application code) you must include an acknowledgement:
|
||||
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@@ -173,28 +173,36 @@ print OUT <<'EOF';
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
*
|
||||
* The licence and distribution terms for any publically available version or
|
||||
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
* copied and put under another distribution licence
|
||||
* [including the GNU Public Licence.]
|
||||
*/
|
||||
|
||||
#define SN_undef "UNDEF"
|
||||
#define LN_undef "undefined"
|
||||
#define NID_undef 0
|
||||
#define OBJ_undef 0L
|
||||
|
||||
#define SN_undef "UNDEF"
|
||||
#define LN_undef "undefined"
|
||||
#define NID_undef 0
|
||||
#define OBJ_undef 0L
|
||||
EOF
|
||||
|
||||
sub expand
|
||||
{
|
||||
my $string = shift;
|
||||
|
||||
1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e;
|
||||
|
||||
return $string;
|
||||
}
|
||||
|
||||
foreach (sort { $a <=> $b } keys %ordern)
|
||||
{
|
||||
$Cname=$ordern{$_};
|
||||
print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne "";
|
||||
print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne "";
|
||||
print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne "";
|
||||
print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne "";
|
||||
print OUT "\n";
|
||||
print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne "";
|
||||
print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne "";
|
||||
print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne "";
|
||||
print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne "";
|
||||
}
|
||||
|
||||
close OUT;
|
||||
|
||||
@@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
|
||||
{
|
||||
X509 *signer, *x;
|
||||
STACK_OF(X509) *chain = NULL;
|
||||
STACK_OF(X509) *untrusted = NULL;
|
||||
X509_STORE_CTX ctx;
|
||||
int i, ret = 0;
|
||||
ret = ocsp_find_signer(&signer, bs, certs, st, flags);
|
||||
@@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
|
||||
}
|
||||
if (!(flags & OCSP_NOVERIFY)) {
|
||||
int init_res;
|
||||
if (flags & OCSP_NOCHAIN)
|
||||
init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
|
||||
else
|
||||
init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
|
||||
if (flags & OCSP_NOCHAIN) {
|
||||
untrusted = NULL;
|
||||
} else if (bs->certs && certs) {
|
||||
untrusted = sk_X509_dup(bs->certs);
|
||||
for (i = 0; i < sk_X509_num(certs); i++) {
|
||||
if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
|
||||
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
untrusted = bs->certs;
|
||||
}
|
||||
init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
|
||||
if (!init_res) {
|
||||
ret = -1;
|
||||
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
|
||||
@@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
|
||||
end:
|
||||
if (chain)
|
||||
sk_X509_pop_free(chain, X509_free);
|
||||
if (bs->certs && certs)
|
||||
sk_X509_free(untrusted);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
@@ -26,11 +26,11 @@
|
||||
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
|
||||
* major minor fix final patch/beta)
|
||||
*/
|
||||
# define OPENSSL_VERSION_NUMBER 0x009081f0L
|
||||
# define OPENSSL_VERSION_NUMBER 0x0090820fL
|
||||
# ifdef OPENSSL_FIPS
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips-dev xx XXX xxxx"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zg-fips 11 Jun 2015"
|
||||
# else
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-dev xx XXX xxxx"
|
||||
# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zg 11 Jun 2015"
|
||||
# endif
|
||||
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
|
||||
|
||||
|
||||
@@ -620,7 +620,8 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str);
|
||||
DECLARE_PEM_rw(X509, X509)
|
||||
DECLARE_PEM_rw(X509_AUX, X509)
|
||||
DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
|
||||
DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
|
||||
DECLARE_PEM_rw(X509_REQ, X509_REQ)
|
||||
DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
|
||||
DECLARE_PEM_rw(X509_CRL, X509_CRL)
|
||||
DECLARE_PEM_rw(PKCS7, PKCS7)
|
||||
DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
|
||||
@@ -628,20 +629,24 @@ DECLARE_PEM_rw(PKCS8, X509_SIG)
|
||||
DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
|
||||
# ifndef OPENSSL_NO_RSA
|
||||
DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
|
||||
DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA)
|
||||
DECLARE_PEM_rw_const(RSAPublicKey, RSA)
|
||||
DECLARE_PEM_rw(RSA_PUBKEY, RSA)
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_DSA
|
||||
DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
|
||||
DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA)
|
||||
DECLARE_PEM_rw(DSA_PUBKEY, DSA)
|
||||
DECLARE_PEM_rw_const(DSAparams, DSA)
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_EC
|
||||
DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
|
||||
DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
|
||||
DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
|
||||
DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_DH
|
||||
DECLARE_PEM_rw_const(DHparams, DH)
|
||||
# endif
|
||||
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
|
||||
DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
|
||||
DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
|
||||
|
||||
int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
|
||||
char *kstr, int klen,
|
||||
|
||||
@@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
|
||||
if (kstr == buf)
|
||||
OPENSSL_cleanse(buf, klen);
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
if (p8 == NULL)
|
||||
return 0;
|
||||
if (isder)
|
||||
ret = i2d_PKCS8_bio(bp, p8);
|
||||
else
|
||||
|
||||
@@ -147,6 +147,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
|
||||
EVP_PKEY *pkey;
|
||||
ASN1_OCTET_STRING *os = NULL;
|
||||
|
||||
if (p7 == NULL) {
|
||||
PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
|
||||
return NULL;
|
||||
}
|
||||
/*
|
||||
* The content field in the PKCS7 ContentInfo is optional, but that really
|
||||
* only applies to inner content (precisely, detached signatures).
|
||||
*
|
||||
* When reading content, missing outer content is therefore treated as an
|
||||
* error.
|
||||
*
|
||||
* When creating content, PKCS7_content_new() must be called before
|
||||
* calling this method, so a NULL p7->d is always an error.
|
||||
*/
|
||||
if (p7->d.ptr == NULL) {
|
||||
PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
i = OBJ_obj2nid(p7->type);
|
||||
p7->state = PKCS7_S_HEADER;
|
||||
|
||||
@@ -325,17 +344,34 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
|
||||
PKCS7_RECIP_INFO *ri = NULL;
|
||||
|
||||
if (p7 == NULL) {
|
||||
PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (p7->d.ptr == NULL) {
|
||||
PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
i = OBJ_obj2nid(p7->type);
|
||||
p7->state = PKCS7_S_HEADER;
|
||||
|
||||
switch (i) {
|
||||
case NID_pkcs7_signed:
|
||||
/*
|
||||
* p7->d.sign->contents is a PKCS7 structure consisting of a contentType
|
||||
* field and optional content.
