diff --git a/.travis.yml b/.travis.yml index cc646e3d2..b8027cd07 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,24 +8,25 @@ sudo: enabled before_install: "./.travis/install_deps.sh" stages: - name: test - if: type = pull_request - name: deploy if: tag IS present jobs: include: - stage: test - if: type = pull_request - script: rake test + name: test osx + script: "./.travis/test.sh" os: osx - stage: test - if: type = pull_request - script: rake test + name: test linux + script: "./.travis/test.sh" os: linux dist: xenial - stage: deploy + name: deploy osx os: osx script: "./.travis/deploy.sh" - stage: deploy + name: deploy linux os: linux dist: xenial script: "./.travis/deploy.sh" diff --git a/.travis/install_deps.sh b/.travis/install_deps.sh index a5dc66e47..d326a1adc 100755 --- a/.travis/install_deps.sh +++ b/.travis/install_deps.sh @@ -8,6 +8,7 @@ if [ "$TRAVIS_OS_NAME" = "osx" ]; then brew install texinfo brew install openssl else + sudo apt-get update sudo apt-get install -y -q openssl squashfs-tools curl install-info info fi diff --git a/.travis/test.sh b/.travis/test.sh new file mode 100755 index 000000000..9b130faf1 --- /dev/null +++ b/.travis/test.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +set -uex + +if [ "$TRAVIS_OS_NAME" = "osx" ]; then + OPENSSLDIR="/usr/local/etc/openssl" + TEMP_DIR="$(mktemp -d)" +else + OPENSSLDIR="/etc/ssl" + TEMP_DIR="$(mktemp -d --tmpdir=$HOME .rubyc-build.XXXXXX)" +fi + +mksquashfs -version + +ruby -Ilib bin/rubyc bin/rubyc \ + --openssl-dir=${OPENSSLDIR} \ + --tmpdir=${TEMP_DIR} \ + --clean-tmpdir \ + --ignore-file=.git \ + --ignore-file=.travis.yml \ + --ignore-file=.travis/deploy.sh \ + --ignore-file=.travis/install_deps.sh \ + -o rubyc + +strip rubyc || true + +./rubyc --version + +bundle exec rake test + diff --git a/rakelib/test.rake b/rakelib/test.rake index 2886975e9..9c94b79d1 100644 --- a/rakelib/test.rake +++ b/rakelib/test.rake @@ -1,3 +1,5 @@ +require 'minitest' + namespace "test" do Rake::TestTask.new "roundtrip" do |task| task.pattern = "test/roundtrip/test_*.rb" @@ -12,7 +14,7 @@ namespace "test" do task "unit" do $LOAD_PATH.unshift 'lib' - Rake::FileList["test/unit/test_*.rb"].each do |test| + Rake::FileList[File.expand_path(File.join('..', "test/unit/test_*.rb"))].each do |test| require_relative test end diff --git a/vendor/openssl/.gitignore b/vendor/openssl/.gitignore new file mode 100644 index 000000000..717aeb39c --- /dev/null +++ b/vendor/openssl/.gitignore @@ -0,0 +1,176 @@ +# Ignore editor artefacts +/.dir-locals.el + +# Top level excludes +/Makefile.orig +/MINFO +/TABLE +/*.a +/*.pc +/rehash.time +/inc.* +/makefile.* +/out.* +/tmp.* +/configdata.pm + +# *all* Makefiles +Makefile +# ... except in demos +!/demos/*/Makefile + +# Links under apps +/apps/CA.pl +/apps/tsget +/apps/tsget.pl +/apps/md4.c + +# Auto generated headers +/crypto/buildinf.h +/apps/progs.h +/crypto/include/internal/*_conf.h +/openssl/include/opensslconf.h +/util/domd + +# Executables +/apps/openssl +/test/sha256t +/test/sha512t +/test/gost2814789t +/test/ssltest_old +/test/*test +/test/fips_aesavs +/test/fips_desmovs +/test/fips_dhvs +/test/fips_drbgvs +/test/fips_dssvs +/test/fips_ecdhvs +/test/fips_ecdsavs +/test/fips_rngvs +/test/fips_test_suite +/test/ssltest_old +/test/x509aux +/test/v3ext +/test/versions +/test/rsa_complex + +# Certain files that get created by tests on the fly +/test/test-runs +/test/buildtest_* + +# Fuzz stuff. +# Anything without an extension is an executable on Unix, so we keep files +# with extensions. And we keep the corpora subddir versioned as well. +# Anything more generic with extensions that should be ignored will be taken +# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...) +/fuzz/* +!/fuzz/README* +!/fuzz/corpora +!/fuzz/*.* + +# Misc auto generated files +/include/openssl/opensslconf.h +/tools/c_rehash +/tools/c_rehash.pl +/util/shlib_wrap.sh +/tags +/TAGS +/crypto.map +/ssl.map + +# Windows (legacy) +/tmp32 +/tmp32.dbg +/tmp32dll +/tmp32dll.dbg +/out32 +/out32.dbg +/out32dll +/out32dll.dbg +/inc32 +/MINFO +/ms/.rnd +/ms/bcb.mak +/ms/libeay32.def +/ms/nt.mak +/ms/ntdll.mak +/ms/ssleay32.def +/ms/version32.rc + +# Files created on other branches that are not held in git, and are not +# needed on this branch +/include/openssl/asn1_mac.h +/include/openssl/des_old.h +/include/openssl/fips.h +/include/openssl/fips_rand.h +/include/openssl/krb5_asn.h +/include/openssl/kssl.h +/include/openssl/pq_compat.h +/include/openssl/ssl23.h +/include/openssl/tmdiff.h +/include/openssl/ui_compat.h +/test/fips_aesavs.c +/test/fips_desmovs.c +/test/fips_dsatest.c +/test/fips_dssvs.c +/test/fips_hmactest.c +/test/fips_randtest.c +/test/fips_rngvs.c +/test/fips_rsagtest.c +/test/fips_rsastest.c +/test/fips_rsavtest.c +/test/fips_shatest.c +/test/fips_test_suite.c +/test/shatest.c + +##### Generic patterns +# Auto generated assembly language source files +*.s +!/crypto/*/asm/*.s +/crypto/arm*.S +/crypto/*/*.S +*.asm +!/crypto/*/asm/*.asm + +# Object files +*.o +*.obj + +# editor artefacts +*.swp +.#* +\#*# +*~ + +# Certificate symbolic links +*.0 + +# All kinds of executables +*.so +*.so.* +*.dylib +*.dylib.* +*.dll +*.dll.* +*.exe +*.pyc +*.exp +*.lib +*.pdb +*.ilk +*.def +*.rc +*.res + +# Misc generated stuff +Makefile.save +/crypto/**/lib +/engines/**/lib +/ssl/**/lib +*.bak +cscope.* +*.d +pod2htmd.tmp + +# Windows manifest files +*.manifest diff --git a/vendor/openssl/.travis-apt-pin.preferences b/vendor/openssl/.travis-apt-pin.preferences new file mode 100644 index 000000000..1797bd041 --- /dev/null +++ b/vendor/openssl/.travis-apt-pin.preferences @@ -0,0 +1,15 @@ +Package: clang-3.9 +Pin: release o=Ubuntu +Pin-Priority: -1 + +Package: libclang-common-3.9-dev +Pin: release o=Ubuntu +Pin-Priority: -1 + +Package: libclang1-3.9 +Pin: release o=Ubuntu +Pin-Priority: -1 + +Package: libllvm3.9v4 +Pin: release o=Ubuntu +Pin-Priority: -1 diff --git a/vendor/openssl/.travis.yml b/vendor/openssl/.travis.yml index 47784809e..1c1db2b73 100644 --- a/vendor/openssl/.travis.yml +++ b/vendor/openssl/.travis.yml @@ -28,70 +28,29 @@ env: - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes" - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes" - CONFIG_OPTS="no-ec" BUILDONLY="yes" + - CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes" matrix: include: - os: linux - addons: - apt: - packages: - - clang-3.9 - sources: - - llvm-toolchain-trusty-3.9 - - ubuntu-toolchain-r-test compiler: clang-3.9 env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes" - os: linux compiler: gcc env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes" - os: linux - addons: - apt: - packages: - - clang-3.9 - sources: - - llvm-toolchain-trusty-3.9 - - ubuntu-toolchain-r-test compiler: clang-3.9 env: CONFIG_OPTS="enable-asan" - os: linux - addons: - apt: - packages: - - clang-3.9 - sources: - - llvm-toolchain-trusty-3.9 - - ubuntu-toolchain-r-test compiler: clang-3.9 env: CONFIG_OPTS="enable-msan" - os: linux - addons: - apt: - packages: - - clang-3.9 - sources: - - llvm-toolchain-trusty-3.9 - - ubuntu-toolchain-r-test compiler: clang-3.9 env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment" - os: linux - addons: - apt: - packages: - - clang-3.9 - sources: - - llvm-toolchain-trusty-3.9 - - ubuntu-toolchain-r-test compiler: clang-3.9 env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2" - os: linux - addons: - apt: - packages: - - clang-3.9 - sources: - - llvm-toolchain-trusty-3.9 - - ubuntu-toolchain-r-test compiler: clang-3.9 env: CONFIG_OPTS="no-stdio" - os: linux @@ -102,7 +61,7 @@ matrix: sources: - ubuntu-toolchain-r-test compiler: gcc-5 - env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" + env: UBUNTU_GCC_HACK="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" - os: linux addons: apt: @@ -110,7 +69,7 @@ matrix: - binutils-mingw-w64 - gcc-mingw-w64 compiler: i686-w64-mingw32-gcc - env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz" + env: CONFIG_OPTS="no-pic" - os: linux addons: apt: @@ -126,7 +85,7 @@ matrix: - binutils-mingw-w64 - gcc-mingw-w64 compiler: x86_64-w64-mingw32-gcc - env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz" + env: CONFIG_OPTS="no-pic" - os: linux addons: apt: @@ -153,6 +112,10 @@ before_script: srcdir=.; top=.; fi + - if [ -n "$UBUNTU_GCC_HACK" ]; then + $CC -dumpspecs | sed "s/--push-state//g; s/--pop-state/--as-needed/g" > gcc-specs.txt; + CC="$CC -specs=gcc-specs.txt"; + fi - if [ "$CC" == i686-w64-mingw32-gcc ]; then export CROSS_COMPILE=${CC%%gcc}; unset CC; $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format; @@ -160,7 +123,14 @@ before_script: export CROSS_COMPILE=${CC%%gcc}; unset CC; $srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format; else - if which ccache >/dev/null && [ "$CC" != clang-3.9 ]; then + if [ "$CC" == clang-3.9 ]; then + sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang; + curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -; + echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null; + sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test"; + sudo -E apt-get -yq update; + sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9; + elif which ccache >/dev/null; then CC="ccache $CC"; fi; $srcdir/config -v $CONFIG_OPTS; @@ -187,8 +157,24 @@ script: else top=.; fi - - $make update - - $make + - if $make update; then + echo -e '+\057 MAKE UPDATE OK'; + else + echo -e '+\057 MAKE UPDATE FAILED'; false; + fi; + git diff --exit-code + - if [ -n "$CHECKDOCS" ]; then + if $make doc-nits; then + echo -e '+\057\057 MAKE DOC-NITS OK'; + else + echo -e '+\057\057 MAKE DOC-NITS FAILED'; false; + fi; + fi + - if $make ; then + echo -e '+\057\057\057 MAKE OK'; + else + echo -e '+\057\057\057 MAKE FAILED'; false; + fi; - if [ -z "$BUILDONLY" ]; then if [ -n "$CROSS_COMPILE" ]; then sudo apt-get -yq install wine; @@ -196,11 +182,19 @@ script: fi; HARNESS_VERBOSE=yes make test; else - $make build_tests; + if $make build_tests; then + echo -e '+\057\057\075 MAKE BUILD_TESTS OK'; + else + echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false; + fi; fi - if [ -n "$DESTDIR" ]; then mkdir "../$DESTDIR"; - $make install install_docs DESTDIR="../$DESTDIR"; + if $make install DESTDIR="../$DESTDIR"; then + echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK'; + else + echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false; + fi; fi - cd $top diff --git a/vendor/openssl/CHANGES b/vendor/openssl/CHANGES index 49f9f7882..cf76704d1 100644 --- a/vendor/openssl/CHANGES +++ b/vendor/openssl/CHANGES @@ -2,6 +2,226 @@ OpenSSL CHANGES _______________ + This is a high-level summary of the most important changes. + For a full list of changes, see the git commit log; for example, + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + + Changes between 1.1.0i and 1.1.0j [20 Nov 2018] + + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Timing vulnerability in ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + (CVE-2018-0735) + [Paul Dale] + + *) Add coordinate blinding for EC_POINT and implement projective + coordinate blinding for generic prime curves as a countermeasure to + chosen point SCA attacks. + [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley] + + Changes between 1.1.0h and 1.1.0i [14 Aug 2018] + + *) Client DoS due to large DH parameter + + During key agreement in a TLS handshake using a DH(E) based ciphersuite a + malicious server can send a very large prime value to the client. This will + cause the client to spend an unreasonably long period of time generating a + key for this prime resulting in a hang until the client has finished. This + could be exploited in a Denial Of Service attack. + + This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken + (CVE-2018-0732) + [Guido Vranken] + + *) Cache timing vulnerability in RSA Key Generation + + The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to + a cache timing side channel attack. An attacker with sufficient access to + mount cache timing attacks during the RSA key generation process could + recover the private key. + + This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera + Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia. + (CVE-2018-0737) + [Billy Brumley] + + *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str + parameter is no longer accepted, as it leads to a corrupt table. NULL + pem_str is reserved for alias entries only. + [Richard Levitte] + + *) Revert blinding in ECDSA sign and instead make problematic addition + length-invariant. Switch even to fixed-length Montgomery multiplication. + [Andy Polyakov] + + *) Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + For larger primes this will result in more rounds of Miller-Rabin. + The maximal error rate for primes with more than 1080 bits is lowered + to 2^-128. + [Kurt Roeckx, Annie Yousar] + + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + + *) Add blinding to ECDSA and DSA signatures to protect against side channel + attacks discovered by Keegan Ryan (NCC Group). + [Matt Caswell] + + *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we + now allow empty (zero character) pass phrases. + [Richard Levitte] + + *) Certificate time validation (X509_cmp_time) enforces stricter + compliance with RFC 5280. Fractional seconds and timezone offsets + are no longer allowed. + [Emilia Käsper] + + *) Fixed a text canonicalisation bug in CMS + + Where a CMS detached signature is used with text content the text goes + through a canonicalisation process first prior to signing or verifying a + signature. This process strips trailing space at the end of lines, converts + line terminators to CRLF and removes additional trailing line terminators + at the end of a file. A bug in the canonicalisation process meant that + some characters, such as form-feed, were incorrectly treated as whitespace + and removed. This is contrary to the specification (RFC5485). This fix + could mean that detached text data signed with an earlier version of + OpenSSL 1.1.0 may fail to verify using the fixed version, or text data + signed with a fixed OpenSSL may fail to verify with an earlier version of + OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data + and use the "-binary" flag (for the "cms" command line application) or set + the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()). + [Matt Caswell] + + Changes between 1.1.0g and 1.1.0h [27 Mar 2018] + + *) Constructed ASN.1 types with a recursive definition could exceed the stack + + Constructed ASN.1 types with a recursive definition (such as can be found + in PKCS7) could eventually exceed the stack given malicious input with + excessive recursion. This could result in a Denial Of Service attack. There + are no such structures used within SSL/TLS that come from untrusted sources + so this is considered safe. + + This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz + project. + (CVE-2018-0739) + [Matt Caswell] + + *) Incorrect CRYPTO_memcmp on HP-UX PA-RISC + + Because of an implementation bug the PA-RISC CRYPTO_memcmp function is + effectively reduced to only comparing the least significant bit of each + byte. This allows an attacker to forge messages that would be considered as + authenticated in an amount of tries lower than that guaranteed by the + security claims of the scheme. The module can only be compiled by the + HP-UX assembler, so that only HP-UX PA-RISC targets are affected. + + This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg + (IBM). + (CVE-2018-0733) + [Andy Polyakov] + + *) Add a build target 'build_all_generated', to build all generated files + and only that. This can be used to prepare everything that requires + things like perl for a system that lacks perl and then move everything + to that system and do the rest of the build there. + [Richard Levitte] + + *) Backport SSL_OP_NO_RENGOTIATION + + OpenSSL 1.0.2 and below had the ability to disable renegotiation using the + (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity + changes this is no longer possible in 1.1.0. Therefore the new + SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to + 1.1.0 to provide equivalent functionality. + + Note that if an application built against 1.1.0h headers (or above) is run + using an older version of 1.1.0 (prior to 1.1.0h) then the option will be + accepted but nothing will happen, i.e. renegotiation will not be prevented. + [Matt Caswell] + + *) Removed the OS390-Unix config target. It relied on a script that doesn't + exist. + [Rich Salz] + + *) rsaz_1024_mul_avx2 overflow bug on x86_64 + + There is an overflow bug in the AVX2 Montgomery multiplication procedure + used in exponentiation with 1024-bit moduli. No EC algorithms are affected. + Analysis suggests that attacks against RSA and DSA as a result of this + defect would be very difficult to perform and are not believed likely. + Attacks against DH1024 are considered just feasible, because most of the + work necessary to deduce information about a private key may be performed + offline. The amount of resources required for such an attack would be + significant. However, for an attack on TLS to be meaningful, the server + would have to share the DH1024 private key among multiple clients, which is + no longer an option since CVE-2016-0701. + + This only affects processors that support the AVX2 but not ADX extensions + like Intel Haswell (4th generation). + + This issue was reported to OpenSSL by David Benjamin (Google). The issue + was originally found via the OSS-Fuzz project. + (CVE-2017-3738) + [Andy Polyakov] + + Changes between 1.1.0f and 1.1.0g [2 Nov 2017] + + *) bn_sqrx8x_internal carry bug on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. + + This only affects processors that support the BMI1, BMI2 and ADX extensions + like Intel Broadwell (5th generation) and later or AMD Ryzen. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3736) + [Andy Polyakov] + + *) Malformed X.509 IPAddressFamily could cause OOB read + + If an X.509 certificate has a malformed IPAddressFamily extension, + OpenSSL could do a one-byte buffer overread. The most likely result + would be an erroneous display of the certificate in text format. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3735) + [Rich Salz] + + *) Ignore the '-named_curve auto' value for compatibility of applications + with OpenSSL 1.0.2. + [Tomas Mraz ] + + *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. + [Emilia Käsper] + Changes between 1.1.0e and 1.1.0f [25 May 2017] *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target @@ -2944,8 +3164,11 @@ to work with OPENSSL_NO_SSL_INTERN defined. [Steve Henson] - *) Add SRP support. - [Tom Wu and Ben Laurie] + *) A long standing patch to add support for SRP from EdelWeb (Peter + Sylvester and Christophe Renou) was integrated. + [Christophe Renou , Peter Sylvester + , Tom Wu , and + Ben Laurie] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] diff --git a/vendor/openssl/CONTRIBUTING b/vendor/openssl/CONTRIBUTING index 1eebaf37e..a6977b811 100644 --- a/vendor/openssl/CONTRIBUTING +++ b/vendor/openssl/CONTRIBUTING @@ -1,26 +1,26 @@ -HOW TO CONTRIBUTE PATCHES TO OpenSSL ------------------------------------- +HOW TO CONTRIBUTE TO OpenSSL +---------------------------- (Please visit https://www.openssl.org/community/getting-started.html for other ideas about how to contribute.) -Development is coordinated on the openssl-dev mailing list (see the -above link or https://mta.openssl.org for information on subscribing). -If you are unsure as to whether a feature will be useful for the general -OpenSSL community you might want to discuss it on the openssl-dev mailing -list first. Someone may be already working on the same thing or there -may be a good reason as to why that feature isn't implemented. +Development is done on GitHub, https://github.com/openssl/openssl. -To submit a patch, make a pull request on GitHub. If you think the patch -could use feedback from the community, please start a thread on openssl-dev -to discuss it. +To request new features or report bugs, please open an issue on GitHub -Having addressed the following items before the PR will help make the -acceptance and review process faster: +To submit a patch, please open a pull request on GitHub. If you are thinking +of making a large contribution, open an issue for it before starting work, +to get comments from the community. Someone may be already working on +the same thing or there may be reasons why that feature isn't implemented. - 1. Anything other than trivial contributions will require a contributor - licensing agreement, giving us permission to use your code. See - https://www.openssl.org/policies/cla.html for details. +To make it easier to review and accept your pull request, please follow these +guidelines: + + 1. Anything other than a trivial contribution requires a Contributor + License Agreement (CLA), giving us permission to use your code. See + https://www.openssl.org/policies/cla.html for details. If your + contribution is too small to require a CLA, put "CLA: trivial" on a + line by itself in your commit message body. 2. All source files should start with the following text (with appropriate comment characters at the start of each line and the @@ -34,21 +34,38 @@ acceptance and review process faster: https://www.openssl.org/source/license.html 3. Patches should be as current as possible; expect to have to rebase - often. We do not accept merge commits; You will be asked to remove - them before a patch is considered acceptable. + often. We do not accept merge commits, you will have to remove them + (usually by rebasing) before it will be acceptable. 4. Patches should follow our coding style (see - https://www.openssl.org/policies/codingstyle.html) and compile without - warnings. Where gcc or clang is available you should use the + https://www.openssl.org/policies/codingstyle.html) and compile + without warnings. Where gcc or clang is available you should use the --strict-warnings Configure option. OpenSSL compiles on many varied - platforms: try to ensure you only use portable features. - Clean builds via Travis and AppVeyor are expected, and done whenever - a PR is created or updated. + platforms: try to ensure you only use portable features. Clean builds + via Travis and AppVeyor are required, and they are started automatically + whenever a PR is created or updated. 5. When at all possible, patches should include tests. These can either be added to an existing test, or completely new. Please see test/README for information on the test framework. 6. New features or changed functionality must include - documentation. Please look at the "pod" files in doc/apps, doc/crypto - and doc/ssl for examples of our style. + documentation. Please look at the "pod" files in doc for + examples of our style. + + 7. For user visible changes (API changes, behaviour changes, ...), + consider adding a note in CHANGES. This could be a summarising + description of the change, and could explain the grander details. + Have a look through existing entries for inspiration. + Please note that this is NOT simply a copy of git-log oneliners. + Also note that security fixes get an entry in CHANGES. + This file helps users get more in depth information of what comes + with a specific release without having to sift through the higher + noise ratio in git-log. + + 8. For larger or more important user visible changes, as well as + security fixes, please add a line in NEWS. On exception, it might be + worth adding a multi-line entry (such as the entry that announces all + the types that became opaque with OpenSSL 1.1.0). + This file helps users get a very quick summary of what comes with a + specific release, to see if an upgrade is worth the effort. diff --git a/vendor/openssl/Configurations/00-base-templates.conf b/vendor/openssl/Configurations/00-base-templates.conf index 3455b3ace..8503c2f34 100644 --- a/vendor/openssl/Configurations/00-base-templates.conf +++ b/vendor/openssl/Configurations/00-base-templates.conf @@ -68,6 +68,8 @@ } return (); }, + shared_extension => ".so", + build_scheme => [ "unified", "unix" ], build_file => "Makefile", }, @@ -99,6 +101,8 @@ mtinflag => "-manifest ", mtoutflag => "-outputresource:", + shared_extension => ".dll", + build_file => "makefile", build_scheme => [ "unified", "windows" ], }, @@ -107,6 +111,8 @@ inherit_from => [ "BASE_common" ], template => 1, + shared_extension => ".exe", + build_file => "descrip.mms", build_scheme => [ "unified", "VMS" ], }, diff --git a/vendor/openssl/Configurations/10-main.conf b/vendor/openssl/Configurations/10-main.conf index 39b89e7e9..6c05c2809 100644 --- a/vendor/openssl/Configurations/10-main.conf +++ b/vendor/openssl/Configurations/10-main.conf @@ -14,7 +14,7 @@ sub vc_win64a_info { asflags => "/c /Cp /Cx /Zi", asoutflag => "/Fo" }; } else { - $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n"); + $die->("NASM not found - make sure it's installed and available on %PATH%\n"); $vc_win64a_info = { as => "{unknown}", asflags => "", asoutflag => "" }; @@ -39,7 +39,7 @@ sub vc_win32_info { asoutflag => "/Fo", perlasm_scheme => "win32" }; } else { - $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n"); + $die->("NASM not found - make sure it's installed and available on %PATH%\n"); $vc_win32_info = { as => "{unknown}", asflags => "", asoutflag => "", @@ -204,6 +204,7 @@ sub vms_info { debug => "-O0 -g", release => "-O3 -fomit-frame-pointer"), threads("-pthread")), + ex_libs => add(threads("-pthread")), bn_ops => "BN_LLONG", shared_cflag => "-fPIC", shared_ldflag => "-shared -static-libgcc", @@ -223,6 +224,7 @@ sub vms_info { debug => "-O0 -g", release => "-O3"), threads("-pthread")), + ex_libs => add(threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", shared_cflag => "-fPIC", @@ -268,6 +270,7 @@ sub vms_info { debug => "-O0 -g", release => "-O3"), threads("-pthread")), + ex_libs => add(threads("-pthread")), bn_ops => "BN_LLONG RC4_CHAR", shared_cflag => "-fPIC", shared_ldflag => "-shared", @@ -425,18 +428,25 @@ sub vms_info { # even PA-RISC 2.0-specific code paths, which are chosen at run-time, # thus adequate performance is provided even with PA-RISC 1.1 build. # - "hpux-parisc-gcc" => { + "hpux-common" => { inherit_from => [ "BASE_unix" ], + template => 1, + defines => add("_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED", + "_HPUX_ALT_XOPEN_SOCKET_API"), + thread_scheme => "pthreads", + dso_scheme => "dlfcn", # overridden in 32-bit PA-RISC builds + shared_target => "hpux-shared", + }, + "hpux-parisc-gcc" => { + inherit_from => [ "hpux-common" ], cc => "gcc", cflags => combine(picker(default => "-DB_ENDIAN -DBN_DIV2W", debug => "-O0 -g", release => "-O3"), threads("-pthread")), - ex_libs => add("-Wl,+s -ldld"), + ex_libs => add("-Wl,+s -ldld", threads("-pthread")), bn_ops => "BN_LLONG", - thread_scheme => "pthreads", dso_scheme => "dl", - shared_target => "hpux-shared", shared_cflag => "-fPIC", shared_ldflag => "-shared", shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -446,7 +456,7 @@ sub vms_info { multilib => "/pa1.1", }, "hpux64-parisc2-gcc" => { - inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ], + inherit_from => [ "hpux-common", asm("parisc20_64_asm") ], cc => "gcc", cflags => combine(picker(default => "-DB_ENDIAN", debug => "-O0 -g", @@ -454,9 +464,6 @@ sub vms_info { threads("-D_REENTRANT")), ex_libs => add("-ldl"), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "hpux-shared", shared_cflag => "-fpic", shared_ldflag => "-shared", shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -468,7 +475,7 @@ sub vms_info { # Chris Ruemmler # Kevin Steves "hpux-parisc-cc" => { - inherit_from => [ "BASE_unix" ], + inherit_from => [ "hpux-common" ], cc => "cc", cflags => combine(picker(default => "+Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY", debug => "+O0 +d -g", @@ -476,9 +483,7 @@ sub vms_info { threads("-D_REENTRANT")), ex_libs => add("-Wl,+s -ldld",threads("-lpthread")), bn_ops => "RC4_CHAR", - thread_scheme => "pthreads", dso_scheme => "dl", - shared_target => "hpux-shared", shared_cflag => "+Z", shared_ldflag => "-b", shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -489,7 +494,7 @@ sub vms_info { multilib => "/pa1.1", }, "hpux64-parisc2-cc" => { - inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ], + inherit_from => [ "hpux-common", asm("parisc20_64_asm") ], cc => "cc", cflags => combine(picker(default => "+DD64 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY", debug => "+O0 +d -g", @@ -497,9 +502,6 @@ sub vms_info { threads("-D_REENTRANT")), ex_libs => add("-ldl",threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "hpux-shared", shared_cflag => "+Z", shared_ldflag => "+DD64 -b", shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -508,7 +510,7 @@ sub vms_info { # HP/UX IA-64 targets "hpux-ia64-cc" => { - inherit_from => [ "BASE_unix", asm("ia64_asm") ], + inherit_from => [ "hpux-common", asm("ia64_asm") ], cc => "cc", cflags => combine(picker(default => "-Ae +DD32 +Olit=all -z -DB_ENDIAN", debug => "+O0 +d -g", @@ -516,9 +518,6 @@ sub vms_info { threads("-D_REENTRANT")), ex_libs => add("-ldl",threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "hpux-shared", shared_cflag => "+Z", shared_ldflag => "+DD32 -b", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -527,7 +526,7 @@ sub vms_info { # Frank Geurts has patiently assisted # with debugging of the following config. "hpux64-ia64-cc" => { - inherit_from => [ "BASE_unix", asm("ia64_asm") ], + inherit_from => [ "hpux-common", asm("ia64_asm") ], cc => "cc", cflags => combine(picker(default => "-Ae +DD64 +Olit=all -z -DB_ENDIAN", debug => "+O0 +d -g", @@ -535,9 +534,6 @@ sub vms_info { threads("-D_REENTRANT")), ex_libs => add("-ldl", threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT_LONG", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "hpux-shared", shared_cflag => "+Z", shared_ldflag => "+DD64 -b", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -545,34 +541,28 @@ sub vms_info { }, # GCC builds... "hpux-ia64-gcc" => { - inherit_from => [ "BASE_unix", asm("ia64_asm") ], + inherit_from => [ "hpux-common", asm("ia64_asm") ], cc => "gcc", cflags => combine(picker(default => "-DB_ENDIAN", debug => "-O0 -g", release => "-O3"), threads("-pthread")), - ex_libs => add("-ldl"), + ex_libs => add("-ldl", threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "hpux-shared", shared_cflag => "-fpic", shared_ldflag => "-shared", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "/hpux32", }, "hpux64-ia64-gcc" => { - inherit_from => [ "BASE_unix", asm("ia64_asm") ], + inherit_from => [ "hpux-common", asm("ia64_asm") ], cc => "gcc", cflags => combine(picker(default => "-mlp64 -DB_ENDIAN", debug => "-O0 -g", release => "-O3"), threads("-pthread")), - ex_libs => add("-ldl"), + ex_libs => add("-ldl", threads("-pthread")), bn_ops => "SIXTY_FOUR_BIT_LONG", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "hpux-shared", shared_cflag => "-fpic", shared_ldflag => "-mlp64 -shared", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -583,7 +573,7 @@ sub vms_info { "MPE/iX-gcc" => { inherit_from => [ "BASE_unix" ], cc => "gcc", - cflags => "-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB", + cflags => "-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB", sys_id => "MPE", ex_libs => add("-L/SYSLOG/PUB -lsyslog -lsocket -lcurses"), thread_scheme => "(unknown)", @@ -599,7 +589,7 @@ sub vms_info { cc => "gcc", cflags => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3", threads("-pthread")), - ex_libs => "-lrt", # for mlock(2) + ex_libs => add("-lrt", threads("-pthread")), # for mlock(2) bn_ops => "SIXTY_FOUR_BIT_LONG", thread_scheme => "pthreads", dso_scheme => "dlfcn", @@ -611,7 +601,7 @@ sub vms_info { cc => "cc", cflags => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -tune host -fast -readonly_strings", threads("-pthread")), - ex_libs => "-lrt", # for mlock(2) + ex_libs => add("-lrt", threads("-pthread")), # for mlock(2) bn_ops => "SIXTY_FOUR_BIT_LONG", thread_scheme => "pthreads", dso_scheme => "dlfcn", @@ -632,7 +622,7 @@ sub vms_info { debug => "-O0 -g", release => "-O3"), threads("-pthread")), - ex_libs => add("-ldl"), + ex_libs => add("-ldl", threads("-pthread")), bn_ops => "BN_LLONG RC4_CHAR", thread_scheme => "pthreads", dso_scheme => "dlfcn", @@ -896,7 +886,7 @@ sub vms_info { # # ANDROID_NDK=/some/where/android-ndk-10d # CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm - # CROSS_COMPILE=arm-linux-adroideabi- + # CROSS_COMPILE=arm-linux-androideabi- # PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin # "android" => { @@ -1177,6 +1167,7 @@ sub vms_info { debug => "-O0 -g", release => "-O"), threads("-pthread")), + ex_libs => add(threads("-pthread")), sys_id => "AIX", bn_ops => "BN_LLONG RC4_CHAR", thread_scheme => "pthreads", @@ -1194,6 +1185,7 @@ sub vms_info { debug => "-O0 -g", release => "-O"), threads("-pthread")), + ex_libs => add(threads("-pthread")), sys_id => "AIX", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", thread_scheme => "pthreads", @@ -1218,6 +1210,7 @@ sub vms_info { perlasm_scheme => "aix32", dso_scheme => "dlfcn", shared_target => "aix-shared", + shared_cflag => "-qpic", shared_ldflag => "-q32 -G", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", arflags => "-X 32", @@ -1236,6 +1229,7 @@ sub vms_info { perlasm_scheme => "aix64", dso_scheme => "dlfcn", shared_target => "aix-shared", + shared_cflag => "-qpic", shared_ldflag => "-q64 -G", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", arflags => "-X 64", @@ -1251,18 +1245,6 @@ sub vms_info { thread_scheme => "(unknown)", }, -# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe -# You need to compile using the c89.sh wrapper in the tools directory, because the -# IBM compiler does not like the -L switch after any object modules. -# - "OS390-Unix" => { - inherit_from => [ "BASE_unix" ], - cc => "c89.sh", - cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE", - bn_ops => "THIRTY_TWO_BIT RC4_CHAR", - thread_scheme => "(unknown)", - }, - #### Visual C targets # # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 @@ -1590,6 +1572,7 @@ sub vms_info { inherit_from => [ "darwin-common", asm("ppc32_asm") ], cflags => add("-arch ppc -std=gnu9x -DB_ENDIAN -Wa,-force_cpusubtype_ALL"), perlasm_scheme => "osx32", + shared_cflag => add("-fno-common"), shared_ldflag => "-arch ppc -dynamiclib", }, "darwin64-ppc-cc" => { @@ -1659,7 +1642,7 @@ sub vms_info { cc => "gcc", cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall", threads("-pthread")), - ex_libs => add("-ldl"), + ex_libs => add("-ldl", threads("-pthread")), bn_ops => "BN_LLONG", thread_scheme => "pthreads", dso_scheme => "dlfcn", @@ -1735,9 +1718,7 @@ sub vms_info { "uClinux-dist" => { inherit_from => [ "BASE_unix" ], cc => "$ENV{'CC'}", - cflags => combine("\$(CFLAGS)", - threads("-D_REENTRANT")), - plib_lflags => "\$(LDFLAGS)", + cflags => combine(threads("-D_REENTRANT")), ex_libs => add("\$(LDLIBS)"), bn_ops => "BN_LLONG", thread_scheme => "pthreads", @@ -1751,9 +1732,7 @@ sub vms_info { "uClinux-dist64" => { inherit_from => [ "BASE_unix" ], cc => "$ENV{'CC'}", - cflags => combine("\$(CFLAGS)", - threads("-D_REENTRANT")), - plib_lflags => "\$(LDFLAGS)", + cflags => combine(threads("-D_REENTRANT")), ex_libs => add("\$(LDLIBS)"), bn_ops => "SIXTY_FOUR_BIT_LONG", thread_scheme => "pthreads", diff --git a/vendor/openssl/Configurations/90-team.conf b/vendor/openssl/Configurations/90-team.norelease.conf similarity index 97% rename from vendor/openssl/Configurations/90-team.conf rename to vendor/openssl/Configurations/90-team.norelease.conf index 0a83c22aa..c7f709538 100644 --- a/vendor/openssl/Configurations/90-team.conf +++ b/vendor/openssl/Configurations/90-team.norelease.conf @@ -76,11 +76,6 @@ shared_cflag => "-fPIC", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, - "dist" => { - cc => "cc", - cflags => "-O", - thread_scheme => "(unknown)", - }, "debug-test-64-clang" => { inherit_from => [ "x86_64_asm" ], cc => "clang", diff --git a/vendor/openssl/Configurations/README b/vendor/openssl/Configurations/README index 47971c27b..6e1364549 100644 --- a/vendor/openssl/Configurations/README +++ b/vendor/openssl/Configurations/README @@ -18,10 +18,14 @@ configuration in diverse ways: Configurations of OpenSSL target platforms ========================================== -Target configurations are a collection of facts that we know about +Configuration targets are a collection of facts that we know about different platforms and their capabilities. We organise them in a hash table, where each entry represent a specific target. +Note that configuration target names must be unique across all config +files. The Configure script does check that a config file doesn't +have config targets that shadow config targets from other files. + In each table entry, the following keys are significant: inherit_from => Other targets to inherit values from. @@ -86,6 +90,27 @@ In each table entry, the following keys are significant: files. On unix, this defaults to "" (NOTE: this is here for future use, it's not implemented yet) + shlib_variant => A "variant" identifier inserted between the base + shared library name and the extension. On "unixy" + platforms (BSD, Linux, Solaris, MacOS/X, ...) this + supports installation of custom OpenSSL libraries + that don't conflict with other builds of OpenSSL + installed on the system. The variant identifier + becomes part of the SONAME of the library and also + any symbol versions (symbol versions are not used or + needed with MacOS/X). For example, on a system + where a default build would normally create the SSL + shared library as 'libssl.so -> libssl.so.1.1' with + the value of the symlink as the SONAME, a target + definition that sets 'shlib_variant => "-abc"' will + create 'libssl.so -> libssl-abc.so.1.1', again with + an SONAME equal to the value of the symlink. The + symbol versions associated with the variant library + would then be 'OPENSSL_ABC_' rather than + the default 'OPENSSL_'. The string inserted + into symbol versions is obtained by mapping all + letters in the "variant" identifier to upper case + and all non-alphanumeric characters to '_'. thread_scheme => The type of threads is used on the configured platform. Currently known diff --git a/vendor/openssl/Configurations/common.tmpl b/vendor/openssl/Configurations/common.tmpl index 9d7fbf2e7..13ffe948d 100644 --- a/vendor/openssl/Configurations/common.tmpl +++ b/vendor/openssl/Configurations/common.tmpl @@ -52,8 +52,7 @@ generator_incs => $unified_info{includes}->{$script}, generator_deps => $unified_info{depends}->{$script}, deps => $unified_info{depends}->{$src}, - incs => [ @{$unified_info{includes}->{$bin}}, - @{$unified_info{includes}->{$obj}} ], + incs => $unified_info{includes}->{$obj}, %opts); foreach (@{$unified_info{depends}->{$src}}) { dogenerate($_, $obj, $bin, %opts); @@ -74,8 +73,7 @@ $OUT .= src2obj(obj => $obj_no_o, srcs => $unified_info{sources}->{$obj}, deps => $unified_info{depends}->{$obj}, - incs => [ @{$unified_info{includes}->{$bin}}, - @{$unified_info{includes}->{$obj}} ], + incs => $unified_info{includes}->{$obj}, %opts); foreach ((@{$unified_info{sources}->{$obj}}, @{$unified_info{depends}->{$obj}})) { diff --git a/vendor/openssl/Configurations/descrip.mms.tmpl b/vendor/openssl/Configurations/descrip.mms.tmpl index c4eb0a88a..739928808 100644 --- a/vendor/openssl/Configurations/descrip.mms.tmpl +++ b/vendor/openssl/Configurations/descrip.mms.tmpl @@ -89,7 +89,7 @@ sub dependmagic { my $target = shift; - return "$target : build_generated\n\t\pipe \$(MMS) depend && \$(MMS) _$target\n_$target"; + return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target"; } #use Data::Dumper; #print STDERR "DEBUG: before:\n", Dumper($unified_info{before}); @@ -144,6 +144,9 @@ BIN_SCRIPTS=[.tools]c_rehash.pl MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl {- output_on() if $disabled{apps}; "" -} +APPS_OPENSSL={- use File::Spec::Functions; + catfile("apps","openssl") -} + # DESTDIR is for package builders so that they can configure for, say, # SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER]. # In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run @@ -261,12 +264,18 @@ build_programs_nodep : $(PROGRAMS), $(SCRIPTS) # Kept around for backward compatibility build_apps build_tests : build_programs +# Convenience target to prebuild all generated files, not just the mandatory +# ones +build_all_generated : $(GENERATED_MANDATORY) $(GENERATED) + test : tests {- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep @ ! {- output_off() if $disabled{tests}; "" -} SET DEFAULT [.test]{- move("test") -} + CREATE/DIR [.test-runs] DEFINE SRCTOP {- sourcedir() -} DEFINE BLDTOP {- builddir() -} + DEFINE RESULT_D {- builddir(qw(test test-runs)) -} DEFINE OPENSSL_ENGINES {- builddir("engines") -} DEFINE OPENSSL_DEBUG_MEMORY "on" IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)" @@ -359,12 +368,10 @@ descrip.mms : FORCE # Install helper targets ############################################# -install_sw : all install_shared _install_dev_ns - - install_engines _install_runtime_ns - +install_sw : install_dev install_engines install_runtime - install_startup install_ivp -uninstall_sw : uninstall_shared _uninstall_dev_ns - - uninstall_engines _uninstall_runtime_ns - +uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime - uninstall_startup uninstall_ivp install_docs : install_html_docs @@ -387,17 +394,7 @@ install_ssldirs : check_INSTALLTOP COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} - ossl_dataroot:[000000]openssl.cnf -install_shared : check_INSTALLTOP - @ {- output_off() if $disabled{shared}; "" -} ! - @ WRITE SYS$OUTPUT "*** Installing shareable images" - @ ! Install shared (runtime) libraries - - CREATE/DIR ossl_installroot:[LIB.'arch'] - {- join("\n ", - map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" } - @install_shlibs) -} - @ {- output_on() if $disabled{shared}; "" -} ! - -_install_dev_ns : check_INSTALLTOP +install_dev : check_INSTALLTOP install_runtime_libs @ WRITE SYS$OUTPUT "*** Installing development files" @ ! Install header files - CREATE/DIR ossl_installroot:[include.openssl] @@ -408,9 +405,29 @@ _install_dev_ns : check_INSTALLTOP map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" } @{$unified_info{install}->{libraries}}) -} -install_dev : install_shared _install_dev_ns +install_engines : check_INSTALLTOP install_runtime_libs build_engines + @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} ! + @ WRITE SYS$OUTPUT "*** Installing engines" + - CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch'] + {- join("\n ", + map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" } + @{$unified_info{install}->{engines}}) -} + @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} ! + +install_runtime : install_programs -_install_runtime_ns : check_INSTALLTOP +install_runtime_libs : check_INSTALLTOP build_libs + @ {- output_off() if $disabled{shared}; "" -} ! + @ WRITE SYS$OUTPUT "*** Installing shareable images" + @ ! Install shared (runtime) libraries + - CREATE/DIR ossl_installroot:[LIB.'arch'] + {- join("\n ", + map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" } + @install_shlibs) -} + @ {- output_on() if $disabled{shared}; "" -} ! + +install_programs : check_INSTALLTOP install_runtime_libs build_programs + @ {- output_off() if $disabled{apps}; "" -} ! @ ! Install the main program - CREATE/DIR ossl_installroot:[EXE.'arch'] COPY/PROT=W:RE [.APPS]openssl.EXE - @@ -419,17 +436,6 @@ _install_runtime_ns : check_INSTALLTOP COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE] @ ! {- output_on() if $disabled{apps}; "" -} -install_runtime : install_shared _install_runtime_ns - -install_engines : check_INSTALLTOP - @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} ! - @ WRITE SYS$OUTPUT "*** Installing engines" - - CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch'] - {- join("\n ", - map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" } - @{$unified_info{install}->{engines}}) -} - @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} ! - install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com - [.VMS]openssl_utils.com, check_INSTALLTOP - CREATE/DIR ossl_installroot:[SYS$STARTUP] diff --git a/vendor/openssl/Configurations/dist.conf b/vendor/openssl/Configurations/dist.conf new file mode 100644 index 000000000..4f58dad91 --- /dev/null +++ b/vendor/openssl/Configurations/dist.conf @@ -0,0 +1,12 @@ +## -*- mode: perl; -*- +## Build configuration targets for openssl-team members + +# This is to support 'make dist' +%targets = ( + "dist" => { + inherit_from => [ 'BASE_unix' ], + cc => "cc", + cflags => "-O", + thread_scheme => "(unknown)", + }, +); diff --git a/vendor/openssl/Configurations/unix-Makefile.tmpl b/vendor/openssl/Configurations/unix-Makefile.tmpl index 2cc37cd25..7254478af 100644 --- a/vendor/openssl/Configurations/unix-Makefile.tmpl +++ b/vendor/openssl/Configurations/unix-Makefile.tmpl @@ -8,6 +8,7 @@ our $exeext = $target{exe_extension} || ""; our $libext = $target{lib_extension} || ".a"; our $shlibext = $target{shared_extension} || ".so"; + our $shlibvariant = $target{shlib_variant} || ""; our $shlibextsimple = $target{shared_extension_simple} || ".so"; our $shlibextimport = $target{shared_import_extension} || ""; our $dsoext = $target{dso_extension} || ".so"; @@ -40,7 +41,7 @@ sub shlib { return () if $disabled{shared}; my $lib = shift; - return $unified_info{sharednames}->{$lib} . $shlibext; + return $unified_info{sharednames}->{$lib}. $shlibvariant. $shlibext; } sub shlib_simple { return () if $disabled{shared}; @@ -97,8 +98,7 @@ DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; } {- output_on() if $disabled{makedepend}; "" -} GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -} GENERATED={- join(" ", - ( map { (my $x = $_) =~ s|\.S$|\.s|; $x } - grep { defined $unified_info{generate}->{$_} } + ( grep { defined $unified_info{generate}->{$_} } map { @{$unified_info{sources}->{$_}} } grep { /\.o$/ } keys %{$unified_info{sources}} ), ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -} @@ -113,6 +113,9 @@ BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget {- output_on() if $disabled{apps}; "" -} +APPS_OPENSSL={- use File::Spec::Functions; + catfile("apps","openssl") -} + # DESTDIR is for package builders so that they can configure for, say, # /usr/ and yet have everything installed to /tmp/somedir/usr/. # Normally it is left empty. @@ -204,9 +207,8 @@ TARFILE= ../$(NAME).tar # order to be excused from maintaining a separate set of architecture # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC # gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. -AS=$(CC) -c -ASFLAG=$(CFLAGS) +# and pass it down to assembler. In any case, we do not define AS or +# ASFLAGS for this reason. PERLASM_SCHEME= {- $target{perlasm_scheme} -} # For x86 assembler: Set PROCESSOR to 386 if you want to support @@ -237,15 +239,21 @@ build_programs_nodep: $(PROGRAMS) $(SCRIPTS) # Kept around for backward compatibility build_apps build_tests: build_programs +# Convenience target to prebuild all generated files, not just the mandatory +# ones +build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) + test: tests {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils @ : {- output_off() if $disabled{tests}; "" -} ( cd test; \ + mkdir -p test-runs; \ SRCTOP=../$(SRCDIR) \ BLDTOP=../$(BLDDIR) \ + RESULT_D=test-runs \ PERL="$(PERL)" \ EXE_EXT={- $exeext -} \ - OPENSSL_ENGINES=../$(BLDDIR)/engines \ + OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines; pwd` \ OPENSSL_DEBUG_MEMORY=on \ $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) ) @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} @@ -285,7 +293,7 @@ clean: libclean -$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"` $(RM) core $(RM) tags TAGS doc-nits - $(RM) test/.rnd + $(RM) -r test/test-runs $(RM) openssl.pc libcrypto.pc libssl.pc -$(RM) `find . -type l -a \! -path "./.git/*"` $(RM) $(TARFILE) @@ -315,7 +323,7 @@ depend: # Install helper targets ############################################# -install_sw: all install_dev install_engines install_runtime +install_sw: install_dev install_engines install_runtime uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev @@ -347,7 +355,7 @@ install_ssldirs: chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ fi -install_dev: +install_dev: install_runtime_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @echo "*** Installing development files" @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl @@ -453,7 +461,7 @@ uninstall_dev: -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) -install_engines: +install_engines: install_runtime_libs build_engines @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/ @echo "*** Installing engines" @@ -480,9 +488,10 @@ uninstall_engines: done -$(RMDIR) $(DESTDIR)$(ENGINESDIR) -install_runtime: +install_runtime: install_programs + +install_runtime_libs: build_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin @ : {- output_off() if windowsdll(); "" -} @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) @ : {- output_on() if windowsdll(); "" -} @@ -504,6 +513,11 @@ install_runtime: $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \ : {- output_on() if windowsdll(); "" -}; \ done + +install_programs: install_runtime_libs build_programs + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin + @echo "*** Installing runtime programs" @set -e; for x in dummy $(INSTALL_PROGRAMS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ @@ -523,8 +537,10 @@ install_runtime: $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ done -uninstall_runtime: - @echo "*** Uninstalling runtime files" +uninstall_runtime: uninstall_programs uninstall_runtime_libs + +uninstall_programs: + @echo "*** Uninstalling runtime programs" @set -e; for x in dummy $(INSTALL_PROGRAMS); \ do \ if [ "$$x" = "dummy" ]; then continue; fi; \ @@ -539,6 +555,10 @@ uninstall_runtime: echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ done + -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin + +uninstall_runtime_libs: + @echo "*** Uninstalling runtime libraries" @ : {- output_off() unless windowsdll(); "" -} @set -e; for s in dummy $(INSTALL_SHLIBS); do \ if [ "$$s" = "dummy" ]; then continue; fi; \ @@ -547,7 +567,6 @@ uninstall_runtime: $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ done @ : {- output_on() unless windowsdll(); "" -} - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin install_man_docs: @@ -592,19 +611,9 @@ doc-nits: lint: lint -DLINT $(INCLUDES) $(SRCS) -{- # because the program apps/openssl has object files as sources, and - # they then have the corresponding C files as source, we need to chain - # the lookups in %unified_info - my $apps_openssl = catfile("apps","openssl"); - our @openssl_source = map { @{$unified_info{sources}->{$_}} } - @{$unified_info{sources}->{$apps_openssl}}; - ""; -} generate_apps: ( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \ < apps/openssl.cnf > apps/openssl-vms.cnf ) - ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b apps/progs.pl \ - {- join(" ", @openssl_source) -} \ - > apps/progs.h ) generate_crypto_bn: ( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h ) @@ -656,25 +665,30 @@ tags TAGS: FORCE # Release targets (note: only available on Unix) ##################### +# If your tar command doesn't support --owner and --group, make sure to +# use one that does, for example GNU tar TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf - PREPARE_CMD=: tar: + set -e; \ TMPDIR=/var/tmp/openssl-copy.$$$$; \ DISTDIR=$(NAME); \ mkdir -p $$TMPDIR/$$DISTDIR; \ (cd $(SRCDIR); \ + excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf)"; \ + echo "$$excl_re"; \ git ls-tree -r --name-only --full-tree HEAD \ - | grep -v '^fuzz/corpora' \ + | egrep -v "$$excl_re" \ | while read F; do \ mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \ cp $$F $$TMPDIR/$$DISTDIR/$$F; \ done); \ - (cd $$TMPDIR; \ + (cd $$TMPDIR/$$DISTDIR; \ $(PREPARE_CMD); \ - find $$TMPDIR/$$DISTDIR -type d -print | xargs chmod 755; \ - find $$TMPDIR/$$DISTDIR -type f -print | xargs chmod a+r; \ - find $$TMPDIR/$$DISTDIR -type f -perm -0100 -print | xargs chmod a+x; \ - $(TAR_COMMAND) $$DISTDIR) \ + find . -type d -print | xargs chmod 755; \ + find . -type f -print | xargs chmod a+r; \ + find . -type f -perm -0100 -print | xargs chmod a+x); \ + (cd $$TMPDIR; $(TAR_COMMAND) $$DISTDIR) \ | (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \ rm -rf $$TMPDIR cd $(SRCDIR); ls -l $(TARFILE).gz @@ -722,7 +736,6 @@ libssl.pc: echo 'Version: '$(VERSION); \ echo 'Requires.private: libcrypto'; \ echo 'Libs: -L$${libdir} -lssl'; \ - echo 'Libs.private: $(EX_LIBS)'; \ echo 'Cflags: -I$${includedir}' ) > libssl.pc openssl.pc: @@ -799,20 +812,6 @@ EOF } if (defined($generator)) { - # If the target is named foo.S in build.info, we want to - # end up generating foo.s in two steps. - if ($args{src} =~ /\.S$/) { - (my $target = $args{src}) =~ s|\.S$|.s|; - return <<"EOF"; -$target: $args{generator}->[0] $deps - ( trap "rm -f \$@.*" INT 0; \\ - $generator \$@.S; \\ - \$(CC) $incs \$(CFLAGS) -E \$@.S | \\ - \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.i && \\ - mv -f \$@.i \$@ ) -EOF - } - # Otherwise.... return <<"EOF"; $args{src}: $args{generator}->[0] $deps $generator \$@ @@ -820,7 +819,7 @@ EOF } return <<"EOF"; $args{src}: $args{generator}->[0] $deps - \$(CC) $incs \$(CFLAGS) -E \$< | \\ + \$(CC) $incs \$(CFLAGS) -E $args{generator}->[0] | \\ \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@ EOF } @@ -832,12 +831,7 @@ EOF sub src2obj { my %args = @_; my $obj = $args{obj}; - my @srcs = map { if ($unified_info{generate}->{$_}) { - (my $x = $_) =~ s/\.S$/.s/; $x - } else { - $_ - } - } ( @{$args{srcs}} ); + my @srcs = @{$args{srcs}}; my $srcs = join(" ", @srcs); my $deps = join(" ", @srcs, @{$args{deps}}); my $incs = join("", map { " -I".$_ } @{$args{incs}}); @@ -850,11 +844,30 @@ EOF dso => '$(DSO_CFLAGS)', bin => '$(BIN_CFLAGS)' } -> {$args{intent}}; my $makedepprog = $config{makedepprog}; - my $recipe = <<"EOF"; + my $recipe; + # extension-specific rules + if (grep /\.s$/, @srcs) { + $recipe .= <<"EOF"; $obj$objext: $deps + \$(CC) \$(CFLAGS) $ecflags -c -o \$\@ $srcs EOF - if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) { + } elsif (grep /\.S$/, @srcs) { + # In case one wonders why not just $(CC) -c file.S. While it + # does work with contemporary compilers, there are some legacy + # ones that get it wrong. Hence the elaborate scheme... We + # don't care to maintain dependecy lists, because dependency + # is rather weak, at most one header file that lists constants + # which are assigned in ascending order. $recipe .= <<"EOF"; +$obj$objext: $deps + ( trap "rm -f \$@.*" INT 0; \\ + \$(CC) $incs \$(CFLAGS) $ecflags -E $srcs | \\ + \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.s && \\ + \$(CC) \$(CFLAGS) $ecflags -c -o \$\@ \$@.s ) +EOF + } elsif (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) { + $recipe .= <<"EOF"; +$obj$objext: $deps \$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs \@touch $obj$depext.tmp \@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\ @@ -865,6 +878,7 @@ EOF EOF } else { $recipe .= <<"EOF"; +$obj$objext: $deps \$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs EOF if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) { @@ -900,6 +914,7 @@ EOF my $shlib_target = $target{shared_target}; my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : ""; my $target = shlib_simple($lib); + my $target_full = shlib($lib); return <<"EOF" # With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact # that two files get produced, {shlibname}.dll and {libname}.dll.a. @@ -914,27 +929,28 @@ $target: $lib$libext $deps $ordinalsfile PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\ INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\ LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\ - LIBNAME=$libname LIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\ - LIBCOMPATVERSIONS=';\$(SHLIB_VERSION_HISTORY)' \\ + LIBNAME=$libname SHLIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\ + STLIBNAME=$lib$libext \\ + SHLIBNAME=$target SHLIBNAME_FULL=$target_full \\ CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(LIB_CFLAGS)' \\ - LDFLAGS='\$(LDFLAGS)' \\ - SHARED_LDFLAGS='\$(LIB_LDFLAGS)' SHLIB_EXT=$shlibext \\ + LDFLAGS='\$(LDFLAGS)' SHARED_LDFLAGS='\$(LIB_LDFLAGS)' \\ RC='\$(RC)' SHARED_RCFLAGS='\$(RCFLAGS)' \\ link_shlib.$shlib_target EOF . (windowsdll() ? <<"EOF" : ""); rm -f apps/$shlib$shlibext rm -f test/$shlib$shlibext + rm -f fuzz/$shlib$shlibext cp -p $shlib$shlibext apps/ cp -p $shlib$shlibext test/ + cp -p $shlib$shlibext fuzz/ EOF } sub obj2dso { my %args = @_; - my $lib = $args{lib}; - my $libd = dirname($lib); - my $libn = basename($lib); - (my $libname = $libn) =~ s/^lib//; + my $dso = $args{lib}; + my $dsod = dirname($dso); + my $dson = basename($dso); my $shlibdeps = join("", map { my $d = dirname($_); my $f = basename($_); (my $l = $f) =~ s/^lib//; @@ -942,17 +958,16 @@ EOF my $deps = join(" ",compute_lib_depends(@{$args{deps}})); my $shlib_target = $target{shared_target}; my $objs = join(" ", map { $_.$objext } @{$args{objs}}); - my $target = dso($lib); + my $target = dso($dso); return <<"EOF"; $target: $objs $deps \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\ PLATFORM=\$(PLATFORM) \\ - PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\ + PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$dsod" \\ LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\ - LIBNAME=$libname LDFLAGS='\$(LDFLAGS)' \\ + SHLIBNAME_FULL=$target LDFLAGS='\$(LDFLAGS)' \\ CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\ SHARED_LDFLAGS='\$(DSO_LDFLAGS)' \\ - SHLIB_EXT=$dsoext \\ LIBEXTRAS="$objs" \\ link_dso.$shlib_target EOF diff --git a/vendor/openssl/Configurations/windows-checker.pm b/vendor/openssl/Configurations/windows-checker.pm index de46fbc1d..4b7105df3 100644 --- a/vendor/openssl/Configurations/windows-checker.pm +++ b/vendor/openssl/Configurations/windows-checker.pm @@ -6,7 +6,7 @@ use Config; # we expect for the platform use File::Spec::Functions qw(:DEFAULT rel2abs); -if (rel2abs('.') !~ m|\\|) { +if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) { die <{libraries}}) -} -INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -} -INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -} -INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -} -INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -} -INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} -INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} +INSTALL_LIBS={- join(" ", map { quotify1($_.$libext) } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -} +INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -} +INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -} +INSTALL_PROGRAMS={- join(" ", map { quotify1($_.$exeext) } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} +INSTALL_PROGRAMPDBS={- join(" ", map { quotify1($_.".pdb") } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} {- output_off() if $disabled{apps}; "" -} -BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl -MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl +BIN_SCRIPTS="$(BLDDIR)\tools\c_rehash.pl" +MISC_SCRIPTS="$(BLDDIR)\apps\CA.pl" "$(BLDDIR)\apps\tsget.pl" {- output_on() if $disabled{apps}; "" -} +APPS_OPENSSL={- use File::Spec::Functions; + "\"".catfile("apps","openssl")."\"" -} + # Do not edit these manually. Use Configure with --prefix or --openssldir # to change this! Short explanation in the top comment in Configure INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet # use File::Spec::Functions qw(:DEFAULT splitpath); - our $prefix = $config{prefix} || "$win_installroot\\OpenSSL"; + our $prefix = canonpath($config{prefix} + || "$win_installroot\\OpenSSL"); our ($prefix_dev, $prefix_dir, $prefix_file) = splitpath($prefix, 1); $prefix_dev -} -INSTALLTOP_dir={- $prefix_dir -} +INSTALLTOP_dir={- canonpath($prefix_dir) -} OPENSSLDIR_dev={- # # The logic here is that if no --openssldir was given, # OPENSSLDIR will get the value from $prefix plus "/ssl". @@ -123,13 +127,13 @@ OPENSSLDIR_dev={- # our $openssldir = $config{openssldir} ? (file_name_is_absolute($config{openssldir}) ? - $config{openssldir} + canonpath($config{openssldir}) : catdir($prefix, $config{openssldir})) - : "$win_commonroot\\SSL"; + : canonpath("$win_commonroot\\SSL"); our ($openssldir_dev, $openssldir_dir, $openssldir_file) = splitpath($openssldir, 1); $openssldir_dev -} -OPENSSLDIR_dir={- $openssldir_dir -} +OPENSSLDIR_dir={- canonpath($openssldir_dir) -} LIBDIR={- our $libdir = $config{libdir} || "lib"; $libdir -} ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath); @@ -137,7 +141,7 @@ ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath); our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) = splitpath($enginesdir, 1); $enginesdir_dev -} -ENGINESDIR_dir={- $enginesdir_dir -} +ENGINESDIR_dir={- canonpath($enginesdir_dir) -} !IF "$(DESTDIR)" != "" INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir) OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir) @@ -178,6 +182,9 @@ MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY) AS={- $target{as} -} ASFLAGS={- $target{asflags} -} ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY) + +ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl" + PERLASM_SCHEME= {- $target{perlasm_scheme} -} PROCESSOR= {- $config{processor} -} @@ -197,25 +204,32 @@ build_programs_nodep: $(PROGRAMS) $(SCRIPTS) # Kept around for backward compatibility build_apps build_tests: build_programs +# Convenience target to prebuild all generated files, not just the mandatory +# ones +build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) + test: tests {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep - @rem {- output_off() if $disabled{tests}; "" -} + @{- output_off() if $disabled{tests}; "" -} + -mkdir $(BLDDIR)\test\test-runs set SRCTOP=$(SRCDIR) set BLDTOP=$(BLDDIR) + set RESULT_D=$(BLDDIR)\test\test-runs set PERL=$(PERL) + set OPENSSL_ENGINES=$(MAKEDIR)\engines set OPENSSL_DEBUG_MEMORY=on "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS) - @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @echo "Tests are not supported with your chosen Configure options" - @rem {- output_on() if !$disabled{tests}; "" -} + @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @$(ECHO) "Tests are not supported with your chosen Configure options" + @{- output_on() if !$disabled{tests}; "" -} list-tests: - @rem {- output_off() if $disabled{tests}; "" -} + @{- output_off() if $disabled{tests}; "" -} @set SRCTOP=$(SRCDIR) @"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list - @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @echo "Tests are not supported with your chosen Configure options" - @rem {- output_on() if !$disabled{tests}; "" -} + @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @$(ECHO) "Tests are not supported with your chosen Configure options" + @{- output_on() if !$disabled{tests}; "" -} install: install_sw install_ssldirs install_docs @@ -225,11 +239,14 @@ libclean: "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS) "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS) "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS) + "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """fuzz/$$1.*"""; } @ARGV" $(SHLIBS) -del /Q /F $(LIBS) -del /Q ossl_static.pdb clean: libclean - -del /Q /F $(PROGRAMS) $(ENGINES) $(SCRIPTS) + {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -} + -del /Q /F $(ENGINES) + -del /Q /F $(SCRIPTS) -del /Q /F $(GENERATED) -del /Q /S /F *.d -del /Q /S /F *.obj @@ -250,7 +267,7 @@ depend: # Install helper targets ############################################# -install_sw: all install_dev install_engines install_runtime +install_sw: install_dev install_engines install_runtime uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev @@ -270,17 +287,18 @@ install_ssldirs: @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \ "$(OPENSSLDIR)\misc" -install_dev: - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing development files +install_dev: install_runtime_libs + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing development files" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" - @rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ "$(INSTALLTOP)\include\openssl" - @rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \ + @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ + "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \ + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)" @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \ @@ -291,9 +309,9 @@ install_dev: uninstall_dev: -install_engines: - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing engines +install_engines: install_runtime_libs build_engines + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing engines" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)" @if not "$(ENGINES)"=="" \ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)" @@ -302,15 +320,22 @@ install_engines: uninstall_engines: -install_runtime: - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing runtime files +install_runtime: install_programs + +install_runtime_libs: build_libs + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing runtime libraries" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin" @if not "$(SHLIBS)"=="" \ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin" @if not "$(SHLIBS)"=="" \ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \ "$(INSTALLTOP)\bin" + +install_programs: install_runtime_libs build_programs + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing runtime programs" + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin" @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \ "$(INSTALLTOP)\bin" @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \ @@ -329,14 +354,14 @@ uninstall_html_docs: # Building targets ################################################### configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} - @echo "Detected changed: $?" - @echo "Reconfiguring..." + @$(ECHO) "Detected changed: $?" + @$(ECHO) "Reconfiguring..." "$(PERL)" "$(SRCDIR)\Configure" reconf - @echo "**************************************************" - @echo "*** ***" - @echo "*** Please run the same make command again ***" - @echo "*** ***" - @echo "**************************************************" + @$(ECHO) "**************************************************" + @$(ECHO) "*** ***" + @$(ECHO) "*** Please run the same make command again ***" + @$(ECHO) "*** ***" + @$(ECHO) "**************************************************" @exit 1 {- @@ -355,7 +380,8 @@ configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{b sub generatesrc { my %args = @_; (my $target = $args{src}) =~ s/\.[sS]$/.asm/; - my $generator = '"'.join('" "', @{$args{generator}}).'"'; + my ($gen0, @gens) = @{$args{generator}}; + my $generator = '"'.$gen0.'"'.join('', map { " $_" } @gens); my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}}); my $incs = join("", map { " /I \"$_\"" } @{$args{incs}}); my $deps = @{$args{deps}} ? @@ -435,24 +461,20 @@ $obj$objext: $deps \$(AS) \$(ASFLAGS) \$(ASOUTFLAG)\$\@ $srcs EOF } - return <<"EOF" if (!$disabled{makedepend}); -$obj$depext: $deps - \$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\ + my $recipe = <<"EOF"; +$obj$objext: $deps + \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs +EOF + $recipe .= <<"EOF" unless $disabled{makedepend}; + \$(CC) $incs \$(CFLAGS) $ecflags /Zs /showIncludes $srcs 2>&1 | \\ "\$(PERL)" -n << > $obj$depext chomp; s/^Note: including file: *//; \$\$collect{\$\$_} = 1; END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" } << -$obj$objext: $obj$depext - \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ @<< -$srcs -<< -EOF - return <<"EOF" if ($disabled{makedepend}); -$obj$objext: $deps - \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs EOF + return $recipe; } # On Unix, we build shlibs from static libs, so we're ignoring the @@ -493,8 +515,10 @@ $objs $shlib.res$linklibs \$(EX_LIBS) \$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext + IF EXIST fuzz\\$shlib$shlibext DEL /Q /F fuzz\\$shlib$shlibext COPY $shlib$shlibext apps COPY $shlib$shlibext test + COPY $shlib$shlibext fuzz EOF } sub obj2dso { @@ -589,8 +613,6 @@ EOF foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) { if (dirname($prod) eq $dir) { push @deps, $prod.$extinfo{$type}; - } else { - push @actions, "\t@rem No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}}); } } } diff --git a/vendor/openssl/Configure b/vendor/openssl/Configure index 2520d7e13..a1ce65239 100755 --- a/vendor/openssl/Configure +++ b/vendor/openssl/Configure @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -11,13 +11,18 @@ use 5.10.0; use strict; +use FindBin; +use lib "$FindBin::Bin/util/perl"; use File::Basename; use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; use File::Path qw/mkpath/; -use if $^O ne "VMS", 'File::Glob' => qw/glob/; +use OpenSSL::Glob; # see INSTALL for instructions. +my $orig_death_handler = $SIG{__DIE__}; +$SIG{__DIE__} = \&death_handler; + my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: @@ -60,8 +65,7 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # enable-weak-ssl-ciphers -# Enable weak ciphers that are disabled by default. This currently -# only includes RC4 based ciphers. +# Enable weak ciphers that are disabled by default. # 386 generate 80386 code in assembly modules # no-sse2 disables IA-32 SSE2 code in assembly modules, the above # mentioned '386' option implies this one @@ -116,6 +120,9 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # but 'long long' type. . " -DPEDANTIC -pedantic -Wno-long-long" . " -Wall" + . " -Wextra" + . " -Wno-unused-parameter" + . " -Wno-missing-field-initializers" . " -Wsign-compare" . " -Wmissing-prototypes" . " -Wshadow" @@ -136,15 +143,11 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # -Wextended-offsetof -- no, needed in CMS ASN1 code my $clang_devteam_warn = "" . " -Qunused-arguments" - . " -Wextra" - . " -Wno-unused-parameter" - . " -Wno-missing-field-initializers" . " -Wno-language-extension-token" . " -Wno-extended-offsetof" . " -Wconditional-uninitialized" . " -Wincompatible-pointer-types-discards-qualifiers" . " -Wmissing-variable-declarations" - . " -Wundef" ; # This adds backtrace information to the memory leak info. Is only used @@ -461,31 +464,10 @@ my @disable_cascades = ( sub { 0 == scalar grep { !$disabled{$_} } @dtls } => [ "dtls" ], - # SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA - "md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ], - "sha" => [ "ssl", "tls1", "tls1_1", "dtls1" ], - - # Additionally, SSL 3.0 requires either RSA or DSA+DH - sub { $disabled{rsa} - && ($disabled{dsa} || $disabled{dh}); } - => [ "ssl" ], - - # (D)TLS 1.0 and TLS 1.1 also require either RSA or DSA+DH - # or ECDSA + ECDH. (D)TLS 1.2 has this requirement as well. - # (XXX: We don't support PSK-only builds). - sub { $disabled{rsa} - && ($disabled{dsa} || $disabled{dh}) - && ($disabled{ecdsa} || $disabled{ecdh}); } - => [ "tls1", "tls1_1", "tls1_2", - "dtls1", "dtls1_2" ], - "tls" => [ @tls ], sub { 0 == scalar grep { !$disabled{$_} } @tls } => [ "tls" ], - # SRP and HEARTBEATS require TLSEXT - "tlsext" => [ "srp", "heartbeats" ], - "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], # Without DSO, we can't load dynamic engines, so don't build them dynamic @@ -499,7 +481,7 @@ my @disable_cascades = ( # no-autoalginit is only useful when building non-shared "autoalginit" => [ "shared", "apps" ], - "stdio" => [ "apps", "capieng" ], + "stdio" => [ "apps", "capieng", "egd" ], "apps" => [ "tests" ], "comp" => [ "zlib" ], sub { !$disabled{"unit-test"} } => [ "heartbeats" ], @@ -529,8 +511,6 @@ while ((my $first, my $second) = (shift @list, shift @list)) { # To remove something from %disabled, use "enable-foo". # For symmetry, "disable-foo" is a synonym for "no-foo". -my $no_sse2=0; - &usage if ($#ARGV < 0); my $user_cflags=""; @@ -779,21 +759,21 @@ while (@argvcopy) else { $config{options} .= " ".$_; } } + } - if (defined($config{api}) && !exists $apitable->{$config{api}}) { - die "***** Unsupported api compatibility level: $config{api}\n", - } +if (defined($config{api}) && !exists $apitable->{$config{api}}) { + die "***** Unsupported api compatibility level: $config{api}\n", +} - if (keys %deprecated_options) - { - warn "***** Deprecated options: ", - join(", ", keys %deprecated_options), "\n"; - } - if (keys %unsupported_options) - { - die "***** Unsupported options: ", - join(", ", keys %unsupported_options), "\n"; - } +if (keys %deprecated_options) + { + warn "***** Deprecated options: ", + join(", ", keys %deprecated_options), "\n"; + } +if (keys %unsupported_options) + { + die "***** Unsupported options: ", + join(", ", keys %unsupported_options), "\n"; } if ($libs =~ /(^|\s)-Wl,-rpath,/ @@ -880,7 +860,7 @@ foreach (sort (keys %disabled)) elsif (/^zlib-dynamic$/) { } elsif (/^sse2$/) - { $no_sse2 = 1; } + { } elsif (/^engine$/) { @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}}; @@ -913,8 +893,6 @@ foreach (sort (keys %disabled)) { push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT"; print " OPENSSL_NO_$WHAT"; - - if (/^err$/) { push @user_defines, "OPENSSL_NO_ERR"; } } } @@ -933,11 +911,12 @@ if ($d) { $target = $t; } } + +&usage if !$table{$target} || $table{$target}->{template}; + $config{target} = $target; my %target = resolve_config($target); -&usage if (!%target || $target{template}); - my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); $config{conf_files} = [ sort keys %conf_files ]; %target = ( %{$table{DEFAULTS}}, %target ); @@ -1168,7 +1147,7 @@ unless ($disabled{asm}) { # bn-586 is the only one implementing bn_*_part_words push @{$config{defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/); - push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$no_sse2 && $target{bn_asm_src} =~ /86/); + push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$disabled{sse2} && $target{bn_asm_src} =~ /86/); push @{$config{defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/); push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/); @@ -1200,7 +1179,7 @@ unless ($disabled{asm}) { push @{$config{defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); # aes-xts.fake indicates presence of AES_xts_[en|de]crypt... push @{$config{defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//); - $target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($no_sse2); + $target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($disabled{sse2}); push @{$config{defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/); push @{$config{defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/); } @@ -1225,29 +1204,31 @@ unless ($disabled{asm}) { } } -my $ecc = $target{cc}; -if ($^O ne "VMS" && !$disabled{makedepend}) { - # Is the compiler gcc or clang? $ecc is used below to see if - # error-checking can be turned on. - my $ccpcc = "$config{cross_compile_prefix}$target{cc}"; - open(PIPE, "$ccpcc --version 2>&1 |"); - my $lines = 2; - while ( ) { - # Find the version number and save the major. - m|(?:.*)\b(\d+)\.\d+\.\d+\b(?:.*)|; - my $compiler_major = $1; - # We know that GNU C version 3 and up as well as all clang - # versions support dependency generation - $config{makedepprog} = $ccpcc - if (/clang/ || (/gcc/ && $compiler_major >= 3)); - $ecc = "clang" if /clang/; - $ecc = "gcc" if /gcc/; - last if ($config{makedepprog} || !$lines--); +my %predefined; + +if ($^O ne "VMS") { + my $cc = "$config{cross_compile_prefix}$target{cc}"; + + # collect compiler pre-defines from gcc or gcc-alike... + open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |"); + while () { + m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last; + $predefined{$1} = $2 // ""; } close(PIPE); - $config{makedepprog} = which('makedepend') unless $config{makedepprog}; - $disabled{makedepend} = "unavailable" unless $config{makedepprog}; + if (!$disabled{makedepend}) { + # We know that GNU C version 3 and up as well as all clang + # versions support dependency generation, but Xcode did not + # handle $cc -M before clang support (but claims __GNUC__ = 3) + if (($predefined{__GNUC__} // -1) >= 3 + && !($predefined{__APPLE_CC__} && !$predefined{__clang__})) { + $config{makedepprog} = $cc; + } else { + $config{makedepprog} = which('makedepend'); + $disabled{makedepend} = "unavailable" unless $config{makedepprog}; + } + } } @@ -1292,13 +1273,13 @@ if (defined($config{api})) { if ($strict_warnings) { my $wopt; - die "ERROR --strict-warnings requires gcc or clang" - unless $ecc eq 'gcc' || $ecc eq 'clang'; + die "ERROR --strict-warnings requires gcc or gcc-alike" + unless defined($predefined{__GNUC__}); foreach $wopt (split /\s+/, $gcc_devteam_warn) { $config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/) } - if ($ecc eq "clang") + if (defined($predefined{__clang__})) { foreach $wopt (split /\s+/, $clang_devteam_warn) { @@ -1355,7 +1336,6 @@ my %unified_info = (); my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO}); if ($builder eq "unified") { - use lib catdir(dirname(__FILE__),"util"); use with_fallback qw(Text::Template); sub cleandir { @@ -1478,9 +1458,15 @@ if ($builder eq "unified") { my %sharednames = (); my %generate = (); + # We want to detect configdata.pm in the source tree, so we + # don't use it if the build tree is different. + my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir); + push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f); - my $template = Text::Template->new(TYPE => 'FILE', - SOURCE => catfile($sourced, $f)); + my $template = + Text::Template->new(TYPE => 'FILE', + SOURCE => catfile($sourced, $f), + PREPEND => qq{use lib "$FindBin::Bin/util/perl";}); die "Something went wrong with $sourced/$f: $!\n" unless $template; my @text = split /^/m, @@ -1781,7 +1767,7 @@ EOF # If it isn't in the source tree, we assume it's generated # in the build tree - if (! -f $s) { + if ($s eq $src_configdata || ! -f $s || $generate{$_}) { $s = cleanfile($buildd, $_, $blddir); } # We recognise C and asm files @@ -1807,7 +1793,7 @@ EOF # If it isn't in the source tree, we assume it's generated # in the build tree - if (! -f $s) { + if ($s eq $src_configdata || ! -f $s || $generate{$_}) { $s = cleanfile($buildd, $_, $blddir); } # We recognise C and asm files @@ -1842,7 +1828,7 @@ EOF # If the destination doesn't exist in source, it can only be # a generated file in the build tree. - if ($ddest ne "" && ! -f $ddest) { + if ($ddest ne "" && ($ddest eq $src_configdata || ! -f $ddest)) { $ddest = cleanfile($buildd, $_, $blddir); if ($unified_info{rename}->{$ddest}) { $ddest = $unified_info{rename}->{$ddest}; @@ -1856,7 +1842,8 @@ EOF # in the build tree rather than the source tree, and assume # and that there are lines to build it in a BEGINRAW..ENDRAW # section or in the Makefile template. - if (! -f $d + if ($d eq $src_configdata + || ! -f $d || (grep { $d eq $_ } map { cleanfile($srcdir, $_, $blddir) } grep { /\.h$/ } keys %{$unified_info{generate}})) { @@ -1867,13 +1854,6 @@ EOF $d = $unified_info{rename}->{$d}; } $unified_info{depends}->{$ddest}->{$d} = 1; - # If we depend on a header file or a perl module, let's make - # sure it can get included - if ($dest ne "" && $d =~ /\.(h|pm)$/) { - my $i = dirname($d); - push @{$unified_info{includes}->{$ddest}->{source}}, $i - unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}->{source}}; - } } } @@ -1883,7 +1863,7 @@ EOF # If the destination doesn't exist in source, it can only be # a generated file in the build tree. - if (! -f $ddest) { + if ($ddest eq $src_configdata || ! -f $ddest) { $ddest = cleanfile($buildd, $_, $blddir); if ($unified_info{rename}->{$ddest}) { $ddest = $unified_info{rename}->{$ddest}; @@ -1900,6 +1880,43 @@ EOF } } + # Massage the result + + # If we depend on a header file or a perl module, add an inclusion of + # its directory to allow smoothe inclusion + foreach my $dest (keys %{$unified_info{depends}}) { + next if $dest eq ""; + foreach my $d (keys %{$unified_info{depends}->{$dest}}) { + next unless $d =~ /\.(h|pm)$/; + my $i = dirname($d); + my $spot = + $d eq "configdata.pm" || defined($unified_info{generate}->{$d}) + ? 'build' : 'source'; + push @{$unified_info{includes}->{$dest}->{$spot}}, $i + unless grep { $_ eq $i } @{$unified_info{includes}->{$dest}->{$spot}}; + } + } + + # Trickle down includes placed on libraries, engines and programs to + # their sources (i.e. object files) + foreach my $dest (keys %{$unified_info{engines}}, + keys %{$unified_info{libraries}}, + keys %{$unified_info{programs}}) { + foreach my $k (("source", "build")) { + next unless defined($unified_info{includes}->{$dest}->{$k}); + my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}}; + foreach my $obj (grep /\.o$/, + (keys %{$unified_info{sources}->{$dest} // {}}, + keys %{$unified_info{shared_sources}->{$dest} // {}})) { + foreach my $inc (@incs) { + unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc + unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}}; + } + } + } + delete $unified_info{includes}->{$dest}; + } + ### Make unified_info a bit more efficient # One level structures foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) { @@ -1915,8 +1932,9 @@ EOF # Includes foreach my $dest (sort keys %{$unified_info{includes}}) { if (defined($unified_info{includes}->{$dest}->{build})) { - my @source_includes = - ( @{$unified_info{includes}->{$dest}->{source}} ); + my @source_includes = (); + @source_includes = ( @{$unified_info{includes}->{$dest}->{source}} ) + if defined($unified_info{includes}->{$dest}->{source}); $unified_info{includes}->{$dest} = [ @{$unified_info{includes}->{$dest}->{build}} ]; foreach my $inc (@source_includes) { @@ -2113,6 +2131,8 @@ my %builders = ( $builders{$builder}->($builder_platform, @builder_opts); +$SIG{__DIE__} = $orig_death_handler; + print <<"EOF"; Configured for $target. @@ -2134,14 +2154,6 @@ or position independent code, please let us know (but please first make sure you have tried with a current version of OpenSSL). EOF -print <<"EOF" if (-f catfile($srcdir, "configdata.pm") && $srcdir ne $blddir); - -WARNING: there are indications that another build was made in the source -directory. This build may have picked up artifacts from that build, the -safest course of action is to clean the source directory and redo this -configuration. -EOF - exit(0); ###################################################################### @@ -2149,6 +2161,24 @@ exit(0); # Helpers and utility functions # +# Death handler, to print a helpful message in case of failure ####### +# +sub death_handler { + die @_ if $^S; # To prevent the added message in eval blocks + my $build_file = $target{build_file} // "build file"; + my @message = ( <<"_____", @_ ); + +Failure! $build_file wasn't produced. +Please read INSTALL and associated NOTES files. You may also have to look over +your available compiler tool chain or change your configuration. + +_____ + + # Dying is terminal, so it's ok to reset the signal handler here. + $SIG{__DIE__} = $orig_death_handler; + die @message; +} + # Configuration file reading ######################################### # Note: All of the helper functions are for lazy evaluation. They all @@ -2291,6 +2321,17 @@ sub read_config { eval $content; warn $@ if $@; } + my %preexisting = (); + foreach (sort keys %targets) { + $preexisting{$_} = 1 if $table{$_}; + } + die <<"EOF", +The following config targets from $fname +shadow pre-existing config targets with the same name: +EOF + map { " $_\n" } sort keys %preexisting + if %preexisting; + # For each target, check that it's configured with a hash table. foreach (keys %targets) { diff --git a/vendor/openssl/INSTALL b/vendor/openssl/INSTALL index b03643fff..5a98d1da8 100644 --- a/vendor/openssl/INSTALL +++ b/vendor/openssl/INSTALL @@ -3,7 +3,8 @@ -------------------- This document describes installation on all supported operating - systems (the Linux/Unix family, OpenVMS and Windows) + systems (the Unix/Linux family (which includes Mac OS/X), OpenVMS, + and Windows). To install OpenSSL, you will need: @@ -76,7 +77,7 @@ If you want to just get on with it, do: - on Unix: + on Unix (again, this includes Mac OS/X): $ ./config $ make @@ -408,8 +409,9 @@ has an impact when not built "shared". no-stdio - Don't use any C "stdio" features. Only libcrypto and libssl - can be built in this way. Using this option will suppress + Don't use anything from the C header file "stdio.h" that + makes use of the "FILE" type. Only libcrypto and libssl can + be built in this way. Using this option will suppress building the command line applications. Additionally since the OpenSSL tests also use the command line applications the tests will also be skipped. @@ -678,7 +680,8 @@ compiler optimization flags from the CFLAGS line in Makefile and run "make clean; make" or corresponding. - Please send bug reports to . + To report a bug please open an issue on GitHub, at + https://github.com/openssl/openssl/issues. 4. If everything tests ok, install OpenSSL with diff --git a/vendor/openssl/LICENSE b/vendor/openssl/LICENSE index 8fbabd8af..e953f590c 100644 --- a/vendor/openssl/LICENSE +++ b/vendor/openssl/LICENSE @@ -10,7 +10,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/vendor/openssl/Makefile.shared b/vendor/openssl/Makefile.shared index 098e1ec6f..4f9550aaf 100644 --- a/vendor/openssl/Makefile.shared +++ b/vendor/openssl/Makefile.shared @@ -29,6 +29,37 @@ NM=nm #LIBNAME=foo LIBNAME= +# STLIBNAME contains the path of the static library to build the shared +# library from, for example: +#STLIBNAME=libfoo.a +STLIBNAME= + +# On most Unix platforms, SHLIBNAME contains the path of the short name of +# the shared library to build, for example +#SHLIBNAME=libfoo.so +# On Windows POSIX layers (cygwin and mingw), SHLIBNAME contains the import +# library name for the shared library to be built, for example: +#SHLIBNAME=libfoo.dll.a + +# SHLIBNAME_FULL contains the path of the full name of the shared library to +# build, for example: +#SHLIBNAME_FULL=libfoo.so.1.2 +# When building DSOs, SHLIBNAME_FULL contains path of the full DSO name, for +# example: +#SHLIBNAME_FULL=dir/dso.so +SHLIBNAME_FULL= + +# SHLIBVERSION contains the current version of the shared library (not to +# be confused with the project version) +#SHLIBVERSION=1.2 +SHLIBVERSION= + +# NOTE: to build shared libraries, LIBNAME, STLIBNAME, SHLIBNAME and +# SHLIBNAME_FULL MUST have values when using this makefile, and in some +# cases, SHLIBVERSION as well. To build DSOs, SHLIBNAME_FULL MUST have +# a value, the rest can be left alone. + + # APPNAME contains just the name of the application, without suffix ("" # on Unix, ".exe" on Windows, ...). This one MUST have a value when using # this makefile to build applications. @@ -36,9 +67,6 @@ LIBNAME= #APPNAME=foo APPNAME= -# DSTDIR is the directory where the built file should end up in. -DSTDIR=. - # SRCDIR is the top directory of the source tree. SRCDIR=. @@ -55,24 +83,6 @@ OBJECTS= # names of all object files that go into the target shared object. LIBEXTRAS= -# LIBVERSION contains the current version of the library. -# For example, to build libfoo.so.1.2, you need to do the following: -#LIBVERSION=1.2 -LIBVERSION= - -# LIBCOMPATVERSIONS contains the compatibility versions (a list) of -# the library. They MUST be in decreasing order. -# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2 -# and libfoo.so.1, you need to do the following: -#LIBCOMPATVERSIONS=1.2 1 -# Note that on systems that use sonames, the last number will appear as -# part of it. -# It's also possible, for systems that support it (Tru64, for example), -# to add extra compatibility info with more precision, by adding a second -# list of versions, separated from the first with a semicolon, like this: -#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0 -LIBCOMPATVERSIONS= - # LIBDEPS contains all the flags necessary to cover all necessary # dependencies to other libraries. LIBDEPS= @@ -86,20 +96,6 @@ SET_X=: top: echo "Trying to use this makefile interactively? Don't." -CALC_VERSIONS= \ - SHLIB_COMPAT=; SHLIB_SOVER=; \ - if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \ - prev=""; \ - for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \ - SHLIB_SOVER_NODOT=$$v; \ - SHLIB_SOVER=.$$v; \ - if [ -n "$$prev" ]; then \ - SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \ - fi; \ - prev=$$v; \ - done; \ - fi - LINK_APP= \ ( $(SET_X); \ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ @@ -120,43 +116,37 @@ LINK_SO= \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ echo LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ + -o $(SHLIBNAME_FULL) \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $${SHAREDCMD} $${SHAREDFLAGS} \ - -o $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ + -o $(SHLIBNAME_FULL) \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \ ) && $(SYMLINK_SO) SYMLINK_SO= \ if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \ - prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ - if [ -n "$$SHLIB_COMPAT" ]; then \ - for x in $$SHLIB_COMPAT; do \ - ( $(SET_X); rm -f $(DSTDIR)/$$SHLIB$$x$$SHLIB_SUFFIX; \ - ln -s $$prev $(DSTDIR)/$$SHLIB$$x$$SHLIB_SUFFIX ); \ - prev=$$SHLIB$$x$$SHLIB_SUFFIX; \ - done; \ - fi; \ - if [ -n "$$SHLIB_SOVER" ]; then \ - ( $(SET_X); rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX; \ - ln -s $$prev $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX ); \ + if [ -n "$(SHLIBNAME_FULL)" -a -n "$(SHLIBNAME)" -a \ + "$(SHLIBNAME_FULL)" != "$(SHLIBNAME)" ]; then \ + ( $(SET_X); \ + rm -f $(SHLIBNAME); \ + ln -s $(SHLIBNAME_FULL) $(SHLIBNAME) ); \ fi; \ fi -LINK_SO_SHLIB= SHOBJECTS="$(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO) +LINK_SO_SHLIB= SHOBJECTS="$(STLIBNAME) $(LIBEXTRAS)"; $(LINK_SO) LINK_SO_DSO= INHIBIT_SYMLINKS=yes; SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO) LINK_SO_SHLIB_VIA_O= \ - SHOBJECTS=$(DSTDIR)/lib$(LIBNAME).o; \ + SHOBJECTS=$(STLIBNAME).o; \ ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \ - ( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL lib$(LIBNAME).a $(LIBEXTRAS); \ - ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(DSTDIR)/lib$(LIBNAME).a $(LIBEXTRAS) ); \ + ( echo ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS); \ + ld $(LDFLAGS) -r -o $$SHOBJECTS $$ALL $(STLIBNAME) $(LIBEXTRAS) ); \ $(LINK_SO) && ( echo rm -f $$SHOBJECTS; rm -f $$SHOBJECTS ) LINK_SO_SHLIB_UNPACKED= \ UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \ - (cd $$UNPACKDIR; ar x ../$(DSTDIR)/lib$(LIBNAME).a) && \ + (cd $$UNPACKDIR; ar x ../$(STLIBNAME)) && \ ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \ SHOBJECTS=$$UNPACKDIR/*.o; \ $(LINK_SO) && rm -rf $$UNPACKDIR @@ -164,15 +154,10 @@ LINK_SO_SHLIB_UNPACKED= \ DETECT_GNU_LD=($(CC) -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null DO_GNU_SO_COMMON=\ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$(SHLIBNAME_FULL)" DO_GNU_DSO=\ - SHLIB=$(LIBNAME).so; \ - SHLIB_SOVER=; \ - SHLIB_SUFFIX=; \ $(DO_GNU_SO_COMMON) DO_GNU_SO=\ - $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME).so; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ $(DO_GNU_SO_COMMON) @@ -201,8 +186,6 @@ link_shlib.linux-shared: link_dso.bsd: @if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \ - SHLIB=$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ LIBDEPS=" "; \ ALLSYMSFLAGS=; \ NOALLSYMSFLAGS=; \ @@ -210,9 +193,6 @@ link_dso.bsd: fi; $(LINK_SO_DSO) link_shlib.bsd: @if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \ - $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ LIBDEPS=" "; \ ALLSYMSFLAGS="-Wl,-Bforcearchive"; \ NOALLSYMSFLAGS=; \ @@ -241,50 +221,33 @@ link_app.bsd: # Alternative to this heuristic approach is to develop specific # MacOS X dso module relying on whichever "native" dyld interface. link_dso.darwin: - @ SHLIB=$(LIBNAME); \ - SHLIB_SUFFIX=.dylib; \ - ALLSYMSFLAGS=''; \ + @ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \ $(LINK_SO_DSO) link_shlib.darwin: - @ $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME); \ - SHLIB_SUFFIX=.dylib; \ - ALLSYMSFLAGS='-all_load'; \ + @ ALLSYMSFLAGS='-all_load'; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \ - if [ -n "$(LIBVERSION)" ]; then \ - SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \ - fi; \ - if [ -n "$$SHLIB_SOVER_NODOT" ]; then \ - SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \ - fi; \ - SHAREDFLAGS="$$SHAREDFLAGS -install_name $(INSTALLTOP)/$(LIBDIR)/$$SHLIB$(SHLIB_EXT)"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -current_version $(SHLIBVERSION) -compatibility_version $(SHLIBVERSION) -install_name $(INSTALLTOP)/$(LIBDIR)/$(SHLIBNAME_FULL)"; \ $(LINK_SO_SHLIB) link_app.darwin: # is there run-path on darwin? $(LINK_APP) link_dso.cygwin: - @SHLIB=$(LIBNAME); \ - SHLIB_SUFFIX=.dll; \ - ALLSYMSFLAGS=''; \ + @ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ base=-Wl,--enable-auto-image-base; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic"; \ $(LINK_SO_DSO) link_shlib.cygwin: - @ $(CALC_VERSIONS); \ - INHIBIT_SYMLINKS=yes; \ - SHLIB=cyg$(LIBNAME); SHLIB_SOVER=-$(LIBVERSION); SHLIB_SUFFIX=.dll; \ - dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ - echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \ + @ INHIBIT_SYMLINKS=yes; \ + echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \ "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \ - $(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \ + $(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \ $(RC) $(SHARED_RCFLAGS) -o rc.o; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a rc.o"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,--enable-auto-image-base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) rc.o"; \ $(LINK_SO_SHLIB) || exit 1; \ rm rc.o link_app.cygwin: @@ -293,26 +256,18 @@ link_app.cygwin: # link_dso.mingw-shared and link_app.mingw-shared are mapped to the # corresponding cygwin targets, as they do the exact same thing. link_shlib.mingw: - @ $(CALC_VERSIONS); \ - INHIBIT_SYMLINKS=yes; \ - arch=; \ - if expr $(PLATFORM) : mingw64 > /dev/null; then arch=-x64; fi; \ - sover=`echo $(LIBVERSION) | sed -e 's/\./_/g'` ; \ - SHLIB=lib$(LIBNAME); \ - SHLIB_SOVER=-$$sover$$arch; \ - SHLIB_SUFFIX=.dll; \ - dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \ + @ INHIBIT_SYMLINKS=yes; \ base=; [ $(LIBNAME) = "crypto" -a -n "$(FIPSCANLIB)" ] && base=-Wl,--image-base,0x63000000; \ $(PERL) $(SRCDIR)/util/mkdef.pl 32 $(LIBNAME) \ - | sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1'"$$dll_name"'|' \ + | sed -e 's|^\(LIBRARY *\)$(LIBNAME)32|\1$(SHLIBNAME_FULL)|' \ > $(LIBNAME).def; \ - echo "$(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name |" \ + echo "$(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) |" \ "$(RC) $(SHARED_RCFLAGS) -o rc.o"; \ - $(PERL) $(SRCDIR)/util/mkrc.pl $$dll_name | \ + $(PERL) $(SRCDIR)/util/mkrc.pl $(SHLIBNAME_FULL) | \ $(RC) $(SHARED_RCFLAGS) -o rc.o; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a $(LIBNAME).def rc.o"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,$(SHLIBNAME) $(LIBNAME).def rc.o"; \ $(LINK_SO_SHLIB) || exit 1; \ rm $(LIBNAME).def rc.o @@ -320,8 +275,6 @@ link_dso.alpha-osf1: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_DSO); \ else \ - SHLIB=$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \ @@ -331,21 +284,9 @@ link_shlib.alpha-osf1: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_SO); \ else \ - SHLIB=lib$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ - SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ - if [ -n "$$SHLIB_HIST" ]; then \ - SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \ - else \ - SHLIB_HIST="$(LIBVERSION)"; \ - fi; \ - SHLIB_SOVER=; \ ALLSYMSFLAGS='-all'; \ NOALLSYMSFLAGS='-none'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \ - if [ -n "$$SHLIB_HIST" ]; then \ - SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \ - fi; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic -set_version $(SHLIBVERSION)"; \ fi; \ $(LINK_SO_SHLIB) link_app.alpha-osf1: @@ -360,25 +301,19 @@ link_dso.solaris: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_DSO); \ else \ - $(CALC_VERSIONS); \ - SHLIB=$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS=""; \ NOALLSYMSFLAGS=""; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \ fi; \ $(LINK_SO_DSO) link_shlib.solaris: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_SO); \ else \ - $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME).so; \ - SHLIB_SUFFIX=;\ $(PERL) $(SRCDIR)/util/mkdef.pl $(LIBNAME) linux >$(LIBNAME).map; \ ALLSYMSFLAGS="-Wl,-z,allextract,-M,$(LIBNAME).map"; \ NOALLSYMSFLAGS="-Wl,-z,defaultextract"; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $(SHLIBNAME_FULL) -Wl,-Bsymbolic"; \ fi; \ $(LINK_SO_SHLIB) link_app.solaris: @@ -394,24 +329,18 @@ link_dso.svr3: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_DSO); \ else \ - $(CALC_VERSIONS); \ - SHLIB=$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \ fi; \ $(LINK_SO_DSO) link_shlib.svr3: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_SO); \ else \ - $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$(CFLAGS) -G -h $(SHLIBNAME_FULL)"; \ fi; \ $(LINK_SO_SHLIB_UNPACKED) link_app.svr3: @@ -425,25 +354,20 @@ link_dso.svr5: else \ SHARE_FLAG='-G'; \ ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ - SHLIB=$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \ fi; \ $(LINK_SO_DSO) link_shlib.svr5: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_SO); \ else \ - $(CALC_VERSIONS); \ SHARE_FLAG='-G'; \ ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \ - SHLIB=lib$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ - SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $(SHLIBNAME_FULL)"; \ fi; \ $(LINK_SO_SHLIB_UNPACKED) link_app.svr5: @@ -454,25 +378,20 @@ link_dso.irix: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_DSO); \ else \ - SHLIB=$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS=""; \ NOALLSYMSFLAGS=""; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SUFFIX,-B,symbolic"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \ fi; \ $(LINK_SO_DSO) link_shlib.irix: @ if $(DETECT_GNU_LD); then \ $(DO_GNU_SO); \ else \ - $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ MINUSWL=""; \ ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \ ALLSYMSFLAGS="$${MINUSWL}-all"; \ NOALLSYMSFLAGS="$${MINUSWL}-none"; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,-B,symbolic"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$(SHLIBNAME_FULL),-B,symbolic"; \ fi; \ $(LINK_SO_SHLIB) link_app.irix: @@ -489,29 +408,22 @@ link_app.irix: # link_dso.hpux: @if $(DETECT_GNU_LD); then $(DO_GNU_DSO); else \ - SHLIB=$(LIBNAME).sl; \ - expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \ fi; \ - rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX || :; \ - $(LINK_SO_DSO) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SUFFIX + rm -f $(SHLIBNAME_FULL) || :; \ + $(LINK_SO_DSO) && chmod a=rx $(SHLIBNAME_FULL) link_shlib.hpux: @if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \ - $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME).sl; \ - expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS='-Wl,-Fl'; \ NOALLSYMSFLAGS=''; \ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$(SHLIBNAME_FULL),+cdp,../:,+cdp,./:"; \ fi; \ - rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \ - $(LINK_SO_SHLIB) && chmod a=rx $(DSTDIR)/$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX + rm -f $(SHLIBNAME_FULL) || :; \ + $(LINK_SO_SHLIB) && chmod a=rx $(SHLIBNAME_FULL) link_app.hpux: @if $(DETECT_GNU_LD); then $(DO_GNU_APP); else \ LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,+s,+cdp,../:,+cdp,./:"; \ @@ -521,23 +433,18 @@ link_app.hpux: link_dso.aix: @OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ - SHLIB=$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS=''; \ NOALLSYMSFLAGS=''; \ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ - rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \ + rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \ $(LINK_SO_DSO); link_shlib.aix: - @ $(CALC_VERSIONS); \ - OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \ + @ OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \ OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ - SHLIB=lib$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ ALLSYMSFLAGS='-bnogc'; \ NOALLSYMSFLAGS=''; \ SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \ - rm -f $(DSTDIR)/$$SHLIB$$SHLIB_SOVER 2>&1 > /dev/null ; \ + rm -f $(SHLIBNAME_FULL) 2>&1 > /dev/null ; \ $(LINK_SO_SHLIB_VIA_O) link_app.aix: LDFLAGS="$(CFLAGS) -Wl,-bsvr4 $(LDFLAGS)"; \ @@ -547,19 +454,11 @@ link_app.aix: # Targets to build symbolic links when needed symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \ symlink.aix: - @ $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME).so; \ - $(SYMLINK_SO) + @ $(SYMLINK_SO) symlink.darwin: - @ $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME); \ - SHLIB_SUFFIX=.dylib; \ - $(SYMLINK_SO) + @ $(SYMLINK_SO) symlink.hpux: - @ $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME).sl; \ - expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \ - $(SYMLINK_SO) + @ $(SYMLINK_SO) # The following lines means those specific architectures do no symlinks symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath: diff --git a/vendor/openssl/NEWS b/vendor/openssl/NEWS index b4db8dfc6..983fceb2b 100644 --- a/vendor/openssl/NEWS +++ b/vendor/openssl/NEWS @@ -5,6 +5,28 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.0j [20 Nov 2018] + + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) + + Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [14 Aug 2018] + + o Client DoS due to large DH parameter (CVE-2018-0732) + o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) + + Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [27 Mar 2018] + + o Constructed ASN.1 types with a recursive definition could exceed the + stack (CVE-2018-0739) + o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) + o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) + + Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017] + + o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) + o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) + Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017] o config now recognises 64-bit mingw and chooses mingw64 instead of mingw diff --git a/vendor/openssl/README b/vendor/openssl/README index a7bfd7306..469470190 100644 --- a/vendor/openssl/README +++ b/vendor/openssl/README @@ -1,7 +1,7 @@ - OpenSSL 1.1.0f 25 May 2017 + OpenSSL 1.1.0j 20 Nov 2018 - Copyright (c) 1998-2016 The OpenSSL Project + Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/vendor/openssl/apps/CA.pl.in b/vendor/openssl/apps/CA.pl.in index 3187e473d..7277eeca9 100644 --- a/vendor/openssl/apps/CA.pl.in +++ b/vendor/openssl/apps/CA.pl.in @@ -145,7 +145,7 @@ if ($WHAT eq '-newcert' ) { print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; } } elsif ($WHAT eq '-pkcs12' ) { - my $cname = $ARGV[1]; + my $cname = $ARGV[0]; $cname = "My Certificate" unless defined $cname; $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY" . " -certfile ${CATOP}/$CACERT" @@ -178,12 +178,12 @@ if ($WHAT eq '-newcert' ) { $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL"); print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0; } elsif ($WHAT eq '-revoke' ) { - my $cname = $ARGV[1]; + my $cname = $ARGV[0]; if (!defined $cname) { print "Certificate filename is required; reason optional.\n"; exit 1; } - my $reason = $ARGV[2]; + my $reason = $ARGV[1]; $reason = " -crl_reason $reason" if defined $reason && crl_reason_ok($reason); $RET = run("$CA -revoke \"$cname\"" . $reason); diff --git a/vendor/openssl/apps/app_rand.c b/vendor/openssl/apps/app_rand.c index 0d44af903..ff0771cb7 100644 --- a/vendor/openssl/apps/app_rand.c +++ b/vendor/openssl/apps/app_rand.c @@ -20,7 +20,7 @@ int app_RAND_load_file(const char *file, int dont_warn) char buffer[200]; if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); + file = RAND_file_name(buffer, sizeof(buffer)); #ifndef OPENSSL_NO_EGD else if (RAND_egd(file) > 0) { /* @@ -101,7 +101,7 @@ int app_RAND_write_file(const char *file) return 0; if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); + file = RAND_file_name(buffer, sizeof(buffer)); if (file == NULL || !RAND_write_file(file)) { BIO_printf(bio_err, "unable to write 'random state'\n"); return 0; diff --git a/vendor/openssl/apps/apps.c b/vendor/openssl/apps/apps.c index cbf4e90b5..94efa5ac0 100644 --- a/vendor/openssl/apps/apps.c +++ b/vendor/openssl/apps/apps.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,9 +18,7 @@ #include #include #include -#ifndef NO_SYS_TYPES_H -# include -#endif +#include #ifndef OPENSSL_NO_POSIX_IO # include # include @@ -1014,7 +1012,8 @@ int set_name_ex(unsigned long *flags, const char *arg) }; if (set_multi_opts(flags, arg, ex_tbl) == 0) return 0; - if ((*flags & XN_FLAG_SEP_MASK) == 0) + if (*flags != XN_FLAG_COMPAT + && (*flags & XN_FLAG_SEP_MASK) == 0) *flags |= XN_FLAG_SEP_CPLUS_SPC; return 1; } @@ -1390,9 +1389,9 @@ int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial OPENSSL_strlcpy(buf[0], serialfile, BSIZE); else { #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix); #endif } out = BIO_new_file(buf[0], "w"); @@ -1433,11 +1432,11 @@ int rotate_serial(const char *serialfile, const char *new_suffix, goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix); #endif if (rename(serialfile, buf[1]) < 0 && errno != ENOENT #ifdef ENOTDIR @@ -1506,9 +1505,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) goto err; #ifndef OPENSSL_SYS_VMS - BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile); + BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile); #else - BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile); + BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile); #endif dbattr_conf = app_load_config(buf); @@ -1569,13 +1568,13 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db) goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix); #else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix); #endif out = BIO_new_file(buf[0], "w"); if (out == NULL) { @@ -1618,17 +1617,17 @@ int rotate_index(const char *dbfile, const char *new_suffix, goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); - j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); - j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix); - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); + j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile); + j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix); #else - j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); - j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile); + j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix); #endif if (rename(dbfile, buf[1]) < 0 && errno != ENOENT #ifdef ENOTDIR @@ -1708,8 +1707,14 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) char *work; X509_NAME *n; - if (*cp++ != '/') + if (*cp++ != '/') { + BIO_printf(bio_err, + "name is expected to be in the format " + "/type0=value0/type1=value1/type2=... where characters may " + "be escaped by \\. This name is not in that format: '%s'\n", + --cp); return NULL; + } n = X509_NAME_new(); if (n == NULL) @@ -1765,6 +1770,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) opt_getprog(), typestr); continue; } + if (*valstr == '\0') { + BIO_printf(bio_err, + "%s: No value provided for Subject Attribute %s, skipped\n", + opt_getprog(), typestr); + continue; + } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, valstr, strlen((char *)valstr), -1, ismulti ? -1 : 0)) @@ -2255,29 +2266,27 @@ int app_access(const char* name, int flag) #ifdef _WIN32 int app_isdir(const char *name) { - HANDLE hList; - WIN32_FIND_DATA FileData; + DWORD attr; # if defined(UNICODE) || defined(_UNICODE) size_t i, len_0 = strlen(name) + 1; + WCHAR tempname[MAX_PATH]; - if (len_0 > OSSL_NELEM(FileData.cFileName)) + if (len_0 > MAX_PATH) return -1; # if !defined(_WIN32_WCE) || _WIN32_WCE>=101 - if (!MultiByteToWideChar - (CP_ACP, 0, name, len_0, FileData.cFileName, len_0)) + if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH)) # endif for (i = 0; i < len_0; i++) - FileData.cFileName[i] = (WCHAR)name[i]; + tempname[i] = (WCHAR)name[i]; - hList = FindFirstFile(FileData.cFileName, &FileData); + attr = GetFileAttributes(tempname); # else - hList = FindFirstFile(name, &FileData); + attr = GetFileAttributes(name); # endif - if (hList == INVALID_HANDLE_VALUE) + if (attr == INVALID_FILE_ATTRIBUTES) return -1; - FindClose(hList); - return ((FileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0); + return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0); } #else # include @@ -2575,6 +2584,7 @@ void wait_for_async(SSL *s) fd_set asyncfds; OSSL_ASYNC_FD *fds; size_t numfds; + size_t i; if (!SSL_get_all_async_fds(s, NULL, &numfds)) return; @@ -2583,17 +2593,17 @@ void wait_for_async(SSL *s) fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds"); if (!SSL_get_all_async_fds(s, fds, &numfds)) { OPENSSL_free(fds); + return; } FD_ZERO(&asyncfds); - while (numfds > 0) { - if (width <= (int)*fds) - width = (int)*fds + 1; - openssl_fdset((int)*fds, &asyncfds); - numfds--; - fds++; + for (i = 0; i < numfds; i++) { + if (width <= (int)fds[i]) + width = (int)fds[i] + 1; + openssl_fdset((int)fds[i], &asyncfds); } select(width, (void *)&asyncfds, NULL, NULL, NULL); + OPENSSL_free(fds); #endif } diff --git a/vendor/openssl/apps/apps.h b/vendor/openssl/apps/apps.h index 926a6d620..f91faf8c1 100644 --- a/vendor/openssl/apps/apps.h +++ b/vendor/openssl/apps/apps.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -214,8 +214,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \ OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ - OPT_S_DHPARAM, OPT_S_DEBUGBROKE, OPT_S_COMP, \ - OPT_S__LAST + OPT_S_DEBUGBROKE, OPT_S_COMP, OPT_S_MINPROTO, OPT_S_MAXPROTO, \ + OPT_S_NO_RENEGOTIATION, OPT_S__LAST # define OPT_S_OPTIONS \ {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \ @@ -230,6 +230,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \ {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \ "Enable use of legacy renegotiation (dangerous)"}, \ + {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \ + "Disable all renegotiation."}, \ {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \ "Allow initial connection to servers that don't support RI"}, \ {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \ @@ -248,8 +250,8 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, {"named_curve", OPT_S_NAMEDCURVE, 's', \ "Elliptic curve used for ECDHE (server-side only)" }, \ {"cipher", OPT_S_CIPHER, 's', "Specify cipher list to be used"}, \ - {"dhparam", OPT_S_DHPARAM, '<', \ - "DH parameter file to use, in cert file if not specified"}, \ + {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \ + {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \ {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ "Perform all sorts of protocol violations for testing purposes"} @@ -274,7 +276,9 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, case OPT_S_CURVES: \ case OPT_S_NAMEDCURVE: \ case OPT_S_CIPHER: \ - case OPT_S_DHPARAM: \ + case OPT_S_MINPROTO: \ + case OPT_S_MAXPROTO: \ + case OPT_S_NO_RENEGOTIATION: \ case OPT_S_DEBUGBROKE #define IS_NO_PROT_FLAG(o) \ diff --git a/vendor/openssl/apps/asn1pars.c b/vendor/openssl/apps/asn1pars.c index 1ac261c76..008a6797d 100644 --- a/vendor/openssl/apps/asn1pars.c +++ b/vendor/openssl/apps/asn1pars.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ OPTIONS asn1parse_options[] = { {"dump", OPT_DUMP, 0, "unknown data in hex form"}, {"dlimit", OPT_DLIMIT, 'p', "dump the first arg bytes of unknown data in hex form"}, - {"strparse", OPT_STRPARSE, 's', + {"strparse", OPT_STRPARSE, 'p', "offset; a series of these can be used to 'dig'"}, {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, @@ -113,13 +113,13 @@ int asn1parse_main(int argc, char **argv) offset = strtol(opt_arg(), NULL, 0); break; case OPT_LENGTH: - length = atoi(opt_arg()); + length = strtol(opt_arg(), NULL, 0); break; case OPT_DUMP: dump = -1; break; case OPT_DLIMIT: - dump = atoi(opt_arg()); + dump = strtol(opt_arg(), NULL, 0); break; case OPT_STRPARSE: sk_OPENSSL_STRING_push(osk, opt_arg()); @@ -191,7 +191,7 @@ int asn1parse_main(int argc, char **argv) num = 0; for (;;) { - if (!BUF_MEM_grow(buf, (int)num + BUFSIZ)) + if (!BUF_MEM_grow(buf, num + BUFSIZ)) goto end; i = BIO_read(in, &(buf->data[num]), BUFSIZ); if (i <= 0) @@ -211,9 +211,9 @@ int asn1parse_main(int argc, char **argv) for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) { ASN1_TYPE *atmp; int typ; - j = atoi(sk_OPENSSL_STRING_value(osk, i)); - if (j == 0) { - BIO_printf(bio_err, "'%s' is an invalid number\n", + j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0); + if (j <= 0 || j >= tmplen) { + BIO_printf(bio_err, "'%s' is out of range\n", sk_OPENSSL_STRING_value(osk, i)); continue; } @@ -244,14 +244,14 @@ int asn1parse_main(int argc, char **argv) num = tmplen; } - if (offset >= num) { - BIO_printf(bio_err, "Error: offset too large\n"); + if (offset < 0 || offset >= num) { + BIO_printf(bio_err, "Error: offset out of range\n"); goto end; } num -= offset; - if ((length == 0) || ((long)length > num)) + if (length == 0 || length > (unsigned int)num) length = (unsigned int)num; if (derout) { if (BIO_write(derout, str + offset, length) != (int)length) { diff --git a/vendor/openssl/apps/build.info b/vendor/openssl/apps/build.info index ae6486194..e2ddd2b56 100644 --- a/vendor/openssl/apps/build.info +++ b/vendor/openssl/apps/build.info @@ -1,21 +1,27 @@ {- our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget"; + our @apps_openssl_src = + ( qw(openssl.c + asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c + dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c + genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c + pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c + s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c + srp.c ts.c verify.c version.c x509.c rehash.c + apps.c opt.c s_cb.c s_socket.c + app_rand.c), + split(/\s+/, $target{apps_aux_src}) ); "" -} IF[{- !$disabled{apps} -}] PROGRAMS=openssl - SOURCE[openssl]=\ - openssl.c \ - asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c \ - dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c \ - genpkey.c genrsa.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c \ - pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c \ - s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c \ - srp.c ts.c verify.c version.c x509.c rehash.c \ - apps.c opt.c s_cb.c s_socket.c \ - app_rand.c \ - {- $target{apps_aux_src} -} + SOURCE[openssl]={- join(" ", @apps_openssl_src) -} INCLUDE[openssl]=.. ../include DEPEND[openssl]=../libssl + {- join("\n ", map { (my $x = $_) =~ s|\.c$|.o|; "DEPEND[$x]=progs.h" } + @apps_openssl_src) -} + GENERATE[progs.h]=progs.pl $(APPS_OPENSSL) + DEPEND[progs.h]=../configdata.pm + SCRIPTS=CA.pl {- $tsget_name -} SOURCE[CA.pl]=CA.pl.in SOURCE[{- $tsget_name -}]=tsget.in diff --git a/vendor/openssl/apps/ca.c b/vendor/openssl/apps/ca.c index 350a74843..c69a2b5cd 100644 --- a/vendor/openssl/apps/ca.c +++ b/vendor/openssl/apps/ca.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -440,30 +440,23 @@ int ca_main(int argc, char **argv) && (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL) goto end; - if (conf != NULL) { - p = NCONF_get_string(conf, NULL, "oid_file"); - if (p == NULL) - ERR_clear_error(); - if (p != NULL) { - BIO *oid_bio; + p = NCONF_get_string(conf, NULL, "oid_file"); + if (p == NULL) + ERR_clear_error(); + if (p != NULL) { + BIO *oid_bio = BIO_new_file(p, "r"); - oid_bio = BIO_new_file(p, "r"); - if (oid_bio == NULL) { - /*- - BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); - ERR_print_errors(bio_err); - */ - ERR_clear_error(); - } else { - OBJ_create_objects(oid_bio); - BIO_free(oid_bio); - } - } - if (!add_oid_section(conf)) { - ERR_print_errors(bio_err); - goto end; + if (oid_bio == NULL) { + ERR_clear_error(); + } else { + OBJ_create_objects(oid_bio); + BIO_free(oid_bio); } } + if (!add_oid_section(conf)) { + ERR_print_errors(bio_err); + goto end; + } randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); if (randfile == NULL) @@ -732,10 +725,10 @@ int ca_main(int argc, char **argv) /*****************************************************************/ if (req || gencrl) { - /* FIXME: Is it really always text? */ - Sout = bio_open_default(outfile, 'w', FORMAT_TEXT); - if (Sout == NULL) - goto end; + if (spkac_file != NULL) { + output_der = 1; + batch = 1; + } } if (md == NULL @@ -879,10 +872,6 @@ int ca_main(int argc, char **argv) BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } - if (outfile) { - output_der = 1; - batch = 1; - } } } if (ss_cert_file != NULL) { @@ -936,10 +925,13 @@ int ca_main(int argc, char **argv) if (j > 0) { total_done++; BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) + if (!BN_add_word(serial, 1)) { + X509_free(x); goto end; + } if (!sk_X509_push(cert_sk, x)) { BIO_printf(bio_err, "Memory allocation failure\n"); + X509_free(x); goto end; } } @@ -1024,6 +1016,11 @@ int ca_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "writing %s\n", buf[2]); + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + Cout = BIO_new_file(buf[2], "w"); if (Cout == NULL) { perror(buf[2]); @@ -1032,6 +1029,8 @@ int ca_main(int argc, char **argv) write_new_certificate(Cout, xi, 0, notext); write_new_certificate(Sout, xi, output_der, notext); BIO_free_all(Cout); + BIO_free_all(Sout); + Sout = NULL; } if (sk_X509_num(cert_sk)) { @@ -1098,13 +1097,13 @@ int ca_main(int argc, char **argv) goto end; tmptm = ASN1_TIME_new(); - if (tmptm == NULL) - goto end; - X509_gmtime_adj(tmptm, 0); - X509_CRL_set1_lastUpdate(crl, tmptm); - if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec, - NULL)) { + if (tmptm == NULL + || X509_gmtime_adj(tmptm, 0) == NULL + || !X509_CRL_set1_lastUpdate(crl, tmptm) + || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec, + NULL) == NULL) { BIO_puts(bio_err, "error setting CRL nextUpdate\n"); + ASN1_TIME_free(tmptm); goto end; } X509_CRL_set1_nextUpdate(crl, tmptm); @@ -1180,6 +1179,11 @@ int ca_main(int argc, char **argv) if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts)) goto end; + Sout = bio_open_default(outfile, 'w', + output_der ? FORMAT_ASN1 : FORMAT_TEXT); + if (Sout == NULL) + goto end; + PEM_write_bio_X509_CRL(Sout, crl); if (crlnumberfile != NULL) /* Rename the crlnumber file */ @@ -1376,8 +1380,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { - X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = - NULL; + X509_NAME *name = NULL, *CAname = NULL, *subject = NULL; const ASN1_TIME *tm; ASN1_STRING *str, *str2; ASN1_OBJECT *obj; @@ -1559,7 +1562,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (push != NULL) { if (!X509_NAME_add_entry(subject, push, -1, 0)) { - X509_NAME_ENTRY_free(push); BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } @@ -1577,104 +1579,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto end; } - if (verbose) - BIO_printf(bio_err, - "The subject name appears to be ok, checking data base for clashes\n"); - - /* Build the correct Subject if no e-mail is wanted in the subject */ - /* - * and add it later on because of the method extensions are added - * (altName) - */ - - if (email_dn) - dn_subject = subject; - else { - X509_NAME_ENTRY *tmpne; - /* - * Its best to dup the subject DN and then delete any email addresses - * because this retains its structure. - */ - if ((dn_subject = X509_NAME_dup(subject)) == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - while ((i = X509_NAME_get_index_by_NID(dn_subject, - NID_pkcs9_emailAddress, - -1)) >= 0) { - tmpne = X509_NAME_get_entry(dn_subject, i); - X509_NAME_delete_entry(dn_subject, i); - X509_NAME_ENTRY_free(tmpne); - } - } - - if (BN_is_zero(serial)) - row[DB_serial] = OPENSSL_strdup("00"); - else - row[DB_serial] = BN_bn2hex(serial); - if (row[DB_serial] == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - - if (db->attributes.unique_subject) { - OPENSSL_STRING *crow = row; - - rrow = TXT_DB_get_by_index(db->db, DB_name, crow); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:There is already a certificate for %s\n", - row[DB_name]); - } - } - if (rrow == NULL) { - rrow = TXT_DB_get_by_index(db->db, DB_serial, row); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:Serial number %s has already been issued,\n", - row[DB_serial]); - BIO_printf(bio_err, - " check the database/serial_file for corruption\n"); - } - } - - if (rrow != NULL) { - BIO_printf(bio_err, "The matching entry has the following details\n"); - if (rrow[DB_type][0] == 'E') - p = "Expired"; - else if (rrow[DB_type][0] == 'R') - p = "Revoked"; - else if (rrow[DB_type][0] == 'V') - p = "Valid"; - else - p = "\ninvalid type, Data base error\n"; - BIO_printf(bio_err, "Type :%s\n", p);; - if (rrow[DB_type][0] == 'R') { - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Was revoked on:%s\n", p); - } - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Expires on :%s\n", p); - p = rrow[DB_serial]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Serial Number :%s\n", p); - p = rrow[DB_file]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "File name :%s\n", p); - p = rrow[DB_name]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Subject Name :%s\n", p); - ok = -1; /* This is now a 'bad' error. */ - goto end; - } - /* We are now totally happy, lets make and sign the certificate */ if (verbose) BIO_printf(bio_err, @@ -1704,7 +1608,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (enddate != NULL) { int tdays; - ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)); + + if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret))) + goto end; days = tdays; } @@ -1719,7 +1625,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, /* Lets add the extensions, if there are any */ if (ext_sect) { X509V3_CTX ctx; - X509_set_version(ret, 2); /* Initialize the context structure */ if (selfsign) @@ -1774,10 +1679,132 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto end; } - /* Set the right value for the noemailDN option */ - if (email_dn == 0) { - if (!X509_set_subject_name(ret, dn_subject)) + { + const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(ret); + + if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0) + /* Make it an X509 v3 certificate. */ + if (!X509_set_version(ret, 2)) + goto end; + } + + if (verbose) + BIO_printf(bio_err, + "The subject name appears to be ok, checking data base for clashes\n"); + + /* Build the correct Subject if no e-mail is wanted in the subject. */ + if (!email_dn) { + X509_NAME_ENTRY *tmpne; + X509_NAME *dn_subject; + + /* + * Its best to dup the subject DN and then delete any email addresses + * because this retains its structure. + */ + if ((dn_subject = X509_NAME_dup(subject)) == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); goto end; + } + while ((i = X509_NAME_get_index_by_NID(dn_subject, + NID_pkcs9_emailAddress, + -1)) >= 0) { + tmpne = X509_NAME_get_entry(dn_subject, i); + X509_NAME_delete_entry(dn_subject, i); + X509_NAME_ENTRY_free(tmpne); + } + + if (!X509_set_subject_name(ret, dn_subject)) { + X509_NAME_free(dn_subject); + goto end; + } + X509_NAME_free(dn_subject); + } + + row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); + if (row[DB_name] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto end; + } + + if (BN_is_zero(serial)) + row[DB_serial] = OPENSSL_strdup("00"); + else + row[DB_serial] = BN_bn2hex(serial); + if (row[DB_serial] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto end; + } + + if (row[DB_name][0] == '\0') { + /* + * An empty subject! We'll use the serial number instead. If + * unique_subject is in use then we don't want different entries with + * empty subjects matching each other. + */ + OPENSSL_free(row[DB_name]); + row[DB_name] = OPENSSL_strdup(row[DB_serial]); + if (row[DB_name] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto end; + } + } + + if (db->attributes.unique_subject) { + OPENSSL_STRING *crow = row; + + rrow = TXT_DB_get_by_index(db->db, DB_name, crow); + if (rrow != NULL) { + BIO_printf(bio_err, + "ERROR:There is already a certificate for %s\n", + row[DB_name]); + } + } + if (rrow == NULL) { + rrow = TXT_DB_get_by_index(db->db, DB_serial, row); + if (rrow != NULL) { + BIO_printf(bio_err, + "ERROR:Serial number %s has already been issued,\n", + row[DB_serial]); + BIO_printf(bio_err, + " check the database/serial_file for corruption\n"); + } + } + + if (rrow != NULL) { + BIO_printf(bio_err, "The matching entry has the following details\n"); + if (rrow[DB_type][0] == DB_TYPE_EXP) + p = "Expired"; + else if (rrow[DB_type][0] == DB_TYPE_REV) + p = "Revoked"; + else if (rrow[DB_type][0] == DB_TYPE_VAL) + p = "Valid"; + else + p = "\ninvalid type, Data base error\n"; + BIO_printf(bio_err, "Type :%s\n", p);; + if (rrow[DB_type][0] == DB_TYPE_REV) { + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Was revoked on:%s\n", p); + } + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Expires on :%s\n", p); + p = rrow[DB_serial]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Serial Number :%s\n", p); + p = rrow[DB_file]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "File name :%s\n", p); + p = rrow[DB_name]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Subject Name :%s\n", p); + ok = -1; /* This is now a 'bad' error. */ + goto end; } if (!default_op) { @@ -1829,8 +1856,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, row[DB_exp_date][tm->length] = '\0'; row[DB_rev_date] = NULL; row[DB_file] = OPENSSL_strdup("unknown"); - row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); - if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || (row[DB_file] == NULL) || (row[DB_name] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); @@ -1850,16 +1875,14 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, irow = NULL; ok = 1; end: - if (irow != NULL) { + if (ok != 1) { for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); - OPENSSL_free(irow); } + OPENSSL_free(irow); X509_NAME_free(CAname); X509_NAME_free(subject); - if (dn_subject != subject) - X509_NAME_free(dn_subject); if (ok <= 0) X509_free(ret); else @@ -2040,6 +2063,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) else row[DB_serial] = BN_bn2hex(bn); BN_free(bn); + if (row[DB_name] != NULL && row[DB_name][0] == '\0') { + /* Entries with empty Subjects actually use the serial number instead */ + OPENSSL_free(row[DB_name]); + row[DB_name] = OPENSSL_strdup(row[DB_serial]); + } if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto end; @@ -2200,7 +2228,10 @@ static int do_updatedb(CA_DB *db) return -1; /* get actual time and make a string */ - a_tm = X509_gmtime_adj(a_tm, 0); + if (X509_gmtime_adj(a_tm, 0) == NULL) { + ASN1_UTCTIME_free(a_tm); + return -1; + } a_tm_s = app_malloc(a_tm->length + 1, "time string"); memcpy(a_tm_s, a_tm->data, a_tm->length); diff --git a/vendor/openssl/apps/ciphers.c b/vendor/openssl/apps/ciphers.c index c0f43ea2e..e1b5b255c 100644 --- a/vendor/openssl/apps/ciphers.c +++ b/vendor/openssl/apps/ciphers.c @@ -225,7 +225,7 @@ int ciphers_main(int argc, char **argv) BIO_printf(bio_out, "%s - ", nm); } #endif - BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof buf)); + BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf))); } } diff --git a/vendor/openssl/apps/cms.c b/vendor/openssl/apps/cms.c index 579b22730..640f92eb1 100644 --- a/vendor/openssl/apps/cms.c +++ b/vendor/openssl/apps/cms.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -931,11 +931,15 @@ int cms_main(int argc, char **argv) keyfile = sk_OPENSSL_STRING_value(skkeys, i); signer = load_cert(signerfile, FORMAT_PEM, "signer certificate"); - if (!signer) + if (!signer) { + ret = 2; goto end; + } key = load_key(keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) + if (!key) { + ret = 2; goto end; + } for (kparam = key_first; kparam; kparam = kparam->next) { if (kparam->idx == i) { tflags |= CMS_KEY_PARAM; diff --git a/vendor/openssl/apps/dhparam.c b/vendor/openssl/apps/dhparam.c index 0616333af..8a2841456 100644 --- a/vendor/openssl/apps/dhparam.c +++ b/vendor/openssl/apps/dhparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -151,6 +151,11 @@ int dhparam_main(int argc, char **argv) goto end; } # endif + + out = bio_open_default(outfile, 'w', outformat); + if (out == NULL) + goto end; + /* DH parameters */ if (num && !g) g = 2; @@ -266,10 +271,6 @@ int dhparam_main(int argc, char **argv) /* dh != NULL */ } - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - if (text) { DHparams_print(out, dh); } @@ -326,9 +327,9 @@ int dhparam_main(int argc, char **argv) "\n" " if (dh == NULL)\n" " return NULL;\n"); - BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof (dhp_%d), NULL);\n", + BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n", bits, bits); - BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof (dhg_%d), NULL);\n", + BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n", bits, bits); BIO_printf(out, " if (dhp_bn == NULL || dhg_bn == NULL\n" " || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n" diff --git a/vendor/openssl/apps/dsa.c b/vendor/openssl/apps/dsa.c index 9c9354916..8454b2e9a 100644 --- a/vendor/openssl/apps/dsa.c +++ b/vendor/openssl/apps/dsa.c @@ -217,6 +217,9 @@ int dsa_main(int argc, char **argv) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); + if (pk == NULL) + goto end; + EVP_PKEY_set1_DSA(pk, dsa); if (outformat == FORMAT_PVK) { if (pubin) { diff --git a/vendor/openssl/apps/dsaparam.c b/vendor/openssl/apps/dsaparam.c index 925880300..20891cf3d 100644 --- a/vendor/openssl/apps/dsaparam.c +++ b/vendor/openssl/apps/dsaparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -226,28 +226,34 @@ int dsaparam_main(int argc, char **argv) data = app_malloc(len + 20, "BN space"); - BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p); - print_bignum_var(bio_out, p, "dsap", len, data); - print_bignum_var(bio_out, q, "dsaq", len, data); - print_bignum_var(bio_out, g, "dsag", len, data); + BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p); + print_bignum_var(bio_out, p, "dsap", bits_p, data); + print_bignum_var(bio_out, q, "dsaq", bits_p, data); + print_bignum_var(bio_out, g, "dsag", bits_p, data); BIO_printf(bio_out, " DSA *dsa = DSA_new();\n" + " BIGNUM *p, *q, *g;\n" "\n"); BIO_printf(bio_out, " if (dsa == NULL)\n" " return NULL;\n"); - BIO_printf(bio_out, " dsa->p = BN_bin2bn(dsap_%d, sizeof (dsap_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " dsa->q = BN_bin2bn(dsaq_%d, sizeof (dsaq_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " dsa->g = BN_bin2bn(dsag_%d, sizeof (dsag_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " if (!dsa->p || !dsa->q || !dsa->g) {\n" - " DSA_free(dsa);\n" + BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n", + bits_p, bits_p); + BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n", + bits_p, bits_p); + BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n", + bits_p, bits_p); + BIO_printf(bio_out, " DSA_free(dsa);\n" + " BN_free(p);\n" + " BN_free(q);\n" + " BN_free(g);\n" " return NULL;\n" " }\n" - " return(dsa);\n}\n"); + " return dsa;\n}\n"); OPENSSL_free(data); } + if (outformat == FORMAT_ASN1 && genkey) + noout = 1; + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_DSAparams_bio(out, dsa); diff --git a/vendor/openssl/apps/ecparam.c b/vendor/openssl/apps/ecparam.c index 891a0cac0..999f74870 100644 --- a/vendor/openssl/apps/ecparam.c +++ b/vendor/openssl/apps/ecparam.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -357,24 +357,24 @@ int ecparam_main(int argc, char **argv) " BIGNUM *tmp_3 = NULL;\n" "\n"); - BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof (ec_p_%d), NULL)) == NULL)\n" + BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n" " goto err;\n", len, len); - BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof (ec_a_%d), NULL)) == NULL)\n" + BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n" " goto err;\n", len, len); - BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof (ec_b_%d), NULL)) == NULL)\n" + BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n" " goto err;\n", len, len); BIO_printf(out, " if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n" " goto err;\n" "\n"); BIO_printf(out, " /* build generator */\n"); - BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof (ec_gen_%d), tmp_1)) == NULL)\n" + BIO_printf(out, " if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n" " goto err;\n", len, len); BIO_printf(out, " point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n"); BIO_printf(out, " if (point == NULL)\n" " goto err;\n"); - BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof (ec_order_%d), tmp_2)) == NULL)\n" + BIO_printf(out, " if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n" " goto err;\n", len, len); - BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof (ec_cofactor_%d), tmp_3)) == NULL)\n" + BIO_printf(out, " if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n" " goto err;\n", len, len); BIO_printf(out, " if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n" " goto err;\n" @@ -393,6 +393,9 @@ int ecparam_main(int argc, char **argv) "}\n"); } + if (outformat == FORMAT_ASN1 && genkey) + noout = 1; + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_ECPKParameters_bio(out, group); @@ -428,6 +431,9 @@ int ecparam_main(int argc, char **argv) goto end; } + if (new_form) + EC_KEY_set_conv_form(eckey, form); + if (!EC_KEY_generate_key(eckey)) { BIO_printf(bio_err, "unable to generate key\n"); EC_KEY_free(eckey); diff --git a/vendor/openssl/apps/enc.c b/vendor/openssl/apps/enc.c index c90656331..df5538114 100644 --- a/vendor/openssl/apps/enc.c +++ b/vendor/openssl/apps/enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -96,7 +96,7 @@ int enc_main(int argc, char **argv) char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p; char *infile = NULL, *outfile = NULL, *prog; char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL; - char mbuf[sizeof magic - 1]; + char mbuf[sizeof(magic) - 1]; OPTION_CHOICE o; int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0; int enc = 1, printkey = 0, i, k; @@ -218,7 +218,7 @@ int enc_main(int argc, char **argv) in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT); if (in == NULL) goto opthelp; - i = BIO_gets(in, buf, sizeof buf); + i = BIO_gets(in, buf, sizeof(buf)); BIO_free(in); in = NULL; if (i <= 0) { @@ -257,6 +257,10 @@ int enc_main(int argc, char **argv) break; } } + if (opt_num_rest() != 0) { + BIO_printf(bio_err, "Extra arguments given.\n"); + goto opthelp; + } if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); @@ -311,7 +315,7 @@ int enc_main(int argc, char **argv) for (;;) { char prompt[200]; - BIO_snprintf(prompt, sizeof prompt, "enter %s %s password:", + BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:", OBJ_nid2ln(EVP_CIPHER_nid(cipher)), (enc) ? "encryption" : "decryption"); strbuf[0] = '\0'; @@ -398,31 +402,31 @@ int enc_main(int argc, char **argv) else { if (enc) { if (hsalt) { - if (!set_hex(hsalt, salt, sizeof salt)) { + if (!set_hex(hsalt, salt, sizeof(salt))) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_bytes(salt, sizeof salt) <= 0) + } else if (RAND_bytes(salt, sizeof(salt)) <= 0) goto end; /* * If -P option then don't bother writing */ if ((printkey != 2) && (BIO_write(wbio, magic, - sizeof magic - 1) != sizeof magic - 1 + sizeof(magic) - 1) != sizeof(magic) - 1 || BIO_write(wbio, (char *)salt, - sizeof salt) != sizeof salt)) { + sizeof(salt)) != sizeof(salt))) { BIO_printf(bio_err, "error writing output file\n"); goto end; } - } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf + } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf) || BIO_read(rbio, (unsigned char *)salt, - sizeof salt) != sizeof salt) { + sizeof(salt)) != sizeof(salt)) { BIO_printf(bio_err, "error reading input file\n"); goto end; - } else if (memcmp(mbuf, magic, sizeof magic - 1)) { + } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) { BIO_printf(bio_err, "bad magic number\n"); goto end; } @@ -449,7 +453,7 @@ int enc_main(int argc, char **argv) int siz = EVP_CIPHER_iv_length(cipher); if (siz == 0) { BIO_printf(bio_err, "warning: iv not use by this cipher\n"); - } else if (!set_hex(hiv, iv, sizeof iv)) { + } else if (!set_hex(hiv, iv, sizeof(iv))) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; } diff --git a/vendor/openssl/apps/engine.c b/vendor/openssl/apps/engine.c index ffd313742..4eeb64249 100644 --- a/vendor/openssl/apps/engine.c +++ b/vendor/openssl/apps/engine.c @@ -311,6 +311,7 @@ int engine_main(int argc, char **argv) break; case OPT_TT: test_avail_noise++; + /* fall thru */ case OPT_T: test_avail++; break; diff --git a/vendor/openssl/apps/errstr.c b/vendor/openssl/apps/errstr.c index 5fda799d1..79d83ee46 100644 --- a/vendor/openssl/apps/errstr.c +++ b/vendor/openssl/apps/errstr.c @@ -58,7 +58,7 @@ int errstr_main(int argc, char **argv) */ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); BIO_printf(bio_out, "%s\n", buf); } } diff --git a/vendor/openssl/apps/genrsa.c b/vendor/openssl/apps/genrsa.c index 1ac66a97d..19bc7535e 100644 --- a/vendor/openssl/apps/genrsa.c +++ b/vendor/openssl/apps/genrsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -78,6 +78,7 @@ int genrsa_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: +opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -110,11 +111,16 @@ int genrsa_main(int argc, char **argv) } argc = opt_num_rest(); argv = opt_rest(); - private = 1; - if (argv[0] && (!opt_int(argv[0], &num) || num <= 0)) - goto end; + if (argc == 1) { + if (!opt_int(argv[0], &num) || num <= 0) + goto end; + } else if (argc > 0) { + BIO_printf(bio_err, "Extra arguments given.\n"); + goto opthelp; + } + private = 1; if (!app_passwd(NULL, passoutarg, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/vendor/openssl/apps/ocsp.c b/vendor/openssl/apps/ocsp.c index 41ea97030..0c15f5114 100644 --- a/vendor/openssl/apps/ocsp.c +++ b/vendor/openssl/apps/ocsp.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -639,7 +639,6 @@ int ocsp_main(int argc, char **argv) OCSP_response_status_str(i), i); if (ignore_err) goto redo_accept; - ret = 0; goto end; } @@ -1074,7 +1073,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio) *pcbio = cbio; /* Read the request line. */ - len = BIO_gets(cbio, reqbuf, sizeof reqbuf); + len = BIO_gets(cbio, reqbuf, sizeof(reqbuf)); if (len <= 0) return 1; if (strncmp(reqbuf, "GET ", 4) == 0) { @@ -1116,7 +1115,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio) /* Read and skip past the headers. */ for (;;) { - len = BIO_gets(cbio, inbuf, sizeof inbuf); + len = BIO_gets(cbio, inbuf, sizeof(inbuf)); if (len <= 0) return 1; if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) diff --git a/vendor/openssl/apps/openssl.c b/vendor/openssl/apps/openssl.c index e69e7d9b4..2607694f5 100644 --- a/vendor/openssl/apps/openssl.c +++ b/vendor/openssl/apps/openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,8 +69,8 @@ static int apps_startup() #endif /* Set non-default library initialisation settings */ - if (!OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN - | OPENSSL_INIT_LOAD_CONFIG, NULL)) + if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN + | OPENSSL_INIT_LOAD_CONFIG, NULL)) return 0; #ifndef OPENSSL_NO_UI @@ -154,8 +154,13 @@ int main(int argc, char *argv[]) #endif } - if (!apps_startup()) + if (!apps_startup()) { + BIO_printf(bio_err, + "FATAL: Startup failure (dev note: apps_startup() failed)\n"); + ERR_print_errors(bio_err); + ret = 1; goto end; + } prog = prog_init(); pname = opt_progname(argv[0]); @@ -183,7 +188,7 @@ int main(int argc, char *argv[]) for (;;) { ret = 0; /* Read a line, continue reading if line ends with \ */ - for (p = buf, n = sizeof buf, i = 0, first = 1; n > 0; first = 0) { + for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) { prompt = first ? "OpenSSL> " : "> "; p[0] = '\0'; #ifndef READLINE @@ -329,6 +334,7 @@ int list_main(int argc, char **argv) switch (o) { case OPT_EOF: /* Never hit, but suppresses warning */ case OPT_ERR: +opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); return 1; case OPT_HELP: @@ -358,12 +364,14 @@ int list_main(int argc, char **argv) } done = 1; } - - if (!done) { - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - return 1; + if (opt_num_rest() != 0) { + BIO_printf(bio_err, "Extra arguments given.\n"); + goto opthelp; } + if (!done) + goto opthelp; + return 0; } diff --git a/vendor/openssl/apps/opt.c b/vendor/openssl/apps/opt.c index f72ac64ec..6e40f6480 100644 --- a/vendor/openssl/apps/opt.c +++ b/vendor/openssl/apps/opt.c @@ -60,10 +60,10 @@ char *opt_progname(const char *argv0) n -= 4; /* Copy over the name, in lowercase. */ - if (n > sizeof prog - 1) - n = sizeof prog - 1; + if (n > sizeof(prog) - 1) + n = sizeof(prog) - 1; for (q = prog, i = 0; i < n; i++, p++) - *q++ = isupper(*p) ? tolower(*p) : *p; + *q++ = tolower((unsigned char)*p); *q = '\0'; return prog; } @@ -82,9 +82,9 @@ char *opt_progname(const char *argv0) } q = strrchr(p, '.'); - strncpy(prog, p, sizeof prog - 1); - prog[sizeof prog - 1] = '\0'; - if (q != NULL && q - p < sizeof prog) + strncpy(prog, p, sizeof(prog) - 1); + prog[sizeof(prog) - 1] = '\0'; + if (q != NULL && q - p < sizeof(prog)) prog[q - p] = '\0'; return prog; } @@ -101,8 +101,8 @@ char *opt_progname(const char *argv0) p++; break; } - strncpy(prog, p, sizeof prog - 1); - prog[sizeof prog - 1] = '\0'; + strncpy(prog, p, sizeof(prog) - 1); + prog[sizeof(prog) - 1] = '\0'; return prog; } #endif @@ -840,7 +840,7 @@ void opt_help(const OPTIONS *list) i += 1 + strlen(valtype2param(o)); if (i < MAX_OPT_HELP_WIDTH && i > width) width = i; - assert(i < (int)sizeof start); + assert(i < (int)sizeof(start)); } if (standard_prolog) @@ -857,7 +857,7 @@ void opt_help(const OPTIONS *list) /* Pad out prefix */ memset(start, ' ', sizeof(start) - 1); - start[sizeof start - 1] = '\0'; + start[sizeof(start) - 1] = '\0'; if (o->name == OPT_MORE_STR) { /* Continuation of previous line; pad and print. */ diff --git a/vendor/openssl/apps/passwd.c b/vendor/openssl/apps/passwd.c index 98fae52e0..f2b0d9a29 100644 --- a/vendor/openssl/apps/passwd.c +++ b/vendor/openssl/apps/passwd.c @@ -79,9 +79,9 @@ int passwd_main(int argc, char **argv) char *salt_malloc = NULL, *passwd_malloc = NULL, *prog; OPTION_CHOICE o; int in_stdin = 0, pw_source_defined = 0; -#ifndef OPENSSL_NO_UI +# ifndef OPENSSL_NO_UI int in_noverify = 0; -#endif +# endif int passed_salt = 0, quiet = 0, table = 0, reverse = 0; int ret = 1, usecrypt = 0, use1 = 0, useapr1 = 0; size_t passwd_malloc_size = 0, pw_maxlen = 256; @@ -105,9 +105,9 @@ int passwd_main(int argc, char **argv) pw_source_defined = 1; break; case OPT_NOVERIFY: -#ifndef OPENSSL_NO_UI +# ifndef OPENSSL_NO_UI in_noverify = 1; -#endif +# endif break; case OPT_QUIET: quiet = 1; @@ -198,26 +198,31 @@ int passwd_main(int argc, char **argv) } if ((in == NULL) && (passwds == NULL)) { + /* + * we use the following method to make sure what + * in the 'else' section is always compiled, to + * avoid rot of not-frequently-used code. + */ if (1) { -#ifndef OPENSSL_NO_UI +# ifndef OPENSSL_NO_UI /* build a null-terminated list */ static char *passwds_static[2] = { NULL, NULL }; passwds = passwds_static; - if (in == NULL) + if (in == NULL) { if (EVP_read_pw_string (passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0) goto end; + } passwds[0] = passwd_malloc; } else { -#endif +# endif BIO_printf(bio_err, "password required\n"); goto end; } } - if (in == NULL) { assert(passwds != NULL); assert(*passwds != NULL); @@ -228,11 +233,9 @@ int passwd_main(int argc, char **argv) quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1)) goto end; - } - while (*passwds != NULL); - } else + } while (*passwds != NULL); + } else { /* in != NULL */ - { int done; assert(passwd != NULL); @@ -240,13 +243,13 @@ int passwd_main(int argc, char **argv) int r = BIO_gets(in, passwd, pw_maxlen + 1); if (r > 0) { char *c = (strchr(passwd, '\n')); - if (c != NULL) + if (c != NULL) { *c = 0; /* truncate at newline */ - else { + } else { /* ignore rest of line */ char trash[BUFSIZ]; do - r = BIO_gets(in, trash, sizeof trash); + r = BIO_gets(in, trash, sizeof(trash)); while ((r > 0) && (!strchr(trash, '\n'))); } @@ -256,8 +259,7 @@ int passwd_main(int argc, char **argv) goto end; } done = (r <= 0); - } - while (!done); + } while (!done); } ret = 0; @@ -298,9 +300,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) if (magic_len > 4) /* assert it's "1" or "apr1" */ return NULL; - OPENSSL_strlcat(out_buf, magic, sizeof out_buf); - OPENSSL_strlcat(out_buf, "$", sizeof out_buf); - OPENSSL_strlcat(out_buf, salt, sizeof out_buf); + OPENSSL_strlcat(out_buf, magic, sizeof(out_buf)); + OPENSSL_strlcat(out_buf, "$", sizeof(out_buf)); + OPENSSL_strlcat(out_buf, salt, sizeof(out_buf)); if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */ return NULL; @@ -330,8 +332,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) || !EVP_DigestFinal_ex(md2, buf, NULL)) goto err; - for (i = passwd_len; i > sizeof buf; i -= sizeof buf) { - if (!EVP_DigestUpdate(md, buf, sizeof buf)) + for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) { + if (!EVP_DigestUpdate(md, buf, sizeof(buf))) goto err; } if (!EVP_DigestUpdate(md, buf, i)) @@ -351,7 +353,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) goto err; if (!EVP_DigestUpdate(md2, (i & 1) ? (unsigned const char *)passwd : buf, - (i & 1) ? passwd_len : sizeof buf)) + (i & 1) ? passwd_len : sizeof(buf))) goto err; if (i % 3) { if (!EVP_DigestUpdate(md2, salt_out, salt_len)) @@ -363,7 +365,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) } if (!EVP_DigestUpdate(md2, (i & 1) ? buf : (unsigned const char *)passwd, - (i & 1) ? sizeof buf : passwd_len)) + (i & 1) ? sizeof(buf) : passwd_len)) goto err; if (!EVP_DigestFinal_ex(md2, buf, NULL)) goto err; @@ -375,7 +377,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) { /* transform buf into output string */ - unsigned char buf_perm[sizeof buf]; + unsigned char buf_perm[sizeof(buf)]; int dest, source; char *output; @@ -387,7 +389,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) buf_perm[15] = buf[11]; # ifndef PEDANTIC /* Unfortunately, this generates a "no * effect" warning */ - assert(16 == sizeof buf_perm); + assert(16 == sizeof(buf_perm)); # endif output = salt_out + salt_len; @@ -433,9 +435,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if (!passed_salt) { # ifndef OPENSSL_NO_DES if (usecrypt) { - if (*salt_malloc_p == NULL) { + if (*salt_malloc_p == NULL) *salt_p = *salt_malloc_p = app_malloc(3, "salt buffer"); - } if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0) goto end; (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */ @@ -452,9 +453,8 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, if (use1 || useapr1) { int i; - if (*salt_malloc_p == NULL) { + if (*salt_malloc_p == NULL) *salt_p = *salt_malloc_p = app_malloc(9, "salt buffer"); - } if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0) goto end; diff --git a/vendor/openssl/apps/pkcs12.c b/vendor/openssl/apps/pkcs12.c index 6c07e810b..85f649d81 100644 --- a/vendor/openssl/apps/pkcs12.c +++ b/vendor/openssl/apps/pkcs12.c @@ -323,7 +323,7 @@ int pkcs12_main(int argc, char **argv) if (1) { #ifndef OPENSSL_NO_UI if (EVP_read_pw_string - (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { + (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } @@ -440,7 +440,7 @@ int pkcs12_main(int argc, char **argv) if (!noprompt) { if (1) { #ifndef OPENSSL_NO_UI - if (EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", + if (EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:", 1)) { BIO_printf(bio_err, "Can't read Password\n"); goto export_end; @@ -453,7 +453,7 @@ int pkcs12_main(int argc, char **argv) } if (!twopass) - OPENSSL_strlcpy(macpass, pass, sizeof macpass); + OPENSSL_strlcpy(macpass, pass, sizeof(macpass)); p12 = PKCS12_create(cpass, name, key, ucert, certs, key_pbe, cert_pbe, iter, -1, keytype); @@ -506,7 +506,7 @@ int pkcs12_main(int argc, char **argv) if (!noprompt) { if (1) { #ifndef OPENSSL_NO_UI - if (EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", + if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:", 0)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; @@ -519,7 +519,7 @@ int pkcs12_main(int argc, char **argv) } if (!twopass) - OPENSSL_strlcpy(macpass, pass, sizeof macpass); + OPENSSL_strlcpy(macpass, pass, sizeof(macpass)); if ((options & INFO) && PKCS12_mac_present(p12)) { const ASN1_INTEGER *tmaciter; diff --git a/vendor/openssl/apps/pkcs8.c b/vendor/openssl/apps/pkcs8.c index 4b3fa10d2..0874370d0 100644 --- a/vendor/openssl/apps/pkcs8.c +++ b/vendor/openssl/apps/pkcs8.c @@ -238,7 +238,7 @@ int pkcs8_main(int argc, char **argv) #ifndef OPENSSL_NO_UI p8pass = pass; if (EVP_read_pw_string - (pass, sizeof pass, "Enter Encryption Password:", 1)) { + (pass, sizeof(pass), "Enter Encryption Password:", 1)) { X509_ALGOR_free(pbe); goto end; } @@ -300,7 +300,7 @@ int pkcs8_main(int argc, char **argv) else if (1) { #ifndef OPENSSL_NO_UI p8pass = pass; - if (EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0)) { + if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } diff --git a/vendor/openssl/apps/pkey.c b/vendor/openssl/apps/pkey.c index ad1a3b10e..5c13d8b87 100644 --- a/vendor/openssl/apps/pkey.c +++ b/vendor/openssl/apps/pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -141,24 +141,30 @@ int pkey_main(int argc, char **argv) if (!noout) { if (outformat == FORMAT_PEM) { - if (pubout) - PEM_write_bio_PUBKEY(out, pkey); - else { + if (pubout) { + if (!PEM_write_bio_PUBKEY(out, pkey)) + goto end; + } else { assert(private); - if (traditional) - PEM_write_bio_PrivateKey_traditional(out, pkey, cipher, - NULL, 0, NULL, - passout); - else - PEM_write_bio_PrivateKey(out, pkey, cipher, - NULL, 0, NULL, passout); + if (traditional) { + if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher, + NULL, 0, NULL, + passout)) + goto end; + } else { + if (!PEM_write_bio_PrivateKey(out, pkey, cipher, + NULL, 0, NULL, passout)) + goto end; + } } } else if (outformat == FORMAT_ASN1) { - if (pubout) - i2d_PUBKEY_bio(out, pkey); - else { + if (pubout) { + if (!i2d_PUBKEY_bio(out, pkey)) + goto end; + } else { assert(private); - i2d_PrivateKey_bio(out, pkey); + if (!i2d_PrivateKey_bio(out, pkey)) + goto end; } } else { BIO_printf(bio_err, "Bad format specified for key\n"); @@ -168,17 +174,21 @@ int pkey_main(int argc, char **argv) } if (text) { - if (pubtext) - EVP_PKEY_print_public(out, pkey, 0, NULL); - else { + if (pubtext) { + if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0) + goto end; + } else { assert(private); - EVP_PKEY_print_private(out, pkey, 0, NULL); + if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0) + goto end; } } ret = 0; end: + if (ret != 0) + ERR_print_errors(bio_err); EVP_PKEY_free(pkey); release_engine(e); BIO_free_all(out); diff --git a/vendor/openssl/apps/pkeyutl.c b/vendor/openssl/apps/pkeyutl.c index 962a389dc..bbb1274f1 100644 --- a/vendor/openssl/apps/pkeyutl.c +++ b/vendor/openssl/apps/pkeyutl.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -81,8 +81,7 @@ int pkeyutl_main(int argc, char **argv) char hexdump = 0, asn1parse = 0, rev = 0, *prog; unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; OPTION_CHOICE o; - int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = - FORMAT_PEM; + int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM; int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; int engine_impl = 0; int ret = 1, rv = -1; @@ -193,10 +192,18 @@ int pkeyutl_main(int argc, char **argv) goto opthelp; if (kdfalg != NULL) { - if (kdflen == 0) + if (kdflen == 0) { + BIO_printf(bio_err, + "%s: no KDF length given (-kdflen parameter).\n", prog); goto opthelp; - } else if ((inkey == NULL) - || (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) { + } + } else if (inkey == NULL) { + BIO_printf(bio_err, + "%s: no private key given (-inkey parameter).\n", prog); + goto opthelp; + } else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) { + BIO_printf(bio_err, + "%s: no peer key given (-peerkey parameter).\n", prog); goto opthelp; } ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, @@ -219,7 +226,8 @@ int pkeyutl_main(int argc, char **argv) const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i); if (pkey_ctrl_string(ctx, opt) <= 0) { - BIO_printf(bio_err, "%s: Can't set parameter:\n", prog); + BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n", + prog, opt); ERR_print_errors(bio_err); goto end; } @@ -307,7 +315,11 @@ int pkeyutl_main(int argc, char **argv) buf_in, (size_t)buf_inlen); } if (rv <= 0) { - BIO_puts(bio_err, "Public Key operation error\n"); + if (pkey_op != EVP_PKEY_OP_DERIVE) { + BIO_puts(bio_err, "Public Key operation error\n"); + } else { + BIO_puts(bio_err, "Key derivation failed\n"); + } ERR_print_errors(bio_err); goto end; } @@ -383,8 +395,15 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, if (kdfalg) { int kdfnid = OBJ_sn2nid(kdfalg); - if (kdfnid == NID_undef) - goto end; + + if (kdfnid == NID_undef) { + kdfnid = OBJ_ln2nid(kdfalg); + if (kdfnid == NID_undef) { + BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n", + kdfalg); + goto end; + } + } ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); } else { if (pkey == NULL) @@ -435,10 +454,10 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, } static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, - ENGINE* e) + ENGINE *e) { EVP_PKEY *peer = NULL; - ENGINE* engine = NULL; + ENGINE *engine = NULL; int ret; if (peerform == FORMAT_ENGINE) diff --git a/vendor/openssl/apps/prime.c b/vendor/openssl/apps/prime.c index b0f5969a2..c12463d8c 100644 --- a/vendor/openssl/apps/prime.c +++ b/vendor/openssl/apps/prime.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -43,6 +43,7 @@ int prime_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: +opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -69,9 +70,14 @@ int prime_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (argc == 0 && !generate) { + if (generate) { + if (argc != 0) { + BIO_printf(bio_err, "Extra arguments given.\n"); + goto opthelp; + } + } else if (argc == 0) { BIO_printf(bio_err, "%s: No prime specified\n", prog); - goto end; + goto opthelp; } if (generate) { diff --git a/vendor/openssl/apps/progs.h b/vendor/openssl/apps/progs.h deleted file mode 100644 index 5f6f07f89..000000000 --- a/vendor/openssl/apps/progs.h +++ /dev/null @@ -1,418 +0,0 @@ -/* - * WARNING: do not edit! - * Generated by apps/progs.pl - * - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -typedef enum FUNC_TYPE { - FT_none, FT_general, FT_md, FT_cipher, FT_pkey, - FT_md_alg, FT_cipher_alg -} FUNC_TYPE; - -typedef struct function_st { - FUNC_TYPE type; - const char *name; - int (*func)(int argc, char *argv[]); - const OPTIONS *help; -} FUNCTION; - -DEFINE_LHASH_OF(FUNCTION); - -extern int asn1parse_main(int argc, char *argv[]); -extern int ca_main(int argc, char *argv[]); -extern int ciphers_main(int argc, char *argv[]); -extern int cms_main(int argc, char *argv[]); -extern int crl_main(int argc, char *argv[]); -extern int crl2pkcs7_main(int argc, char *argv[]); -extern int dgst_main(int argc, char *argv[]); -extern int dhparam_main(int argc, char *argv[]); -extern int dsa_main(int argc, char *argv[]); -extern int dsaparam_main(int argc, char *argv[]); -extern int ec_main(int argc, char *argv[]); -extern int ecparam_main(int argc, char *argv[]); -extern int enc_main(int argc, char *argv[]); -extern int engine_main(int argc, char *argv[]); -extern int errstr_main(int argc, char *argv[]); -extern int exit_main(int argc, char *argv[]); -extern int gendsa_main(int argc, char *argv[]); -extern int genpkey_main(int argc, char *argv[]); -extern int genrsa_main(int argc, char *argv[]); -extern int help_main(int argc, char *argv[]); -extern int list_main(int argc, char *argv[]); -extern int nseq_main(int argc, char *argv[]); -extern int ocsp_main(int argc, char *argv[]); -extern int passwd_main(int argc, char *argv[]); -extern int pkcs12_main(int argc, char *argv[]); -extern int pkcs7_main(int argc, char *argv[]); -extern int pkcs8_main(int argc, char *argv[]); -extern int pkey_main(int argc, char *argv[]); -extern int pkeyparam_main(int argc, char *argv[]); -extern int pkeyutl_main(int argc, char *argv[]); -extern int prime_main(int argc, char *argv[]); -extern int rand_main(int argc, char *argv[]); -extern int rehash_main(int argc, char *argv[]); -extern int req_main(int argc, char *argv[]); -extern int rsa_main(int argc, char *argv[]); -extern int rsautl_main(int argc, char *argv[]); -extern int s_client_main(int argc, char *argv[]); -extern int s_server_main(int argc, char *argv[]); -extern int s_time_main(int argc, char *argv[]); -extern int sess_id_main(int argc, char *argv[]); -extern int smime_main(int argc, char *argv[]); -extern int speed_main(int argc, char *argv[]); -extern int spkac_main(int argc, char *argv[]); -extern int srp_main(int argc, char *argv[]); -extern int ts_main(int argc, char *argv[]); -extern int verify_main(int argc, char *argv[]); -extern int version_main(int argc, char *argv[]); -extern int x509_main(int argc, char *argv[]); - -extern OPTIONS asn1parse_options[]; -extern OPTIONS ca_options[]; -extern OPTIONS ciphers_options[]; -extern OPTIONS cms_options[]; -extern OPTIONS crl_options[]; -extern OPTIONS crl2pkcs7_options[]; -extern OPTIONS dgst_options[]; -extern OPTIONS dhparam_options[]; -extern OPTIONS dsa_options[]; -extern OPTIONS dsaparam_options[]; -extern OPTIONS ec_options[]; -extern OPTIONS ecparam_options[]; -extern OPTIONS enc_options[]; -extern OPTIONS engine_options[]; -extern OPTIONS errstr_options[]; -extern OPTIONS exit_options[]; -extern OPTIONS gendsa_options[]; -extern OPTIONS genpkey_options[]; -extern OPTIONS genrsa_options[]; -extern OPTIONS help_options[]; -extern OPTIONS list_options[]; -extern OPTIONS nseq_options[]; -extern OPTIONS ocsp_options[]; -extern OPTIONS passwd_options[]; -extern OPTIONS pkcs12_options[]; -extern OPTIONS pkcs7_options[]; -extern OPTIONS pkcs8_options[]; -extern OPTIONS pkey_options[]; -extern OPTIONS pkeyparam_options[]; -extern OPTIONS pkeyutl_options[]; -extern OPTIONS prime_options[]; -extern OPTIONS rand_options[]; -extern OPTIONS rehash_options[]; -extern OPTIONS req_options[]; -extern OPTIONS rsa_options[]; -extern OPTIONS rsautl_options[]; -extern OPTIONS s_client_options[]; -extern OPTIONS s_server_options[]; -extern OPTIONS s_time_options[]; -extern OPTIONS sess_id_options[]; -extern OPTIONS smime_options[]; -extern OPTIONS speed_options[]; -extern OPTIONS spkac_options[]; -extern OPTIONS srp_options[]; -extern OPTIONS ts_options[]; -extern OPTIONS verify_options[]; -extern OPTIONS version_options[]; -extern OPTIONS x509_options[]; - -#ifdef INCLUDE_FUNCTION_TABLE -static FUNCTION functions[] = { - { FT_general, "asn1parse", asn1parse_main, asn1parse_options }, - { FT_general, "ca", ca_main, ca_options }, -#ifndef OPENSSL_NO_SOCK - { FT_general, "ciphers", ciphers_main, ciphers_options }, -#endif -#ifndef OPENSSL_NO_CMS - { FT_general, "cms", cms_main, cms_options }, -#endif - { FT_general, "crl", crl_main, crl_options }, - { FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options }, - { FT_general, "dgst", dgst_main, dgst_options }, -#ifndef OPENSSL_NO_DH - { FT_general, "dhparam", dhparam_main, dhparam_options }, -#endif -#ifndef OPENSSL_NO_DSA - { FT_general, "dsa", dsa_main, dsa_options }, -#endif -#ifndef OPENSSL_NO_DSA - { FT_general, "dsaparam", dsaparam_main, dsaparam_options }, -#endif -#ifndef OPENSSL_NO_EC - { FT_general, "ec", ec_main, ec_options }, -#endif -#ifndef OPENSSL_NO_EC - { FT_general, "ecparam", ecparam_main, ecparam_options }, -#endif - { FT_general, "enc", enc_main, enc_options }, -#ifndef OPENSSL_NO_ENGINE - { FT_general, "engine", engine_main, engine_options }, -#endif - { FT_general, "errstr", errstr_main, errstr_options }, - { FT_general, "exit", exit_main, exit_options }, -#ifndef OPENSSL_NO_DSA - { FT_general, "gendsa", gendsa_main, gendsa_options }, -#endif - { FT_general, "genpkey", genpkey_main, genpkey_options }, -#ifndef OPENSSL_NO_RSA - { FT_general, "genrsa", genrsa_main, genrsa_options }, -#endif - { FT_general, "help", help_main, help_options }, - { FT_general, "list", list_main, list_options }, - { FT_general, "nseq", nseq_main, nseq_options }, -#ifndef OPENSSL_NO_OCSP - { FT_general, "ocsp", ocsp_main, ocsp_options }, -#endif - { FT_general, "passwd", passwd_main, passwd_options }, -#ifndef OPENSSL_NO_DES - { FT_general, "pkcs12", pkcs12_main, pkcs12_options }, -#endif - { FT_general, "pkcs7", pkcs7_main, pkcs7_options }, - { FT_general, "pkcs8", pkcs8_main, pkcs8_options }, - { FT_general, "pkey", pkey_main, pkey_options }, - { FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options }, - { FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options }, - { FT_general, "prime", prime_main, prime_options }, - { FT_general, "rand", rand_main, rand_options }, - { FT_general, "rehash", rehash_main, rehash_options }, - { FT_general, "req", req_main, req_options }, - { FT_general, "rsa", rsa_main, rsa_options }, -#ifndef OPENSSL_NO_RSA - { FT_general, "rsautl", rsautl_main, rsautl_options }, -#endif -#ifndef OPENSSL_NO_SOCK - { FT_general, "s_client", s_client_main, s_client_options }, -#endif -#ifndef OPENSSL_NO_SOCK - { FT_general, "s_server", s_server_main, s_server_options }, -#endif -#ifndef OPENSSL_NO_SOCK - { FT_general, "s_time", s_time_main, s_time_options }, -#endif - { FT_general, "sess_id", sess_id_main, sess_id_options }, - { FT_general, "smime", smime_main, smime_options }, - { FT_general, "speed", speed_main, speed_options }, - { FT_general, "spkac", spkac_main, spkac_options }, -#ifndef OPENSSL_NO_SRP - { FT_general, "srp", srp_main, srp_options }, -#endif -#ifndef OPENSSL_NO_TS - { FT_general, "ts", ts_main, ts_options }, -#endif - { FT_general, "verify", verify_main, verify_options }, - { FT_general, "version", version_main, version_options }, - { FT_general, "x509", x509_main, x509_options }, -#ifndef OPENSSL_NO_MD2 - { FT_md, "md2", dgst_main}, -#endif -#ifndef OPENSSL_NO_MD4 - { FT_md, "md4", dgst_main}, -#endif - { FT_md, "md5", dgst_main}, -#ifndef OPENSSL_NO_GOST - { FT_md, "gost", dgst_main}, -#endif - { FT_md, "sha1", dgst_main}, - { FT_md, "sha224", dgst_main}, - { FT_md, "sha256", dgst_main}, - { FT_md, "sha384", dgst_main}, - { FT_md, "sha512", dgst_main}, -#ifndef OPENSSL_NO_MDC2 - { FT_md, "mdc2", dgst_main}, -#endif -#ifndef OPENSSL_NO_RMD160 - { FT_md, "rmd160", dgst_main}, -#endif -#ifndef OPENSSL_NO_BLAKE2 - { FT_md, "blake2b512", dgst_main}, -#endif -#ifndef OPENSSL_NO_BLAKE2 - { FT_md, "blake2s256", dgst_main}, -#endif - { FT_cipher, "aes-128-cbc", enc_main, enc_options }, - { FT_cipher, "aes-128-ecb", enc_main, enc_options }, - { FT_cipher, "aes-192-cbc", enc_main, enc_options }, - { FT_cipher, "aes-192-ecb", enc_main, enc_options }, - { FT_cipher, "aes-256-cbc", enc_main, enc_options }, - { FT_cipher, "aes-256-ecb", enc_main, enc_options }, -#ifndef OPENSSL_NO_CAMELLIA - { FT_cipher, "camellia-128-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAMELLIA - { FT_cipher, "camellia-128-ecb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAMELLIA - { FT_cipher, "camellia-192-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAMELLIA - { FT_cipher, "camellia-192-ecb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAMELLIA - { FT_cipher, "camellia-256-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAMELLIA - { FT_cipher, "camellia-256-ecb", enc_main, enc_options }, -#endif - { FT_cipher, "base64", enc_main, enc_options }, -#ifdef ZLIB - { FT_cipher, "zlib", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des3", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "desx", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_IDEA - { FT_cipher, "idea", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_SEED - { FT_cipher, "seed", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC4 - { FT_cipher, "rc4", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC4 - { FT_cipher, "rc4-40", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC2 - { FT_cipher, "rc2", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_BF - { FT_cipher, "bf", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAST - { FT_cipher, "cast", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC5 - { FT_cipher, "rc5", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-ecb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-ede", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-ede3", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-ede-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-ede3-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-cfb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-ede-cfb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-ede3-cfb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-ofb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-ede-ofb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_DES - { FT_cipher, "des-ede3-ofb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_IDEA - { FT_cipher, "idea-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_IDEA - { FT_cipher, "idea-ecb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_IDEA - { FT_cipher, "idea-cfb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_IDEA - { FT_cipher, "idea-ofb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_SEED - { FT_cipher, "seed-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_SEED - { FT_cipher, "seed-ecb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_SEED - { FT_cipher, "seed-cfb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_SEED - { FT_cipher, "seed-ofb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC2 - { FT_cipher, "rc2-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC2 - { FT_cipher, "rc2-ecb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC2 - { FT_cipher, "rc2-cfb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC2 - { FT_cipher, "rc2-ofb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC2 - { FT_cipher, "rc2-64-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC2 - { FT_cipher, "rc2-40-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_BF - { FT_cipher, "bf-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_BF - { FT_cipher, "bf-ecb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_BF - { FT_cipher, "bf-cfb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_BF - { FT_cipher, "bf-ofb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAST - { FT_cipher, "cast5-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAST - { FT_cipher, "cast5-ecb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAST - { FT_cipher, "cast5-cfb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAST - { FT_cipher, "cast5-ofb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_CAST - { FT_cipher, "cast-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC5 - { FT_cipher, "rc5-cbc", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC5 - { FT_cipher, "rc5-ecb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC5 - { FT_cipher, "rc5-cfb", enc_main, enc_options }, -#endif -#ifndef OPENSSL_NO_RC5 - { FT_cipher, "rc5-ofb", enc_main, enc_options }, -#endif - { 0, NULL, NULL} -}; -#endif diff --git a/vendor/openssl/apps/progs.pl b/vendor/openssl/apps/progs.pl index 21baf173c..0d3b4469a 100644 --- a/vendor/openssl/apps/progs.pl +++ b/vendor/openssl/apps/progs.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -11,13 +11,22 @@ use strict; use warnings; -use configdata qw/@disablables/; +use lib '.'; +use configdata qw/@disablables %unified_info/; my %commands = (); my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/; -foreach my $filename (@ARGV) { - open F, $filename or die "Coudn't open $_: $!\n"; +my $apps_openssl = shift @ARGV; +# because the program apps/openssl has object files as sources, and +# they then have the corresponding C files as source, we need to chain +# the lookups in %unified_info +my @openssl_source = + map { @{$unified_info{sources}->{$_}} } + @{$unified_info{sources}->{$apps_openssl}}; + +foreach my $filename (@openssl_source) { + open F, $filename or die "Couldn't open $filename: $!\n"; foreach (grep /$cmdre/, ) { my @foo = /$cmdre/; $commands{$1} = 1; @@ -32,7 +41,7 @@ * WARNING: do not edit! * Generated by apps/progs.pl * - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/apps/rand.c b/vendor/openssl/apps/rand.c index e72618027..b3ec70a77 100644 --- a/vendor/openssl/apps/rand.c +++ b/vendor/openssl/apps/rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -76,9 +76,13 @@ int rand_main(int argc, char **argv) } argc = opt_num_rest(); argv = opt_rest(); - - if (argc != 1 || !opt_int(argv[0], &num) || num < 0) + if (argc == 1) { + if (!opt_int(argv[0], &num) || num <= 0) + goto end; + } else if (argc > 0) { + BIO_printf(bio_err, "Extra arguments given.\n"); goto opthelp; + } app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) @@ -102,7 +106,7 @@ int rand_main(int argc, char **argv) chunk = num; if (chunk > (int)sizeof(buf)) - chunk = sizeof buf; + chunk = sizeof(buf); r = RAND_bytes(buf, chunk); if (r <= 0) goto end; diff --git a/vendor/openssl/apps/rehash.c b/vendor/openssl/apps/rehash.c index 2b517be9f..aa3f8643a 100644 --- a/vendor/openssl/apps/rehash.c +++ b/vendor/openssl/apps/rehash.