|
||||
* data_body is NULL if that structure has no (=detached) content
|
||||
* or if the contentType is wrong (i.e., not "data").
|
||||
*/
|
||||
data_body = PKCS7_get_octet_string(p7->d.sign->contents);
|
||||
md_sk = p7->d.sign->md_algs;
|
||||
break;
|
||||
case NID_pkcs7_signedAndEnveloped:
|
||||
rsk = p7->d.signed_and_enveloped->recipientinfo;
|
||||
md_sk = p7->d.signed_and_enveloped->md_algs;
|
||||
/* data_body is NULL if the optional EncryptedContent is missing. */
|
||||
data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
|
||||
enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
|
||||
evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
|
||||
@@ -348,6 +384,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
case NID_pkcs7_enveloped:
|
||||
rsk = p7->d.enveloped->recipientinfo;
|
||||
enc_alg = p7->d.enveloped->enc_data->algorithm;
|
||||
/* data_body is NULL if the optional EncryptedContent is missing. */
|
||||
data_body = p7->d.enveloped->enc_data->enc_data;
|
||||
evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
|
||||
if (evp_cipher == NULL) {
|
||||
@@ -361,6 +398,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Detached content must be supplied via in_bio instead. */
|
||||
if (data_body == NULL && in_bio == NULL) {
|
||||
PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* We will be checking the signature */
|
||||
if (md_sk != NULL) {
|
||||
for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
|
||||
@@ -528,7 +571,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
|
||||
etmp = NULL;
|
||||
}
|
||||
#if 1
|
||||
if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
|
||||
if (in_bio != NULL) {
|
||||
bio = in_bio;
|
||||
} else {
|
||||
# if 0
|
||||
@@ -607,6 +650,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
||||
STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
|
||||
ASN1_OCTET_STRING *os = NULL;
|
||||
|
||||
if (p7 == NULL) {
|
||||
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (p7->d.ptr == NULL) {
|
||||
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_MD_CTX_init(&ctx_tmp);
|
||||
i = OBJ_obj2nid(p7->type);
|
||||
p7->state = PKCS7_S_HEADER;
|
||||
@@ -635,6 +688,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
||||
/* If detached data then the content is excluded */
|
||||
if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
|
||||
M_ASN1_OCTET_STRING_free(os);
|
||||
os = NULL;
|
||||
p7->d.sign->contents->d.data = NULL;
|
||||
}
|
||||
break;
|
||||
@@ -644,6 +698,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
||||
/* If detached data then the content is excluded */
|
||||
if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
|
||||
M_ASN1_OCTET_STRING_free(os);
|
||||
os = NULL;
|
||||
p7->d.digest->contents->d.data = NULL;
|
||||
}
|
||||
break;
|
||||
@@ -767,6 +822,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
||||
}
|
||||
|
||||
if (!PKCS7_is_detached(p7)) {
|
||||
/*
|
||||
* NOTE(emilia): I think we only reach os == NULL here because detached
|
||||
* digested data support is broken.
|
||||
*/
|
||||
if (os == NULL)
|
||||
goto err;
|
||||
btmp = BIO_find_type(bio, BIO_TYPE_MEM);
|
||||
if (btmp == NULL) {
|
||||
PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
|
||||
@@ -803,6 +864,16 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
|
||||
STACK_OF(X509) *cert;
|
||||
X509 *x509;
|
||||
|
||||
if (p7 == NULL) {
|
||||
PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (p7->d.ptr == NULL) {
|
||||
PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (PKCS7_type_is_signed(p7)) {
|
||||
cert = p7->d.sign->cert;
|
||||
} else if (PKCS7_type_is_signedAndEnveloped(p7)) {
|
||||
|
||||
@@ -69,6 +69,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
|
||||
nid = OBJ_obj2nid(p7->type);
|
||||
|
||||
switch (cmd) {
|
||||
/* NOTE(emilia): does not support detached digested data. */
|
||||
case PKCS7_OP_SET_DETACHED_SIGNATURE:
|
||||
if (nid == NID_pkcs7_signed) {
|
||||
ret = p7->detached = (int)larg;
|
||||
@@ -464,6 +465,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
|
||||
|
||||
STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
|
||||
{
|
||||
if (p7 == NULL || p7->d.ptr == NULL)
|
||||
return NULL;
|
||||
if (PKCS7_type_is_signed(p7)) {
|
||||
return (p7->d.sign->signer_info);
|
||||
} else if (PKCS7_type_is_signedAndEnveloped(p7)) {
|
||||
|
||||
@@ -1988,6 +1988,5 @@ STACK_OF(type) \
|
||||
|
||||
# define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
|
||||
SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
|
||||
/* End of util/mkstack.pl block, you may now edit :-) */
|
||||
|
||||
#endif /* !defined HEADER_SAFESTACK_H */
|
||||
|
||||
@@ -197,6 +197,13 @@
|
||||
# undef ssl_parse_serverhello_renegotiate_ext
|
||||
# define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext
|
||||
|
||||
# undef ssl3_cbc_record_digest_supported
|
||||
# define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
|
||||
# undef ssl_check_clienthello_tlsext_late
|
||||
# define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late
|
||||
# undef ssl_check_clienthello_tlsext_early
|
||||
# define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
|
||||
|
||||
/* Hack some long ENGINE names */
|
||||
# undef ENGINE_get_default_BN_mod_exp_crt
|
||||
# define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt
|
||||
|
||||
@@ -214,6 +214,8 @@ X509_STORE *X509_STORE_new(void)
|
||||
|
||||
static void cleanup(X509_OBJECT *a)
|
||||
{
|
||||
if (!a)
|
||||
return;
|
||||
if (a->type == X509_LU_X509) {
|
||||
X509_free(a->data.x509);
|
||||
} else if (a->type == X509_LU_CRL) {
|
||||
|
||||
@@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
|
||||
goto err;
|
||||
|
||||
pktmp = X509_get_pubkey(x);
|
||||
if (pktmp == NULL)
|
||||
goto err;
|
||||
i = X509_REQ_set_pubkey(ret, pktmp);
|
||||
EVP_PKEY_free(pktmp);
|
||||
if (!i)
|
||||
|
||||
@@ -1007,47 +1007,84 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
|
||||
ASN1_TIME atm;
|
||||
long offset;
|
||||
char buff1[24], buff2[24], *p;
|
||||
int i, j;
|
||||
int i, j, remaining;
|
||||
|
||||
p = buff1;
|
||||
i = ctm->length;
|
||||
remaining = ctm->length;
|
||||
str = (char *)ctm->data;
|
||||
/*
|
||||
* Note that the following (historical) code allows much more slack in the
|
||||
* time format than RFC5280. In RFC5280, the representation is fixed:
|
||||
* UTCTime: YYMMDDHHMMSSZ
|
||||
* GeneralizedTime: YYYYMMDDHHMMSSZ
|
||||
*/
|
||||
if (ctm->type == V_ASN1_UTCTIME) {
|
||||
if ((i < 11) || (i > 17))
|
||||
/* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
|
||||
int min_length = sizeof("YYMMDDHHMMZ") - 1;
|
||||
int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
|
||||
if (remaining < min_length || remaining > max_length)
|
||||
return 0;
|
||||
memcpy(p, str, 10);
|
||||
p += 10;
|
||||
str += 10;
|
||||
remaining -= 10;
|
||||
} else {
|
||||
if (i < 13)
|
||||
/* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
|
||||
int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
|
||||
int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
|
||||
if (remaining < min_length || remaining > max_length)
|
||||
return 0;
|
||||
memcpy(p, str, 12);
|
||||
p += 12;
|
||||
str += 12;
|
||||
remaining -= 12;
|
||||
}
|
||||
|
||||
if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
|
||||
*(p++) = '0';
|
||||
*(p++) = '0';
|
||||
} else {
|
||||
/* SS (seconds) */
|
||||
if (remaining < 2)
|
||||
return 0;
|
||||
*(p++) = *(str++);
|
||||
*(p++) = *(str++);
|
||||
/* Skip any fractional seconds... */
|
||||
if (*str == '.') {
|
||||
remaining -= 2;
|
||||
/*
|
||||
* Skip any (up to three) fractional seconds...
|
||||
* TODO(emilia): in RFC5280, fractional seconds are forbidden.
|
||||
* Can we just kill them altogether?
|
||||
*/
|
||||
if (remaining && *str == '.') {
|
||||
str++;
|
||||
while ((*str >= '0') && (*str <= '9'))
|
||||
str++;
|
||||
remaining--;
|
||||
for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
|
||||
if (*str < '0' || *str > '9')
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
*(p++) = 'Z';
|
||||
*(p++) = '\0';
|
||||
|
||||
if (*str == 'Z')
|
||||
/* We now need either a terminating 'Z' or an offset. */
|
||||
if (!remaining)
|
||||
return 0;
|
||||
if (*str == 'Z') {
|
||||
if (remaining != 1)
|
||||
return 0;
|
||||
offset = 0;
|
||||
else {
|
||||
} else {
|
||||
/* (+-)HHMM */
|
||||
if ((*str != '+') && (*str != '-'))
|
||||
return 0;
|
||||
/* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
|
||||
if (remaining != 5)
|
||||
return 0;
|
||||
if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
|
||||
str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
|
||||
return 0;
|
||||
offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
|
||||
offset += (str[3] - '0') * 10 + (str[4] - '0');
|
||||
if (*str == '-')
|
||||
@@ -1304,6 +1341,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
|
||||
|
||||
void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
|
||||
{
|
||||
if (!ctx)
|
||||
return;
|
||||
X509_STORE_CTX_cleanup(ctx);
|
||||
OPENSSL_free(ctx);
|
||||
}
|
||||
|
||||
@@ -105,7 +105,7 @@ The following is a list of all permitted cipher strings and their meanings.
|
||||
=item B<DEFAULT>
|
||||
|
||||
the default cipher list. This is determined at compile time and is normally
|
||||
B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
|
||||
B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH>. This must be the first cipher string
|
||||
specified.
|
||||
|
||||
=item B<COMPLEMENTOFDEFAULT>
|
||||
|
||||
@@ -24,7 +24,8 @@ most significant bit of the random number can be zero. If B<top> is 0,
|
||||
it is set to 1, and if B<top> is 1, the two most significant bits of
|
||||
the number will be set to 1, so that the product of two such random
|
||||
numbers will always have 2*B<bits> length. If B<bottom> is true, the
|
||||
number will be odd.
|
||||
number will be odd. The value of B<bits> must be zero or greater. If B<bits> is
|
||||
1 then B<top> cannot also be 1.
|
||||
|
||||
BN_pseudo_rand() does the same, but pseudo-random numbers generated by
|
||||
this function are not necessarily unpredictable. They can be used for
|
||||
|
||||
@@ -37,12 +37,12 @@ BN_mask_bits() truncates B<a> to an B<n> bit number
|
||||
shorter than B<n> bits.
|
||||
|
||||
BN_lshift() shifts B<a> left by B<n> bits and places the result in
|
||||
B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places
|
||||
the result in B<r> (C<r=2*a>).
|
||||
B<r> (C<r=a*2^n>). Note that B<n> must be non-negative. BN_lshift1() shifts
|
||||
B<a> left by one and places the result in B<r> (C<r=2*a>).
|
||||
|
||||
BN_rshift() shifts B<a> right by B<n> bits and places the result in
|
||||
B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places
|
||||
the result in B<r> (C<r=a/2>).
|
||||
B<r> (C<r=a/2^n>). Note that B<n> must be non-negative. BN_rshift1() shifts
|
||||
B<a> right by one and places the result in B<r> (C<r=a/2>).
|
||||
|
||||
For the shift functions, B<r> and B<a> may be the same variable.
|
||||
|
||||
|
||||
@@ -2,7 +2,29 @@
|
||||
|
||||
=head1 NAME
|
||||
|
||||
PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines
|
||||
PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey,
|
||||
PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey,
|
||||
PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid,
|
||||
PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY,
|
||||
PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey,
|
||||
PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey,
|
||||
PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey,
|
||||
PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
|
||||
PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
|
||||
PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
|
||||
PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
|
||||
PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
|
||||
PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
|
||||
PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
|
||||
PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
|
||||
PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX,
|
||||
PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ,
|
||||
PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW,
|
||||
PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL,
|
||||
PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7,
|
||||
PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE,
|
||||
PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE,
|
||||
PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
@@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public
|
||||
key is not DSA.
|
||||
|
||||
The B<DSAparams> functions process DSA parameters using a DSA
|
||||
structure. The parameters are encoded using a foobar structure.
|
||||
structure. The parameters are encoded using a Dss-Parms structure
|
||||
as defined in RFC2459.