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -130,9 +130,10 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename, for (ep = bp->first_entry; ep; ep = ep->next) { if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) { BIO_printf(bio_err, - "%s: skipping duplicate %s in %s\n", opt_getprog(), + "%s: warning: skipping duplicate %s in %s\n", + opt_getprog(), type == TYPE_CERT ? "certificate" : "CRL", filename); - return 1; + return 0; } if (strcmp(filename, ep->filename) == 0) { found = ep; @@ -144,7 +145,7 @@ static int add_entry(enum Type type, unsigned int hash, const char *filename, if (ep == NULL) { if (bp->num_needed >= MAX_COLLISIONS) { BIO_printf(bio_err, - "%s: hash table overflow for %s\n", + "%s: error: hash table overflow for %s\n", opt_getprog(), filename); return 1; } @@ -235,7 +236,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) /* Does it have X.509 data in it? */ if ((b = BIO_new_file(fullpath, "r")) == NULL) { - BIO_printf(bio_err, "%s: skipping %s, cannot open file\n", + BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n", opt_getprog(), filename); errs++; goto end; @@ -247,7 +248,7 @@ static int do_file(const char *filename, const char *fullpath, enum Hash h) if (sk_X509_INFO_num(inf) != 1) { BIO_printf(bio_err, - "%s: skipping %s," + "%s: warning: skipping %s," "it does not contain exactly one certificate or CRL\n", opt_getprog(), filename); /* This is not an error. */ @@ -305,7 +306,7 @@ static int massage_filename(char *name) if (q != NULL) { for (q++; *q != '\0'; q++) { - if (!isdigit(*q)) + if (!isdigit((unsigned char)*q)) return 1; } } @@ -502,13 +503,14 @@ int rehash_main(int argc, char **argv) if (*argv) { while (*argv) errs += do_dir(*argv++, h); - } else if ((env = getenv("SSL_CERT_DIR")) != NULL) { + } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) { + char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' }; m = OPENSSL_strdup(env); - for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":")) + for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc)) errs += do_dir(e, h); OPENSSL_free(m); } else { - errs += do_dir("/etc/ssl/certs", h); + errs += do_dir(X509_get_default_cert_dir(), h); } end: diff --git a/vendor/openssl/apps/req.c b/vendor/openssl/apps/req.c index a749925ba..a20e7c1ef 100644 --- a/vendor/openssl/apps/req.c +++ b/vendor/openssl/apps/req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -509,8 +509,7 @@ int req_main(int argc, char **argv) if (pkey_type == EVP_PKEY_EC) { BIO_printf(bio_err, "Generating an EC private key\n"); } else { - BIO_printf(bio_err, "Generating a %ld bit %s private key\n", - newkey, keyalgstr); + BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr); } EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); @@ -973,7 +972,7 @@ static int prompt_info(X509_REQ *req, /* If OBJ not recognised ignore it */ if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start; - if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name) + if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name) >= (int)sizeof(buf)) { BIO_printf(bio_err, "Name '%s' too long\n", v->name); return 0; @@ -984,19 +983,19 @@ static int prompt_info(X509_REQ *req, def = ""; } - BIO_snprintf(buf, sizeof buf, "%s_value", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_value", v->name); if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { ERR_clear_error(); value = NULL; } - BIO_snprintf(buf, sizeof buf, "%s_min", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_min", v->name); if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; } - BIO_snprintf(buf, sizeof buf, "%s_max", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_max", v->name); if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; @@ -1032,7 +1031,7 @@ static int prompt_info(X509_REQ *req, if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start2; - if (BIO_snprintf(buf, sizeof buf, "%s_default", type) + if (BIO_snprintf(buf, sizeof(buf), "%s_default", type) >= (int)sizeof(buf)) { BIO_printf(bio_err, "Name '%s' too long\n", v->name); return 0; @@ -1044,20 +1043,20 @@ static int prompt_info(X509_REQ *req, def = ""; } - BIO_snprintf(buf, sizeof buf, "%s_value", type); + BIO_snprintf(buf, sizeof(buf), "%s_value", type); if ((value = NCONF_get_string(req_conf, attr_sect, buf)) == NULL) { ERR_clear_error(); value = NULL; } - BIO_snprintf(buf, sizeof buf, "%s_min", type); + BIO_snprintf(buf, sizeof(buf), "%s_min", type); if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; } - BIO_snprintf(buf, sizeof buf, "%s_max", type); + BIO_snprintf(buf, sizeof(buf), "%s_max", type); if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; @@ -1155,13 +1154,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, BIO_printf(bio_err, "%s [%s]:", text, def); (void)BIO_flush(bio_err); if (value != NULL) { - OPENSSL_strlcpy(buf, value, sizeof buf); - OPENSSL_strlcat(buf, "\n", sizeof buf); + OPENSSL_strlcpy(buf, value, sizeof(buf)); + OPENSSL_strlcat(buf, "\n", sizeof(buf)); BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; if (!batch) { - if (!fgets(buf, sizeof buf, stdin)) + if (!fgets(buf, sizeof(buf), stdin)) return 0; } else { buf[0] = '\n'; @@ -1174,8 +1173,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) return (1); - OPENSSL_strlcpy(buf, def, sizeof buf); - OPENSSL_strlcat(buf, "\n", sizeof buf); + OPENSSL_strlcpy(buf, def, sizeof(buf)); + OPENSSL_strlcat(buf, "\n", sizeof(buf)); } else if ((buf[0] == '.') && (buf[1] == '\n')) return (1); @@ -1214,13 +1213,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, BIO_printf(bio_err, "%s [%s]:", text, def); (void)BIO_flush(bio_err); if (value != NULL) { - OPENSSL_strlcpy(buf, value, sizeof buf); - OPENSSL_strlcat(buf, "\n", sizeof buf); + OPENSSL_strlcpy(buf, value, sizeof(buf)); + OPENSSL_strlcat(buf, "\n", sizeof(buf)); BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; if (!batch) { - if (!fgets(buf, sizeof buf, stdin)) + if (!fgets(buf, sizeof(buf), stdin)) return 0; } else { buf[0] = '\n'; @@ -1233,8 +1232,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) return (1); - OPENSSL_strlcpy(buf, def, sizeof buf); - OPENSSL_strlcat(buf, "\n", sizeof buf); + OPENSSL_strlcpy(buf, def, sizeof(buf)); + OPENSSL_strlcat(buf, "\n", sizeof(buf)); } else if ((buf[0] == '.') && (buf[1] == '\n')) return (1); diff --git a/vendor/openssl/apps/rsa.c b/vendor/openssl/apps/rsa.c index 35ab72717..8b15fcba1 100644 --- a/vendor/openssl/apps/rsa.c +++ b/vendor/openssl/apps/rsa.c @@ -215,7 +215,7 @@ int rsa_main(int argc, char **argv) } if (check) { - int r = RSA_check_key(rsa); + int r = RSA_check_key_ex(rsa, NULL); if (r == 1) BIO_printf(out, "RSA key ok\n"); @@ -224,7 +224,7 @@ int rsa_main(int argc, char **argv) while ((err = ERR_peek_error()) != 0 && ERR_GET_LIB(err) == ERR_LIB_RSA && - ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY && + ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY_EX && ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) { BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err)); diff --git a/vendor/openssl/apps/s_client.c b/vendor/openssl/apps/s_client.c index ce1a408dc..3c0c73e85 100644 --- a/vendor/openssl/apps/s_client.c +++ b/vendor/openssl/apps/s_client.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -593,7 +593,8 @@ OPTIONS s_client_options[] = { "Disable name checks when matching DANE-EE(3) TLSA records"}, {"reconnect", OPT_RECONNECT, '-', "Drop and re-make the connection with the same Session-ID"}, - {"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"}, + {"showcerts", OPT_SHOWCERTS, '-', + "Show all certificates sent by the server"}, {"debug", OPT_DEBUG, '-', "Extra output"}, {"msg", OPT_MSG, '-', "Show protocol messages"}, {"msgfile", OPT_MSGFILE, '>', @@ -1370,11 +1371,13 @@ int s_client_main(int argc, char **argv) } } +#ifdef AF_UNIX if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) { BIO_printf(bio_err, "Can't use unix sockets and datagrams together\n"); goto end; } +#endif if (split_send_fragment > SSL3_RT_MAX_PLAIN_LENGTH) { BIO_printf(bio_err, "Bad split send fragment size\n"); @@ -1484,6 +1487,9 @@ int s_client_main(int argc, char **argv) if (sdebug) ssl_ctx_security_debug(ctx, sdebug); + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + if (ssl_config) { if (SSL_CTX_config(ctx, ssl_config) == 0) { BIO_printf(bio_err, "Error using configuration \"%s\"\n", @@ -1493,9 +1499,11 @@ int s_client_main(int argc, char **argv) } } - if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) + if (min_version != 0 + && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) goto end; - if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) + if (max_version != 0 + && SSL_CTX_set_max_proto_version(ctx, max_version) == 0) goto end; if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { @@ -1518,9 +1526,6 @@ int s_client_main(int argc, char **argv) SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len); } - if (!config_ctx(cctx, ssl_args, ctx)) - goto end; - if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls, crl_download)) { BIO_printf(bio_err, "Error loading store locations\n"); @@ -2110,8 +2115,7 @@ int s_client_main(int argc, char **argv) FD_ZERO(&readfds); FD_ZERO(&writefds); - if ((SSL_version(con) == DTLS1_VERSION) && - DTLSv1_get_timeout(con, &timeout)) + if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) timeoutp = &timeout; else timeoutp = NULL; @@ -2231,10 +2235,8 @@ int s_client_main(int argc, char **argv) } } - if ((SSL_version(con) == DTLS1_VERSION) - && DTLSv1_handle_timeout(con) > 0) { + if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0) BIO_printf(bio_err, "TIMEOUT occurred\n"); - } if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); @@ -2459,7 +2461,7 @@ int s_client_main(int argc, char **argv) if (in_init) print_stuff(bio_c_out, con, full_log); do_ssl_shutdown(con); -#if defined(OPENSSL_SYS_WINDOWS) + /* * Give the socket time to send its last data before we close it. * No amount of setting SO_LINGER etc on the socket seems to persuade @@ -2467,8 +2469,23 @@ int s_client_main(int argc, char **argv) * for a short time seems to do it (units in ms) * TODO: Find a better way to do this */ +#if defined(OPENSSL_SYS_WINDOWS) Sleep(50); +#elif defined(OPENSSL_SYS_CYGWIN) + usleep(50000); #endif + + /* + * If we ended with an alert being sent, but still with data in the + * network buffer to be read, then calling BIO_closesocket() will + * result in a TCP-RST being sent. On some platforms (notably + * Windows) then this will result in the peer immediately abandoning + * the connection including any buffered alert data before it has + * had a chance to be read. Shutting down the sending side first, + * and then closing the socket sends TCP-FIN first followed by + * TCP-RST. This seems to allow the peer to read the alert data. + */ + shutdown(SSL_get_fd(con), 1); /* SHUT_WR */ BIO_closesocket(SSL_get_fd(con)); end: if (con != NULL) { @@ -2534,10 +2551,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio, "---\nCertificate chain\n"); for (i = 0; i < sk_X509_num(sk); i++) { X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), - buf, sizeof buf); + buf, sizeof(buf)); BIO_printf(bio, "%2d s:%s\n", i, buf); X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), - buf, sizeof buf); + buf, sizeof(buf)); BIO_printf(bio, " i:%s\n", buf); if (c_showcerts) PEM_write_bio_X509(bio, sk_X509_value(sk, i)); @@ -2552,9 +2569,9 @@ static void print_stuff(BIO *bio, SSL *s, int full) /* Redundant if we showed the whole chain */ if (!(c_showcerts && got_a_chain)) PEM_write_bio_X509(bio, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf)); BIO_printf(bio, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf)); BIO_printf(bio, "issuer=%s\n", buf); } else BIO_printf(bio, "no peer certificate available\n"); diff --git a/vendor/openssl/apps/s_server.c b/vendor/openssl/apps/s_server.c index 7e18aaf0f..86298334b 100644 --- a/vendor/openssl/apps/s_server.c +++ b/vendor/openssl/apps/s_server.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -704,13 +704,14 @@ OPTIONS s_server_options[] = { "PEM serverinfo file for certificate"}, {"certform", OPT_CERTFORM, 'F', "Certificate format (PEM or DER) PEM default"}, - {"key", OPT_KEY, '<', + {"key", OPT_KEY, 's', "Private Key if not in -cert; default is " TEST_CERT}, {"keyform", OPT_KEYFORM, 'f', "Key format (PEM, DER or ENGINE) PEM default"}, {"pass", OPT_PASS, 's', "Private key file pass phrase source"}, {"dcert", OPT_DCERT, '<', "Second certificate file to use (usually for DSA)"}, + {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"}, {"dcertform", OPT_DCERTFORM, 'F', "Second certificate format (PEM or DER) PEM default"}, {"dkey", OPT_DKEY, '<', @@ -1614,6 +1615,10 @@ int s_server_main(int argc, char *argv[]) } if (sdebug) ssl_ctx_security_debug(ctx, sdebug); + + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + if (ssl_config) { if (SSL_CTX_config(ctx, ssl_config) == 0) { BIO_printf(bio_err, "Error using configuration \"%s\"\n", @@ -1622,9 +1627,11 @@ int s_server_main(int argc, char *argv[]) goto end; } } - if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) + if (min_version != 0 + && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) goto end; - if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) + if (max_version != 0 + && SSL_CTX_set_max_proto_version(ctx, max_version) == 0) goto end; if (session_id_prefix) { @@ -1686,8 +1693,6 @@ int s_server_main(int argc, char *argv[]) } ssl_ctx_add_crls(ctx, crls, 0); - if (!config_ctx(cctx, ssl_args, ctx)) - goto end; if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls, crl_download)) { @@ -1852,7 +1857,7 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); if (!SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context, - sizeof s_server_session_id_context)) { + sizeof(s_server_session_id_context))) { BIO_printf(bio_err, "error setting session id context\n"); ERR_print_errors(bio_err); goto end; @@ -1866,7 +1871,7 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); if (!SSL_CTX_set_session_id_context(ctx2, (void *)&s_server_session_id_context, - sizeof s_server_session_id_context)) { + sizeof(s_server_session_id_context))) { BIO_printf(bio_err, "error setting session id context\n"); ERR_print_errors(bio_err); goto end; @@ -2007,9 +2012,7 @@ static int sv_body(int s, int stype, unsigned char *context) SSL *con = NULL; BIO *sbio; struct timeval timeout; -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) - struct timeval tv; -#else +#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)) struct timeval *timeoutp; #endif @@ -2144,26 +2147,23 @@ static int sv_body(int s, int stype, unsigned char *context) * second and check for any keypress. In a proper Windows * application we wouldn't do this because it is inefficient. */ - tv.tv_sec = 1; - tv.tv_usec = 0; - i = select(width, (void *)&readfds, NULL, NULL, &tv); + timeout.tv_sec = 1; + timeout.tv_usec = 0; + i = select(width, (void *)&readfds, NULL, NULL, &timeout); if (has_stdin_waiting()) read_from_terminal = 1; if ((i < 0) || (!i && !read_from_terminal)) continue; #else - if ((SSL_version(con) == DTLS1_VERSION) && - DTLSv1_get_timeout(con, &timeout)) + if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) timeoutp = &timeout; else timeoutp = NULL; i = select(width, (void *)&readfds, NULL, NULL, timeoutp); - if ((SSL_version(con) == DTLS1_VERSION) - && DTLSv1_handle_timeout(con) > 0) { + if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0) BIO_printf(bio_err, "TIMEOUT occurred\n"); - } if (i <= 0) continue; @@ -2534,15 +2534,15 @@ static int init_ssl_connection(SSL *con) if (peer != NULL) { BIO_printf(bio_s_out, "Client certificate\n"); PEM_write_bio_X509(bio_s_out, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf)); BIO_printf(bio_s_out, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf)); BIO_printf(bio_s_out, "issuer=%s\n", buf); X509_free(peer); peer = NULL; } - if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL) + if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL) BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); ssl_print_sigalgs(bio_s_out, con); @@ -2574,6 +2574,9 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out, "Reused session-id\n"); BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); + if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION)) + BIO_printf(bio_s_out, "Renegotiation is DISABLED\n"); + if (keymatexportlabel != NULL) { BIO_printf(bio_s_out, "Keying material exporter:\n"); BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); @@ -2657,8 +2660,10 @@ static int www_body(int s, int stype, unsigned char *context) if (context && !SSL_set_session_id_context(con, context, - strlen((char *)context))) + strlen((char *)context))) { + SSL_free(con); goto err; + } sbio = BIO_new_socket(s, BIO_NOCLOSE); if (s_nbio_test) { @@ -2670,7 +2675,7 @@ static int www_body(int s, int stype, unsigned char *context) SSL_set_bio(con, sbio, sbio); SSL_set_accept_state(con); - /* SSL_set_fd(con,s); */ + /* No need to free |con| after this. Done by BIO_free(ssl_bio) */ BIO_set_ssl(ssl_bio, con, BIO_CLOSE); BIO_push(io, ssl_bio); #ifdef CHARSET_EBCDIC @@ -2853,9 +2858,10 @@ static int www_body(int s, int stype, unsigned char *context) PEM_write_bio_X509(io, peer); X509_free(peer); peer = NULL; - } else + } else { BIO_puts(io, "no client certificate available\n"); - BIO_puts(io, "\r\n\r\n"); + } + BIO_puts(io, "\r\n\r\n"); break; } else if ((www == 2 || www == 3) && (strncmp("GET /", buf, 5) == 0)) { @@ -3026,6 +3032,7 @@ static int rev_body(int s, int stype, unsigned char *context) if (context && !SSL_set_session_id_context(con, context, strlen((char *)context))) { + SSL_free(con); ERR_print_errors(bio_err); goto err; } @@ -3034,6 +3041,7 @@ static int rev_body(int s, int stype, unsigned char *context) SSL_set_bio(con, sbio, sbio); SSL_set_accept_state(con); + /* No need to free |con| after this. Done by BIO_free(ssl_bio) */ BIO_set_ssl(ssl_bio, con, BIO_CLOSE); BIO_push(io, ssl_bio); #ifdef CHARSET_EBCDIC diff --git a/vendor/openssl/apps/s_socket.c b/vendor/openssl/apps/s_socket.c index 0cbe88514..458aa862e 100644 --- a/vendor/openssl/apps/s_socket.c +++ b/vendor/openssl/apps/s_socket.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -136,6 +136,10 @@ int do_server(int *accept_sock, const char *host, const char *port, int sock; int i; BIO_ADDRINFO *res = NULL; + const BIO_ADDRINFO *next; + int sock_family, sock_type, sock_protocol; + const BIO_ADDR *sock_address; + int sock_options = BIO_SOCK_REUSEADDR; int ret = 0; if (!BIO_sock_init()) @@ -151,10 +155,29 @@ int do_server(int *accept_sock, const char *host, const char *port, OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res)) && (type == 0 || type == BIO_ADDRINFO_socktype(res))); - asock = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res), - BIO_ADDRINFO_protocol(res), 0); + sock_family = BIO_ADDRINFO_family(res); + sock_type = BIO_ADDRINFO_socktype(res); + sock_protocol = BIO_ADDRINFO_protocol(res); + sock_address = BIO_ADDRINFO_address(res); + next = BIO_ADDRINFO_next(res); + if (sock_family == AF_INET6) + sock_options |= BIO_SOCK_V6_ONLY; + if (next != NULL + && BIO_ADDRINFO_socktype(next) == sock_type + && BIO_ADDRINFO_protocol(next) == sock_protocol) { + if (sock_family == AF_INET + && BIO_ADDRINFO_family(next) == AF_INET6) { + sock_family = AF_INET6; + sock_address = BIO_ADDRINFO_address(next); + } else if (sock_family == AF_INET6 + && BIO_ADDRINFO_family(next) == AF_INET) { + sock_options &= ~BIO_SOCK_V6_ONLY; + } + } + + asock = BIO_socket(sock_family, sock_type, sock_protocol, 0); if (asock == INVALID_SOCKET - || !BIO_listen(asock, BIO_ADDRINFO_address(res), BIO_SOCK_REUSEADDR)) { + || !BIO_listen(asock, sock_address, sock_options)) { BIO_ADDRINFO_free(res); ERR_print_errors(bio_err); if (asock != INVALID_SOCKET) @@ -171,13 +194,38 @@ int do_server(int *accept_sock, const char *host, const char *port, if (type == SOCK_STREAM) { do { sock = BIO_accept_ex(asock, NULL, 0); - } while (sock < 0 && BIO_sock_should_retry(ret)); + } while (sock < 0 && BIO_sock_should_retry(sock)); if (sock < 0) { ERR_print_errors(bio_err); BIO_closesocket(asock); break; } i = (*cb)(sock, type, context); + + /* + * Give the socket time to send its last data before we close it. + * No amount of setting SO_LINGER etc on the socket seems to + * persuade Windows to send the data before closing the socket... + * but sleeping for a short time seems to do it (units in ms) + * TODO: Find a better way to do this + */ +#if defined(OPENSSL_SYS_WINDOWS) + Sleep(50); +#elif defined(OPENSSL_SYS_CYGWIN) + usleep(50000); +#endif + + /* + * If we ended with an alert being sent, but still with data in the + * network buffer to be read, then calling BIO_closesocket() will + * result in a TCP-RST being sent. On some platforms (notably + * Windows) then this will result in the peer immediately abandoning + * the connection including any buffered alert data before it has + * had a chance to be read. Shutting down the sending side first, + * and then closing the socket sends TCP-FIN first followed by + * TCP-RST. This seems to allow the peer to read the alert data. + */ + shutdown(sock, 1); /* SHUT_WR */ BIO_closesocket(sock); } else { i = (*cb)(asock, type, context); diff --git a/vendor/openssl/apps/s_time.c b/vendor/openssl/apps/s_time.c index 263502c75..dc0ec4af4 100644 --- a/vendor/openssl/apps/s_time.c +++ b/vendor/openssl/apps/s_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,6 @@ * https://www.openssl.org/source/license.html */ -#define NO_SHUTDOWN - #include #include #include @@ -28,22 +26,8 @@ # include OPENSSL_UNISTD #endif -#undef ioctl -#define ioctl ioctlsocket - #define SSL_CONNECT_NAME "localhost:4433" -/* no default cert. */ -/* - * #define TEST_CERT "client.pem" - */ - -#undef min -#undef max -#define min(a,b) (((a) < (b)) ? (a) : (b)) -#define max(a,b) (((a) > (b)) ? (a) : (b)) - -#undef SECONDS #define SECONDS 30 #define SECONDSSTR "30" @@ -185,21 +169,20 @@ int s_time_main(int argc, char **argv) if (cipher == NULL) cipher = getenv("SSL_CIPHER"); - if (cipher == NULL) { + if (cipher == NULL) BIO_printf(bio_err, "No CIPHER specified\n"); - goto end; - } if ((ctx = SSL_CTX_new(meth)) == NULL) goto end; + SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_quiet_shutdown(ctx, 1); if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) goto end; if (st_bugs) SSL_CTX_set_options(ctx, SSL_OP_ALL); - if (!SSL_CTX_set_cipher_list(ctx, cipher)) + if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher)) goto end; if (!set_cert_stuff(ctx, certfile, keyfile)) goto end; @@ -225,18 +208,14 @@ int s_time_main(int argc, char **argv) goto end; if (www_path != NULL) { - buf_len = BIO_snprintf(buf, sizeof buf, + buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path); if (SSL_write(scon, buf, buf_len) <= 0) goto end; while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) bytes_read += i; } -#ifdef NO_SHUTDOWN SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else - SSL_shutdown(scon); -#endif BIO_closesocket(SSL_get_fd(scon)); nConn += 1; @@ -283,18 +262,14 @@ int s_time_main(int argc, char **argv) } if (www_path != NULL) { - buf_len = BIO_snprintf(buf, sizeof buf, + buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path); if (SSL_write(scon, buf, buf_len) <= 0) goto end; - while (SSL_read(scon, buf, sizeof(buf)) > 0) + while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) continue; } -#ifdef NO_SHUTDOWN SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else - SSL_shutdown(scon); -#endif BIO_closesocket(SSL_get_fd(scon)); nConn = 0; @@ -314,18 +289,14 @@ int s_time_main(int argc, char **argv) goto end; if (www_path) { - BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", + BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", www_path); if (SSL_write(scon, buf, strlen(buf)) <= 0) goto end; while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) bytes_read += i; } -#ifdef NO_SHUTDOWN SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#else - SSL_shutdown(scon); -#endif BIO_closesocket(SSL_get_fd(scon)); nConn += 1; @@ -367,13 +338,13 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) { BIO *conn; SSL *serverCon; - int width, i; - fd_set readfds; + int i; if ((conn = BIO_new(BIO_s_connect())) == NULL) - return (NULL); + return NULL; BIO_set_conn_hostname(conn, host); + BIO_set_conn_mode(conn, BIO_SOCK_NODELAY); if (scon == NULL) serverCon = SSL_new(ctx); @@ -385,26 +356,7 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) SSL_set_bio(serverCon, conn, conn); /* ok, lets connect */ - for (;;) { - i = SSL_connect(serverCon); - if (BIO_sock_should_retry(i)) { - BIO_printf(bio_err, "DELAY\n"); - - i = SSL_get_fd(serverCon); - width = i + 1; - FD_ZERO(&readfds); - openssl_fdset(i, &readfds); - /* - * Note: under VMS with SOCKETSHR the 2nd parameter is currently - * of type (int *) whereas under other systems it is (void *) if - * you don't have a cast it will choke the compiler: if you do - * have a cast then you can either go for (int *) or (void *). - */ - select(width, (void *)&readfds, NULL, NULL, NULL); - continue; - } - break; - } + i = SSL_connect(serverCon); if (i <= 0) { BIO_printf(bio_err, "ERROR\n"); if (verify_args.error != X509_V_OK) @@ -417,6 +369,17 @@ static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) return NULL; } +#if defined(SOL_SOCKET) && defined(SO_LINGER) + { + struct linger no_linger; + + no_linger.l_onoff = 1; + no_linger.l_linger = 0; + (void) setsockopt(SSL_get_fd(serverCon), SOL_SOCKET, SO_LINGER, + (char*)&no_linger, sizeof(no_linger)); + } +#endif + return serverCon; } #endif /* OPENSSL_NO_SOCK */ diff --git a/vendor/openssl/apps/speed.c b/vendor/openssl/apps/speed.c index ad2daab1c..6672fe606 100644 --- a/vendor/openssl/apps/speed.c +++ b/vendor/openssl/apps/speed.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -129,13 +129,6 @@ #define BUFSIZE (1024*16+1) #define MAX_MISALIGNMENT 63 -#define ALGOR_NUM 30 -#define SIZE_NUM 6 -#define PRIME_NUM 3 -#define RSA_NUM 7 -#define DSA_NUM 3 - -#define EC_NUM 17 #define MAX_ECDH_SIZE 256 #define MISALIGN 64 @@ -144,37 +137,6 @@ static volatile int run = 0; static int mr = 0; static int usertime = 1; -typedef void *(*kdf_fn) ( - const void *in, size_t inlen, void *out, size_t *xoutlen); - -typedef struct loopargs_st { - ASYNC_JOB *inprogress_job; - ASYNC_WAIT_CTX *wait_ctx; - unsigned char *buf; - unsigned char *buf2; - unsigned char *buf_malloc; - unsigned char *buf2_malloc; - unsigned int siglen; -#ifndef OPENSSL_NO_RSA - RSA *rsa_key[RSA_NUM]; -#endif -#ifndef OPENSSL_NO_DSA - DSA *dsa_key[DSA_NUM]; -#endif -#ifndef OPENSSL_NO_EC - EC_KEY *ecdsa[EC_NUM]; - EC_KEY *ecdh_a[EC_NUM]; - EC_KEY *ecdh_b[EC_NUM]; - unsigned char *secret_a; - unsigned char *secret_b; - size_t outlen; - kdf_fn kdf; -#endif - EVP_CIPHER_CTX *ctx; - HMAC_CTX *hctx; - GCM128_CONTEXT *gcm_ctx; -} loopargs_t; - #ifndef OPENSSL_NO_MD2 static int EVP_Digest_MD2_loop(void *args); #endif @@ -227,7 +189,6 @@ static int ECDSA_sign_loop(void *args); static int ECDSA_verify_loop(void *args); static int ECDH_compute_key_loop(void *args); #endif -static int run_benchmark(int async_jobs, int (*loop_function)(void *), loopargs_t *loopargs); static double Time_F(int s); static void print_message(const char *s, long num, int length); @@ -238,32 +199,10 @@ static void print_result(int alg, int run_no, int count, double time_used); static int do_multi(int multi); #endif -static const char *names[ALGOR_NUM] = { - "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", - "des cbc", "des ede3", "idea cbc", "seed cbc", - "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc", - "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", - "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", - "evp", "sha256", "sha512", "whirlpool", - "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash" -}; - -static double results[ALGOR_NUM][SIZE_NUM]; - -static const int lengths[SIZE_NUM] = { +static const int lengths[] = { 16, 64, 256, 1024, 8 * 1024, 16 * 1024 }; - -#ifndef OPENSSL_NO_RSA -static double rsa_results[RSA_NUM][2]; -#endif -#ifndef OPENSSL_NO_DSA -static double dsa_results[DSA_NUM][2]; -#endif -#ifndef OPENSSL_NO_EC -static double ecdsa_results[EC_NUM][2]; -static double ecdh_results[EC_NUM][1]; -#endif +#define SIZE_NUM OSSL_NELEM(lengths) #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) static const char rnd_seed[] = @@ -293,7 +232,8 @@ static SIGRETTYPE sig_done(int sig) # if !defined(SIGALRM) # define SIGALRM # endif -static unsigned int lapse, schlock; +static unsigned int lapse; +static volatile unsigned int schlock; static void alarm_win32(unsigned int secs) { lapse = secs * 1000; @@ -347,9 +287,14 @@ static double Time_F(int s) static void multiblock_speed(const EVP_CIPHER *evp_cipher); -static int found(const char *name, const OPT_PAIR *pairs, int *result) +#define found(value, pairs, result)\ + opt_found(value, result, pairs, OSSL_NELEM(pairs)) +static int opt_found(const char *name, unsigned int *result, + const OPT_PAIR pairs[], unsigned int nbelem) { - for (; pairs->name; pairs++) + unsigned int idx; + + for (idx = 0; idx < nbelem; ++idx, pairs++) if (strcmp(name, pairs->name) == 0) { *result = pairs->retval; return 1; @@ -386,7 +331,7 @@ OPTIONS speed_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif - {NULL}, + {NULL} }; #define D_MD2 0 @@ -419,7 +364,19 @@ OPTIONS speed_options[] = { #define D_IGE_192_AES 27 #define D_IGE_256_AES 28 #define D_GHASH 29 -static OPT_PAIR doit_choices[] = { +/* name of algorithms to test */ +static const char *names[] = { + "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", + "des cbc", "des ede3", "idea cbc", "seed cbc", + "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc", + "aes-128 cbc", "aes-192 cbc", "aes-256 cbc", + "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc", + "evp", "sha256", "sha512", "whirlpool", + "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash" +}; +#define ALGOR_NUM OSSL_NELEM(names) +/* list of configured algorithm (remaining) */ +static const OPT_PAIR doit_choices[] = { #ifndef OPENSSL_NO_MD2 {"md2", D_MD2}, #endif @@ -483,21 +440,24 @@ static OPT_PAIR doit_choices[] = { {"cast", D_CBC_CAST}, {"cast5", D_CBC_CAST}, #endif - {"ghash", D_GHASH}, - {NULL} + {"ghash", D_GHASH} }; +static double results[ALGOR_NUM][SIZE_NUM]; + #ifndef OPENSSL_NO_DSA # define R_DSA_512 0 # define R_DSA_1024 1 # define R_DSA_2048 2 -static OPT_PAIR dsa_choices[] = { +static const OPT_PAIR dsa_choices[] = { {"dsa512", R_DSA_512}, {"dsa1024", R_DSA_1024}, - {"dsa2048", R_DSA_2048}, - {NULL}, + {"dsa2048", R_DSA_2048} }; -#endif +# define DSA_NUM OSSL_NELEM(dsa_choices) + +static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ +#endif /* OPENSSL_NO_DSA */ #define R_RSA_512 0 #define R_RSA_1024 1 @@ -506,16 +466,18 @@ static OPT_PAIR dsa_choices[] = { #define R_RSA_4096 4 #define R_RSA_7680 5 #define R_RSA_15360 6 -static OPT_PAIR rsa_choices[] = { +static const OPT_PAIR rsa_choices[] = { {"rsa512", R_RSA_512}, {"rsa1024", R_RSA_1024}, {"rsa2048", R_RSA_2048}, {"rsa3072", R_RSA_3072}, {"rsa4096", R_RSA_4096}, {"rsa7680", R_RSA_7680}, - {"rsa15360", R_RSA_15360}, - {NULL} + {"rsa15360", R_RSA_15360} }; +# define RSA_NUM OSSL_NELEM(rsa_choices) + +static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ #define R_EC_P160 0 #define R_EC_P192 1 @@ -535,7 +497,7 @@ static OPT_PAIR rsa_choices[] = { #define R_EC_B571 15 #define R_EC_X25519 16 #ifndef OPENSSL_NO_EC -static OPT_PAIR ecdsa_choices[] = { +static const OPT_PAIR ecdsa_choices[] = { {"ecdsap160", R_EC_P160}, {"ecdsap192", R_EC_P192}, {"ecdsap224", R_EC_P224}, @@ -551,11 +513,13 @@ static OPT_PAIR ecdsa_choices[] = { {"ecdsab233", R_EC_B233}, {"ecdsab283", R_EC_B283}, {"ecdsab409", R_EC_B409}, - {"ecdsab571", R_EC_B571}, - {NULL} + {"ecdsab571", R_EC_B571} }; +# define ECDSA_NUM OSSL_NELEM(ecdsa_choices) -static OPT_PAIR ecdh_choices[] = { +static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ + +static const OPT_PAIR ecdh_choices[] = { {"ecdhp160", R_EC_P160}, {"ecdhp192", R_EC_P192}, {"ecdhp224", R_EC_P224}, @@ -575,7 +539,10 @@ static OPT_PAIR ecdh_choices[] = { {"ecdhx25519", R_EC_X25519}, {NULL} }; -#endif +# define EC_NUM OSSL_NELEM(ecdh_choices) + +static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ +#endif /* OPENSSL_NO_EC */ #ifndef SIGALRM # define COND(d) (count < (d)) @@ -585,7 +552,40 @@ static OPT_PAIR ecdh_choices[] = { # define COUNT(d) (count) #endif /* SIGALRM */ -static int testnum; +static unsigned int testnum; +typedef void *(*kdf_fn) (const void *in, size_t inlen, void *out, + size_t *xoutlen); + +typedef struct loopargs_st { + ASYNC_JOB *inprogress_job; + ASYNC_WAIT_CTX *wait_ctx; + unsigned char *buf; + unsigned char *buf2; + unsigned char *buf_malloc; + unsigned char *buf2_malloc; + unsigned int siglen; +#ifndef OPENSSL_NO_RSA + RSA *rsa_key[RSA_NUM]; +#endif +#ifndef OPENSSL_NO_DSA + DSA *dsa_key[DSA_NUM]; +#endif +#ifndef OPENSSL_NO_EC + EC_KEY *ecdsa[ECDSA_NUM]; + EC_KEY *ecdh_a[EC_NUM]; + EC_KEY *ecdh_b[EC_NUM]; + unsigned char *secret_a; + unsigned char *secret_b; + size_t outlen; + kdf_fn kdf; +#endif + EVP_CIPHER_CTX *ctx; + HMAC_CTX *hctx; + GCM128_CONTEXT *gcm_ctx; +} loopargs_t; + +static int run_benchmark(int async_jobs, int (*loop_function) (void *), + loopargs_t * loopargs); /* Nb of iterations to do per algorithm and key-size */ static long c[ALGOR_NUM][SIZE_NUM]; @@ -994,7 +994,7 @@ static int DSA_verify_loop(void *args) #endif #ifndef OPENSSL_NO_EC -static long ecdsa_c[EC_NUM][2]; +static long ecdsa_c[ECDSA_NUM][2]; static int ECDSA_sign_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **)args; @@ -1221,21 +1221,19 @@ int speed_main(int argc, char **argv) { ENGINE *e = NULL; loopargs_t *loopargs = NULL; - int async_init = 0; - int loopargs_len = 0; - char *prog; + const char *prog; const char *engine_id = NULL; const EVP_CIPHER *evp_cipher = NULL; double d = 0.0; OPTION_CHOICE o; - int multiblock = 0, pr_header = 0; + int async_init = 0, multiblock = 0, pr_header = 0; int doit[ALGOR_NUM] = { 0 }; - int ret = 1, i, k, misalign = 0; + int ret = 1, misalign = 0; long count = 0; + unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0; #ifndef NO_FORK int multi = 0; #endif - unsigned int async_jobs = 0; #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \ || !defined(OPENSSL_NO_EC) long rsa_count = 1; @@ -1323,7 +1321,7 @@ int speed_main(int argc, char **argv) /* * We only test over the following curves as they are representative, To * add tests over more curves, simply add the curve NID and curve name to - * the following arrays and increase the EC_NUM value accordingly. + * the following arrays and increase the |ecdh_choices| list accordingly. */ static const unsigned int test_curves[EC_NUM] = { /* Prime Curves */ @@ -1358,7 +1356,7 @@ int speed_main(int argc, char **argv) 571, 253 /* X25519 */ }; - int ecdsa_doit[EC_NUM] = { 0 }; + int ecdsa_doit[ECDSA_NUM] = { 0 }; int ecdh_doit[EC_NUM] = { 0 }; #endif /* ndef OPENSSL_NO_EC */ @@ -1378,6 +1376,7 @@ int speed_main(int argc, char **argv) usertime = 0; break; case OPT_EVP: + evp_md = NULL; evp_cipher = EVP_get_cipherbyname(opt_arg()); if (evp_cipher == NULL) evp_md = EVP_get_digestbyname(opt_arg()); @@ -1415,9 +1414,7 @@ int speed_main(int argc, char **argv) goto opterr; } if (async_jobs > 99999) { - BIO_printf(bio_err, - "%s: too many async_jobs\n", - prog); + BIO_printf(bio_err, "%s: too many async_jobs\n", prog); goto opterr; } #endif @@ -1465,17 +1462,11 @@ int speed_main(int argc, char **argv) continue; } #ifndef OPENSSL_NO_RSA -# ifndef RSA_NULL - if (strcmp(*argv, "openssl") == 0) { - RSA_set_default_method(RSA_PKCS1_OpenSSL()); + if (strcmp(*argv, "openssl") == 0) continue; - } -# endif if (strcmp(*argv, "rsa") == 0) { - rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = - rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = - rsa_doit[R_RSA_4096] = rsa_doit[R_RSA_7680] = - rsa_doit[R_RSA_15360] = 1; + for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++) + rsa_doit[loop] = 1; continue; } if (found(*argv, rsa_choices, &i)) { @@ -1508,8 +1499,8 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_EC if (strcmp(*argv, "ecdsa") == 0) { - for (i = 0; i < EC_NUM; i++) - ecdsa_doit[i] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) + ecdsa_doit[loop] = 1; continue; } if (found(*argv, ecdsa_choices, &i)) { @@ -1517,8 +1508,8 @@ int speed_main(int argc, char **argv) continue; } if (strcmp(*argv, "ecdh") == 0) { - for (i = 0; i < EC_NUM; i++) - ecdh_doit[i] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) + ecdh_doit[loop] = 1; continue; } if (found(*argv, ecdh_choices, &i)) { @@ -1585,10 +1576,10 @@ int speed_main(int argc, char **argv) dsa_doit[i] = 1; #endif #ifndef OPENSSL_NO_EC - for (i = 0; i < EC_NUM; i++) - ecdsa_doit[i] = 1; - for (i = 0; i < EC_NUM; i++) - ecdh_doit[i] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++) + ecdsa_doit[loop] = 1; + for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++) + ecdh_doit[loop] = 1; #endif } for (i = 0; i < ALGOR_NUM; i++) @@ -1851,6 +1842,8 @@ int speed_main(int argc, char **argv) } } } + /* default iteration count for the last EC Curve */ + ecdh_c[R_EC_X25519][0] = count / 1800; # endif # else @@ -2403,7 +2396,7 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_DSA if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); } for (testnum = 0; testnum < DSA_NUM; testnum++) { int st = 0; @@ -2471,9 +2464,9 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_EC if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); } - for (testnum = 0; testnum < EC_NUM; testnum++) { + for (testnum = 0; testnum < ECDSA_NUM; testnum++) { int st = 1; if (!ecdsa_doit[testnum]) @@ -2548,14 +2541,14 @@ int speed_main(int argc, char **argv) if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ - for (testnum++; testnum < EC_NUM; testnum++) + for (testnum++; testnum < ECDSA_NUM; testnum++) ecdsa_doit[testnum] = 0; } } } if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); } for (testnum = 0; testnum < EC_NUM; testnum++) { int ecdh_checks = 1; @@ -2585,7 +2578,7 @@ int speed_main(int argc, char **argv) ecdh_checks = 0; rsa_count = 1; } else { - int secret_size_a, secret_size_b; + int secret_size_a, secret_size_b, j; /* * If field size is not more than 24 octets, then use SHA-1 * hash of result; otherwise, use result (see section 4.8 of @@ -2614,8 +2607,8 @@ int speed_main(int argc, char **argv) else ecdh_checks = 1; - for (k = 0; k < secret_size_a && ecdh_checks == 1; k++) { - if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k]) + for (j = 0; j < secret_size_a && ecdh_checks == 1; j++) { + if (loopargs[i].secret_a[j] != loopargs[i].secret_b[j]) ecdh_checks = 0; } @@ -2645,7 +2638,7 @@ int speed_main(int argc, char **argv) if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ - for (testnum++; testnum < EC_NUM; testnum++) + for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++) ecdh_doit[testnum] = 0; } } @@ -2694,7 +2687,7 @@ int speed_main(int argc, char **argv) if (!doit[k]) continue; if (mr) - printf("+F:%d:%s", k, names[k]); + printf("+F:%u:%s", k, names[k]); else printf("%-13s", names[k]); for (testnum = 0; testnum < SIZE_NUM; testnum++) { @@ -2743,7 +2736,7 @@ int speed_main(int argc, char **argv) #endif #ifndef OPENSSL_NO_EC testnum = 1; - for (k = 0; k < EC_NUM; k++) { + for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) { if (!ecdsa_doit[k]) continue; if (testnum && !mr) { @@ -2801,8 +2794,9 @@ int speed_main(int argc, char **argv) DSA_free(loopargs[i].dsa_key[k]); #endif #ifndef OPENSSL_NO_EC - for (k = 0; k < EC_NUM; k++) { + for (k = 0; k < ECDSA_NUM; k++) EC_KEY_free(loopargs[i].ecdsa[k]); + for (k = 0; k < EC_NUM; k++) { EC_KEY_free(loopargs[i].ecdh_a[k]); EC_KEY_free(loopargs[i].ecdh_b[k]); } @@ -2878,7 +2872,7 @@ static char *sstrsep(char **string, const char *delim) if (**string == 0) return NULL; - memset(isdelim, 0, sizeof isdelim); + memset(isdelim, 0, sizeof(isdelim)); isdelim[0] = 1; while (*delim) { @@ -2939,7 +2933,7 @@ static int do_multi(int multi) char *p; f = fdopen(fds[n], "r"); - while (fgets(buf, sizeof buf, f)) { + while (fgets(buf, sizeof(buf), f)) { p = strchr(buf, '\n'); if (p) *p = '\0'; @@ -2951,7 +2945,7 @@ static int do_multi(int multi) printf("Got: %s from %d\n", buf, n); if (strncmp(buf, "+F:", 3) == 0) { int alg; - int j; + unsigned int j; p = buf + 3; alg = atoi(sstrsep(&p, sep)); diff --git a/vendor/openssl/apps/spkac.c b/vendor/openssl/apps/spkac.c index 90a5beab4..344906796 100644 --- a/vendor/openssl/apps/spkac.c +++ b/vendor/openssl/apps/spkac.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -116,19 +116,22 @@ int spkac_main(int argc, char **argv) goto end; } - if (keyfile) { + if (keyfile != NULL) { pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, FORMAT_PEM, 1, passin, e, "private key"); - if (!pkey) { + if (pkey == NULL) goto end; - } spki = NETSCAPE_SPKI_new(); - if (challenge) + if (spki == NULL) + goto end; + if (challenge != NULL) ASN1_STRING_set(spki->spkac->challenge, challenge, (int)strlen(challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); + if (spkstr == NULL) + goto end; out = bio_open_default(outfile, 'w', FORMAT_TEXT); if (out == NULL) { @@ -154,7 +157,7 @@ int spkac_main(int argc, char **argv) spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); - if (!spki) { + if (spki == NULL) { BIO_printf(bio_err, "Error loading SPKAC\n"); ERR_print_errors(bio_err); goto end; @@ -169,9 +172,9 @@ int spkac_main(int argc, char **argv) pkey = NETSCAPE_SPKI_get_pubkey(spki); if (verify) { i = NETSCAPE_SPKI_verify(spki, pkey); - if (i > 0) + if (i > 0) { BIO_printf(bio_err, "Signature OK\n"); - else { + } else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); goto end; diff --git a/vendor/openssl/apps/srp.c b/vendor/openssl/apps/srp.c index ec35c5512..0ead68e8d 100644 --- a/vendor/openssl/apps/srp.c +++ b/vendor/openssl/apps/srp.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -293,11 +293,12 @@ int srp_main(int argc, char **argv) "Exactly one of the options -add, -delete, -modify -list must be specified.\n"); goto opthelp; } - if ((mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) - && argc < 1) { - BIO_printf(bio_err, - "Need at least one user for options -add, -delete, -modify. \n"); - goto opthelp; + if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) { + if (argc == 0) { + BIO_printf(bio_err, "Need at least one user.\n"); + goto opthelp; + } + user = *argv++; } if ((passinarg || passoutarg) && argc != 1) { BIO_printf(bio_err, @@ -391,10 +392,7 @@ int srp_main(int argc, char **argv) if (verbose > 1) BIO_printf(bio_err, "Starting user processing\n"); - if (argc > 0) - user = *(argv++); - - while (mode == OPT_LIST || user) { + while (mode == OPT_LIST || user != NULL) { int userindex = -1; if (user != NULL && verbose > 1) @@ -557,9 +555,8 @@ int srp_main(int argc, char **argv) doupdatedb = 1; } } - if (--argc > 0) { - user = *(argv++); - } else { + user = *argv++; + if (user == NULL) { /* no more processing in any mode if no users left */ break; } diff --git a/vendor/openssl/apps/tsget.in b/vendor/openssl/apps/tsget.in index 89d1bc7ea..c6193e57d 100644 --- a/vendor/openssl/apps/tsget.in +++ b/vendor/openssl/apps/tsget.in @@ -198,4 +198,3 @@ REQUEST: foreach (@ARGV) { STDERR->printflush(", $output written.\n") if $options{v}; } $curl->cleanup(); -WWW::Curl::Easy::global_cleanup(); diff --git a/vendor/openssl/apps/verify.c b/vendor/openssl/apps/verify.c index 3c4566393..8bcbff617 100644 --- a/vendor/openssl/apps/verify.c +++ b/vendor/openssl/apps/verify.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -219,6 +219,7 @@ static int check(X509_STORE *ctx, const char *file, X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { + X509_STORE_CTX_free(csc); printf("error %s: X.509 store context initialization failed\n", (file == NULL) ? "stdin" : file); goto end; @@ -282,6 +283,7 @@ static int cb(int ok, X509_STORE_CTX *ctx) switch (cert_error) { case X509_V_ERR_NO_EXPLICIT_POLICY: policies_print(ctx); + /* fall thru */ case X509_V_ERR_CERT_HAS_EXPIRED: /* diff --git a/vendor/openssl/apps/version.c b/vendor/openssl/apps/version.c index e3c8299fc..2f8be3643 100644 --- a/vendor/openssl/apps/version.c +++ b/vendor/openssl/apps/version.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,6 +61,7 @@ int version_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: +opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; case OPT_HELP: @@ -89,10 +90,14 @@ int version_main(int argc, char **argv) dirty = version = 1; break; case OPT_A: - cflags = version = date = platform = dir = engdir = 1; + options = cflags = version = date = platform = dir = engdir = 1; break; } } + if (opt_num_rest() != 0) { + BIO_printf(bio_err, "Extra parameters given.\n"); + goto opthelp; + } if (!dirty) version = 1; diff --git a/vendor/openssl/apps/vms_term_sock.c b/vendor/openssl/apps/vms_term_sock.c index a7d87ff36..bc0c173ef 100644 --- a/vendor/openssl/apps/vms_term_sock.c +++ b/vendor/openssl/apps/vms_term_sock.c @@ -143,7 +143,7 @@ int main (int argc, char *argv[], char *envp[]) ** Process the terminal input */ LogMessage ("Waiting on terminal I/O ...\n"); - len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ; + len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ; TermBuff[len] = '\0'; LogMessage ("Received terminal I/O [%s]", TermBuff); @@ -209,7 +209,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) TerminalDeviceAst, 0, TerminalDeviceBuff, - sizeof (TerminalDeviceBuff) - 2, + sizeof(TerminalDeviceBuff) - 2, 0, 0, 0, 0); if (! (status & 1)) { LogMessage ("TerminalSocket: SYS$QIO () - %08X", status); @@ -317,7 +317,7 @@ static int CreateSocketPair (int SocketFamily, /* ** Initialize the socket information */ - slen = sizeof (sin); + slen = sizeof(sin); memset ((char *) &sin, 0, slen); sin.sin_family = SocketFamily; sin.sin_addr.s_addr = inet_addr (LocalHostAddr); @@ -434,12 +434,12 @@ static int CreateSocketPair (int SocketFamily, /* ** Now issue the connect */ - memset ((char *) &sin, 0, sizeof (sin)) ; + memset ((char *) &sin, 0, sizeof(sin)) ; sin.sin_family = SocketFamily; sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ; sin.sin_port = LocalHostPort ; - status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin)); + status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin)); if (status < 0 ) { LogMessage ("CreateSocketPair: connect () - %d", errno); sys$cantim (&sptb, 0); @@ -528,7 +528,7 @@ static int TerminalDeviceAst (int astparm) TerminalDeviceAst, 0, TerminalDeviceBuff, - sizeof (TerminalDeviceBuff) - 1, + sizeof(TerminalDeviceBuff) - 1, 0, 0, 0, 0); /* diff --git a/vendor/openssl/apps/x509.c b/vendor/openssl/apps/x509.c index 577c35dd4..7a66ea660 100644 --- a/vendor/openssl/apps/x509.c +++ b/vendor/openssl/apps/x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -123,7 +123,7 @@ OPTIONS x509_options[] = { {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"}, {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"}, {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"}, - {"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"}, + {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"}, {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"}, @@ -450,10 +450,6 @@ int x509_main(int argc, char **argv) if (!nmflag_set) nmflag = XN_FLAG_ONELINE; - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - if (need_rand) app_RAND_load_file(NULL, 0); @@ -579,10 +575,12 @@ int x509_main(int argc, char **argv) goto end; } - if (!noout || text || next_serial) { - OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); + out = bio_open_default(outfile, 'w', outformat); + if (out == NULL) + goto end; - } + if (!noout || text || next_serial) + OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); if (alias) X509_alias_set1(x, (unsigned char *)alias, -1); @@ -726,11 +724,11 @@ int x509_main(int argc, char **argv) char *m; int len; - X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf)); BIO_printf(out, "/*\n" " * Subject: %s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof buf); + X509_NAME_oneline(X509_get_issuer_name(x), buf, sizeof(buf)); BIO_printf(out, " * Issuer: %s\n" " */\n", buf); diff --git a/vendor/openssl/appveyor.yml b/vendor/openssl/appveyor.yml index 8dd6cb6fb..ba291fdd1 100644 --- a/vendor/openssl/appveyor.yml +++ b/vendor/openssl/appveyor.yml @@ -41,5 +41,5 @@ test_script: - cd _build - nmake test - mkdir ..\_install - - nmake install install_docs DESTDIR=..\_install + - nmake install DESTDIR=..\_install - cd .. diff --git a/vendor/openssl/config b/vendor/openssl/config index 35e849a95..ef0841d12 100755 --- a/vendor/openssl/config +++ b/vendor/openssl/config @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -929,5 +929,6 @@ if [ $? = "0" ]; then fi else echo "This system ($OUT) is not supported. See file INSTALL for details." + exit 1 fi ) diff --git a/vendor/openssl/config.com b/vendor/openssl/config.com index 5b549955d..46ccaa20d 100644 --- a/vendor/openssl/config.com +++ b/vendor/openssl/config.com @@ -1,5 +1,5 @@ $ ! OpenSSL config: determine the architecture and run Configure -$ ! Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +$ ! Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. $ ! $ ! Licensed under the OpenSSL license (the "License"). You may not use $ ! this file except in compliance with the License. You can obtain a @@ -73,7 +73,7 @@ $ collected_args = collected_args + " --debug" $ P = "" $ ENDIF $ IF P .NES. "" THEN - - collected_args = collected_args + " " + P1 + collected_args = collected_args + " """ + P1 + """" $ P1 = P2 $ P2 = P3 $ P3 = P4 @@ -87,7 +87,7 @@ $ ENDLOOP1: $ $ target = "vms-''arch'''pointer_size'" $ IF verbose THEN - - WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""''collected_args'" + WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""",collected_args $ IF .not. dryrun THEN - - PERL 'here'Configure "''target'" 'debug' 'collected_args' + PERL 'here'Configure "''target'"'collected_args' $ EXIT $STATUS diff --git a/vendor/openssl/crypto/aes/asm/aes-armv4.pl b/vendor/openssl/crypto/aes/asm/aes-armv4.pl index 16d79aae5..998158998 100644 --- a/vendor/openssl/crypto/aes/asm/aes-armv4.pl +++ b/vendor/openssl/crypto/aes/asm/aes-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -200,10 +200,10 @@ #ifndef __thumb2__ sub r3,pc,#8 @ AES_encrypt #else - adr r3,AES_encrypt + adr r3,. #endif stmdb sp!,{r1,r4-r12,lr} -#ifdef __APPLE__ +#if defined(__thumb2__) || defined(__APPLE__) adr $tbl,AES_Te #else sub $tbl,r3,#AES_encrypt-AES_Te @ Te @@ -450,7 +450,7 @@ #ifndef __thumb2__ sub r3,pc,#8 @ AES_set_encrypt_key #else - adr r3,AES_set_encrypt_key + adr r3,. #endif teq r0,#0 #ifdef __thumb2__ @@ -481,7 +481,7 @@ mov lr,r1 @ bits mov $key,r2 @ key -#ifdef __APPLE__ +#if defined(__thumb2__) || defined(__APPLE__) adr $tbl,AES_Te+1024 @ Te4 #else sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 @@ -976,10 +976,10 @@ #ifndef __thumb2__ sub r3,pc,#8 @ AES_decrypt #else - adr r3,AES_decrypt + adr r3,. #endif stmdb sp!,{r1,r4-r12,lr} -#ifdef __APPLE__ +#if defined(__thumb2__) || defined(__APPLE__) adr $tbl,AES_Td #else sub $tbl,r3,#AES_decrypt-AES_Td @ Td diff --git a/vendor/openssl/crypto/aes/asm/aes-s390x.pl b/vendor/openssl/crypto/aes/asm/aes-s390x.pl index a93d60191..fd8a73716 100644 --- a/vendor/openssl/crypto/aes/asm/aes-s390x.pl +++ b/vendor/openssl/crypto/aes/asm/aes-s390x.pl @@ -813,7 +813,7 @@ () .Lproceed: ___ $code.=<<___ if (!$softonly); - # convert bits to km code, [128,192,256]->[18,19,20] + # convert bits to km(c) code, [128,192,256]->[18,19,20] lhi %r5,-128 lhi %r0,18 ar %r5,$bits @@ -821,13 +821,10 @@ () ar %r5,%r0 larl %r1,OPENSSL_s390xcap_P - lg %r0,0(%r1) - tmhl %r0,0x4000 # check for message-security assist - jz .Lekey_internal - llihh %r0,0x8000 srlg %r0,%r0,0(%r5) - ng %r0,48(%r1) # check kmc capability vector + ng %r0,32(%r1) # check availability of both km... + ng %r0,48(%r1) # ...and kmc support for given key length jz .Lekey_internal lmg %r0,%r1,0($inp) # just copy 128 bits... @@ -842,7 +839,7 @@ () stg %r1,24($key) 1: st $bits,236($key) # save bits [for debugging purposes] lgr $t0,%r5 - st %r5,240($key) # save km code + st %r5,240($key) # save km(c) code lghi %r2,0 br %r14 ___ @@ -1439,12 +1436,7 @@ () .Lctr32_hw_switch: ___ -$code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower - larl $s0,OPENSSL_s390xcap_P - lg $s0,8($s0) - tmhh $s0,0x0004 # check for message_security-assist-4 - jz .Lctr32_km_loop - +$code.=<<___ if (!$softonly && 0);# kmctr code was measured to be ~12% slower llgfr $s0,%r0 lgr $s1,%r1 larl %r1,OPENSSL_s390xcap_P @@ -1488,7 +1480,7 @@ () br $ra .align 16 ___ -$code.=<<___; +$code.=<<___ if (!$softonly); .Lctr32_km_loop: la $s2,16($sp) lgr $s3,$fp @@ -2227,7 +2219,6 @@ () } $code.=<<___; .string "AES for s390x, CRYPTOGAMS by " -.comm OPENSSL_s390xcap_P,80,8 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/vendor/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl b/vendor/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl index adff3a356..33a7f0cf4 100644 --- a/vendor/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl +++ b/vendor/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl @@ -34,6 +34,8 @@ # Haswell 4.43[+3.6(4.2)] 8.00(8.58) 4.55(5.21) +75%(+65%) # Skylake 2.63[+3.5(4.1)] 6.17(6.69) 4.23(4.44) +46%(+51%) # Bulldozer 5.77[+6.0] 11.72 6.37 +84% +# Ryzen(**) 2.71[+1.93] 4.64 2.74 +69% +# Goldmont(**) 3.82[+1.70] 5.52 4.20 +31% # # AES-192-CBC # Westmere 4.51 9.81 6.80 +44% @@ -47,13 +49,16 @@ # Sandy Bridge 7.05 12.06(13.15) 7.12(7.72) +69%(+70%) # Ivy Bridge 7.05 11.65 7.12 +64% # Haswell 6.19 9.76(10.34) 6.21(6.25) +57%(+65%) -# Skylake 3.62 7.16(7.68) 4.56(4.76) +57%(+61$) +# Skylake 3.62 7.16(7.68) 4.56(4.76) +57%(+61%) # Bulldozer 8.00 13.95 8.25 +69% +# Ryzen(**) 3.71 5.64 3.72 +52% +# Goldmont(**) 5.35 7.05 5.76 +22% # # (*) There are two code paths: SSSE3 and AVX. See sha1-568.pl for # background information. Above numbers in parentheses are SSSE3 # results collected on AVX-capable CPU, i.e. apply on OSes that # don't support AVX. +# (**) SHAEXT results. # # Needless to mention that it makes no sense to implement "stitched" # *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1 diff --git a/vendor/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl b/vendor/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl index 3b03328f3..0e49f26fa 100644 --- a/vendor/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/vendor/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -28,18 +28,21 @@ # for standalone AESNI-CBC encrypt, standalone SHA256, and stitched # subroutine: # -# AES-128/-192/-256+SHA256 this(**)gain -# Sandy Bridge 5.05/6.05/7.05+11.6 13.0 +28%/36%/43% -# Ivy Bridge 5.05/6.05/7.05+10.3 11.6 +32%/41%/50% -# Haswell 4.43/5.29/6.19+7.80 8.79 +39%/49%/59% -# Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40% -# Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58% +# AES-128/-192/-256+SHA256 this(**) gain +# Sandy Bridge 5.05/6.05/7.05+11.6 13.0 +28%/36%/43% +# Ivy Bridge 5.05/6.05/7.05+10.3 11.6 +32%/41%/50% +# Haswell 4.43/5.29/6.19+7.80 8.79 +39%/49%/59% +# Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40% +# Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58% +# Ryzen(***) 2.71/-/3.71+2.05 2.74/-/3.73 +74%/-/54% +# Goldmont(***) 3.82/-/5.35+4.16 4.73/-/5.94 +69%/-/60% # # (*) there are XOP, AVX1 and AVX2 code paths, meaning that # Westmere is omitted from loop, this is because gain was not # estimated high enough to justify the effort; # (**) these are EVP-free results, results obtained with 'speed # -evp aes-256-cbc-hmac-sha256' will vary by percent or two; +# (***) these are SHAEXT results; $flavour = shift; $output = shift; diff --git a/vendor/openssl/crypto/aes/asm/bsaes-armv7.pl b/vendor/openssl/crypto/aes/asm/bsaes-armv7.pl index 9f288660e..7af38afcb 100644 --- a/vendor/openssl/crypto/aes/asm/bsaes-armv7.pl +++ b/vendor/openssl/crypto/aes/asm/bsaes-armv7.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -744,9 +744,9 @@ sub bitslice { .type _bsaes_decrypt8,%function .align 4 _bsaes_decrypt8: - adr $const,_bsaes_decrypt8 + adr $const,. vldmia $key!, {@XMM[9]} @ round 0 key -#ifdef __APPLE__ +#if defined(__thumb2__) || defined(__APPLE__) adr $const,.LM0ISR #else add $const,$const,#.LM0ISR-_bsaes_decrypt8 @@ -843,9 +843,9 @@ sub bitslice { .type _bsaes_encrypt8,%function .align 4 _bsaes_encrypt8: - adr $const,_bsaes_encrypt8 + adr $const,. vldmia $key!, {@XMM[9]} @ round 0 key -#ifdef __APPLE__ +#if defined(__thumb2__) || defined(__APPLE__) adr $const,.LM0SR #else sub $const,$const,#_bsaes_encrypt8-.LM0SR @@ -951,9 +951,9 @@ sub bitslice_key { .type _bsaes_key_convert,%function .align 4 _bsaes_key_convert: - adr $const,_bsaes_key_convert + adr $const,. vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key -#ifdef __APPLE__ +#if defined(__thumb2__) || defined(__APPLE__) adr $const,.LM0 #else sub $const,$const,#_bsaes_key_convert-.LM0 diff --git a/vendor/openssl/crypto/arm_arch.h b/vendor/openssl/crypto/arm_arch.h index 3fc9e69b1..25419e0df 100644 --- a/vendor/openssl/crypto/arm_arch.h +++ b/vendor/openssl/crypto/arm_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,7 +69,7 @@ # endif # endif -# if !__ASSEMBLER__ +# ifndef __ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; # endif diff --git a/vendor/openssl/crypto/armcap.c b/vendor/openssl/crypto/armcap.c index 29534845d..28e97c8c4 100644 --- a/vendor/openssl/crypto/armcap.c +++ b/vendor/openssl/crypto/armcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ #include #include #include +#include #include "arm_arch.h" @@ -69,7 +70,7 @@ static unsigned long (*getauxval) (unsigned long) = NULL; # endif /* - * ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas + * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas * AArch64 used AT_HWCAP. */ # if defined(__arm__) || defined (__arm) diff --git a/vendor/openssl/crypto/armv4cpuid.pl b/vendor/openssl/crypto/armv4cpuid.pl index f7d31a698..ab007c19c 100644 --- a/vendor/openssl/crypto/armv4cpuid.pl +++ b/vendor/openssl/crypto/armv4cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -125,7 +125,7 @@ ldmia sp!,{r4,r5} .Lno_data: - neg r0,ip + rsb r0,ip,#0 mov r0,r0,lsr#31 #if __ARM_ARCH__>=5 bx lr diff --git a/vendor/openssl/crypto/asn1/a_bitstr.c b/vendor/openssl/crypto/asn1/a_bitstr.c index 33be907f9..b2e0fb688 100644 --- a/vendor/openssl/crypto/asn1/a_bitstr.c +++ b/vendor/openssl/crypto/asn1/a_bitstr.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include "internal/cryptlib.h" #include @@ -88,6 +89,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, goto err; } + if (len > INT_MAX) { + i = ASN1_R_STRING_TOO_LONG; + goto err; + } + if ((a == NULL) || ((*a) == NULL)) { if ((ret = ASN1_BIT_STRING_new()) == NULL) return (NULL); diff --git a/vendor/openssl/crypto/asn1/a_digest.c b/vendor/openssl/crypto/asn1/a_digest.c index 46bff0d88..c84ecc9b4 100644 --- a/vendor/openssl/crypto/asn1/a_digest.c +++ b/vendor/openssl/crypto/asn1/a_digest.c @@ -9,13 +9,10 @@ #include #include +#include #include "internal/cryptlib.h" -#ifndef NO_SYS_TYPES_H -# include -#endif - #include #include #include diff --git a/vendor/openssl/crypto/asn1/a_i2d_fp.c b/vendor/openssl/crypto/asn1/a_i2d_fp.c index 1514ede4f..3b3f713c2 100644 --- a/vendor/openssl/crypto/asn1/a_i2d_fp.c +++ b/vendor/openssl/crypto/asn1/a_i2d_fp.c @@ -38,6 +38,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) int i, j = 0, n, ret = 1; n = i2d(x, NULL); + if (n <= 0) + return 0; + b = OPENSSL_malloc(n); if (b == NULL) { ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); diff --git a/vendor/openssl/crypto/asn1/a_mbstr.c b/vendor/openssl/crypto/asn1/a_mbstr.c index 5578e9239..7a035afba 100644 --- a/vendor/openssl/crypto/asn1/a_mbstr.c +++ b/vendor/openssl/crypto/asn1/a_mbstr.c @@ -100,14 +100,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, if ((minsize > 0) && (nchar < minsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); - BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); + BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize); ERR_add_error_data(2, "minsize=", strbuf); return -1; } if ((maxsize > 0) && (nchar > maxsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); - BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); + BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize); ERR_add_error_data(2, "maxsize=", strbuf); return -1; } diff --git a/vendor/openssl/crypto/asn1/a_object.c b/vendor/openssl/crypto/asn1/a_object.c index 79f0ecd2a..7d332ec2f 100644 --- a/vendor/openssl/crypto/asn1/a_object.c +++ b/vendor/openssl/crypto/asn1/a_object.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,7 @@ int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) { - unsigned char *p; + unsigned char *p, *allocated = NULL; int objsize; if ((a == NULL) || (a->data == NULL)) @@ -29,20 +29,31 @@ int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) if (pp == NULL || objsize == -1) return objsize; - p = *pp; + if (*pp == NULL) { + if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) { + ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE); + return 0; + } + } else { + p = *pp; + } + ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); memcpy(p, a->data, a->length); - p += a->length; - *pp = p; - return (objsize); + /* + * If a new buffer was allocated, just return it back. + * If not, return the incremented buffer pointer. + */ + *pp = allocated != NULL ? allocated : p + a->length; + return objsize; } int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) { int i, first, len = 0, c, use_bn; char ftmp[24], *tmp = ftmp; - int tmpsize = sizeof ftmp; + int tmpsize = sizeof(ftmp); const char *p; unsigned long l; BIGNUM *bl = NULL; @@ -177,7 +188,7 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) if ((a == NULL) || (a->data == NULL)) return (BIO_write(bp, "NULL", 4)); - i = i2t_ASN1_OBJECT(buf, sizeof buf, a); + i = i2t_ASN1_OBJECT(buf, sizeof(buf), a); if (i > (int)(sizeof(buf) - 1)) { p = OPENSSL_malloc(i + 1); if (p == NULL) diff --git a/vendor/openssl/crypto/asn1/a_sign.c b/vendor/openssl/crypto/asn1/a_sign.c index 7e21a5ec9..3b261eba4 100644 --- a/vendor/openssl/crypto/asn1/a_sign.c +++ b/vendor/openssl/crypto/asn1/a_sign.c @@ -9,13 +9,10 @@ #include #include +#include #include "internal/cryptlib.h" -#ifndef NO_SYS_TYPES_H -# include -#endif - #include #include #include diff --git a/vendor/openssl/crypto/asn1/a_strex.c b/vendor/openssl/crypto/asn1/a_strex.c index 1bc06799a..207190c52 100644 --- a/vendor/openssl/crypto/asn1/a_strex.c +++ b/vendor/openssl/crypto/asn1/a_strex.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,7 +63,7 @@ typedef int char_io (void *arg, const void *buf, int len); * even 4 byte forms. */ -static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, +static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes, char_io *io_ch, void *arg) { unsigned short chflgs; @@ -73,13 +73,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, if (c > 0xffffffffL) return -1; if (c > 0xffff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); + BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c); if (!io_ch(arg, tmphex, 10)) return -1; return 10; } if (c > 0xff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); + BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c); if (!io_ch(arg, tmphex, 6)) return -1; return 6; @@ -116,7 +116,7 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, * If we get this far and do any escaping at all must escape the escape * character itself: backslash. */ - if (chtmp == '\\' && flags & ESC_FLAGS) { + if (chtmp == '\\' && (flags & ESC_FLAGS)) { if (!io_ch(arg, "\\\\", 2)) return -1; return 2; @@ -139,19 +139,40 @@ static int do_buf(unsigned char *buf, int buflen, int type, unsigned short flags, char *quotes, char_io *io_ch, void *arg) { - int i, outlen, len; + int i, outlen, len, charwidth; unsigned short orflags; unsigned char *p, *q; unsigned long c; + p = buf; q = buf + buflen; outlen = 0; + charwidth = type & BUF_TYPE_WIDTH_MASK; + + switch (charwidth) { + case 4: + if (buflen & 3) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + return -1; + } + break; + case 2: + if (buflen & 1) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH); + return -1; + } + break; + default: + break; + } + while (p != q) { if (p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; else orflags = 0; - switch (type & BUF_TYPE_WIDTH_MASK) { + + switch (charwidth) { case 4: c = ((unsigned long)*p++) << 24; c |= ((unsigned long)*p++) << 16; @@ -172,6 +193,7 @@ static int do_buf(unsigned char *buf, int buflen, i = UTF8_getc(p, buflen, &c); if (i < 0) return -1; /* Invalid UTF8String */ + buflen -= i; p += i; break; default: @@ -182,7 +204,7 @@ static int do_buf(unsigned char *buf, int buflen, if (type & BUF_TYPE_CONVUTF8) { unsigned char utfbuf[6]; int utflen; - utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); + utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); for (i = 0; i < utflen; i++) { /* * We don't need to worry about setting orflags correctly @@ -190,17 +212,15 @@ static int do_buf(unsigned char *buf, int buflen, * otherwise each character will be > 0x7f and so the * character will never be escaped on first and last. */ - len = - do_esc_char(utfbuf[i], (unsigned short)(flags | orflags), - quotes, io_ch, arg); + len = do_esc_char(utfbuf[i], flags | orflags, quotes, + io_ch, arg); if (len < 0) return -1; outlen += len; } } else { - len = - do_esc_char(c, (unsigned short)(flags | orflags), quotes, - io_ch, arg); + len = do_esc_char(c, flags | orflags, quotes, + io_ch, arg); if (len < 0) return -1; outlen += len; @@ -479,7 +499,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, if (fn_opt != XN_FLAG_FN_NONE) { int objlen, fld_len; if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { - OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); + OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1); fld_len = 0; /* XXX: what should this be? */ objbuf = objtmp; } else { @@ -593,53 +613,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) *out = stmp.data; return stmp.length; } - -/* Return 1 if host is a valid hostname and 0 otherwise */ -int asn1_valid_host(const ASN1_STRING *host) -{ - int hostlen = host->length; - const unsigned char *hostptr = host->data; - int type = host->type; - int i; - signed char width = -1; - unsigned short chflags = 0, prevchflags; - - if (type > 0 && type < 31) - width = tag2nbyte[type]; - if (width == -1 || hostlen == 0) - return 0; - /* Treat UTF8String as width 1 as any MSB set is invalid */ - if (width == 0) - width = 1; - for (i = 0 ; i < hostlen; i+= width) { - prevchflags = chflags; - /* Value must be <= 0x7F: check upper bytes are all zeroes */ - if (width == 4) { - if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0) - return 0; - } else if (width == 2) { - if (*hostptr++ != 0) - return 0; - } - if (*hostptr > 0x7f) - return 0; - chflags = char_type[*hostptr++]; - if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) { - /* Nothing else allowed at start or end of string */ - if (i == 0 || i == hostlen - 1) - return 0; - /* Otherwise invalid if not dot or hyphen */ - if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN))) - return 0; - /* - * If previous is dot or hyphen then illegal unless both - * are hyphens: as .- -. .. are all illegal - */ - if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN) - && ((prevchflags & CHARTYPE_HOST_DOT) - || (chflags & CHARTYPE_HOST_DOT))) - return 0; - } - } - return 1; -} diff --git a/vendor/openssl/crypto/asn1/a_strnid.c b/vendor/openssl/crypto/asn1/a_strnid.c index aadc26ced..ecf178e28 100644 --- a/vendor/openssl/crypto/asn1/a_strnid.c +++ b/vendor/openssl/crypto/asn1/a_strnid.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -214,6 +214,7 @@ static ASN1_STRING_TABLE *stable_get(int nid) rv->mask = tmp->mask; rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; } else { + rv->nid = nid; rv->minsize = -1; rv->maxsize = -1; rv->flags = STABLE_FLAGS_MALLOC; diff --git a/vendor/openssl/crypto/asn1/a_verify.c b/vendor/openssl/crypto/asn1/a_verify.c index 00ab136f0..fb3607cbb 100644 --- a/vendor/openssl/crypto/asn1/a_verify.c +++ b/vendor/openssl/crypto/asn1/a_verify.c @@ -9,13 +9,10 @@ #include #include +#include #include "internal/cryptlib.h" -#ifndef NO_SYS_TYPES_H -# include -#endif - #include #include #include diff --git a/vendor/openssl/crypto/asn1/ameth_lib.c b/vendor/openssl/crypto/asn1/ameth_lib.c index cfde49ab0..9b0a2ccb2 100644 --- a/vendor/openssl/crypto/asn1/ameth_lib.c +++ b/vendor/openssl/crypto/asn1/ameth_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -143,7 +143,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len) { int i; - const EVP_PKEY_ASN1_METHOD *ameth; + const EVP_PKEY_ASN1_METHOD *ameth = NULL; + if (len == -1) len = strlen(str); if (pe) { @@ -163,12 +164,12 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, #endif *pe = NULL; } - for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { + for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) { ameth = EVP_PKEY_asn1_get0(i); if (ameth->pkey_flags & ASN1_PKEY_ALIAS) continue; - if (((int)strlen(ameth->pem_str) == len) - && (strncasecmp(ameth->pem_str, str, len) == 0)) + if ((int)strlen(ameth->pem_str) == len + && strncasecmp(ameth->pem_str, str, len) == 0) return ameth; } return NULL; @@ -176,11 +177,21 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) { + EVP_PKEY_ASN1_METHOD tmp = { 0, }; + if (app_methods == NULL) { app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); if (app_methods == NULL) return 0; } + + tmp.pkey_id = ameth->pkey_id; + if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) { + EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, + EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED); + return 0; + } + if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth)) return 0; sk_EVP_PKEY_ASN1_METHOD_sort(app_methods); @@ -244,6 +255,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, goto err; } + /* + * One of the following must be true: + * + * pem_str == NULL AND ASN1_PKEY_ALIAS is set + * pem_str != NULL AND ASN1_PKEY_ALIAS is clear + * + * Anything else is an error and may lead to a corrupt ASN1 method table + */ + if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0) + || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0))) + goto err; + if (pem_str) { ameth->pem_str = OPENSSL_strdup(pem_str); if (!ameth->pem_str) diff --git a/vendor/openssl/crypto/asn1/asn1_err.c b/vendor/openssl/crypto/asn1/asn1_err.c index dd0e99e62..5d895d300 100644 --- a/vendor/openssl/crypto/asn1/asn1_err.c +++ b/vendor/openssl/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,8 +92,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"}, {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, + {ERR_FUNC(ASN1_F_DO_BUF), "do_buf"}, {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"}, {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, + {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"}, {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, @@ -203,6 +205,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, + {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, diff --git a/vendor/openssl/crypto/asn1/asn1_locl.h b/vendor/openssl/crypto/asn1/asn1_locl.h index 9470c7d0b..9a47b1ef3 100644 --- a/vendor/openssl/crypto/asn1/asn1_locl.h +++ b/vendor/openssl/crypto/asn1/asn1_locl.h @@ -65,6 +65,7 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); +void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); diff --git a/vendor/openssl/crypto/asn1/asn1_par.c b/vendor/openssl/crypto/asn1/asn1_par.c index af045cb15..fabc8d6fe 100644 --- a/vendor/openssl/crypto/asn1/asn1_par.c +++ b/vendor/openssl/crypto/asn1/asn1_par.c @@ -38,13 +38,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, p = str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) - BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag); + BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag); else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) - BIO_snprintf(str, sizeof str, "cont [ %d ]", tag); + BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag); else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) - BIO_snprintf(str, sizeof str, "appl [ %d ]", tag); + BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag); else if (tag > 30) - BIO_snprintf(str, sizeof str, "", tag); + BIO_snprintf(str, sizeof(str), "", tag); else p = ASN1_tag2str(tag); diff --git a/vendor/openssl/crypto/asn1/asn_mime.c b/vendor/openssl/crypto/asn1/asn_mime.c index d7ec801b1..da0085f68 100644 --- a/vendor/openssl/crypto/asn1/asn_mime.c +++ b/vendor/openssl/crypto/asn1/asn_mime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -425,6 +425,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) || hdr->value == NULL) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); + sk_BIO_pop_free(parts, BIO_vfree); return NULL; } @@ -968,12 +969,14 @@ static int strip_eol(char *linebuf, int *plen, int flags) p = linebuf + len - 1; for (p = linebuf + len - 1; len > 0; len--, p--) { c = *p; - if (c == '\n') + if (c == '\n') { is_eol = 1; - else if (is_eol && flags & SMIME_ASCIICRLF && c < 33) + } else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) { + /* Strip trailing space on a line; 32 == ASCII for ' ' */ continue; - else if (c != '\r') + } else if (c != '\r') { break; + } } *plen = len; return is_eol; diff --git a/vendor/openssl/crypto/asn1/bio_asn1.c b/vendor/openssl/crypto/asn1/bio_asn1.c index 7576c65dd..2a8a41f50 100644 --- a/vendor/openssl/crypto/asn1/bio_asn1.c +++ b/vendor/openssl/crypto/asn1/bio_asn1.c @@ -65,7 +65,7 @@ static int asn1_bio_gets(BIO *h, char *str, int size); static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int asn1_bio_new(BIO *h); static int asn1_bio_free(BIO *data); -static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size); static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, @@ -301,7 +301,7 @@ static int asn1_bio_gets(BIO *b, char *str, int size) return BIO_gets(next, str, size); } -static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { BIO *next = BIO_next(b); if (next == NULL) diff --git a/vendor/openssl/crypto/asn1/p5_scrypt.c b/vendor/openssl/crypto/asn1/p5_scrypt.c index 4cb783749..10a736023 100644 --- a/vendor/openssl/crypto/asn1/p5_scrypt.c +++ b/vendor/openssl/crypto/asn1/p5_scrypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -91,7 +91,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, if (EVP_CIPHER_iv_length(cipher)) { if (aiv) memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); - else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) + else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0) goto err; } diff --git a/vendor/openssl/crypto/asn1/tasn_dec.c b/vendor/openssl/crypto/asn1/tasn_dec.c index c9b637516..af8641e35 100644 --- a/vendor/openssl/crypto/asn1/tasn_dec.c +++ b/vendor/openssl/crypto/asn1/tasn_dec.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,9 +17,18 @@ #include "internal/numbers.h" #include "asn1_locl.h" +/* + * Constructed types with a recursive definition (such as can be found in PKCS7) + * could eventually exceed the stack given malicious input with excessive + * recursion. Therefore we limit the stack depth. This is the maximum number of + * recursive invocations of asn1_item_embed_d2i(). + */ +#define ASN1_MAX_CONSTRUCTED_NEST 30 + static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx); + int tag, int aclass, char opt, ASN1_TLC *ctx, + int depth); static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); @@ -37,11 +46,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx); + ASN1_TLC *ctx, int depth); static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx); + ASN1_TLC *ctx, int depth); static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, @@ -111,7 +120,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, int tag, int aclass, char opt, ASN1_TLC *ctx) { int rv; - rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx); + rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0); if (rv <= 0) ASN1_item_ex_free(pval, it); return rv; @@ -124,7 +133,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) + int tag, int aclass, char opt, ASN1_TLC *ctx, + int depth) { const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_EXTERN_FUNCS *ef; @@ -145,6 +155,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, else asn1_cb = 0; + if (++depth > ASN1_MAX_CONSTRUCTED_NEST) { + ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NESTED_TOO_DEEP); + goto err; + } + switch (it->itype) { case ASN1_ITYPE_PRIMITIVE: if (it->templates) { @@ -160,7 +175,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, goto err; } return asn1_template_ex_d2i(pval, in, len, - it->templates, opt, ctx); + it->templates, opt, ctx, depth); } return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); @@ -221,7 +236,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, /* * We mark field as OPTIONAL so its absence can be recognised. */ - ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); + ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth); /* If field not present, try the next one */ if (ret == -1) continue; @@ -344,7 +359,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, * attempt to read in field, allowing each to be OPTIONAL */ - ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); + ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx, + depth); if (!ret) { errtt = seqtt; goto err; @@ -420,7 +436,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, static int asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx) + ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; @@ -455,7 +471,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, return 0; } /* We've found the field so it can't be OPTIONAL now */ - ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); + ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; @@ -479,7 +495,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, } } } else - return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); + return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth); *in = p; return 1; @@ -491,7 +507,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx) + ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; @@ -573,7 +589,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } skfield = NULL; if (!asn1_item_embed_d2i(&skfield, &p, len, - ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { + ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx, + depth)) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); /* |skfield| may be partially allocated despite failure. */ @@ -595,7 +612,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, /* IMPLICIT tagging */ ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, - ctx); + ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -604,7 +621,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } else { /* Nothing special */ ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx); + -1, 0, opt, ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/vendor/openssl/crypto/asn1/tasn_enc.c b/vendor/openssl/crypto/asn1/tasn_enc.c index caa48696d..3b723a184 100644 --- a/vendor/openssl/crypto/asn1/tasn_enc.c +++ b/vendor/openssl/crypto/asn1/tasn_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -528,6 +528,8 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, otmp = (ASN1_OBJECT *)*pval; cont = otmp->data; len = otmp->length; + if (cont == NULL || len == 0) + return -1; break; case V_ASN1_NULL: diff --git a/vendor/openssl/crypto/asn1/tasn_fre.c b/vendor/openssl/crypto/asn1/tasn_fre.c index ae9146177..bbce489fe 100644 --- a/vendor/openssl/crypto/asn1/tasn_fre.c +++ b/vendor/openssl/crypto/asn1/tasn_fre.c @@ -13,9 +13,6 @@ #include #include "asn1_locl.h" -static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed); - /* Free up an ASN1 structure */ void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) @@ -28,8 +25,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) asn1_item_embed_free(pval, it, 0); } -static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed) +void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) { const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_EXTERN_FUNCS *ef; diff --git a/vendor/openssl/crypto/asn1/tasn_new.c b/vendor/openssl/crypto/asn1/tasn_new.c index f695e38da..11c804026 100644 --- a/vendor/openssl/crypto/asn1/tasn_new.c +++ b/vendor/openssl/crypto/asn1/tasn_new.c @@ -124,8 +124,13 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) goto memerr; } /* 0 : init. lock */ - if (asn1_do_lock(pval, 0, it) < 0) - goto memerr2; + if (asn1_do_lock(pval, 0, it) < 0) { + if (!embed) { + OPENSSL_free(*pval); + *pval = NULL; + } + goto memerr; + } asn1_enc_init(pval, it); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { pseqval = asn1_get_field_ptr(pval, tt); @@ -142,7 +147,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) return 1; memerr2: - ASN1_item_ex_free(pval, it); + asn1_item_embed_free(pval, it, embed); memerr: ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE); #ifndef OPENSSL_NO_CRYPTO_MDEBUG @@ -151,7 +156,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) return 0; auxerr2: - ASN1_item_ex_free(pval, it); + asn1_item_embed_free(pval, it, embed); auxerr: ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR); #ifndef OPENSSL_NO_CRYPTO_MDEBUG diff --git a/vendor/openssl/crypto/asn1/tasn_prn.c b/vendor/openssl/crypto/asn1/tasn_prn.c index f53e9056a..53a9ee8ee 100644 --- a/vendor/openssl/crypto/asn1/tasn_prn.c +++ b/vendor/openssl/crypto/asn1/tasn_prn.c @@ -409,7 +409,7 @@ static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid) ln = OBJ_nid2ln(OBJ_obj2nid(oid)); if (!ln) ln = ""; - OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1); + OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1); if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) return 0; return 1; diff --git a/vendor/openssl/crypto/asn1/tasn_utl.c b/vendor/openssl/crypto/asn1/tasn_utl.c index f79d7d6b4..832603b1d 100644 --- a/vendor/openssl/crypto/asn1/tasn_utl.c +++ b/vendor/openssl/crypto/asn1/tasn_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -76,7 +76,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) } return 1; } - if (CRYPTO_atomic_add(lck, op, &ret, *lock) < 0) + if (!CRYPTO_atomic_add(lck, op, &ret, *lock)) return -1; /* failed */ #ifdef REF_PRINT fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname); diff --git a/vendor/openssl/crypto/async/arch/async_posix.h b/vendor/openssl/crypto/async/arch/async_posix.h index 3c61f7f7b..939b4ab18 100644 --- a/vendor/openssl/crypto/async/arch/async_posix.h +++ b/vendor/openssl/crypto/async/arch/async_posix.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,13 +11,14 @@ #define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H #include -#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) \ +#if defined(OPENSSL_SYS_UNIX) \ && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \ && !defined(__ANDROID__) && !defined(__OpenBSD__) # include -# if _POSIX_VERSION >= 200112L +# if _POSIX_VERSION >= 200112L \ + && (_POSIX_VERSION < 200809L || defined(__GLIBC__)) # include diff --git a/vendor/openssl/crypto/async/async.c b/vendor/openssl/crypto/async/async.c index 8c699af78..0862cca21 100644 --- a/vendor/openssl/crypto/async/async.c +++ b/vendor/openssl/crypto/async/async.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,13 +30,14 @@ static CRYPTO_THREAD_LOCAL ctxkey; static CRYPTO_THREAD_LOCAL poolkey; -static void async_free_pool_internal(async_pool *pool); - static async_ctx *async_ctx_new(void) { - async_ctx *nctx = NULL; + async_ctx *nctx; + + if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) + return NULL; - nctx = OPENSSL_malloc(sizeof (async_ctx)); + nctx = OPENSSL_malloc(sizeof(async_ctx)); if (nctx == NULL) { ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE); goto err; @@ -57,9 +58,6 @@ static async_ctx *async_ctx_new(void) async_ctx *async_get_ctx(void) { - if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) - return NULL; - return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey); } @@ -81,7 +79,7 @@ static ASYNC_JOB *async_job_new(void) { ASYNC_JOB *job = NULL; - job = OPENSSL_zalloc(sizeof (ASYNC_JOB)); + job = OPENSSL_zalloc(sizeof(ASYNC_JOB)); if (job == NULL) { ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -169,16 +167,19 @@ void async_start_func(void) int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret, int (*func)(void *), void *args, size_t size) { - async_ctx *ctx = async_get_ctx(); + async_ctx *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) + return ASYNC_ERR; + + ctx = async_get_ctx(); if (ctx == NULL) ctx = async_ctx_new(); - if (ctx == NULL) { + if (ctx == NULL) return ASYNC_ERR; - } - if (*job) { + if (*job) ctx->currjob = *job; - } for (;;) { if (ctx->currjob != NULL) { @@ -219,9 +220,8 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret, } /* Start a new job */ - if ((ctx->currjob = async_get_pool_job()) == NULL) { + if ((ctx->currjob = async_get_pool_job()) == NULL) return ASYNC_NO_JOBS; - } if (args != NULL) { ctx->currjob->funcargs = OPENSSL_malloc(size); @@ -323,14 +323,13 @@ int ASYNC_init_thread(size_t max_size, size_t init_size) return 0; } - if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) { + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) return 0; - } - if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) { + + if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) return 0; - } - pool = OPENSSL_zalloc(sizeof *pool); + pool = OPENSSL_zalloc(sizeof(*pool)); if (pool == NULL) { ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE); return 0; @@ -369,32 +368,41 @@ int ASYNC_init_thread(size_t max_size, size_t init_size) return 1; err: - async_free_pool_internal(pool); + async_empty_pool(pool); + sk_ASYNC_JOB_free(pool->jobs); + OPENSSL_free(pool); return 0; } -static void async_free_pool_internal(async_pool *pool) +void async_delete_thread_state(void) { - if (pool == NULL) - return; + async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); - async_empty_pool(pool); - sk_ASYNC_JOB_free(pool->jobs); - OPENSSL_free(pool); - CRYPTO_THREAD_set_local(&poolkey, NULL); + if (pool != NULL) { + async_empty_pool(pool); + sk_ASYNC_JOB_free(pool->jobs); + OPENSSL_free(pool); + CRYPTO_THREAD_set_local(&poolkey, NULL); + } async_local_cleanup(); async_ctx_free(); } void ASYNC_cleanup_thread(void) { - async_free_pool_internal((async_pool *)CRYPTO_THREAD_get_local(&poolkey)); + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) + return; + + async_delete_thread_state(); } ASYNC_JOB *ASYNC_get_current_job(void) { async_ctx *ctx; + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) + return NULL; + ctx = async_get_ctx(); if (ctx == NULL) return NULL; @@ -409,7 +417,12 @@ ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job) void ASYNC_block_pause(void) { - async_ctx *ctx = async_get_ctx(); + async_ctx *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) + return; + + ctx = async_get_ctx(); if (ctx == NULL || ctx->currjob == NULL) { /* * We're not in a job anyway so ignore this @@ -421,7 +434,12 @@ void ASYNC_block_pause(void) void ASYNC_unblock_pause(void) { - async_ctx *ctx = async_get_ctx(); + async_ctx *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) + return; + + ctx = async_get_ctx(); if (ctx == NULL || ctx->currjob == NULL) { /* * We're not in a job anyway so ignore this diff --git a/vendor/openssl/crypto/async/async_wait.c b/vendor/openssl/crypto/async/async_wait.c index e115985d2..0a0bf873e 100644 --- a/vendor/openssl/crypto/async/async_wait.c +++ b/vendor/openssl/crypto/async/async_wait.c @@ -47,7 +47,7 @@ int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, { struct fd_lookup_st *fdlookup; - fdlookup = OPENSSL_zalloc(sizeof *fdlookup); + fdlookup = OPENSSL_zalloc(sizeof(*fdlookup)); if (fdlookup == NULL) return 0; diff --git a/vendor/openssl/crypto/bf/bf_locl.h b/vendor/openssl/crypto/bf/bf_locl.h index 7e5f92c26..b1a415e51 100644 --- a/vendor/openssl/crypto/bf/bf_locl.h +++ b/vendor/openssl/crypto/bf/bf_locl.h @@ -17,12 +17,19 @@ l1=l2=0; \ switch (n) { \ case 8: l2 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + /* fall thru */ \ case 4: l1 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ case 1: l1|=((unsigned long)(*(--(c))))<<24; \ } \ } @@ -32,12 +39,19 @@ c+=n; \ switch (n) { \ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + /* fall thru */ \ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + /* fall thru */ \ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + /* fall thru */ \ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + /* fall thru */ \ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + /* fall thru */ \ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + /* fall thru */ \ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ } \ } diff --git a/vendor/openssl/crypto/bio/b_addr.c b/vendor/openssl/crypto/bio/b_addr.c index 289404c16..6ed1652c8 100644 --- a/vendor/openssl/crypto/bio/b_addr.c +++ b/vendor/openssl/crypto/bio/b_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -66,18 +66,18 @@ void BIO_ADDR_clear(BIO_ADDR *ap) int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa) { if (sa->sa_family == AF_INET) { - ap->s_in = *(const struct sockaddr_in *)sa; + memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in)); return 1; } #ifdef AF_INET6 if (sa->sa_family == AF_INET6) { - ap->s_in6 = *(const struct sockaddr_in6 *)sa; + memcpy(&(ap->s_in6), sa, sizeof(struct sockaddr_in6)); return 1; } #endif #ifdef AF_UNIX - if (ap->sa.sa_family == AF_UNIX) { - ap->s_un = *(const struct sockaddr_un *)sa; + if (sa->sa_family == AF_UNIX) { + memcpy(&(ap->s_un), sa, sizeof(struct sockaddr_un)); return 1; } #endif @@ -604,7 +604,8 @@ static int addrinfo_wrap(int family, int socktype, DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init) { - OPENSSL_init_crypto(0, NULL); + if (!OPENSSL_init_crypto(0, NULL)) + return 0; bio_lookup_lock = CRYPTO_THREAD_lock_new(); return bio_lookup_lock != NULL; } @@ -668,7 +669,7 @@ int BIO_lookup(const char *host, const char *service, int gai_ret = 0; struct addrinfo hints; - memset(&hints, 0, sizeof hints); + memset(&hints, 0, sizeof(hints)); hints.ai_family = family; hints.ai_socktype = socktype; diff --git a/vendor/openssl/crypto/bio/b_dump.c b/vendor/openssl/crypto/bio/b_dump.c index a27954fa3..424195e16 100644 --- a/vendor/openssl/crypto/bio/b_dump.c +++ b/vendor/openssl/crypto/bio/b_dump.