|
||||
|
||||
The B<DHparams> functions process DH parameters using a DH
|
||||
structure. The parameters are encoded using a PKCS#3 DHparameter
|
||||
|
||||
8
e_os2.h
8
e_os2.h
@@ -109,6 +109,12 @@ extern "C" {
|
||||
# undef OPENSSL_SYS_UNIX
|
||||
# define OPENSSL_SYS_WIN32
|
||||
# endif
|
||||
# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)
|
||||
# undef OPENSSL_SYS_UNIX
|
||||
# if !defined(OPENSSL_SYS_WIN64)
|
||||
# define OPENSSL_SYS_WIN64
|
||||
# endif
|
||||
# endif
|
||||
# if defined(OPENSSL_SYSNAME_WINNT)
|
||||
# undef OPENSSL_SYS_UNIX
|
||||
# define OPENSSL_SYS_WINNT
|
||||
@@ -121,7 +127,7 @@ extern "C" {
|
||||
# endif
|
||||
|
||||
/* Anything that tries to look like Microsoft is "Windows" */
|
||||
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
|
||||
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
|
||||
# undef OPENSSL_SYS_UNIX
|
||||
# define OPENSSL_SYS_WINDOWS
|
||||
# ifndef OPENSSL_SYS_MSDOS
|
||||
|
||||
@@ -158,7 +158,7 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
|
||||
* RSA_FLAG_CACHE_PRIVATE, goto err);
|
||||
*/
|
||||
# define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
|
||||
if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
|
||||
if ((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
|
||||
!BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
|
||||
CRYPTO_LOCK_RSA, \
|
||||
(rsa)->m, (ctx))) \
|
||||
|
||||
@@ -6,7 +6,7 @@ Release: 1
|
||||
|
||||
Summary: Secure Sockets Layer and cryptography libraries and tools
|
||||
Name: openssl
|
||||
Version: 0.9.8zf
|
||||
Version: 0.9.8zg
|
||||
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
|
||||
@@ -496,6 +496,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
|
||||
{
|
||||
int ret;
|
||||
|
||||
/* Ensure there is no state left over from a previous invocation */
|
||||
SSL_clear(s);
|
||||
|
||||
SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
|
||||
s->d1->listen = 1;
|
||||
|
||||
|
||||
@@ -417,7 +417,7 @@ int ssl2_generate_key_material(SSL *s)
|
||||
|
||||
OPENSSL_assert(s->session->master_key_length >= 0
|
||||
&& s->session->master_key_length
|
||||
< (int)sizeof(s->session->master_key));
|
||||
<= (int)sizeof(s->session->master_key));
|
||||
EVP_DigestUpdate(&ctx, s->session->master_key,
|
||||
s->session->master_key_length);
|
||||
EVP_DigestUpdate(&ctx, &c, 1);
|
||||
|
||||
@@ -369,7 +369,8 @@ int ssl2_accept(SSL *s)
|
||||
|
||||
static int get_client_master_key(SSL *s)
|
||||
{
|
||||
int is_export, i, n, keya, ek;
|
||||
int is_export, i, n, keya;
|
||||
unsigned int ek;
|
||||
unsigned long len;
|
||||
unsigned char *p;
|
||||
SSL_CIPHER *cp;
|
||||
@@ -452,11 +453,6 @@ static int get_client_master_key(SSL *s)
|
||||
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
|
||||
return (-1);
|
||||
}
|
||||
i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
|
||||
&(p[s->s2->tmp.clear]),
|
||||
&(p[s->s2->tmp.clear]),
|
||||
(s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
|
||||
RSA_PKCS1_PADDING);
|
||||
|
||||
is_export = SSL_C_IS_EXPORT(s->session->cipher);
|
||||
|
||||
@@ -473,23 +469,61 @@ static int get_client_master_key(SSL *s)
|
||||
} else
|
||||
ek = 5;
|
||||
|
||||
/*
|
||||
* The format of the CLIENT-MASTER-KEY message is
|
||||
* 1 byte message type
|
||||
* 3 bytes cipher
|
||||
* 2-byte clear key length (stored in s->s2->tmp.clear)
|
||||
* 2-byte encrypted key length (stored in s->s2->tmp.enc)
|
||||
* 2-byte key args length (IV etc)
|
||||
* clear key
|
||||
* encrypted key
|
||||
* key args
|
||||
*
|
||||
* If the cipher is an export cipher, then the encrypted key bytes
|
||||
* are a fixed portion of the total key (5 or 8 bytes). The size of
|
||||
* this portion is in |ek|. If the cipher is not an export cipher,
|
||||
* then the entire key material is encrypted (i.e., clear key length
|
||||
* must be zero).
|
||||
*/
|
||||
if ((!is_export && s->s2->tmp.clear != 0) ||
|
||||
(is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) {
|
||||
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
|
||||
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
|
||||
return -1;
|
||||
}
|
||||
/*
|
||||
* The encrypted blob must decrypt to the encrypted portion of the key.
|
||||
* Decryption can't be expanding, so if we don't have enough encrypted
|
||||
* bytes to fit the key in the buffer, stop now.
|
||||
*/
|
||||
if ((is_export && s->s2->tmp.enc < ek) ||
|
||||
(!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) {
|
||||
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
|
||||
SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
|
||||
return -1;
|
||||
}
|
||||
|
||||
i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
|
||||
&(p[s->s2->tmp.clear]),
|
||||
&(p[s->s2->tmp.clear]),
|
||||
(s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
|
||||
RSA_PKCS1_PADDING);
|
||||
|
||||
/* bad decrypt */
|
||||
# if 1
|
||||
/*
|
||||
* If a bad decrypt, continue with protocol but with a random master
|
||||
* secret (Bleichenbacher attack)
|
||||
*/
|
||||
if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c)))
|
||||
|| (is_export && ((i != ek)
|
||||
|| (s->s2->tmp.clear +
|
||||
(unsigned int)i != (unsigned int)
|
||||
EVP_CIPHER_key_length(c)))))) {
|
||||
if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
|
||||
|| (is_export && i != (int)ek))) {
|
||||
ERR_clear_error();
|
||||
if (is_export)
|
||||
i = ek;
|
||||
else
|
||||
i = EVP_CIPHER_key_length(c);
|
||||
if (RAND_pseudo_bytes(p, i) <= 0)
|
||||
if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
|
||||
return 0;
|
||||
}
|
||||
# else
|
||||
@@ -511,7 +545,7 @@ static int get_client_master_key(SSL *s)
|
||||
# endif
|
||||
|
||||
if (is_export)
|
||||
i += s->s2->tmp.clear;
|
||||
i = EVP_CIPHER_key_length(c);
|
||||
|
||||
if (i > SSL_MAX_MASTER_KEY_LENGTH) {
|
||||
ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
|
||||
|
||||
@@ -1722,6 +1722,38 @@ int ssl3_get_new_session_ticket(SSL *s)
|
||||
}
|
||||
|
||||
p = d = (unsigned char *)s->init_msg;
|
||||
|
||||
if (s->session->session_id_length > 0) {
|
||||
int i = s->session_ctx->session_cache_mode;
|
||||
SSL_SESSION *new_sess;
|
||||
/*
|
||||
* We reused an existing session, so we need to replace it with a new
|
||||
* one
|
||||
*/
|
||||
if (i & SSL_SESS_CACHE_CLIENT) {
|
||||
/*
|
||||
* Remove the old session from the cache
|
||||
*/
|
||||
if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
|
||||
if (s->session_ctx->remove_session_cb != NULL)
|
||||
s->session_ctx->remove_session_cb(s->session_ctx,
|
||||
s->session);
|
||||
} else {
|
||||
/* We carry on if this fails */
|
||||
SSL_CTX_remove_session(s->session_ctx, s->session);
|
||||
}
|
||||
}
|
||||
|
||||
if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
|
||||
al = SSL_AD_INTERNAL_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
SSL_SESSION_free(s->session);
|
||||
s->session = new_sess;
|
||||
}
|
||||
|
||||
n2l(p, s->session->tlsext_tick_lifetime_hint);
|
||||
n2s(p, ticklen);
|
||||
/* ticket_lifetime_hint + ticket_length + ticket */
|
||||
|
||||
@@ -712,6 +712,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
|
||||
ret += n;
|
||||
}
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
OPENSSL_cleanse(buf, sizeof buf);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
|
||||
@@ -778,6 +778,16 @@ int ssl3_get_client_hello(SSL *s)
|
||||
s->first_packet = 0;
|
||||
d = p = (unsigned char *)s->init_msg;
|
||||
|
||||
/*
|
||||
* 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
|
||||
* for session id length
|
||||
*/
|
||||
if (n < 2 + SSL3_RANDOM_SIZE + 1) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
/*
|
||||
* use version from inside client hello, not from record header (may
|
||||
* differ: see RFC 2246, Appendix E, second paragraph)
|
||||
@@ -808,6 +818,12 @@ int ssl3_get_client_hello(SSL *s)
|
||||
unsigned int session_length, cookie_length;
|
||||
|
||||
session_length = *(p + SSL3_RANDOM_SIZE);
|
||||
|
||||
if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
}
|
||||
cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
|
||||
|
||||
if (cookie_length == 0)
|
||||
@@ -821,6 +837,12 @@ int ssl3_get_client_hello(SSL *s)
|
||||
/* get the session-id */
|
||||
j = *(p++);
|
||||
|
||||
if (p + j > d + n) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
s->hit = 0;
|
||||
/*
|
||||
* Versions before 0.9.7 always allow session reuse during renegotiation
|
||||
@@ -852,8 +874,19 @@ int ssl3_get_client_hello(SSL *s)
|
||||
|
||||
if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
|
||||
/* cookie stuff */
|
||||
if (p + 1 > d + n) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
}
|
||||
cookie_len = *(p++);
|
||||
|
||||
if (p + cookie_len > d + n) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
}
|
||||
|
||||
/*
|
||||
* The ClientHello may contain a cookie even if the
|
||||
* HelloVerify message has not been sent--make sure that it
|
||||
@@ -894,6 +927,11 @@ int ssl3_get_client_hello(SSL *s)
|
||||
p += cookie_len;
|
||||
}
|
||||
|
||||
if (p + 2 > d + n) {
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
|
||||
goto f_err;
|
||||
}
|
||||
n2s(p, i);
|
||||
if ((i == 0) && (j != 0)) {
|
||||
/* we need a cipher if we are not resuming a session */
|
||||
@@ -901,7 +939,9 @@ int ssl3_get_client_hello(SSL *s)
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
|
||||
goto f_err;
|
||||
}
|
||||
if ((p + i) >= (d + n)) {
|
||||
|
||||
/* i bytes of cipher data + 1 byte for compression length later */
|
||||
if ((p + i + 1) > (d + n)) {
|
||||
/* not enough data */
|
||||
al = SSL_AD_DECODE_ERROR;
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
|
||||
@@ -1969,6 +2009,7 @@ int ssl3_get_client_key_exchange(SSL *s)
|
||||
int padl, outl;
|
||||
krb5_timestamp authtime = 0;
|
||||
krb5_ticket_times ttimes;
|
||||
int kerr = 0;
|
||||
|
||||
EVP_CIPHER_CTX_init(&ciph_ctx);
|
||||
|
||||
@@ -2071,23 +2112,27 @@ int ssl3_get_client_key_exchange(SSL *s)
|
||||
{
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
kerr = 1;
|
||||
goto kclean;
|
||||
}
|
||||
if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
|
||||
SSL_R_DATA_LENGTH_TOO_LONG);
|
||||
goto err;
|
||||
kerr = 1;
|
||||
goto kclean;
|
||||
}
|
||||
if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
kerr = 1;
|
||||
goto kclean;
|
||||
}
|
||||
outl += padl;
|
||||
if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
|
||||
SSL_R_DATA_LENGTH_TOO_LONG);
|
||||
goto err;
|
||||
kerr = 1;
|
||||
goto kclean;
|
||||
}
|
||||
if (!((pms[0] == (s->client_version >> 8))
|
||||
&& (pms[1] == (s->client_version & 0xff)))) {
|
||||
@@ -2104,7 +2149,8 @@ int ssl3_get_client_key_exchange(SSL *s)
|
||||
if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
|
||||
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
|
||||
SSL_AD_DECODE_ERROR);
|
||||
goto err;
|
||||
kerr = 1;
|
||||
goto kclean;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2130,6 +2176,11 @@ int ssl3_get_client_key_exchange(SSL *s)
|
||||
* kssl_ctx = kssl_ctx_free(kssl_ctx);
|
||||
* if (s->kssl_ctx) s->kssl_ctx = NULL;
|
||||
*/
|
||||
|
||||
kclean:
|
||||
OPENSSL_cleanse(pms, sizeof(pms));
|
||||
if (kerr)
|
||||
goto err;
|
||||
} else
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
|
||||
|
||||
@@ -171,11 +171,11 @@ $ ENDIF
|
||||
$!
|
||||
$! Define The Different SSL "library" Files.