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,6 @@ #include #include "bio_lcl.h" -#define TRUNCATE #define DUMP_WIDTH 16 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) @@ -29,17 +28,10 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), { int ret = 0; char buf[288 + 1], tmp[20], str[128 + 1]; - int i, j, rows, trc; + int i, j, rows; unsigned char ch; int dump_width; - trc = 0; - -#ifdef TRUNCATE - for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--) - trc++; -#endif - if (indent < 0) indent = 0; if (indent) { @@ -54,50 +46,43 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if ((rows * dump_width) < len) rows++; for (i = 0; i < rows; i++) { - OPENSSL_strlcpy(buf, str, sizeof buf); - BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); - OPENSSL_strlcat(buf, tmp, sizeof buf); + OPENSSL_strlcpy(buf, str, sizeof(buf)); + BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width); + OPENSSL_strlcat(buf, tmp, sizeof(buf)); for (j = 0; j < dump_width; j++) { if (((i * dump_width) + j) >= len) { - OPENSSL_strlcat(buf, " ", sizeof buf); + OPENSSL_strlcat(buf, " ", sizeof(buf)); } else { ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; - BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch, + BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch, j == 7 ? '-' : ' '); - OPENSSL_strlcat(buf, tmp, sizeof buf); + OPENSSL_strlcat(buf, tmp, sizeof(buf)); } } - OPENSSL_strlcat(buf, " ", sizeof buf); + OPENSSL_strlcat(buf, " ", sizeof(buf)); for (j = 0; j < dump_width; j++) { if (((i * dump_width) + j) >= len) break; ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; #ifndef CHARSET_EBCDIC - BIO_snprintf(tmp, sizeof tmp, "%c", + BIO_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.'); #else - BIO_snprintf(tmp, sizeof tmp, "%c", + BIO_snprintf(tmp, sizeof(tmp), "%c", ((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) ? os_toebcdic[ch] : '.'); #endif - OPENSSL_strlcat(buf, tmp, sizeof buf); + OPENSSL_strlcat(buf, tmp, sizeof(buf)); } - OPENSSL_strlcat(buf, "\n", sizeof buf); + OPENSSL_strlcat(buf, "\n", sizeof(buf)); /* * if this is the last call then update the ddt_dump thing so that we * will move the selection point in the debug window */ ret += cb((void *)buf, strlen(buf), u); } -#ifdef TRUNCATE - if (trc > 0) { - BIO_snprintf(buf, sizeof buf, "%s%04x - \n", str, - len + trc); - ret += cb((void *)buf, strlen(buf), u); - } -#endif - return (ret); + return ret; } #ifndef OPENSSL_NO_STDIO diff --git a/vendor/openssl/crypto/bio/b_print.c b/vendor/openssl/crypto/bio/b_print.c index 7bbc551c5..8f50cb8c1 100644 --- a/vendor/openssl/crypto/bio/b_print.c +++ b/vendor/openssl/crypto/bio/b_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,9 +10,9 @@ #include #include #include -#include "internal/numbers.h" -#include "internal/cryptlib.h" #include +#include "internal/cryptlib.h" +#include "internal/numbers.h" /* * Copyright Patrick Powell 1995 @@ -258,6 +258,7 @@ _dopr(char **sbuffer, break; case 'E': flags |= DP_F_UP; + /* fall thru */ case 'e': if (cflags == DP_C_LDOUBLE) fvalue = va_arg(args, LDOUBLE); @@ -269,6 +270,7 @@ _dopr(char **sbuffer, break; case 'G': flags |= DP_F_UP; + /* fall thru */ case 'g': if (cflags == DP_C_LDOUBLE) fvalue = va_arg(args, LDOUBLE); @@ -663,7 +665,7 @@ fmtfp(char **sbuffer, iconvert[iplace++] = "0123456789"[intpart % 10]; intpart = (intpart / 10); } while (intpart && (iplace < (int)sizeof(iconvert))); - if (iplace == sizeof iconvert) + if (iplace == sizeof(iconvert)) iplace--; iconvert[iplace] = 0; @@ -681,7 +683,7 @@ fmtfp(char **sbuffer, fracpart = (fracpart / 10); } - if (fplace == sizeof fconvert) + if (fplace == sizeof(fconvert)) fplace--; fconvert[fplace] = 0; diff --git a/vendor/openssl/crypto/bio/b_sock.c b/vendor/openssl/crypto/bio/b_sock.c index 97dcc7005..fac143278 100644 --- a/vendor/openssl/crypto/bio/b_sock.c +++ b/vendor/openssl/crypto/bio/b_sock.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -317,7 +317,7 @@ int BIO_socket_nbio(int s, int mode) l = fcntl(s, F_GETFL, 0); if (l == -1) { - SYSerr(SYS_F_FCNTL, get_last_rtl_error()); + SYSerr(SYS_F_FCNTL, get_last_sys_error()); ret = -1; } else { # if defined(O_NONBLOCK) @@ -335,7 +335,7 @@ int BIO_socket_nbio(int s, int mode) ret = fcntl(s, F_SETFL, l); if (ret < 0) { - SYSerr(SYS_F_FCNTL, get_last_rtl_error()); + SYSerr(SYS_F_FCNTL, get_last_sys_error()); } } # else diff --git a/vendor/openssl/crypto/bio/b_sock2.c b/vendor/openssl/crypto/bio/b_sock2.c index 7f4d89e55..d8b49d022 100644 --- a/vendor/openssl/crypto/bio/b_sock2.c +++ b/vendor/openssl/crypto/bio/b_sock2.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -172,8 +172,10 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) return 0; # ifndef OPENSSL_SYS_WINDOWS - /* SO_REUSEADDR has different behavior on Windows than on - * other operating systems, don't set it there. */ + /* + * SO_REUSEADDR has different behavior on Windows than on + * other operating systems, don't set it there. + */ if (options & BIO_SOCK_REUSEADDR) { if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) != 0) { SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); @@ -200,7 +202,12 @@ int BIO_listen(int sock, const BIO_ADDR *addr, int options) } # ifdef IPV6_V6ONLY - if ((options & BIO_SOCK_V6_ONLY) && BIO_ADDR_family(addr) == AF_INET6) { + if (BIO_ADDR_family(addr) == AF_INET6) { + /* + * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF. + * Therefore we always have to use setsockopt here. + */ + on = options & BIO_SOCK_V6_ONLY ? 1 : 0; if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) != 0) { SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY); diff --git a/vendor/openssl/crypto/bio/bf_buff.c b/vendor/openssl/crypto/bio/bf_buff.c index b2a387b53..850995615 100644 --- a/vendor/openssl/crypto/bio/bf_buff.c +++ b/vendor/openssl/crypto/bio/bf_buff.c @@ -19,7 +19,7 @@ static int buffer_gets(BIO *h, char *str, int size); static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int buffer_new(BIO *h); static int buffer_free(BIO *data); -static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); #define DEFAULT_BUFFER_SIZE 4096 static const BIO_METHOD methods_buffer = { @@ -388,7 +388,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) return (0); } -static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/vendor/openssl/crypto/bio/bf_lbuf.c b/vendor/openssl/crypto/bio/bf_lbuf.c index b3c2b5eeb..a80f899a0 100644 --- a/vendor/openssl/crypto/bio/bf_lbuf.c +++ b/vendor/openssl/crypto/bio/bf_lbuf.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,7 +20,7 @@ static int linebuffer_gets(BIO *h, char *str, int size); static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int linebuffer_new(BIO *h); static int linebuffer_free(BIO *data); -static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); /* A 10k maximum should be enough for most purposes */ #define DEFAULT_LINEBUFFER_SIZE 1024*10 @@ -116,9 +116,10 @@ static int linebuffer_write(BIO *b, const char *in, int inl) do { const char *p; + char c; - for (p = in; p < in + inl && *p != '\n'; p++) ; - if (*p == '\n') { + for (p = in, c = '\0'; p < in + inl && (c = *p) != '\n'; p++) ; + if (c == '\n') { p++; foundnl = 1; } else @@ -292,7 +293,7 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) return (0); } -static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/vendor/openssl/crypto/bio/bf_nbio.c b/vendor/openssl/crypto/bio/bf_nbio.c index 364d9fb5a..3328506db 100644 --- a/vendor/openssl/crypto/bio/bf_nbio.c +++ b/vendor/openssl/crypto/bio/bf_nbio.c @@ -24,7 +24,7 @@ static int nbiof_gets(BIO *h, char *str, int size); static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int nbiof_new(BIO *h); static int nbiof_free(BIO *data); -static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long nbiof_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); typedef struct nbio_test_st { /* only set if we sent a 'should retry' error */ int lrn; @@ -165,7 +165,7 @@ static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) return (ret); } -static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/vendor/openssl/crypto/bio/bf_null.c b/vendor/openssl/crypto/bio/bf_null.c index 0736b3f2f..6b86aa550 100644 --- a/vendor/openssl/crypto/bio/bf_null.c +++ b/vendor/openssl/crypto/bio/bf_null.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,9 +21,7 @@ static int nullf_read(BIO *h, char *buf, int size); static int nullf_puts(BIO *h, const char *str); static int nullf_gets(BIO *h, char *str, int size); static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int nullf_new(BIO *h); -static int nullf_free(BIO *data); -static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_nullf = { BIO_TYPE_NULL_FILTER, "NULL filter", @@ -32,8 +30,8 @@ static const BIO_METHOD methods_nullf = { nullf_puts, nullf_gets, nullf_ctrl, - nullf_new, - nullf_free, + NULL, + NULL, nullf_callback_ctrl, }; @@ -42,26 +40,6 @@ const BIO_METHOD *BIO_f_null(void) return (&methods_nullf); } -static int nullf_new(BIO *bi) -{ - bi->init = 1; - bi->ptr = NULL; - bi->flags = 0; - return (1); -} - -static int nullf_free(BIO *a) -{ - if (a == NULL) - return (0); - /*- - a->ptr=NULL; - a->init=0; - a->flags=0; - */ - return (1); -} - static int nullf_read(BIO *b, char *out, int outl) { int ret = 0; @@ -111,7 +89,7 @@ static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr) return (ret); } -static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; diff --git a/vendor/openssl/crypto/bio/bio_cb.c b/vendor/openssl/crypto/bio/bio_cb.c index 69ea3d067..412387b6b 100644 --- a/vendor/openssl/crypto/bio/bio_cb.c +++ b/vendor/openssl/crypto/bio/bio_cb.c @@ -27,7 +27,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, if (BIO_CB_RETURN & cmd) r = ret; - len = BIO_snprintf(buf, sizeof buf, "BIO[%p]: ", (void *)bio); + len = BIO_snprintf(buf, sizeof(buf), "BIO[%p]: ", (void *)bio); /* Ignore errors and continue printing the other information. */ if (len < 0) diff --git a/vendor/openssl/crypto/bio/bio_err.c b/vendor/openssl/crypto/bio/bio_err.c index 98c90d6e5..c914dcffd 100644 --- a/vendor/openssl/crypto/bio/bio_err.c +++ b/vendor/openssl/crypto/bio/bio_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,6 +34,7 @@ static ERR_STRING_DATA BIO_str_functs[] = { {ERR_FUNC(BIO_F_BIO_LISTEN), "BIO_listen"}, {ERR_FUNC(BIO_F_BIO_LOOKUP), "BIO_lookup"}, {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"}, + {ERR_FUNC(BIO_F_BIO_METH_NEW), "BIO_meth_new"}, {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, diff --git a/vendor/openssl/crypto/bio/bio_lib.c b/vendor/openssl/crypto/bio/bio_lib.c index 62392c3a5..7b98dc931 100644 --- a/vendor/openssl/crypto/bio/bio_lib.c +++ b/vendor/openssl/crypto/bio/bio_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,6 +42,8 @@ BIO *BIO_new(const BIO_METHOD *method) CRYPTO_THREAD_lock_free(bio->lock); goto err; } + if (method->create == NULL) + bio->init = 1; return bio; @@ -350,9 +352,7 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) return (ret); } -long BIO_callback_ctrl(BIO *b, int cmd, - void (*fp) (struct bio_st *, int, const char *, int, - long, long)) +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret; long (*cb) (BIO *, int, const char *, int, long, long); diff --git a/vendor/openssl/crypto/bio/bio_meth.c b/vendor/openssl/crypto/bio/bio_meth.c index c5f9f7e8e..63a7cccc8 100644 --- a/vendor/openssl/crypto/bio/bio_meth.c +++ b/vendor/openssl/crypto/bio/bio_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,19 +37,25 @@ BIO_METHOD *BIO_meth_new(int type, const char *name) { BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD)); - if (biom != NULL) { - biom->type = type; - biom->name = name; + if (biom == NULL + || (biom->name = OPENSSL_strdup(name)) == NULL) { + OPENSSL_free(biom); + BIOerr(BIO_F_BIO_METH_NEW, ERR_R_MALLOC_FAILURE); + return NULL; } + biom->type = type; return biom; } void BIO_meth_free(BIO_METHOD *biom) { - OPENSSL_free(biom); + if (biom != NULL) { + OPENSSL_free(biom->name); + OPENSSL_free(biom); + } } -int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int) +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int) { return biom->bwrite; } @@ -61,7 +67,7 @@ int BIO_meth_set_write(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int) +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int) { return biom->bread; } @@ -73,7 +79,7 @@ int BIO_meth_set_read(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *) +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *) { return biom->bputs; } @@ -85,7 +91,7 @@ int BIO_meth_set_puts(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int) +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int) { return biom->bgets; } @@ -97,7 +103,7 @@ int BIO_meth_set_gets(BIO_METHOD *biom, return 1; } -long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *) +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *) { return biom->ctrl; } @@ -109,7 +115,7 @@ int BIO_meth_set_ctrl(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_create(BIO_METHOD *biom)) (BIO *) +int (*BIO_meth_get_create(const BIO_METHOD *biom)) (BIO *) { return biom->create; } @@ -120,7 +126,7 @@ int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)) return 1; } -int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *) +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *) { return biom->destroy; } @@ -131,14 +137,14 @@ int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)) return 1; } -long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, bio_info_cb *) +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *) { return biom->callback_ctrl; } int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, - bio_info_cb *)) + BIO_info_cb *)) { biom->callback_ctrl = callback_ctrl; return 1; diff --git a/vendor/openssl/crypto/bio/bss_acpt.c b/vendor/openssl/crypto/bio/bss_acpt.c index 6fb971a50..21d21c16a 100644 --- a/vendor/openssl/crypto/bio/bss_acpt.c +++ b/vendor/openssl/crypto/bio/bss_acpt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,11 +57,11 @@ static const BIO_METHOD methods_acceptp = { acpt_write, acpt_read, acpt_puts, - NULL, /* connect_gets, */ + NULL, /* connect_gets, */ acpt_ctrl, acpt_new, acpt_free, - NULL, + NULL, /* connect_callback_ctrl */ }; const BIO_METHOD *BIO_s_accept(void) @@ -271,6 +271,11 @@ static int acpt_state(BIO *b, BIO_ACCEPT *c) BIO_clear_retry_flags(b); b->retry_reason = 0; + OPENSSL_free(c->cache_peer_name); + c->cache_peer_name = NULL; + OPENSSL_free(c->cache_peer_serv); + c->cache_peer_serv = NULL; + s = BIO_accept_ex(c->accept_sock, &c->cache_peer_addr, c->accepted_mode); diff --git a/vendor/openssl/crypto/bio/bss_conn.c b/vendor/openssl/crypto/bio/bss_conn.c index dfd0988df..e343bcddf 100644 --- a/vendor/openssl/crypto/bio/bss_conn.c +++ b/vendor/openssl/crypto/bio/bss_conn.c @@ -32,7 +32,7 @@ typedef struct bio_connect_st { * The callback should return 'ret'. state is for compatibility with the * ssl info_callback */ - int (*info_callback) (const BIO *bio, int state, int ret); + BIO_info_cb *info_callback; } BIO_CONNECT; static int conn_write(BIO *h, const char *buf, int num); @@ -41,7 +41,7 @@ static int conn_puts(BIO *h, const char *str); static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int conn_new(BIO *h); static int conn_free(BIO *data); -static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *); +static long conn_callback_ctrl(BIO *h, int cmd, BIO_info_cb *); static int conn_state(BIO *b, BIO_CONNECT *c); static void conn_close_socket(BIO *data); @@ -61,7 +61,7 @@ static const BIO_METHOD methods_connectp = { conn_write, conn_read, conn_puts, - NULL, /* connect_gets, */ + NULL, /* conn_gets, */ conn_ctrl, conn_new, conn_free, @@ -71,7 +71,7 @@ static const BIO_METHOD methods_connectp = { static int conn_state(BIO *b, BIO_CONNECT *c) { int ret = -1, i; - int (*cb) (const BIO *, int, int) = NULL; + BIO_info_cb *cb = NULL; if (c->info_callback != NULL) cb = c->info_callback; @@ -469,8 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) * FIXME: the cast of the function seems unlikely to be a good * idea */ - (void)BIO_set_info_callback(dbio, - (bio_info_cb *)data->info_callback); + (void)BIO_set_info_callback(dbio, data->info_callback); } break; case BIO_CTRL_SET_CALLBACK: @@ -486,9 +485,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_GET_CALLBACK: { - int (**fptr) (const BIO *bio, int state, int xret); + BIO_info_cb **fptr; - fptr = (int (**)(const BIO *bio, int state, int xret))ptr; + fptr = (BIO_info_cb **)ptr; *fptr = data->info_callback; } break; @@ -499,7 +498,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) return (ret); } -static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; BIO_CONNECT *data; @@ -509,8 +508,7 @@ static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) switch (cmd) { case BIO_CTRL_SET_CALLBACK: { - data->info_callback = - (int (*)(const struct bio_st *, int, int))fp; + data->info_callback = fp; } break; default: diff --git a/vendor/openssl/crypto/bio/bss_dgram.c b/vendor/openssl/crypto/bio/bss_dgram.c index 81730abe4..c772d956b 100644 --- a/vendor/openssl/crypto/bio/bss_dgram.c +++ b/vendor/openssl/crypto/bio/bss_dgram.c @@ -76,11 +76,11 @@ static const BIO_METHOD methods_dgramp = { dgram_write, dgram_read, dgram_puts, - NULL, /* dgram_gets, */ + NULL, /* dgram_gets, */ dgram_ctrl, dgram_new, dgram_free, - NULL, + NULL, /* dgram_callback_ctrl */ }; # ifndef OPENSSL_NO_SCTP @@ -90,11 +90,11 @@ static const BIO_METHOD methods_dgramp_sctp = { dgram_sctp_write, dgram_sctp_read, dgram_sctp_puts, - NULL, /* dgram_gets, */ + NULL, /* dgram_gets, */ dgram_sctp_ctrl, dgram_sctp_new, dgram_sctp_free, - NULL, + NULL, /* dgram_callback_ctrl */ }; # endif @@ -782,6 +782,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: ret = dgram_get_mtu_overhead(data); break; + + /* + * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility + * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value + * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The + * value has been updated to a non-clashing value. However to preserve + * binary compatiblity we now respond to both the old value and the new one + */ + case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: case BIO_CTRL_DGRAM_SET_PEEK_MODE: data->peekmode = (unsigned int)num; break; @@ -1442,6 +1451,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) * we need to deactivate an old key */ data->ccs_sent = 1; + /* fall-through */ case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD: /* Returns 0 on success, -1 otherwise. */ diff --git a/vendor/openssl/crypto/bio/bss_fd.c b/vendor/openssl/crypto/bio/bss_fd.c index 1e56cb62d..2bd3517df 100644 --- a/vendor/openssl/crypto/bio/bss_fd.c +++ b/vendor/openssl/crypto/bio/bss_fd.c @@ -58,7 +58,8 @@ static int fd_free(BIO *data); int BIO_fd_should_retry(int s); static const BIO_METHOD methods_fdp = { - BIO_TYPE_FD, "file descriptor", + BIO_TYPE_FD, + "file descriptor", fd_write, fd_read, fd_puts, @@ -66,7 +67,7 @@ static const BIO_METHOD methods_fdp = { fd_ctrl, fd_new, fd_free, - NULL, + NULL, /* fd_callback_ctrl */ }; const BIO_METHOD *BIO_s_fd(void) @@ -144,6 +145,7 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) switch (cmd) { case BIO_CTRL_RESET: num = 0; + /* fall thru */ case BIO_C_FILE_SEEK: ret = (long)UP_lseek(b->num, num, 0); break; diff --git a/vendor/openssl/crypto/bio/bss_file.c b/vendor/openssl/crypto/bio/bss_file.c index e3d8c0e48..2edf24483 100644 --- a/vendor/openssl/crypto/bio/bss_file.c +++ b/vendor/openssl/crypto/bio/bss_file.c @@ -58,7 +58,7 @@ static const BIO_METHOD methods_filep = { file_ctrl, file_new, file_free, - NULL, + NULL, /* file_callback_ctrl */ }; BIO *BIO_new_file(const char *filename, const char *mode) @@ -267,15 +267,15 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num & BIO_CLOSE; if (num & BIO_FP_APPEND) { if (num & BIO_FP_READ) - OPENSSL_strlcpy(p, "a+", sizeof p); + OPENSSL_strlcpy(p, "a+", sizeof(p)); else - OPENSSL_strlcpy(p, "a", sizeof p); + OPENSSL_strlcpy(p, "a", sizeof(p)); } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) - OPENSSL_strlcpy(p, "r+", sizeof p); + OPENSSL_strlcpy(p, "r+", sizeof(p)); else if (num & BIO_FP_WRITE) - OPENSSL_strlcpy(p, "w", sizeof p); + OPENSSL_strlcpy(p, "w", sizeof(p)); else if (num & BIO_FP_READ) - OPENSSL_strlcpy(p, "r", sizeof p); + OPENSSL_strlcpy(p, "r", sizeof(p)); else { BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE); ret = 0; @@ -406,7 +406,7 @@ static const BIO_METHOD methods_filep = { file_ctrl, file_new, file_free, - NULL, + NULL, /* file_callback_ctrl */ }; const BIO_METHOD *BIO_s_file(void) diff --git a/vendor/openssl/crypto/bio/bss_log.c b/vendor/openssl/crypto/bio/bss_log.c index 6cbde4d2f..f090e8214 100644 --- a/vendor/openssl/crypto/bio/bss_log.c +++ b/vendor/openssl/crypto/bio/bss_log.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -85,15 +85,16 @@ static void xsyslog(BIO *bp, int priority, const char *string); static void xcloselog(BIO *bp); static const BIO_METHOD methods_slg = { - BIO_TYPE_MEM, "syslog", + BIO_TYPE_MEM, + "syslog", slg_write, - NULL, + NULL, /* slg_read, */ slg_puts, - NULL, + NULL, /* slg_gets, */ slg_ctrl, slg_new, slg_free, - NULL, + NULL, /* slg_callback_ctrl */ }; const BIO_METHOD *BIO_s_log(void) @@ -195,7 +196,7 @@ static int slg_write(BIO *b, const char *in, int inl) if ((buf = OPENSSL_malloc(inl + 1)) == NULL) { return (0); } - strncpy(buf, in, inl); + memcpy(buf, in, inl); buf[inl] = '\0'; i = 0; @@ -403,4 +404,9 @@ static void xcloselog(BIO *bp) # endif /* Unix */ +#else /* NO_SYSLOG */ +const BIO_METHOD *BIO_s_log(void) +{ + return NULL; +} #endif /* NO_SYSLOG */ diff --git a/vendor/openssl/crypto/bio/bss_mem.c b/vendor/openssl/crypto/bio/bss_mem.c index 6dc075dc6..4c0e4d741 100644 --- a/vendor/openssl/crypto/bio/bss_mem.c +++ b/vendor/openssl/crypto/bio/bss_mem.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -33,7 +33,7 @@ static const BIO_METHOD mem_method = { mem_ctrl, mem_new, mem_free, - NULL, + NULL, /* mem_callback_ctrl */ }; static const BIO_METHOD secmem_method = { @@ -46,7 +46,7 @@ static const BIO_METHOD secmem_method = { mem_ctrl, secmem_new, mem_free, - NULL, + NULL, /* mem_callback_ctrl */ }; /* BIO memory stores buffer and read pointer */ @@ -212,6 +212,8 @@ static int mem_write(BIO *b, const char *in, int inl) goto end; } BIO_clear_retry_flags(b); + if (inl == 0) + return 0; blen = bbm->readp->length; mem_buf_sync(b); if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0) diff --git a/vendor/openssl/crypto/bio/bss_null.c b/vendor/openssl/crypto/bio/bss_null.c index e5c4adc87..56f95f9fc 100644 --- a/vendor/openssl/crypto/bio/bss_null.c +++ b/vendor/openssl/crypto/bio/bss_null.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,8 +17,6 @@ static int null_read(BIO *h, char *buf, int size); static int null_puts(BIO *h, const char *str); static int null_gets(BIO *h, char *str, int size); static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int null_new(BIO *h); -static int null_free(BIO *data); static const BIO_METHOD null_method = { BIO_TYPE_NULL, "NULL", @@ -27,9 +25,9 @@ static const BIO_METHOD null_method = { null_puts, null_gets, null_ctrl, - null_new, - null_free, NULL, + NULL, + NULL, /* null_callback_ctrl */ }; const BIO_METHOD *BIO_s_null(void) @@ -37,21 +35,6 @@ const BIO_METHOD *BIO_s_null(void) return (&null_method); } -static int null_new(BIO *bi) -{ - bi->init = 1; - bi->num = 0; - bi->ptr = (NULL); - return (1); -} - -static int null_free(BIO *a) -{ - if (a == NULL) - return (0); - return (1); -} - static int null_read(BIO *b, char *out, int outl) { return (0); diff --git a/vendor/openssl/crypto/bio/bss_sock.c b/vendor/openssl/crypto/bio/bss_sock.c index 570e8985a..992266dc2 100644 --- a/vendor/openssl/crypto/bio/bss_sock.c +++ b/vendor/openssl/crypto/bio/bss_sock.c @@ -41,11 +41,11 @@ static const BIO_METHOD methods_sockp = { sock_write, sock_read, sock_puts, - NULL, /* sock_gets, */ + NULL, /* sock_gets, */ sock_ctrl, sock_new, sock_free, - NULL, + NULL, /* sock_callback_ctrl */ }; const BIO_METHOD *BIO_s_socket(void) diff --git a/vendor/openssl/crypto/bn/asm/alpha-mont.pl b/vendor/openssl/crypto/bn/asm/alpha-mont.pl index 1d68d6d07..963213309 100644 --- a/vendor/openssl/crypto/bn/asm/alpha-mont.pl +++ b/vendor/openssl/crypto/bn/asm/alpha-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -297,15 +297,12 @@ mov sp,$tp mov $bp,$rp # restore rp - and sp,$hi0,$ap - bic $bp,$hi0,$bp - bis $bp,$ap,$ap # ap=borrow?tp:rp - .align 4 -.Lcopy: ldq $aj,0($ap) # copy or in-place refresh +.Lcopy: ldq $aj,0($tp) # conditional copy + ldq $nj,0($rp) lda $tp,8($tp) lda $rp,8($rp) - lda $ap,8($ap) + cmoveq $hi0,$nj,$aj stq zero,-8($tp) # zap tp cmpult $tp,$tj,AT stq $aj,-8($rp) diff --git a/vendor/openssl/crypto/bn/asm/armv4-mont.pl b/vendor/openssl/crypto/bn/asm/armv4-mont.pl index 0dc4fe95e..ddee8b7fa 100644 --- a/vendor/openssl/crypto/bn/asm/armv4-mont.pl +++ b/vendor/openssl/crypto/bn/asm/armv4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -262,14 +262,15 @@ mov $tp,sp @ "rewind" $tp sub $rp,$rp,$aj @ "rewind" $rp - and $ap,$tp,$nhi - bic $np,$rp,$nhi - orr $ap,$ap,$np @ ap=borrow?tp:rp - -.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh +.Lcopy: ldr $tj,[$tp] @ conditional copy + ldr $aj,[$rp] str sp,[$tp],#4 @ zap tp - str $tj,[$rp],#4 - cmp $tp,$num +#ifdef __thumb2__ + it cc +#endif + movcc $aj,$tj + str $aj,[$rp],#4 + teq $tp,$num @ preserve carry bne .Lcopy mov sp,$num diff --git a/vendor/openssl/crypto/bn/asm/ia64-mont.pl b/vendor/openssl/crypto/bn/asm/ia64-mont.pl index 5cc5c599f..0df1fad11 100644 --- a/vendor/openssl/crypto/bn/asm/ia64-mont.pl +++ b/vendor/openssl/crypto/bn/asm/ia64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -341,19 +341,19 @@ { .mmb; sub rptr=rptr,len // rewind sub tptr=tptr,len clrrrb.pr };; -{ .mmi; and aptr=tptr,topbit - andcm bptr=rptr,topbit +{ .mmi; mov aptr=rptr + mov bptr=tptr mov pr.rot=1<<16 };; -{ .mii; or nptr=aptr,bptr +{ .mii; cmp.eq p0,p6=topbit,r0 mov ar.lc=lc - mov ar.ec=3 };; + mov ar.ec=2 };; .Lcopy_ctop: -{ .mmb; (p16) ld8 n[0]=[nptr],8 - (p18) st8 [tptr]=r0,8 - (p16) nop.b 0 } -{ .mmb; (p16) nop.m 0 - (p18) st8 [rptr]=n[2],8 +{ .mmi; (p16) ld8 a[0]=[aptr],8 + (p16) ld8 t[0]=[bptr],8 + (p6) mov a[1]=t[1] };; // (p17) +{ .mmb; (p17) st8 [rptr]=a[1],8 + (p17) st8 [tptr]=r0,8 br.ctop.sptk .Lcopy_ctop };; .Lcopy_cend: diff --git a/vendor/openssl/crypto/bn/asm/mips-mont.pl b/vendor/openssl/crypto/bn/asm/mips-mont.pl index a907571be..e141e1a92 100644 --- a/vendor/openssl/crypto/bn/asm/mips-mont.pl +++ b/vendor/openssl/crypto/bn/asm/mips-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -384,15 +384,13 @@ $PTR_SUB $rp,$num # restore rp not $hi1,$hi0 - and $ap,$hi0,$sp - and $bp,$hi1,$rp - or $ap,$ap,$bp # ap=borrow?tp:rp - -.align 4 -.Lcopy: $LD $aj,($ap) - $PTR_ADD $ap,$BNSZ +.Lcopy: $LD $nj,($tp) # conditional move + $LD $aj,($rp) $ST $zero,($tp) $PTR_ADD $tp,$BNSZ + and $nj,$hi0 + and $aj,$hi1 + or $aj,$nj sltu $at,$tp,$tj $ST $aj,($rp) bnez $at,.Lcopy diff --git a/vendor/openssl/crypto/bn/asm/parisc-mont.pl b/vendor/openssl/crypto/bn/asm/parisc-mont.pl index 8aa94e851..cd9926a25 100644 --- a/vendor/openssl/crypto/bn/asm/parisc-mont.pl +++ b/vendor/openssl/crypto/bn/asm/parisc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -517,7 +517,6 @@ stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp ___ $code.=<<___ if ($BN_SZ==8); ldd,ma 8($tp),$ti0 @@ -532,21 +531,19 @@ extrd,u $ti0,31,32,$ti0 ; carry in flipped word order sub,db $ti0,%r0,$hi1 - ldo -8($tp),$tp ___ $code.=<<___; - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np - + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy - ldd $idx($np),$hi0 + ldd 0($tp),$ti0 + ldd 0($rp),$hi0 std,ma %r0,8($tp) - addib,<> 8,$idx,.-8 ; L\$copy - std,ma $hi0,8($rp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 + addib,<> 8,$idx,L\$copy + std,ma $hi0,8($rp) ___ if ($BN_SZ==4) { # PA-RISC 1.1 code-path @@ -856,17 +853,16 @@ stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy_pa11 - ldwx $idx($np),$hi0 + ldw 0($tp),$ti0 + ldw 0($rp),$hi0 stws,ma %r0,4($tp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 addib,<> 4,$idx,L\$copy_pa11 stws,ma $hi0,4($rp) diff --git a/vendor/openssl/crypto/bn/asm/ppc-mont.pl b/vendor/openssl/crypto/bn/asm/ppc-mont.pl index 5802260ca..9d14a1215 100644 --- a/vendor/openssl/crypto/bn/asm/ppc-mont.pl +++ b/vendor/openssl/crypto/bn/asm/ppc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -301,15 +301,16 @@ li $j,0 mtctr $num subfe $ovf,$j,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp .align 4 -Lcopy: ; copy or in-place refresh - $LDX $tj,$ap,$j - $STX $tj,$rp,$j +Lcopy: ; conditional copy + $LDX $tj,$tp,$j + $LDX $aj,$rp,$j + and $tj,$tj,$ovf + andc $aj,$aj,$ovf $STX $j,$tp,$j ; zap at once + or $aj,$aj,$tj + $STX $aj,$rp,$j addi $j,$j,$BNSZ bdnz Lcopy diff --git a/vendor/openssl/crypto/bn/asm/ppc64-mont.pl b/vendor/openssl/crypto/bn/asm/ppc64-mont.pl index 1e19c958a..5d9f43aa5 100644 --- a/vendor/openssl/crypto/bn/asm/ppc64-mont.pl +++ b/vendor/openssl/crypto/bn/asm/ppc64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1501,16 +1501,14 @@ li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp - addi $t7,$ap,8 mtctr $j .align 4 -Lcopy: ; copy or in-place refresh - ldx $t0,$ap,$i - ldx $t1,$t7,$i +Lcopy: ; conditional copy + ldx $t0,$tp,$i + ldx $t1,$t4,$i + ldx $t2,$rp,$i + ldx $t3,$t6,$i std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1519,6 +1517,12 @@ std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + andc $t2,$t2,$ovf + andc $t3,$t3,$ovf + or $t0,$t0,$t2 + or $t1,$t1,$t3 stdx $t0,$rp,$i stdx $t1,$t6,$i stdx $i,$tp,$i ; zap tp at once @@ -1561,20 +1565,21 @@ li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - addi $tp,$sp,`$FRAME+$TRANSFER+4` + addi $ap,$sp,`$FRAME+$TRANSFER+4` subf $rp,$num,$rp ; rewind rp - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp addi $tp,$sp,`$FRAME+$TRANSFER` mtctr $j .align 4 -Lcopy: ; copy or in-place refresh +Lcopy: ; conditional copy lwz $t0,4($ap) lwz $t1,8($ap) lwz $t2,12($ap) lwzu $t3,16($ap) + lwz $t4,4($rp) + lwz $t5,8($rp) + lwz $t6,12($rp) + lwz $t7,16($rp) std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1583,6 +1588,18 @@ std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + and $t2,$t2,$ovf + and $t3,$t3,$ovf + andc $t4,$t4,$ovf + andc $t5,$t5,$ovf + andc $t6,$t6,$ovf + andc $t7,$t7,$ovf + or $t0,$t0,$t4 + or $t1,$t1,$t5 + or $t2,$t2,$t6 + or $t3,$t3,$t7 stw $t0,4($rp) stw $t1,8($rp) stw $t2,12($rp) diff --git a/vendor/openssl/crypto/bn/asm/rsaz-avx2.pl b/vendor/openssl/crypto/bn/asm/rsaz-avx2.pl index 0c1b236ef..0466e11a2 100755 --- a/vendor/openssl/crypto/bn/asm/rsaz-avx2.pl +++ b/vendor/openssl/crypto/bn/asm/rsaz-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -104,7 +104,7 @@ $addx = ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); @@ -246,7 +246,7 @@ vmovdqu 32*8-128($ap), $ACC8 lea 192(%rsp), $tp0 # 64+128=192 - vpbroadcastq .Land_mask(%rip), $AND_MASK + vmovdqu .Land_mask(%rip), $AND_MASK jmp .LOOP_GRANDE_SQR_1024 .align 32 @@ -1077,10 +1077,10 @@ vpmuludq 32*6-128($np),$Yi,$TEMP1 vpaddq $TEMP1,$ACC6,$ACC6 vpmuludq 32*7-128($np),$Yi,$TEMP2 - vpblendd \$3, $ZERO, $ACC9, $ACC9 # correct $ACC3 + vpblendd \$3, $ZERO, $ACC9, $TEMP1 # correct $ACC3 vpaddq $TEMP2,$ACC7,$ACC7 vpmuludq 32*8-128($np),$Yi,$TEMP0 - vpaddq $ACC9, $ACC3, $ACC3 # correct $ACC3 + vpaddq $TEMP1, $ACC3, $ACC3 # correct $ACC3 vpaddq $TEMP0,$ACC8,$ACC8 mov %rbx, %rax @@ -1093,7 +1093,9 @@ vmovdqu -8+32*2-128($ap),$TEMP2 mov $r1, %rax + vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct $ACC3 imull $n0, %eax + vpaddq $ACC9,$ACC4,$ACC4 # correct $ACC3 and \$0x1fffffff, %eax imulq 16-128($ap),%rbx @@ -1329,15 +1331,12 @@ # But as we underutilize resources, it's possible to correct in # each iteration with marginal performance loss. But then, as # we do it in each iteration, we can correct less digits, and -# avoid performance penalties completely. Also note that we -# correct only three digits out of four. This works because -# most significant digit is subjected to less additions. +# avoid performance penalties completely. $TEMP0 = $ACC9; $TEMP3 = $Bi; $TEMP4 = $Yi; $code.=<<___; - vpermq \$0, $AND_MASK, $AND_MASK vpaddq (%rsp), $TEMP1, $ACC0 vpsrlq \$29, $ACC0, $TEMP1 @@ -1770,7 +1769,7 @@ .align 64 .Land_mask: - .quad 0x1fffffff,0x1fffffff,0x1fffffff,-1 + .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff .Lscatter_permd: .long 0,2,4,6,7,7,7,7 .Lgather_permd: diff --git a/vendor/openssl/crypto/bn/asm/s390x-mont.pl b/vendor/openssl/crypto/bn/asm/s390x-mont.pl index 2205bc2ca..66780cdf8 100644 --- a/vendor/openssl/crypto/bn/asm/s390x-mont.pl +++ b/vendor/openssl/crypto/bn/asm/s390x-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -252,16 +252,16 @@ brct $count,.Lsub lghi $ahi,0 slbgr $AHI,$ahi # handle upmost carry - - ngr $ap,$AHI - lghi $np,-1 - xgr $np,$AHI - ngr $np,$rp - ogr $ap,$np # ap=borrow?tp:rp + lghi $NHI,-1 + xgr $NHI,$AHI la $j,0(%r0) lgr $count,$num -.Lcopy: lg $alo,0($j,$ap) # copy or in-place refresh +.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy + lg $alo,0($j,$rp) + ngr $ahi,$AHI + ngr $alo,$NHI + ogr $alo,$ahi _dswap $alo stg $j,$stdframe($j,$sp) # zap tp stg $alo,0($j,$rp) diff --git a/vendor/openssl/crypto/bn/asm/sparct4-mont.pl b/vendor/openssl/crypto/bn/asm/sparct4-mont.pl index 4faf66f10..4f339b227 100755 --- a/vendor/openssl/crypto/bn/asm/sparct4-mont.pl +++ b/vendor/openssl/crypto/bn/asm/sparct4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -888,19 +888,17 @@ () sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy @@ -1136,19 +1134,17 @@ () sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy_g5 sub $num, 8, $cnt .align 16 -.Lcopy_g5: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy_g5: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy_g5 diff --git a/vendor/openssl/crypto/bn/asm/sparcv9-mont.pl b/vendor/openssl/crypto/bn/asm/sparcv9-mont.pl index 6807c8b6e..074f9df14 100644 --- a/vendor/openssl/crypto/bn/asm/sparcv9-mont.pl +++ b/vendor/openssl/crypto/bn/asm/sparcv9-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -265,7 +265,6 @@ .Ltail: add $np,$num,$np add $rp,$num,$rp - mov $tp,$ap sub %g0,$num,%o7 ! k=-num ba .Lsub subcc %g0,%g0,%g0 ! clear %icc.c @@ -278,15 +277,14 @@ add %o7,4,%o7 brnz %o7,.Lsub st %o1,[$i] - subc $car2,0,$car2 ! handle upmost overflow bit - and $tp,$car2,$ap - andn $rp,$car2,$np - or $ap,$np,$ap + subccc $car2,0,$car2 ! handle upmost overflow bit sub %g0,$num,%o7 .Lcopy: - ld [$ap+%o7],%o0 ! copy or in-place refresh + ld [$tp+%o7],%o1 ! conditional copy + ld [$rp+%o7],%o0 st %g0,[$tp+%o7] ! zap tp + movcs %icc,%o1,%o0 st %o0,[$rp+%o7] add %o7,4,%o7 brnz %o7,.Lcopy @@ -495,6 +493,9 @@ mulx $npj,$mul1,$acc1 add $tpj,$car1,$car1 ld [$np+$j],$npj ! np[j] + srlx $car1,32,$tmp0 + and $car1,$mask,$car1 + add $tmp0,$sbit,$sbit add $acc0,$car1,$car1 ld [$tp+8],$tpj ! tp[j] add $acc1,$car1,$car1 diff --git a/vendor/openssl/crypto/bn/asm/via-mont.pl b/vendor/openssl/crypto/bn/asm/via-mont.pl index 9f81bc822..9d65a146a 100644 --- a/vendor/openssl/crypto/bn/asm/via-mont.pl +++ b/vendor/openssl/crypto/bn/asm/via-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -213,18 +213,15 @@ &mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit &sbb ("eax",0); - &and ("esi","eax"); - ¬ ("eax"); - &mov ("ebp","edi"); - &and ("ebp","eax"); - &or ("esi","ebp"); # tp=carry?tp:rp &mov ("ecx","edx"); # num - &xor ("edx","edx"); # i=0 + &mov ("edx",0); # i=0 &set_label("copy",8); - &mov ("eax",&DWP(0,"esi","edx",4)); - &mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp + &mov ("ebx",&DWP(0,"esi","edx",4)); + &mov ("eax",&DWP(0,"edi","edx",4)); + &mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp + &cmovc ("eax","ebx"); &mov (&DWP(0,"edi","edx",4),"eax"); &lea ("edx",&DWP(1,"edx")); # i++ &loop (&label("copy")); diff --git a/vendor/openssl/crypto/bn/asm/vis3-mont.pl b/vendor/openssl/crypto/bn/asm/vis3-mont.pl index 64dba4480..ba34b36a8 100644 --- a/vendor/openssl/crypto/bn/asm/vis3-mont.pl +++ b/vendor/openssl/crypto/bn/asm/vis3-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -310,23 +310,23 @@ sub $anp, $num, $anp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ld [$ap+0], $t2 - ld [$ap+4], $t3 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ld [$tp+0], $t0 + ld [$tp+4], $t1 + ld [$rp+0], $t2 + ld [$rp+4], $t3 stx %g0, [$tp] ! zap add $tp, 8, $tp stx %g0, [$anp] ! zap stx %g0, [$anp+8] add $anp, 16, $anp + movcs %icc, $t0, $t2 + movcs %icc, $t1, $t3 st $t3, [$rp+0] ! flip order st $t2, [$rp+4] add $rp, 8, $rp diff --git a/vendor/openssl/crypto/bn/asm/x86-mont.pl b/vendor/openssl/crypto/bn/asm/x86-mont.pl index 678750366..f1abcc5b4 100755 --- a/vendor/openssl/crypto/bn/asm/x86-mont.pl +++ b/vendor/openssl/crypto/bn/asm/x86-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -604,16 +604,18 @@ &jge (&label("sub")); &sbb ("eax",0); # handle upmost overflow bit - &and ($tp,"eax"); - ¬ ("eax"); - &mov ($np,$rp); - &and ($np,"eax"); - &or ($tp,$np); # tp=carry?tp:rp - -&set_label("copy",16); # copy or in-place refresh - &mov ("eax",&DWP(0,$tp,$num,4)); - &mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i] + &mov ("edx",-1); + &xor ("edx","eax"); + &jmp (&label("copy")); + +&set_label("copy",16); # conditional copy + &mov ($tp,&DWP($frame,"esp",$num,4)); + &mov ($np,&DWP(0,$rp,$num,4)); &mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector + &and ($tp,"eax"); + &and ($np,"edx"); + &or ($np,$tp); + &mov (&DWP(0,$rp,$num,4),$np); &dec ($num); &jge (&label("copy")); diff --git a/vendor/openssl/crypto/bn/asm/x86.pl b/vendor/openssl/crypto/bn/asm/x86.pl deleted file mode 100644 index d57571db5..000000000 --- a/vendor/openssl/crypto/bn/asm/x86.pl +++ /dev/null @@ -1,38 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -require("x86/mul_add.pl"); -require("x86/mul.pl"); -require("x86/sqr.pl"); -require("x86/div.pl"); -require("x86/add.pl"); -require("x86/sub.pl"); -require("x86/comba.pl"); - -$output = pop; -open STDOUT,">$output"; - -&asm_init($ARGV[0],$0); - -&bn_mul_add_words("bn_mul_add_words"); -&bn_mul_words("bn_mul_words"); -&bn_sqr_words("bn_sqr_words"); -&bn_div_words("bn_div_words"); -&bn_add_words("bn_add_words"); -&bn_sub_words("bn_sub_words"); -&bn_mul_comba("bn_mul_comba8",8); -&bn_mul_comba("bn_mul_comba4",4); -&bn_sqr_comba("bn_sqr_comba8",8); -&bn_sqr_comba("bn_sqr_comba4",4); - -&asm_finish(); - -close STDOUT; diff --git a/vendor/openssl/crypto/bn/asm/x86_64-gcc.c b/vendor/openssl/crypto/bn/asm/x86_64-gcc.c index 4f19abe43..621be3305 100644 --- a/vendor/openssl/crypto/bn/asm/x86_64-gcc.c +++ b/vendor/openssl/crypto/bn/asm/x86_64-gcc.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -64,12 +64,6 @@ * machine. */ -# if defined(_WIN64) || !defined(__LP64__) -# define BN_ULONG unsigned long long -# else -# define BN_ULONG unsigned long -# endif - # undef mul # undef mul_add @@ -225,9 +219,10 @@ BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, " adcq (%5,%2,8),%0 \n" " movq %0,(%3,%2,8) \n" " lea 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&r" (ret), "+c"(n), - "+r"(i) + " dec %1 \n" + " jnz 1b \n" + " sbbq %0,%0 \n" + :"=&r" (ret), "+c"(n), "+r"(i) :"r"(rp), "r"(ap), "r"(bp) :"cc", "memory"); @@ -251,9 +246,10 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, " sbbq (%5,%2,8),%0 \n" " movq %0,(%3,%2,8) \n" " lea 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n":"=&r" (ret), "+c"(n), - "+r"(i) + " dec %1 \n" + " jnz 1b \n" + " sbbq %0,%0 \n" + :"=&r" (ret), "+c"(n), "+r"(i) :"r"(rp), "r"(ap), "r"(bp) :"cc", "memory"); diff --git a/vendor/openssl/crypto/bn/asm/x86_64-mont.pl b/vendor/openssl/crypto/bn/asm/x86_64-mont.pl index df4cca5bf..8d2fb2ceb 100755 --- a/vendor/openssl/crypto/bn/asm/x86_64-mont.pl +++ b/vendor/openssl/crypto/bn/asm/x86_64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -302,30 +302,30 @@ xor $i,$i # i=0 and clear CF! mov (%rsp),%rax # tp[0] - lea (%rsp),$ap # borrow ap for tp mov $num,$j # j=num - jmp .Lsub + .align 16 .Lsub: sbb ($np,$i,8),%rax mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] - mov 8($ap,$i,8),%rax # tp[i+1] + mov 8(%rsp,$i,8),%rax # tp[i+1] lea 1($i),$i # i++ dec $j # doesnn't affect CF! jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx # not %rax xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax - mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx + mov $num,(%rsp,$i,8) # zap temporary vector + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy @@ -695,10 +695,10 @@ my @ri=("%rax","%rdx",$m0,$m1); $code.=<<___; mov 16(%rsp,$num,8),$rp # restore $rp + lea -4($num),$j mov 0(%rsp),@ri[0] # tp[0] - pxor %xmm0,%xmm0 mov 8(%rsp),@ri[1] # tp[1] - shr \$2,$num # num/=4 + shr \$2,$j # j=num/4-1 lea (%rsp),$ap # borrow ap for tp xor $i,$i # i=0 and clear CF! @@ -706,9 +706,7 @@ mov 16($ap),@ri[2] # tp[2] mov 24($ap),@ri[3] # tp[3] sbb 8($np),@ri[1] - lea -1($num),$j # j=num/4-1 - jmp .Lsub4x -.align 16 + .Lsub4x: mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] @@ -735,34 +733,35 @@ sbb \$0,@ri[0] # handle upmost overflow bit mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] - xor $i,$i # i=0 - and @ri[0],$ap - not @ri[0] - mov $rp,$np - and @ri[0],$np - lea -1($num),$j - or $np,$ap # ap=borrow?tp:rp - - movdqu ($ap),%xmm1 - movdqa %xmm0,(%rsp) - movdqu %xmm1,($rp) + pxor %xmm0,%xmm0 + movq @ri[0],%xmm4 + pcmpeqd %xmm5,%xmm5 + pshufd \$0,%xmm4,%xmm4 + mov $num,$j + pxor %xmm4,%xmm5 + shr \$2,$j # j=num/4 + xor %eax,%eax # i=0 + jmp .Lcopy4x .align 16 -.Lcopy4x: # copy or in-place refresh - movdqu 16($ap,$i),%xmm2 - movdqu 32($ap,$i),%xmm1 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) - movdqa %xmm0,32(%rsp,$i) - movdqu %xmm1,32($rp,$i) - lea 32($i),$i +.Lcopy4x: # conditional copy + movdqa (%rsp,%rax),%xmm1 + movdqu ($rp,%rax),%xmm2 + pand %xmm4,%xmm1 + pand %xmm5,%xmm2 + movdqa 16(%rsp,%rax),%xmm3 + movdqa %xmm0,(%rsp,%rax) + por %xmm2,%xmm1 + movdqu 16($rp,%rax),%xmm2 + movdqu %xmm1,($rp,%rax) + pand %xmm4,%xmm3 + pand %xmm5,%xmm2 + movdqa %xmm0,16(%rsp,%rax) + por %xmm2,%xmm3 + movdqu %xmm3,16($rp,%rax) + lea 32(%rax),%rax dec $j jnz .Lcopy4x - - shl \$2,$num - movdqu 16($ap,$i),%xmm2 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) ___ } $code.=<<___; diff --git a/vendor/openssl/crypto/bn/asm/x86_64-mont5.pl b/vendor/openssl/crypto/bn/asm/x86_64-mont5.pl index 6807ab5cf..97d8eee70 100755 --- a/vendor/openssl/crypto/bn/asm/x86_64-mont5.pl +++ b/vendor/openssl/crypto/bn/asm/x86_64-mont5.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -414,18 +414,19 @@ jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy @@ -3099,11 +3100,19 @@ .align 32 .Lsqrx8x_break: - sub 16+8(%rsp),%r8 # consume last carry + xor $zero,$zero + sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf + adcx $zero,%r8 mov 24+8(%rsp),$carry # initial $tptr, borrow $carry + adcx $zero,%r9 mov 0*8($aptr),%rdx # a[8], modulo-scheduled - xor %ebp,%ebp # xor $zero,$zero + adc \$0,%r10 mov %r8,0*8($tptr) + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 cmp $carry,$tptr # cf=0, of=0 je .Lsqrx8x_outer_loop diff --git a/vendor/openssl/crypto/bn/bn_add.c b/vendor/openssl/crypto/bn/bn_add.c index 6479650af..7cdefa77a 100644 --- a/vendor/openssl/crypto/bn/bn_add.c +++ b/vendor/openssl/crypto/bn/bn_add.c @@ -141,9 +141,13 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) borrow &= (t1 == 0); } + while (max && *--rp == 0) + max--; + r->top = max; r->neg = 0; - bn_correct_top(r); + bn_pollute(r); + return 1; } diff --git a/vendor/openssl/crypto/bn/bn_blind.c b/vendor/openssl/crypto/bn/bn_blind.c index 24d138309..9474e21e4 100644 --- a/vendor/openssl/crypto/bn/bn_blind.c +++ b/vendor/openssl/crypto/bn/bn_blind.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -109,10 +109,15 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) goto err; } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) { - if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) - goto err; - if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)) - goto err; + if (b->m_ctx != NULL) { + if (!bn_mul_mont_fixed_top(b->Ai, b->Ai, b->Ai, b->m_ctx, ctx) + || !bn_mul_mont_fixed_top(b->A, b->A, b->A, b->m_ctx, ctx)) + goto err; + } else { + if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx) + || !BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) + goto err; + } } ret = 1; @@ -144,13 +149,13 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) else if (!BN_BLINDING_update(b, ctx)) return (0); - if (r != NULL) { - if (!BN_copy(r, b->Ai)) - ret = 0; - } + if (r != NULL && (BN_copy(r, b->Ai) == NULL)) + return 0; - if (!BN_mod_mul(n, n, b->A, b->mod, ctx)) - ret = 0; + if (b->m_ctx != NULL) + ret = BN_mod_mul_montgomery(n, n, b->A, b->m_ctx, ctx); + else + ret = BN_mod_mul(n, n, b->A, b->mod, ctx); return ret; } @@ -167,14 +172,29 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, bn_check_top(n); - if (r != NULL) - ret = BN_mod_mul(n, n, r, b->mod, ctx); - else { - if (b->Ai == NULL) { - BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); - return (0); + if (r == NULL && (r = b->Ai) == NULL) { + BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); + return 0; + } + + if (b->m_ctx != NULL) { + /* ensure that BN_mod_mul_montgomery takes pre-defined path */ + if (n->dmax >= r->top) { + size_t i, rtop = r->top, ntop = n->top; + BN_ULONG mask; + + for (i = 0; i < rtop; i++) { + mask = (BN_ULONG)0 - ((i - ntop) >> (8 * sizeof(i) - 1)); + n->d[i] &= mask; + } + mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1)); + /* always true, if (rtop >= ntop) n->top = r->top; */ + n->top = (int)(rtop & ~mask) | (ntop & mask); + n->flags |= (BN_FLG_FIXED_TOP & ~mask); } - ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); + ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx); + } else { + ret = BN_mod_mul(n, n, r, b->mod, ctx); } bn_check_top(n); @@ -253,31 +273,35 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, int rv; if (!BN_rand_range(ret->A, ret->mod)) goto err; - if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) { - /* - * this should almost never happen for good RSA keys - */ - if (rv) { - if (retry_counter-- == 0) { - BNerr(BN_F_BN_BLINDING_CREATE_PARAM, - BN_R_TOO_MANY_ITERATIONS); - goto err; - } - } else - goto err; - } else + if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) break; + + /* + * this should almost never happen for good RSA keys + */ + if (!rv) + goto err; + + if (retry_counter-- == 0) { + BNerr(BN_F_BN_BLINDING_CREATE_PARAM, BN_R_TOO_MANY_ITERATIONS); + goto err; + } } while (1); if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { - if (!ret->bn_mod_exp - (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) + if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) goto err; } else { if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) goto err; } + if (ret->m_ctx != NULL) { + if (!bn_to_mont_fixed_top(ret->Ai, ret->Ai, ret->m_ctx, ctx) + || !bn_to_mont_fixed_top(ret->A, ret->A, ret->m_ctx, ctx)) + goto err; + } + return ret; err: if (b == NULL) { diff --git a/vendor/openssl/crypto/bn/bn_div.c b/vendor/openssl/crypto/bn/bn_div.c index 5e620b209..884ff2991 100644 --- a/vendor/openssl/crypto/bn/bn_div.c +++ b/vendor/openssl/crypto/bn/bn_div.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -240,6 +240,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, wnum.neg = 0; wnum.d = &(snum->d[loop]); wnum.top = div_n; + wnum.flags = BN_FLG_STATIC_DATA; /* * only needed when BN_ucmp messes up the values between top and max */ diff --git a/vendor/openssl/crypto/bn/bn_exp.c b/vendor/openssl/crypto/bn/bn_exp.c index feeb7649a..a6ad475a0 100644 --- a/vendor/openssl/crypto/bn/bn_exp.c +++ b/vendor/openssl/crypto/bn/bn_exp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -43,7 +43,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int i, bits, ret = 0; BIGNUM *v, *rr; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -143,7 +144,9 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, if (BN_is_odd(m)) { # ifdef MONT_EXP_WORD if (a->top == 1 && !a->neg - && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) { + && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0) + && (BN_get_flags(a, BN_FLG_CONSTTIME) == 0) + && (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) { BN_ULONG A = a->d[0]; ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL); } else @@ -175,7 +178,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BIGNUM *val[TABLE_SIZE]; BN_RECP_CTX recp; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -183,8 +188,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { @@ -309,7 +314,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BIGNUM *val[TABLE_SIZE]; BN_MONT_CTX *mont = NULL; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); } @@ -323,8 +330,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -364,17 +371,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ret = 1; goto err; } - if (!BN_to_montgomery(val[0], aa, mont, ctx)) + if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx)) goto err; /* 1 */ window = BN_window_bits_for_exponent_size(bits); if (window > 1) { - if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) + if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx)) goto err; /* 2 */ j = 1 << (window - 1); for (i = 1; i < j; i++) { if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx)) + !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx)) goto err; } } @@ -396,19 +403,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, for (i = 1; i < j; i++) r->d[i] = (~m->d[i]) & BN_MASK2; r->top = j; - /* - * Upper words will be zero if the corresponding words of 'm' were - * 0xfff[...], so decrement r->top accordingly. - */ - bn_correct_top(r); + r->flags |= BN_FLG_FIXED_TOP; } else #endif - if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx)) goto err; for (;;) { if (BN_is_bit_set(p, wstart) == 0) { if (!start) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) goto err; } if (wstart == 0) @@ -439,12 +442,12 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* add the 'bytes above' */ if (!start) for (i = 0; i < j; i++) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) goto err; } /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx)) goto err; /* move the 'window' down further */ @@ -454,6 +457,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (wstart < 0) break; } + /* + * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery + * removes padding [if any] and makes return value suitable for public + * API consumer. + */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { j = mont->N.top; /* borrow j */ @@ -580,7 +588,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, } b->top = top; - bn_correct_top(b); + b->flags |= BN_FLG_FIXED_TOP; return 1; } @@ -626,10 +634,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, top = m->top; - bits = BN_num_bits(p); + /* + * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak + * whether the top bits are zero. + */ + bits = p->top * BN_BITS2; if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -746,16 +758,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, tmp.top = top; } else #endif - if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx)) goto err; /* prepare a^1 in Montgomery domain */ if (a->neg || BN_ucmp(a, m) >= 0) { if (!BN_mod(&am, a, m, ctx)) goto err; - if (!BN_to_montgomery(&am, &am, mont, ctx)) + if (!bn_to_mont_fixed_top(&am, &am, mont, ctx)) goto err; - } else if (!BN_to_montgomery(&am, a, mont, ctx)) + } else if (!bn_to_mont_fixed_top(&am, a, mont, ctx)) goto err; #if defined(SPARC_T4_MONT) @@ -1022,14 +1034,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, * performance advantage of sqr over mul). */ if (window > 1) { - if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, window)) goto err; for (i = 3; i < numPowers; i++) { /* Calculate a^i = a^(i-1) * a */ - if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, window)) @@ -1053,7 +1065,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* Scan the window, squaring the result as we go */ for (i = 0; i < window; i++, bits--) { - if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx)) goto err; wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); } @@ -1066,12 +1078,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; /* Multiply the result into the intermediate result */ - if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx)) goto err; } } - /* Convert the final result from montgomery to standard format */ + /* + * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery + * removes padding [if any] and makes return value suitable for public + * API consumer. + */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { am.d[0] = 1; /* borrow am */ @@ -1121,7 +1137,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -1139,8 +1156,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1252,16 +1269,18 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, /* Table of variables obtained from 'ctx' */ BIGNUM *val[TABLE_SIZE]; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + if (bits == 0) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { diff --git a/vendor/openssl/crypto/bn/bn_gcd.c b/vendor/openssl/crypto/bn/bn_gcd.c index 067642644..bed231c8f 100644 --- a/vendor/openssl/crypto/bn/bn_gcd.c +++ b/vendor/openssl/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -140,7 +140,14 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, BIGNUM *ret = NULL; int sign; - if (pnoinv) + /* This is invalid input so we don't worry about constant time here */ + if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { + if (pnoinv != NULL) + *pnoinv = 1; + return NULL; + } + + if (pnoinv != NULL) *pnoinv = 0; if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) diff --git a/vendor/openssl/crypto/bn/bn_gf2m.c b/vendor/openssl/crypto/bn/bn_gf2m.c index b1987f55d..d80f3ec94 100644 --- a/vendor/openssl/crypto/bn/bn_gf2m.c +++ b/vendor/openssl/crypto/bn/bn_gf2m.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,30 +32,32 @@ */ # define MAX_ITERATIONS 50 -static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, - 64, 65, 68, 69, 80, 81, 84, 85 -}; +# define SQR_nibble(w) ((((w) & 8) << 3) \ + | (((w) & 4) << 2) \ + | (((w) & 2) << 1) \ + | ((w) & 1)) + /* Platform-specific macros to accelerate squaring. */ # if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) # define SQR1(w) \ - SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ - SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ - SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ - SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] + SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \ + SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \ + SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \ + SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32) # define SQR0(w) \ - SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ - SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \ + SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \ + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # ifdef THIRTY_TWO_BIT # define SQR1(w) \ - SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ - SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] + SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \ + SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16) # define SQR0(w) \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # if !defined(OPENSSL_BN_ASM_GF2m) diff --git a/vendor/openssl/crypto/bn/bn_intern.c b/vendor/openssl/crypto/bn/bn_intern.c index 2c970647d..7b25927f9 100644 --- a/vendor/openssl/crypto/bn/bn_intern.c +++ b/vendor/openssl/crypto/bn/bn_intern.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -177,16 +177,20 @@ BN_ULONG *bn_get_words(const BIGNUM *a) return a->d; } -void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size) +void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size) { - a->d = words; + /* + * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA + * flag, which effectively means "read-only data". + */ + a->d = (BN_ULONG *)words; a->dmax = a->top = size; a->neg = 0; a->flags |= BN_FLG_STATIC_DATA; bn_correct_top(a); } -int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words) +int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words) { if (bn_wexpand(a, num_words) == NULL) { BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE); diff --git a/vendor/openssl/crypto/bn/bn_lcl.h b/vendor/openssl/crypto/bn/bn_lcl.h index 5fb381455..4d9808f5b 100644 --- a/vendor/openssl/crypto/bn/bn_lcl.h +++ b/vendor/openssl/crypto/bn/bn_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -145,7 +145,16 @@ extern "C" { */ # ifdef BN_DEBUG - +/* + * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with + * bn_correct_top, in other words such vectors are permitted to have zeros + * in most significant limbs. Such vectors are used internally to achieve + * execution time invariance for critical operations with private keys. + * It's BN_DEBUG-only flag, because user application is not supposed to + * observe it anyway. Moreover, optimizing compiler would actually remove + * all operations manipulating the bit in question in non-BN_DEBUG build. + */ +# define BN_FLG_FIXED_TOP 0x10000 # ifdef BN_DEBUG_RAND /* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ # ifndef RAND_bytes @@ -177,8 +186,10 @@ int RAND_bytes(unsigned char *buf, int num); do { \ const BIGNUM *_bnum2 = (a); \ if (_bnum2 != NULL) { \ - OPENSSL_assert(((_bnum2->top == 0) && !_bnum2->neg) || \ - (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \ + int _top = _bnum2->top; \ + OPENSSL_assert((_top == 0 && !_bnum2->neg) || \ + (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ + || _bnum2->d[_top - 1] != 0))); \ bn_pollute(_bnum2); \ } \ } while(0) @@ -197,6 +208,7 @@ int RAND_bytes(unsigned char *buf, int num); # else /* !BN_DEBUG */ +# define BN_FLG_FIXED_TOP 0 # define bn_pollute(a) # define bn_check_top(a) # define bn_fix_top(a) bn_correct_top(a) @@ -228,7 +240,8 @@ struct bignum_st { /* Used for montgomery multiplication */ struct bn_mont_ctx_st { int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM RR; /* used to convert to montgomery form, + possibly zero-padded */ BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only * stored for bignum algorithm) */ diff --git a/vendor/openssl/crypto/bn/bn_lib.c b/vendor/openssl/crypto/bn/bn_lib.c index 17d34c319..3f3c7bbb2 100644 --- a/vendor/openssl/crypto/bn/bn_lib.c +++ b/vendor/openssl/crypto/bn/bn_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ #include "internal/cryptlib.h" #include "bn_lcl.h" #include +#include "internal/constant_time_locl.h" /* This stuff appears to be completely unused, so is deprecated */ #if OPENSSL_API_COMPAT < 0x00908000L @@ -88,74 +89,47 @@ const BIGNUM *BN_value_one(void) int BN_num_bits_word(BN_ULONG l) { - static const unsigned char bits[256] = { - 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, - 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - }; - -#if defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffffffff00000000L) { - if (l & 0xffff000000000000L) { - if (l & 0xff00000000000000L) { - return (bits[(int)(l >> 56)] + 56); - } else - return (bits[(int)(l >> 48)] + 48); - } else { - if (l & 0x0000ff0000000000L) { - return (bits[(int)(l >> 40)] + 40); - } else - return (bits[(int)(l >> 32)] + 32); - } - } else -#else -# ifdef SIXTY_FOUR_BIT - if (l & 0xffffffff00000000LL) { - if (l & 0xffff000000000000LL) { - if (l & 0xff00000000000000LL) { - return (bits[(int)(l >> 56)] + 56); - } else - return (bits[(int)(l >> 48)] + 48); - } else { - if (l & 0x0000ff0000000000LL) { - return (bits[(int)(l >> 40)] + 40); - } else - return (bits[(int)(l >> 32)] + 32); - } - } else -# endif -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffff0000L) { - if (l & 0xff000000L) - return (bits[(int)(l >> 24L)] + 24); - else - return (bits[(int)(l >> 16L)] + 16); - } else -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xff00L) - return (bits[(int)(l >> 8)] + 8); - else + BN_ULONG x, mask; + int bits = (l != 0); + +#if BN_BITS2 > 32 + x = l >> 32; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 32 & mask; + l ^= (x ^ l) & mask; #endif - return (bits[(int)(l)]); - } - } + + x = l >> 16; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 16 & mask; + l ^= (x ^ l) & mask; + + x = l >> 8; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 8 & mask; + l ^= (x ^ l) & mask; + + x = l >> 4; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 4 & mask; + l ^= (x ^ l) & mask; + + x = l >> 2; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 2 & mask; + l ^= (x ^ l) & mask; + + x = l >> 1; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 1 & mask; + + return bits; } int BN_num_bits(const BIGNUM *a) @@ -249,8 +223,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) const BN_ULONG *B; int i; - bn_check_top(b); - if (words > (INT_MAX / (4 * BN_BITS2))) { BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG); return NULL; @@ -295,10 +267,13 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) switch (b->top & 3) { case 3: A[2] = B[2]; + /* fall thru */ case 2: A[1] = B[1]; + /* fall thru */ case 1: A[0] = B[0]; + /* fall thru */ case 0: /* Without the "case 0" some old optimizers got this wrong. */ ; @@ -322,8 +297,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BIGNUM *bn_expand2(BIGNUM *b, int words) { - bn_check_top(b); - if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); if (!a) @@ -336,7 +309,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) b->dmax = words; } - bn_check_top(b); return b; } @@ -390,22 +362,32 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) switch (b->top & 3) { case 3: A[2] = B[2]; + /* fall thru */ case 2: A[1] = B[1]; + /* fall thru */ case 1: A[0] = B[0]; + /* fall thru */ case 0:; } #else memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); #endif - a->top = b->top; a->neg = b->neg; + a->top = b->top; + a->flags |= b->flags & BN_FLG_FIXED_TOP; bn_check_top(a); return (a); } +#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \ + | BN_FLG_CONSTTIME \ + | BN_FLG_SECURE \ + | BN_FLG_FIXED_TOP)) +#define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED)) + void BN_swap(BIGNUM *a, BIGNUM *b) { int flags_old_a, flags_old_b; @@ -433,10 +415,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b) b->dmax = tmp_dmax; b->neg = tmp_neg; - a->flags = - (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); - b->flags = - (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); + a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b); + b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a); bn_check_top(a); bn_check_top(b); } @@ -446,8 +426,9 @@ void BN_clear(BIGNUM *a) bn_check_top(a); if (a->d != NULL) OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); - a->top = 0; a->neg = 0; + a->top = 0; + a->flags &= ~BN_FLG_FIXED_TOP; } BN_ULONG BN_get_word(const BIGNUM *a) @@ -468,6 +449,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w) a->neg = 0; a->d[0] = w; a->top = (w ? 1 : 0); + a->flags &= ~BN_FLG_FIXED_TOP; bn_check_top(a); return (1); } @@ -520,24 +502,43 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) /* ignore negative */ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i; + int n; + size_t i, lasti, j, atop, mask; BN_ULONG l; - bn_check_top(a); - i = BN_num_bytes(a); - if (tolen == -1) - tolen = i; - else if (tolen < i) - return -1; - /* Add leading zeroes if necessary */ - if (tolen > i) { - memset(to, 0, tolen - i); - to += tolen - i; + /* + * In case |a| is fixed-top, BN_num_bytes can return bogus length, + * but it's assumed that fixed-top inputs ought to be "nominated" + * even for padded output, so it works out... + */ + n = BN_num_bytes(a); + if (tolen == -1) { + tolen = n; + } else if (tolen < n) { /* uncommon/unlike case */ + BIGNUM temp = *a; + + bn_correct_top(&temp); + n = BN_num_bytes(&temp); + if (tolen < n) + return -1; } - while (i--) { + + /* Swipe through whole available data and don't give away padded zero. */ + atop = a->dmax * BN_BYTES; + if (atop == 0) { + OPENSSL_cleanse(to, tolen); + return tolen; + } + + lasti = atop - 1; + atop = a->top * BN_BYTES; + for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) { l = a->d[i / BN_BYTES]; - *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; + mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); + *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ } + return tolen; } @@ -704,6 +705,7 @@ int BN_set_bit(BIGNUM *a, int n) for (k = a->top; k < i + 1; k++) a->d[k] = 0; a->top = i + 1; + a->flags &= ~BN_FLG_FIXED_TOP; } a->d[i] |= (((BN_ULONG)1) << j); @@ -845,6 +847,38 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) a->top ^= t; b->top ^= t; + t = (a->neg ^ b->neg) & condition; + a->neg ^= t; + b->neg ^= t; + + /*- + * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention + * is actually to treat it as it's read-only data, and some (if not most) + * of it does reside in read-only segment. In other words observation of + * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal + * condition. It would either cause SEGV or effectively cause data + * corruption. + * + * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be + * preserved. + * + * BN_FLG_SECURE: must be preserved, because it determines how x->d was + * allocated and hence how to free it. + * + * BN_FLG_CONSTTIME: sufficient to mask and swap + * + * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on + * the data, so the d array may be padded with additional 0 values (i.e. + * top could be greater than the minimal value that it could be). We should + * be swapping it + */ + +#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP) + + t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition; + a->flags ^= t; + b->flags ^= t; + #define BN_CONSTTIME_SWAP(ind) \ do { \ t = (a->d[ind] ^ b->d[ind]) & condition; \ @@ -888,7 +922,7 @@ int BN_security_bits(int L, int N) int secbits, bits; if (L >= 15360) secbits = 256; - else if (L >= 7690) + else if (L >= 7680) secbits = 192; else if (L >= 3072) secbits = 128; @@ -908,8 +942,9 @@ int BN_security_bits(int L, int N) void BN_zero_ex(BIGNUM *a) { - a->top = 0; a->neg = 0; + a->top = 0; + a->flags &= ~BN_FLG_FIXED_TOP; } int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) @@ -1033,5 +1068,6 @@ void bn_correct_top(BIGNUM *a) } if (a->top == 0) a->neg = 0; + a->flags &= ~BN_FLG_FIXED_TOP; bn_pollute(a); } diff --git a/vendor/openssl/crypto/bn/bn_mod.c b/vendor/openssl/crypto/bn/bn_mod.c index 13b583f76..2e98035bd 100644 --- a/vendor/openssl/crypto/bn/bn_mod.c +++ b/vendor/openssl/crypto/bn/bn_mod.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -35,18 +35,74 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, /* * BN_mod_add variant that may be used if both a and b are non-negative and - * less than m + * less than m. The original algorithm was + * + * if (!BN_uadd(r, a, b)) + * return 0; + * if (BN_ucmp(r, m) >= 0) + * return BN_usub(r, r, m); + * + * which is replaced with addition, subtracting modulus, and conditional + * move depending on whether or not subtraction borrowed. */ -int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) { - if (!BN_uadd(r, a, b)) + size_t i, ai, bi, mtop = m->top; + BN_ULONG storage[1024 / BN_BITS2]; + BN_ULONG carry, temp, mask, *rp, *tp = storage; + const BN_ULONG *ap, *bp; + + if (bn_wexpand(r, mtop) == NULL) return 0; - if (BN_ucmp(r, m) >= 0) - return BN_usub(r, r, m); + + if (mtop > sizeof(storage) / sizeof(storage[0]) + && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL) + return 0; + + ap = a->d != NULL ? a->d : tp; + bp = b->d != NULL ? b->d : tp; + + for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) { + mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); + temp = ((ap[ai] & mask) + carry) & BN_MASK2; + carry = (temp < carry); + + mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); + tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2; + carry += (tp[i] < temp); + + i++; + ai += (i - a->dmax) >> (8 * sizeof(i) - 1); + bi += (i - b->dmax) >> (8 * sizeof(i) - 1); + } + rp = r->d; + carry -= bn_sub_words(rp, tp, m->d, mtop); + for (i = 0; i < mtop; i++) { + rp[i] = (carry & tp[i]) | (~carry & rp[i]); + ((volatile BN_ULONG *)tp)[i] = 0; + } + r->top = mtop; + r->flags |= BN_FLG_FIXED_TOP; + r->neg = 0; + + if (tp != storage) + OPENSSL_free(tp); + return 1; } +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) +{ + int ret = bn_mod_add_fixed_top(r, a, b, m); + + if (ret) + bn_correct_top(r); + + return ret; +} + int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) { @@ -55,6 +111,70 @@ int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, return BN_nnmod(r, r, m, ctx); } +/* + * BN_mod_sub variant that may be used if both a and b are non-negative, + * a is less than m, while b is of same bit width as m. It's implemented + * as subtraction followed by two conditional additions. + * + * 0 <= a < m + * 0 <= b < 2^w < 2*m + * + * after subtraction + * + * -2*m < r = a - b < m + * + * Thus it takes up to two conditional additions to make |r| positive. + */ +int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) +{ + size_t i, ai, bi, mtop = m->top; + BN_ULONG borrow, carry, ta, tb, mask, *rp; + const BN_ULONG *ap, *bp; + + if (bn_wexpand(r, mtop) == NULL) + return 0; + + rp = r->d; + ap = a->d != NULL ? a->d : rp; + bp = b->d != NULL ? b->d : rp; + + for (i = 0, ai = 0, bi = 0, borrow = 0; i < mtop;) { + mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); + ta = ap[ai] & mask; + + mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); + tb = bp[bi] & mask; + rp[i] = ta - tb - borrow; + if (ta != tb) + borrow = (ta < tb); + + i++; + ai += (i - a->dmax) >> (8 * sizeof(i) - 1); + bi += (i - b->dmax) >> (8 * sizeof(i) - 1); + } + ap = m->d; + for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) { + ta = ((ap[i] & mask) + carry) & BN_MASK2; + carry = (ta < carry); + rp[i] = (rp[i] + ta) & BN_MASK2; + carry += (rp[i] < ta); + } + borrow -= carry; + for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) { + ta = ((ap[i] & mask) + carry) & BN_MASK2; + carry = (ta < carry); + rp[i] = (rp[i] + ta) & BN_MASK2; + carry += (rp[i] < ta); + } + + r->top = mtop; + r->flags |= BN_FLG_FIXED_TOP; + r->neg = 0; + + return 1; +} + /* * BN_mod_sub variant that may be used if both a and b are non-negative and * less than m diff --git a/vendor/openssl/crypto/bn/bn_mont.c b/vendor/openssl/crypto/bn/bn_mont.c index 6d37279a5..41214334b 100644 --- a/vendor/openssl/crypto/bn/bn_mont.c +++ b/vendor/openssl/crypto/bn/bn_mont.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,29 +20,43 @@ #define MONT_WORD /* use the faster word-based algorithm */ #ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); +static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); #endif int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) +{ + int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx) { BIGNUM *tmp; int ret = 0; -#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) int num = mont->N.top; +#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) if (num > 1 && a->top == num && b->top == num) { if (bn_wexpand(r, num) == NULL) return (0); if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { r->neg = a->neg ^ b->neg; r->top = num; - bn_correct_top(r); + r->flags |= BN_FLG_FIXED_TOP; return (1); } } #endif + if ((a->top + b->top) > 2 * num) + return 0; + BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); if (tmp == NULL) @@ -50,21 +64,20 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, bn_check_top(tmp); if (a == b) { - if (!BN_sqr(tmp, a, ctx)) + if (!bn_sqr_fixed_top(tmp, a, ctx)) goto err; } else { - if (!BN_mul(tmp, a, b, ctx)) + if (!bn_mul_fixed_top(tmp, a, b, ctx)) goto err; } /* reduce from aRR to aR */ #ifdef MONT_WORD - if (!BN_from_montgomery_word(r, tmp, mont)) + if (!bn_from_montgomery_word(r, tmp, mont)) goto err; #else if (!BN_from_montgomery(r, tmp, mont, ctx)) goto err; #endif - bn_check_top(r); ret = 1; err: BN_CTX_end(ctx); @@ -72,11 +85,12 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } #ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) +static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) { BIGNUM *n; BN_ULONG *ap, *np, *rp, n0, v, carry; int nl, max, i; + unsigned int rtop; n = &(mont->N); nl = n->top; @@ -93,14 +107,20 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) np = n->d; rp = r->d; - /* clear the top words of T */ - i = max - r->top; - if (i) - memset(&rp[r->top], 0, sizeof(*rp) * i); + for (rtop = r->top, i = 0; i < max; i++) { + v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1)); + rp[i] &= v; + } r->top = max; + r->flags |= BN_FLG_FIXED_TOP; n0 = mont->n0[0]; + /* + * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On + * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r| + * includes |carry| which is stored separately. + */ for (carry = 0, i = 0; i < nl; i++, rp++) { v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); v = (v + carry + rp[nl]) & BN_MASK2; @@ -112,52 +132,27 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) if (bn_wexpand(ret, nl) == NULL) return (0); ret->top = nl; + ret->flags |= BN_FLG_FIXED_TOP; ret->neg = r->neg; rp = ret->d; - ap = &(r->d[nl]); -# define BRANCH_FREE 1 -# if BRANCH_FREE - { - BN_ULONG *nrp; - size_t m; + /* + * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap| + * includes |carry| which is stored separately. + */ + ap = &(r->d[nl]); - v = bn_sub_words(rp, ap, np, nl) - carry; - /* - * if subtraction result is real, then trick unconditional memcpy - * below to perform in-place "refresh" instead of actual copy. - */ - m = (0 - (size_t)v); - nrp = - (BN_ULONG *)(((PTR_SIZE_INT) rp & ~m) | ((PTR_SIZE_INT) ap & m)); - - for (i = 0, nl -= 4; i < nl; i += 4) { - BN_ULONG t1, t2, t3, t4; - - t1 = nrp[i + 0]; - t2 = nrp[i + 1]; - t3 = nrp[i + 2]; - ap[i + 0] = 0; - t4 = nrp[i + 3]; - ap[i + 1] = 0; - rp[i + 0] = t1; - ap[i + 2] = 0; - rp[i + 1] = t2; - ap[i + 3] = 0; - rp[i + 2] = t3; - rp[i + 3] = t4; - } - for (nl += 4; i < nl; i++) - rp[i] = nrp[i], ap[i] = 0; + carry -= bn_sub_words(rp, ap, np, nl); + /* + * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note + * |carry| cannot be 1. That would imply the subtraction did not fit in + * |nl| words, and we know at most one subtraction is needed. + */ + for (i = 0; i < nl; i++) { + rp[i] = (carry & ap[i]) | (~carry & rp[i]); + ap[i] = 0; } -# else - if (bn_sub_words(rp, ap, np, nl) - carry) - memcpy(rp, ap, nl * sizeof(BN_ULONG)); -# endif - bn_correct_top(r); - bn_correct_top(ret); - bn_check_top(ret); return (1); } @@ -165,14 +160,27 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) +{ + int retn; + + retn = bn_from_mont_fixed_top(ret, a, mont, ctx); + bn_correct_top(ret); + bn_check_top(ret); + + return retn; +} + +int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) { int retn = 0; #ifdef MONT_WORD BIGNUM *t; BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) - retn = BN_from_montgomery_word(ret, t, mont); + if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) { + retn = bn_from_montgomery_word(ret, t, mont); + } BN_CTX_end(ctx); #else /* !MONT_WORD */ BIGNUM *t1, *t2; @@ -210,6 +218,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, return (retn); } +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) +{ + return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx); +} + BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret; @@ -246,7 +260,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { - int ret = 0; + int i, ret = 0; BIGNUM *Ri, *R; if (BN_is_zero(mod)) @@ -258,6 +272,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) R = &(mont->RR); /* grab RR as a temp */ if (!BN_copy(&(mont->N), mod)) goto err; /* Set N */ + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(&(mont->N), BN_FLG_CONSTTIME); mont->N.neg = 0; #ifdef MONT_WORD @@ -270,6 +286,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) tmod.dmax = 2; tmod.neg = 0; + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(&tmod, BN_FLG_CONSTTIME); + mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; # if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) @@ -290,7 +309,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if ((buf[1] = mod->top > 1 ? mod->d[1] : 0)) tmod.top = 2; - if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) + if (BN_is_one(&tmod)) + BN_zero(Ri); + else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) goto err; /* R*Ri */ @@ -323,7 +344,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) buf[1] = 0; tmod.top = buf[0] != 0 ? 1 : 0; /* Ri = R^-1 mod N */ - if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) + if (BN_is_one(&tmod)) + BN_zero(Ri); + else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, BN_BITS2)) goto err; /* R*Ri */ @@ -372,6 +395,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) goto err; + for (i = mont->RR.top, ret = mont->N.top; i < ret; i++) + mont->RR.d[i] = 0; + mont->RR.top = ret; + mont->RR.flags |= BN_FLG_FIXED_TOP; + ret = 1; err: BN_CTX_end(ctx); diff --git a/vendor/openssl/crypto/bn/bn_mul.c b/vendor/openssl/crypto/bn/bn_mul.c index 4a0a9505b..237d7df10 100644 --- a/vendor/openssl/crypto/bn/bn_mul.c +++ b/vendor/openssl/crypto/bn/bn_mul.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -115,10 +115,12 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, r[1] = a[1]; if (--dl <= 0) break; + /* fall thru */ case 2: r[2] = a[2]; if (--dl <= 0) break; + /* fall thru */ case 3: r[3] = a[3]; if (--dl <= 0) @@ -206,10 +208,12 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, r[1] = b[1]; if (++dl >= 0) break; + /* fall thru */ case 2: r[2] = b[2]; if (++dl >= 0) break; + /* fall thru */ case 3: r[3] = b[3]; if (++dl >= 0) @@ -276,10 +280,12 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, r[1] = a[1]; if (--dl <= 0) break; + /* fall thru */ case 2: r[2] = a[2]; if (--dl <= 0) break; + /* fall thru */ case 3: r[3] = a[3]; if (--dl <= 0) @@ -826,6 +832,16 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, #endif /* BN_RECURSION */ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +{ + int ret = bn_mul_fixed_top(r, a, b, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { int ret = 0; int top, al, bl; @@ -918,46 +934,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) rr->top = top; goto end; } -# if 0 - if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) { - BIGNUM *tmp_bn = (BIGNUM *)b; - if (bn_wexpand(tmp_bn, al) == NULL) - goto err; - tmp_bn->d[bl] = 0; - bl++; - i--; - } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { - BIGNUM *tmp_bn = (BIGNUM *)a; - if (bn_wexpand(tmp_bn, bl) == NULL) - goto err; - tmp_bn->d[al] = 0; - al++; - i++; - } - if (i == 0) { - /* symmetric and > 4 */ - /* 16 or larger */ - j = BN_num_bits_word((BN_ULONG)al); - j = 1 << (j - 1); - k = j + j; - t = BN_CTX_get(ctx); - if (al == j) { /* exact multiple */ - if (bn_wexpand(t, k * 2) == NULL) - goto err; - if (bn_wexpand(rr, k * 2) == NULL) - goto err; - bn_mul_recursive(rr->d, a->d, b->d, al, t->d); - } else { - if (bn_wexpand(t, k * 4) == NULL) - goto err; - if (bn_wexpand(rr, k * 4) == NULL) - goto err; - bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d); - } - rr->top = top; - goto end; - } -# endif } #endif /* BN_RECURSION */ if (bn_wexpand(rr, top) == NULL) @@ -969,7 +945,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) end: #endif rr->neg = a->neg ^ b->neg; - bn_correct_top(rr); + rr->flags |= BN_FLG_FIXED_TOP; if (r != rr && BN_copy(r, rr) == NULL) goto err; diff --git a/vendor/openssl/crypto/bn/bn_print.c b/vendor/openssl/crypto/bn/bn_print.c index 821676067..5ffe2fc9b 100644 --- a/vendor/openssl/crypto/bn/bn_print.c +++ b/vendor/openssl/crypto/bn/bn_print.c @@ -332,10 +332,10 @@ char *BN_options(void) if (!init) { init++; #ifdef BN_LLONG - BIO_snprintf(data, sizeof data, "bn(%d,%d)", + BIO_snprintf(data, sizeof(data), "bn(%d,%d)", (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); #else - BIO_snprintf(data, sizeof data, "bn(%d,%d)", + BIO_snprintf(data, sizeof(data), "bn(%d,%d)", (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); #endif } diff --git a/vendor/openssl/crypto/bn/bn_sqr.c b/vendor/openssl/crypto/bn/bn_sqr.c index 44e7332ac..db72bf28a 100644 --- a/vendor/openssl/crypto/bn/bn_sqr.c +++ b/vendor/openssl/crypto/bn/bn_sqr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,16 @@ * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +{ + int ret = bn_sqr_fixed_top(r, a, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { int max, al; int ret = 0; @@ -82,14 +92,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) } rr->neg = 0; - /* - * If the most-significant half of the top word of 'a' is zero, then the - * square of 'a' will max-1 words. - */ - if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) - rr->top = max - 1; - else - rr->top = max; + rr->top = max; + rr->flags |= BN_FLG_FIXED_TOP; if (r != rr && BN_copy(r, rr) == NULL) goto err; diff --git a/vendor/openssl/crypto/bn/bn_x931p.c b/vendor/openssl/crypto/bn/bn_x931p.c index 40734cb2f..d01f12cad 100644 --- a/vendor/openssl/crypto/bn/bn_x931p.c +++ b/vendor/openssl/crypto/bn/bn_x931p.