|
||||
$!
|
||||
$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
|
||||
"s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
|
||||
"s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
|
||||
"t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
|
||||
"d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
|
||||
$ LIB_SSL = "s2_meth, s2_srvr, s2_clnt, s2_lib, s2_enc, s2_pkt,"+ -
|
||||
"s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc, s3_pkt,s3_both,s3_cbc,"+ -
|
||||
"s23_meth,s23_srvr,s23_clnt,s23_lib, s23_pkt,"+ -
|
||||
"t1_meth, t1_srvr, t1_clnt, t1_lib, t1_enc,"+ -
|
||||
"d1_meth, d1_srvr, d1_clnt, d1_lib, d1_pkt,"+ -
|
||||
"d1_both,d1_enc,"+ -
|
||||
"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
|
||||
"ssl_ciph,ssl_stat,ssl_rsa,"+ -
|
||||
@@ -196,7 +196,7 @@ $ NEXT_FILE:
|
||||
$!
|
||||
$! O.K, Extract The File Name From The File List.
|
||||
$!
|
||||
$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
|
||||
$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"COLLAPSE")
|
||||
$!
|
||||
$! Check To See If We Are At The End Of The File List.
|
||||
$!
|
||||
|
||||
@@ -323,8 +323,7 @@ extern "C" {
|
||||
* The following cipher list is used by default. It also is substituted when
|
||||
* an application-defined cipher list string starts with 'DEFAULT'.
|
||||
*/
|
||||
/* low priority for RC4 */
|
||||
# define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH"
|
||||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH"
|
||||
|
||||
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
|
||||
# define SSL_SENT_SHUTDOWN 1
|
||||
@@ -1946,6 +1945,7 @@ void ERR_load_SSL_strings(void);
|
||||
# define SSL_F_SSL_READ 223
|
||||
# define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
|
||||
# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
|
||||
# define SSL_F_SSL_SESSION_DUP 348
|
||||
# define SSL_F_SSL_SESSION_NEW 189
|
||||
# define SSL_F_SSL_SESSION_PRINT_FP 190
|
||||
# define SSL_F_SSL_SESS_CERT_NEW 225
|
||||
|
||||
@@ -174,12 +174,11 @@ static const SSL_CIPHER cipher_aliases[] = {
|
||||
{0, SSL_TXT_ALL, 0, SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE,
|
||||
SSL_ALL, 0, 0, 0, SSL_ALL, SSL_ALL},
|
||||
/*
|
||||
* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC
|
||||
* cipher suites handled properly.
|
||||
* TODO: COMPLEMENT OF ALL do not have ECC cipher suites handled properly.
|
||||
*/
|
||||
/* COMPLEMENT OF ALL */
|
||||
{0, SSL_TXT_CMPALL, 0, SSL_eNULL, 0, 0, 0, 0, SSL_ENC_MASK, 0},
|
||||
{0, SSL_TXT_CMPDEF, 0, SSL_ADH, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
|
||||
{0, SSL_TXT_CMPDEF, 0, SSL_ADH, SSL_EXP_MASK, 0, 0, 0, SSL_AUTH_MASK, 0},
|
||||
/* VRS Kerberos5 */
|
||||
{0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
|
||||
{0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
|
||||
@@ -636,6 +635,15 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||
curr2 = curr->next;
|
||||
|
||||
cp = curr->cipher;
|
||||
/* Special case: only satisfied by COMPLEMENTOFDEFAULT */
|
||||
if (algo_strength == SSL_EXP_MASK) {
|
||||
if ((SSL_C_IS_EXPORT(cp) || cp->algorithms & SSL_SSLV2
|
||||
|| cp->algorithms & SSL_aNULL)
|
||||
&& !(cp->algorithms & (SSL_kECDHE|SSL_kECDH)))
|
||||
goto ok;
|
||||
else
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* If explicit cipher suite, match only that one for its own protocol
|
||||
@@ -675,6 +683,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
|
||||
} else if (strength_bits != cp->strength_bits)
|
||||
continue; /* does not apply */
|
||||
|
||||
ok:
|
||||
|
||||
#ifdef CIPHER_DEBUG
|
||||
printf("Action = %d\n", rule);
|
||||
#endif
|
||||
|
||||
@@ -279,6 +279,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
|
||||
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
|
||||
{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
|
||||
{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
|
||||
{ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
|
||||
{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
|
||||
{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
|
||||
{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
|
||||
|
||||
@@ -1562,6 +1562,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
|
||||
|
||||
ssl_create_cipher_list(ret->method,
|
||||
&ret->cipher_list, &ret->cipher_list_by_id,
|
||||
meth->version == SSL2_VERSION ? "SSLv2" :
|
||||
SSL_DEFAULT_CIPHER_LIST);
|
||||
if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
||||
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
||||
|
||||
@@ -760,6 +760,7 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type);
|
||||
int ssl_get_new_session(SSL *s, int session);
|
||||
int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
|
||||
const unsigned char *limit);
|
||||
SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
|
||||
int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
|
||||
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
|
||||
const SSL_CIPHER *const *bp);
|
||||
|
||||
@@ -135,6 +135,79 @@ SSL_SESSION *SSL_SESSION_new(void)
|
||||
return (ss);
|
||||
}
|
||||
|
||||
/*
|
||||
* Create a new SSL_SESSION and duplicate the contents of |src| into it. If
|
||||
* ticket == 0 then no ticket information is duplicated, otherwise it is.