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -178,12 +178,16 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) BN_CTX_start(ctx); t = BN_CTX_get(ctx); + if (t == NULL) + goto err; for (i = 0; i < 1000; i++) { if (!BN_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) goto err; + /* Check that |Xp - Xq| > 2^(nbits - 100) */ - BN_sub(t, Xp, Xq); + if (!BN_sub(t, Xp, Xq)) + goto err; if (BN_num_bits(t) > (nbits - 100)) break; } @@ -216,10 +220,12 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, int ret = 0; BN_CTX_start(ctx); - if (!Xp1) + if (Xp1 == NULL) Xp1 = BN_CTX_get(ctx); - if (!Xp2) + if (Xp2 == NULL) Xp2 = BN_CTX_get(ctx); + if (Xp1 == NULL || Xp2 == NULL) + goto error; if (!BN_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) goto error; diff --git a/vendor/openssl/crypto/buffer/buffer.c b/vendor/openssl/crypto/buffer/buffer.c index 6b0bd4a40..f3f8a1b55 100644 --- a/vendor/openssl/crypto/buffer/buffer.c +++ b/vendor/openssl/crypto/buffer/buffer.c @@ -47,7 +47,7 @@ void BUF_MEM_free(BUF_MEM *a) if (a->data != NULL) { if (a->flags & BUF_MEM_FLAG_SECURE) - OPENSSL_secure_free(a->data); + OPENSSL_secure_clear_free(a->data, a->max); else OPENSSL_clear_free(a->data, a->max); } @@ -62,9 +62,11 @@ static char *sec_alloc_realloc(BUF_MEM *str, size_t len) ret = OPENSSL_secure_malloc(len); if (str->data != NULL) { - if (ret != NULL) + if (ret != NULL) { memcpy(ret, str->data, str->length); - OPENSSL_secure_free(str->data); + OPENSSL_secure_clear_free(str->data, str->length); + str->data = NULL; + } } return (ret); } diff --git a/vendor/openssl/crypto/build.info b/vendor/openssl/crypto/build.info index 916d24f66..8e1537970 100644 --- a/vendor/openssl/crypto/build.info +++ b/vendor/openssl/crypto/build.info @@ -1,9 +1,8 @@ -{- use File::Spec::Functions qw/catdir catfile/; -} LIBS=../libcrypto SOURCE[../libcrypto]=\ cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c \ - threads_pthread.c threads_win.c threads_none.c \ + threads_pthread.c threads_win.c threads_none.c getenv.c \ o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \ {- $target{uplink_aux_src} -} EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ diff --git a/vendor/openssl/crypto/cast/c_enc.c b/vendor/openssl/crypto/cast/c_enc.c index 9a8581259..700b6d162 100644 --- a/vendor/openssl/crypto/cast/c_enc.c +++ b/vendor/openssl/crypto/cast/c_enc.c @@ -12,8 +12,8 @@ void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) { - register CAST_LONG l, r, t; - const register CAST_LONG *k; + CAST_LONG l, r, t; + const CAST_LONG *k; k = &(key->data[0]); l = data[0]; @@ -44,8 +44,8 @@ void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key) { - register CAST_LONG l, r, t; - const register CAST_LONG *k; + CAST_LONG l, r, t; + const CAST_LONG *k; k = &(key->data[0]); l = data[0]; diff --git a/vendor/openssl/crypto/cast/cast_lcl.h b/vendor/openssl/crypto/cast/cast_lcl.h index 504232a1a..e8cf322d4 100644 --- a/vendor/openssl/crypto/cast/cast_lcl.h +++ b/vendor/openssl/crypto/cast/cast_lcl.h @@ -64,12 +64,19 @@ l1=l2=0; \ switch (n) { \ case 8: l2 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + /* fall thru */ \ case 4: l1 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ case 1: l1|=((unsigned long)(*(--(c))))<<24; \ } \ } @@ -79,12 +86,19 @@ c+=n; \ switch (n) { \ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + /* fall thru */ \ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + /* fall thru */ \ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + /* fall thru */ \ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + /* fall thru */ \ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + /* fall thru */ \ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + /* fall thru */ \ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ } \ } diff --git a/vendor/openssl/crypto/chacha/asm/chacha-x86.pl b/vendor/openssl/crypto/chacha/asm/chacha-x86.pl index 61b328612..932dec67e 100755 --- a/vendor/openssl/crypto/chacha/asm/chacha-x86.pl +++ b/vendor/openssl/crypto/chacha/asm/chacha-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -61,7 +61,7 @@ $1>=10); # first version supporting AVX $ymm=1 if ($xmm && !$ymm && - `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && + `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $a="eax"; diff --git a/vendor/openssl/crypto/cms/cms_asn1.c b/vendor/openssl/crypto/cms/cms_asn1.c index 81e9a5306..0a594f41d 100644 --- a/vendor/openssl/crypto/cms/cms_asn1.c +++ b/vendor/openssl/crypto/cms/cms_asn1.c @@ -292,6 +292,7 @@ static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, case ASN1_OP_STREAM_PRE: if (CMS_stream(&sarg->boundary, cms) <= 0) return 0; + /* fall thru */ case ASN1_OP_DETACHED_PRE: sarg->ndef_bio = CMS_dataInit(cms, sarg->out); if (!sarg->ndef_bio) diff --git a/vendor/openssl/crypto/cms/cms_env.c b/vendor/openssl/crypto/cms/cms_env.c index 8d4594353..fe5076ec0 100644 --- a/vendor/openssl/crypto/cms/cms_env.c +++ b/vendor/openssl/crypto/cms/cms_env.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); return 0; } + EVP_PKEY_free(ri->d.ktri->pkey); ri->d.ktri->pkey = pkey; return 1; } diff --git a/vendor/openssl/crypto/cms/cms_sd.c b/vendor/openssl/crypto/cms/cms_sd.c index 76c1f53b5..4108fe708 100644 --- a/vendor/openssl/crypto/cms/cms_sd.c +++ b/vendor/openssl/crypto/cms/cms_sd.c @@ -713,8 +713,10 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) return -1; - if (si->mctx == NULL) - si->mctx = EVP_MD_CTX_new(); + if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE); + return -1; + } mctx = si->mctx; if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) goto err; diff --git a/vendor/openssl/crypto/cms/cms_smime.c b/vendor/openssl/crypto/cms/cms_smime.c index dbf7dd3a3..5dcf803f4 100644 --- a/vendor/openssl/crypto/cms/cms_smime.c +++ b/vendor/openssl/crypto/cms/cms_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -583,19 +583,17 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, STACK_OF(CMS_RecipientEncryptedKey) *reks; CMS_RecipientEncryptedKey *rek; reks = CMS_RecipientInfo_kari_get0_reks(ri); - if (!cert) - return 0; for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) { int rv; rek = sk_CMS_RecipientEncryptedKey_value(reks, i); - if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert)) + if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert)) continue; CMS_RecipientInfo_kari_set0_pkey(ri, pk); rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek); CMS_RecipientInfo_kari_set0_pkey(ri, NULL); if (rv > 0) return 1; - return -1; + return cert == NULL ? 0 : -1; } return 0; } @@ -633,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) * all. */ else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { + EVP_PKEY_up_ref(pk); CMS_RecipientInfo_set0_pkey(ri, pk); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_pkey(ri, NULL); @@ -659,8 +658,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) return 1; } } - /* If no cert and not debugging always return success */ - if (match_ri && !cert && !debug) { + /* If no cert, key transport and not debugging always return success */ + if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) { ERR_clear_error(); return 1; } diff --git a/vendor/openssl/crypto/comp/c_zlib.c b/vendor/openssl/crypto/comp/c_zlib.c index 2f38c2e94..821dc099b 100644 --- a/vendor/openssl/crypto/comp/c_zlib.c +++ b/vendor/openssl/crypto/comp/c_zlib.c @@ -292,15 +292,15 @@ static int bio_zlib_free(BIO *bi); static int bio_zlib_read(BIO *b, char *out, int outl); static int bio_zlib_write(BIO *b, const char *in, int inl); static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); -static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); +static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); static const BIO_METHOD bio_meth_zlib = { BIO_TYPE_COMP, "zlib", bio_zlib_write, bio_zlib_read, - NULL, - NULL, + NULL, /* bio_zlib_puts, */ + NULL, /* bio_zlib_gets, */ bio_zlib_ctrl, bio_zlib_new, bio_zlib_free, @@ -604,7 +604,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) return ret; } -static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { BIO *next = BIO_next(b); if (next == NULL) diff --git a/vendor/openssl/crypto/conf/build.info b/vendor/openssl/crypto/conf/build.info index 4438eb426..ff367994e 100644 --- a/vendor/openssl/crypto/conf/build.info +++ b/vendor/openssl/crypto/conf/build.info @@ -1,4 +1,4 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]= \ conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \ - conf_mall.c conf_sap.c + conf_mall.c conf_sap.c conf_ssl.c diff --git a/vendor/openssl/crypto/conf/conf_api.c b/vendor/openssl/crypto/conf/conf_api.c index 5535416ab..36c91b166 100644 --- a/vendor/openssl/crypto/conf/conf_api.c +++ b/vendor/openssl/crypto/conf/conf_api.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,11 +9,12 @@ /* Part of the code in here was originally in conf.c, which is now removed */ +#include "e_os.h" +#include "internal/cryptlib.h" #include #include #include #include -#include "e_os.h" static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf); static void value_free_stack_doall(CONF_VALUE *a); @@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *section, if (v != NULL) return (v->value); if (strcmp(section, "ENV") == 0) { - p = getenv(name); + p = ossl_safe_getenv(name); if (p != NULL) return (p); } @@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *section, else return (NULL); } else - return (getenv(name)); + return ossl_safe_getenv(name); } static unsigned long conf_value_hash(const CONF_VALUE *v) @@ -205,10 +206,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) vv = lh_CONF_VALUE_insert(conf->data, v); OPENSSL_assert(vv == NULL); + if (lh_CONF_VALUE_error(conf->data) > 0) + goto err; return v; err: sk_CONF_VALUE_free(sk); + if (v != NULL) + OPENSSL_free(v->section); OPENSSL_free(v); return NULL; } diff --git a/vendor/openssl/crypto/conf/conf_def.c b/vendor/openssl/crypto/conf/conf_def.c index a7b11d159..b443903f4 100644 --- a/vendor/openssl/crypto/conf/conf_def.c +++ b/vendor/openssl/crypto/conf/conf_def.c @@ -353,7 +353,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) OPENSSL_free(section); if (line != NULL) *line = eline; - BIO_snprintf(btmp, sizeof btmp, "%ld", eline); + BIO_snprintf(btmp, sizeof(btmp), "%ld", eline); ERR_add_error_data(2, "line ", btmp); if (h != conf->data) { CONF_free(conf->data); diff --git a/vendor/openssl/crypto/conf/conf_err.c b/vendor/openssl/crypto/conf/conf_err.c index 0863bc4d3..19f480d5b 100644 --- a/vendor/openssl/crypto/conf/conf_err.c +++ b/vendor/openssl/crypto/conf/conf_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,7 @@ static ERR_STRING_DATA CONF_str_functs[] = { {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, + {ERR_FUNC(CONF_F_SSL_MODULE_INIT), "ssl_module_init"}, {ERR_FUNC(CONF_F_STR_COPY), "str_copy"}, {0, NULL} }; @@ -57,6 +58,12 @@ static ERR_STRING_DATA CONF_str_reasons[] = { {ERR_REASON(CONF_R_NO_SECTION), "no section"}, {ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"}, {ERR_REASON(CONF_R_NO_VALUE), "no value"}, + {ERR_REASON(CONF_R_SSL_COMMAND_SECTION_EMPTY), + "ssl command section empty"}, + {ERR_REASON(CONF_R_SSL_COMMAND_SECTION_NOT_FOUND), + "ssl command section not found"}, + {ERR_REASON(CONF_R_SSL_SECTION_EMPTY), "ssl section empty"}, + {ERR_REASON(CONF_R_SSL_SECTION_NOT_FOUND), "ssl section not found"}, {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), "unable to create new section"}, {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"}, diff --git a/vendor/openssl/crypto/conf/conf_lcl.h b/vendor/openssl/crypto/conf/conf_lcl.h new file mode 100644 index 000000000..6e1f7fe00 --- /dev/null +++ b/vendor/openssl/crypto/conf/conf_lcl.h @@ -0,0 +1,11 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +void conf_add_ssl_module(void); + diff --git a/vendor/openssl/crypto/conf/conf_mall.c b/vendor/openssl/crypto/conf/conf_mall.c index 4e7a434e0..7e86948e8 100644 --- a/vendor/openssl/crypto/conf/conf_mall.c +++ b/vendor/openssl/crypto/conf/conf_mall.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #include #include #include +#include "conf_lcl.h" /* Load all OpenSSL builtin modules */ @@ -26,4 +27,5 @@ void OPENSSL_load_builtin_modules(void) ENGINE_add_conf_module(); #endif EVP_add_alg_module(); + conf_add_ssl_module(); } diff --git a/vendor/openssl/crypto/conf/conf_mod.c b/vendor/openssl/crypto/conf/conf_mod.c index 31f838e0f..722fe4606 100644 --- a/vendor/openssl/crypto/conf/conf_mod.c +++ b/vendor/openssl/crypto/conf/conf_mod.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -171,7 +171,7 @@ static int module_run(const CONF *cnf, const char *name, const char *value, if (!(flags & CONF_MFLAGS_SILENT)) { char rcode[DECIMAL_SIZE(ret) + 1]; CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); - BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); + BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); } @@ -478,8 +478,7 @@ char *CONF_get1_default_config_file(void) char *file; int len; - file = getenv("OPENSSL_CONF"); - if (file) + if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL) return OPENSSL_strdup(file); len = strlen(X509_get_default_cert_area()); diff --git a/vendor/openssl/crypto/conf/conf_ssl.c b/vendor/openssl/crypto/conf/conf_ssl.c new file mode 100644 index 000000000..015c46c6d --- /dev/null +++ b/vendor/openssl/crypto/conf/conf_ssl.c @@ -0,0 +1,178 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "internal/sslconf.h" +#include "conf_lcl.h" + +/* + * SSL library configuration module placeholder. We load it here but defer + * all decisions about its contents to libssl. + */ + +struct ssl_conf_name_st { + /* Name of this set of commands */ + char *name; + /* List of commands */ + SSL_CONF_CMD *cmds; + /* Number of commands */ + size_t cmd_count; +}; + +struct ssl_conf_cmd_st { + /* Command */ + char *cmd; + /* Argument */ + char *arg; +}; + +static struct ssl_conf_name_st *ssl_names; +static size_t ssl_names_count; + +static void ssl_module_free(CONF_IMODULE *md) +{ + size_t i, j; + if (ssl_names == NULL) + return; + for (i = 0; i < ssl_names_count; i++) { + struct ssl_conf_name_st *tname = ssl_names + i; + + OPENSSL_free(tname->name); + for (j = 0; j < tname->cmd_count; j++) { + OPENSSL_free(tname->cmds[j].cmd); + OPENSSL_free(tname->cmds[j].arg); + } + OPENSSL_free(tname->cmds); + } + OPENSSL_free(ssl_names); + ssl_names = NULL; + ssl_names_count = 0; +} + +static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) +{ + size_t i, j, cnt; + int rv = 0; + const char *ssl_conf_section; + STACK_OF(CONF_VALUE) *cmd_lists; + + ssl_conf_section = CONF_imodule_get_value(md); + cmd_lists = NCONF_get_section(cnf, ssl_conf_section); + if (sk_CONF_VALUE_num(cmd_lists) <= 0) { + if (cmd_lists == NULL) + CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND); + else + CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY); + ERR_add_error_data(2, "section=", ssl_conf_section); + goto err; + } + cnt = sk_CONF_VALUE_num(cmd_lists); + ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); + ssl_names_count = cnt; + for (i = 0; i < ssl_names_count; i++) { + struct ssl_conf_name_st *ssl_name = ssl_names + i; + CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i); + STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value); + + if (sk_CONF_VALUE_num(cmds) <= 0) { + if (cmds == NULL) + CONFerr(CONF_F_SSL_MODULE_INIT, + CONF_R_SSL_COMMAND_SECTION_NOT_FOUND); + else + CONFerr(CONF_F_SSL_MODULE_INIT, + CONF_R_SSL_COMMAND_SECTION_EMPTY); + ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value); + goto err; + } + ssl_name->name = OPENSSL_strdup(sect->name); + if (ssl_name->name == NULL) + goto err; + cnt = sk_CONF_VALUE_num(cmds); + ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st)); + if (ssl_name->cmds == NULL) + goto err; + ssl_name->cmd_count = cnt; + for (j = 0; j < cnt; j++) { + const char *name; + CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j); + struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j; + + /* Skip any initial dot in name */ + name = strchr(cmd_conf->name, '.'); + if (name != NULL) + name++; + else + name = cmd_conf->name; + cmd->cmd = OPENSSL_strdup(name); + cmd->arg = OPENSSL_strdup(cmd_conf->value); + if (cmd->cmd == NULL || cmd->arg == NULL) + goto err; + } + + } + rv = 1; + err: + if (rv == 0) + ssl_module_free(md); + return rv; +} + +/* + * Returns the set of commands with index |idx| previously searched for via + * conf_ssl_name_find. Also stores the name of the set of commands in |*name| + * and the number of commands in the set in |*cnt|. + */ +const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt) +{ + *name = ssl_names[idx].name; + *cnt = ssl_names[idx].cmd_count; + return ssl_names[idx].cmds; +} + +/* + * Search for the named set of commands given in |name|. On success return the + * index for the command set in |*idx|. + * Returns 1 on success or 0 on failure. + */ +int conf_ssl_name_find(const char *name, size_t *idx) +{ + size_t i; + const struct ssl_conf_name_st *nm; + + if (name == NULL) + return 0; + for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) { + if (strcmp(nm->name, name) == 0) { + *idx = i; + return 1; + } + } + return 0; +} + +/* + * Given a command set |cmd|, return details on the command at index |idx| which + * must be less than the number of commands in the set (as returned by + * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the + * argument is returned in |*arg|. + */ +void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, + char **arg) +{ + *cmdstr = cmd[idx].cmd; + *arg = cmd[idx].arg; +} + +void conf_add_ssl_module(void) +{ + CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free); +} diff --git a/vendor/openssl/crypto/cryptlib.c b/vendor/openssl/crypto/cryptlib.c index 01b8ce5ed..9e59e03ef 100644 --- a/vendor/openssl/crypto/cryptlib.c +++ b/vendor/openssl/crypto/cryptlib.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,47 +23,132 @@ extern unsigned int OPENSSL_ia32cap_P[4]; # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -#include + +/* + * Purpose of these minimalistic and character-type-agnostic subroutines + * is to break dependency on MSVCRT (on Windows) and locale. This makes + * OPENSSL_cpuid_setup safe to use as "constructor". "Character-type- + * agnostic" means that they work with either wide or 8-bit characters, + * exploiting the fact that first 127 characters can be simply casted + * between the sets, while the rest would be simply rejected by ossl_is* + * subroutines. + */ +# ifdef _WIN32 +typedef WCHAR variant_char; + +static variant_char *ossl_getenv(const char *name) +{ + /* + * Since we pull only one environment variable, it's simpler to + * to just ignore |name| and use equivalent wide-char L-literal. + * As well as to ignore excessively long values... + */ + static WCHAR value[48]; + DWORD len = GetEnvironmentVariableW(L"OPENSSL_ia32cap", value, 48); + + return (len > 0 && len < 48) ? value : NULL; +} +# else +typedef char variant_char; +# define ossl_getenv getenv +# endif + +static int todigit(variant_char c) +{ + if (c >= '0' && c <= '9') + return c - '0'; + else if (c >= 'A' && c <= 'F') + return c - 'A' + 10; + else if (c >= 'a' && c <= 'f') + return c - 'a' + 10; + + /* return largest base value to make caller terminate the loop */ + return 16; +} + +static uint64_t ossl_strtouint64(const variant_char *str) +{ + uint64_t ret = 0; + unsigned int digit, base = 10; + + if (*str == '0') { + base = 8, str++; + if (*str == 'x' || *str == 'X') + base = 16, str++; + } + + while((digit = todigit(*str++)) < base) + ret = ret * base + digit; + + return ret; +} + +static variant_char *ossl_strchr(const variant_char *str, char srch) +{ variant_char c; + + while((c = *str)) { + if (c == srch) + return (variant_char *)str; + str++; + } + + return NULL; +} + # define OPENSSL_CPUID_SETUP typedef uint64_t IA32CAP; + void OPENSSL_cpuid_setup(void) { static int trigger = 0; IA32CAP OPENSSL_ia32_cpuid(unsigned int *); IA32CAP vec; - char *env; + const variant_char *env; if (trigger) return; trigger = 1; - if ((env = getenv("OPENSSL_ia32cap"))) { + if ((env = ossl_getenv("OPENSSL_ia32cap")) != NULL) { int off = (env[0] == '~') ? 1 : 0; -# if defined(_WIN32) - if (!sscanf(env + off, "%I64i", &vec)) - vec = strtoul(env + off, NULL, 0); -# else - if (!sscanf(env + off, "%lli", (long long *)&vec)) - vec = strtoul(env + off, NULL, 0); -# endif - if (off) - vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~vec; - else if (env[0] == ':') + + vec = ossl_strtouint64(env + off); + + if (off) { + IA32CAP mask = vec; + vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask; + if (mask & (1<<24)) { + /* + * User disables FXSR bit, mask even other capabilities + * that operate exclusively on XMM, so we don't have to + * double-check all the time. We mask PCLMULQDQ, AMD XOP, + * AES-NI and AVX. Formally speaking we don't have to + * do it in x86_64 case, but we can safely assume that + * x86_64 users won't actually flip this flag. + */ + vec &= ~((IA32CAP)(1<<1|1<<11|1<<25|1<<28) << 32); + } + } else if (env[0] == ':') { vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); + } + + if ((env = ossl_strchr(env, ':')) != NULL) { + IA32CAP vecx; - OPENSSL_ia32cap_P[2] = 0; - if ((env = strchr(env, ':'))) { - unsigned int vecx; env++; off = (env[0] == '~') ? 1 : 0; - vecx = strtoul(env + off, NULL, 0); - if (off) - OPENSSL_ia32cap_P[2] &= ~vecx; - else - OPENSSL_ia32cap_P[2] = vecx; + vecx = ossl_strtouint64(env + off); + if (off) { + OPENSSL_ia32cap_P[2] &= ~(unsigned int)vecx; + } else { + OPENSSL_ia32cap_P[2] = (unsigned int)vecx; + } + } else { + OPENSSL_ia32cap_P[2] = 0; } - } else + } else { vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); + } /* * |(1<<10) sets a reserved bit to signal that variable @@ -84,7 +169,7 @@ void OPENSSL_cpuid_setup(void) } #endif -#if defined(_WIN32) && !defined(__CYGWIN__) +#if defined(_WIN32) # include # include # ifdef __WATCOMC__ @@ -113,10 +198,14 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p == NULL) { HANDLE mod = GetModuleHandle(NULL); + FARPROC f = NULL; + if (mod != NULL) - _OPENSSL_isservice.f = GetProcAddress(mod, "_OPENSSL_isservice"); - if (_OPENSSL_isservice.p == NULL) + f = GetProcAddress(mod, "_OPENSSL_isservice"); + if (f == NULL) _OPENSSL_isservice.p = (void *)-1; + else + _OPENSSL_isservice.f = f; } if (_OPENSSL_isservice.p != (void *)-1) @@ -293,7 +382,7 @@ void OPENSSL_die(const char *message, const char *file, int line) { OPENSSL_showfatal("%s:%d: OpenSSL internal error: %s\n", file, line, message); -#if !defined(_WIN32) || defined(__CYGWIN__) +#if !defined(_WIN32) abort(); #else /* diff --git a/vendor/openssl/crypto/ct/ct_log.c b/vendor/openssl/crypto/ct/ct_log.c index 6db4c3eba..973bf4ddb 100644 --- a/vendor/openssl/crypto/ct/ct_log.c +++ b/vendor/openssl/crypto/ct/ct_log.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *sec int CTLOG_STORE_load_default_file(CTLOG_STORE *store) { - const char *fpath = getenv(CTLOG_FILE_EVP); + const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP); if (fpath == NULL) fpath = CTLOG_FILE; @@ -198,6 +198,8 @@ int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file) char *enabled_logs; CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new(); + if (load_ctx == NULL) + return 0; load_ctx->log_store = store; load_ctx->conf = NCONF_new(NULL); if (load_ctx->conf == NULL) diff --git a/vendor/openssl/crypto/des/des_locl.h b/vendor/openssl/crypto/des/des_locl.h index 53881d417..1fe476883 100644 --- a/vendor/openssl/crypto/des/des_locl.h +++ b/vendor/openssl/crypto/des/des_locl.h @@ -41,13 +41,20 @@ l1=l2=0; \ switch (n) { \ case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ + /* fall thru */ \ case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ + /* fall thru */ \ case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ - case 5: l2|=((DES_LONG)(*(--(c)))); \ + /* fall thru */ \ + case 5: l2|=((DES_LONG)(*(--(c)))); \ + /* fall thru */ \ case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ + /* fall thru */ \ case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ + /* fall thru */ \ case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ - case 1: l1|=((DES_LONG)(*(--(c)))); \ + /* fall thru */ \ + case 1: l1|=((DES_LONG)(*(--(c)))); \ } \ } @@ -77,12 +84,19 @@ c+=n; \ switch (n) { \ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ + /* fall thru */ \ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ + /* fall thru */ \ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ + /* fall thru */ \ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ + /* fall thru */ \ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ + /* fall thru */ \ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ + /* fall thru */ \ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ } \ } diff --git a/vendor/openssl/crypto/des/ecb_enc.c b/vendor/openssl/crypto/des/ecb_enc.c index bd130c6e0..32df4600f 100644 --- a/vendor/openssl/crypto/des/ecb_enc.c +++ b/vendor/openssl/crypto/des/ecb_enc.c @@ -24,7 +24,7 @@ const char *DES_options(void) size = "int"; else size = "long"; - BIO_snprintf(buf, sizeof buf, "des(%s)", size); + BIO_snprintf(buf, sizeof(buf), "des(%s)", size); init = 0; } return (buf); diff --git a/vendor/openssl/crypto/des/fcrypt.c b/vendor/openssl/crypto/des/fcrypt.c index 5215ad3e6..baede4fcc 100644 --- a/vendor/openssl/crypto/des/fcrypt.c +++ b/vendor/openssl/crypto/des/fcrypt.c @@ -77,7 +77,7 @@ char *DES_crypt(const char *buf, const char *salt) /* Convert password to ASCII. */ OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf)); - ebcdic2ascii(e_buf, e_buf, sizeof e_buf); + ebcdic2ascii(e_buf, e_buf, sizeof(e_buf)); /* Encrypt it (from/to ASCII); if it worked, convert back. */ ret = DES_fcrypt(e_buf, e_salt, buff); diff --git a/vendor/openssl/crypto/des/set_key.c b/vendor/openssl/crypto/des/set_key.c index 795d9549c..dc88b8d04 100644 --- a/vendor/openssl/crypto/des/set_key.c +++ b/vendor/openssl/crypto/des/set_key.c @@ -319,7 +319,7 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) register int i; #ifdef OPENBSD_DEV_CRYPTO - memcpy(schedule->key, key, sizeof schedule->key); + memcpy(schedule->key, key, sizeof(schedule->key)); schedule->session = NULL; #endif k = &schedule->ks->deslong[0]; diff --git a/vendor/openssl/crypto/dh/dh_key.c b/vendor/openssl/crypto/dh/dh_key.c index 204e5a7a4..b53a06324 100644 --- a/vendor/openssl/crypto/dh/dh_key.c +++ b/vendor/openssl/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,20 +56,37 @@ static DH_METHOD dh_ossl = { NULL }; +static const DH_METHOD *default_DH_method = &dh_ossl; + const DH_METHOD *DH_OpenSSL(void) { return &dh_ossl; } +void DH_set_default_method(const DH_METHOD *meth) +{ + default_DH_method = meth; +} + +const DH_METHOD *DH_get_default_method(void) +{ + return default_DH_method; +} + static int generate_key(DH *dh) { int ok = 0; int generate_new_key = 0; unsigned l; - BN_CTX *ctx; + BN_CTX *ctx = NULL; BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; diff --git a/vendor/openssl/crypto/dh/dh_lib.c b/vendor/openssl/crypto/dh/dh_lib.c index adf177151..2e727df89 100644 --- a/vendor/openssl/crypto/dh/dh_lib.c +++ b/vendor/openssl/crypto/dh/dh_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,20 +13,6 @@ #include "dh_locl.h" #include -static const DH_METHOD *default_DH_method = NULL; - -void DH_set_default_method(const DH_METHOD *meth) -{ - default_DH_method = meth; -} - -const DH_METHOD *DH_get_default_method(void) -{ - if (!default_DH_method) - default_DH_method = DH_OpenSSL(); - return default_DH_method; -} - int DH_set_method(DH *dh, const DH_METHOD *meth) { /* @@ -96,12 +82,14 @@ DH *DH_new_method(ENGINE *engine) if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL); -err: - DH_free(ret); - ret = NULL; + goto err; } return ret; + + err: + DH_free(ret); + return NULL; } void DH_free(DH *r) @@ -117,7 +105,7 @@ void DH_free(DH *r) return; REF_ASSERT_ISNT(i < 0); - if (r->meth->finish) + if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); @@ -244,13 +232,6 @@ void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) { - /* If the field pub_key in dh is NULL, the corresponding input - * parameters MUST be non-NULL. The priv_key field may - * be left NULL. - */ - if (dh->pub_key == NULL && pub_key == NULL) - return 0; - if (pub_key != NULL) { BN_free(dh->pub_key); dh->pub_key = pub_key; diff --git a/vendor/openssl/crypto/dh/dh_meth.c b/vendor/openssl/crypto/dh/dh_meth.c index ce6114c13..59c4d7e96 100644 --- a/vendor/openssl/crypto/dh/dh_meth.c +++ b/vendor/openssl/crypto/dh/dh_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -75,7 +75,7 @@ int DH_meth_set1_name(DH_METHOD *dhm, const char *name) return 1; } -int DH_meth_get_flags(DH_METHOD *dhm) +int DH_meth_get_flags(const DH_METHOD *dhm) { return dhm->flags; } diff --git a/vendor/openssl/crypto/dsa/dsa_ameth.c b/vendor/openssl/crypto/dsa/dsa_ameth.c index 7c0428d3f..d4e4066c4 100644 --- a/vendor/openssl/crypto/dsa/dsa_ameth.c +++ b/vendor/openssl/crypto/dsa/dsa_ameth.c @@ -82,6 +82,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) int penclen; ASN1_STRING *str = NULL; ASN1_INTEGER *pubint = NULL; + ASN1_OBJECT *aobj; dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { @@ -114,8 +115,11 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) goto err; } - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), - ptype, str, penc, penclen)) + aobj = OBJ_nid2obj(EVP_PKEY_DSA); + if (aobj == NULL) + goto err; + + if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen)) return 1; err: @@ -175,6 +179,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) goto dsaerr; } + BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME); if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); goto dsaerr; diff --git a/vendor/openssl/crypto/dsa/dsa_err.c b/vendor/openssl/crypto/dsa/dsa_err.c index b8f0af466..132008803 100644 --- a/vendor/openssl/crypto/dsa/dsa_err.c +++ b/vendor/openssl/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,7 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"}, {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"}, + {ERR_FUNC(DSA_F_PKEY_DSA_CTRL_STR), "pkey_dsa_ctrl_str"}, {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"}, {0, NULL} }; diff --git a/vendor/openssl/crypto/dsa/dsa_gen.c b/vendor/openssl/crypto/dsa/dsa_gen.c index 3efeab84f..46f4f01ee 100644 --- a/vendor/openssl/crypto/dsa/dsa_gen.c +++ b/vendor/openssl/crypto/dsa/dsa_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -64,9 +64,16 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, /* invalid q size */ return 0; - if (evpmd == NULL) - /* use SHA1 as default */ - evpmd = EVP_sha1(); + if (evpmd == NULL) { + if (qsize == SHA_DIGEST_LENGTH) + evpmd = EVP_sha1(); + else if (qsize == SHA224_DIGEST_LENGTH) + evpmd = EVP_sha224(); + else + evpmd = EVP_sha256(); + } else { + qsize = EVP_MD_size(evpmd); + } if (bits < 512) bits = 512; @@ -376,6 +383,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, } else { p = BN_CTX_get(ctx); q = BN_CTX_get(ctx); + if (q == NULL) + goto err; } if (!BN_lshift(test, BN_value_one(), L - 1)) diff --git a/vendor/openssl/crypto/dsa/dsa_lib.c b/vendor/openssl/crypto/dsa/dsa_lib.c index 42324c70f..08956b9e3 100644 --- a/vendor/openssl/crypto/dsa/dsa_lib.c +++ b/vendor/openssl/crypto/dsa/dsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,20 +17,6 @@ #include #include -static const DSA_METHOD *default_DSA_method = NULL; - -void DSA_set_default_method(const DSA_METHOD *meth) -{ - default_DSA_method = meth; -} - -const DSA_METHOD *DSA_get_default_method(void) -{ - if (!default_DSA_method) - default_DSA_method = DSA_OpenSSL(); - return default_DSA_method; -} - DSA *DSA_new(void) { return DSA_new_method(NULL); @@ -105,12 +91,14 @@ DSA *DSA_new_method(ENGINE *engine) if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL); -err: - DSA_free(ret); - ret = NULL; + goto err; } return ret; + + err: + DSA_free(ret); + return NULL; } void DSA_free(DSA *r) @@ -126,7 +114,7 @@ void DSA_free(DSA *r) return; REF_ASSERT_ISNT(i < 0); - if (r->meth->finish) + if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); diff --git a/vendor/openssl/crypto/dsa/dsa_meth.c b/vendor/openssl/crypto/dsa/dsa_meth.c index f0188f200..04203780c 100644 --- a/vendor/openssl/crypto/dsa/dsa_meth.c +++ b/vendor/openssl/crypto/dsa/dsa_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -83,7 +83,7 @@ int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name) return 1; } -int DSA_meth_get_flags(DSA_METHOD *dsam) +int DSA_meth_get_flags(const DSA_METHOD *dsam) { return dsam->flags; } diff --git a/vendor/openssl/crypto/dsa/dsa_ossl.c b/vendor/openssl/crypto/dsa/dsa_ossl.c index f9f6a136f..868283ac6 100644 --- a/vendor/openssl/crypto/dsa/dsa_ossl.c +++ b/vendor/openssl/crypto/dsa/dsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,6 +11,7 @@ #include #include "internal/cryptlib.h" +#include "internal/bn_int.h" #include #include #include "dsa_locl.h" @@ -25,6 +26,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", @@ -41,6 +44,18 @@ static DSA_METHOD openssl_dsa_meth = { NULL }; +static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth; + +void DSA_set_default_method(const DSA_METHOD *meth) +{ + default_DSA_method = meth; +} + +const DSA_METHOD *DSA_get_default_method(void) +{ + return default_DSA_method; +} + const DSA_METHOD *DSA_OpenSSL(void) { return &openssl_dsa_meth; @@ -49,19 +64,13 @@ const DSA_METHOD *DSA_OpenSSL(void) static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { BIGNUM *kinv = NULL; - BIGNUM *m; - BIGNUM *xr; + BIGNUM *m, *blind, *blindm, *tmp; BN_CTX *ctx = NULL; int reason = ERR_R_BN_LIB; DSA_SIG *ret = NULL; int rv = 0; - m = BN_new(); - xr = BN_new(); - if (m == NULL || xr == NULL) - goto err; - - if (!dsa->p || !dsa->q || !dsa->g) { + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { reason = DSA_R_MISSING_PARAMETERS; goto err; } @@ -77,6 +86,13 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ctx = BN_CTX_new(); if (ctx == NULL) goto err; + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) + goto err; + redo: if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen)) goto err; @@ -91,17 +107,50 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) if (BN_bin2bn(dgst, dlen, m) == NULL) goto err; - /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(xr, dsa->priv_key, ret->r, dsa->q, ctx)) - goto err; /* s = xr */ - if (!BN_add(ret->s, xr, m)) - goto err; /* s = m + xr */ - if (BN_cmp(ret->s, dsa->q) > 0) - if (!BN_sub(ret->s, ret->s, dsa->q)) + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod q + * + * We will blind this to protect against side channel attacks + * + * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q + */ + + /* Generate a blinding value */ + do { + if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, BN_RAND_TOP_ANY, + BN_RAND_BOTTOM_ANY)) goto err; + } while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod q */ + if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx)) + goto err; + if (!BN_mod_mul(tmp, tmp, ret->r, dsa->q, ctx)) + goto err; + + /* blindm := blind * m mod q */ + if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx)) + goto err; + + /* s : = (blind * priv_key * r) + (blind * m) mod q */ + if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->q)) + goto err; + + /* s := s * k^-1 mod q */ if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx)) goto err; + /* s:= s * blind^-1 mod q */ + if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL) + goto err; + if (!BN_mod_mul(ret->s, ret->s, blind, dsa->q, ctx)) + goto err; + /* * Redo if r or s is zero as required by FIPS 186-3: this is very * unlikely. @@ -118,8 +167,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ret = NULL; } BN_CTX_free(ctx); - BN_clear_free(m); - BN_clear_free(xr); BN_clear_free(kinv); return ret; } @@ -136,7 +183,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, { BN_CTX *ctx = NULL; BIGNUM *k, *kinv = NULL, *r = *rp; + BIGNUM *l; int ret = 0; + int q_bits, q_words; if (!dsa->p || !dsa->q || !dsa->g) { DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); @@ -144,7 +193,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, } k = BN_new(); - if (k == NULL) + l = BN_new(); + if (k == NULL || l == NULL) goto err; if (ctx_in == NULL) { @@ -153,6 +203,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, } else ctx = ctx_in; + /* Preallocate space */ + q_bits = BN_num_bits(dsa->q); + q_words = bn_get_top(dsa->q); + if (!bn_wexpand(k, q_words + 2) + || !bn_wexpand(l, q_words + 2)) + goto err; + /* Get random k */ do { if (dgst != NULL) { @@ -168,6 +225,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, } while (BN_is_zero(k)); BN_set_flags(k, BN_FLG_CONSTTIME); + BN_set_flags(l, BN_FLG_CONSTTIME); if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, @@ -179,17 +237,22 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, /* * We do not want timing information to leak the length of k, so we - * compute g^k using an equivalent exponent of fixed length. (This - * is a kludge that we need because the BN_mod_exp_mont() does not - * let us specify the desired timing behaviour.) + * compute G^k using an equivalent scalar of fixed bit-length. + * + * We unconditionally perform both of these additions to prevent a + * small timing information leakage. We then choose the sum that is + * one bit longer than the modulus. + * + * There are some concerns about the efficacy of doing this. More + * specificly refer to the discussion starting with: + * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 + * The fix is to rework BN so these gymnastics aren't required. */ - - if (!BN_add(k, k, dsa->q)) + if (!BN_add(l, k, dsa->q) + || !BN_add(k, l, dsa->q)) goto err; - if (BN_num_bits(k) <= BN_num_bits(dsa->q)) { - if (!BN_add(k, k, dsa->q)) - goto err; - } + + BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2); if ((dsa)->meth->bn_mod_exp != NULL) { if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx, @@ -203,8 +266,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_mod(r, r, dsa->q, ctx)) goto err; - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL) + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL) goto err; BN_clear_free(*kinvp); @@ -217,6 +280,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (ctx != ctx_in) BN_CTX_free(ctx); BN_clear_free(k); + BN_clear_free(l); return ret; } @@ -336,3 +400,31 @@ static int dsa_finish(DSA *dsa) BN_MONT_CTX_free(dsa->method_mont_p); return (1); } + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *res = NULL; + BIGNUM *r, *e; + + if ((r = BN_new()) == NULL) + return NULL; + + BN_CTX_start(ctx); + if ((e = BN_CTX_get(ctx)) != NULL + && BN_set_word(r, 2) + && BN_sub(e, q, r) + && BN_mod_exp_mont(r, k, e, q, ctx, NULL)) + res = r; + else + BN_free(r); + BN_CTX_end(ctx); + return res; +} diff --git a/vendor/openssl/crypto/dsa/dsa_pmeth.c b/vendor/openssl/crypto/dsa/dsa_pmeth.c index 95f088a5e..d60631695 100644 --- a/vendor/openssl/crypto/dsa/dsa_pmeth.c +++ b/vendor/openssl/crypto/dsa/dsa_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -76,13 +76,8 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; - if (dctx->md) { - if (tbslen != (size_t)EVP_MD_size(dctx->md)) - return 0; - } else { - if (tbslen != SHA_DIGEST_LENGTH) - return 0; - } + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + return 0; ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa); @@ -100,13 +95,8 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; - if (dctx->md) { - if (tbslen != (size_t)EVP_MD_size(dctx->md)) - return 0; - } else { - if (tbslen != SHA_DIGEST_LENGTH) - return 0; - } + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + return 0; ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); @@ -187,9 +177,15 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, NULL); } if (strcmp(type, "dsa_paramgen_md") == 0) { + const EVP_MD *md = EVP_get_digestbyname(value); + + if (md == NULL) { + DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, - (void *)EVP_get_digestbyname(value)); + (void *)md); } return -2; } diff --git a/vendor/openssl/crypto/dso/dso_dlfcn.c b/vendor/openssl/crypto/dso/dso_dlfcn.c index a4b0cdd95..e01425bc7 100644 --- a/vendor/openssl/crypto/dso/dso_dlfcn.c +++ b/vendor/openssl/crypto/dso/dso_dlfcn.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ # endif # include # define HAVE_DLINFO 1 -# if defined(_AIX) || defined(__CYGWIN__) || \ +# if defined(__CYGWIN__) || \ defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ (defined(__osf__) && !defined(RTLD_NEXT)) || \ (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \ @@ -308,6 +308,76 @@ static int dladdr(void *address, Dl_info *dl) } # endif /* __sgi */ +# ifdef _AIX +/*- + * See IBM's AIX Version 7.2, Technical Reference: + * Base Operating System and Extensions, Volume 1 and 2 + * https://www.ibm.com/support/knowledgecenter/ssw_aix_72/com.ibm.aix.base/technicalreferences.htm + */ +# include +# include +/* ~ 64 * (sizeof(struct ld_info) + _XOPEN_PATH_MAX + _XOPEN_NAME_MAX) */ +# define DLFCN_LDINFO_SIZE 86976 +typedef struct Dl_info { + const char *dli_fname; +} Dl_info; +/* + * This dladdr()-implementation will also find the ptrgl (Pointer Glue) virtual + * address of a function, which is just located in the DATA segment instead of + * the TEXT segment. + */ +static int dladdr(void *ptr, Dl_info *dl) +{ + uintptr_t addr = (uintptr_t)ptr; + unsigned int found = 0; + struct ld_info *ldinfos, *next_ldi, *this_ldi; + + if ((ldinfos = (struct ld_info *)OPENSSL_malloc(DLFCN_LDINFO_SIZE)) == NULL) { + errno = ENOMEM; + dl->dli_fname = NULL; + return 0; + } + + if ((loadquery(L_GETINFO, (void *)ldinfos, DLFCN_LDINFO_SIZE)) < 0) { + /*- + * Error handling is done through errno and dlerror() reading errno: + * ENOMEM (ldinfos buffer is too small), + * EINVAL (invalid flags), + * EFAULT (invalid ldinfos ptr) + */ + OPENSSL_free((void *)ldinfos); + dl->dli_fname = NULL; + return 0; + } + next_ldi = ldinfos; + + do { + this_ldi = next_ldi; + if (((addr >= (uintptr_t)this_ldi->ldinfo_textorg) + && (addr < ((uintptr_t)this_ldi->ldinfo_textorg + + this_ldi->ldinfo_textsize))) + || ((addr >= (uintptr_t)this_ldi->ldinfo_dataorg) + && (addr < ((uintptr_t)this_ldi->ldinfo_dataorg + + this_ldi->ldinfo_datasize)))) { + found = 1; + /* + * Ignoring the possibility of a member name and just returning + * the path name. See docs: sys/ldr.h, loadquery() and + * dlopen()/RTLD_MEMBER. + */ + if ((dl->dli_fname = + OPENSSL_strdup(this_ldi->ldinfo_filename)) == NULL) + errno = ENOMEM; + } else { + next_ldi = + (struct ld_info *)((uintptr_t)this_ldi + this_ldi->ldinfo_next); + } + } while (this_ldi->ldinfo_next && !found); + OPENSSL_free((void *)ldinfos); + return (found && dl->dli_fname != NULL); +} +# endif /* _AIX */ + static int dlfcn_pathbyaddr(void *addr, char *path, int sz) { # ifdef HAVE_DLINFO @@ -326,12 +396,19 @@ static int dlfcn_pathbyaddr(void *addr, char *path, int sz) if (dladdr(addr, &dli)) { len = (int)strlen(dli.dli_fname); - if (sz <= 0) + if (sz <= 0) { +# ifdef _AIX + OPENSSL_free((void *)dli.dli_fname); +# endif return len + 1; + } if (len >= sz) len = sz - 1; memcpy(path, dli.dli_fname, len); path[len++] = 0; +# ifdef _AIX + OPENSSL_free((void *)dli.dli_fname); +# endif return len; } diff --git a/vendor/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl b/vendor/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl index 2314b7524..4eb4c6897 100755 --- a/vendor/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/vendor/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -894,13 +894,13 @@ .Loop_scatter_w7: ldr $mask,[$inp],#4 subs $index,$index,#1 - strb $mask,[$out,#64*0-1] + strb $mask,[$out,#64*0] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*1-1] + strb $mask,[$out,#64*1] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*2-1] + strb $mask,[$out,#64*2] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*3-1] + strb $mask,[$out,#64*3] add $out,$out,#64*4 bne .Loop_scatter_w7 @@ -1633,7 +1633,7 @@ $code.=<<___; .Ladd_done: add sp,sp,#32*18+16+16 @ +16 means "skip even over saved r0-r3" -#if __ARM_ARCH__>=5 || defined(__thumb__) +#if __ARM_ARCH__>=5 || !defined(__thumb__) ldmia sp!,{r4-r12,pc} #else ldmia sp!,{r4-r12,lr} diff --git a/vendor/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl b/vendor/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl index cdc91617f..2a39675bf 100644 --- a/vendor/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/vendor/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1477,21 +1477,21 @@ prfm pstl1strm,[$out,#4096+64*5] prfm pstl1strm,[$out,#4096+64*6] prfm pstl1strm,[$out,#4096+64*7] - strb w3,[$out,#64*0-1] + strb w3,[$out,#64*0] lsr x3,x3,#8 - strb w3,[$out,#64*1-1] + strb w3,[$out,#64*1] lsr x3,x3,#8 - strb w3,[$out,#64*2-1] + strb w3,[$out,#64*2] lsr x3,x3,#8 - strb w3,[$out,#64*3-1] + strb w3,[$out,#64*3] lsr x3,x3,#8 - strb w3,[$out,#64*4-1] + strb w3,[$out,#64*4] lsr x3,x3,#8 - strb w3,[$out,#64*5-1] + strb w3,[$out,#64*5] lsr x3,x3,#8 - strb w3,[$out,#64*6-1] + strb w3,[$out,#64*6] lsr x3,x3,#8 - strb w3,[$out,#64*7-1] + strb w3,[$out,#64*7] add $out,$out,#64*8 b.ne .Loop_scatter_w7 diff --git a/vendor/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl b/vendor/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl index 3bdd2cf13..edd7d0128 100755 --- a/vendor/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl +++ b/vendor/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -67,7 +67,7 @@ $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/vendor/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/vendor/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl index 97201cb27..0c1af95b1 100755 --- a/vendor/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl +++ b/vendor/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1531,13 +1531,13 @@ ld [$inp],%l0 add $inp,4,$inp subcc $index,1,$index - stb %l0,[$out+64*0-1] + stb %l0,[$out+64*0] srl %l0,8,%l1 - stb %l1,[$out+64*1-1] + stb %l1,[$out+64*1] srl %l0,16,%l2 - stb %l2,[$out+64*2-1] + stb %l2,[$out+64*2] srl %l0,24,%l3 - stb %l3,[$out+64*3-1] + stb %l3,[$out+64*3] bne .Loop_scatter_w7 add $out,64*4,$out diff --git a/vendor/openssl/crypto/ec/asm/ecp_nistz256-x86.pl b/vendor/openssl/crypto/ec/asm/ecp_nistz256-x86.pl index 1d9e00616..b3bec2322 100755 --- a/vendor/openssl/crypto/ec/asm/ecp_nistz256-x86.pl +++ b/vendor/openssl/crypto/ec/asm/ecp_nistz256-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1179,7 +1179,7 @@ &mov ("esi",&wparam(1)); &mov ("ebp",&wparam(2)); - &lea ("edi",&DWP(-1,"edi","ebp")); + &lea ("edi",&DWP(0,"edi","ebp")); &mov ("ebp",64/4); &set_label("scatter_w7_loop"); &mov ("eax",&DWP(0,"esi")); diff --git a/vendor/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl b/vendor/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl index 16b6639b5..714e852a1 100755 --- a/vendor/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/vendor/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -1185,19 +1185,18 @@ adox $t1, $acc5 .byte 0x67,0x67 mulx %rdx, $t0, $t4 - mov $acc0, %rdx + mov .Lpoly+8*3(%rip), %rdx adox $t0, $acc6 shlx $a_ptr, $acc0, $t0 adox $t4, $acc7 shrx $a_ptr, $acc0, $t4 - mov .Lpoly+8*3(%rip), $t1 + mov %rdx,$t1 # reduction step 1 add $t0, $acc1 adc $t4, $acc2 - mulx $t1, $t0, $acc0 - mov $acc1, %rdx + mulx $acc0, $t0, $acc0 adc $t0, $acc3 shlx $a_ptr, $acc1, $t0 adc \$0, $acc0 @@ -1207,8 +1206,7 @@ add $t0, $acc2 adc $t4, $acc3 - mulx $t1, $t0, $acc1 - mov $acc2, %rdx + mulx $acc1, $t0, $acc1 adc $t0, $acc0 shlx $a_ptr, $acc2, $t0 adc \$0, $acc1 @@ -1218,8 +1216,7 @@ add $t0, $acc3 adc $t4, $acc0 - mulx $t1, $t0, $acc2 - mov $acc3, %rdx + mulx $acc2, $t0, $acc2 adc $t0, $acc1 shlx $a_ptr, $acc3, $t0 adc \$0, $acc2 @@ -1229,12 +1226,12 @@ add $t0, $acc0 adc $t4, $acc1 - mulx $t1, $t0, $acc3 + mulx $acc3, $t0, $acc3 adc $t0, $acc2 adc \$0, $acc3 - xor $t3, $t3 # cf=0 - adc $acc0, $acc4 # accumulate upper half + xor $t3, $t3 + add $acc0, $acc4 # accumulate upper half mov .Lpoly+8*1(%rip), $a_ptr adc $acc1, $acc5 mov $acc4, $acc0 @@ -1243,8 +1240,7 @@ mov $acc5, $acc1 adc \$0, $t3 - xor %eax, %eax # cf=0 - sbb \$-1, $acc4 # .Lpoly[0] + sub \$-1, $acc4 # .Lpoly[0] mov $acc6, $acc2 sbb $a_ptr, $acc5 # .Lpoly[1] sbb \$0, $acc6 # .Lpoly[2] diff --git a/vendor/openssl/crypto/ec/curve25519.c b/vendor/openssl/crypto/ec/curve25519.c index e535823c0..c8aa9aa6d 100644 --- a/vendor/openssl/crypto/ec/curve25519.c +++ b/vendor/openssl/crypto/ec/curve25519.c @@ -3226,6 +3226,8 @@ static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a) { ge_madd(&r, h, &t); ge_p1p1_to_p3(h, &r); } + + OPENSSL_cleanse(e, sizeof(e)); } /* Replace (f,g) with (g,f) if b == 1; @@ -3356,6 +3358,8 @@ static void x25519_scalar_mult_generic(uint8_t out[32], fe_invert(z2, z2); fe_mul(x2, x2, z2); fe_tobytes(out, x2); + + OPENSSL_cleanse(e, sizeof(e)); } static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], @@ -3391,4 +3395,6 @@ void X25519_public_from_private(uint8_t out_public_value[32], fe_invert(zminusy_inv, zminusy); fe_mul(zplusy, zplusy, zminusy_inv); fe_tobytes(out_public_value, zplusy); + + OPENSSL_cleanse(e, sizeof(e)); } diff --git a/vendor/openssl/crypto/ec/ec2_smpl.c b/vendor/openssl/crypto/ec/ec2_smpl.c index cfeef5fc7..cdacce61a 100644 --- a/vendor/openssl/crypto/ec/ec2_smpl.c +++ b/vendor/openssl/crypto/ec/ec2_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -83,7 +83,8 @@ const EC_METHOD *EC_GF2m_simple_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0 /* blind_coordinates */ }; return &ret; @@ -330,6 +331,7 @@ int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) if (!BN_copy(dest->Z, src->Z)) return 0; dest->Z_is_one = src->Z_is_one; + dest->curve_name = src->curve_name; return 1; } diff --git a/vendor/openssl/crypto/ec/ec_ameth.c b/vendor/openssl/crypto/ec/ec_ameth.c index fa5bd0318..f8f1e2c84 100644 --- a/vendor/openssl/crypto/ec/ec_ameth.c +++ b/vendor/openssl/crypto/ec/ec_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,19 +92,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) static EC_KEY *eckey_type2param(int ptype, const void *pval) { EC_KEY *eckey = NULL; + EC_GROUP *group = NULL; + if (ptype == V_ASN1_SEQUENCE) { const ASN1_STRING *pstr = pval; - const unsigned char *pm = NULL; - int pmlen; - pm = pstr->data; - pmlen = pstr->length; + const unsigned char *pm = pstr->data; + int pmlen = pstr->length; + if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } } else if (ptype == V_ASN1_OBJECT) { const ASN1_OBJECT *poid = pval; - EC_GROUP *group; /* * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID @@ -129,6 +129,7 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval) ecerr: EC_KEY_free(eckey); + EC_GROUP_free(group); return NULL; } @@ -298,17 +299,21 @@ static int ec_missing_parameters(const EVP_PKEY *pkey) static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); + if (group == NULL) return 0; if (to->pkey.ec == NULL) { to->pkey.ec = EC_KEY_new(); if (to->pkey.ec == NULL) - return 0; + goto err; } if (EC_KEY_set_group(to->pkey.ec, group) == 0) - return 0; + goto err; EC_GROUP_free(group); return 1; + err: + EC_GROUP_free(group); + return 0; } static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) diff --git a/vendor/openssl/crypto/ec/ec_curve.c b/vendor/openssl/crypto/ec/ec_curve.c index f8a3846fd..b022528be 100644 --- a/vendor/openssl/crypto/ec/ec_curve.c +++ b/vendor/openssl/crypto/ec/ec_curve.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -3036,6 +3036,8 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) } #endif + EC_GROUP_set_curve_name(group, curve.nid); + if ((P = EC_POINT_new(group)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -3101,8 +3103,6 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) return NULL; } - EC_GROUP_set_curve_name(ret, nid); - return ret; } diff --git a/vendor/openssl/crypto/ec/ec_err.c b/vendor/openssl/crypto/ec/ec_err.c index e4c2c1c1a..717c92e98 100644 --- a/vendor/openssl/crypto/ec/ec_err.c +++ b/vendor/openssl/crypto/ec/ec_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -97,6 +97,8 @@ static ERR_STRING_DATA EC_str_functs[] = { {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"}, {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), "ec_GFp_nist_group_set_curve"}, + {ERR_FUNC(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES), + "ec_GFp_simple_blind_coordinates"}, {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GFp_simple_group_check_discriminant"}, {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), diff --git a/vendor/openssl/crypto/ec/ec_key.c b/vendor/openssl/crypto/ec/ec_key.c index f1f0afb46..462156f20 100644 --- a/vendor/openssl/crypto/ec/ec_key.c +++ b/vendor/openssl/crypto/ec/ec_key.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -55,7 +55,7 @@ void EC_KEY_free(EC_KEY *r) return; REF_ASSERT_ISNT(i < 0); - if (r->meth->finish != NULL) + if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE diff --git a/vendor/openssl/crypto/ec/ec_kmeth.c b/vendor/openssl/crypto/ec/ec_kmeth.c index eb469ba3a..64a5d2087 100644 --- a/vendor/openssl/crypto/ec/ec_kmeth.c +++ b/vendor/openssl/crypto/ec/ec_kmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -119,7 +119,7 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine) } return ret; -err: + err: EC_KEY_free(ret); return NULL; } @@ -236,7 +236,7 @@ void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, meth->verify_sig = verify_sig; } -void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, int (**pinit)(EC_KEY *key), void (**pfinish)(EC_KEY *key), int (**pcopy)(EC_KEY *dest, const EC_KEY *src), @@ -261,14 +261,14 @@ void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, *pset_public = meth->set_public; } -void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, int (**pkeygen)(EC_KEY *key)) { if (pkeygen != NULL) *pkeygen = meth->keygen; } -void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, int (**pck)(unsigned char **pout, size_t *poutlen, const EC_POINT *pub_key, @@ -278,7 +278,7 @@ void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth, *pck = meth->compute_key; } -void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, int (**psign)(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, @@ -300,7 +300,7 @@ void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, *psign_sig = meth->sign_sig; } -void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, int (**pverify)(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, diff --git a/vendor/openssl/crypto/ec/ec_lcl.h b/vendor/openssl/crypto/ec/ec_lcl.h index ded35a72a..ca1776efd 100644 --- a/vendor/openssl/crypto/ec/ec_lcl.h +++ b/vendor/openssl/crypto/ec/ec_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -169,6 +169,7 @@ struct ec_method_st { /* custom ECDH operation */ int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, const EC_POINT *pub_key, const EC_KEY *ecdh); + int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); }; /* @@ -269,6 +270,8 @@ struct ec_key_st { struct ec_point_st { const EC_METHOD *meth; + /* NID for the curve if known */ + int curve_name; /* * All members except 'meth' are handled by the method functions, even if * they appear generic @@ -281,6 +284,20 @@ struct ec_point_st { * special case */ }; + +static ossl_inline int ec_point_is_compat(const EC_POINT *point, + const EC_GROUP *group) +{ + if (group->meth != point->meth + || (group->curve_name != 0 + && point->curve_name != 0 + && group->curve_name != point->curve_name)) + return 0; + + return 1; +} + + NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *); @@ -359,6 +376,8 @@ int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, + BN_CTX *ctx); /* method functions in ecp_mont.c */ int ec_GFp_mont_group_init(EC_GROUP *); @@ -611,3 +630,5 @@ int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], const uint8_t peer_public_value[32]); void X25519_public_from_private(uint8_t out_public_value[32], const uint8_t private_key[32]); + +int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); diff --git a/vendor/openssl/crypto/ec/ec_lib.c b/vendor/openssl/crypto/ec/ec_lib.c index 7cb4bfee2..a7be03b62 100644 --- a/vendor/openssl/crypto/ec/ec_lib.c +++ b/vendor/openssl/crypto/ec/ec_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -140,6 +140,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; + dest->curve_name = src->curve_name; + /* Copy precomputed */ dest->pre_comp_type = src->pre_comp_type; switch (src->pre_comp_type) { @@ -202,7 +204,6 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) return 0; } - dest->curve_name = src->curve_name; dest->asn1_flag = src->asn1_flag; dest->asn1_form = src->asn1_form; @@ -563,6 +564,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) } ret->meth = group->meth; + ret->curve_name = group->curve_name; if (!ret->meth->point_init(ret)) { OPENSSL_free(ret); @@ -600,7 +602,10 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (dest->meth != src->meth) { + if (dest->meth != src->meth + || (dest->curve_name != src->curve_name + && dest->curve_name != 0 + && src->curve_name != 0)) { ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -657,7 +662,7 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -676,7 +681,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -694,7 +699,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -720,7 +725,7 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -746,11 +751,16 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; } + if (EC_POINT_is_at_infinity(group, point)) { + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, + EC_R_POINT_AT_INFINITY); + return 0; + } return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } @@ -764,11 +774,16 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; } + if (EC_POINT_is_at_infinity(group, point)) { + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, + EC_R_POINT_AT_INFINITY); + return 0; + } return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } #endif @@ -780,8 +795,8 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if ((group->meth != r->meth) || (r->meth != a->meth) - || (a->meth != b->meth)) { + if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group) + || !ec_point_is_compat(b, group)) { ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -795,7 +810,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if ((group->meth != r->meth) || (r->meth != a->meth)) { + if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)) { ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -808,7 +823,7 @@ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != a->meth) { + if (!ec_point_is_compat(a, group)) { ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -822,7 +837,7 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -843,7 +858,7 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -857,7 +872,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; } - if ((group->meth != a->meth) || (a->meth != b->meth)) { + if (!ec_point_is_compat(a, group) || !ec_point_is_compat(b, group)) { ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); return -1; } @@ -870,7 +885,7 @@ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -887,7 +902,7 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, return 0; } for (i = 0; i < num; i++) { - if (group->meth != points[i]->meth) { + if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -1002,3 +1017,21 @@ int ec_group_simple_order_bits(const EC_GROUP *group) return 0; return BN_num_bits(group->order); } + +/*- + * Coordinate blinding for EC_POINT. + * + * The underlying EC_METHOD can optionally implement this function: + * underlying implementations should return 0 on errors, or 1 on + * success. + * + * This wrapper returns 1 in case the underlying EC_METHOD does not + * support coordinate blinding. + */ +int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->blind_coordinates == NULL) + return 1; /* ignore if not implemented */ + + return group->meth->blind_coordinates(group, p, ctx); +} diff --git a/vendor/openssl/crypto/ec/ec_mult.c b/vendor/openssl/crypto/ec/ec_mult.c index 036046231..8350082eb 100644 --- a/vendor/openssl/crypto/ec/ec_mult.c +++ b/vendor/openssl/crypto/ec/ec_mult.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -105,6 +105,235 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) OPENSSL_free(pre); } +#define EC_POINT_BN_set_flags(P, flags) do { \ + BN_set_flags((P)->X, (flags)); \ + BN_set_flags((P)->Y, (flags)); \ + BN_set_flags((P)->Z, (flags)); \ +} while(0) + +/*- + * This functions computes (in constant time) a point multiplication over the + * EC group. + * + * At a high level, it is Montgomery ladder with conditional swaps. + * + * It performs either a fixed scalar point multiplication + * (scalar * generator) + * when point is NULL, or a generic scalar point multiplication + * (scalar * point) + * when point is not NULL. + * + * scalar should be in the range [0,n) otherwise all constant time bets are off. + * + * NB: This says nothing about EC_POINT_add and EC_POINT_dbl, + * which of course are not constant time themselves. + * + * The product is stored in r. + * + * Returns 1 on success, 0 otherwise. + */ +static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx) +{ + int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; + EC_POINT *s = NULL; + BIGNUM *k = NULL; + BIGNUM *lambda = NULL; + BIGNUM *cardinality = NULL; + BN_CTX *new_ctx = NULL; + int ret = 0; + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + + s = EC_POINT_new(group); + if (s == NULL) + goto err; + + if (point == NULL) { + if (!EC_POINT_copy(s, group->generator)) + goto err; + } else { + if (!EC_POINT_copy(s, point)) + goto err; + } + + EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); + + cardinality = BN_CTX_get(ctx); + lambda = BN_CTX_get(ctx); + k = BN_CTX_get(ctx); + if (k == NULL || !BN_mul(cardinality, group->order, group->cofactor, ctx)) + goto err; + + /* + * Group cardinalities are often on a word boundary. + * So when we pad the scalar, some timing diff might + * pop if it needs to be expanded due to carries. + * So expand ahead of time. + */ + cardinality_bits = BN_num_bits(cardinality); + group_top = bn_get_top(cardinality); + if ((bn_wexpand(k, group_top + 2) == NULL) + || (bn_wexpand(lambda, group_top + 2) == NULL)) + goto err; + + if (!BN_copy(k, scalar)) + goto err; + + BN_set_flags(k, BN_FLG_CONSTTIME); + + if ((BN_num_bits(k) > cardinality_bits) || (BN_is_negative(k))) { + /*- + * this is an unusual input, and we don't guarantee + * constant-timeness + */ + if (!BN_nnmod(k, k, cardinality, ctx)) + goto err; + } + + if (!BN_add(lambda, k, cardinality)) + goto err; + BN_set_flags(lambda, BN_FLG_CONSTTIME); + if (!BN_add(k, lambda, cardinality)) + goto err; + /* + * lambda := scalar + cardinality + * k := scalar + 2*cardinality + */ + kbit = BN_is_bit_set(lambda, cardinality_bits); + BN_consttime_swap(kbit, k, lambda, group_top + 2); + + group_top = bn_get_top(group->field); + if ((bn_wexpand(s->X, group_top) == NULL) + || (bn_wexpand(s->Y, group_top) == NULL) + || (bn_wexpand(s->Z, group_top) == NULL) + || (bn_wexpand(r->X, group_top) == NULL) + || (bn_wexpand(r->Y, group_top) == NULL) + || (bn_wexpand(r->Z, group_top) == NULL)) + goto err; + + /*- + * Apply coordinate blinding for EC_POINT. + * + * The underlying EC_METHOD can optionally implement this function: + * ec_point_blind_coordinates() returns 0 in case of errors or 1 on + * success or if coordinate blinding is not implemented for this + * group. + */ + if (!ec_point_blind_coordinates(group, s, ctx)) + goto err; + + /* top bit is a 1, in a fixed pos */ + if (!EC_POINT_copy(r, s)) + goto err; + + EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); + + if (!EC_POINT_dbl(group, s, s, ctx)) + goto err; + + pbit = 0; + +#define EC_POINT_CSWAP(c, a, b, w, t) do { \ + BN_consttime_swap(c, (a)->X, (b)->X, w); \ + BN_consttime_swap(c, (a)->Y, (b)->Y, w); \ + BN_consttime_swap(c, (a)->Z, (b)->Z, w); \ + t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \ + (a)->Z_is_one ^= (t); \ + (b)->Z_is_one ^= (t); \ +} while(0) + + /*- + * The ladder step, with branches, is + * + * k[i] == 0: S = add(R, S), R = dbl(R) + * k[i] == 1: R = add(S, R), S = dbl(S) + * + * Swapping R, S conditionally on k[i] leaves you with state + * + * k[i] == 0: T, U = R, S + * k[i] == 1: T, U = S, R + * + * Then perform the ECC ops. + * + * U = add(T, U) + * T = dbl(T) + * + * Which leaves you with state + * + * k[i] == 0: U = add(R, S), T = dbl(R) + * k[i] == 1: U = add(S, R), T = dbl(S) + * + * Swapping T, U conditionally on k[i] leaves you with state + * + * k[i] == 0: R, S = T, U + * k[i] == 1: R, S = U, T + * + * Which leaves you with state + * + * k[i] == 0: S = add(R, S), R = dbl(R) + * k[i] == 1: R = add(S, R), S = dbl(S) + * + * So we get the same logic, but instead of a branch it's a + * conditional swap, followed by ECC ops, then another conditional swap. + * + * Optimization: The end of iteration i and start of i-1 looks like + * + * ... + * CSWAP(k[i], R, S) + * ECC + * CSWAP(k[i], R, S) + * (next iteration) + * CSWAP(k[i-1], R, S) + * ECC + * CSWAP(k[i-1], R, S) + * ... + * + * So instead of two contiguous swaps, you can merge the condition + * bits and do a single swap. + * + * k[i] k[i-1] Outcome + * 0 0 No Swap + * 0 1 Swap + * 1 0 Swap + * 1 1 No Swap + * + * This is XOR. pbit tracks the previous bit of k. + */ + + for (i = cardinality_bits - 1; i >= 0; i--) { + kbit = BN_is_bit_set(k, i) ^ pbit; + EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); + if (!EC_POINT_add(group, s, r, s, ctx)) + goto err; + if (!EC_POINT_dbl(group, r, r, ctx)) + goto err; + /* + * pbit logic merges this cswap with that of the + * next iteration + */ + pbit ^= kbit; + } + /* one final cswap to move the right value into r */ + EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one); +#undef EC_POINT_CSWAP + + ret = 1; + + err: + EC_POINT_free(s); + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + + return ret; +} + +#undef EC_POINT_BN_set_flags + /* * TODO: table should be optimised for the wNAF-based implementation, * sometimes smaller windows will give better performance (thus the @@ -155,7 +384,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * precomputation is not available */ int ret = 0; - if (group->meth != r->meth) { + if (!ec_point_is_compat(r, group)) { ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -164,8 +393,36 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, return EC_POINT_set_to_infinity(group, r); } + if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) { + /*- + * Handle the common cases where the scalar is secret, enforcing a constant + * time scalar multiplication algorithm. + */ + if ((scalar != NULL) && (num == 0)) { + /*- + * In this case we want to compute scalar * GeneratorPoint: this + * codepath is reached most prominently by (ephemeral) key generation + * of EC cryptosystems (i.e. ECDSA keygen and sign setup, ECDH + * keygen/first half), where the scalar is always secret. This is why + * we ignore if BN_FLG_CONSTTIME is actually set and we always call the + * constant time version. + */ + return ec_mul_consttime(group, r, scalar, NULL, ctx); + } + if ((scalar == NULL) && (num == 1)) { + /*- + * In this case we want to compute scalar * GenericPoint: this codepath + * is reached most prominently by the second half of ECDH, where the + * secret scalar is multiplied by the peer's public point. To protect + * the secret scalar, we ignore if BN_FLG_CONSTTIME is actually set and + * we always call the constant time version. + */ + return ec_mul_consttime(group, r, scalars[0], points[0], ctx); + } + } + for (i = 0; i < num; i++) { - if (group->meth != points[i]->meth) { + if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -222,11 +479,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, totalnum = num + numblocks; - wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); - wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); - wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space - * for pivot */ - val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); + wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0])); + wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0])); + /* include space for pivot */ + wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0])); + val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0])); /* Ensure wNAF is initialised in case we end up going to err */ if (wNAF != NULL) @@ -372,7 +629,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a * subarray of 'pre_comp->points' if we already have precomputation. */ - val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); + val = OPENSSL_malloc((num_val + 1) * sizeof(val[0])); if (val == NULL) { ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); goto err; diff --git a/vendor/openssl/crypto/ec/ec_oct.c b/vendor/openssl/crypto/ec/ec_oct.c index effc42a34..e185df6ed 100644 --- a/vendor/openssl/crypto/ec/ec_oct.c +++ b/vendor/openssl/crypto/ec/ec_oct.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,7 +30,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -66,7 +66,7 @@ int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -93,7 +93,7 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -123,7 +123,7 @@ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/vendor/openssl/crypto/ec/ecdh_ossl.c b/vendor/openssl/crypto/ec/ecdh_ossl.c index caf65de8c..a86514597 100644 --- a/vendor/openssl/crypto/ec/ecdh_ossl.c +++ b/vendor/openssl/crypto/ec/ecdh_ossl.c @@ -66,6 +66,10 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); + if (y == NULL) { + ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); + goto err; + } priv_key = EC_KEY_get0_private_key(ecdh); if (priv_key == NULL) { diff --git a/vendor/openssl/crypto/ec/ecdsa_ossl.c b/vendor/openssl/crypto/ec/ecdsa_ossl.c index d67c48524..9e4a68d9c 100644 --- a/vendor/openssl/crypto/ec/ecdsa_ossl.c +++ b/vendor/openssl/crypto/ec/ecdsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,9 +10,8 @@ #include #include #include -#include #include -#include +#include "internal/bn_int.h" #include "ec_lcl.h" int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, @@ -41,6 +40,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, EC_POINT *tmp_point = NULL; const EC_GROUP *group; int ret = 0; + int order_bits; if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); @@ -52,13 +52,12 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, return 0; } - if (ctx_in == NULL) { + if ((ctx = ctx_in) == NULL) { if ((ctx = BN_CTX_new()) == NULL) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); return 0; } - } else - ctx = ctx_in; + } k = BN_new(); /* this value is later returned in *kinvp */ r = BN_new(); /* this value is later returned in *rp */ @@ -72,41 +71,50 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, goto err; } order = EC_GROUP_get0_order(group); - if (order == NULL) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + + /* Preallocate space */ + order_bits = BN_num_bits(order); + if (!BN_set_bit(k, order_bits) + || !BN_set_bit(r, order_bits) + || !BN_set_bit(X, order_bits)) goto err; - } do { /* get random k */ - do + do { if (dgst != NULL) { - if (!BN_generate_dsa_nonce - (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen, - ctx)) { + if (!BN_generate_dsa_nonce(k, order, + EC_KEY_get0_private_key(eckey), + dgst, dlen, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, - EC_R_RANDOM_NUMBER_GENERATION_FAILED); + EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } else { if (!BN_rand_range(k, order)) { ECerr(EC_F_ECDSA_SIGN_SETUP, - EC_R_RANDOM_NUMBER_GENERATION_FAILED); + EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } - while (BN_is_zero(k)); + } while (BN_is_zero(k)); /* * We do not want timing information to leak the length of k, so we * compute G*k using an equivalent scalar of fixed bit-length. + * + * We unconditionally perform both of these additions to prevent a + * small timing information leakage. We then choose the sum that is + * one bit longer than the order. This guarantees the code + * path used in the constant time implementations elsewhere. + * + * TODO: revisit the BN_copy aiming for a memory access agnostic + * conditional copy. */ - - if (!BN_add(k, k, order)) + if (!BN_add(r, k, order) + || !BN_add(X, r, order) + || !BN_copy(k, BN_num_bits(r) > order_bits ? r : X)) goto err; - if (BN_num_bits(k) <= BN_num_bits(order)) - if (!BN_add(k, k, order)) - goto err; /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { @@ -115,18 +123,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, } if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp - (group, tmp_point, X, NULL, ctx)) { + if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, + NULL, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } } #ifndef OPENSSL_NO_EC2M else { /* NID_X9_62_characteristic_two_field */ - - if (!EC_POINT_get_affine_coordinates_GF2m(group, - tmp_point, X, NULL, - ctx)) { + if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp_point, X, + NULL, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } @@ -136,8 +142,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } - } - while (BN_is_zero(r)); + } while (BN_is_zero(r)); /* compute the inverse of k */ if (EC_GROUP_get_mont_data(group) != NULL) { @@ -196,7 +201,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, EC_KEY *eckey) { int ok = 0, i; - BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL; + BIGNUM *kinv = NULL, *s, *m = NULL; const BIGNUM *order, *ckinv; BN_CTX *ctx = NULL; const EC_GROUP *group; @@ -229,17 +234,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } s = ret->s; - if ((ctx = BN_CTX_new()) == NULL || - (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { + if ((ctx = BN_CTX_new()) == NULL + || (m = BN_new()) == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); goto err; } order = EC_GROUP_get0_order(group); - if (order == NULL) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_EC_LIB); - goto err; - } i = BN_num_bits(order); /* * Need to truncate digest if it is too long: first truncate whole bytes. @@ -250,7 +251,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - /* If still too long truncate remaining bits with a shift */ + /* If still too long, truncate remaining bits with a shift */ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; @@ -270,18 +271,32 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } } - if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { + /* + * With only one multiplicant being in Montgomery domain + * multiplication yields real result without post-conversion. + * Also note that all operations but last are performed with + * zero-padded vectors. Last operation, BN_mod_mul_montgomery + * below, returns user-visible value with removed zero padding. + */ + if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx) + || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - if (!BN_mod_add_quick(s, tmp, m, order)) { + if (!bn_mod_add_fixed_top(s, s, m, order)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + /* + * |s| can still be larger than modulus, because |m| can be. In + * such case we count on Montgomery reduction to tie it up. + */ + if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx) + || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } + if (BN_is_zero(s)) { /* * if kinv and r have been supplied by the caller don't to @@ -291,11 +306,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES); goto err; } - } else + } else { /* s != 0 => we have a valid signature */ break; - } - while (1); + } + } while (1); ok = 1; err: @@ -305,7 +320,6 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } BN_CTX_free(ctx); BN_clear_free(m); - BN_clear_free(tmp); BN_clear_free(kinv); return ret; } diff --git a/vendor/openssl/crypto/ec/ecp_mont.c b/vendor/openssl/crypto/ec/ecp_mont.c index 994cc1d0f..d837d4d46 100644 --- a/vendor/openssl/crypto/ec/ecp_mont.c +++ b/vendor/openssl/crypto/ec/ecp_mont.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -66,7 +66,8 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + ec_GFp_simple_blind_coordinates }; return &ret; diff --git a/vendor/openssl/crypto/ec/ecp_nist.c b/vendor/openssl/crypto/ec/ecp_nist.c index 615563bc3..143f21f3f 100644 --- a/vendor/openssl/crypto/ec/ecp_nist.c +++ b/vendor/openssl/crypto/ec/ecp_nist.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -68,7 +68,8 @@ const EC_METHOD *EC_GFp_nist_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + ec_GFp_simple_blind_coordinates }; return &ret; diff --git a/vendor/openssl/crypto/ec/ecp_nistp224.c b/vendor/openssl/crypto/ec/ecp_nistp224.c index 0c11abc08..52056ff59 100644 --- a/vendor/openssl/crypto/ec/ecp_nistp224.c +++ b/vendor/openssl/crypto/ec/ecp_nistp224.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,7 +50,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit typedef uint8_t u8; typedef uint64_t u64; -typedef int64_t s64; /******************************************************************************/ /*- @@ -291,7 +290,8 @@ const EC_METHOD *EC_GFp_nistp224_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0 /* blind_coordinates */ }; return &ret; @@ -337,7 +337,7 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* BN_bn2bin eats leading zeroes */ memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof b_out) { + if (num_bytes > sizeof(b_out)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -356,8 +356,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { felem_bytearray b_in, b_out; felem_to_bin28(b_in, in); - flip_endian(b_out, b_in, sizeof b_out); - return BN_bin2bn(b_out, sizeof b_out, out); + flip_endian(b_out, b_in, sizeof(b_out)); + return BN_bin2bn(b_out, sizeof(b_out), out); } /******************************************************************************/ @@ -700,7 +700,7 @@ static limb felem_is_zero(const felem in) return (zero | two224m96p1 | two225m97p2); } -static limb felem_is_zero_int(const felem in) +static int felem_is_zero_int(const void *in) { return (int)(felem_is_zero(in) & ((limb) 1)); } @@ -1365,7 +1365,6 @@ static void make_points_affine(size_t num, felem points[ /* num */ ][3], sizeof(felem), tmp_felems, (void (*)(void *))felem_one, - (int (*)(const void *)) felem_is_zero_int, (void (*)(void *, const void *)) felem_assign, diff --git a/vendor/openssl/crypto/ec/ecp_nistp256.c b/vendor/openssl/crypto/ec/ecp_nistp256.c index 8cd722285..ffd2a7d93 100644 --- a/vendor/openssl/crypto/ec/ecp_nistp256.c +++ b/vendor/openssl/crypto/ec/ecp_nistp256.c @@ -53,7 +53,6 @@ typedef __int128_t int128_t; typedef uint8_t u8; typedef uint32_t u32; typedef uint64_t u64; -typedef int64_t s64; /* * The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We @@ -165,7 +164,7 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* BN_bn2bin eats leading zeroes */ memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof b_out) { + if (num_bytes > sizeof(b_out)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -184,8 +183,8 @@ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) { felem_bytearray b_in, b_out; smallfelem_to_bin32(b_in, in); - flip_endian(b_out, b_in, sizeof b_out); - return BN_bin2bn(b_out, sizeof b_out, out); + flip_endian(b_out, b_in, sizeof(b_out)); + return BN_bin2bn(b_out, sizeof(b_out), out); } /*- @@ -394,7 +393,7 @@ static void felem_shrink(smallfelem out, const felem in) { felem tmp; u64 a, b, mask; - s64 high, low; + u64 high, low; static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */ /* Carry 2->3 */ @@ -435,29 +434,31 @@ static void felem_shrink(smallfelem out, const felem in) * In order to make space in tmp[3] for the carry from 2 -> 3, we * conditionally subtract kPrime if tmp[3] is large enough. */ - high = tmp[3] >> 64; + high = (u64)(tmp[3] >> 64); /* As tmp[3] < 2^65, high is either 1 or 0 */ - high <<= 63; - high >>= 63; + high = 0 - high; /*- * high is: * all ones if the high word of tmp[3] is 1 - * all zeros if the high word of tmp[3] if 0 */ - low = tmp[3]; - mask = low >> 63; + * all zeros if the high word of tmp[3] if 0 + */ + low = (u64)tmp[3]; + mask = 0 - (low >> 63); /*- * mask is: * all ones if the MSB of low is 1 - * all zeros if the MSB of low if 0 */ + * all zeros if the MSB of low if 0 + */ low &= bottom63bits; low -= kPrime3Test; /* if low was greater than kPrime3Test then the MSB is zero */ low = ~low; - low >>= 63; + low = 0 - (low >> 63); /*- * low is: * all ones if low was > kPrime3Test - * all zeros if low was <= kPrime3Test */ + * all zeros if low was <= kPrime3Test + */ mask = (mask & low) | high; tmp[0] -= mask & kPrime[0]; tmp[1] -= mask & kPrime[1]; @@ -891,7 +892,7 @@ static void felem_contract(smallfelem out, const felem in) equal &= equal << 4; equal &= equal << 2; equal &= equal << 1; - equal = ((s64) equal) >> 63; + equal = 0 - (equal >> 63); all_equal_so_far &= equal; } @@ -958,7 +959,7 @@ static limb smallfelem_is_zero(const smallfelem small) is_zero &= is_zero << 4; is_zero &= is_zero << 2; is_zero &= is_zero << 1; - is_zero = ((s64) is_zero) >> 63; + is_zero = 0 - (is_zero >> 63); is_p = (small[0] ^ kPrime[0]) | (small[1] ^ kPrime[1]) | @@ -970,7 +971,7 @@ static limb smallfelem_is_zero(const smallfelem small) is_p &= is_p << 4; is_p &= is_p << 2; is_p &= is_p << 1; - is_p = ((s64) is_p) >> 63; + is_p = 0 - (is_p >> 63); is_zero |= is_p; @@ -979,7 +980,7 @@ static limb smallfelem_is_zero(const smallfelem small) return result; } -static int smallfelem_is_zero_int(const smallfelem small) +static int smallfelem_is_zero_int(const void *small) { return (int)(smallfelem_is_zero(small) & ((limb) 1)); } @@ -1983,7 +1984,6 @@ static void make_points_affine(size_t num, smallfelem points[][3], sizeof(smallfelem), tmp_smallfelems, (void (*)(void *))smallfelem_one, - (int (*)(const void *)) smallfelem_is_zero_int, (void (*)(void *, const void *)) smallfelem_assign, diff --git a/vendor/openssl/crypto/ec/ecp_nistp521.c b/vendor/openssl/crypto/ec/ecp_nistp521.c index 4701d5d5c..0a82abca1 100644 --- a/vendor/openssl/crypto/ec/ecp_nistp521.c +++ b/vendor/openssl/crypto/ec/ecp_nistp521.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,7 +50,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit typedef uint8_t u8; typedef uint64_t u64; -typedef int64_t s64; /* * The underlying field. P521 operates over GF(2^521-1). We can serialise an @@ -188,7 +187,7 @@ static int BN_to_felem(felem out, const BIGNUM *bn) /* BN_bn2bin eats leading zeroes */ memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof b_out) { + if (num_bytes > sizeof(b_out)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -207,8 +206,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { felem_bytearray b_in, b_out; felem_to_bin66(b_in, in); - flip_endian(b_out, b_in, sizeof b_out); - return BN_bin2bn(b_out, sizeof b_out, out); + flip_endian(b_out, b_in, sizeof(b_out)); + return BN_bin2bn(b_out, sizeof(b_out), out); } /*- @@ -867,7 +866,7 @@ static limb felem_is_zero(const felem in) * We know that ftmp[i] < 2^63, therefore the only way that the top bit * can be set is if is_zero was 0 before the decrement. */ - is_zero = ((s64) is_zero) >> 63; + is_zero = 0 - (is_zero >> 63); is_p = ftmp[0] ^ kPrime[0]; is_p |= ftmp[1] ^ kPrime[1]; @@ -880,13 +879,13 @@ static limb felem_is_zero(const felem in) is_p |= ftmp[8] ^ kPrime[8]; is_p--; - is_p = ((s64) is_p) >> 63; + is_p = 0 - (is_p >> 63); is_zero |= is_p; return is_zero; } -static int felem_is_zero_int(const felem in) +static int felem_is_zero_int(const void *in) { return (int)(felem_is_zero(in) & ((limb) 1)); } @@ -951,7 +950,7 @@ static void felem_contract(felem out, const felem in) is_p &= is_p << 4; is_p &= is_p << 2; is_p &= is_p << 1; - is_p = ((s64) is_p) >> 63; + is_p = 0 - (is_p >> 63); is_p = ~is_p; /* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */ @@ -977,7 +976,7 @@ static void felem_contract(felem out, const felem in) is_greater |= is_greater << 4; is_greater |= is_greater << 2; is_greater |= is_greater << 1; - is_greater = ((s64) is_greater) >> 63; + is_greater = 0 - (is_greater >> 63); out[0] -= kPrime[0] & is_greater; out[1] -= kPrime[1] & is_greater; @@ -1643,7 +1642,8 @@ const EC_METHOD *EC_GFp_nistp521_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0 /* blind_coordinates */ }; return &ret; @@ -1805,7 +1805,6 @@ static void make_points_affine(size_t num, felem points[][3], sizeof(felem), tmp_felems, (void (*)(void *))felem_one, - (int (*)(const void *)) felem_is_zero_int, (void (*)(void *, const void *)) felem_assign, diff --git a/vendor/openssl/crypto/ec/ecp_nistz256.c b/vendor/openssl/crypto/ec/ecp_nistz256.c index dca3a2dde..7eafce649 100644 --- a/vendor/openssl/crypto/ec/ecp_nistz256.c +++ b/vendor/openssl/crypto/ec/ecp_nistz256.