|
||||
*/
|
||||
SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
|
||||
{
|
||||
SSL_SESSION *dest;
|
||||
|
||||
dest = OPENSSL_malloc(sizeof(*src));
|
||||
if (dest == NULL) {
|
||||
goto err;
|
||||
}
|
||||
memcpy(dest, src, sizeof(*dest));
|
||||
|
||||
/*
|
||||
* Set the various pointers to NULL so that we can call SSL_SESSION_free in
|
||||
* the case of an error whilst halfway through constructing dest
|
||||
*/
|
||||
dest->ciphers = NULL;
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
dest->tlsext_hostname = NULL;
|
||||
#endif
|
||||
dest->tlsext_tick = NULL;
|
||||
memset(&dest->ex_data, 0, sizeof(dest->ex_data));
|
||||
|
||||
/* We deliberately don't copy the prev and next pointers */
|
||||
dest->prev = NULL;
|
||||
dest->next = NULL;
|
||||
|
||||
dest->references = 1;
|
||||
|
||||
if (src->sess_cert != NULL)
|
||||
CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
|
||||
|
||||
if (src->peer != NULL)
|
||||
CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
|
||||
|
||||
if(src->ciphers != NULL) {
|
||||
dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
|
||||
if (dest->ciphers == NULL)
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
|
||||
&dest->ex_data, &src->ex_data)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (src->tlsext_hostname) {
|
||||
dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
|
||||
if (dest->tlsext_hostname == NULL) {
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ticket != 0) {
|
||||
dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
|
||||
if(dest->tlsext_tick == NULL)
|
||||
goto err;
|
||||
} else {
|
||||
dest->tlsext_tick_lifetime_hint = 0;
|
||||
dest->tlsext_ticklen = 0;
|
||||
}
|
||||
|
||||
return dest;
|
||||
err:
|
||||
SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
|
||||
SSL_SESSION_free(dest);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
|
||||
unsigned int *len)
|
||||
{
|
||||
@@ -310,6 +383,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
|
||||
|
||||
if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
|
||||
goto err;
|
||||
|
||||
if (session_id + len > limit) {
|
||||
fatal = 1;
|
||||
goto err;
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
r = tls1_process_ticket(s, session_id, len, limit, &ret);
|
||||
if (r == -1) {
|
||||
|
||||
@@ -1346,7 +1346,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
|
||||
if (!do_client && !do_server) {
|
||||
fprintf(stdout, "ERROR IN STARTUP\n");
|
||||
ERR_print_errors(bio_err);
|
||||
break;
|
||||
goto err;
|
||||
}
|
||||
if (do_client && !(done & C_DONE)) {
|
||||
if (c_write) {
|
||||
|
||||
@@ -707,6 +707,8 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
|
||||
out, buf2, sizeof buf2);
|
||||
EVP_MD_CTX_cleanup(&ctx);
|
||||
|
||||
OPENSSL_cleanse(buf, (int)(q - buf));
|
||||
OPENSSL_cleanse(buf2, sizeof(buf2));
|
||||
return sizeof buf2;
|
||||
}
|
||||
|
||||
@@ -850,6 +852,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
|
||||
tls1_PRF(s->ctx->md5, s->ctx->sha1,
|
||||
buf, TLS_MD_MASTER_SECRET_CONST_SIZE + SSL3_RANDOM_SIZE * 2, p,
|
||||
len, s->session->master_key, buff, sizeof buff);
|
||||
OPENSSL_cleanse(buf, sizeof buf);
|
||||
OPENSSL_cleanse(buff, sizeof buff);
|
||||
#ifdef KSSL_DEBUG
|
||||
printf("tls1_generate_master_secret() complete\n");
|
||||
#endif /* KSSL_DEBUG */
|
||||
|
||||
144
util/mkerr.pl
144
util/mkerr.pl
@@ -376,7 +376,8 @@ foreach $lib (keys %csrc)
|
||||
print OUT @out;
|
||||
undef @out;
|
||||
print OUT <<"EOF";
|
||||
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
/*
|
||||
* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
* made after this point may be overwritten when the script is next run.
|
||||
*/
|
||||
EOF
|
||||
@@ -390,7 +391,7 @@ EOF
|
||||
${staticloader}void ERR_load_${lib}_strings(void);
|
||||
${staticloader}void ERR_unload_${lib}_strings(void);
|
||||
${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
|
||||
#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
|
||||
# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
|
||||
|
||||
EOF
|
||||
}
|
||||
@@ -401,7 +402,7 @@ EOF
|
||||
EOF
|
||||
|
||||
foreach $i (@function) {
|
||||
$z=6-int(length($i)/8);
|
||||
$z=48 - length($i);
|
||||
if($fcodes{$i} eq "X") {
|
||||
$fassigned{$lib} =~ m/^:([^:]*):/;
|
||||
$findcode = $1;
|
||||
@@ -415,13 +416,13 @@ EOF
|
||||
$fassigned{$lib} .= "$findcode:";
|
||||
print STDERR "New Function code $i\n" if $debug;
|
||||
}
|
||||
printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z;
|
||||
printf OUT "# define $i%s $fcodes{$i}\n"," " x $z;
|
||||
}
|
||||
|
||||
print OUT "\n/* Reason codes. */\n";
|
||||
|
||||
foreach $i (@reasons) {
|
||||
$z=6-int(length($i)/8);
|
||||
$z=48 - length($i);
|
||||
if($rcodes{$i} eq "X") {
|
||||
$rassigned{$lib} =~ m/^:([^:]*):/;
|
||||
$findcode = $1;
|
||||
@@ -435,7 +436,7 @@ EOF
|
||||
$rassigned{$lib} .= "$findcode:";
|
||||
print STDERR "New Reason code $i\n" if $debug;
|
||||
}
|
||||
printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z;
|
||||
printf OUT "# define $i%s $rcodes{$i}\n"," " x $z;
|
||||
}
|
||||
print OUT <<"EOF";
|
||||
|
||||
@@ -451,9 +452,17 @@ EOF
|
||||
# First, read any existing reason string definitions:
|
||||
my %err_reason_strings;
|
||||
if (open(IN,"<$cfile")) {
|
||||
my $line = "";
|
||||
while (<IN>) {
|
||||
if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
|
||||
$err_reason_strings{$1} = $2;
|
||||
chomp;
|
||||
$_ = $line . $_;
|
||||
$line = "";
|
||||
if (/{ERR_REASON\(/) {
|
||||
if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
|
||||
$err_reason_strings{$1} = $2;
|
||||
} else {
|
||||
$line = $_;
|
||||
}
|
||||
}
|
||||
}
|
||||
close(IN);
|
||||
@@ -494,7 +503,7 @@ EOF
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
@@ -540,7 +549,8 @@ EOF
|
||||
*
|
||||
*/
|
||||
|
||||
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
|
||||
/*
|
||||
* NOTE: this file was auto generated by the mkerr.pl script: any changes
|
||||
* made to it will be overwritten when the script next updates this file,
|
||||
* only reason strings will be preserved.