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -757,12 +757,12 @@ __owur static int ecp_nistz256_windowed_mul(const EC_GROUP *group, } /* Coordinates of G, for which we have precomputed tables */ -const static BN_ULONG def_xG[P256_LIMBS] = { +static const BN_ULONG def_xG[P256_LIMBS] = { TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6) }; -const static BN_ULONG def_yG[P256_LIMBS] = { +static const BN_ULONG def_yG[P256_LIMBS] = { TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85) }; @@ -1110,28 +1110,12 @@ __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *gr const P256_POINT_AFFINE *in, BN_CTX *ctx) { - BIGNUM *x, *y; - BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS]; int ret = 0; - x = BN_new(); - if (x == NULL) - return 0; - y = BN_new(); - if (y == NULL) { - BN_free(x); - return 0; - } - memcpy(d_x, in->X, sizeof(d_x)); - bn_set_static_words(x, d_x, P256_LIMBS); - - memcpy(d_y, in->Y, sizeof(d_y)); - bn_set_static_words(y, d_y, P256_LIMBS); - - ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx); - - BN_free(x); - BN_free(y); + if ((ret = bn_set_words(out->X, in->X, P256_LIMBS)) + && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS)) + && (ret = bn_set_words(out->Z, ONE, P256_LIMBS))) + out->Z_is_one = 1; return ret; } @@ -1168,7 +1152,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return 0; } - if (group->meth != r->meth) { + if (!ec_point_is_compat(r, group)) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -1177,7 +1161,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return EC_POINT_set_to_infinity(group, r); for (j = 0; j < num; j++) { - if (group->meth != points[j]->meth) { + if (!ec_point_is_compat(points[j], group)) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -1210,9 +1194,9 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, if (pre_comp_generator == NULL) goto err; + ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1); if (!ecp_nistz256_set_from_affine(pre_comp_generator, - group, pre_comp->precomp[0], - ctx)) { + group, &p.a, ctx)) { EC_POINT_free(pre_comp_generator); goto err; } @@ -1552,7 +1536,8 @@ const EC_METHOD *EC_GFp_nistz256_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0 /* blind_coordinates */ }; return &ret; diff --git a/vendor/openssl/crypto/ec/ecp_smpl.c b/vendor/openssl/crypto/ec/ecp_smpl.c index 76e0caf90..2015f1173 100644 --- a/vendor/openssl/crypto/ec/ecp_smpl.c +++ b/vendor/openssl/crypto/ec/ecp_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,7 +67,8 @@ const EC_METHOD *EC_GFp_simple_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + ec_GFp_simple_blind_coordinates }; return &ret; @@ -352,6 +353,7 @@ int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) if (!BN_copy(dest->Z, src->Z)) return 0; dest->Z_is_one = src->Z_is_one; + dest->curve_name = src->curve_name; return 1; } @@ -1221,7 +1223,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, if (tmp == NULL || tmp_Z == NULL) goto err; - prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0])); if (prod_Z == NULL) goto err; for (i = 0; i < num; i++) { @@ -1367,3 +1369,57 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, { return BN_mod_sqr(r, a, group->field, ctx); } + +/*- + * Apply randomization of EC point projective coordinates: + * + * (X, Y ,Z ) = (lambda^2*X, lambda^3*Y, lambda*Z) + * lambda = [1,group->field) + * + */ +int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, + BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *lambda = NULL; + BIGNUM *temp = NULL; + + BN_CTX_start(ctx); + lambda = BN_CTX_get(ctx); + temp = BN_CTX_get(ctx); + if (temp == NULL) { + ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* make sure lambda is not zero */ + do { + if (!BN_rand_range(lambda, group->field)) { + ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_BN_LIB); + goto err; + } + } while (BN_is_zero(lambda)); + + /* if field_encode defined convert between representations */ + if (group->meth->field_encode != NULL + && !group->meth->field_encode(group, lambda, lambda, ctx)) + goto err; + if (!group->meth->field_mul(group, p->Z, p->Z, lambda, ctx)) + goto err; + if (!group->meth->field_sqr(group, temp, lambda, ctx)) + goto err; + if (!group->meth->field_mul(group, p->X, p->X, temp, ctx)) + goto err; + if (!group->meth->field_mul(group, temp, temp, lambda, ctx)) + goto err; + if (!group->meth->field_mul(group, p->Y, p->Y, temp, ctx)) + goto err; + p->Z_is_one = 0; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + diff --git a/vendor/openssl/crypto/ec/ecx_meth.c b/vendor/openssl/crypto/ec/ecx_meth.c index 06e391134..018a9419f 100644 --- a/vendor/openssl/crypto/ec/ecx_meth.c +++ b/vendor/openssl/crypto/ec/ecx_meth.c @@ -212,7 +212,7 @@ static void ecx_free(EVP_PKEY *pkey) X25519_KEY *xkey = pkey->pkey.ptr; if (xkey) - OPENSSL_secure_free(xkey->privkey); + OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN); OPENSSL_free(xkey); } diff --git a/vendor/openssl/crypto/engine/eng_cryptodev.c b/vendor/openssl/crypto/engine/eng_cryptodev.c index d63c918c7..557273500 100644 --- a/vendor/openssl/crypto/engine/eng_cryptodev.c +++ b/vendor/openssl/crypto/engine/eng_cryptodev.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,10 +44,13 @@ #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ (defined(OpenBSD) || defined(__FreeBSD__)) # include -# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) +# if (defined(OpenBSD) && (OpenBSD >= 200112)) || \ + (defined(__FreeBSD_version) && \ + ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || \ + __FreeBSD_version >= 500041)) # define HAVE_CRYPTODEV # endif -# if (OpenBSD >= 200110) +# if defined(OpenBSD) && (OpenBSD >= 200110) # define HAVE_SYSLOG_R # endif #endif diff --git a/vendor/openssl/crypto/engine/eng_fat.c b/vendor/openssl/crypto/engine/eng_fat.c index 631aa3961..5cb818742 100644 --- a/vendor/openssl/crypto/engine/eng_fat.c +++ b/vendor/openssl/crypto/engine/eng_fat.c @@ -113,6 +113,7 @@ int ENGINE_register_complete(ENGINE *e) #endif ENGINE_register_RAND(e); ENGINE_register_pkey_meths(e); + ENGINE_register_pkey_asn1_meths(e); return 1; } diff --git a/vendor/openssl/crypto/engine/eng_lib.c b/vendor/openssl/crypto/engine/eng_lib.c index cbefc7eb6..ef8e99550 100644 --- a/vendor/openssl/crypto/engine/eng_lib.c +++ b/vendor/openssl/crypto/engine/eng_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,8 @@ CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE(do_engine_lock_init) { - OPENSSL_init_crypto(0, NULL); + if (!OPENSSL_init_crypto(0, NULL)) + return 0; global_engine_lock = CRYPTO_THREAD_lock_new(); return global_engine_lock != NULL; } @@ -143,8 +144,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); - if (item) - sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); + if (item != NULL) { + if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) + OPENSSL_free(item); + } } /* The API function that performs all cleanup */ diff --git a/vendor/openssl/crypto/engine/eng_list.c b/vendor/openssl/crypto/engine/eng_list.c index 934389f74..f8d74c1d3 100644 --- a/vendor/openssl/crypto/engine/eng_list.c +++ b/vendor/openssl/crypto/engine/eng_list.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -322,7 +322,7 @@ ENGINE *ENGINE_by_id(const char *id) * Prevent infinite recursion if we're looking for the dynamic engine. */ if (strcmp(id, "dynamic")) { - if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) + if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL) load_dir = ENGINESDIR; iterator = ENGINE_by_id("dynamic"); if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || diff --git a/vendor/openssl/crypto/engine/eng_table.c b/vendor/openssl/crypto/engine/eng_table.c index 219253a38..ac4b02fc1 100644 --- a/vendor/openssl/crypto/engine/eng_table.c +++ b/vendor/openssl/crypto/engine/eng_table.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -109,6 +109,11 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, } fnd->funct = NULL; (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd); + if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) { + sk_ENGINE_free(fnd->sk); + OPENSSL_free(fnd); + goto end; + } } /* A registration shouldn't add duplicate entries */ (void)sk_ENGINE_delete_ptr(fnd->sk, e); diff --git a/vendor/openssl/crypto/engine/tb_asnmth.c b/vendor/openssl/crypto/engine/tb_asnmth.c index 480267daa..5c7b16170 100644 --- a/vendor/openssl/crypto/engine/tb_asnmth.c +++ b/vendor/openssl/crypto/engine/tb_asnmth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -170,7 +170,8 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) ENGINE *e = sk_ENGINE_value(sk, i); EVP_PKEY_ASN1_METHOD *ameth; e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (((int)strlen(ameth->pem_str) == lk->len) + if (ameth != NULL + && ((int)strlen(ameth->pem_str) == lk->len) && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { lk->e = e; lk->ameth = ameth; diff --git a/vendor/openssl/crypto/err/err.c b/vendor/openssl/crypto/err/err.c index f866f2fdd..08c27a3e8 100644 --- a/vendor/openssl/crypto/err/err.c +++ b/vendor/openssl/crypto/err/err.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -122,6 +122,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { #endif static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT; +static int set_err_thread_local; static CRYPTO_THREAD_LOCAL err_thread_local; static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT; @@ -253,14 +254,16 @@ static void ERR_STATE_free(ERR_STATE *s) DEFINE_RUN_ONCE_STATIC(do_err_strings_init) { - OPENSSL_init_crypto(0, NULL); + if (!OPENSSL_init_crypto(0, NULL)) + return 0; err_string_lock = CRYPTO_THREAD_lock_new(); return err_string_lock != NULL; } void err_cleanup(void) { - CRYPTO_THREAD_cleanup_local(&err_thread_local); + if (set_err_thread_local != 0) + CRYPTO_THREAD_cleanup_local(&err_thread_local); CRYPTO_THREAD_lock_free(err_string_lock); err_string_lock = NULL; } @@ -359,6 +362,8 @@ void ERR_put_error(int lib, int func, int reason, const char *file, int line) } #endif es = ERR_get_state(); + if (es == NULL) + return; es->top = (es->top + 1) % ERR_NUM_ERRORS; if (es->top == es->bottom) @@ -376,6 +381,8 @@ void ERR_clear_error(void) ERR_STATE *es; es = ERR_get_state(); + if (es == NULL) + return; for (i = 0; i < ERR_NUM_ERRORS; i++) { err_clear(es, i); @@ -440,6 +447,8 @@ static unsigned long get_error_values(int inc, int top, const char **file, unsigned long ret; es = ERR_get_state(); + if (es == NULL) + return 0; if (inc && top) { if (file) @@ -617,7 +626,7 @@ const char *ERR_reason_error_string(unsigned long e) void err_delete_thread_state(void) { - ERR_STATE *state = ERR_get_state(); + ERR_STATE *state = CRYPTO_THREAD_get_local(&err_thread_local); if (state == NULL) return; @@ -639,43 +648,82 @@ void ERR_remove_state(unsigned long pid) DEFINE_RUN_ONCE_STATIC(err_do_init) { + set_err_thread_local = 1; return CRYPTO_THREAD_init_local(&err_thread_local, NULL); } ERR_STATE *ERR_get_state(void) { - ERR_STATE *state = NULL; + ERR_STATE *state; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) + return NULL; if (!RUN_ONCE(&err_init, err_do_init)) return NULL; state = CRYPTO_THREAD_get_local(&err_thread_local); + if (state == (ERR_STATE*)-1) + return NULL; if (state == NULL) { - state = OPENSSL_zalloc(sizeof(*state)); - if (state == NULL) + if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) return NULL; - if (!CRYPTO_THREAD_set_local(&err_thread_local, state)) { + if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) { + CRYPTO_THREAD_set_local(&err_thread_local, NULL); + return NULL; + } + + if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE) + || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { ERR_STATE_free(state); + CRYPTO_THREAD_set_local(&err_thread_local, NULL); return NULL; } /* Ignore failures from these */ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); - ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE); } return state; } +/* + * err_shelve_state returns the current thread local error state + * and freezes the error module until err_unshelve_state is called. + */ +int err_shelve_state(void **state) +{ + if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) + return 0; + + if (!RUN_ONCE(&err_init, err_do_init)) + return 0; + + *state = CRYPTO_THREAD_get_local(&err_thread_local); + if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) + return 0; + + return 1; +} + +/* + * err_unshelve_state restores the error state that was returned + * by err_shelve_state previously. + */ +void err_unshelve_state(void* state) +{ + if (state != (void*)-1) + CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)state); +} + int ERR_get_next_error_library(void) { int ret; - if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { + if (!RUN_ONCE(&err_string_init, do_err_strings_init)) return 0; - } CRYPTO_THREAD_write_lock(err_string_lock); ret = int_err_library_number++; @@ -689,10 +737,10 @@ void ERR_set_error_data(char *data, int flags) int i; es = ERR_get_state(); + if (es == NULL) + return; i = es->top; - if (i == 0) - i = ERR_NUM_ERRORS - 1; err_clear_data(es, i); es->err_data[i] = data; @@ -744,6 +792,8 @@ int ERR_set_mark(void) ERR_STATE *es; es = ERR_get_state(); + if (es == NULL) + return 0; if (es->bottom == es->top) return 0; @@ -756,6 +806,8 @@ int ERR_pop_to_mark(void) ERR_STATE *es; es = ERR_get_state(); + if (es == NULL) + return 0; while (es->bottom != es->top && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) { diff --git a/vendor/openssl/crypto/err/err_prn.c b/vendor/openssl/crypto/err/err_prn.c index c7dc1d151..6ae12515f 100644 --- a/vendor/openssl/crypto/err/err_prn.c +++ b/vendor/openssl/crypto/err/err_prn.c @@ -35,7 +35,7 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), tid.tid = CRYPTO_THREAD_get_current_id(); while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", tid.ltid, buf, file, line, (flags & ERR_TXT_STRING) ? data : ""); if (cb(buf2, strlen(buf2), u) <= 0) diff --git a/vendor/openssl/crypto/evp/bio_b64.c b/vendor/openssl/crypto/evp/bio_b64.c index 32a884a71..a86e8db0b 100644 --- a/vendor/openssl/crypto/evp/bio_b64.c +++ b/vendor/openssl/crypto/evp/bio_b64.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ static int b64_puts(BIO *h, const char *str); static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int b64_new(BIO *h); static int b64_free(BIO *data); -static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); #define B64_BLOCK_SIZE 1024 #define B64_BLOCK_SIZE2 768 #define B64_NONE 0 @@ -47,7 +47,8 @@ typedef struct b64_struct { } BIO_B64_CTX; static const BIO_METHOD methods_b64 = { - BIO_TYPE_BASE64, "base64 encoding", + BIO_TYPE_BASE64, + "base64 encoding", b64_write, b64_read, b64_puts, @@ -287,6 +288,14 @@ static int b64_read(BIO *b, char *out, int outl) (unsigned char *)ctx->tmp, i); ctx->tmp_len = 0; } + /* + * If eof or an error was signalled, then the condition + * 'ctx->cont <= 0' will prevent b64_read() from reading + * more data on subsequent calls. This assignment was + * deleted accidentally in commit 5562cfaca4f3. + */ + ctx->cont = i; + ctx->buf_off = 0; if (i < 0) { ret_code = 0; @@ -521,7 +530,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) return ret; } -static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; BIO *next = BIO_next(b); diff --git a/vendor/openssl/crypto/evp/bio_enc.c b/vendor/openssl/crypto/evp/bio_enc.c index 5a3beef97..e62d1dfda 100644 --- a/vendor/openssl/crypto/evp/bio_enc.c +++ b/vendor/openssl/crypto/evp/bio_enc.c @@ -25,7 +25,7 @@ static int enc_read(BIO *h, char *buf, int size); static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int enc_new(BIO *h); static int enc_free(BIO *data); -static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); +static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) #define ENC_MIN_CHUNK (256) #define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) @@ -46,7 +46,8 @@ typedef struct enc_struct { } BIO_ENC_CTX; static const BIO_METHOD methods_enc = { - BIO_TYPE_CIPHER, "cipher", + BIO_TYPE_CIPHER, + "cipher", enc_write, enc_read, NULL, /* enc_puts, */ @@ -386,7 +387,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) return (ret); } -static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; BIO *next = BIO_next(b); diff --git a/vendor/openssl/crypto/evp/bio_md.c b/vendor/openssl/crypto/evp/bio_md.c index cd968ec2d..2f0f2831d 100644 --- a/vendor/openssl/crypto/evp/bio_md.c +++ b/vendor/openssl/crypto/evp/bio_md.c @@ -29,10 +29,11 @@ static int md_gets(BIO *h, char *str, int size); static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int md_new(BIO *h); static int md_free(BIO *data); -static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static const BIO_METHOD methods_md = { - BIO_TYPE_MD, "message digest", + BIO_TYPE_MD, + "message digest", md_write, md_read, NULL, /* md_puts, */ @@ -196,7 +197,7 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) return (ret); } -static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; BIO *next; diff --git a/vendor/openssl/crypto/evp/bio_ok.c b/vendor/openssl/crypto/evp/bio_ok.c index 7974b9631..b156e62ef 100644 --- a/vendor/openssl/crypto/evp/bio_ok.c +++ b/vendor/openssl/crypto/evp/bio_ok.c @@ -83,7 +83,7 @@ static int ok_read(BIO *h, char *buf, int size); static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int ok_new(BIO *h); static int ok_free(BIO *data); -static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +static long ok_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); static __owur int sig_out(BIO *b); static __owur int sig_in(BIO *b); @@ -108,7 +108,8 @@ typedef struct ok_struct { } BIO_OK_CTX; static const BIO_METHOD methods_ok = { - BIO_TYPE_CIPHER, "reliable", + BIO_TYPE_CIPHER, + "reliable", ok_write, ok_read, NULL, /* ok_puts, */ @@ -398,7 +399,7 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) return ret; } -static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +static long ok_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) { long ret = 1; BIO *next; diff --git a/vendor/openssl/crypto/evp/e_aes.c b/vendor/openssl/crypto/evp/e_aes.c index 17822f20e..3f36d7072 100644 --- a/vendor/openssl/crypto/evp/e_aes.c +++ b/vendor/openssl/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1229,6 +1229,8 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, EVP_CIPHER_CTX_encrypting(ctx), dat->block); EVP_CIPHER_CTX_set_num(ctx, num); len -= MAXBITCHUNK; + out += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) { int num = EVP_CIPHER_CTX_num(ctx); @@ -1978,6 +1980,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_AEAD_SET_IVLEN: arg = 15 - arg; + /* fall thru */ case EVP_CTRL_CCM_SET_L: if (arg < 2 || arg > 8) return 0; diff --git a/vendor/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/vendor/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c index 8e71e591e..f30f722e4 100644 --- a/vendor/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/vendor/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -528,12 +528,17 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; - ret &= constant_time_ge(maxpad, pad); + mask = constant_time_ge(maxpad, pad); + ret &= mask; + /* + * If pad is invalid then we will fail the above test but we must + * continue anyway because we are in constant time code. However, + * we'll use the maxpad value instead of the supplied pad to make + * sure we perform well defined pointer arithmetic. + */ + pad = constant_time_select(mask, pad, maxpad); inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); - mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); - inp_len &= mask; - ret &= (int)mask; key->aux.tls_aad[plen - 2] = inp_len >> 8; key->aux.tls_aad[plen - 1] = inp_len; diff --git a/vendor/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c b/vendor/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c index f0be05ca4..13973f110 100644 --- a/vendor/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/vendor/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -453,10 +453,12 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, * to identify it and avoid stitch invocation. So that after we * establish that current CPU supports AVX, we even see if it's * either even XOP-capable Bulldozer-based or GenuineIntel one. + * But SHAEXT-capable go ahead... */ - if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */ - ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ - | (OPENSSL_ia32cap_P[0] & (1<<30))) && /* "Intel CPU"? */ + if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */ + ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */ + ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ + | (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */ plen > (sha_off + iv) && (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { SHA256_Update(&key->md, in + iv, sha_off); @@ -538,12 +540,17 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; - ret &= constant_time_ge(maxpad, pad); + mask = constant_time_ge(maxpad, pad); + ret &= mask; + /* + * If pad is invalid then we will fail the above test but we must + * continue anyway because we are in constant time code. However, + * we'll use the maxpad value instead of the supplied pad to make + * sure we perform well defined pointer arithmetic. + */ + pad = constant_time_select(mask, pad, maxpad); inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); - mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); - inp_len &= mask; - ret &= (int)mask; key->aux.tls_aad[plen - 2] = inp_len >> 8; key->aux.tls_aad[plen - 1] = inp_len; diff --git a/vendor/openssl/crypto/evp/e_camellia.c b/vendor/openssl/crypto/evp/e_camellia.c index b50fa0b96..2df4a6e3e 100644 --- a/vendor/openssl/crypto/evp/e_camellia.c +++ b/vendor/openssl/crypto/evp/e_camellia.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -325,8 +325,10 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, int num = EVP_CIPHER_CTX_num(ctx); CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); - len -= MAXBITCHUNK; EVP_CIPHER_CTX_set_num(ctx, num); + len -= MAXBITCHUNK; + out += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) { int num = EVP_CIPHER_CTX_num(ctx); diff --git a/vendor/openssl/crypto/evp/evp_enc.c b/vendor/openssl/crypto/evp/evp_enc.c index f829e8dcc..e5807edd6 100644 --- a/vendor/openssl/crypto/evp/evp_enc.c +++ b/vendor/openssl/crypto/evp/evp_enc.c @@ -50,7 +50,8 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int enc) { - EVP_CIPHER_CTX_reset(ctx); + if (cipher != NULL) + EVP_CIPHER_CTX_reset(ctx); return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); } @@ -391,7 +392,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->buf); + OPENSSL_assert(b <= sizeof(ctx->buf)); if (b == 1) { *outl = 0; return 1; @@ -452,7 +453,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if (ctx->flags & EVP_CIPH_NO_PADDING) return EVP_EncryptUpdate(ctx, out, outl, in, inl); - OPENSSL_assert(b <= sizeof ctx->final); + OPENSSL_assert(b <= sizeof(ctx->final)); if (ctx->final_used) { /* see comment about PTRDIFF_T comparison above */ @@ -524,7 +525,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); return (0); } - OPENSSL_assert(b <= sizeof ctx->final); + OPENSSL_assert(b <= sizeof(ctx->final)); /* * The following assumes that the ciphertext has been authenticated. diff --git a/vendor/openssl/crypto/evp/evp_err.c b/vendor/openssl/crypto/evp/evp_err.c index e32a1c01c..3543d44cb 100644 --- a/vendor/openssl/crypto/evp/evp_err.c +++ b/vendor/openssl/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,6 +49,7 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_EVP_PBE_SCRYPT), "EVP_PBE_scrypt"}, {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"}, + {ERR_FUNC(EVP_F_EVP_PKEY_ASN1_ADD0), "EVP_PKEY_asn1_add0"}, {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"}, {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"}, @@ -69,9 +70,12 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"}, {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"}, {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"}, + {ERR_FUNC(EVP_F_EVP_PKEY_METH_ADD0), "EVP_PKEY_meth_add0"}, + {ERR_FUNC(EVP_F_EVP_PKEY_METH_NEW), "EVP_PKEY_meth_new"}, {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"}, {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"}, + {ERR_FUNC(EVP_F_EVP_PKEY_SET1_ENGINE), "EVP_PKEY_set1_engine"}, {ERR_FUNC(EVP_F_EVP_PKEY_SIGN), "EVP_PKEY_sign"}, {ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT), "EVP_PKEY_sign_init"}, {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY), "EVP_PKEY_verify"}, @@ -141,6 +145,11 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, + {ERR_REASON(EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, + {ERR_REASON(EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED), + "pkey application asn1 method already registered"}, + {ERR_REASON(EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED), + "pkey asn1 method already registered"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, diff --git a/vendor/openssl/crypto/evp/evp_key.c b/vendor/openssl/crypto/evp/evp_key.c index 8a4297cf6..52011307a 100644 --- a/vendor/openssl/crypto/evp/evp_key.c +++ b/vendor/openssl/crypto/evp/evp_key.c @@ -49,7 +49,7 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify) { - int ret; + int ret = -1; char buff[BUFSIZ]; UI *ui; @@ -57,16 +57,18 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, prompt = prompt_string; ui = UI_new(); if (ui == NULL) - return -1; - UI_add_input_string(ui, prompt, 0, buf, min, - (len >= BUFSIZ) ? BUFSIZ - 1 : len); - if (verify) - UI_add_verify_string(ui, prompt, 0, - buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len, - buf); + return ret; + if (UI_add_input_string(ui, prompt, 0, buf, min, + (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0 + || (verify + && UI_add_verify_string(ui, prompt, 0, buff, min, + (len >= BUFSIZ) ? BUFSIZ - 1 : len, + buf) < 0)) + goto end; ret = UI_process(ui); - UI_free(ui); OPENSSL_cleanse(buff, BUFSIZ); + end: + UI_free(ui); return ret; } #endif /* OPENSSL_NO_UI */ diff --git a/vendor/openssl/crypto/evp/evp_pbe.c b/vendor/openssl/crypto/evp/evp_pbe.c index ce7aa2cfa..eb7344c25 100644 --- a/vendor/openssl/crypto/evp/evp_pbe.c +++ b/vendor/openssl/crypto/evp/evp_pbe.c @@ -90,9 +90,9 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); if (!pbe_obj) - OPENSSL_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); + OPENSSL_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp)); else - i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); + i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; } diff --git a/vendor/openssl/crypto/evp/m_sha1.c b/vendor/openssl/crypto/evp/m_sha1.c index 8f30077a4..e68f32a04 100644 --- a/vendor/openssl/crypto/evp/m_sha1.c +++ b/vendor/openssl/crypto/evp/m_sha1.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -115,16 +115,21 @@ static int init224(EVP_MD_CTX *ctx) return SHA224_Init(EVP_MD_CTX_md_data(ctx)); } +static int update224(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count); +} + +static int final224(EVP_MD_CTX *ctx, unsigned char *md) +{ + return SHA224_Final(md, EVP_MD_CTX_md_data(ctx)); +} + static int init256(EVP_MD_CTX *ctx) { return SHA256_Init(EVP_MD_CTX_md_data(ctx)); } -/* - * Even though there're separate SHA224_[Update|Final], we call - * SHA256 functions even in SHA224 context. This is what happens - * there anyway, so we can spare few CPU cycles:-) - */ static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) { return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count); @@ -141,8 +146,8 @@ static const EVP_MD sha224_md = { SHA224_DIGEST_LENGTH, EVP_MD_FLAG_DIGALGID_ABSENT, init224, - update256, - final256, + update224, + final224, NULL, NULL, SHA256_CBLOCK, @@ -178,6 +183,16 @@ static int init384(EVP_MD_CTX *ctx) return SHA384_Init(EVP_MD_CTX_md_data(ctx)); } +static int update384(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count); +} + +static int final384(EVP_MD_CTX *ctx, unsigned char *md) +{ + return SHA384_Final(md, EVP_MD_CTX_md_data(ctx)); +} + static int init512(EVP_MD_CTX *ctx) { return SHA512_Init(EVP_MD_CTX_md_data(ctx)); @@ -200,8 +215,8 @@ static const EVP_MD sha384_md = { SHA384_DIGEST_LENGTH, EVP_MD_FLAG_DIGALGID_ABSENT, init384, - update512, - final512, + update384, + final384, NULL, NULL, SHA512_CBLOCK, diff --git a/vendor/openssl/crypto/evp/m_sigver.c b/vendor/openssl/crypto/evp/m_sigver.c index 3b74f7229..582e563d5 100644 --- a/vendor/openssl/crypto/evp/m_sigver.c +++ b/vendor/openssl/crypto/evp/m_sigver.c @@ -109,8 +109,12 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, r = EVP_DigestFinal_ex(ctx, md, &mdlen); } else { EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); - if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) + if (tmp_ctx == NULL) return 0; + if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) { + EVP_MD_CTX_free(tmp_ctx); + return 0; + } if (sctx) r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx, sigret, siglen, tmp_ctx); @@ -154,8 +158,12 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, r = EVP_DigestFinal_ex(ctx, md, &mdlen); } else { EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); - if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) + if (tmp_ctx == NULL) + return -1; + if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) { + EVP_MD_CTX_free(tmp_ctx); return -1; + } if (vctx) { r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, sig, siglen, tmp_ctx); diff --git a/vendor/openssl/crypto/evp/p5_crpt2.c b/vendor/openssl/crypto/evp/p5_crpt2.c index 365e240cc..6d5f289b5 100644 --- a/vendor/openssl/crypto/evp/p5_crpt2.c +++ b/vendor/openssl/crypto/evp/p5_crpt2.c @@ -215,7 +215,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); - OPENSSL_assert(keylen <= sizeof key); + OPENSSL_assert(keylen <= sizeof(key)); /* Decode parameter */ diff --git a/vendor/openssl/crypto/evp/p_lib.c b/vendor/openssl/crypto/evp/p_lib.c index 982862055..d7372aa12 100644 --- a/vendor/openssl/crypto/evp/p_lib.c +++ b/vendor/openssl/crypto/evp/p_lib.c @@ -187,9 +187,11 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) if ((type == pkey->save_type) && pkey->ameth) return 1; #ifndef OPENSSL_NO_ENGINE - /* If we have an ENGINE release it */ + /* If we have ENGINEs release them */ ENGINE_finish(pkey->engine); pkey->engine = NULL; + ENGINE_finish(pkey->pmeth_engine); + pkey->pmeth_engine = NULL; #endif } if (str) @@ -223,7 +225,25 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) { return pkey_set_type(pkey, EVP_PKEY_NONE, str, len); } - +#ifndef OPENSSL_NO_ENGINE +int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e) +{ + if (e != NULL) { + if (!ENGINE_init(e)) { + EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, ERR_R_ENGINE_LIB); + return 0; + } + if (ENGINE_get_pkey_meth(e, pkey->type) == NULL) { + ENGINE_finish(e); + EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, EVP_R_UNSUPPORTED_ALGORITHM); + return 0; + } + } + ENGINE_finish(pkey->pmeth_engine); + pkey->pmeth_engine = e; + return 1; +} +#endif int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { if (pkey == NULL || !EVP_PKEY_set_type(pkey, type)) @@ -413,6 +433,8 @@ static void EVP_PKEY_free_it(EVP_PKEY *x) #ifndef OPENSSL_NO_ENGINE ENGINE_finish(x->engine); x->engine = NULL; + ENGINE_finish(x->pmeth_engine); + x->pmeth_engine = NULL; #endif } diff --git a/vendor/openssl/crypto/evp/p_seal.c b/vendor/openssl/crypto/evp/p_seal.c index faa246483..6f026e7c4 100644 --- a/vendor/openssl/crypto/evp/p_seal.c +++ b/vendor/openssl/crypto/evp/p_seal.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,6 +21,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, { unsigned char key[EVP_MAX_KEY_LENGTH]; int i; + int rv = 0; if (type) { EVP_CIPHER_CTX_reset(ctx); @@ -31,21 +32,27 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, return 1; if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; + if (EVP_CIPHER_CTX_iv_length(ctx) - && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0) - return 0; + && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0) + goto err; if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) - return 0; + goto err; for (i = 0; i < npubk; i++) { ekl[i] = EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx), pubk[i]); - if (ekl[i] <= 0) - return (-1); + if (ekl[i] <= 0) { + rv = -1; + goto err; + } } - return (npubk); + rv = npubk; +err: + OPENSSL_cleanse(key, sizeof(key)); + return rv; } /*- MACRO diff --git a/vendor/openssl/crypto/evp/pmeth_lib.c b/vendor/openssl/crypto/evp/pmeth_lib.c index b7f06be5d..f623db348 100644 --- a/vendor/openssl/crypto/evp/pmeth_lib.c +++ b/vendor/openssl/crypto/evp/pmeth_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,16 +89,17 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) id = pkey->ameth->pkey_id; } #ifndef OPENSSL_NO_ENGINE - if (pkey && pkey->engine) - e = pkey->engine; + if (e == NULL && pkey != NULL) + e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine; /* Try to find an ENGINE which implements this method */ if (e) { if (!ENGINE_init(e)) { EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB); return NULL; } - } else + } else { e = ENGINE_get_pkey_meth_engine(id); + } /* * If an ENGINE handled this method look it up. Otherwise use internal @@ -112,6 +113,9 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) pmeth = EVP_PKEY_meth_find(id); if (pmeth == NULL) { +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(e); +#endif EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM); return NULL; } @@ -147,8 +151,10 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) EVP_PKEY_METHOD *pmeth; pmeth = OPENSSL_zalloc(sizeof(*pmeth)); - if (pmeth == NULL) + if (pmeth == NULL) { + EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } pmeth->pkey_id = id; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; @@ -234,8 +240,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) } #endif rctx = OPENSSL_malloc(sizeof(*rctx)); - if (rctx == NULL) + if (rctx == NULL) { + EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE); return NULL; + } rctx->pmeth = pctx->pmeth; #ifndef OPENSSL_NO_ENGINE @@ -269,11 +277,15 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) { if (app_pkey_methods == NULL) { app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); - if (app_pkey_methods == NULL) + if (app_pkey_methods == NULL) { + EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE); return 0; + } } - if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) + if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) { + EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE); return 0; + } sk_EVP_PKEY_METHOD_sort(app_pkey_methods); return 1; } @@ -553,26 +565,26 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl_str = ctrl_str; } -void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)) { *pinit = pmeth->init; } -void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, int (**pcopy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)) { *pcopy = pmeth->copy; } -void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, void (**pcleanup) (EVP_PKEY_CTX *ctx)) { *pcleanup = pmeth->cleanup; } -void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init) (EVP_PKEY_CTX *ctx), int (**pparamgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) @@ -583,7 +595,7 @@ void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, *pparamgen = pmeth->paramgen; } -void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init) (EVP_PKEY_CTX *ctx), int (**pkeygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) @@ -594,7 +606,7 @@ void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, *pkeygen = pmeth->keygen; } -void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, int (**psign_init) (EVP_PKEY_CTX *ctx), int (**psign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, @@ -607,7 +619,7 @@ void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, *psign = pmeth->sign; } -void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, int (**pverify_init) (EVP_PKEY_CTX *ctx), int (**pverify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, @@ -621,7 +633,7 @@ void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, *pverify = pmeth->verify; } -void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, int (**pverify_recover_init) (EVP_PKEY_CTX *ctx), int (**pverify_recover) (EVP_PKEY_CTX @@ -639,7 +651,7 @@ void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, *pverify_recover = pmeth->verify_recover; } -void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, int (**psignctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**psignctx) (EVP_PKEY_CTX *ctx, @@ -653,7 +665,7 @@ void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, *psignctx = pmeth->signctx; } -void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**pverifyctx) (EVP_PKEY_CTX *ctx, @@ -667,7 +679,7 @@ void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, *pverifyctx = pmeth->verifyctx; } -void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init) (EVP_PKEY_CTX *ctx), int (**pencryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -681,7 +693,7 @@ void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, *pencryptfn = pmeth->encrypt; } -void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), int (**pdecrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -695,7 +707,7 @@ void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, *pdecrypt = pmeth->decrypt; } -void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, int (**pderive_init) (EVP_PKEY_CTX *ctx), int (**pderive) (EVP_PKEY_CTX *ctx, unsigned char *key, @@ -707,7 +719,7 @@ void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, *pderive = pmeth->derive; } -void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2), int (**pctrl_str) (EVP_PKEY_CTX *ctx, diff --git a/vendor/openssl/crypto/evp/scrypt.c b/vendor/openssl/crypto/evp/scrypt.c index 101bb1edb..3543df540 100644 --- a/vendor/openssl/crypto/evp/scrypt.c +++ b/vendor/openssl/crypto/evp/scrypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -171,8 +171,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) return 0; /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ - if (p > SCRYPT_PR_MAX / r) + if (p > SCRYPT_PR_MAX / r) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } /* * Need to check N: if 2^(128 * r / 8) overflows limit this is @@ -180,8 +182,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, */ if (16 * r <= LOG2_UINT64_MAX) { - if (N >= (((uint64_t)1) << (16 * r))) + if (N >= (((uint64_t)1) << (16 * r))) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } } /* Memory checks: check total allocated buffer size fits in uint64_t */ @@ -199,13 +203,17 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, * This is combined size V, X and T (section 4) */ i = UINT64_MAX / (32 * sizeof(uint32_t)); - if (N + 2 > i / r) + if (N + 2 > i / r) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } Vlen = 32 * r * (N + 2) * sizeof(uint32_t); /* check total allocated size fits in uint64_t */ - if (Blen > UINT64_MAX - Vlen) + if (Blen > UINT64_MAX - Vlen) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } /* check total allocated size fits in size_t */ if (Blen > SIZE_MAX - Vlen) return 0; @@ -225,8 +233,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, return 1; B = OPENSSL_malloc(allocsize); - if (B == NULL) + if (B == NULL) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE); return 0; + } X = (uint32_t *)(B + Blen); T = X + 32 * r; V = T + 32 * r; @@ -242,6 +252,9 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, goto err; rv = 1; err: + if (rv == 0) + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR); + OPENSSL_clear_free(B, allocsize); return rv; } diff --git a/vendor/openssl/crypto/ex_data.c b/vendor/openssl/crypto/ex_data.c index 4a3201a95..6e3072f2a 100644 --- a/vendor/openssl/crypto/ex_data.c +++ b/vendor/openssl/crypto/ex_data.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,8 @@ static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(do_ex_data_init) { - OPENSSL_init_crypto(0, NULL); + if (!OPENSSL_init_crypto(0, NULL)) + return 0; ex_data_lock = CRYPTO_THREAD_lock_new(); return ex_data_lock != NULL; } @@ -287,7 +288,14 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE); return 0; } - if (!CRYPTO_set_ex_data(to, mx - 1, NULL)) + /* + * Make sure the ex_data stack is at least |mx| elements long to avoid + * issues in the for loop that follows; so go get the |mx|'th element + * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign + * to itself. This is normally a no-op; but ensures the stack is the + * proper size + */ + if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1))) goto err; for (i = 0; i < mx; i++) { diff --git a/vendor/openssl/crypto/getenv.c b/vendor/openssl/crypto/getenv.c new file mode 100644 index 000000000..7e98b645b --- /dev/null +++ b/vendor/openssl/crypto/getenv.c @@ -0,0 +1,31 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif + +#include +#include "internal/cryptlib.h" + +char *ossl_safe_getenv(const char *name) +{ +#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 17) +# define SECURE_GETENV + return secure_getenv(name); +# endif +#endif + +#ifndef SECURE_GETENV + if (OPENSSL_issetugid()) + return NULL; + return getenv(name); +#endif +} diff --git a/vendor/openssl/crypto/ia64cpuid.S b/vendor/openssl/crypto/ia64cpuid.S index ffd6d6ca6..92c55124b 100644 --- a/vendor/openssl/crypto/ia64cpuid.S +++ b/vendor/openssl/crypto/ia64cpuid.S @@ -1,4 +1,4 @@ -// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +// Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use // this file except in compliance with the License. You can obtain a copy @@ -75,7 +75,7 @@ OPENSSL_wipe_cpu: { .mii; add r9=96*8-8,r9 mov ar.ec=1 };; -// One can sweep double as fast, but then we can't quarantee +// One can sweep double as fast, but then we can't guarantee // that backing storage is wiped... .L_wipe_top: { .mfi; st8 [r9]=r0,-8 diff --git a/vendor/openssl/crypto/idea/idea_lcl.h b/vendor/openssl/crypto/idea/idea_lcl.h index f227d0db3..825d00066 100644 --- a/vendor/openssl/crypto/idea/idea_lcl.h +++ b/vendor/openssl/crypto/idea/idea_lcl.h @@ -38,12 +38,19 @@ else \ l1=l2=0; \ switch (n) { \ case 8: l2 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + /* fall thru */ \ case 4: l1 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ case 1: l1|=((unsigned long)(*(--(c))))<<24; \ } \ } @@ -53,12 +60,19 @@ else \ c+=n; \ switch (n) { \ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + /* fall thru */ \ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + /* fall thru */ \ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + /* fall thru */ \ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + /* fall thru */ \ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + /* fall thru */ \ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + /* fall thru */ \ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ } \ } diff --git a/vendor/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H b/vendor/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H new file mode 100644 index 000000000..5f6386080 --- /dev/null +++ b/vendor/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H @@ -0,0 +1,16 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is only used by HP C on VMS, and is included automatically + * after each header file from this directory + */ + +/* restore state. Must correspond to the save in __decc_include_prologue.h */ +#pragma names restore diff --git a/vendor/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H b/vendor/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H new file mode 100644 index 000000000..78b2a87d8 --- /dev/null +++ b/vendor/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H @@ -0,0 +1,20 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is only used by HP C on VMS, and is included automatically + * after each header file from this directory + */ + +/* save state */ +#pragma names save +/* have the compiler shorten symbols larger than 31 chars to 23 chars + * followed by a 8 hex char CRC + */ +#pragma names as_is,shortened diff --git a/vendor/openssl/crypto/include/internal/asn1_int.h b/vendor/openssl/crypto/include/internal/asn1_int.h index f70e3b47b..ba9c06270 100644 --- a/vendor/openssl/crypto/include/internal/asn1_int.h +++ b/vendor/openssl/crypto/include/internal/asn1_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -90,5 +90,3 @@ struct asn1_pctx_st { unsigned long oid_flags; unsigned long str_flags; } /* ASN1_PCTX */ ; - -int asn1_valid_host(const ASN1_STRING *host); diff --git a/vendor/openssl/crypto/include/internal/async.h b/vendor/openssl/crypto/include/internal/async.h index db56258f2..dc8e937b0 100644 --- a/vendor/openssl/crypto/include/internal/async.h +++ b/vendor/openssl/crypto/include/internal/async.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,4 +11,5 @@ int async_init(void); void async_deinit(void); +void async_delete_thread_state(void); diff --git a/vendor/openssl/crypto/include/internal/bn_dh.h b/vendor/openssl/crypto/include/internal/bn_dh.h index b4bca40c5..f49f03983 100644 --- a/vendor/openssl/crypto/include/internal/bn_dh.h +++ b/vendor/openssl/crypto/include/internal/bn_dh.h @@ -8,9 +8,9 @@ */ #define declare_dh_bn(x) \ - const extern BIGNUM _bignum_dh##x##_p; \ - const extern BIGNUM _bignum_dh##x##_g; \ - const extern BIGNUM _bignum_dh##x##_q; + extern const BIGNUM _bignum_dh##x##_p; \ + extern const BIGNUM _bignum_dh##x##_g; \ + extern const BIGNUM _bignum_dh##x##_q; declare_dh_bn(1024_160) declare_dh_bn(2048_224) diff --git a/vendor/openssl/crypto/include/internal/bn_int.h b/vendor/openssl/crypto/include/internal/bn_int.h index 9c984ba78..2be7fdd0d 100644 --- a/vendor/openssl/crypto/include/internal/bn_int.h +++ b/vendor/openssl/crypto/include/internal/bn_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -53,7 +53,7 @@ BN_ULONG *bn_get_words(const BIGNUM *a); * Set the internal data words in a to point to words which contains size * elements. The BN_FLG_STATIC_DATA flag is set */ -void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); +void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size); /* * Copy words into the BIGNUM |a|, reallocating space as necessary. @@ -64,7 +64,7 @@ void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); * |num_words| is int because bn_expand2 takes an int. This is an internal * function so we simply trust callers not to pass negative values. */ -int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words); +int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); size_t bn_sizeof_BIGNUM(void); @@ -74,6 +74,25 @@ size_t bn_sizeof_BIGNUM(void); */ BIGNUM *bn_array_el(BIGNUM *base, int el); +/* + * Some BIGNUM functions assume most significant limb to be non-zero, which + * is customarily arranged by bn_correct_top. Output from below functions + * is not processed with bn_correct_top, and for this reason it may not be + * returned out of public API. It may only be passed internally into other + * functions known to support non-minimal or zero-padded BIGNUMs. + */ +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); #ifdef __cplusplus } diff --git a/vendor/openssl/crypto/include/internal/cryptlib.h b/vendor/openssl/crypto/include/internal/cryptlib.h index f3ec9b67b..d42a134bd 100644 --- a/vendor/openssl/crypto/include/internal/cryptlib.h +++ b/vendor/openssl/crypto/include/internal/cryptlib.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,6 +67,8 @@ void OPENSSL_showfatal(const char *fmta, ...); extern int OPENSSL_NONPIC_relocated; void crypto_cleanup_all_ex_data_int(void); +char *ossl_safe_getenv(const char *name); + int openssl_strerror_r(int errnum, char *buf, size_t buflen); # if !defined(OPENSSL_NO_STDIO) FILE *openssl_fopen(const char *filename, const char *mode); @@ -74,6 +76,8 @@ FILE *openssl_fopen(const char *filename, const char *mode); void *openssl_fopen(const char *filename, const char *mode); # endif +unsigned long OPENSSL_rdtsc(void); + #ifdef __cplusplus } #endif diff --git a/vendor/openssl/crypto/include/internal/cryptlib_int.h b/vendor/openssl/crypto/include/internal/cryptlib_int.h index 8e2a7199a..ceeb63ddd 100644 --- a/vendor/openssl/crypto/include/internal/cryptlib_int.h +++ b/vendor/openssl/crypto/include/internal/cryptlib_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,6 +24,7 @@ int ossl_init_thread_start(uint64_t opts); * use". */ # define OPENSSL_INIT_ZLIB 0x00010000L +# define OPENSSL_INIT_BASE_ONLY 0x00040000L /* OPENSSL_INIT_THREAD flags */ # define OPENSSL_INIT_THREAD_ASYNC 0x01 diff --git a/vendor/openssl/crypto/include/internal/err_int.h b/vendor/openssl/crypto/include/internal/err_int.h index 7fec3ed76..44ac94462 100644 --- a/vendor/openssl/crypto/include/internal/err_int.h +++ b/vendor/openssl/crypto/include/internal/err_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,5 +13,7 @@ int err_load_crypto_strings_int(void); void err_cleanup(void); void err_delete_thread_state(void); +int err_shelve_state(void **); +void err_unshelve_state(void *); #endif diff --git a/vendor/openssl/crypto/include/internal/evp_int.h b/vendor/openssl/crypto/include/internal/evp_int.h index c9ef58279..f34699bfa 100644 --- a/vendor/openssl/crypto/include/internal/evp_int.h +++ b/vendor/openssl/crypto/include/internal/evp_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -199,7 +199,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, cprefix##_cfb##cbits##_encrypt(in, out, (long) \ ((cbits == 1) \ && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ - ? inl*8 : inl), \ + ? chunk*8 : chunk), \ &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\ &num, EVP_CIPHER_CTX_encrypting(ctx));\ EVP_CIPHER_CTX_set_num(ctx, num);\ @@ -356,6 +356,7 @@ struct evp_pkey_st { int references; const EVP_PKEY_ASN1_METHOD *ameth; ENGINE *engine; + ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ union { void *ptr; # ifndef OPENSSL_NO_RSA diff --git a/vendor/openssl/crypto/include/internal/lhash.h b/vendor/openssl/crypto/include/internal/lhash.h new file mode 100644 index 000000000..200ba8685 --- /dev/null +++ b/vendor/openssl/crypto/include/internal/lhash.h @@ -0,0 +1,15 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef INTERNAL_LHASH_H +# define INTERNAL_LHASH_H + +unsigned long openssl_lh_strcasehash(const char *); + +#endif diff --git a/vendor/openssl/crypto/include/internal/x509_int.h b/vendor/openssl/crypto/include/internal/x509_int.h index 2845026dd..eb4399770 100644 --- a/vendor/openssl/crypto/include/internal/x509_int.h +++ b/vendor/openssl/crypto/include/internal/x509_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -166,6 +166,7 @@ struct x509_st { unsigned char sha1_hash[SHA_DIGEST_LENGTH]; X509_CERT_AUX *aux; CRYPTO_RWLOCK *lock; + volatile int ex_cached; } /* X509 */ ; /* diff --git a/vendor/openssl/crypto/init.c b/vendor/openssl/crypto/init.c index 647cfb6c6..2ad946c5b 100644 --- a/vendor/openssl/crypto/init.c +++ b/vendor/openssl/crypto/init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,11 +27,28 @@ static int stopped = 0; -static void ossl_init_thread_stop(struct thread_local_inits_st *locals); +/* + * Since per-thread-specific-data destructors are not universally + * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key + * is assumed to have destructor associated. And then an effort is made + * to call this single destructor on non-pthread platform[s]. + * + * Initial value is "impossible". It is used as guard value to shortcut + * destructor for threads terminating before libcrypto is initialized or + * after it's de-initialized. Access to the key doesn't have to be + * serialized for the said threads, because they didn't use libcrypto + * and it doesn't matter if they pick "impossible" or derefernce real + * key value and pull NULL past initialization in the first thread that + * intends to use libcrypto. + */ +static union { + long sane; + CRYPTO_THREAD_LOCAL value; +} destructor_key = { -1 }; -static CRYPTO_THREAD_LOCAL threadstopkey; +static void ossl_init_thread_stop(struct thread_local_inits_st *locals); -static void ossl_init_thread_stop_wrap(void *local) +static void ossl_init_thread_destructor(void *local) { ossl_init_thread_stop((struct thread_local_inits_st *)local); } @@ -39,14 +56,17 @@ static void ossl_init_thread_stop_wrap(void *local) static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc) { struct thread_local_inits_st *local = - CRYPTO_THREAD_get_local(&threadstopkey); - - if (local == NULL && alloc) { - local = OPENSSL_zalloc(sizeof *local); - CRYPTO_THREAD_set_local(&threadstopkey, local); - } - if (!alloc) { - CRYPTO_THREAD_set_local(&threadstopkey, NULL); + CRYPTO_THREAD_get_local(&destructor_key.value); + + if (alloc) { + if (local == NULL + && (local = OPENSSL_zalloc(sizeof(*local))) != NULL + && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) { + OPENSSL_free(local); + return NULL; + } + } else { + CRYPTO_THREAD_set_local(&destructor_key.value, NULL); } return local; @@ -65,29 +85,42 @@ static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; static int base_inited = 0; DEFINE_RUN_ONCE_STATIC(ossl_init_base) { + CRYPTO_THREAD_LOCAL key; + #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); #endif - /* - * We use a dummy thread local key here. We use the destructor to detect - * when the thread is going to stop (where that feature is available) - */ - CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap); + if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor)) + return 0; + if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) + goto err; #ifndef OPENSSL_SYS_UEFI - atexit(OPENSSL_cleanup); + if (atexit(OPENSSL_cleanup) != 0) + goto err; #endif - if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) - return 0; OPENSSL_cpuid_setup(); - /* - * BIG FAT WARNING! - * Everything needed to be initialized in this function before threads - * come along MUST happen before base_inited is set to 1, or we will - * see race conditions. - */ + destructor_key.value = key; base_inited = 1; + return 1; + +err: +#ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n"); +#endif + CRYPTO_THREAD_lock_free(init_lock); + init_lock = NULL; + + CRYPTO_THREAD_cleanup_local(&key); + return 0; +} +static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT; +DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) +{ +#ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n"); +#endif #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE) # ifdef DSO_WIN32 { @@ -99,6 +132,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) | GET_MODULE_HANDLE_EX_FLAG_PIN, (void *)&base_inited, &handle); +# ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n", + (ret == TRUE ? "No!" : "Yes.")); +# endif return (ret == TRUE) ? 1 : 0; } # else @@ -107,12 +144,24 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) * to remain loaded until the atexit() handler is run at process exit. */ { - DSO *dso = NULL; + DSO *dso; + void *err; + + if (!err_shelve_state(&err)) + return 0; - ERR_set_mark(); dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE); +# ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n", + (dso == NULL ? "No!" : "Yes.")); + /* + * In case of No!, it is uncertain our exit()-handlers can still be + * called. After dlclose() the whole library might have been unloaded + * already. + */ +# endif DSO_free(dso); - ERR_pop_to_mark(); + err_unshelve_state(err); } # endif #endif @@ -332,9 +381,9 @@ static void ossl_init_thread_stop(struct thread_local_inits_st *locals) if (locals->async) { #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " - "ASYNC_cleanup_thread()\n"); + "async_delete_thread_state()\n"); #endif - ASYNC_cleanup_thread(); + async_delete_thread_state(); } if (locals->err_state) { @@ -350,13 +399,18 @@ static void ossl_init_thread_stop(struct thread_local_inits_st *locals) void OPENSSL_thread_stop(void) { - ossl_init_thread_stop( - (struct thread_local_inits_st *)ossl_init_get_thread_local(0)); + if (destructor_key.sane != -1) + ossl_init_thread_stop(ossl_init_get_thread_local(0)); } int ossl_init_thread_start(uint64_t opts) { - struct thread_local_inits_st *locals = ossl_init_get_thread_local(1); + struct thread_local_inits_st *locals; + + if (!OPENSSL_init_crypto(0, NULL)) + return 0; + + locals = ossl_init_get_thread_local(1); if (locals == NULL) return 0; @@ -383,6 +437,7 @@ int ossl_init_thread_start(uint64_t opts) void OPENSSL_cleanup(void) { OPENSSL_INIT_STOP *currhandler, *lasthandler; + CRYPTO_THREAD_LOCAL key; /* If we've not been inited then no need to deinit */ if (!base_inited) @@ -441,7 +496,9 @@ void OPENSSL_cleanup(void) err_free_strings_int(); } - CRYPTO_THREAD_cleanup_local(&threadstopkey); + key = destructor_key.value; + destructor_key.sane = -1; + CRYPTO_THREAD_cleanup_local(&key); #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " @@ -497,22 +554,18 @@ void OPENSSL_cleanup(void) */ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { - static int stoperrset = 0; - if (stopped) { - if (!stoperrset) { - /* - * We only ever set this once to avoid getting into an infinite - * loop where the error system keeps trying to init and fails so - * sets an error etc - */ - stoperrset = 1; + if (!(opts & OPENSSL_INIT_BASE_ONLY)) CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL); - } return 0; } - if (!base_inited && !RUN_ONCE(&base, ossl_init_base)) + if (!RUN_ONCE(&base, ossl_init_base)) + return 0; + + if (!(opts & OPENSSL_INIT_BASE_ONLY) + && !RUN_ONCE(&load_crypto_nodelete, + ossl_init_load_crypto_nodelete)) return 0; if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) @@ -642,13 +695,19 @@ int OPENSSL_atexit(void (*handler)(void)) * Deliberately leak a reference to the handler. This will force the * library/code containing the handler to remain loaded until we run the * atexit handler. If -znodelete has been used then this is - * unneccessary. + * unnecessary. */ { DSO *dso = NULL; ERR_set_mark(); dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); +# ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, + "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n", + (dso == NULL ? "No!" : "Yes.")); + /* See same code above in ossl_init_base() for an explanation. */ +# endif DSO_free(dso); ERR_pop_to_mark(); } diff --git a/vendor/openssl/crypto/kdf/hkdf.c b/vendor/openssl/crypto/kdf/hkdf.c index 00b95b5a8..0fb55e9c6 100644 --- a/vendor/openssl/crypto/kdf/hkdf.c +++ b/vendor/openssl/crypto/kdf/hkdf.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -234,6 +234,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md, unsigned char *okm, size_t okm_len) { HMAC_CTX *hmac; + unsigned char *ret = NULL; unsigned int i; @@ -283,11 +284,10 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md, done_len += copy_len; } - - HMAC_CTX_free(hmac); - return okm; + ret = okm; err: + OPENSSL_cleanse(prev, sizeof(prev)); HMAC_CTX_free(hmac); - return NULL; + return ret; } diff --git a/vendor/openssl/crypto/lhash/lh_stats.c b/vendor/openssl/crypto/lhash/lh_stats.c index 733783242..5586afa0d 100644 --- a/vendor/openssl/crypto/lhash/lh_stats.c +++ b/vendor/openssl/crypto/lhash/lh_stats.c @@ -61,6 +61,9 @@ void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp) void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) { + OPENSSL_LHASH *lh_mut = (OPENSSL_LHASH *) lh; + int ret; + BIO_printf(out, "num_items = %lu\n", lh->num_items); BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); @@ -69,15 +72,24 @@ void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) BIO_printf(out, "num_contracts = %lu\n", lh->num_contracts); BIO_printf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs); - BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); - BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); + CRYPTO_atomic_add(&lh_mut->num_hash_calls, 0, &ret, + lh->retrieve_stats_lock); + BIO_printf(out, "num_hash_calls = %d\n", ret); + CRYPTO_atomic_add(&lh_mut->num_comp_calls, 0, &ret, + lh->retrieve_stats_lock); + BIO_printf(out, "num_comp_calls = %d\n", ret); BIO_printf(out, "num_insert = %lu\n", lh->num_insert); BIO_printf(out, "num_replace = %lu\n", lh->num_replace); BIO_printf(out, "num_delete = %lu\n", lh->num_delete); BIO_printf(out, "num_no_delete = %lu\n", lh->num_no_delete); - BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); - BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); - BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); + CRYPTO_atomic_add(&lh_mut->num_retrieve, 0, &ret, lh->retrieve_stats_lock); + BIO_printf(out, "num_retrieve = %d\n", ret); + CRYPTO_atomic_add(&lh_mut->num_retrieve_miss, 0, &ret, + lh->retrieve_stats_lock); + BIO_printf(out, "num_retrieve_miss = %d\n", ret); + CRYPTO_atomic_add(&lh_mut->num_hash_comps, 0, &ret, + lh->retrieve_stats_lock); + BIO_printf(out, "num_hash_comps = %d\n", ret); } void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out) diff --git a/vendor/openssl/crypto/lhash/lhash.c b/vendor/openssl/crypto/lhash/lhash.c index adde832cc..ea83bf900 100644 --- a/vendor/openssl/crypto/lhash/lhash.c +++ b/vendor/openssl/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,8 +12,27 @@ #include #include #include +#include +#include "internal/lhash.h" #include "lhash_lcl.h" +/* + * A hashing implementation that appears to be based on the linear hashing + * algorithm: + * https://en.wikipedia.org/wiki/Linear_hashing + * + * Litwin, Witold (1980), "Linear hashing: A new tool for file and table + * addressing", Proc. 6th Conference on Very Large Databases: 212-223 + * http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf + * + * From the wikipedia article "Linear hashing is used in the BDB Berkeley + * database system, which in turn is used by many software systems such as + * OpenLDAP, using a C implementation derived from the CACM article and first + * published on the Usenet in 1988 by Esmond Pitt." + * + * The CACM paper is available here: + * https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf + */ #undef MIN_NODES #define MIN_NODES 16 @@ -29,9 +48,11 @@ OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c) OPENSSL_LHASH *ret; if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) - goto err0; + return NULL; if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL) - goto err1; + goto err; + if ((ret->retrieve_stats_lock = CRYPTO_THREAD_lock_new()) == NULL) + goto err; ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c); ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h); ret->num_nodes = MIN_NODES / 2; @@ -41,10 +62,10 @@ OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c) ret->down_load = DOWN_LOAD; return (ret); - err1: +err: + OPENSSL_free(ret->b); OPENSSL_free(ret); - err0: - return (NULL); + return NULL; } void OPENSSL_LH_free(OPENSSL_LHASH *lh) @@ -63,6 +84,7 @@ void OPENSSL_LH_free(OPENSSL_LHASH *lh) n = nn; } } + CRYPTO_THREAD_lock_free(lh->retrieve_stats_lock); OPENSSL_free(lh->b); OPENSSL_free(lh); } @@ -133,18 +155,19 @@ void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data) unsigned long hash; OPENSSL_LH_NODE **rn; void *ret; + int scratch; lh->error = 0; rn = getrn(lh, data, &hash); if (*rn == NULL) { - lh->num_retrieve_miss++; - return (NULL); + CRYPTO_atomic_add(&lh->num_retrieve_miss, 1, &scratch, lh->retrieve_stats_lock); + return NULL; } else { ret = (*rn)->data; - lh->num_retrieve++; + CRYPTO_atomic_add(&lh->num_retrieve, 1, &scratch, lh->retrieve_stats_lock); } - return (ret); + return ret; } static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg, @@ -187,16 +210,34 @@ void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void static int expand(OPENSSL_LHASH *lh) { OPENSSL_LH_NODE **n, **n1, **n2, *np; - unsigned int p, i, j; - unsigned long hash, nni; + unsigned int p, pmax, nni, j; + unsigned long hash; + + nni = lh->num_alloc_nodes; + p = lh->p; + pmax = lh->pmax; + if (p + 1 >= pmax) { + j = nni * 2; + n = OPENSSL_realloc(lh->b, sizeof(OPENSSL_LH_NODE *) * j); + if (n == NULL) { + lh->error++; + return 0; + } + lh->b = n; + memset(n + nni, 0, sizeof(*n) * (j - nni)); + lh->pmax = nni; + lh->num_alloc_nodes = j; + lh->num_expand_reallocs++; + lh->p = 0; + } else { + lh->p++; + } lh->num_nodes++; lh->num_expands++; - p = (int)lh->p++; n1 = &(lh->b[p]); - n2 = &(lh->b[p + (int)lh->pmax]); + n2 = &(lh->b[p + pmax]); *n2 = NULL; - nni = lh->num_alloc_nodes; for (np = *n1; np != NULL;) { hash = np->hash; @@ -209,23 +250,6 @@ static int expand(OPENSSL_LHASH *lh) np = *n1; } - if ((lh->p) >= lh->pmax) { - j = (int)lh->num_alloc_nodes * 2; - n = OPENSSL_realloc(lh->b, (int)(sizeof(OPENSSL_LH_NODE *) * j)); - if (n == NULL) { - lh->error++; - lh->num_nodes--; - lh->p = 0; - return 0; - } - for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */ - n[i] = NULL; /* 02/03/92 eay */ - lh->pmax = lh->num_alloc_nodes; - lh->num_alloc_nodes = j; - lh->num_expand_reallocs++; - lh->p = 0; - lh->b = n; - } return 1; } @@ -270,9 +294,10 @@ static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, OPENSSL_LH_NODE **ret, *n1; unsigned long hash, nn; OPENSSL_LH_COMPFUNC cf; + int scratch; hash = (*(lh->hash)) (data); - lh->num_hash_calls++; + CRYPTO_atomic_add(&lh->num_hash_calls, 1, &scratch, lh->retrieve_stats_lock); *rhash = hash; nn = hash % lh->pmax; @@ -282,12 +307,12 @@ static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, cf = lh->comp; ret = &(lh->b[(int)nn]); for (n1 = *ret; n1 != NULL; n1 = n1->next) { - lh->num_hash_comps++; + CRYPTO_atomic_add(&lh->num_hash_comps, 1, &scratch, lh->retrieve_stats_lock); if (n1->hash != hash) { ret = &(n1->next); continue; } - lh->num_comp_calls++; + CRYPTO_atomic_add(&lh->num_comp_calls, 1, &scratch, lh->retrieve_stats_lock); if (cf(n1->data, data) == 0) break; ret = &(n1->next); @@ -328,6 +353,27 @@ unsigned long OPENSSL_LH_strhash(const char *c) return ((ret >> 16) ^ ret); } +unsigned long openssl_lh_strcasehash(const char *c) +{ + unsigned long ret = 0; + long n; + unsigned long v; + int r; + + if (c == NULL || *c == '\0') + return ret; + + for (n = 0x100; *c != '\0'; n += 0x100) { + v = n | tolower(*c); + r = (int)((v >> 2) ^ v) & 0x0f; + ret = (ret << r) | (ret >> (32 - r)); + ret &= 0xFFFFFFFFL; + ret ^= v * v; + c++; + } + return (ret >> 16) ^ ret; +} + unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh) { return lh ? lh->num_items : 0; diff --git a/vendor/openssl/crypto/lhash/lhash_lcl.h b/vendor/openssl/crypto/lhash/lhash_lcl.h index eb4a1a3f6..01d463fb3 100644 --- a/vendor/openssl/crypto/lhash/lhash_lcl.h +++ b/vendor/openssl/crypto/lhash/lhash_lcl.h @@ -6,7 +6,7 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ - +#include struct lhash_node_st { void *data; @@ -18,6 +18,13 @@ struct lhash_st { OPENSSL_LH_NODE **b; OPENSSL_LH_COMPFUNC comp; OPENSSL_LH_HASHFUNC hash; + /* + * some stats are updated on lookup, which callers aren't expecting to have + * to take an exclusive lock around. This lock protects them on platforms + * without atomics, and their types are int rather than unsigned long below + * so they can be adjusted with CRYPTO_atomic_add. + */ + CRYPTO_RWLOCK *retrieve_stats_lock; unsigned int num_nodes; unsigned int num_alloc_nodes; unsigned int p; @@ -29,14 +36,14 @@ struct lhash_st { unsigned long num_expand_reallocs; unsigned long num_contracts; unsigned long num_contract_reallocs; - unsigned long num_hash_calls; - unsigned long num_comp_calls; + int num_hash_calls; + int num_comp_calls; unsigned long num_insert; unsigned long num_replace; unsigned long num_delete; unsigned long num_no_delete; - unsigned long num_retrieve; - unsigned long num_retrieve_miss; - unsigned long num_hash_comps; + int num_retrieve; + int num_retrieve_miss; + int num_hash_comps; int error; }; diff --git a/vendor/openssl/crypto/mem.c b/vendor/openssl/crypto/mem.c index bc35132fc..72b04c821 100644 --- a/vendor/openssl/crypto/mem.c +++ b/vendor/openssl/crypto/mem.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -78,7 +78,14 @@ void *CRYPTO_malloc(size_t num, const char *file, int line) if (num == 0) return NULL; - allow_customize = 0; + if (allow_customize) { + /* + * Disallow customization after the first allocation. We only set this + * if necessary to avoid a store to the same cache line on every + * allocation. + */ + allow_customize = 0; + } #ifndef OPENSSL_NO_CRYPTO_MDEBUG if (call_malloc_debug) { CRYPTO_mem_debug_malloc(NULL, num, 0, file, line); @@ -117,7 +124,6 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) return NULL; } - allow_customize = 0; #ifndef OPENSSL_NO_CRYPTO_MDEBUG if (call_malloc_debug) { void *ret; diff --git a/vendor/openssl/crypto/mem_dbg.c b/vendor/openssl/crypto/mem_dbg.c index dc3f8ff57..c884078e7 100644 --- a/vendor/openssl/crypto/mem_dbg.c +++ b/vendor/openssl/crypto/mem_dbg.c @@ -466,7 +466,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l) } tid; CRYPTO_THREAD_ID ti; -#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) +#define BUF_REMAIN (sizeof(buf) - (size_t)(bufp - buf)) lcl = localtime(&m->time); BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", @@ -505,7 +505,7 @@ static void print_leak(const MEM *m, MEM_LEAK *l) memset(buf, '>', ami_cnt); tid.ltid = 0; tid.tid = amip->threadid; - BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, + BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt, " thread=%lu, file=%s, line=%d, info=\"", tid.ltid, amip->file, amip->line); @@ -515,10 +515,10 @@ static void print_leak(const MEM *m, MEM_LEAK *l) memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); buf_len = 128 - 3; } else { - OPENSSL_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); + OPENSSL_strlcpy(buf + buf_len, amip->info, sizeof(buf) - buf_len); buf_len = strlen(buf); } - BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); + BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n"); BIO_puts(l->bio, buf); diff --git a/vendor/openssl/crypto/mem_sec.c b/vendor/openssl/crypto/mem_sec.c index 664b4ad1b..1ccf68cc9 100644 --- a/vendor/openssl/crypto/mem_sec.c +++ b/vendor/openssl/crypto/mem_sec.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,11 @@ #include -#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) +/* e_os.h includes unistd.h, which defines _POSIX_VERSION */ +#if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \ + && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \ + || defined(__sun) || defined(__hpux) || defined(__sgi) \ + || defined(__osf__) ) # define IMPLEMENTED # include # include @@ -40,6 +44,9 @@ #ifndef PAGE_SIZE # define PAGE_SIZE 4096 #endif +#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) +# define MAP_ANON MAP_ANONYMOUS +#endif #ifdef IMPLEMENTED static size_t secure_mem_used; @@ -127,11 +134,12 @@ void *CRYPTO_secure_malloc(size_t num, const char *file, int line) void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) { - void *ret = CRYPTO_secure_malloc(num, file, line); - - if (ret != NULL) - memset(ret, 0, num); - return ret; +#ifdef IMPLEMENTED + if (secure_mem_initialized) + /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */ + return CRYPTO_secure_malloc(num, file, line); +#endif + return CRYPTO_zalloc(num, file, line); } void CRYPTO_secure_free(void *ptr, const char *file, int line) @@ -156,6 +164,33 @@ void CRYPTO_secure_free(void *ptr, const char *file, int line) #endif /* IMPLEMENTED */ } +void CRYPTO_secure_clear_free(void *ptr, size_t num, + const char *file, int line) +{ +#ifdef IMPLEMENTED + size_t actual_size; + + if (ptr == NULL) + return; + if (!CRYPTO_secure_allocated(ptr)) { + OPENSSL_cleanse(ptr, num); + CRYPTO_free(ptr, file, line); + return; + } + CRYPTO_THREAD_write_lock(sec_malloc_lock); + actual_size = sh_actual_size(ptr); + CLEAR(ptr, actual_size); + secure_mem_used -= actual_size; + sh_free(ptr); + CRYPTO_THREAD_unlock(sec_malloc_lock); +#else + if (ptr == NULL) + return; + OPENSSL_cleanse(ptr, num); + CRYPTO_free(ptr, file, line); +#endif /* IMPLEMENTED */ +} + int CRYPTO_secure_allocated(const void *ptr) { #ifdef IMPLEMENTED @@ -346,7 +381,7 @@ static int sh_init(size_t size, int minsize) size_t pgsize; size_t aligned; - memset(&sh, 0, sizeof sh); + memset(&sh, 0, sizeof(sh)); /* make sure size and minsize are powers of 2 */ OPENSSL_assert(size > 0); @@ -373,7 +408,7 @@ static int sh_init(size_t size, int minsize) for (i = sh.bittable_size; i; i >>= 1) sh.freelist_size++; - sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof (char *)); + sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *)); OPENSSL_assert(sh.freelist != NULL); if (sh.freelist == NULL) goto err; @@ -459,7 +494,7 @@ static void sh_done() OPENSSL_free(sh.bitmalloc); if (sh.map_result != NULL && sh.map_size) munmap(sh.map_result, sh.map_size); - memset(&sh, 0, sizeof sh); + memset(&sh, 0, sizeof(sh)); } static int sh_allocated(const char *ptr) @@ -540,6 +575,9 @@ static char *sh_malloc(size_t size) OPENSSL_assert(WITHIN_ARENA(chunk)); + /* zero the free list header as a precaution against information leakage */ + memset(chunk, 0, sizeof(SH_LIST)); + return chunk; } @@ -572,6 +610,8 @@ static void sh_free(char *ptr) list--; + /* Zero the higher addressed block's free list pointers */ + memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST)); if (ptr > buddy) ptr = buddy; diff --git a/vendor/openssl/crypto/modes/asm/ghash-armv4.pl b/vendor/openssl/crypto/modes/asm/ghash-armv4.pl index 7d880c94a..1cf14a6c9 100644 --- a/vendor/openssl/crypto/modes/asm/ghash-armv4.pl +++ b/vendor/openssl/crypto/modes/asm/ghash-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -145,6 +145,8 @@ () .text #if defined(__thumb2__) || defined(__clang__) .syntax unified +#define ldrplb ldrbpl +#define ldrneb ldrbne #endif #if defined(__thumb2__) .thumb @@ -152,11 +154,6 @@ () .code 32 #endif -#ifdef __clang__ -#define ldrplb ldrbpl -#define ldrneb ldrbne -#endif - .type rem_4bit,%object .align 5 rem_4bit: diff --git a/vendor/openssl/crypto/modes/asm/ghash-s390x.pl b/vendor/openssl/crypto/modes/asm/ghash-s390x.pl index 65ffaf98b..6e628d882 100644 --- a/vendor/openssl/crypto/modes/asm/ghash-s390x.pl +++ b/vendor/openssl/crypto/modes/asm/ghash-s390x.pl @@ -88,9 +88,6 @@ ___ $code.=<<___ if(!$softonly && 0); # hardware is slow for single block... larl %r1,OPENSSL_s390xcap_P - lg %r0,0(%r1) - tmhl %r0,0x4000 # check for message-security-assist - jz .Lsoft_gmult lghi %r0,0 lg %r1,24(%r1) # load second word of kimd capabilities vector tmhh %r1,0x4000 # check for function 65 @@ -126,14 +123,8 @@ ___ $code.=<<___ if(!$softonly); larl %r1,OPENSSL_s390xcap_P - lg %r0,0(%r1) - tmhl %r0,0x4000 # check for message-security-assist - jz .Lsoft_ghash - lghi %r0,0 - la %r1,16($sp) - .long 0xb93e0004 # kimd %r0,%r4 - lg %r1,24($sp) - tmhh %r1,0x4000 # check for function 65 + lg %r0,24(%r1) # load second word of kimd capabilities vector + tmhh %r0,0x4000 # check for function 65 jz .Lsoft_ghash lghi %r0,65 # function 65 la %r1,0($Xi) # H lies right after Xi in gcm128_context diff --git a/vendor/openssl/crypto/modes/asm/ghashv8-armx.pl b/vendor/openssl/crypto/modes/asm/ghashv8-armx.pl index dcd5f595d..e13c70901 100644 --- a/vendor/openssl/crypto/modes/asm/ghashv8-armx.pl +++ b/vendor/openssl/crypto/modes/asm/ghashv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -64,6 +64,7 @@ $code=<<___; #include "arm_arch.h" +#if __ARM_MAX_ARCH__>=7 .text ___ $code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); @@ -351,6 +352,7 @@ $code.=<<___; .asciz "GHASH for ARMv8, CRYPTOGAMS by " .align 2 +#endif ___ if ($flavour =~ /64/) { ######## 64-bit code diff --git a/vendor/openssl/crypto/modes/gcm128.c b/vendor/openssl/crypto/modes/gcm128.c index df9f65476..a2b05c4d6 100644 --- a/vendor/openssl/crypto/modes/gcm128.c +++ b/vendor/openssl/crypto/modes/gcm128.c @@ -747,8 +747,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) # endif # if defined(GHASH_ASM_X86_OR_64) # if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2) - if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */ - OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */ + if (OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */ if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */ gcm_init_avx(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_avx; diff --git a/vendor/openssl/crypto/modes/modes_lcl.h b/vendor/openssl/crypto/modes/modes_lcl.h index 7a1603bf9..4fc32e190 100644 --- a/vendor/openssl/crypto/modes/modes_lcl.h +++ b/vendor/openssl/crypto/modes/modes_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -174,12 +174,13 @@ struct ocb128_context { OCB_BLOCK l_dollar; OCB_BLOCK *l; /* Must be reset for each session */ - u64 blocks_hashed; - u64 blocks_processed; - OCB_BLOCK tag; - OCB_BLOCK offset_aad; - OCB_BLOCK sum; - OCB_BLOCK offset; - OCB_BLOCK checksum; + struct { + u64 blocks_hashed; + u64 blocks_processed; + OCB_BLOCK offset_aad; + OCB_BLOCK sum; + OCB_BLOCK offset; + OCB_BLOCK checksum; + } sess; }; #endif /* OPENSSL_NO_OCB */ diff --git a/vendor/openssl/crypto/modes/ocb128.c b/vendor/openssl/crypto/modes/ocb128.c index f6f8da7ab..fc92b246b 100644 --- a/vendor/openssl/crypto/modes/ocb128.c +++ b/vendor/openssl/crypto/modes/ocb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -236,6 +236,9 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, return -1; } + /* Reset nonce-dependent variables */ + memset(&ctx->sess, 0, sizeof(ctx->sess)); + /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */ nonce[0] = ((taglen * 8) % 128) << 1; memset(nonce + 1, 0, 15); @@ -256,10 +259,10 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, /* Offset_0 = Stretch[1+bottom..128+bottom] */ shift = bottom % 8; - ocb_block_lshift(stretch + (bottom / 8), shift, ctx->offset.c); + ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c); mask = 0xff; mask <<= 8 - shift; - ctx->offset.c[15] |= + ctx->sess.offset.c[15] |= (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift); return 1; @@ -274,29 +277,29 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, { u64 i, all_num_blocks; size_t num_blocks, last_len; - OCB_BLOCK tmp1; - OCB_BLOCK tmp2; + OCB_BLOCK tmp; /* Calculate the number of blocks of AAD provided now, and so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_hashed; + all_num_blocks = num_blocks + ctx->sess.blocks_hashed; /* Loop through all full blocks of AAD */ - for (i = ctx->blocks_hashed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_hashed + 1; i <= all_num_blocks; i++) { OCB_BLOCK *lookup; - OCB_BLOCK *aad_block; /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset_aad, lookup, &ctx->offset_aad); + ocb_block16_xor(&ctx->sess.offset_aad, lookup, &ctx->sess.offset_aad); + + memcpy(tmp.c, aad, 16); + aad += 16; /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ - aad_block = (OCB_BLOCK *)(aad + ((i - ctx->blocks_hashed - 1) * 16)); - ocb_block16_xor_misaligned(&ctx->offset_aad, aad_block, &tmp1); - ctx->encrypt(tmp1.c, tmp2.c, ctx->keyenc); - ocb_block16_xor(&ctx->sum, &tmp2, &ctx->sum); + ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp); + ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); + ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum); } /* @@ -307,20 +310,21 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, if (last_len > 0) { /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset_aad, &ctx->l_star, &ctx->offset_aad); + ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star, + &ctx->sess.offset_aad); /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ - memset(&tmp1, 0, 16); - memcpy(&tmp1, aad + (num_blocks * 16), last_len); - ((unsigned char *)&tmp1)[last_len] = 0x80; - ocb_block16_xor(&ctx->offset_aad, &tmp1, &tmp2); + memset(tmp.c, 0, 16); + memcpy(tmp.c, aad, last_len); + tmp.c[last_len] = 0x80; + ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp); /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ - ctx->encrypt(tmp2.c, tmp1.c, ctx->keyenc); - ocb_block16_xor(&ctx->sum, &tmp1, &ctx->sum); + ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); + ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum); } - ctx->blocks_hashed = all_num_blocks; + ctx->sess.blocks_hashed = all_num_blocks; return 1; } @@ -335,16 +339,13 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, { u64 i, all_num_blocks; size_t num_blocks, last_len; - OCB_BLOCK tmp1; - OCB_BLOCK tmp2; - OCB_BLOCK pad; /* * Calculate the number of blocks of data to be encrypted provided now, and * so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_processed; + all_num_blocks = num_blocks + ctx->sess.blocks_processed; if (num_blocks && all_num_blocks == (size_t)all_num_blocks && ctx->stream != NULL) { @@ -360,31 +361,33 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, return 0; ctx->stream(in, out, num_blocks, ctx->keyenc, - (size_t)ctx->blocks_processed + 1, ctx->offset.c, - (const unsigned char (*)[16])ctx->l, ctx->checksum.c); + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); } else { /* Loop through all full blocks to be encrypted */ - for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { OCB_BLOCK *lookup; - OCB_BLOCK *inblock; - OCB_BLOCK *outblock; + OCB_BLOCK tmp; /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset); + + memcpy(tmp.c, in, 16); + in += 16; - /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ - inblock = - (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16)); - ocb_block16_xor_misaligned(&ctx->offset, inblock, &tmp1); /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor_misaligned(&ctx->checksum, inblock, &ctx->checksum); - ctx->encrypt(tmp1.c, tmp2.c, ctx->keyenc); - outblock = - (OCB_BLOCK *)(out + ((i - ctx->blocks_processed - 1) * 16)); - ocb_block16_xor_misaligned(&ctx->offset, &tmp2, outblock); + ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum); + + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); + ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); + + memcpy(out, tmp.c, 16); + out += 16; } } @@ -395,24 +398,25 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, last_len = len % 16; if (last_len > 0) { + OCB_BLOCK pad; + /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset); /* Pad = ENCIPHER(K, Offset_*) */ - ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); + ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc); /* C_* = P_* xor Pad[1..bitlen(P_*)] */ - ocb_block_xor(in + (len / 16) * 16, (unsigned char *)&pad, last_len, - out + (num_blocks * 16)); + ocb_block_xor(in, pad.c, last_len, out); /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - memset(&tmp1, 0, 16); - memcpy(&tmp1, in + (len / 16) * 16, last_len); - ((unsigned char *)(&tmp1))[last_len] = 0x80; - ocb_block16_xor(&ctx->checksum, &tmp1, &ctx->checksum); + memset(pad.c, 0, 16); /* borrow pad */ + memcpy(pad.c, in, last_len); + pad.c[last_len] = 0x80; + ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); } - ctx->blocks_processed = all_num_blocks; + ctx->sess.blocks_processed = all_num_blocks; return 1; } @@ -427,16 +431,13 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, { u64 i, all_num_blocks; size_t num_blocks, last_len; - OCB_BLOCK tmp1; - OCB_BLOCK tmp2; - OCB_BLOCK pad; /* * Calculate the number of blocks of data to be decrypted provided now, and * so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_processed; + all_num_blocks = num_blocks + ctx->sess.blocks_processed; if (num_blocks && all_num_blocks == (size_t)all_num_blocks && ctx->stream != NULL) { @@ -452,31 +453,33 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, return 0; ctx->stream(in, out, num_blocks, ctx->keydec, - (size_t)ctx->blocks_processed + 1, ctx->offset.c, - (const unsigned char (*)[16])ctx->l, ctx->checksum.c); + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); } else { + OCB_BLOCK tmp; + /* Loop through all full blocks to be decrypted */ - for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { - OCB_BLOCK *inblock; - OCB_BLOCK *outblock; + for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset); + + memcpy(tmp.c, in, 16); + in += 16; /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ - inblock = - (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16)); - ocb_block16_xor_misaligned(&ctx->offset, inblock, &tmp1); - ctx->decrypt(tmp1.c, tmp2.c, ctx->keydec); - outblock = - (OCB_BLOCK *)(out + ((i - ctx->blocks_processed - 1) * 16)); - ocb_block16_xor_misaligned(&ctx->offset, &tmp2, outblock); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); + ctx->decrypt(tmp.c, tmp.c, ctx->keydec); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor_misaligned(&ctx->checksum, outblock, &ctx->checksum); + ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum); + + memcpy(out, tmp.c, 16); + out += 16; } } @@ -487,53 +490,61 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, last_len = len % 16; if (last_len > 0) { + OCB_BLOCK pad; + /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset); /* Pad = ENCIPHER(K, Offset_*) */ - ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); + ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc); /* P_* = C_* xor Pad[1..bitlen(C_*)] */ - ocb_block_xor(in + (len / 16) * 16, (unsigned char *)&pad, last_len, - out + (num_blocks * 16)); + ocb_block_xor(in, pad.c, last_len, out); /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - memset(&tmp1, 0, 16); - memcpy(&tmp1, out + (len / 16) * 16, last_len); - ((unsigned char *)(&tmp1))[last_len] = 0x80; - ocb_block16_xor(&ctx->checksum, &tmp1, &ctx->checksum); + memset(pad.c, 0, 16); /* borrow pad */ + memcpy(pad.c, out, last_len); + pad.c[last_len] = 0x80; + ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); } - ctx->blocks_processed = all_num_blocks; + ctx->sess.blocks_processed = all_num_blocks; return 1; } -/* - * Calculate the tag and verify it against the supplied tag - */ -int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, - size_t len) +static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len, + int write) { - OCB_BLOCK tmp1, tmp2; + OCB_BLOCK tmp; + + if (len > 16 || len < 1) { + return -1; + } /* * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */ - ocb_block16_xor(&ctx->checksum, &ctx->offset, &tmp1); - ocb_block16_xor(&tmp1, &ctx->l_dollar, &tmp2); - ctx->encrypt(tmp2.c, tmp1.c, ctx->keyenc); - ocb_block16_xor(&tmp1, &ctx->sum, &ctx->tag); - - if (len > 16 || len < 1) { - return -1; + ocb_block16_xor(&ctx->sess.checksum, &ctx->sess.offset, &tmp); + ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp); + ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); + ocb_block16_xor(&tmp, &ctx->sess.sum, &tmp); + + if (write) { + memcpy(tag, &tmp, len); + return 1; + } else { + return CRYPTO_memcmp(&tmp, tag, len); } +} - /* Compare the tag if we've been given one */ - if (tag) - return CRYPTO_memcmp(&ctx->tag, tag, len); - else - return -1; +/* + * Calculate the tag and verify it against the supplied tag + */ +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len) +{ + return ocb_finish(ctx, (unsigned char*)tag, len, 0); } /* @@ -541,17 +552,7 @@ int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, */ int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len) { - if (len > 16 || len < 1) { - return -1; - } - - /* Calculate the tag */ - CRYPTO_ocb128_finish(ctx, NULL, 0); - - /* Copy the tag into the supplied buffer */ - memcpy(tag, &ctx->tag, len); - - return 1; + return ocb_finish(ctx, tag, len, 1); } /* diff --git a/vendor/openssl/crypto/o_fopen.c b/vendor/openssl/crypto/o_fopen.c index a3a006574..bfd5af115 100644 --- a/vendor/openssl/crypto/o_fopen.c +++ b/vendor/openssl/crypto/o_fopen.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,24 @@ * https://www.openssl.org/source/license.html */ +# if defined(__linux) || defined(__sun) || defined(__hpux) +/* + * Following definition aliases fopen to fopen64 on above mentioned + * platforms. This makes it possible to open and sequentially access files + * larger than 2GB from 32-bit application. It does not allow to traverse + * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit + * platform permits that, not with fseek/ftell. Not to mention that breaking + * 2GB limit for seeking would require surgery to *our* API. But sequential + * access suffices for practical cases when you can run into large files, + * such as fingerprinting, so we can let API alone. For reference, the list + * of 32-bit platforms which allow for sequential access of large files + * without extra "magic" comprise *BSD, Darwin, IRIX... + */ +# ifndef _FILE_OFFSET_BITS +# define _FILE_OFFSET_BITS 64 +# endif +# endif + #include "internal/cryptlib.h" #if !defined(OPENSSL_NO_STDIO) diff --git a/vendor/openssl/crypto/o_str.c b/vendor/openssl/crypto/o_str.c index d8516c27b..528655aa8 100644 --- a/vendor/openssl/crypto/o_str.c +++ b/vendor/openssl/crypto/o_str.c @@ -193,7 +193,7 @@ unsigned char *OPENSSL_hexstr2buf(const char *str, long *len) */ char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) { - const static char hexdig[] = "0123456789ABCDEF"; + static const char hexdig[] = "0123456789ABCDEF"; char *tmp, *q; const unsigned char *p; int i; diff --git a/vendor/openssl/crypto/o_time.c b/vendor/openssl/crypto/o_time.c index 369023250..6d764f55e 100644 --- a/vendor/openssl/crypto/o_time.c +++ b/vendor/openssl/crypto/o_time.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,7 +20,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) /* * On VMS, gmtime_r() takes a 32-bit pointer as second argument. * Since we can't know that |result| is in a space that can easily - * translate to a 32-bit pointer, we must store temporarly on stack + * translate to a 32-bit pointer, we must store temporarily on stack * and copy the result. The stack is always reachable with 32-bit * pointers. */ @@ -41,6 +41,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; +#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 + if (gmtime_s(result, timer)) + return NULL; + ts = result; #else ts = gmtime(timer); if (ts == NULL) diff --git a/vendor/openssl/crypto/objects/o_names.c b/vendor/openssl/crypto/objects/o_names.c index ed98df8c2..7fb0136c5 100644 --- a/vendor/openssl/crypto/objects/o_names.c +++ b/vendor/openssl/crypto/objects/o_names.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,26 +16,26 @@ #include #include #include +#include "internal/thread_once.h" +#include "internal/lhash.h" #include "obj_lcl.h" +#include "e_os.h" /* * We define this wrapper for two reasons. Firstly, later versions of * DEC C add linkage information to certain functions, which makes it * tricky to use them as values to regular function pointers. - * Secondly, in the EDK2 build environment, the strcmp function is - * actually an external function (AsciiStrCmp) with the Microsoft ABI, - * so we can't transparently assign function pointers to it. - * Arguably the latter is a stupidity of the UEFI environment, but - * since the wrapper solves the DEC C issue too, let's just use the - * same solution. + * Secondly, in the EDK2 build environment, the strcasecmp function is + * actually an external function with the Microsoft ABI, so we can't + * transparently assign function pointers to it. */ #if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI) -static int obj_strcmp(const char *a, const char *b) +static int obj_strcasecmp(const char *a, const char *b) { - return strcmp(a, b); + return strcasecmp(a, b); } #else -#define obj_strcmp strcmp +#define obj_strcasecmp strcasecmp #endif /* @@ -44,6 +44,7 @@ static int obj_strcmp(const char *a, const char *b) */ static LHASH_OF(OBJ_NAME) *names_lh = NULL; static int names_type_num = OBJ_NAME_TYPE_NUM; +static CRYPTO_RWLOCK *lock = NULL; struct name_funcs_st { unsigned long (*hash_func) (const char *name); @@ -62,23 +63,33 @@ static STACK_OF(NAME_FUNCS) *name_funcs_stack; static unsigned long obj_name_hash(const OBJ_NAME *a); static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b); -int OBJ_NAME_init(void) +static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT; +DEFINE_RUN_ONCE_STATIC(o_names_init) { - if (names_lh != NULL) - return (1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); + lock = CRYPTO_THREAD_lock_new(); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); - return (names_lh != NULL); + return names_lh != NULL && lock != NULL; +} + +int OBJ_NAME_init(void) +{ + return RUN_ONCE(&init, o_names_init); } int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), int (*cmp_func) (const char *, const char *), void (*free_func) (const char *, int, const char *)) { - int ret, i, push; + int ret = 0, i, push; NAME_FUNCS *name_funcs; + if (!OBJ_NAME_init()) + return 0; + + CRYPTO_THREAD_write_lock(lock); + if (name_funcs_stack == NULL) { CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); name_funcs_stack = sk_NAME_FUNCS_new_null(); @@ -86,7 +97,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), } if (name_funcs_stack == NULL) { /* ERROR */ - return (0); + goto out; } ret = names_type_num; names_type_num++; @@ -96,10 +107,11 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); if (name_funcs == NULL) { OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); - return (0); + ret = 0; + goto out; } - name_funcs->hash_func = OPENSSL_LH_strhash; - name_funcs->cmp_func = obj_strcmp; + name_funcs->hash_func = openssl_lh_strcasehash; + name_funcs->cmp_func = obj_strcasecmp; CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); @@ -108,7 +120,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), if (!push) { OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); OPENSSL_free(name_funcs); - return 0; + ret = 0; + goto out; } } name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); @@ -118,7 +131,10 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), name_funcs->cmp_func = cmp_func; if (free_func != NULL) name_funcs->free_func = free_func; - return (ret); + +out: + CRYPTO_THREAD_unlock(lock); + return ret; } static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b) @@ -132,9 +148,9 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b) ret = sk_NAME_FUNCS_value(name_funcs_stack, a->type)->cmp_func(a->name, b->name); } else - ret = strcmp(a->name, b->name); + ret = strcasecmp(a->name, b->name); } - return (ret); + return ret; } static unsigned long obj_name_hash(const OBJ_NAME *a) @@ -147,21 +163,23 @@ static unsigned long obj_name_hash(const OBJ_NAME *a) sk_NAME_FUNCS_value(name_funcs_stack, a->type)->hash_func(a->name); } else { - ret = OPENSSL_LH_strhash(a->name); + ret = openssl_lh_strcasehash(a->name); } ret ^= a->type; - return (ret); + return ret; } const char *OBJ_NAME_get(const char *name, int type) { OBJ_NAME on, *ret; int num = 0, alias; + const char *value = NULL; if (name == NULL) - return (NULL); - if ((names_lh == NULL) && !OBJ_NAME_init()) - return (NULL); + return NULL; + if (!OBJ_NAME_init()) + return NULL; + CRYPTO_THREAD_read_lock(lock); alias = type & OBJ_NAME_ALIAS; type &= ~OBJ_NAME_ALIAS; @@ -172,24 +190,28 @@ const char *OBJ_NAME_get(const char *name, int type) for (;;) { ret = lh_OBJ_NAME_retrieve(names_lh, &on); if (ret == NULL) - return (NULL); + break; if ((ret->alias) && !alias) { if (++num > 10) - return (NULL); + break; on.name = ret->data; } else { - return (ret->data); + value = ret->data; + break; } } + + CRYPTO_THREAD_unlock(lock); + return value; } int OBJ_NAME_add(const char *name, int type, const char *data) { OBJ_NAME *onp, *ret; - int alias; + int alias, ok = 0; - if ((names_lh == NULL) && !OBJ_NAME_init()) - return (0); + if (!OBJ_NAME_init()) + return 0; alias = type & OBJ_NAME_ALIAS; type &= ~OBJ_NAME_ALIAS; @@ -197,7 +219,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) onp = OPENSSL_malloc(sizeof(*onp)); if (onp == NULL) { /* ERROR */ - return 0; + goto unlock; } onp->name = name; @@ -205,6 +227,8 @@ int OBJ_NAME_add(const char *name, int type, const char *data) onp->type = type; onp->data = data; + CRYPTO_THREAD_write_lock(lock); + ret = lh_OBJ_NAME_insert(names_lh, onp); if (ret != NULL) { /* free things */ @@ -223,18 +247,26 @@ int OBJ_NAME_add(const char *name, int type, const char *data) if (lh_OBJ_NAME_error(names_lh)) { /* ERROR */ OPENSSL_free(onp); - return 0; + goto unlock; } } - return 1; + + ok = 1; + +unlock: + CRYPTO_THREAD_unlock(lock); + return ok; } int OBJ_NAME_remove(const char *name, int type) { OBJ_NAME on, *ret; + int ok = 0; - if (names_lh == NULL) - return (0); + if (!OBJ_NAME_init()) + return 0; + + CRYPTO_THREAD_write_lock(lock); type &= ~OBJ_NAME_ALIAS; on.name = name; @@ -253,9 +285,11 @@ int OBJ_NAME_remove(const char *name, int type) ret->data); } OPENSSL_free(ret); - return (1); - } else - return (0); + ok = 1; + } + + CRYPTO_THREAD_unlock(lock); + return ok; } typedef struct { @@ -363,8 +397,10 @@ void OBJ_NAME_cleanup(int type) if (type < 0) { lh_OBJ_NAME_free(names_lh); sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free); + CRYPTO_THREAD_lock_free(lock); names_lh = NULL; name_funcs_stack = NULL; + lock = NULL; } else lh_OBJ_NAME_set_down_load(names_lh, down_load); } diff --git a/vendor/openssl/crypto/objects/obj_dat.c b/vendor/openssl/crypto/objects/obj_dat.c index 9f3741778..21a1f05be 100644 --- a/vendor/openssl/crypto/objects/obj_dat.c +++ b/vendor/openssl/crypto/objects/obj_dat.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -213,8 +213,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj) err: for (i = ADDED_DATA; i <= ADDED_NID; i++) OPENSSL_free(ao[i]); - OPENSSL_free(o); - return (NID_undef); + ASN1_OBJECT_free(o); + return NID_undef; } ASN1_OBJECT *OBJ_nid2obj(int n) @@ -500,7 +500,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) n += i; OPENSSL_free(bndec); } else { - BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l); + BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l); i = strlen(tbuf); if (buf && (buf_len > 0)) { OPENSSL_strlcpy(buf, tbuf, buf_len); @@ -632,6 +632,10 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, return (p); } +/* + * Parse a BIO sink to create some extra oid's objects. + * Line format: + */ int OBJ_create_objects(BIO *in) { char buf[512]; @@ -653,9 +657,9 @@ int OBJ_create_objects(BIO *in) *(s++) = '\0'; while (isspace((unsigned char)*s)) s++; - if (*s == '\0') + if (*s == '\0') { s = NULL; - else { + } else { l = s; while ((*l != '\0') && !isspace((unsigned char)*l)) l++; @@ -663,15 +667,18 @@ int OBJ_create_objects(BIO *in) *(l++) = '\0'; while (isspace((unsigned char)*l)) l++; - if (*l == '\0') + if (*l == '\0') { l = NULL; - } else + } + } else { l = NULL; + } } - } else + } else { s = NULL; - if ((o == NULL) || (*o == '\0')) - return (num); + } + if (*o == '\0') + return num; if (!OBJ_create(o, s, l)) return (num); num++; @@ -685,7 +692,8 @@ int OBJ_create(const char *oid, const char *sn, const char *ln) int ok = 0; /* Check to see if short or long name already present */ - if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) { + if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef) + || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) { OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS); return 0; } diff --git a/vendor/openssl/crypto/ocsp/ocsp_cl.c b/vendor/openssl/crypto/ocsp/ocsp_cl.c index a42b80fa5..b638694e2 100644 --- a/vendor/openssl/crypto/ocsp/ocsp_cl.c +++ b/vendor/openssl/crypto/ocsp/ocsp_cl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -166,6 +166,16 @@ const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) return bs->signature; } +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) +{ + return &bs->signatureAlgorithm; +} + +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) +{ + return &bs->tbsResponseData; +} + /* * Return number of OCSP_SINGLERESP responses present in a basic response. */ diff --git a/vendor/openssl/crypto/ocsp/ocsp_ht.c b/vendor/openssl/crypto/ocsp/ocsp_ht.c index 680edfa5c..d8796ca6b 100644 --- a/vendor/openssl/crypto/ocsp/ocsp_ht.c +++ b/vendor/openssl/crypto/ocsp/ocsp_ht.c @@ -298,10 +298,12 @@ int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx) } rctx->state = OHS_ASN1_WRITE_INIT; + /* fall thru */ case OHS_ASN1_WRITE_INIT: rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); rctx->state = OHS_ASN1_WRITE; + /* fall thru */ case OHS_ASN1_WRITE: n = BIO_get_mem_data(rctx->mem, &p); @@ -323,6 +325,7 @@ int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx) (void)BIO_reset(rctx->mem); + /* fall thru */ case OHS_ASN1_FLUSH: i = BIO_flush(rctx->io); diff --git a/vendor/openssl/crypto/ocsp/ocsp_lcl.h b/vendor/openssl/crypto/ocsp/ocsp_lcl.h index f93a268e0..d1cf1583f 100644 --- a/vendor/openssl/crypto/ocsp/ocsp_lcl.h +++ b/vendor/openssl/crypto/ocsp/ocsp_lcl.h @@ -214,3 +214,19 @@ struct ocsp_service_locator_st { X509_NAME *issuer; STACK_OF(ACCESS_DESCRIPTION) *locator; }; + +# define OCSP_REQUEST_sign(o,pkey,md) \ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ + &(o)->optionalSignature->signatureAlgorithm,NULL,\ + (o)->optionalSignature->signature,&(o)->tbsRequest,pkey,md) + +# define OCSP_BASICRESP_sign(o,pkey,md,d) \ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\ + NULL,(o)->signature,&(o)->tbsResponseData,pkey,md) + +# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ + &(a)->optionalSignature->signatureAlgorithm,\ + (a)->optionalSignature->signature,&(a)->tbsRequest,r) + +# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ + &(a)->signatureAlgorithm,(a)->signature,&(a)->tbsResponseData,r) diff --git a/vendor/openssl/crypto/ocsp/ocsp_vfy.c b/vendor/openssl/crypto/ocsp/ocsp_vfy.c index e2cfa6dda..9a8d34386 100644 --- a/vendor/openssl/crypto/ocsp/ocsp_vfy.c +++ b/vendor/openssl/crypto/ocsp/ocsp_vfy.c @@ -73,6 +73,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, goto f_err; } } + } else if (certs != NULL) { + untrusted = certs; } else { untrusted = bs->certs; } @@ -136,6 +138,15 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, goto end; } +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs) +{ + int ret; + + ret = ocsp_find_signer(signer, bs, extra_certs, 0); + return (ret > 0) ? 1 : 0; +} + static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, unsigned long flags) { diff --git a/vendor/openssl/crypto/pariscid.pl b/vendor/openssl/crypto/pariscid.pl index f82e27ac4..3d4a5f8ae 100644 --- a/vendor/openssl/crypto/pariscid.pl +++ b/vendor/openssl/crypto/pariscid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -160,7 +160,7 @@ or %r29,$rv,$rv sub %r0,$rv,%r29 - extru %r29,31,1,$rv + extru %r29,0,1,$rv L\$no_data bv ($rp) .EXIT diff --git a/vendor/openssl/crypto/pem/pem_info.c b/vendor/openssl/crypto/pem/pem_info.c index dd493c850..78d4476a2 100644 --- a/vendor/openssl/crypto/pem/pem_info.c +++ b/vendor/openssl/crypto/pem/pem_info.c @@ -294,7 +294,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, /* create the right magic header stuff */ OPENSSL_assert(strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13 <= - sizeof buf); + sizeof(buf)); buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), diff --git a/vendor/openssl/crypto/pem/pem_lib.c b/vendor/openssl/crypto/pem/pem_lib.c index 3f53fd892..6f06c5291 100644 --- a/vendor/openssl/crypto/pem/pem_lib.c +++ b/vendor/openssl/crypto/pem/pem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,23 +28,23 @@ static int load_iv(char **fromp, unsigned char *to, int num); static int check_pem(const char *nm, const char *name); int pem_check_suffix(const char *pem_str, const char *suffix); -int PEM_def_callback(char *buf, int num, int w, void *key) +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata) { -#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI) int i; -#else - int i, j; +#ifndef OPENSSL_NO_UI + int min_len; const char *prompt; #endif - if (key) { - i = strlen(key); + /* We assume that the user passes a default password as userdata */ + if (userdata) { + i = strlen(userdata); i = (i > num) ? num : i; - memcpy(buf, key, i); + memcpy(buf, userdata, i); return i; } -#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI) +#ifdef OPENSSL_NO_UI PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; #else @@ -52,28 +52,22 @@ int PEM_def_callback(char *buf, int num, int w, void *key) if (prompt == NULL) prompt = "Enter PEM pass phrase:"; - for (;;) { - /* - * We assume that w == 0 means decryption, - * while w == 1 means encryption - */ - int min_len = w ? MIN_LENGTH : 0; + /* + * rwflag == 0 means decryption + * rwflag == 1 means encryption + * + * We assume that for encryption, we want a minimum length, while for + * decryption, we cannot know any minimum length, so we assume zero. + */ + min_len = rwflag ? MIN_LENGTH : 0; - i = EVP_read_pw_string_min(buf, min_len, num, prompt, w); - if (i != 0) { - PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); - memset(buf, 0, (unsigned int)num); - return -1; - } - j = strlen(buf); - if (min_len && j < min_len) { - fprintf(stderr, - "phrase is too short, needs to be at least %d chars\n", - min_len); - } else - break; + i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag); + if (i != 0) { + PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); + memset(buf, 0, (unsigned int)num); + return -1; } - return j; + return strlen(buf); #endif } @@ -357,7 +351,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, OPENSSL_cleanse(buf, PEM_BUFSIZE); OPENSSL_assert(strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13 - <= sizeof buf); + <= sizeof(buf)); buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); @@ -414,7 +408,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else keylen = callback(buf, PEM_BUFSIZE, 0, u); - if (keylen <= 0) { + if (keylen < 0) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); return 0; } @@ -472,6 +466,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) char *dekinfostart, c; cipher->cipher = NULL; + memset(cipher->iv, 0, sizeof(cipher->iv)); if ((header == NULL) || (*header == '\0') || (*header == '\n')) return 1; diff --git a/vendor/openssl/crypto/pem/pem_pk8.c b/vendor/openssl/crypto/pem/pem_pk8.c index 993c595a7..a8363b39b 100644 --- a/vendor/openssl/crypto/pem/pem_pk8.c +++ b/vendor/openssl/crypto/pem/pem_pk8.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -124,13 +124,14 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); return NULL; } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); + OPENSSL_cleanse(psbuf, klen); if (!p8inf) return NULL; ret = EVP_PKCS82PKEY(p8inf); diff --git a/vendor/openssl/crypto/pem/pem_pkey.c b/vendor/openssl/crypto/pem/pem_pkey.c index 630862270..7dadc1391 100644 --- a/vendor/openssl/crypto/pem/pem_pkey.c +++ b/vendor/openssl/crypto/pem/pem_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -59,13 +59,14 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); goto err; } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); + OPENSSL_cleanse(psbuf, klen); if (!p8inf) goto p8err; ret = EVP_PKCS82PKEY(p8inf); diff --git a/vendor/openssl/crypto/pem/pvkfmt.c b/vendor/openssl/crypto/pem/pvkfmt.c index 248704ec5..96a82eb52 100644 --- a/vendor/openssl/crypto/pem/pvkfmt.c +++ b/vendor/openssl/crypto/pem/pvkfmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -120,6 +120,7 @@ static int do_blob_header(const unsigned char **in, unsigned int length, case MS_DSS1MAGIC: *pisdss = 1; + /* fall thru */ case MS_RSA1MAGIC: if (*pispub == 0) { PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB); @@ -129,6 +130,7 @@ static int do_blob_header(const unsigned char **in, unsigned int length, case MS_DSS2MAGIC: *pisdss = 1; + /* fall thru */ case MS_RSA2MAGIC: if (*pispub == 1) { PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB); @@ -283,14 +285,17 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, goto memerr; BN_CTX_free(ctx); + ctx = NULL; } if (!DSA_set0_pqg(dsa, pbn, qbn, gbn)) goto memerr; pbn = qbn = gbn = NULL; if (!DSA_set0_key(dsa, pub_key, priv_key)) goto memerr; + pub_key = priv_key = NULL; - EVP_PKEY_set1_DSA(ret, dsa); + if (!EVP_PKEY_set1_DSA(ret, dsa)) + goto memerr; DSA_free(dsa); *in = p; return ret; @@ -343,12 +348,19 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in, goto memerr; if (!read_lebn(&pin, nbyte, &d)) goto memerr; - RSA_set0_factors(rsa, p, q); - RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); + if (!RSA_set0_factors(rsa, p, q)) + goto memerr; + p = q = NULL; + if (!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) + goto memerr; + dmp1 = dmq1 = iqmp = NULL; } - RSA_set0_key(rsa, n, e, d); + if (!RSA_set0_key(rsa, n, e, d)) + goto memerr; + n = e = d = NULL; - EVP_PKEY_set1_RSA(ret, rsa); + if (!EVP_PKEY_set1_RSA(ret, rsa)) + goto memerr; RSA_free(rsa); *in = pin; return ret; @@ -663,17 +675,17 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, const unsigned char *p = *in; unsigned int magic; unsigned char *enctmp = NULL, *q; + unsigned char keybuf[20]; EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new(); if (saltlen) { char psbuf[PEM_BUFSIZE]; - unsigned char keybuf[20]; int enctmplen, inlen; if (cb) inlen = cb(psbuf, PEM_BUFSIZE, 0, u); else inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (inlen <= 0) { + if (inlen < 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); goto err; } @@ -707,7 +719,6 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, memset(keybuf + 5, 0, 11); if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) goto err; - OPENSSL_cleanse(keybuf, 20); if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) goto err; if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen)) @@ -717,15 +728,17 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT); goto err; } - } else - OPENSSL_cleanse(keybuf, 20); + } p = enctmp; } ret = b2i_PrivateKey(&p, keylen); err: EVP_CIPHER_CTX_free(cctx); - OPENSSL_free(enctmp); + if (enctmp != NULL) { + OPENSSL_cleanse(keybuf, sizeof(keybuf)); + OPENSSL_free(enctmp); + } return ret; } diff --git a/vendor/openssl/crypto/pkcs12/p12_asn.c b/vendor/openssl/crypto/pkcs12/p12_asn.c index f2bfe32eb..422dfc398 100644 --- a/vendor/openssl/crypto/pkcs12/p12_asn.c +++ b/vendor/openssl/crypto/pkcs12/p12_asn.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -51,7 +51,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ ASN1_ADB(PKCS12_SAFEBAG) = { ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), - ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), + ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) diff --git a/vendor/openssl/crypto/pkcs12/p12_init.c b/vendor/openssl/crypto/pkcs12/p12_init.c index a78e183c9..88db0f2dc 100644 --- a/vendor/openssl/crypto/pkcs12/p12_init.c +++ b/vendor/openssl/crypto/pkcs12/p12_init.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,7 +22,8 @@ PKCS12 *PKCS12_init(int mode) PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); return NULL; } - ASN1_INTEGER_set(pkcs12->version, 3); + if (!ASN1_INTEGER_set(pkcs12->version, 3)) + goto err; pkcs12->authsafes->type = OBJ_nid2obj(mode); switch (mode) { case NID_pkcs7_data: diff --git a/vendor/openssl/crypto/pkcs12/p12_kiss.c b/vendor/openssl/crypto/pkcs12/p12_kiss.c index 62f5d1ec1..7ab98385a 100644 --- a/vendor/openssl/crypto/pkcs12/p12_kiss.c +++ b/vendor/openssl/crypto/pkcs12/p12_kiss.c @@ -34,6 +34,12 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, { STACK_OF(X509) *ocerts = NULL; X509 *x = NULL; + + if (pkey) + *pkey = NULL; + if (cert) + *cert = NULL; + /* Check for NULL PKCS12 structure */ if (!p12) { @@ -42,11 +48,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, return 0; } - if (pkey) - *pkey = NULL; - if (cert) - *cert = NULL; - /* Check the mac */ /* @@ -75,7 +76,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, if (!ocerts) { PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { @@ -111,10 +112,14 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, err: - if (pkey) + if (pkey) { EVP_PKEY_free(*pkey); - if (cert) + *pkey = NULL; + } + if (cert) { X509_free(*cert); + *cert = NULL; + } X509_free(x); sk_X509_pop_free(ocerts, X509_free); return 0; diff --git a/vendor/openssl/crypto/pkcs12/p12_mutl.c b/vendor/openssl/crypto/pkcs12/p12_mutl.c index 899a12e13..0cbbed364 100644 --- a/vendor/openssl/crypto/pkcs12/p12_mutl.c +++ b/vendor/openssl/crypto/pkcs12/p12_mutl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,13 +7,13 @@ * https://www.openssl.org/source/license.html */ -# include -# include "internal/cryptlib.h" -# include -# include -# include -# include -# include "p12_lcl.h" +#include +#include "internal/cryptlib.h" +#include +#include +#include +#include +#include "p12_lcl.h" int PKCS12_mac_present(const PKCS12 *p12) { @@ -44,7 +44,7 @@ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, } } -# define TK26_MAC_KEY_LEN 32 +#define TK26_MAC_KEY_LEN 32 static int pkcs12_gen_gost_mac_key(const char *pass, int passlen, const unsigned char *salt, int saltlen, @@ -75,6 +75,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *out, const EVP_MD *md_type)) { + int ret = 0; const EVP_MD *md_type; HMAC_CTX *hmac = NULL; unsigned char key[EVP_MAX_MD_SIZE], *salt; @@ -111,29 +112,32 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, if ((md_type_nid == NID_id_GostR3411_94 || md_type_nid == NID_id_GostR3411_2012_256 || md_type_nid == NID_id_GostR3411_2012_512) - && !getenv("LEGACY_GOST_PKCS12")) { + && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) { md_size = TK26_MAC_KEY_LEN; if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter, md_size, key, md_type)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); - return 0; + goto err; } } else if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, md_size, key, md_type)) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); - return 0; + goto err; } - hmac = HMAC_CTX_new(); - if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL) + if ((hmac = HMAC_CTX_new()) == NULL + || !HMAC_Init_ex(hmac, key, md_size, md_type, NULL) || !HMAC_Update(hmac, p12->authsafes->d.data->data, p12->authsafes->d.data->length) || !HMAC_Final(hmac, mac, maclen)) { - HMAC_CTX_free(hmac); - return 0; + goto err; } + ret = 1; + +err: + OPENSSL_cleanse(key, sizeof(key)); HMAC_CTX_free(hmac); - return 1; + return ret; } int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, diff --git a/vendor/openssl/crypto/pkcs7/pk7_asn1.c b/vendor/openssl/crypto/pkcs7/pk7_asn1.c index 315e1b813..cd9fb4f50 100644 --- a/vendor/openssl/crypto/pkcs7/pk7_asn1.c +++ b/vendor/openssl/crypto/pkcs7/pk7_asn1.c @@ -40,6 +40,7 @@ static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, case ASN1_OP_STREAM_PRE: if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) return 0; + /* fall thru */ case ASN1_OP_DETACHED_PRE: sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); if (!sarg->ndef_bio) diff --git a/vendor/openssl/crypto/pkcs7/pk7_doit.c b/vendor/openssl/crypto/pkcs7/pk7_doit.c index bc6bd30fc..e6e80f08d 100644 --- a/vendor/openssl/crypto/pkcs7/pk7_doit.c +++ b/vendor/openssl/crypto/pkcs7/pk7_doit.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -316,16 +316,18 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) } if (bio == NULL) { - if (PKCS7_is_detached(p7)) + if (PKCS7_is_detached(p7)) { bio = BIO_new(BIO_s_null()); - else if (os && os->length > 0) + } else if (os && os->length > 0) { bio = BIO_new_mem_buf(os->data, os->length); - if (bio == NULL) { + } else { bio = BIO_new(BIO_s_mem()); if (bio == NULL) goto err; BIO_set_mem_eof_return(bio, 0); } + if (bio == NULL) + goto err; } if (out) BIO_push(out, bio); diff --git a/vendor/openssl/crypto/pkcs7/pk7_lib.c b/vendor/openssl/crypto/pkcs7/pk7_lib.c index 69c68cf5f..371b9c99f 100644 --- a/vendor/openssl/crypto/pkcs7/pk7_lib.c +++ b/vendor/openssl/crypto/pkcs7/pk7_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -134,7 +134,6 @@ int PKCS7_set_type(PKCS7 *p7, int type) if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new()) == NULL) goto err; - ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1); if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) goto err; p7->d.signed_and_enveloped->enc_data->content_type diff --git a/vendor/openssl/crypto/poly1305/asm/poly1305-armv4.pl b/vendor/openssl/crypto/poly1305/asm/poly1305-armv4.pl index fc899ced8..5cdb6be05 100755 --- a/vendor/openssl/crypto/poly1305/asm/poly1305-armv4.pl +++ b/vendor/openssl/crypto/poly1305/asm/poly1305-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -186,6 +186,7 @@ .type poly1305_blocks,%function .align 5 poly1305_blocks: +.Lpoly1305_blocks: stmdb sp!,{r3-r11,lr} ands $len,$len,#-16 @@ -677,7 +678,7 @@ cmp $len,#64 bhs .Lenter_neon tst ip,ip @ is_base2_26? - beq poly1305_blocks + beq .Lpoly1305_blocks .Lenter_neon: stmdb sp!,{r4-r7} diff --git a/vendor/openssl/crypto/poly1305/asm/poly1305-x86.pl b/vendor/openssl/crypto/poly1305/asm/poly1305-x86.pl index ab24dfcfa..93179e37d 100755 --- a/vendor/openssl/crypto/poly1305/asm/poly1305-x86.pl +++ b/vendor/openssl/crypto/poly1305/asm/poly1305-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ $avx = ($1>=2.09) + ($1>=2.10); } - if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { + if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } } diff --git a/vendor/openssl/crypto/rand/md_rand.c b/vendor/openssl/crypto/rand/md_rand.c index 85ce4e6f9..eb6a14b14 100644 --- a/vendor/openssl/crypto/rand/md_rand.c +++ b/vendor/openssl/crypto/rand/md_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -169,7 +169,7 @@ static int rand_add(const void *buf, int num, double add) md_c[0] = md_count[0]; md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); + memcpy(local_md, md, sizeof(md)); /* state_index <= state_num <= STATE_SIZE */ state_index += num; @@ -275,7 +275,6 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) static volatile int stirred_pool = 0; int i, j, k; size_t num_ceil, st_idx, st_num; - int ok; long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; EVP_MD_CTX *m; @@ -362,14 +361,13 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) if (!initialized) { RAND_poll(); - initialized = 1; + initialized = (entropy >= ENTROPY_NEEDED); } if (!stirred_pool) do_stir_pool = 1; - ok = (entropy >= ENTROPY_NEEDED); - if (!ok) { + if (!initialized) { /* * If the PRNG state is not yet unpredictable, then seeing the PRNG * output may help attackers to determine the new state; thus we have @@ -408,7 +406,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); n -= MD_DIGEST_LENGTH; } - if (ok) + if (initialized) stirred_pool = 1; } @@ -416,7 +414,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) st_num = state_num; md_c[0] = md_count[0]; md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); + memcpy(local_md, md, sizeof(md)); state_index += num_ceil; if (state_index > state_num) @@ -442,15 +440,15 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) goto err; #ifndef GETPID_IS_MEANINGLESS if (curr_pid) { /* just in the first iteration to save time */ - if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof curr_pid)) + if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof(curr_pid))) goto err; curr_pid = 0; } #endif if (curr_time) { /* just in the first iteration to save time */ - if (!MD_Update(m, (unsigned char *)&curr_time, sizeof curr_time)) + if (!MD_Update(m, (unsigned char *)&curr_time, sizeof(curr_time))) goto err; - if (!MD_Update(m, (unsigned char *)&tv, sizeof tv)) + if (!MD_Update(m, (unsigned char *)&tv, sizeof(tv))) goto err; curr_time = 0; if (!rand_hw_seed(m)) @@ -492,6 +490,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) */ ASYNC_block_pause(); if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) { + ASYNC_unblock_pause(); CRYPTO_THREAD_unlock(rand_lock); goto err; } @@ -499,7 +498,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) CRYPTO_THREAD_unlock(rand_lock); EVP_MD_CTX_free(m); - if (ok) + if (initialized) return (1); else if (pseudo) return 0; diff --git a/vendor/openssl/crypto/rand/rand_egd.c b/vendor/openssl/crypto/rand/rand_egd.c index dd58b2149..50963b8e4 100644 --- a/vendor/openssl/crypto/rand/rand_egd.c +++ b/vendor/openssl/crypto/rand/rand_egd.c @@ -102,7 +102,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) addr.sun_family = AF_UNIX; if (strlen(path) >= sizeof(addr.sun_path)) return (-1); - OPENSSL_strlcpy(addr.sun_path, path, sizeof addr.sun_path); + OPENSSL_strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); len = offsetof(struct sockaddr_un, sun_path) + strlen(path); fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) diff --git a/vendor/openssl/crypto/rand/rand_unix.c b/vendor/openssl/crypto/rand/rand_unix.c index ecba2dc98..7a5a94843 100644 --- a/vendor/openssl/crypto/rand/rand_unix.c +++ b/vendor/openssl/crypto/rand/rand_unix.c @@ -80,15 +80,15 @@ int RAND_poll(void) */ curr_gid = getgid(); - RAND_add(&curr_gid, sizeof curr_gid, 1); + RAND_add(&curr_gid, sizeof(curr_gid), 1); curr_gid = 0; curr_pid = getpid(); - RAND_add(&curr_pid, sizeof curr_pid, 1); + RAND_add(&curr_pid, sizeof(curr_pid), 1); curr_pid = 0; curr_uid = getuid(); - RAND_add(&curr_uid, sizeof curr_uid, 1); + RAND_add(&curr_uid, sizeof(curr_uid), 1); curr_uid = 0; for (i = 0; i < (ENTROPY_NEEDED * 4); i++) { @@ -116,7 +116,7 @@ int RAND_poll(void) /* take 8 bits */ v = (unsigned char)(ts.tv_nsec % 256); - RAND_add(&v, sizeof v, 1); + RAND_add(&v, sizeof(v), 1); v = 0; } return 1; @@ -289,7 +289,7 @@ int RAND_poll(void) # if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)) if (n > 0) { - RAND_add(tmpbuf, sizeof tmpbuf, (double)n); + RAND_add(tmpbuf, sizeof(tmpbuf), (double)n); OPENSSL_cleanse(tmpbuf, n); } # endif diff --git a/vendor/openssl/crypto/rand/randfile.c b/vendor/openssl/crypto/rand/randfile.c index 15fa9dce5..c82740770 100644 --- a/vendor/openssl/crypto/rand/randfile.c +++ b/vendor/openssl/crypto/rand/randfile.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,9 +21,7 @@ #ifdef OPENSSL_SYS_VMS # include #endif -#ifndef NO_SYS_TYPES_H -# include -#endif +#include #ifndef OPENSSL_NO_POSIX_IO # include # include @@ -316,14 +314,9 @@ const char *RAND_file_name(char *buf, size_t size) } } #else - if (OPENSSL_issetugid() != 0) { + if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') { use_randfile = 0; - } else { - s = getenv("RANDFILE"); - if (s == NULL || *s == '\0') { - use_randfile = 0; - s = getenv("HOME"); - } + s = ossl_safe_getenv("HOME"); } #endif #ifdef DEFAULT_HOME diff --git a/vendor/openssl/crypto/rc2/rc2_locl.h b/vendor/openssl/crypto/rc2/rc2_locl.h index a9a57d612..e4dad9478 100644 --- a/vendor/openssl/crypto/rc2/rc2_locl.h +++ b/vendor/openssl/crypto/rc2/rc2_locl.h @@ -20,13 +20,20 @@ l1=l2=0; \ switch (n) { \ case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ + /* fall thru */ \ case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ + /* fall thru */ \ case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + /* fall thru */ \ case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ + /* fall thru */ \ case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ + /* fall thru */ \ case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 1: l1|=((unsigned long)(*(--(c)))); \ } \ } @@ -42,12 +49,19 @@ c+=n; \ switch (n) { \ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ + /* fall thru */ \ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ + /* fall thru */ \ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ + /* fall thru */ \ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ + /* fall thru */ \ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ + /* fall thru */ \ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ + /* fall thru */ \ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ } \ } @@ -58,12 +72,19 @@ l1=l2=0; \ switch (n) { \ case 8: l2 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + /* fall thru */ \ case 4: l1 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ case 1: l1|=((unsigned long)(*(--(c))))<<24; \ } \ } @@ -73,12 +94,19 @@ c+=n; \ switch (n) { \ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + /* fall thru */ \ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + /* fall thru */ \ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + /* fall thru */ \ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + /* fall thru */ \ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + /* fall thru */ \ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + /* fall thru */ \ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ } \ } diff --git a/vendor/openssl/crypto/rc4/asm/rc4-c64xplus.pl b/vendor/openssl/crypto/rc4/asm/rc4-c64xplus.pl index daed75c75..184922c12 100644 --- a/vendor/openssl/crypto/rc4/asm/rc4-c64xplus.pl +++ b/vendor/openssl/crypto/rc4/asm/rc4-c64xplus.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -186,5 +186,7 @@ .align 4 ___ +$output=pop; +open STDOUT,">$output"; print $code; close STDOUT; diff --git a/vendor/openssl/crypto/rc4/build.info b/vendor/openssl/crypto/rc4/build.info index 6c488890f..8659526d7 100644 --- a/vendor/openssl/crypto/rc4/build.info +++ b/vendor/openssl/crypto/rc4/build.info @@ -20,7 +20,7 @@ ENDRAW[makefile(windows)] BEGINRAW[Makefile] {- $builddir -}/rc4-ia64.s: {- $sourcedir -}/asm/rc4-ia64.pl @(trap "rm $@.*" INT 0; \ - $(PERL) $< $(CFLAGS) $(LIB_CFLAGS) $@.S; \ + $(PERL) {- $sourcedir -}/asm/rc4-ia64.pl $(CFLAGS) $(LIB_CFLAGS) $@.S; \ case `awk '/^#define RC4_INT/{print$$NF}' $(BLDDIR)/include/openssl/opensslconf.h` in \ int) set -x; $(CC) $(CFLAGS) $(LIB_CFLAGS) -DSZ=4 -E $@.S > $@.i && mv -f $@.i $@;; \ char) set -x; $(CC) $(CFLAGS) $(LIB_CFLAGS) -DSZ=1 -E $@.S > $@.i && mv -f $@.i $@;; \ diff --git a/vendor/openssl/crypto/rc5/rc5_locl.h b/vendor/openssl/crypto/rc5/rc5_locl.h index 33a709b45..41130fe33 100644 --- a/vendor/openssl/crypto/rc5/rc5_locl.h +++ b/vendor/openssl/crypto/rc5/rc5_locl.h @@ -22,13 +22,20 @@ l1=l2=0; \ switch (n) { \ case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ + /* fall thru */ \ case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ + /* fall thru */ \ case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 5: l2|=((unsigned long)(*(--(c)))); \ + /* fall thru */ \ case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ + /* fall thru */ \ case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ + /* fall thru */ \ case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ + /* fall thru */ \ + case 1: l1|=((unsigned long)(*(--(c)))); \ } \ } @@ -44,12 +51,19 @@ c+=n; \ switch (n) { \ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ + /* fall thru */ \ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ + /* fall thru */ \ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ + /* fall thru */ \ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ + /* fall thru */ \ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ + /* fall thru */ \ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ + /* fall thru */ \ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ } \ } @@ -60,12 +74,19 @@ l1=l2=0; \ switch (n) { \ case 8: l2 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + /* fall thru */ \ case 4: l1 =((unsigned long)(*(--(c)))) ; \ + /* fall thru */ \ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + /* fall thru */ \ case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + /* fall thru */ \ case 1: l1|=((unsigned long)(*(--(c))))<<24; \ } \ } @@ -75,12 +96,19 @@ c+=n; \ switch (n) { \ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + /* fall thru */ \ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + /* fall thru */ \ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + /* fall thru */ \ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + /* fall thru */ \ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + /* fall thru */ \ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + /* fall thru */ \ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + /* fall thru */ \ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ } \ } diff --git a/vendor/openssl/crypto/rsa/rsa_ameth.c b/vendor/openssl/crypto/rsa/rsa_ameth.c index 5694140af..4a12276a3 100644 --- a/vendor/openssl/crypto/rsa/rsa_ameth.c +++ b/vendor/openssl/crypto/rsa/rsa_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -773,7 +773,8 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; unsigned char *label; - CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg); + if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0) + return 0; if (pkctx) { if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; diff --git a/vendor/openssl/crypto/rsa/rsa_gen.c b/vendor/openssl/crypto/rsa/rsa_gen.c index 4ced96551..79f77e3ea 100644 --- a/vendor/openssl/crypto/rsa/rsa_gen.c +++ b/vendor/openssl/crypto/rsa/rsa_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,6 +42,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; + unsigned long error = 0; /* * When generating ridiculously small keys, we can get stuck @@ -88,16 +89,28 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (BN_copy(rsa->e, e_value) == NULL) goto err; + BN_set_flags(rsa->p, BN_FLG_CONSTTIME); + BN_set_flags(rsa->q, BN_FLG_CONSTTIME); + BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } if (!BN_GENCB_call(cb, 2, n++)) goto err; } @@ -110,10 +123,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, } while (BN_cmp(rsa->p, rsa->q) == 0); if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } if (!BN_GENCB_call(cb, 2, n++)) goto err; } diff --git a/vendor/openssl/crypto/rsa/rsa_lib.c b/vendor/openssl/crypto/rsa/rsa_lib.c index 48e9100a9..d99d04916 100644 --- a/vendor/openssl/crypto/rsa/rsa_lib.c +++ b/vendor/openssl/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,31 +15,9 @@ #include #include "rsa_locl.h" -static const RSA_METHOD *default_RSA_meth = NULL; - RSA *RSA_new(void) { - RSA *r = RSA_new_method(NULL); - - return r; -} - -void RSA_set_default_method(const RSA_METHOD *meth) -{ - default_RSA_meth = meth; -} - -const RSA_METHOD *RSA_get_default_method(void) -{ - if (default_RSA_meth == NULL) { -#ifdef RSA_NULL - default_RSA_meth = RSA_null_method(); -#else - default_RSA_meth = RSA_PKCS1_OpenSSL(); -#endif - } - - return default_RSA_meth; + return RSA_new_method(NULL); } const RSA_METHOD *RSA_get_method(const RSA *rsa) @@ -116,7 +94,7 @@ RSA *RSA_new_method(ENGINE *engine) return ret; -err: + err: RSA_free(ret); return NULL; } @@ -134,7 +112,7 @@ void RSA_free(RSA *r) return; REF_ASSERT_ISNT(i < 0); - if (r->meth->finish) + if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); diff --git a/vendor/openssl/crypto/rsa/rsa_meth.c b/vendor/openssl/crypto/rsa/rsa_meth.c index 9480abd70..ba40cff28 100644 --- a/vendor/openssl/crypto/rsa/rsa_meth.c +++ b/vendor/openssl/crypto/rsa/rsa_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -75,7 +75,7 @@ int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) return 1; } -int RSA_meth_get_flags(RSA_METHOD *meth) +int RSA_meth_get_flags(const RSA_METHOD *meth) { return meth->flags; } @@ -163,13 +163,13 @@ int RSA_meth_set_priv_dec(RSA_METHOD *meth, /* Can be null */ int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx) { return meth->rsa_mod_exp; } int RSA_meth_set_mod_exp(RSA_METHOD *meth, - int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)) { meth->rsa_mod_exp = mod_exp; diff --git a/vendor/openssl/crypto/rsa/rsa_oaep.c b/vendor/openssl/crypto/rsa/rsa_oaep.c index 868104f1b..df08a2f53 100644 --- a/vendor/openssl/crypto/rsa/rsa_oaep.c +++ b/vendor/openssl/crypto/rsa/rsa_oaep.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -43,10 +43,12 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, const unsigned char *param, int plen, const EVP_MD *md, const EVP_MD *mgf1md) { + int rv = 0; int i, emlen = tlen - 1; unsigned char *db, *seed; - unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE]; - int mdlen; + unsigned char *dbmask = NULL; + unsigned char seedmask[EVP_MAX_MD_SIZE]; + int mdlen, dbmask_len = 0; if (md == NULL) md = EVP_sha1(); @@ -72,40 +74,41 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, db = to + mdlen + 1; if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL)) - return 0; + goto err; memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1); db[emlen - flen - mdlen - 1] = 0x01; memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); if (RAND_bytes(seed, mdlen) <= 0) - return 0; + goto err; + #ifdef PKCS_TESTVECT memcpy(seed, "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", 20); #endif - dbmask = OPENSSL_malloc(emlen - mdlen); + dbmask_len = emlen - mdlen; + dbmask = OPENSSL_malloc(dbmask_len); if (dbmask == NULL) { RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } - if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0) + if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0) goto err; - for (i = 0; i < emlen - mdlen; i++) + for (i = 0; i < dbmask_len; i++) db[i] ^= dbmask[i]; - if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0) + if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0) goto err; for (i = 0; i < mdlen; i++) seed[i] ^= seedmask[i]; - - OPENSSL_free(dbmask); - return 1; + rv = 1; err: - OPENSSL_free(dbmask); - return 0; + OPENSSL_cleanse(seedmask, sizeof(seedmask)); + OPENSSL_clear_free(dbmask, dbmask_len); + return rv; } int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, @@ -122,7 +125,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, int plen, const EVP_MD *md, const EVP_MD *mgf1md) { - int i, dblen, mlen = -1, one_index = 0, msg_index; + int i, dblen = 0, mlen = -1, one_index = 0, msg_index; unsigned int good, found_one_byte; const unsigned char *maskedseed, *maskeddb; /* @@ -155,32 +158,40 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, dblen = num - mdlen - 1; db = OPENSSL_malloc(dblen); - em = OPENSSL_malloc(num); - if (db == NULL || em == NULL) { + if (db == NULL) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE); goto cleanup; } - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel - * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. - */ - memset(em, 0, num); - memcpy(em + num - flen, from, flen); + if (flen != num) { + em = OPENSSL_zalloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, + ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad, but if it doesn't, we do this zero-padding copy + * to avoid leaking that information. The copy still leaks some + * side-channel information, but it's impossible to have a fixed + * memory access pattern since we can't read out of the bounds of + * |from|. + */ + memcpy(em + num - flen, from, flen); + from = em; + } /* * The first byte must be zero, however we must not leak if this is * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). */ - good = constant_time_is_zero(em[0]); + good = constant_time_is_zero(from[0]); - maskedseed = em + 1; - maskeddb = em + 1 + mdlen; + maskedseed = from + 1; + maskeddb = from + 1 + mdlen; if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) goto cleanup; @@ -239,8 +250,9 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_OAEP_DECODING_ERROR); cleanup: - OPENSSL_free(db); - OPENSSL_free(em); + OPENSSL_cleanse(seed, sizeof(seed)); + OPENSSL_clear_free(db, dblen); + OPENSSL_clear_free(em, num); return mlen; } @@ -281,6 +293,7 @@ int PKCS1_MGF1(unsigned char *mask, long len, } rv = 0; err: + OPENSSL_cleanse(md, sizeof(md)); EVP_MD_CTX_free(c); return rv; } diff --git a/vendor/openssl/crypto/rsa/rsa_ossl.c b/vendor/openssl/crypto/rsa/rsa_ossl.c index 782606645..23f948fbb 100644 --- a/vendor/openssl/crypto/rsa/rsa_ossl.c +++ b/vendor/openssl/crypto/rsa/rsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,8 +11,6 @@ #include "internal/bn_int.h" #include "rsa_locl.h" -#ifndef RSA_NULL - static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, @@ -26,7 +24,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, static int rsa_ossl_init(RSA *rsa); static int rsa_ossl_finish(RSA *rsa); static RSA_METHOD rsa_pkcs1_ossl_meth = { - "OpenSSL PKCS#1 RSA (from Eric Young)", + "OpenSSL PKCS#1 RSA", rsa_ossl_public_encrypt, rsa_ossl_public_decrypt, /* signature verification */ rsa_ossl_private_encrypt, /* signing */ @@ -43,6 +41,18 @@ static RSA_METHOD rsa_pkcs1_ossl_meth = { NULL /* rsa_keygen */ }; +static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth; + +void RSA_set_default_method(const RSA_METHOD *meth) +{ + default_RSA_meth = meth; +} + +const RSA_METHOD *RSA_get_default_method(void) +{ + return default_RSA_meth; +} + const RSA_METHOD *RSA_PKCS1_OpenSSL(void) { return &rsa_pkcs1_ossl_meth; @@ -52,7 +62,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret; - int i, j, k, num = 0, r = -1; + int i, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -117,8 +127,8 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, + rsa->n, ctx)) goto err; if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, @@ -126,15 +136,10 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, goto err; /* - * put in leading 0 bytes if the number is less than the length of the - * modulus + * BN_bn2binpad puts in leading 0 bytes if the number is less than + * the length of the modulus. */ - j = BN_num_bytes(ret); - i = BN_bn2bin(ret, &(to[num - j])); - for (k = 0; k < (num - i); k++) - to[k] = 0; - - r = num; + r = BN_bn2binpad(ret, to, num); err: if (ctx != NULL) BN_CTX_end(ctx); @@ -223,7 +228,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret, *res; - int i, j, k, num = 0, r = -1; + int i, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; @@ -307,8 +312,8 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) { + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, + rsa->n, ctx)) { BN_free(d); goto err; } @@ -327,7 +332,8 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, goto err; if (padding == RSA_X931_PADDING) { - BN_sub(f, rsa->n, ret); + if (!BN_sub(f, rsa->n, ret)) + goto err; if (BN_cmp(ret, f) > 0) res = f; else @@ -336,15 +342,10 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, res = ret; /* - * put in leading 0 bytes if the number is less than the length of the - * modulus + * BN_bn2binpad puts in leading 0 bytes if the number is less than + * the length of the modulus. */ - j = BN_num_bytes(res); - i = BN_bn2bin(res, &(to[num - j])); - for (k = 0; k < (num - i); k++) - to[k] = 0; - - r = num; + r = BN_bn2binpad(res, to, num); err: if (ctx != NULL) BN_CTX_end(ctx); @@ -358,7 +359,6 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, { BIGNUM *f, *ret; int j, num = 0, r = -1; - unsigned char *p; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; @@ -435,8 +435,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) { + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, + rsa->n, ctx)) { BN_free(d); goto err; } @@ -453,8 +453,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) goto err; - p = buf; - j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ + j = BN_bn2binpad(ret, buf, num); switch (padding) { case RSA_PKCS1_PADDING: @@ -467,7 +466,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, r = RSA_padding_check_SSLv23(to, num, buf, j, num); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, buf, j, num); + memcpy(to, buf, (r = j)); break; default: RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); @@ -490,7 +489,6 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, { BIGNUM *f, *ret; int i, num = 0, r = -1; - unsigned char *p; unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -543,8 +541,8 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, + rsa->n, ctx)) goto err; if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, @@ -555,8 +553,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, if (!BN_sub(ret, rsa->n, ret)) goto err; - p = buf; - i = BN_bn2bin(ret, p); + i = BN_bn2binpad(ret, buf, num); switch (padding) { case RSA_PKCS1_PADDING: @@ -566,7 +563,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, r = RSA_padding_check_X931(to, num, buf, i, num); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, buf, i, num); + memcpy(to, buf, (r = i)); break; default: RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); @@ -586,51 +583,90 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { BIGNUM *r1, *m1, *vrfy; - int ret = 0; + int ret = 0, smooth = 0; BN_CTX_start(ctx); r1 = BN_CTX_get(ctx); m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); + if (vrfy == NULL) + goto err; - { - BIGNUM *p = BN_new(), *q = BN_new(); + if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { + BIGNUM *factor = BN_new(); + + if (factor == NULL) + goto err; /* * Make sure BN_mod_inverse in Montgomery initialization uses the * BN_FLG_CONSTTIME flag */ - if (p == NULL || q == NULL) { - BN_free(p); - BN_free(q); + if (!(BN_with_flags(factor, rsa->p, BN_FLG_CONSTTIME), + BN_MONT_CTX_set_locked(&rsa->_method_mod_p, rsa->lock, + factor, ctx)) + || !(BN_with_flags(factor, rsa->q, BN_FLG_CONSTTIME), + BN_MONT_CTX_set_locked(&rsa->_method_mod_q, rsa->lock, + factor, ctx))) { + BN_free(factor); goto err; } - BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); - BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); - - if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_p, rsa->lock, p, ctx) - || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q, - rsa->lock, q, ctx)) { - BN_free(p); - BN_free(q); - goto err; - } - } /* - * We MUST free p and q before any further use of rsa->p and rsa->q + * We MUST free |factor| before any further use of the prime factors */ - BN_free(p); - BN_free(q); + BN_free(factor); + + smooth = (rsa->meth->bn_mod_exp == BN_mod_exp_mont) + && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p)); } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, + rsa->n, ctx)) goto err; + if (smooth) { + /* + * Conversion from Montgomery domain, a.k.a. Montgomery reduction, + * accepts values in [0-m*2^w) range. w is m's bit width rounded up + * to limb width. So that at the very least if |I| is fully reduced, + * i.e. less than p*q, we can count on from-to round to perform + * below modulo operations on |I|. Unlike BN_mod it's constant time. + */ + if (/* m1 = I moq q */ + !bn_from_mont_fixed_top(m1, I, rsa->_method_mod_q, ctx) + || !bn_to_mont_fixed_top(m1, m1, rsa->_method_mod_q, ctx) + /* m1 = m1^dmq1 mod q */ + || !BN_mod_exp_mont_consttime(m1, m1, rsa->dmq1, rsa->q, ctx, + rsa->_method_mod_q) + /* r1 = I mod p */ + || !bn_from_mont_fixed_top(r1, I, rsa->_method_mod_p, ctx) + || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx) + /* r1 = r1^dmp1 mod p */ + || !BN_mod_exp_mont_consttime(r1, r1, rsa->dmp1, rsa->p, ctx, + rsa->_method_mod_p) + /* r1 = (r1 - m1) mod p */ + /* + * bn_mod_sub_fixed_top is not regular modular subtraction, + * it can tolerate subtrahend to be larger than modulus, but + * not bit-wise wider. This makes up for uncommon q>p case, + * when |m1| can be larger than |rsa->p|. + */ + || !bn_mod_sub_fixed_top(r1, r1, m1, rsa->p) + + /* r1 = r1 * iqmp mod p */ + || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx) + || !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p, + ctx) + /* r0 = r1 * q + m1 */ + || !bn_mul_fixed_top(r0, r1, rsa->q, ctx) + || !bn_mod_add_fixed_top(r0, r0, m1, rsa->n)) + goto err; + + goto tail; + } + /* compute I mod q */ { BIGNUM *c = BN_new(); @@ -653,7 +689,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* compute r1^dmq1 mod q */ if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, - rsa->_method_mod_q)) { + rsa->_method_mod_q)) { BN_free(c); BN_free(dmq1); goto err; @@ -729,10 +765,18 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (!BN_add(r0, r1, m1)) goto err; + tail: if (rsa->e && rsa->n) { - if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, - rsa->_method_mod_n)) - goto err; + if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) { + if (!BN_mod_exp_mont(vrfy, r0, rsa->e, rsa->n, ctx, + rsa->_method_mod_n)) + goto err; + } else { + bn_correct_top(r0); + if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, + rsa->_method_mod_n)) + goto err; + } /* * If 'I' was greater than (or equal to) rsa->n, the operation will * be equivalent to using 'I mod n'. However, the result of the @@ -741,6 +785,11 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) */ if (!BN_sub(vrfy, vrfy, I)) goto err; + if (BN_is_zero(vrfy)) { + bn_correct_top(r0); + ret = 1; + goto err; /* not actually error */ + } if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err; if (BN_is_negative(vrfy)) @@ -767,6 +816,15 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BN_free(d); } } + /* + * It's unfortunate that we have to bn_correct_top(r0). What hopefully + * saves the day is that correction is highly unlike, and private key + * operations are customarily performed on blinded message. Which means + * that attacker won't observe correlation with chosen plaintext. + * Secondly, remaining code would still handle it in same computational + * time and even conceal memory access pattern around corrected top. + */ + bn_correct_top(r0); ret = 1; err: BN_CTX_end(ctx); @@ -786,5 +844,3 @@ static int rsa_ossl_finish(RSA *rsa) BN_MONT_CTX_free(rsa->_method_mod_q); return (1); } - -#endif diff --git a/vendor/openssl/crypto/rsa/rsa_pk1.c b/vendor/openssl/crypto/rsa/rsa_pk1.c index efb16a02e..63d6c3a3b 100644 --- a/vendor/openssl/crypto/rsa/rsa_pk1.c +++ b/vendor/openssl/crypto/rsa/rsa_pk1.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -175,27 +175,30 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, if (num < 11) goto err; - em = OPENSSL_zalloc(num); - if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); - return -1; + if (flen != num) { + em = OPENSSL_zalloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; + } + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad, but if it doesn't, we do this zero-padding copy + * to avoid leaking that information. The copy still leaks some + * side-channel information, but it's impossible to have a fixed + * memory access pattern since we can't read out of the bounds of + * |from|. + */ + memcpy(em + num - flen, from, flen); + from = em; } - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel - * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. - */ - memcpy(em + num - flen, from, flen); - good = constant_time_is_zero(em[0]); - good &= constant_time_eq(em[1], 2); + good = constant_time_is_zero(from[0]); + good &= constant_time_eq(from[1], 2); found_zero_byte = 0; for (i = 2; i < num; i++) { - unsigned int equals0 = constant_time_is_zero(em[i]); + unsigned int equals0 = constant_time_is_zero(from[i]); zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index); @@ -203,7 +206,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, } /* - * PS must be at least 8 bytes long, and it starts two bytes into |em|. + * PS must be at least 8 bytes long, and it starts two bytes into |from|. * If we never found a 0-byte, then |zero_index| is 0 and the check * also fails. */ @@ -226,18 +229,16 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, * We can't continue in constant-time because we need to copy the result * and we cannot fake its length. This unavoidably leaks timing * information at the API boundary. - * TODO(emilia): this could be addressed at the call site, - * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26. */ if (!good) { mlen = -1; goto err; } - memcpy(to, em + msg_index, mlen); + memcpy(to, from + msg_index, mlen); err: - OPENSSL_free(em); + OPENSSL_clear_free(em, num); if (mlen == -1) RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); diff --git a/vendor/openssl/crypto/rsa/rsa_pss.c b/vendor/openssl/crypto/rsa/rsa_pss.c index 2aebbe960..4a1e599ed 100644 --- a/vendor/openssl/crypto/rsa/rsa_pss.c +++ b/vendor/openssl/crypto/rsa/rsa_pss.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -111,7 +111,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, goto err; } if (!EVP_DigestInit_ex(ctx, Hash, NULL) - || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes)) || !EVP_DigestUpdate(ctx, mHash, hLen)) goto err; if (maskedDBLen - i) { @@ -207,7 +207,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, if (ctx == NULL) goto err; if (!EVP_DigestInit_ex(ctx, Hash, NULL) - || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes)) || !EVP_DigestUpdate(ctx, mHash, hLen)) goto err; if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) @@ -242,7 +242,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, err: EVP_MD_CTX_free(ctx); - OPENSSL_free(salt); + OPENSSL_clear_free(salt, sLen); return ret; diff --git a/vendor/openssl/crypto/rsa/rsa_ssl.c b/vendor/openssl/crypto/rsa/rsa_ssl.c index 9ef6b80ea..77b28b46f 100644 --- a/vendor/openssl/crypto/rsa/rsa_ssl.c +++ b/vendor/openssl/crypto/rsa/rsa_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,6 +63,14 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return (-1); } + /* Accept even zero-padded input */ + if (flen == num) { + if (*(p++) != 0) { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); + return -1; + } + flen--; + } if ((num != (flen + 1)) || (*(p++) != 02)) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); return (-1); diff --git a/vendor/openssl/crypto/rsa/rsa_x931g.c b/vendor/openssl/crypto/rsa/rsa_x931g.c index 9dd993fbc..877ee2219 100644 --- a/vendor/openssl/crypto/rsa/rsa_x931g.c +++ b/vendor/openssl/crypto/rsa/rsa_x931g.c @@ -153,6 +153,8 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_CTX_start(ctx); Xp = BN_CTX_get(ctx); Xq = BN_CTX_get(ctx); + if (Xq == NULL) + goto error; if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) goto error; diff --git a/vendor/openssl/crypto/s390xcap.c b/vendor/openssl/crypto/s390xcap.c index 675f2ecb9..272c55174 100644 --- a/vendor/openssl/crypto/s390xcap.c +++ b/vendor/openssl/crypto/s390xcap.c @@ -13,7 +13,7 @@ #include #include -extern unsigned long OPENSSL_s390xcap_P[]; +unsigned long long OPENSSL_s390xcap_P[10]; static sigjmp_buf ill_jmp; static void ill_handler(int sig) diff --git a/vendor/openssl/crypto/s390xcpuid.S b/vendor/openssl/crypto/s390xcpuid.S index 8859e9e64..fc141d927 100644 --- a/vendor/openssl/crypto/s390xcpuid.S +++ b/vendor/openssl/crypto/s390xcpuid.S @@ -176,5 +176,3 @@ OPENSSL_instrument_bus2: .section .init brasl %r14,OPENSSL_cpuid_setup - -.comm OPENSSL_s390xcap_P,80,8 diff --git a/vendor/openssl/crypto/sha/asm/sha1-586.pl b/vendor/openssl/crypto/sha/asm/sha1-586.pl index 5adca2340..cf34b2c29 100644 --- a/vendor/openssl/crypto/sha/asm/sha1-586.pl +++ b/vendor/openssl/crypto/sha/asm/sha1-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -141,7 +141,7 @@ `ml 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && +$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $shaext=$xmm; ### set to zero if compiling for 1.0.1 diff --git a/vendor/openssl/crypto/sha/asm/sha1-s390x.pl b/vendor/openssl/crypto/sha/asm/sha1-s390x.pl index b19606c5c..79df1ffda 100644 --- a/vendor/openssl/crypto/sha/asm/sha1-s390x.pl +++ b/vendor/openssl/crypto/sha/asm/sha1-s390x.pl @@ -172,9 +172,6 @@ sub BODY_40_59 { ___ $code.=<<___ if ($kimdfunc); larl %r1,OPENSSL_s390xcap_P - lg %r0,0(%r1) - tmhl %r0,0x4000 # check for message-security assist - jz .Lsoftware lg %r0,16(%r1) # check kimd capabilities tmhh %r0,`0x8000>>$kimdfunc` jz .Lsoftware @@ -242,7 +239,6 @@ sub BODY_40_59 { br %r14 .size sha1_block_data_order,.-sha1_block_data_order .string "SHA1 block transform for s390x, CRYPTOGAMS by " -.comm OPENSSL_s390xcap_P,80,8 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/vendor/openssl/crypto/sha/asm/sha256-586.pl b/vendor/openssl/crypto/sha/asm/sha256-586.pl index 6af1d84be..72ee0c7b8 100644 --- a/vendor/openssl/crypto/sha/asm/sha256-586.pl +++ b/vendor/openssl/crypto/sha/asm/sha256-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -93,7 +93,7 @@ $avx = ($1>=10) + ($1>=11); } -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/vendor/openssl/crypto/sha/asm/sha256-armv4.pl b/vendor/openssl/crypto/sha/asm/sha256-armv4.pl index 55d30cba3..edcfc3127 100644 --- a/vendor/openssl/crypto/sha/asm/sha256-armv4.pl +++ b/vendor/openssl/crypto/sha/asm/sha256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -254,7 +254,7 @@ sub BODY_16_XX { $code.=".Lrounds_16_xx:\n"; for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } $code.=<<___; -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ ite eq @ Thumb2 thing, sanity check in ARM #endif ldreq $t3,[sp,#16*4] @ pull ctx diff --git a/vendor/openssl/crypto/sha/asm/sha512-armv4.pl b/vendor/openssl/crypto/sha/asm/sha512-armv4.pl index 22b5a9d0b..0b4c5674d 100644 --- a/vendor/openssl/crypto/sha/asm/sha512-armv4.pl +++ b/vendor/openssl/crypto/sha/asm/sha512-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -157,7 +157,7 @@ () teq $t0,#$magic ldr $t3,[sp,#$Coff+0] @ c.lo -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ it eq @ Thumb2 thing, sanity check in ARM #endif orreq $Ktbl,$Ktbl,#1 @@ -411,7 +411,7 @@ () ___ &BODY_00_15(0x17); $code.=<<___; -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ ittt eq @ Thumb2 thing, sanity check in ARM #endif ldreq $t0,[sp,#`$Xoff+8*(16-1)`+0] diff --git a/vendor/openssl/crypto/sha/asm/sha512-s390x.pl b/vendor/openssl/crypto/sha/asm/sha512-s390x.pl index 582d393ce..427d6f825 100644 --- a/vendor/openssl/crypto/sha/asm/sha512-s390x.pl +++ b/vendor/openssl/crypto/sha/asm/sha512-s390x.pl @@ -244,9 +244,6 @@ sub BODY_16_XX { ___ $code.=<<___ if ($kimdfunc); larl %r1,OPENSSL_s390xcap_P - lg %r0,0(%r1) - tmhl %r0,0x4000 # check for message-security assist - jz .Lsoftware lg %r0,16(%r1) # check kimd capabilities tmhh %r0,`0x8000>>$kimdfunc` jz .Lsoftware @@ -315,7 +312,6 @@ sub BODY_16_XX { br %r14 .size $Func,.-$Func .string "SHA${label} block transform for s390x, CRYPTOGAMS by " -.comm OPENSSL_s390xcap_P,80,8 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/vendor/openssl/crypto/threads_win.c b/vendor/openssl/crypto/threads_win.c index 4e0de908e..27334e13f 100644 --- a/vendor/openssl/crypto/threads_win.c +++ b/vendor/openssl/crypto/threads_win.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,7 +98,26 @@ int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) { - return TlsGetValue(*key); + DWORD last_error; + void *ret; + + /* + * TlsGetValue clears the last error even on success, so that callers may + * distinguish it successfully returning NULL or failing. It is documented + * to never fail if the argument is a valid index from TlsAlloc, so we do + * not need to handle this. + * + * However, this error-mangling behavior interferes with the caller's use of + * GetLastError. In particular SSL_get_error queries the error queue to + * determine whether the caller should look at the OS's errors. To avoid + * destroying state, save and restore the Windows error. + * + * https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx + */ + last_error = GetLastError(); + ret = TlsGetValue(*key); + SetLastError(last_error); + return ret; } int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) diff --git a/vendor/openssl/crypto/ts/ts_lib.c b/vendor/openssl/crypto/ts/ts_lib.c index de36e0e08..ce2e12c59 100644 --- a/vendor/openssl/crypto/ts/ts_lib.c +++ b/vendor/openssl/crypto/ts/ts_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,10 +22,9 @@ int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) int result = 0; char *hex; - num_bn = BN_new(); + num_bn = ASN1_INTEGER_to_BN(num, NULL); if (num_bn == NULL) return -1; - ASN1_INTEGER_to_BN(num, num_bn); if ((hex = BN_bn2hex(num_bn))) { result = BIO_write(bio, "0x", 2) > 0; result = result && BIO_write(bio, hex, strlen(hex)) > 0; diff --git a/vendor/openssl/crypto/ts/ts_rsp_sign.c b/vendor/openssl/crypto/ts/ts_rsp_sign.c index aea7b922a..0d714a71b 100644 --- a/vendor/openssl/crypto/ts/ts_rsp_sign.c +++ b/vendor/openssl/crypto/ts/ts_rsp_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include #include #include +#include #include "ts_lcl.h" static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); @@ -840,7 +841,7 @@ static ASN1_GENERALIZEDTIME long sec, long usec, unsigned precision) { time_t time_sec = (time_t)sec; - struct tm *tm = NULL; + struct tm *tm = NULL, tm_result; char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; char *p = genTime_str; char *p_end = genTime_str + sizeof(genTime_str); @@ -848,7 +849,7 @@ static ASN1_GENERALIZEDTIME if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) goto err; - if ((tm = gmtime(&time_sec)) == NULL) + if ((tm = OPENSSL_gmtime(&time_sec, &tm_result)) == NULL) goto err; /* diff --git a/vendor/openssl/crypto/ui/ui_lib.c b/vendor/openssl/crypto/ui/ui_lib.c index c06baa055..464dac423 100644 --- a/vendor/openssl/crypto/ui/ui_lib.c +++ b/vendor/openssl/crypto/ui/ui_lib.c @@ -15,8 +15,6 @@ #include #include "ui_locl.h" -static const UI_METHOD *default_UI_meth = NULL; - UI *UI_new(void) { return (UI_new_method(NULL)); @@ -481,6 +479,8 @@ int UI_process(UI *ui) } } } + + state = NULL; err: if (ui->meth->ui_close_session != NULL && ui->meth->ui_close_session(ui) <= 0) { @@ -531,19 +531,6 @@ void *UI_get_ex_data(UI *r, int idx) return (CRYPTO_get_ex_data(&r->ex_data, idx)); } -void UI_set_default_method(const UI_METHOD *meth) -{ - default_UI_meth = meth; -} - -const UI_METHOD *UI_get_default_method(void) -{ - if (default_UI_meth == NULL) { - default_UI_meth = UI_OpenSSL(); - } - return default_UI_meth; -} - const UI_METHOD *UI_get_method(UI *ui) { return ui->meth; diff --git a/vendor/openssl/crypto/ui/ui_openssl.c b/vendor/openssl/crypto/ui/ui_openssl.c index ed0bfa0b3..a25934ccd 100644 --- a/vendor/openssl/crypto/ui/ui_openssl.c +++ b/vendor/openssl/crypto/ui/ui_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -202,6 +202,18 @@ static UI_METHOD ui_openssl = { NULL }; +static const UI_METHOD *default_UI_meth = &ui_openssl; + +void UI_set_default_method(const UI_METHOD *meth) +{ + default_UI_meth = meth; +} + +const UI_METHOD *UI_get_default_method(void) +{ + return default_UI_meth; +} + /* The method with all the built-in thingies */ UI_METHOD *UI_OpenSSL(void) { @@ -424,6 +436,24 @@ static int open_console(UI *ui) is_a_tty = 0; else # endif +# ifdef ENXIO + /* + * Solaris can return ENXIO. + * This should be ok + */ + if (errno == ENXIO) + is_a_tty = 0; + else +# endif +# ifdef EIO + /* + * Linux can return EIO. + * This should be ok + */ + if (errno == EIO) + is_a_tty = 0; + else +# endif # ifdef ENODEV /* * MacOS X returns ENODEV (Operation not supported by device), @@ -512,17 +542,13 @@ static int echo_console(UI *ui) { #if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); - tty_new.TTY_FLAGS |= ECHO; -#endif - -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) return 0; #endif #ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] & ~TT$M_NOECHO; + tty_new[1] = tty_orig[1]; tty_new[2] = tty_orig[2]; status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0, 0); @@ -543,7 +569,6 @@ static int echo_console(UI *ui) #if defined(_WIN32) && !defined(_WIN32_WCE) if (is_a_tty) { tty_new = tty_orig; - tty_new |= ENABLE_ECHO_INPUT; SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); } #endif diff --git a/vendor/openssl/crypto/whrlpool/wp_dgst.c b/vendor/openssl/crypto/whrlpool/wp_dgst.c index ed064244f..6d925517a 100644 --- a/vendor/openssl/crypto/whrlpool/wp_dgst.c +++ b/vendor/openssl/crypto/whrlpool/wp_dgst.c @@ -174,7 +174,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits) goto reconsider; } else #endif - if (bits >= 8) { + if (bits > 8) { b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap))); b &= 0xff; if (bitrem) @@ -191,7 +191,7 @@ void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits) } if (bitrem) c->data[byteoff] = b << (8 - bitrem); - } else { /* remaining less than 8 bits */ + } else { /* remaining less than or equal to 8 bits */ b = (inp[0] << inpgap) & 0xff; if (bitrem) diff --git a/vendor/openssl/crypto/x509/build.info b/vendor/openssl/crypto/x509/build.info index 7fc4b4504..afd0b6134 100644 --- a/vendor/openssl/crypto/x509/build.info +++ b/vendor/openssl/crypto/x509/build.info @@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\ x509_obj.c x509_req.c x509spki.c x509_vfy.c \ x509_set.c x509cset.c x509rset.c x509_err.c \ x509name.c x509_v3.c x509_ext.c x509_att.c \ - x509type.c x509_lu.c x_all.c x509_txt.c \ + x509type.c x509_meth.c x509_lu.c x_all.c x509_txt.c \ x509_trs.c by_file.c by_dir.c x509_vpm.c \ x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \ x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c diff --git a/vendor/openssl/crypto/x509/by_dir.c b/vendor/openssl/crypto/x509/by_dir.c index f3a1f0542..4fa1dd37b 100644 --- a/vendor/openssl/crypto/x509/by_dir.c +++ b/vendor/openssl/crypto/x509/by_dir.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,12 +10,10 @@ #include #include #include +#include #include "internal/cryptlib.h" -#ifndef NO_SYS_TYPES_H -# include -#endif #ifndef OPENSSL_NO_POSIX_IO # include #endif @@ -80,7 +78,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, switch (cmd) { case X509_L_ADD_DIR: if (argl == X509_FILETYPE_DEFAULT) { - dir = (char *)getenv(X509_get_default_cert_dir_env()); + dir = (char *)ossl_safe_getenv(X509_get_default_cert_dir_env()); + if (dir) ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); else @@ -113,7 +112,7 @@ static int new_dir(X509_LOOKUP *lu) OPENSSL_free(a); return 0; } - lu->method_data = (char *)a; + lu->method_data = a; return 1; } diff --git a/vendor/openssl/crypto/x509/by_file.c b/vendor/openssl/crypto/x509/by_file.c index 4376bed83..77a7c4a2a 100644 --- a/vendor/openssl/crypto/x509/by_file.c +++ b/vendor/openssl/crypto/x509/by_file.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,12 +42,12 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, char **ret) { int ok = 0; - char *file; + const char *file; switch (cmd) { case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { - file = (char *)getenv(X509_get_default_cert_file_env()); + file = ossl_safe_getenv(X509_get_default_cert_file_env()); if (file) ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0); @@ -90,7 +90,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_AUX(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -147,7 +147,7 @@ int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) if (type == X509_FILETYPE_PEM) { for (;;) { - x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); + x = PEM_read_bio_X509_CRL(in, NULL, NULL, ""); if (x == NULL) { if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { @@ -199,7 +199,7 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); return 0; } - inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); + inf = PEM_X509_INFO_read_bio(in, NULL, NULL, ""); BIO_free(in); if (!inf) { X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); diff --git a/vendor/openssl/crypto/x509/t_x509.c b/vendor/openssl/crypto/x509/t_x509.c index eb65d8873..c7ced67f8 100644 --- a/vendor/openssl/crypto/x509/t_x509.c +++ b/vendor/openssl/crypto/x509/t_x509.c @@ -340,7 +340,7 @@ int X509_aux_print(BIO *out, X509 *x, int indent) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, sizeof oidstr, + OBJ_obj2txt(oidstr, sizeof(oidstr), sk_ASN1_OBJECT_value(trust, i), 0); BIO_puts(out, oidstr); } @@ -355,7 +355,7 @@ int X509_aux_print(BIO *out, X509 *x, int indent) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, sizeof oidstr, + OBJ_obj2txt(oidstr, sizeof(oidstr), sk_ASN1_OBJECT_value(reject, i), 0); BIO_puts(out, oidstr); } diff --git a/vendor/openssl/crypto/x509/x509_cmp.c b/vendor/openssl/crypto/x509/x509_cmp.c index 01056356c..49b0368df 100644 --- a/vendor/openssl/crypto/x509/x509_cmp.c +++ b/vendor/openssl/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -174,7 +174,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) ret = a->canon_enclen - b->canon_enclen; - if (ret) + if (ret != 0 || a->canon_enclen == 0) return ret; return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); diff --git a/vendor/openssl/crypto/x509/x509_err.c b/vendor/openssl/crypto/x509/x509_err.c index 3f4b8ef0b..9f91188a7 100644 --- a/vendor/openssl/crypto/x509/x509_err.c +++ b/vendor/openssl/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -51,6 +51,7 @@ static ERR_STRING_DATA X509_str_functs[] = { {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, + {ERR_FUNC(X509_F_X509_LOOKUP_METH_NEW), "X509_LOOKUP_meth_new"}, {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, diff --git a/vendor/openssl/crypto/x509/x509_lcl.h b/vendor/openssl/crypto/x509/x509_lcl.h index 40bd102f7..8a47da4fe 100644 --- a/vendor/openssl/crypto/x509/x509_lcl.h +++ b/vendor/openssl/crypto/x509/x509_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,7 +67,7 @@ struct x509_crl_method_st { }; struct x509_lookup_method_st { - const char *name; + char *name; int (*new_item) (X509_LOOKUP *ctx); void (*free) (X509_LOOKUP *ctx); int (*init) (X509_LOOKUP *ctx); @@ -91,7 +91,7 @@ struct x509_lookup_st { int init; /* have we been started */ int skip; /* don't use us. */ X509_LOOKUP_METHOD *method; /* the functions */ - char *method_data; /* method data */ + void *method_data; /* method data */ X509_STORE *store_ctx; /* who owns us */ }; diff --git a/vendor/openssl/crypto/x509/x509_lu.c b/vendor/openssl/crypto/x509/x509_lu.c index 90f23520f..e5bea5b27 100644 --- a/vendor/openssl/crypto/x509/x509_lu.c +++ b/vendor/openssl/crypto/x509/x509_lu.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -117,6 +117,23 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, return ctx->method->get_by_alias(ctx, type, str, len, ret); } +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data) +{ + ctx->method_data = data; + return 1; +} + +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx) +{ + return ctx->method_data; +} + +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx) +{ + return ctx->store_ctx; +} + + static int x509_object_cmp(const X509_OBJECT *const *a, const X509_OBJECT *const *b) { @@ -265,6 +282,9 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, X509_OBJECT stmp, *tmp; int i, j; + if (ctx == NULL) + return 0; + CRYPTO_THREAD_write_lock(ctx->lock); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_THREAD_unlock(ctx->lock); @@ -290,26 +310,30 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, return 1; } -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) +static int x509_store_add(X509_STORE *ctx, void *x, int crl) { X509_OBJECT *obj; - int ret = 1, added = 1; + int ret = 0, added = 0; if (x == NULL) return 0; obj = X509_OBJECT_new(); if (obj == NULL) return 0; - obj->type = X509_LU_X509; - obj->data.x509 = x; + + if (crl) { + obj->type = X509_LU_CRL; + obj->data.crl = (X509_CRL *)x; + } else { + obj->type = X509_LU_X509; + obj->data.x509 = (X509 *)x; + } X509_OBJECT_up_ref_count(obj); CRYPTO_THREAD_write_lock(ctx->lock); if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { - X509err(X509_F_X509_STORE_ADD_CERT, - X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret = 0; + ret = 1; } else { added = sk_X509_OBJECT_push(ctx->objs, obj); ret = added != 0; @@ -317,46 +341,28 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) CRYPTO_THREAD_unlock(ctx->lock); - if (!ret) /* obj not pushed */ + if (added == 0) /* obj not pushed */ X509_OBJECT_free(obj); - if (!added) /* on push failure */ - X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); return ret; } -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) { - X509_OBJECT *obj; - int ret = 1, added = 1; - - if (x == NULL) - return 0; - obj = X509_OBJECT_new(); - if (obj == NULL) + if (!x509_store_add(ctx, x, 0)) { + X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); return 0; - obj->type = X509_LU_CRL; - obj->data.crl = x; - X509_OBJECT_up_ref_count(obj); - - CRYPTO_THREAD_write_lock(ctx->lock); - - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { - X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret = 0; - } else { - added = sk_X509_OBJECT_push(ctx->objs, obj); - ret = added != 0; } + return 1; +} - CRYPTO_THREAD_unlock(ctx->lock); - - if (!ret) /* obj not pushed */ - X509_OBJECT_free(obj); - if (!added) /* on push failure */ +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) +{ + if (!x509_store_add(ctx, x, 1)) { X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); - - return ret; + return 0; + } + return 1; } int X509_OBJECT_up_ref_count(X509_OBJECT *a) @@ -403,8 +409,7 @@ X509_OBJECT *X509_OBJECT_new() return ret; } - -void X509_OBJECT_free(X509_OBJECT *a) +static void x509_object_free_internal(X509_OBJECT *a) { if (a == NULL) return; @@ -418,6 +423,33 @@ void X509_OBJECT_free(X509_OBJECT *a) X509_CRL_free(a->data.crl); break; } +} + +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj) +{ + if (a == NULL || !X509_up_ref(obj)) + return 0; + + x509_object_free_internal(a); + a->type = X509_LU_X509; + a->data.x509 = obj; + return 1; +} + +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj) +{ + if (a == NULL || !X509_CRL_up_ref(obj)) + return 0; + + x509_object_free_internal(a); + a->type = X509_LU_CRL; + a->data.crl = obj; + return 1; +} + +void X509_OBJECT_free(X509_OBJECT *a) +{ + x509_object_free_internal(a); OPENSSL_free(a); } @@ -489,6 +521,9 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) X509 *x; X509_OBJECT *obj; + if (ctx->ctx == NULL) + return NULL; + CRYPTO_THREAD_write_lock(ctx->ctx->lock); idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { @@ -538,8 +573,10 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) X509_OBJECT *obj, *xobj = X509_OBJECT_new(); /* Always do lookup to possibly add new CRLs to cache */ - if (sk == NULL || xobj == NULL || - !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { + if (sk == NULL + || xobj == NULL + || ctx->ctx == NULL + || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { X509_OBJECT_free(xobj); sk_X509_CRL_free(sk); return NULL; @@ -633,6 +670,9 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } X509_OBJECT_free(obj); + if (ctx->ctx == NULL) + return 0; + /* Else find index of first cert accepted by 'check_issued' */ ret = 0; CRYPTO_THREAD_write_lock(ctx->ctx->lock); diff --git a/vendor/openssl/crypto/x509/x509_meth.c b/vendor/openssl/crypto/x509/x509_meth.c new file mode 100644 index 000000000..9dc587a09 --- /dev/null +++ b/vendor/openssl/crypto/x509/x509_meth.c @@ -0,0 +1,166 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "internal/cryptlib.h" +#include +#include +#include +#include "x509_lcl.h" + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name) +{ + X509_LOOKUP_METHOD *method = OPENSSL_zalloc(sizeof(X509_LOOKUP_METHOD)); + + if (method != NULL) { + method->name = OPENSSL_strdup(name); + if (method->name == NULL) { + X509err(X509_F_X509_LOOKUP_METH_NEW, ERR_R_MALLOC_FAILURE); + goto err; + } + } + + return method; + +err: + OPENSSL_free(method); + return NULL; +} + +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method) +{ + if (method != NULL) + OPENSSL_free(method->name); + OPENSSL_free(method); +} + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)) +{ + method->new_item = new_item; + return 1; +} + +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->new_item; +} + +int X509_LOOKUP_meth_set_free( + X509_LOOKUP_METHOD *method, + void (*free_fn) (X509_LOOKUP *ctx)) +{ + method->free = free_fn; + return 1; +} + +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->free; +} + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)) +{ + method->init = init; + return 1; +} + +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->init; +} + +int X509_LOOKUP_meth_set_shutdown( + X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)) +{ + method->shutdown = shutdown; + return 1; +} + +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->shutdown; +} + +int X509_LOOKUP_meth_set_ctrl( + X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl) +{ + method->ctrl = ctrl; + return 1; +} + +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method) +{ + return method->ctrl; +} + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn get_by_subject) +{ + method->get_by_subject = get_by_subject; + return 1; +} + +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_subject; +} + + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn get_by_issuer_serial) +{ + method->get_by_issuer_serial = get_by_issuer_serial; + return 1; +} + +X509_LOOKUP_get_by_issuer_serial_fn + X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method) +{ + return method->get_by_issuer_serial; +} + + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn get_by_fingerprint) +{ + method->get_by_fingerprint = get_by_fingerprint; + return 1; +} + +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_fingerprint; +} + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn get_by_alias) +{ + method->get_by_alias = get_by_alias; + return 1; +} + +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_alias; +} + diff --git a/vendor/openssl/crypto/x509/x509_v3.c b/vendor/openssl/crypto/x509/x509_v3.c index 213e762f9..19016bb1e 100644 --- a/vendor/openssl/crypto/x509/x509_v3.c +++ b/vendor/openssl/crypto/x509/x509_v3.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -128,7 +128,8 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE); err2: X509_EXTENSION_free(new_ex); - sk_X509_EXTENSION_free(sk); + if (x != NULL && *x == NULL) + sk_X509_EXTENSION_free(sk); return (NULL); } diff --git a/vendor/openssl/crypto/x509/x509_vfy.c b/vendor/openssl/crypto/x509/x509_vfy.c index ebc442400..ba186d30b 100644 --- a/vendor/openssl/crypto/x509/x509_vfy.c +++ b/vendor/openssl/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include #include @@ -216,7 +217,6 @@ static int verify_chain(X509_STORE_CTX *ctx) if ((ok = build_chain(ctx)) == 0 || (ok = check_chain_extensions(ctx)) == 0 || (ok = check_auth_level(ctx)) == 0 || - (ok = check_name_constraints(ctx)) == 0 || (ok = check_id(ctx)) == 0 || 1) X509_get_pubkey_parameters(NULL, ctx->chain); if (ok == 0 || (ok = ctx->check_revocation(ctx)) == 0) @@ -234,6 +234,9 @@ static int verify_chain(X509_STORE_CTX *ctx) if (!ok) return ok; + if ((ok = check_name_constraints(ctx)) == 0) + return ok; + #ifndef OPENSSL_NO_RFC3779 /* RFC 3779 path validation, now that CRL check has been done */ if ((ok = X509v3_asid_validate_path(ctx)) == 0) @@ -512,15 +515,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) /* check_purpose() makes the callback as needed */ if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca)) return 0; - /* Check pathlen if not self issued */ - if ((i > 1) && !