|
||||
*/
|
||||
@@ -552,11 +562,10 @@ EOF
|
||||
/* BEGIN ERROR CODES */
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
|
||||
#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
|
||||
#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
|
||||
# define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
|
||||
# define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
|
||||
|
||||
static ERR_STRING_DATA ${lib}_str_functs[]=
|
||||
{
|
||||
static ERR_STRING_DATA ${lib}_str_functs[] = {
|
||||
EOF
|
||||
# Add each function code: if a function name is found then use it.
|
||||
foreach $i (@function) {
|
||||
@@ -567,20 +576,22 @@ EOF
|
||||
$fn = $ftrans{$fn};
|
||||
}
|
||||
# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
|
||||
print OUT "{ERR_FUNC($i),\t\"$fn\"},\n";
|
||||
if(length($i) + length($fn) > 58) {
|
||||
print OUT " {ERR_FUNC($i),\n \"$fn\"},\n";
|
||||
} else {
|
||||
print OUT " {ERR_FUNC($i), \"$fn\"},\n";
|
||||
}
|
||||
}
|
||||
print OUT <<"EOF";
|
||||
{0,NULL}
|
||||
};
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
static ERR_STRING_DATA ${lib}_str_reasons[]=
|
||||
{
|
||||
static ERR_STRING_DATA ${lib}_str_reasons[] = {
|
||||
EOF
|
||||
# Add each reason code.
|
||||
foreach $i (@reasons) {
|
||||
my $rn;
|
||||
my $rstr = "ERR_REASON($i)";
|
||||
my $nspc = 0;
|
||||
if (exists $err_reason_strings{$i}) {
|
||||
$rn = $err_reason_strings{$i};
|
||||
} else {
|
||||
@@ -588,90 +599,87 @@ EOF
|
||||
$rn = $1;
|
||||
$rn =~ tr/_[A-Z]/ [a-z]/;
|
||||
}
|
||||
$nspc = 40 - length($rstr) unless length($rstr) > 40;
|
||||
$nspc = " " x $nspc;
|
||||
print OUT "{${rstr}${nspc},\"$rn\"},\n";
|
||||
if(length($i) + length($rn) > 56) {
|
||||
print OUT " {${rstr},\n \"$rn\"},\n";
|
||||
} else {
|
||||
print OUT " {${rstr}, \"$rn\"},\n";
|
||||
}
|
||||
}
|
||||
if($static) {
|
||||
print OUT <<"EOF";
|
||||
{0,NULL}
|
||||
};
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
${staticloader}void ERR_load_${lib}_strings(void)
|
||||
{
|
||||
{
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
|
||||
if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL)
|
||||
{
|
||||
ERR_load_strings($load_errcode,${lib}_str_functs);
|
||||
ERR_load_strings($load_errcode,${lib}_str_reasons);
|
||||
}
|
||||
if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) {
|
||||
ERR_load_strings($load_errcode, ${lib}_str_functs);
|
||||
ERR_load_strings($load_errcode, ${lib}_str_reasons);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
}
|
||||
EOF
|
||||
} else {
|
||||
print OUT <<"EOF";
|
||||
{0,NULL}
|
||||
};
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef ${lib}_LIB_NAME
|
||||
static ERR_STRING_DATA ${lib}_lib_name[]=
|
||||
{
|
||||
{0 ,${lib}_LIB_NAME},
|
||||
{0,NULL}
|
||||
};
|
||||
static ERR_STRING_DATA ${lib}_lib_name[] = {
|
||||
{0, ${lib}_LIB_NAME},
|
||||
{0, NULL}
|
||||
};
|
||||
#endif
|
||||
|
||||
|
||||
static int ${lib}_lib_error_code=0;
|
||||
static int ${lib}_error_init=1;
|
||||
static int ${lib}_lib_error_code = 0;
|
||||
static int ${lib}_error_init = 1;
|
||||
|
||||
${staticloader}void ERR_load_${lib}_strings(void)
|
||||
{
|
||||
if (${lib}_lib_error_code == 0)
|
||||
${lib}_lib_error_code=ERR_get_next_error_library();
|
||||
{
|
||||
if (${lib}_lib_error_code == 0)
|
||||
${lib}_lib_error_code = ERR_get_next_error_library();
|
||||
|
||||
if (${lib}_error_init)
|
||||
{
|
||||
${lib}_error_init=0;
|
||||
if (${lib}_error_init) {
|
||||
${lib}_error_init = 0;
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs);
|
||||
ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons);
|
||||
ERR_load_strings(${lib}_lib_error_code, ${lib}_str_functs);
|
||||
ERR_load_strings(${lib}_lib_error_code, ${lib}_str_reasons);
|
||||
#endif
|
||||
|
||||
#ifdef ${lib}_LIB_NAME
|
||||
${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0);
|
||||
ERR_load_strings(0,${lib}_lib_name);
|
||||
${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code, 0, 0);
|
||||
ERR_load_strings(0, ${lib}_lib_name);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
${staticloader}void ERR_unload_${lib}_strings(void)
|
||||
{
|
||||
if (${lib}_error_init == 0)
|
||||
{
|
||||
{
|
||||
if (${lib}_error_init == 0) {
|
||||
#ifndef OPENSSL_NO_ERR
|
||||
ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs);
|
||||
ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons);
|
||||
ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_functs);
|
||||
ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_reasons);
|
||||
#endif
|
||||
|
||||
#ifdef ${lib}_LIB_NAME
|
||||
ERR_unload_strings(0,${lib}_lib_name);
|
||||
ERR_unload_strings(0, ${lib}_lib_name);
|
||||
#endif
|
||||
${lib}_error_init=1;
|
||||
}
|
||||
}
|
||||
${lib}_error_init = 1;
|
||||
}
|
||||
}
|
||||
|
||||
${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line)
|
||||
{
|
||||
if (${lib}_lib_error_code == 0)
|
||||
${lib}_lib_error_code=ERR_get_next_error_library();
|
||||
ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line);
|
||||
}
|
||||
{
|
||||
if (${lib}_lib_error_code == 0)
|
||||
${lib}_lib_error_code = ERR_get_next_error_library();
|
||||
ERR_PUT_error(${lib}_lib_error_code, function, reason, file, line);
|
||||
}
|
||||
EOF
|
||||
|
||||
}
|
||||
|
||||
@@ -119,7 +119,7 @@ do
|
||||
-e 's/^((DECLARE|IMPLEMENT)_(EXTERN_ASN1|ASN1|ADB|STACK_OF|PKCS12_STACK_OF).*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
|
||||
-e 's/^([ \t]*(make_dh|make_dh_bn|make_rfc5114_td)\(.*\)[ \t,]*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
|
||||
-e 's/^(ASN1_ADB_TEMPLATE\(.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
|
||||
-e 's/^((ASN1|ADB)_.*_END\(.*[\){=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \
|
||||
-e 's/^((ASN1|ADB)_.*_(end|END)\(.*[\){=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \
|
||||
-e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \
|
||||
-e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \
|
||||
| \
|
||||
|
||||
Reference in New Issue
Block a user