(x->ex_flags & EXFLAG_SI) - && (x->ex_pathlen != -1) - && (plen > (x->ex_pathlen + proxy_path_length + 1))) { + /* Check pathlen */ + if ((i > 1) && (x->ex_pathlen != -1) + && (plen > (x->ex_pathlen + proxy_path_length))) { if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED)) return 0; } - /* Increment path length if not self issued */ - if (!(x->ex_flags & EXFLAG_SI)) + /* Increment path length if not a self issued intermediate CA */ + if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0) plen++; /* * If this certificate is a proxy certificate, the next certificate @@ -555,6 +557,27 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) return 1; } +static int has_san_id(X509 *x, int gtype) +{ + int i; + int ret = 0; + GENERAL_NAMES *gs = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + + if (gs == NULL) + return 0; + + for (i = 0; i < sk_GENERAL_NAME_num(gs); i++) { + GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i); + + if (g->type == gtype) { + ret = 1; + break; + } + } + GENERAL_NAMES_free(gs); + return ret; +} + static int check_name_constraints(X509_STORE_CTX *ctx) { int i; @@ -653,7 +676,12 @@ static int check_name_constraints(X509_STORE_CTX *ctx) int rv = NAME_CONSTRAINTS_check(x, nc); /* If EE certificate check commonName too */ - if (rv == X509_V_OK && i == 0) + if (rv == X509_V_OK && i == 0 + && (ctx->param->hostflags + & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) == 0 + && ((ctx->param->hostflags + & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) != 0 + || !has_san_id(x, GEN_DNS))) rv = NAME_CONSTRAINTS_check_CN(x, nc); switch (rv) { @@ -1754,119 +1782,67 @@ int X509_cmp_current_time(const ASN1_TIME *ctm) int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) { - char *str; - ASN1_TIME atm; - long offset; - char buff1[24], buff2[24], *p; - int i, j, remaining; + static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1; + static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1; + ASN1_TIME *asn1_cmp_time = NULL; + int i, day, sec, ret = 0; - p = buff1; - remaining = ctm->length; - str = (char *)ctm->data; /* - * Note that the following (historical) code allows much more slack in the - * time format than RFC5280. In RFC5280, the representation is fixed: + * Note that ASN.1 allows much more slack in the time format than RFC5280. + * In RFC5280, the representation is fixed: * UTCTime: YYMMDDHHMMSSZ * GeneralizedTime: YYYYMMDDHHMMSSZ + * + * We do NOT currently enforce the following RFC 5280 requirement: + * "CAs conforming to this profile MUST always encode certificate + * validity dates through the year 2049 as UTCTime; certificate validity + * dates in 2050 or later MUST be encoded as GeneralizedTime." */ - if (ctm->type == V_ASN1_UTCTIME) { - /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ - int min_length = sizeof("YYMMDDHHMMZ") - 1; - int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; - if (remaining < min_length || remaining > max_length) + switch (ctm->type) { + case V_ASN1_UTCTIME: + if (ctm->length != (int)(utctime_length)) return 0; - memcpy(p, str, 10); - p += 10; - str += 10; - remaining -= 10; - } else { - /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ - int min_length = sizeof("YYYYMMDDHHMMZ") - 1; - int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; - if (remaining < min_length || remaining > max_length) + break; + case V_ASN1_GENERALIZEDTIME: + if (ctm->length != (int)(generalizedtime_length)) return 0; - memcpy(p, str, 12); - p += 12; - str += 12; - remaining -= 12; + break; + default: + return 0; } - if ((*str == 'Z') || (*str == '-') || (*str == '+')) { - *(p++) = '0'; - *(p++) = '0'; - } else { - /* SS (seconds) */ - if (remaining < 2) + /** + * Verify the format: the ASN.1 functions we use below allow a more + * flexible format than what's mandated by RFC 5280. + * Digit and date ranges will be verified in the conversion methods. + */ + for (i = 0; i < ctm->length - 1; i++) { + if (!isdigit(ctm->data[i])) return 0; - *(p++) = *(str++); - *(p++) = *(str++); - remaining -= 2; - /* - * Skip any (up to three) fractional seconds... - * TODO(emilia): in RFC5280, fractional seconds are forbidden. - * Can we just kill them altogether? - */ - if (remaining && *str == '.') { - str++; - remaining--; - for (i = 0; i < 3 && remaining; i++, str++, remaining--) { - if (*str < '0' || *str > '9') - break; - } - } - } - *(p++) = 'Z'; - *(p++) = '\0'; - - /* We now need either a terminating 'Z' or an offset. */ - if (!remaining) + if (ctm->data[ctm->length - 1] != 'Z') return 0; - if (*str == 'Z') { - if (remaining != 1) - return 0; - offset = 0; - } else { - /* (+-)HHMM */ - if ((*str != '+') && (*str != '-')) - return 0; - /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ - if (remaining != 5) - return 0; - if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || - str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') - return 0; - offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; - offset += (str[3] - '0') * 10 + (str[4] - '0'); - if (*str == '-') - offset = -offset; - } - atm.type = ctm->type; - atm.flags = 0; - atm.length = sizeof(buff2); - atm.data = (unsigned char *)buff2; - if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) - return 0; + /* + * There is ASN1_UTCTIME_cmp_time_t but no + * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t, + * so we go through ASN.1 + */ + asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time); + if (asn1_cmp_time == NULL) + goto err; + if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time)) + goto err; - if (ctm->type == V_ASN1_UTCTIME) { - i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); - if (i < 50) - i += 100; /* cf. RFC 2459 */ - j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); - if (j < 50) - j += 100; - - if (i < j) - return -1; - if (i > j) - return 1; - } - i = strcmp(buff1, buff2); - if (i == 0) /* wait a second then return younger :-) */ - return -1; - else - return i; + /* + * X509_cmp_time comparison is <=. + * The return value 0 is reserved for errors. + */ + ret = (day >= 0 && sec >= 0) ? -1 : 1; + + err: + ASN1_TIME_free(asn1_cmp_time); + return ret; } ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) @@ -3262,6 +3238,10 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) if (level > NUM_AUTH_LEVELS) level = NUM_AUTH_LEVELS; + /* We are not able to look up the CA MD for RSA PSS in this version */ + if (nid == NID_rsassaPss) + return 1; + /* Lookup signature algorithm digest */ if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) { const EVP_MD *md; diff --git a/vendor/openssl/crypto/x509/x509_vpm.c b/vendor/openssl/crypto/x509/x509_vpm.c index b5067220a..9bc4c6110 100644 --- a/vendor/openssl/crypto/x509/x509_vpm.c +++ b/vendor/openssl/crypto/x509/x509_vpm.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -412,6 +412,11 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, param->hostflags = flags; } +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param) +{ + return param->hostflags; +} + char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) { return param->peername; diff --git a/vendor/openssl/crypto/x509/x509name.c b/vendor/openssl/crypto/x509/x509name.c index f87dc7db9..81dce376f 100644 --- a/vendor/openssl/crypto/x509/x509name.c +++ b/vendor/openssl/crypto/x509/x509name.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -191,7 +191,7 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, loc = n; else if (loc < 0) loc = n; - + inc = (set == 0); name->modified = 1; if (set == -1) { @@ -200,7 +200,6 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, inc = 1; } else { set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; - inc = 0; } } else { /* if (set >= 0) */ @@ -211,12 +210,11 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, set = 0; } else set = sk_X509_NAME_ENTRY_value(sk, loc)->set; - inc = (set == 0) ? 1 : 0; } /* * X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily - * const'ified; harmless cast as dup() don't modify its input. + * const'ified; harmless cast since dup() don't modify its input. */ if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL) goto err; @@ -228,7 +226,7 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, if (inc) { n = sk_X509_NAME_ENTRY_num(sk); for (i = loc + 1; i < n; i++) - sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1; + sk_X509_NAME_ENTRY_value(sk, i)->set += 1; } return (1); err: diff --git a/vendor/openssl/crypto/x509/x_name.c b/vendor/openssl/crypto/x509/x_name.c index 97d735f8f..1a33dc1da 100644 --- a/vendor/openssl/crypto/x509/x_name.c +++ b/vendor/openssl/crypto/x509/x_name.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -472,19 +472,13 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { - X509_NAME *in; - - if (!xn || !name) - return (0); - - if (*xn != name) { - in = X509_NAME_dup(name); - if (in != NULL) { - X509_NAME_free(*xn); - *xn = in; - } - } - return (*xn != NULL); + if (*xn == name) + return *xn != NULL; + if ((name = X509_NAME_dup(name)) == NULL) + return 0; + X509_NAME_free(*xn); + *xn = name; + return 1; } int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) diff --git a/vendor/openssl/crypto/x509v3/pcy_tree.c b/vendor/openssl/crypto/x509v3/pcy_tree.c index 9f9246bea..b3d1983f9 100644 --- a/vendor/openssl/crypto/x509v3/pcy_tree.c +++ b/vendor/openssl/crypto/x509v3/pcy_tree.c @@ -638,6 +638,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, { int init_ret; int ret; + int calc_ret; X509_POLICY_TREE *tree = NULL; STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; @@ -675,11 +676,14 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, } /* Tree is not empty: continue */ - if ((ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0 || - !tree_calculate_user_set(tree, policy_oids, auth_nodes)) + + if ((calc_ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0) goto error; - if (ret == TREE_CALC_OK_DOFREE) + ret = tree_calculate_user_set(tree, policy_oids, auth_nodes); + if (calc_ret == TREE_CALC_OK_DOFREE) sk_X509_POLICY_NODE_free(auth_nodes); + if (!ret) + goto error; *ptree = tree; diff --git a/vendor/openssl/crypto/x509v3/v3_addr.c b/vendor/openssl/crypto/x509v3/v3_addr.c index ef1d775ac..c5183a179 100644 --- a/vendor/openssl/crypto/x509v3/v3_addr.c +++ b/vendor/openssl/crypto/x509v3/v3_addr.c @@ -84,10 +84,12 @@ static int length_from_afi(const unsigned afi) */ unsigned int X509v3_addr_get_afi(const IPAddressFamily *f) { - return ((f != NULL && - f->addressFamily != NULL && f->addressFamily->data != NULL) - ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1])) - : 0); + if (f == NULL + || f->addressFamily == NULL + || f->addressFamily->data == NULL + || f->addressFamily->length < 2) + return 0; + return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1]; } /* diff --git a/vendor/openssl/crypto/x509v3/v3_alt.c b/vendor/openssl/crypto/x509v3/v3_alt.c index 93f8c25c5..a35d3376b 100644 --- a/vendor/openssl/crypto/x509v3/v3_alt.c +++ b/vendor/openssl/crypto/x509v3/v3_alt.c @@ -108,12 +108,12 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, case GEN_IPADD: p = gen->d.ip->data; if (gen->d.ip->length == 4) - BIO_snprintf(oline, sizeof oline, + BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); else if (gen->d.ip->length == 16) { oline[0] = 0; for (i = 0; i < 8; i++) { - BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]); + BIO_snprintf(htmp, sizeof(htmp), "%X", p[0] << 8 | p[1]); p += 2; strcat(oline, htmp); if (i != 7) diff --git a/vendor/openssl/crypto/x509v3/v3_conf.c b/vendor/openssl/crypto/x509v3/v3_conf.c index f625ff542..3cc5b14d3 100644 --- a/vendor/openssl/crypto/x509v3/v3_conf.c +++ b/vendor/openssl/crypto/x509v3/v3_conf.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -313,8 +313,12 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, return 0; if (ctx->flags == X509V3_CTX_REPLACE) delete_ext(*sk, ext); - if (sk) - X509v3_add_ext(sk, ext, -1); + if (sk != NULL) { + if (X509v3_add_ext(sk, ext, -1) == NULL) { + X509_EXTENSION_free(ext); + return 0; + } + } X509_EXTENSION_free(ext); } return 1; diff --git a/vendor/openssl/crypto/x509v3/v3_genn.c b/vendor/openssl/crypto/x509v3/v3_genn.c index 8d1199748..85fc3fc24 100644 --- a/vendor/openssl/crypto/x509v3/v3_genn.c +++ b/vendor/openssl/crypto/x509v3/v3_genn.c @@ -181,6 +181,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, oth = OTHERNAME_new(); if (oth == NULL) return 0; + ASN1_TYPE_free(oth->value); oth->type_id = oid; oth->value = value; GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth); diff --git a/vendor/openssl/crypto/x509v3/v3_info.c b/vendor/openssl/crypto/x509v3/v3_info.c index c29c7e2af..a0bca5fb8 100644 --- a/vendor/openssl/crypto/x509v3/v3_info.c +++ b/vendor/openssl/crypto/x509v3/v3_info.c @@ -77,7 +77,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( goto err; tret = tmp; vtmp = sk_CONF_VALUE_value(tret, i); - i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); + i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); if (ntmp == NULL) diff --git a/vendor/openssl/crypto/x509v3/v3_lib.c b/vendor/openssl/crypto/x509v3/v3_lib.c index a3ca720fe..d7143086b 100644 --- a/vendor/openssl/crypto/x509v3/v3_lib.c +++ b/vendor/openssl/crypto/x509v3/v3_lib.c @@ -120,6 +120,7 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) X509V3_EXT_METHOD tmp; const X509V3_EXT_METHOD *t = &tmp, *const *ret; int idx; + if (nid < 0) return NULL; tmp.ext_nid = nid; @@ -231,6 +232,7 @@ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, { int lastpos, i; X509_EXTENSION *ex, *found_ex = NULL; + if (!x) { if (idx) *idx = -1; @@ -284,9 +286,9 @@ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags) { - int extidx = -1; - int errcode; - X509_EXTENSION *ext, *extmp; + int errcode, extidx = -1; + X509_EXTENSION *ext = NULL, *extmp; + STACK_OF(X509_EXTENSION) *ret = NULL; unsigned long ext_op = flags & X509V3_ADD_OP_MASK; /* @@ -345,14 +347,23 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, return 1; } + ret = *x; if (*x == NULL - && (*x = sk_X509_EXTENSION_new_null()) == NULL) - return -1; - if (!sk_X509_EXTENSION_push(*x, ext)) - return -1; + && (ret = sk_X509_EXTENSION_new_null()) == NULL) + goto m_fail; + if (!sk_X509_EXTENSION_push(ret, ext)) + goto m_fail; + *x = ret; return 1; + m_fail: + /* X509V3err(X509V3_F_X509V3_ADD1_I2D, ERR_R_MALLOC_FAILURE); */ + if (ret != *x) + sk_X509_EXTENSION_free(ret); + X509_EXTENSION_free(ext); + return -1; + err: if (!(flags & X509V3_ADD_SILENT)) X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); diff --git a/vendor/openssl/crypto/x509v3/v3_ncons.c b/vendor/openssl/crypto/x509v3/v3_ncons.c index 9b3bb128e..bd7301e45 100644 --- a/vendor/openssl/crypto/x509v3/v3_ncons.c +++ b/vendor/openssl/crypto/x509v3/v3_ncons.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "internal/numbers.h" #include "internal/asn1_int.h" #include #include @@ -62,6 +63,46 @@ ASN1_SEQUENCE(NAME_CONSTRAINTS) = { IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) +/* + * We cannot use strncasecmp here because that applies locale specific rules. + * For example in Turkish 'I' is not the uppercase character for 'i'. We need to + * do a simple ASCII case comparison ignoring the locale (that is why we use + * numeric constants below). + */ +static int ia5ncasecmp(const char *s1, const char *s2, size_t n) +{ + for (; n > 0; n--, s1++, s2++) { + if (*s1 != *s2) { + unsigned char c1 = (unsigned char)*s1, c2 = (unsigned char)*s2; + + /* Convert to lower case */ + if (c1 >= 0x41 /* A */ && c1 <= 0x5A /* Z */) + c1 += 0x20; + if (c2 >= 0x41 /* A */ && c2 <= 0x5A /* Z */) + c2 += 0x20; + + if (c1 == c2) + continue; + + if (c1 < c2) + return -1; + + /* c1 > c2 */ + return 1; + } else if (*s1 == 0) { + /* If we get here we know that *s2 == 0 too */ + return 0; + } + } + + return 0; +} + +static int ia5casecmp(const char *s1, const char *s2) +{ + return ia5ncasecmp(s1, s2, SIZE_MAX); +} + static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { @@ -165,6 +206,22 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) return 1; } +#define NAME_CHECK_MAX (1 << 20) + +static int add_lengths(int *out, int a, int b) +{ + /* sk_FOO_num(NULL) returns -1 but is effectively 0 when iterating. */ + if (a < 0) + a = 0; + if (b < 0) + b = 0; + + if (a > INT_MAX - b) + return 0; + *out = a + b; + return 1; +} + /*- * Check a certificate conforms to a specified set of constraints. * Return values: @@ -179,11 +236,23 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) { - int r, i; + int r, i, name_count, constraint_count; X509_NAME *nm; nm = X509_get_subject_name(x); + /* + * Guard against certificates with an excessive number of names or + * constraints causing a computationally expensive name constraints check. + */ + if (!add_lengths(&name_count, X509_NAME_entry_count(nm), + sk_GENERAL_NAME_num(x->altname)) + || !add_lengths(&constraint_count, + sk_GENERAL_SUBTREE_num(nc->permittedSubtrees), + sk_GENERAL_SUBTREE_num(nc->excludedSubtrees)) + || (name_count > 0 && constraint_count > NAME_CHECK_MAX / name_count)) + return X509_V_ERR_UNSPECIFIED; + if (X509_NAME_entry_count(nm) > 0) { GENERAL_NAME gntmp; gntmp.type = GEN_DIRNAME; @@ -228,47 +297,140 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) } +static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) +{ + int utf8_length; + unsigned char *utf8_value; + int i; + int isdnsname = 0; + + /* Don't leave outputs uninitialized */ + *dnsid = NULL; + *idlen = 0; + + /*- + * Per RFC 6125, DNS-IDs representing internationalized domain names appear + * in certificates in A-label encoded form: + * + * https://tools.ietf.org/html/rfc6125#section-6.4.2 + * + * The same applies to CNs which are intended to represent DNS names. + * However, while in the SAN DNS-IDs are IA5Strings, as CNs they may be + * needlessly encoded in 16-bit Unicode. We perform a conversion to UTF-8 + * to ensure that we get an ASCII representation of any CNs that are + * representable as ASCII, but just not encoded as ASCII. The UTF-8 form + * may contain some non-ASCII octets, and that's fine, such CNs are not + * valid legacy DNS names. + * + * Note, 'int' is the return type of ASN1_STRING_to_UTF8() so that's what + * we must use for 'utf8_length'. + */ + if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, cn)) < 0) + return X509_V_ERR_OUT_OF_MEM; + + /* + * Some certificates have had names that include a *trailing* NUL byte. + * Remove these harmless NUL characters. They would otherwise yield false + * alarms with the following embedded NUL check. + */ + while (utf8_length > 0 && utf8_value[utf8_length - 1] == '\0') + --utf8_length; + + /* Reject *embedded* NULs */ + if ((size_t)utf8_length != strlen((char *)utf8_value)) { + OPENSSL_free(utf8_value); + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + } + + /* + * XXX: Deviation from strict DNS name syntax, also check names with '_' + * Check DNS name syntax, any '-' or '.' must be internal, + * and on either side of each '.' we can't have a '-' or '.'. + * + * If the name has just one label, we don't consider it a DNS name. This + * means that "CN=sometld" cannot be precluded by DNS name constraints, but + * that is not a problem. + */ + for (i = 0; i < utf8_length; ++i) { + unsigned char c = utf8_value[i]; + + if ((c >= 'a' && c <= 'z') + || (c >= 'A' && c <= 'Z') + || (c >= '0' && c <= '9') + || c == '_') + continue; + + /* Dot and hyphen cannot be first or last. */ + if (i > 0 && i < utf8_length - 1) { + if (c == '-') + continue; + /* + * Next to a dot the preceding and following characters must not be + * another dot or a hyphen. Otherwise, record that the name is + * plausible, since it has two or more labels. + */ + if (c == '.' + && utf8_value[i + 1] != '.' + && utf8_value[i - 1] != '-' + && utf8_value[i + 1] != '-') { + isdnsname = 1; + continue; + } + } + isdnsname = 0; + break; + } + + if (isdnsname) { + *dnsid = utf8_value; + *idlen = (size_t)utf8_length; + return X509_V_OK; + } + OPENSSL_free(utf8_value); + return X509_V_OK; +} + +/* + * Check CN against DNS-ID name constraints. + */ int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) { int r, i; - X509_NAME *nm; - + X509_NAME *nm = X509_get_subject_name(x); ASN1_STRING stmp; GENERAL_NAME gntmp; + stmp.flags = 0; stmp.type = V_ASN1_IA5STRING; gntmp.type = GEN_DNS; gntmp.d.dNSName = &stmp; - nm = X509_get_subject_name(x); - /* Process any commonName attributes in subject name */ for (i = -1;;) { X509_NAME_ENTRY *ne; - ASN1_STRING *hn; + ASN1_STRING *cn; + unsigned char *idval; + size_t idlen; + i = X509_NAME_get_index_by_NID(nm, NID_commonName, i); if (i == -1) break; ne = X509_NAME_get_entry(nm, i); - hn = X509_NAME_ENTRY_get_data(ne); - /* Only process attributes that look like host names */ - if (asn1_valid_host(hn)) { - unsigned char *h; - int hlen = ASN1_STRING_to_UTF8(&h, hn); - if (hlen <= 0) - return X509_V_ERR_OUT_OF_MEM; - - stmp.length = hlen; - stmp.data = h; - - r = nc_match(&gntmp, nc); + cn = X509_NAME_ENTRY_get_data(ne); - OPENSSL_free(h); + /* Only process attributes that look like host names */ + if ((r = cn2dnsid(cn, &idval, &idlen)) != X509_V_OK) + return r; + if (idlen == 0) + continue; - if (r != X509_V_OK) - return r; - } + stmp.length = idlen; + stmp.data = idval; + r = nc_match(&gntmp, nc); + OPENSSL_free(idval); + if (r != X509_V_OK) + return r; } return X509_V_OK; } @@ -387,7 +549,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) return X509_V_ERR_PERMITTED_VIOLATION; } - if (strcasecmp(baseptr, dnsptr)) + if (ia5casecmp(baseptr, dnsptr)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -407,7 +569,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) if (!baseat && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (strcasecmp(baseptr, emlptr) == 0) + if (ia5casecmp(baseptr, emlptr) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -428,7 +590,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) } emlptr = emlat + 1; /* Just have hostname left to match: case insensitive */ - if (strcasecmp(baseptr, emlptr)) + if (ia5casecmp(baseptr, emlptr)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; @@ -467,14 +629,14 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) if (*baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; - if (strncasecmp(p, baseptr, base->length) == 0) + if (ia5ncasecmp(p, baseptr, base->length) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; } if ((base->length != (int)hostlen) - || strncasecmp(hostptr, baseptr, hostlen)) + || ia5ncasecmp(hostptr, baseptr, hostlen)) return X509_V_ERR_PERMITTED_VIOLATION; return X509_V_OK; diff --git a/vendor/openssl/crypto/x509v3/v3_purp.c b/vendor/openssl/crypto/x509v3/v3_purp.c index fa5c425ff..7ac067229 100644 --- a/vendor/openssl/crypto/x509v3/v3_purp.c +++ b/vendor/openssl/crypto/x509v3/v3_purp.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -78,11 +78,9 @@ int X509_check_purpose(X509 *x, int id, int ca) { int idx; const X509_PURPOSE *pt; - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); - x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); - } + + x509v3_cache_extensions(x); + /* Return if side-effect only call */ if (id == -1) return 1; @@ -352,10 +350,18 @@ static void x509v3_cache_extensions(X509 *x) ASN1_BIT_STRING *ns; EXTENDED_KEY_USAGE *extusage; X509_EXTENSION *ex; - int i; - if (x->ex_flags & EXFLAG_SET) + + /* fast lock-free check, see end of the function for details. */ + if (x->ex_cached) return; + + CRYPTO_THREAD_write_lock(x->lock); + if (x->ex_flags & EXFLAG_SET) { + CRYPTO_THREAD_unlock(x->lock); + return; + } + X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); /* V1 should mean no extensions ... */ if (!X509_get_version(x)) @@ -489,6 +495,13 @@ static void x509v3_cache_extensions(X509 *x) } } x->ex_flags |= EXFLAG_SET; + CRYPTO_THREAD_unlock(x->lock); + /* + * It has to be placed after memory barrier, which is implied by unlock. + * Worst thing that can happen is that another thread proceeds to lock + * and checks x->ex_flags & EXFLAGS_SET. See beginning of the function. + */ + x->ex_cached = 1; } /*- @@ -541,11 +554,7 @@ void X509_set_proxy_pathlen(X509 *x, long l) int X509_check_ca(X509 *x) { - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); - x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); - } + x509v3_cache_extensions(x); return check_ca(x); } @@ -759,6 +768,7 @@ int X509_check_issued(X509 *issuer, X509 *subject) if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; + x509v3_cache_extensions(issuer); x509v3_cache_extensions(subject); @@ -847,6 +857,13 @@ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) return x->skid; } +const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, -1); + return (x->akid != NULL ? x->akid->keyid : NULL); +} + long X509_get_pathlen(X509 *x) { /* Called for side effect of caching extensions */ diff --git a/vendor/openssl/crypto/x509v3/v3_tlsf.c b/vendor/openssl/crypto/x509v3/v3_tlsf.c index fec67243f..d93781e1b 100644 --- a/vendor/openssl/crypto/x509v3/v3_tlsf.c +++ b/vendor/openssl/crypto/x509v3/v3_tlsf.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -121,13 +121,12 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, } } - ai = ASN1_INTEGER_new(); - if (ai == NULL) { + if ((ai = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(ai, tlsextid) + || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) { X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); goto err; } - ASN1_INTEGER_set(ai, tlsextid); - sk_ASN1_INTEGER_push(tlsf, ai); } return tlsf; diff --git a/vendor/openssl/crypto/x509v3/v3_utl.c b/vendor/openssl/crypto/x509v3/v3_utl.c index 7dc9a4533..418ef06a9 100644 --- a/vendor/openssl/crypto/x509v3/v3_utl.c +++ b/vendor/openssl/crypto/x509v3/v3_utl.c @@ -13,6 +13,7 @@ #include #include "internal/cryptlib.h" #include +#include #include #include "internal/x509_int.h" #include @@ -37,6 +38,7 @@ int X509V3_add_value(const char *name, const char *value, { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; + int sk_allocated = (*extlist == NULL); if (name && (tname = OPENSSL_strdup(name)) == NULL) goto err; @@ -44,7 +46,7 @@ int X509V3_add_value(const char *name, const char *value, goto err; if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) goto err; - if (*extlist == NULL && (*extlist = sk_CONF_VALUE_new_null()) == NULL) + if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) goto err; vtmp->section = NULL; vtmp->name = tname; @@ -54,6 +56,10 @@ int X509V3_add_value(const char *name, const char *value, return 1; err: X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); + if (sk_allocated) { + sk_CONF_VALUE_free(*extlist); + *extlist = NULL; + } OPENSSL_free(vtmp); OPENSSL_free(tname); OPENSSL_free(tvalue); @@ -94,6 +100,43 @@ int X509V3_add_value_bool_nf(const char *name, int asn1_bool, return 1; } +static char *bignum_to_string(const BIGNUM *bn) +{ + char *tmp, *ret; + size_t len; + + /* + * Display large numbers in hex and small numbers in decimal. Converting to + * decimal takes quadratic time and is no more useful than hex for large + * numbers. + */ + if (BN_num_bits(bn) < 128) + return BN_bn2dec(bn); + + tmp = BN_bn2hex(bn); + if (tmp == NULL) + return NULL; + + len = strlen(tmp) + 3; + ret = OPENSSL_malloc(len); + if (ret == NULL) { + X509V3err(X509V3_F_BIGNUM_TO_STRING, ERR_R_MALLOC_FAILURE); + OPENSSL_free(tmp); + return NULL; + } + + /* Prepend "0x", but place it after the "-" if negative. */ + if (tmp[0] == '-') { + OPENSSL_strlcpy(ret, "-0x", len); + OPENSSL_strlcat(ret, tmp + 1, len); + } else { + OPENSSL_strlcpy(ret, "0x", len); + OPENSSL_strlcat(ret, tmp, len); + } + OPENSSL_free(tmp); + return ret; +} + char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a) { BIGNUM *bntmp = NULL; @@ -102,7 +145,7 @@ char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a) if (!a) return NULL; if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL - || (strtmp = BN_bn2dec(bntmp)) == NULL) + || (strtmp = bignum_to_string(bntmp)) == NULL) X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; @@ -116,7 +159,7 @@ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a) if (!a) return NULL; if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL - || (strtmp = BN_bn2dec(bntmp)) == NULL) + || (strtmp = bignum_to_string(bntmp)) == NULL) X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; diff --git a/vendor/openssl/crypto/x509v3/v3err.c b/vendor/openssl/crypto/x509v3/v3err.c index 5d79c8c6c..d5987913c 100644 --- a/vendor/openssl/crypto/x509v3/v3err.c +++ b/vendor/openssl/crypto/x509v3/v3err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,6 +26,7 @@ static ERR_STRING_DATA X509V3_str_functs[] = { "ASIdentifierChoice_canonize"}, {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), "ASIdentifierChoice_is_canonical"}, + {ERR_FUNC(X509V3_F_BIGNUM_TO_STRING), "bignum_to_string"}, {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"}, {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"}, {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"}, diff --git a/vendor/openssl/crypto/x86_64cpuid.pl b/vendor/openssl/crypto/x86_64cpuid.pl index afc50af02..1a6f728de 100644 --- a/vendor/openssl/crypto/x86_64cpuid.pl +++ b/vendor/openssl/crypto/x86_64cpuid.pl @@ -143,8 +143,19 @@ or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs and \$15,%ah cmp \$15,%ah # examine Family ID - jne .Lnotintel + jne .LnotP4 or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR +.LnotP4: + cmp \$6,%ah + jne .Lnotintel + and \$0x0fff0ff0,%eax + cmp \$0x00050670,%eax # Knights Landing + je .Lknights + cmp \$0x00080650,%eax # Knights Mill (according to sde) + jne .Lnotintel +.Lknights: + and \$0xfbffffff,%ecx # clear XSAVE flag to mimic Silvermont + .Lnotintel: bt \$28,%edx # test hyper-threading bit jnc .Lgeneric @@ -169,6 +180,10 @@ mov \$7,%eax xor %ecx,%ecx cpuid + bt \$26,%r9d # check XSAVE bit, cleared on Knights + jc .Lnotknights + and \$0xfff7ffff,%ebx # clear ADCX/ADOX flag +.Lnotknights: mov %ebx,8(%rdi) # save extended feature flags .Lno_extended_info: @@ -182,7 +197,7 @@ .Lclear_avx: mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11) and %eax,%r9d # clear AVX, FMA and AMD XOP bits - andl \$0xffffffdf,8(%rdi) # cleax AVX2, ~(1<<5) + andl \$0xffffffdf,8(%rdi) # clear AVX2, ~(1<<5) .Ldone: shl \$32,%r9 mov %r10d,%eax diff --git a/vendor/openssl/demos/bio/cmod.cnf b/vendor/openssl/demos/bio/cmod.cnf index 4c45dfb78..39ac54edd 100644 --- a/vendor/openssl/demos/bio/cmod.cnf +++ b/vendor/openssl/demos/bio/cmod.cnf @@ -5,7 +5,7 @@ testapp = test_sect [test_sect] -# list of confuration modules +# list of configuration modules # SSL configuration module ssl_conf = ssl_sect diff --git a/vendor/openssl/doc/HOWTO/keys.txt b/vendor/openssl/doc/HOWTO/keys.txt index ba0314faf..1662c1703 100644 --- a/vendor/openssl/doc/HOWTO/keys.txt +++ b/vendor/openssl/doc/HOWTO/keys.txt @@ -27,12 +27,6 @@ With this variant, you will be prompted for a protecting password. If you don't want your key to be protected by a password, remove the flag '-des3' from the command line above. - NOTE: if you intend to use the key together with a server - certificate, it may be a good thing to avoid protecting it - with a password, since that would mean someone would have to - type in the password every time the server needs to access - the key. - The number 2048 is the size of the key, in bits. Today, 2048 or higher is recommended for RSA keys, as fewer amount of bits is consider insecure or to be insecure pretty soon. @@ -62,11 +56,50 @@ With this variant, you will be prompted for a protecting password. If you don't want your key to be protected by a password, remove the flag '-des3' from the command line above. - NOTE: if you intend to use the key together with a server - certificate, it may be a good thing to avoid protecting it - with a password, since that would mean someone would have to - type in the password every time the server needs to access - the key. --- -Richard Levitte +4. To generate an EC key + +An EC key can be used both for key agreement (ECDH) and signing (ECDSA). + +Generating a key for ECC is similar to generating a DSA key. These are +two-step processes. First, you have to get the EC parameters from which +the key will be generated: + + openssl ecparam -name prime256v1 -out prime256v1.pem + +The prime256v1, or NIST P-256, which stands for 'X9.62/SECG curve over +a 256-bit prime field', is the name of an elliptic curve which generates the +parameters. You can use the following command to list all supported curves: + + openssl ecparam -list_curves + +When that is done, you can generate a key using the created parameters (several +keys can be produced from the same parameters): + + openssl genpkey -des3 -paramfile prime256v1.pem -out private.key + +With this variant, you will be prompted for a password to protect your key. +If you don't want your key to be protected by a password, remove the flag +'-des3' from the command line above. + +You can also directly generate the key in one step: + + openssl ecparam -genkey -name prime256v1 -out private.key + +or + + openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 + + +5. NOTE + +If you intend to use the key together with a server certificate, +it may be reasonable to avoid protecting it with a password, since +otherwise someone would have to type in the password every time the +server needs to access the key. + +For X25519, it's treated as a distinct algorithm but not as one of +the curves listed with 'ecparam -list_curves' option. You can use +the following command to generate an X25519 key: + + openssl genpkey -algorithm X25519 -out xkey.pem diff --git a/vendor/openssl/doc/apps/asn1parse.pod b/vendor/openssl/doc/apps/asn1parse.pod index 10a5aba51..3c607e8ac 100644 --- a/vendor/openssl/doc/apps/asn1parse.pod +++ b/vendor/openssl/doc/apps/asn1parse.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-asn1parse, asn1parse - ASN.1 parsing tool =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/ca.pod b/vendor/openssl/doc/apps/ca.pod index c09db826e..9885bb239 100644 --- a/vendor/openssl/doc/apps/ca.pod +++ b/vendor/openssl/doc/apps/ca.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ca, ca - sample minimal CA application =head1 SYNOPSIS @@ -242,8 +243,10 @@ for all available algorithms. =item B<-subj arg> supersedes subject name given in the request. -The arg must be formatted as I, -characters may be escaped by \ (backslash), no spaces are skipped. +The arg must be formatted as I. +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the resulting certificate. =item B<-utf8> @@ -442,6 +445,10 @@ versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value B, especially if combined with the B<-selfsign> command line option. +Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate. + =item B a text file containing the next serial number to use in hex. Mandatory. @@ -709,7 +716,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/ciphers.pod b/vendor/openssl/doc/apps/ciphers.pod index 03cac2f1c..def3bdc30 100644 --- a/vendor/openssl/doc/apps/ciphers.pod +++ b/vendor/openssl/doc/apps/ciphers.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ciphers, ciphers - SSL cipher display and cipher list tool =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/cms.pod b/vendor/openssl/doc/apps/cms.pod index b97120a0e..64ec106b0 100644 --- a/vendor/openssl/doc/apps/cms.pod +++ b/vendor/openssl/doc/apps/cms.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-cms, cms - CMS utility =head1 SYNOPSIS @@ -185,7 +186,7 @@ output an error. =item B<-EncryptedData_encrypt> Encrypt content using supplied symmetric key and algorithm using a CMS -B type and output the content. +B type and output the content. =item B<-sign_receipt> @@ -392,6 +393,9 @@ When encrypting a message this option may be used multiple times to specify each recipient. This form B be used if customised parameters are required (for example to specify RSA-OAEP). +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +option. + =item B<-keyid> use subject key identifier to identify certificates instead of issuer name and @@ -711,23 +715,20 @@ No revocation checking is done on the signer's certificate. =head1 HISTORY The use of multiple B<-signer> options and the B<-resign> command were first -added in OpenSSL 1.0.0 - -The B option was first added in OpenSSL 1.1.0 +added in OpenSSL 1.0.0. -The use of B<-recip> to specify the recipient when encrypting mail was first -added to OpenSSL 1.1.0 +The B option was first added in OpenSSL 1.0.2 -Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. +Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2. The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added -to OpenSSL 1.1.0. +to OpenSSL 1.0.2. -The -no_alt_chains options was first added to OpenSSL 1.1.0. +The -no_alt_chains options was first added to OpenSSL 1.0.2b. =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/config.pod b/vendor/openssl/doc/apps/config.pod index 76f282f28..a5153a65f 100644 --- a/vendor/openssl/doc/apps/config.pod +++ b/vendor/openssl/doc/apps/config.pod @@ -20,7 +20,7 @@ started or end of file is reached. A section name can consist of alphanumeric characters and underscores. The first section of a configuration file is special and is referred -to as the B section this is usually unnamed and is from the +to as the B section. This section is usually unnamed and spans from the start of file until the first named section. When a name is being looked up it is first looked up in a named section (if any) and then the default section. @@ -377,7 +377,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/crl.pod b/vendor/openssl/doc/apps/crl.pod index 2fad2101e..82c77d60d 100644 --- a/vendor/openssl/doc/apps/crl.pod +++ b/vendor/openssl/doc/apps/crl.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-crl, crl - CRL utility =head1 SYNOPSIS @@ -119,7 +120,7 @@ Convert a CRL file from PEM to DER: Output the text form of a DER encoded certificate: - openssl crl -in crl.der -text -noout + openssl crl -in crl.der -inform DER -text -noout =head1 BUGS @@ -132,7 +133,7 @@ L, L, L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/crl2pkcs7.pod b/vendor/openssl/doc/apps/crl2pkcs7.pod index 8c679ea8f..933750ada 100644 --- a/vendor/openssl/doc/apps/crl2pkcs7.pod +++ b/vendor/openssl/doc/apps/crl2pkcs7.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-crl2pkcs7, crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/dgst.pod b/vendor/openssl/doc/apps/dgst.pod index 677f2b21e..59919c32f 100644 --- a/vendor/openssl/doc/apps/dgst.pod +++ b/vendor/openssl/doc/apps/dgst.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dgst, dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md4, md5, blake2b, blake2s - message digests =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/dhparam.pod b/vendor/openssl/doc/apps/dhparam.pod index addd88a54..52fc0df36 100644 --- a/vendor/openssl/doc/apps/dhparam.pod +++ b/vendor/openssl/doc/apps/dhparam.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dhparam, dhparam - DH parameter manipulation and generation =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/dsa.pod b/vendor/openssl/doc/apps/dsa.pod index 0e4f508fa..37358044f 100644 --- a/vendor/openssl/doc/apps/dsa.pod +++ b/vendor/openssl/doc/apps/dsa.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dsa, dsa - DSA key processing =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/dsaparam.pod b/vendor/openssl/doc/apps/dsaparam.pod index 08ad47faa..0dfda660e 100644 --- a/vendor/openssl/doc/apps/dsaparam.pod +++ b/vendor/openssl/doc/apps/dsaparam.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-dsaparam, dsaparam - DSA parameter manipulation and generation =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/ec.pod b/vendor/openssl/doc/apps/ec.pod index a5f920e84..c06005d82 100644 --- a/vendor/openssl/doc/apps/ec.pod +++ b/vendor/openssl/doc/apps/ec.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ec, ec - EC key processing =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/ecparam.pod b/vendor/openssl/doc/apps/ecparam.pod index 516789640..69a263196 100644 --- a/vendor/openssl/doc/apps/ecparam.pod +++ b/vendor/openssl/doc/apps/ecparam.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ecparam, ecparam - EC parameter manipulation and generation =head1 SYNOPSIS @@ -90,8 +91,8 @@ currently implemented EC parameters names and exit. =item B<-conv_form> This specifies how the points on the elliptic curve are converted -into octet strings. Possible values are: B (the default -value), B and B. For more information regarding +into octet strings. Possible values are: B, B (the +default value) and B. For more information regarding the point conversion forms please read the X9.62 standard. B Due to patent issues the B option is disabled by default for binary curves and can be enabled by defining @@ -175,7 +176,7 @@ L, L =head1 COPYRIGHT -Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/enc.pod b/vendor/openssl/doc/apps/enc.pod index b3bf82adc..6338d6c8e 100644 --- a/vendor/openssl/doc/apps/enc.pod +++ b/vendor/openssl/doc/apps/enc.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-enc, enc - symmetric cipher routines =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/engine.pod b/vendor/openssl/doc/apps/engine.pod index 674ab565d..155cc6290 100644 --- a/vendor/openssl/doc/apps/engine.pod +++ b/vendor/openssl/doc/apps/engine.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-engine, engine - load and query engines =head1 SYNOPSIS @@ -92,9 +93,19 @@ To list the capabilities of the I engine: [RSA] (dynamic) Dynamic engine loading support +=head1 ENVIRONMENT + +=over 4 + +=item B + +The path to the engines directory. + +=back + =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/errstr.pod b/vendor/openssl/doc/apps/errstr.pod index 8dfe49a5e..3c89b8f5c 100644 --- a/vendor/openssl/doc/apps/errstr.pod +++ b/vendor/openssl/doc/apps/errstr.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-errstr, errstr - lookup error codes =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/gendsa.pod b/vendor/openssl/doc/apps/gendsa.pod index 4fd171479..36c810a90 100644 --- a/vendor/openssl/doc/apps/gendsa.pod +++ b/vendor/openssl/doc/apps/gendsa.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-gendsa, gendsa - generate a DSA private key from a set of parameters =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/genpkey.pod b/vendor/openssl/doc/apps/genpkey.pod index e77fc7ef4..91b12e249 100644 --- a/vendor/openssl/doc/apps/genpkey.pod +++ b/vendor/openssl/doc/apps/genpkey.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-genpkey, genpkey - generate a private key =head1 SYNOPSIS @@ -11,7 +12,7 @@ B B [B<-out filename>] [B<-outform PEM|DER>] [B<-pass arg>] -[B<-cipher>] +[B<-I>] [B<-engine id>] [B<-paramfile file>] [B<-algorithm alg>] @@ -38,21 +39,21 @@ standard output is used. =item B<-outform DER|PEM> -This specifies the output format DER or PEM. +This specifies the output format DER or PEM. The default format is PEM. =item B<-pass arg> -the output file password source. For more information about the format of B +The output file password source. For more information about the format of B see the B section in L. -=item B<-cipher> +=item B<-I> This option encrypts the private key with the supplied cipher. Any algorithm name accepted by EVP_get_cipherbyname() is acceptable such as B. =item B<-engine id> -specifying an engine (by its unique B string) will cause B +Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. If used this option should precede all other @@ -60,19 +61,32 @@ options. =item B<-algorithm alg> -public key algorithm to use such as RSA, DSA or DH. If used this option must +Public key algorithm to use such as RSA, DSA or DH. If used this option must precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> -are mutually exclusive. +are mutually exclusive. Engines may add algorithms in addition to the standard +built-in ones. + +Valid built-in algorithm names for private key generation are RSA and EC. + +Valid built-in algorithm names for parameter generation (see the B<-genparam> +option) are DH, DSA and EC. + +Note that the algorithm name X9.42 DH may be used as a synonym for the DH +algorithm. These are identical and do not indicate the type of parameters that +will be generated. Use the B option to indicate whether PKCS#3 +or X9.42 DH parameters are required. See L +below for more details. =item B<-pkeyopt opt:value> -set the public key algorithm option B to B. The precise set of +Set the public key algorithm option B to B. The precise set of options supported depends on the public key algorithm used and its -implementation. See B below for more details. +implementation. See L and +L below for more details. =item B<-genparam> -generate a set of parameters instead of a private key. If used this option must +Generate a set of parameters instead of a private key. If used this option must precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options. =item B<-paramfile filename> @@ -96,7 +110,7 @@ The options supported by each algorithm and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed below. -=head1 RSA KEY GENERATION OPTIONS +=head2 RSA Key Generation Options =over 4 @@ -111,91 +125,92 @@ hexadecimal value if preceded by B<0x>. Default value is 65537. =back -=head1 DSA PARAMETER GENERATION OPTIONS +=head2 EC Key Generation Options + +The EC key generation options can also be used for parameter generation. =over 4 -=item B +=item B + +The EC curve to use. OpenSSL supports NIST curve names such as "P-256". -The number of bits in the generated parameters. If not specified 1024 is used. +=item B + +The encoding to use for parameters. The "encoding" parameter must be either +"named_curve" or "explicit". The default value is "named_curve". =back -=head1 DH PARAMETER GENERATION OPTIONS +=head1 PARAMETER GENERATION OPTIONS + +The options supported by each algorithm and indeed each implementation of an +algorithm can vary. The options for the OpenSSL implementations are detailed +below. + +=head2 DSA Parameter Generation Options =over 4 -=item B +=item B -The number of bits in the prime parameter B

. +The number of bits in the generated prime. If not specified 1024 is used. -=item B +=item B -The value to use for the generator B. +The number of bits in the q parameter. Must be one of 160, 224 or 256. If not +specified 160 is used. -=item B +=item B -If this option is set then the appropriate RFC5114 parameters are used -instead of generating new parameters. The value B can take the -values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of -1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup -and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections -2.1, 2.2 and 2.3 respectively. +The digest to use during parameter generation. Must be one of B, B +or B. If set, then the number of bits in B will match the output size +of the specified digest and the B parameter will be +ignored. If not set, then a digest will be used that gives an output matching +the number of bits in B, i.e. B if q length is 160, B if it 224 +or B if it is 256. =back -=head1 EC PARAMETER GENERATION OPTIONS - -The EC parameter generation options below can also -be supplied as EC key generation options. This can (for example) generate a -key from a named curve without the need to use an explicit parameter file. +=head2 DH Parameter Generation Options =over 4 -=item B - -the EC curve to use. OpenSSL supports NIST curve names such as "P-256". +=item B -=item B +The number of bits in the prime parameter B

. The default is 1024. -the encoding to use for parameters. The "encoding" parameter must be either -"named_curve" or "explicit". +=item B -=back +The number of bits in the sub prime parameter B. The default is 256 if the +prime is at least 2048 bits long or 160 otherwise. Only relevant if used in +conjunction with the B option to generate X9.42 DH parameters. -=head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS - -Gost 2001 support is not enabled by default. To enable this algorithm, -one should load the ccgost engine in the OpenSSL configuration file. -See README.gost file in the engines/ccgost directory of the source -distribution for more details. +=item B -Use of a parameter file for the GOST R 34.10 algorithm is optional. -Parameters can be specified during key generation directly as well as -during generation of parameter file. +The value to use for the generator B. The default is 2. -=over 4 +=item B -=item B +The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH. +The default is 0. -Specifies GOST R 34.10-2001 parameter set according to RFC 4357. -Parameter set can be specified using abbreviated name, object short name or -numeric OID. Following parameter sets are supported: +=item B - paramset OID Usage - A 1.2.643.2.2.35.1 Signature - B 1.2.643.2.2.35.2 Signature - C 1.2.643.2.2.35.3 Signature - XA 1.2.643.2.2.36.0 Key exchange - XB 1.2.643.2.2.36.1 Key exchange - test 1.2.643.2.2.35.0 Test purposes +If this option is set, then the appropriate RFC5114 parameters are used +instead of generating new parameters. The value B can take the +values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of +1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup +and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections +2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter +options. =back -=head1 X25519 KEY GENERATION OPTIONS - -The X25519 algorithm does not currently support any key generation options. +=head2 EC Parameter Generation Options +The EC parameter generation options are the same as for key generation. See +L above. =head1 NOTES @@ -218,19 +233,25 @@ Generate a 2048 bit RSA key using 3 as the public exponent: openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \ -pkeyopt rsa_keygen_pubexp:3 -Generate 1024 bit DSA parameters: +Generate 2048 bit DSA parameters: openssl genpkey -genparam -algorithm DSA -out dsap.pem \ - -pkeyopt dsa_paramgen_bits:1024 + -pkeyopt dsa_paramgen_bits:2048 Generate DSA key from parameters: openssl genpkey -paramfile dsap.pem -out dsakey.pem -Generate 1024 bit DH parameters: +Generate 2048 bit DH parameters: openssl genpkey -genparam -algorithm DH -out dhp.pem \ - -pkeyopt dh_paramgen_prime_len:1024 + -pkeyopt dh_paramgen_prime_len:2048 + +Generate 2048 bit X9.42 DH parameters: + + openssl genpkey -genparam -algorithm DH -out dhpx.pem \ + -pkeyopt dh_paramgen_prime_len:2048 \ + -pkeyopt dh_paramgen_type:1 Output RFC5114 2048 bit DH parameters with 224 bit subgroup: @@ -263,11 +284,12 @@ Generate an X25519 private key: =head1 HISTORY The ability to use NIST curve names, and to generate an EC key directly, -were added in OpenSSL 1.0.2. +were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in +OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/genrsa.pod b/vendor/openssl/doc/apps/genrsa.pod index f4ed9593a..8be06834f 100644 --- a/vendor/openssl/doc/apps/genrsa.pod +++ b/vendor/openssl/doc/apps/genrsa.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-genrsa, genrsa - generate an RSA private key =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/list.pod b/vendor/openssl/doc/apps/list.pod index e6e1f1761..108876269 100644 --- a/vendor/openssl/doc/apps/list.pod +++ b/vendor/openssl/doc/apps/list.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-list, list - list algorithms and features =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/nseq.pod b/vendor/openssl/doc/apps/nseq.pod index a90f8a002..6b25e221a 100644 --- a/vendor/openssl/doc/apps/nseq.pod +++ b/vendor/openssl/doc/apps/nseq.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-nseq, nseq - create or examine a Netscape certificate sequence =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/ocsp.pod b/vendor/openssl/doc/apps/ocsp.pod index ec82088fa..5e273cfe4 100644 --- a/vendor/openssl/doc/apps/ocsp.pod +++ b/vendor/openssl/doc/apps/ocsp.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ocsp, ocsp - Online Certificate Status Protocol utility =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/openssl.pod b/vendor/openssl/doc/apps/openssl.pod index 7fc53c9ba..6e822a611 100644 --- a/vendor/openssl/doc/apps/openssl.pod +++ b/vendor/openssl/doc/apps/openssl.pod @@ -182,6 +182,10 @@ PKCS#12 Data Management. PKCS#7 Data Management. +=item L|pkcs8(1)> + +PKCS#8 format private key conversion tool. + =item L|pkey(1)> Public and private key management. @@ -198,6 +202,10 @@ Public key algorithm cryptographic operation utility. Generate pseudo-random bytes. +=item L|rehash(1)> + +Create symbolic links to certificate and CRL files named by the hash values. + =item L|req(1)> PKCS#10 X.509 Certificate Signing Request (CSR) Management. @@ -418,17 +426,20 @@ Read the password from standard input. =head1 SEE ALSO -L, L, L, +L, L, L, L, L, L, L, L, L, L, L, -L, L, L, L, -L, L, L, +L, L, +L, L, L, L, L, +L, L, L, L, L, L, L, -L, L, L, +L, L, L, +L, L, L, L, L, L, -L, L, -L, L, +L, L, L, +L, L, L, +L, L, L, L, L, L, L diff --git a/vendor/openssl/doc/apps/passwd.pod b/vendor/openssl/doc/apps/passwd.pod index 87dd8d868..466320144 100644 --- a/vendor/openssl/doc/apps/passwd.pod +++ b/vendor/openssl/doc/apps/passwd.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-passwd, passwd - compute password hashes =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/pkcs12.pod b/vendor/openssl/doc/apps/pkcs12.pod index 2df477699..44ee3d4ec 100644 --- a/vendor/openssl/doc/apps/pkcs12.pod +++ b/vendor/openssl/doc/apps/pkcs12.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkcs12, pkcs12 - PKCS#12 file utility =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/pkcs7.pod b/vendor/openssl/doc/apps/pkcs7.pod index d238946b3..340b72daa 100644 --- a/vendor/openssl/doc/apps/pkcs7.pod +++ b/vendor/openssl/doc/apps/pkcs7.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkcs7, pkcs7 - PKCS#7 utility =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/pkcs8.pod b/vendor/openssl/doc/apps/pkcs8.pod index dee64a001..402e7b2b5 100644 --- a/vendor/openssl/doc/apps/pkcs8.pod +++ b/vendor/openssl/doc/apps/pkcs8.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkcs8, pkcs8 - PKCS#8 format private key conversion tool =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/pkey.pod b/vendor/openssl/doc/apps/pkey.pod index 2119c70c7..ef2e46336 100644 --- a/vendor/openssl/doc/apps/pkey.pod +++ b/vendor/openssl/doc/apps/pkey.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkey, pkey - public or private key processing tool =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/pkeyparam.pod b/vendor/openssl/doc/apps/pkeyparam.pod index 755915ff9..309e2495e 100644 --- a/vendor/openssl/doc/apps/pkeyparam.pod +++ b/vendor/openssl/doc/apps/pkeyparam.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkeyparam, pkeyparam - public key algorithm parameter processing tool =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/pkeyutl.pod b/vendor/openssl/doc/apps/pkeyutl.pod index ceb9de34b..e72486def 100644 --- a/vendor/openssl/doc/apps/pkeyutl.pod +++ b/vendor/openssl/doc/apps/pkeyutl.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-pkeyutl, pkeyutl - public key algorithm utility =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/rand.pod b/vendor/openssl/doc/apps/rand.pod index 0faf6872a..4cdb37051 100644 --- a/vendor/openssl/doc/apps/rand.pod +++ b/vendor/openssl/doc/apps/rand.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-rand, rand - generate pseudo-random bytes =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/rehash.pod b/vendor/openssl/doc/apps/rehash.pod index 1dca9b534..22f3b7a40 100644 --- a/vendor/openssl/doc/apps/rehash.pod +++ b/vendor/openssl/doc/apps/rehash.pod @@ -5,6 +5,7 @@ Original text by James Westby, contributed under the OpenSSL license. =head1 NAME +openssl-c_rehash, openssl-rehash, c_rehash, rehash - Create symbolic links to files named by the hash values =head1 SYNOPSIS @@ -98,6 +99,12 @@ Note that current versions will not use the old style. Do not remove existing links. This is needed when keeping new and old-style links in the same directory. +=item B<-compat> + +Generate links for both old-style (MD5) and new-style (SHA1) hashing. +This allows releases before 1.0.0 to use these links along-side newer +releases. + =item B<-v> Print messages about old links removed and new links created. @@ -129,7 +136,7 @@ L. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/req.pod b/vendor/openssl/doc/apps/req.pod index 8cfe2bc5f..291b1dac8 100644 --- a/vendor/openssl/doc/apps/req.pod +++ b/vendor/openssl/doc/apps/req.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-req, req - PKCS#10 certificate request and certificate generating utility =head1 SYNOPSIS @@ -212,8 +213,10 @@ see L. sets subject name for new request or supersedes the subject name when processing a request. -The arg must be formatted as I, -characters may be escaped by \ (backslash), no spaces are skipped. +The arg must be formatted as I. +Keyword characters may be escaped by \ (backslash), and whitespace is retained. +Empty values are permitted, but the corresponding type will not be included +in the request. =item B<-multivalue-rdn> @@ -368,7 +371,6 @@ option. For compatibility B is an equivalent option. This option specifies the digest algorithm to use. Any digest supported by the OpenSSL B command can be used. -If not present then MD5 is used. This option can be overridden on the command line. =item B @@ -651,7 +653,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/rsa.pod b/vendor/openssl/doc/apps/rsa.pod index 8e9943fe5..dcbf5142b 100644 --- a/vendor/openssl/doc/apps/rsa.pod +++ b/vendor/openssl/doc/apps/rsa.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-rsa, rsa - RSA key processing tool =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/rsautl.pod b/vendor/openssl/doc/apps/rsautl.pod index 038f00be4..c07d60aee 100644 --- a/vendor/openssl/doc/apps/rsautl.pod +++ b/vendor/openssl/doc/apps/rsautl.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-rsautl, rsautl - RSA utility =head1 SYNOPSIS @@ -115,7 +116,7 @@ Recover the signed data Examine the raw signed data: - openssl rsautl -verify -in file -inkey key.pem -raw -hexdump + openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ diff --git a/vendor/openssl/doc/apps/s_client.pod b/vendor/openssl/doc/apps/s_client.pod index 43989d0ca..9c1707533 100644 --- a/vendor/openssl/doc/apps/s_client.pod +++ b/vendor/openssl/doc/apps/s_client.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-s_client, s_client - SSL/TLS client program =head1 SYNOPSIS @@ -280,8 +281,9 @@ be used as a test that session caching is working. =item B<-showcerts> -display the whole server certificate chain: normally only the server -certificate itself is displayed. +Displays the server certificate list as sent by the server: it only consists of +certificates the server has sent (in the order the server has sent them). It is +B a verified chain. =item B<-prexit> @@ -346,12 +348,14 @@ Can be used to override the implicit B<-ign_eof> after B<-quiet>. =item B<-psk_identity identity> Use the PSK identity B when using a PSK cipher suite. +The default value is "Client_identity" (without the quotes). =item B<-psk key> Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. +This option must be provided in order to use a PSK cipher. =item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> @@ -576,7 +580,8 @@ a client certificate. Therefor merely including a client certificate on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the -B<-showcerts> option can be used to show the whole chain. +B<-showcerts> option can be used to show all the certificates sent by the +server. The B utility is a test tool and is designed to continue the handshake after any certificate verification errors. As a result it will @@ -606,7 +611,7 @@ The -no_alt_chains options was first added to OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/s_server.pod b/vendor/openssl/doc/apps/s_server.pod index ad718679c..e8ec91b4e 100644 --- a/vendor/openssl/doc/apps/s_server.pod +++ b/vendor/openssl/doc/apps/s_server.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-s_server, s_server - SSL/TLS server program =head1 SYNOPSIS @@ -323,6 +324,7 @@ Use the PSK identity hint B when using a PSK cipher suite. Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. +This option must be provided in order to use a PSK cipher. =item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> @@ -574,10 +576,6 @@ a web browser the command: can be used for example. -Most web browsers (in particular Netscape and MSIE) only support RSA cipher -suites, so they cannot connect to servers which don't use a certificate -carrying an RSA key or a version of OpenSSL with RSA disabled. - Although specifying an empty list of CAs when requesting a client certificate is strictly speaking a protocol violation, some SSL clients interpret this to mean any CA is acceptable. This is useful for debugging purposes. diff --git a/vendor/openssl/doc/apps/s_time.pod b/vendor/openssl/doc/apps/s_time.pod index acadd3002..d44dd9353 100644 --- a/vendor/openssl/doc/apps/s_time.pod +++ b/vendor/openssl/doc/apps/s_time.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-s_time, s_time - SSL/TLS performance timing program =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/sess_id.pod b/vendor/openssl/doc/apps/sess_id.pod index 19ac9a75b..7766c71ed 100644 --- a/vendor/openssl/doc/apps/sess_id.pod +++ b/vendor/openssl/doc/apps/sess_id.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-sess_id, sess_id - SSL/TLS session handling utility =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/smime.pod b/vendor/openssl/doc/apps/smime.pod index d3e021466..753e2757b 100644 --- a/vendor/openssl/doc/apps/smime.pod +++ b/vendor/openssl/doc/apps/smime.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-smime, smime - S/MIME utility =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/speed.pod b/vendor/openssl/doc/apps/speed.pod index ad81bfbc7..4379319d7 100644 --- a/vendor/openssl/doc/apps/speed.pod +++ b/vendor/openssl/doc/apps/speed.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-speed, speed - test library performance =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/spkac.pod b/vendor/openssl/doc/apps/spkac.pod index 8955bc445..e337e4e7c 100644 --- a/vendor/openssl/doc/apps/spkac.pod +++ b/vendor/openssl/doc/apps/spkac.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-spkac, spkac - SPKAC printing and generating utility =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/ts.pod b/vendor/openssl/doc/apps/ts.pod index cf30947d3..0c949bfb7 100644 --- a/vendor/openssl/doc/apps/ts.pod +++ b/vendor/openssl/doc/apps/ts.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-ts, ts - Time Stamping Authority tool (client/server) =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/tsget.pod b/vendor/openssl/doc/apps/tsget.pod index cf7817a0e..f566f3a4b 100644 --- a/vendor/openssl/doc/apps/tsget.pod +++ b/vendor/openssl/doc/apps/tsget.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-tsget, tsget - Time Stamping HTTP/HTTPS client =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/verify.pod b/vendor/openssl/doc/apps/verify.pod index 8ba5ff67e..38fa346f5 100644 --- a/vendor/openssl/doc/apps/verify.pod +++ b/vendor/openssl/doc/apps/verify.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-verify, verify - Utility to verify certificates =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/version.pod b/vendor/openssl/doc/apps/version.pod index a97ed2044..305a1b748 100644 --- a/vendor/openssl/doc/apps/version.pod +++ b/vendor/openssl/doc/apps/version.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-version, version - print OpenSSL version information =head1 SYNOPSIS diff --git a/vendor/openssl/doc/apps/x509.pod b/vendor/openssl/doc/apps/x509.pod index cddfc8ce4..f2dcef2e5 100644 --- a/vendor/openssl/doc/apps/x509.pod +++ b/vendor/openssl/doc/apps/x509.pod @@ -2,6 +2,7 @@ =head1 NAME +openssl-x509, x509 - Certificate display and signing utility =head1 SYNOPSIS @@ -230,8 +231,11 @@ non-zero if yes it will expire or zero if not. =item B<-fingerprint> -prints out the digest of the DER encoded version of the whole certificate -(see digest options). +Calculates and outputs the digest of the DER encoded version of the entire +certificate (see digest options). +This is commonly called a "fingerprint". Because of the nature of message +digests, the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same. =item B<-C> @@ -686,10 +690,6 @@ supporting UTF8: openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb -Display the certificate MD5 fingerprint: - - openssl x509 -in cert.pem -noout -fingerprint - Display the certificate SHA1 fingerprint: openssl x509 -sha1 -in cert.pem -noout -fingerprint @@ -743,13 +743,6 @@ T61Strings use the ISO8859-1 character set. This is wrong but Netscape and MSIE do this as do many certificates. So although this is incorrect it is more likely to display the majority of certificates correctly. -The B<-fingerprint> option takes the digest of the DER encoded certificate. -This is commonly called a "fingerprint". Because of the nature of message -digests the fingerprint of a certificate is unique to that certificate and -two certificates with the same fingerprint can be considered to be the same. - -The Netscape fingerprint uses MD5 whereas MSIE uses SHA1. - The B<-email> option searches the subject name and the subject alternative name extension. Only unique email addresses will be printed out: it will not print the same address more than once. @@ -895,7 +888,7 @@ the old form must have their links rebuilt using B or similar. =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/apps/x509v3_config.pod b/vendor/openssl/doc/apps/x509v3_config.pod index 17d9f1c3f..c0742c84d 100644 --- a/vendor/openssl/doc/apps/x509v3_config.pod +++ b/vendor/openssl/doc/apps/x509v3_config.pod @@ -352,7 +352,7 @@ Example: noticeNumbers=1,2,3,4 The B option changes the type of the I field. In RFC2459 -it can only be of type DisplayText. In RFC3280 IA5Strring is also permissible. +it can only be of type DisplayText. In RFC3280 IA5String is also permissible. Some software (for example some versions of MSIE) may require ia5org. =head2 Policy Constraints diff --git a/vendor/openssl/doc/crypto/ASN1_INTEGER_get_int64.pod b/vendor/openssl/doc/crypto/ASN1_INTEGER_get_int64.pod index f61268d6a..d0a6a3c81 100644 --- a/vendor/openssl/doc/crypto/ASN1_INTEGER_get_int64.pod +++ b/vendor/openssl/doc/crypto/ASN1_INTEGER_get_int64.pod @@ -11,10 +11,10 @@ ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_s #include int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); - int ASN1_INTEGER_get(const ASN1_INTEGER *a, long v); + long ASN1_INTEGER_get(const ASN1_INTEGER *a); int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); - long ASN1_INTEGER_set(const ASN1_INTEGER *a); + int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); @@ -123,7 +123,7 @@ were added to OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/ASN1_STRING_length.pod b/vendor/openssl/doc/crypto/ASN1_STRING_length.pod index 26cb17614..20a372dc1 100644 --- a/vendor/openssl/doc/crypto/ASN1_STRING_length.pod +++ b/vendor/openssl/doc/crypto/ASN1_STRING_length.pod @@ -71,8 +71,8 @@ utility functions should be used instead. In general it cannot be assumed that the data returned by ASN1_STRING_data() is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example -for and IA5String the data will be ASCII, for a BMPString two bytes per -character in big endian format, UTF8String will be in UTF8 format. +for an IA5String the data will be ASCII, for a BMPString two bytes per +character in big endian format, and for an UTF8String it will be in UTF8 format. Similar care should be take to ensure the data is in the correct format when calling ASN1_STRING_set(). @@ -83,7 +83,7 @@ L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/BIO_ctrl.pod b/vendor/openssl/doc/crypto/BIO_ctrl.pod index a098946d5..60cd10883 100644 --- a/vendor/openssl/doc/crypto/BIO_ctrl.pod +++ b/vendor/openssl/doc/crypto/BIO_ctrl.pod @@ -5,17 +5,17 @@ BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, -BIO_get_info_callback, BIO_set_info_callback, bio_info_cb +BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb - BIO control operations =head1 SYNOPSIS #include - typedef void (*bio_info_cb)(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3); + typedef int BIO_info_cb(BIO *b, int state, int res); long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); - long BIO_callback_ctrl(BIO *b, int cmd, bio_info_cb cb); + long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); @@ -31,8 +31,8 @@ BIO_get_info_callback, BIO_set_info_callback, bio_info_cb size_t BIO_ctrl_pending(BIO *b); size_t BIO_ctrl_wpending(BIO *b); - int BIO_get_info_callback(BIO *b, bio_info_cb **cbp); - int BIO_set_info_callback(BIO *b, bio_info_cb *cb); + int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp); + int BIO_set_info_callback(BIO *b, BIO_info_cb *cb); =head1 DESCRIPTION diff --git a/vendor/openssl/doc/crypto/BIO_get_data.pod b/vendor/openssl/doc/crypto/BIO_get_data.pod index 14f21fa72..c3137c4c5 100644 --- a/vendor/openssl/doc/crypto/BIO_get_data.pod +++ b/vendor/openssl/doc/crypto/BIO_get_data.pod @@ -51,7 +51,7 @@ L, L =head1 HISTORY -The functions described here were added in OpenSSL version 1.1.0. +The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/vendor/openssl/doc/crypto/BIO_get_ex_new_index.pod b/vendor/openssl/doc/crypto/BIO_get_ex_new_index.pod index 3e24f10bc..9cf20c27f 100644 --- a/vendor/openssl/doc/crypto/BIO_get_ex_new_index.pod +++ b/vendor/openssl/doc/crypto/BIO_get_ex_new_index.pod @@ -11,7 +11,7 @@ X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, -ECDSA_get_ex_new_index, ECDSA_set_ex_data, ECDSA_get_ex_data, +EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - application-specific data diff --git a/vendor/openssl/doc/crypto/BIO_meth_new.pod b/vendor/openssl/doc/crypto/BIO_meth_new.pod index bf3316104..89179a46e 100644 --- a/vendor/openssl/doc/crypto/BIO_meth_new.pod +++ b/vendor/openssl/doc/crypto/BIO_meth_new.pod @@ -8,7 +8,7 @@ BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, -BIO_meth_set_callback_ctrl - Routines to build up BIO methods +BIO_meth_set_callback_ctrl - Routines to build up BIO methods =head1 SYNOPSIS @@ -17,30 +17,30 @@ BIO_meth_set_callback_ctrl - Routines to build up BIO methods int BIO_get_new_index(void); BIO_METHOD *BIO_meth_new(int type, const char *name); void BIO_meth_free(BIO_METHOD *biom); - int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int); + int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int); int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); - int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int); + int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); - int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *); + int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *); int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); - int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int); + int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int)); - long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *); + long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); - int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *); + int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *); int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); - int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); + int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); - long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) - (BIO *, int, bio_info_cb *); + long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) + (BIO *, int, BIO_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, - bio_info_cb *)); + BIO_info_cb *)); =head1 DESCRIPTION @@ -117,11 +117,11 @@ L, L, L, L, L =head1 HISTORY -The functions described here were added in OpenSSL version 1.1.0. +The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/BIO_push.pod b/vendor/openssl/doc/crypto/BIO_push.pod index 762027ff6..ce56db983 100644 --- a/vendor/openssl/doc/crypto/BIO_push.pod +++ b/vendor/openssl/doc/crypto/BIO_push.pod @@ -75,7 +75,7 @@ L =head1 HISTORY -The BIO_set_next() function was added in OpenSSL version 1.1.0. +The BIO_set_next() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/vendor/openssl/doc/crypto/BIO_s_mem.pod b/vendor/openssl/doc/crypto/BIO_s_mem.pod index b272c410a..eb67cbe93 100644 --- a/vendor/openssl/doc/crypto/BIO_s_mem.pod +++ b/vendor/openssl/doc/crypto/BIO_s_mem.pod @@ -56,14 +56,14 @@ zero then it will return B when it is empty and it will set the read retry flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal positive return value B should be set to a negative value, typically -1. -BIO_get_mem_data() sets B to a pointer to the start of the memory BIOs data +BIO_get_mem_data() sets *B to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro. BIO_set_mem_buf() sets the internal BUF_MEM structure to B and sets the close flag to B, that is B should be either BIO_CLOSE or BIO_NOCLOSE. It is a macro. -BIO_get_mem_ptr() places the underlying BUF_MEM structure in B. It is +BIO_get_mem_ptr() places the underlying BUF_MEM structure in *B. It is a macro. BIO_new_mem_buf() creates a memory BIO using B bytes of data at B, @@ -114,7 +114,7 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO: =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/BIO_set_callback.pod b/vendor/openssl/doc/crypto/BIO_set_callback.pod index 3d1585940..27aa4f45d 100644 --- a/vendor/openssl/doc/crypto/BIO_set_callback.pod +++ b/vendor/openssl/doc/crypto/BIO_set_callback.pod @@ -20,8 +20,8 @@ BIO_callback_fn_ex, BIO_callback_fn void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); - void BIO_set_callback(BIO *b, BIO_callack_fn cb); - BIO_callack_fn BIO_get_callback(BIO *b); + void BIO_set_callback(BIO *b, BIO_callback_fn cb); + BIO_callback_fn BIO_get_callback(BIO *b); void BIO_set_callback_arg(BIO *b, char *arg); char *BIO_get_callback_arg(const BIO *b); @@ -37,7 +37,7 @@ operation. BIO_set_callback() and BIO_get_callback() set and retrieve the old format BIO callback. New code should not use these functions, but they are retained for -backwards compatbility. Any callback set via BIO_set_callback_ex() will get +backwards compatibility. Any callback set via BIO_set_callback_ex() will get called in preference to any set by BIO_set_callback(). BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be diff --git a/vendor/openssl/doc/crypto/BIO_should_retry.pod b/vendor/openssl/doc/crypto/BIO_should_retry.pod index d6ddf48e2..d01d5bbca 100644 --- a/vendor/openssl/doc/crypto/BIO_should_retry.pod +++ b/vendor/openssl/doc/crypto/BIO_should_retry.pod @@ -118,7 +118,7 @@ L =head1 HISTORY The BIO_get_retry_reason() and BIO_set_retry_reason() functions were added in -OpenSSL version 1.1.0. +OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/vendor/openssl/doc/crypto/BN_add.pod b/vendor/openssl/doc/crypto/BN_add.pod index db3b0d45b..b2c5dd2cc 100644 --- a/vendor/openssl/doc/crypto/BN_add.pod +++ b/vendor/openssl/doc/crypto/BN_add.pod @@ -92,7 +92,9 @@ BN_exp() raises I to the I

-th power and places the result in I BN_mul(). BN_mod_exp() computes I to the I

-th power modulo I (C). This function uses less time and space than BN_exp(). +m>). This function uses less time and space than BN_exp(). Do not call this +function when B is even and any of the parameters have the +B flag set. BN_gcd() computes the greatest common divisor of I and I and places the result in I. I may be the same B as I or @@ -117,7 +119,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/BN_bn2bin.pod b/vendor/openssl/doc/crypto/BN_bn2bin.pod index 9e16c0d23..c9ca33fd1 100644 --- a/vendor/openssl/doc/crypto/BN_bn2bin.pod +++ b/vendor/openssl/doc/crypto/BN_bn2bin.pod @@ -55,8 +55,8 @@ freed later using OPENSSL_free(). BN_hex2bn() takes as many characters as possible from the string B, including the leading character '-' which means negative, to form a valid hexadecimal number representation and converts them to a B and -stores it in **B. If *B is NULL, a new B is created. If -B is NULL, it only computes the length of valid representation. +stores it in **B. If *B is NULL, a new B is created. If +B is NULL, it only computes the length of valid representation. A "negative zero" is converted to zero. BN_dec2bn() is the same using the decimal system. @@ -87,8 +87,8 @@ BN_bn2binpad() returns the number of bytes written or -1 if the supplied buffer is too small. BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL -on error. BN_hex2bn() and BN_dec2bn() return the the length of valid -representation in hexadecimal or decimal digits, and 0 on error, in which +on error. BN_hex2bn() and BN_dec2bn() return the number of characters +used in parsing, or 0 on error, in which case no new B will be created. BN_print_fp() and BN_print() return 1 on success, 0 on write errors. @@ -106,7 +106,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/BN_generate_prime.pod b/vendor/openssl/doc/crypto/BN_generate_prime.pod index c97536b5c..4cd667e2e 100644 --- a/vendor/openssl/doc/crypto/BN_generate_prime.pod +++ b/vendor/openssl/doc/crypto/BN_generate_prime.pod @@ -100,7 +100,17 @@ If B, this test is skipped. Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin probabilistic primality test with B iterations. If B, a number of iterations is used that -yields a false positive rate of at most 2^-80 for random input. +yields a false positive rate of at most 2^-64 for random input. +The error rate depends on the size of the prime and goes down for bigger primes. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, +2^-192 at 3747 bits and 2^-256 at 6394 bits. + +When the source of the prime is not random or not trusted, the number +of checks needs to be much higher to reach the same level of assurance: +It should equal half of the targeted security level in bits (rounded up to the +next integer if necessary). +For instance, to reach the 128 bit security level, B should be set to +64. If B is not B, B is called after the j-th iteration (j = 0, 1, ...). B is a @@ -184,7 +194,7 @@ and BN_GENCB_get_arg() were added in OpenSSL 1.1.0 =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/BN_new.pod b/vendor/openssl/doc/crypto/BN_new.pod index 36bd00da2..08aae5e91 100644 --- a/vendor/openssl/doc/crypto/BN_new.pod +++ b/vendor/openssl/doc/crypto/BN_new.pod @@ -36,7 +36,8 @@ If B is NULL, nothing is done. =head1 RETURN VALUES BN_new() and BN_secure_new() -return a pointer to the B. If the allocation fails, +return a pointer to the B initialised to the value 0. +If the allocation fails, they return B and set an error code that can be obtained by L. diff --git a/vendor/openssl/doc/crypto/BN_zero.pod b/vendor/openssl/doc/crypto/BN_zero.pod index 91d48aad8..2ca8850f2 100644 --- a/vendor/openssl/doc/crypto/BN_zero.pod +++ b/vendor/openssl/doc/crypto/BN_zero.pod @@ -14,8 +14,8 @@ operations const BIGNUM *BN_value_one(void); - int BN_set_word(BIGNUM *a, unsigned long w); - unsigned long BN_get_word(BIGNUM *a); + int BN_set_word(BIGNUM *a, BN_ULONG w); + BN_ULONG BN_get_word(BIGNUM *a); Deprecated: @@ -25,19 +25,21 @@ Deprecated: =head1 DESCRIPTION +B is a macro that will be an unsigned integral type optimied +for the most efficient implementation on the local platform. + BN_zero(), BN_one() and BN_set_word() set B to the values 0, 1 and B respectively. BN_zero() and BN_one() are macros. BN_value_one() returns a B constant of value 1. This constant is useful for use in comparisons and assignment. -BN_get_word() returns B, if it can be represented as an unsigned -long. +BN_get_word() returns B, if it can be represented as a B. =head1 RETURN VALUES -BN_get_word() returns the value B, and 0xffffffffL if B cannot -be represented as an unsigned long. +BN_get_word() returns the value B, or all-bits-set if B cannot +be represented as a B. BN_one(), BN_set_word() and the deprecated version of BN_zero() return 1 on success, 0 otherwise. @@ -46,10 +48,11 @@ The preferred version of BN_zero() never fails and returns no value. =head1 BUGS -Someone might change the constant. +If a B is equal to the value of all-bits-set, it will collide +with the error condition returned by BN_get_word() which uses that +as an error value. -If a B is equal to 0xffffffffL it can be represented as an -unsigned long but this value is also returned on error. +B should probably be a typedef. =head1 SEE ALSO @@ -57,7 +60,7 @@ L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/BUF_MEM_new.pod b/vendor/openssl/doc/crypto/BUF_MEM_new.pod index 29466088a..1d89159cc 100644 --- a/vendor/openssl/doc/crypto/BUF_MEM_new.pod +++ b/vendor/openssl/doc/crypto/BUF_MEM_new.pod @@ -2,7 +2,7 @@ =head1 NAME -BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow +BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse - simple character array structure diff --git a/vendor/openssl/doc/crypto/CMS_encrypt.pod b/vendor/openssl/doc/crypto/CMS_encrypt.pod index 0ed42628c..cbd5a2135 100644 --- a/vendor/openssl/doc/crypto/CMS_encrypt.pod +++ b/vendor/openssl/doc/crypto/CMS_encrypt.pod @@ -18,9 +18,8 @@ B is the symmetric cipher to use. B is an optional set of flags. =head1 NOTES -Only certificates carrying RSA keys are supported so the recipient certificates -supplied to this function must all contain RSA public keys, though they do not -have to be signed using the RSA algorithm. +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this +function. EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because most clients will support it. @@ -94,7 +93,7 @@ The B flag was first supported in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/CMS_get0_SignerInfos.pod b/vendor/openssl/doc/crypto/CMS_get0_SignerInfos.pod index e5532c96f..cea088857 100644 --- a/vendor/openssl/doc/crypto/CMS_get0_SignerInfos.pod +++ b/vendor/openssl/doc/crypto/CMS_get0_SignerInfos.pod @@ -54,7 +54,7 @@ CMS_SignerInfo_set1_signer_cert(). Once all signer certificates have been set CMS_verify() can be used. -Although CMS_get0_SignerInfos() can return NULL is an error occur B if +Although CMS_get0_SignerInfos() can return NULL if an error occurs B if there are no signers this is not a problem in practice because the only error which can occur is if the B structure is not of type signedData due to application error. @@ -79,7 +79,7 @@ L, L =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod b/vendor/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod index 79f5f4232..cb961be79 100644 --- a/vendor/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod +++ b/vendor/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod @@ -48,7 +48,7 @@ CMS_verify(). CMS_ReceiptRequest_create0() returns a signed receipt request structure or NULL if an error occurred. -CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred. +CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred. CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and decoded. It returns 0 if a signed receipt request is not present and -1 if @@ -62,7 +62,7 @@ L =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/CRYPTO_get_ex_new_index.pod b/vendor/openssl/doc/crypto/CRYPTO_get_ex_new_index.pod index 0853ce588..a5bf62097 100644 --- a/vendor/openssl/doc/crypto/CRYPTO_get_ex_new_index.pod +++ b/vendor/openssl/doc/crypto/CRYPTO_get_ex_new_index.pod @@ -17,8 +17,8 @@ CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); - typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); + typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp); typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, @@ -128,7 +128,8 @@ initially registered via CRYPTO_get_ex_new_index() and can be used if the same callback handles different types of exdata. dup_func() is called when a structure is being copied. This is only done -for B and B objects. The B and B parameters +for B, B, B objects and B chains via +BIO_dup_chain(). The B and B parameters are pointers to the destination and source B structures, respectively. The B parameter needs to be cast to a B as the API has currently the wrong signature; that will be changed in a diff --git a/vendor/openssl/doc/crypto/DEFINE_STACK_OF.pod b/vendor/openssl/doc/crypto/DEFINE_STACK_OF.pod index fbd43f970..f655f84ee 100644 --- a/vendor/openssl/doc/crypto/DEFINE_STACK_OF.pod +++ b/vendor/openssl/doc/crypto/DEFINE_STACK_OF.pod @@ -94,12 +94,12 @@ B. sk_TYPE_value() returns element B in B, where B starts at zero. If B is out of range then B is returned. -sk_TYPE_new() allocates a new empty stack using comparison function B. -If B is B then no comparison function is used. +sk_TYPE_new() allocates a new empty stack using comparison function B. +If B is B then no comparison function is used. sk_TYPE_new_null() allocates a new empty stack with no comparison function. -sk_TYPE_set_cmp_func() sets the comparison function of B to B. +sk_TYPE_set_cmp_func() sets the comparison function of B to B. The previous comparison function is returned or B if there was no previous comparison function. diff --git a/vendor/openssl/doc/crypto/DH_get0_pqg.pod b/vendor/openssl/doc/crypto/DH_get0_pqg.pod index 79647bf89..380981353 100644 --- a/vendor/openssl/doc/crypto/DH_get0_pqg.pod +++ b/vendor/openssl/doc/crypto/DH_get0_pqg.pod @@ -48,13 +48,11 @@ been set yet, although if the private key has been set then the public key must be. The values point to the internal representation of the public key and private key values. This memory should not be freed directly. -The public and private key values can be set using DH_set0_key(). The public -key must be non-NULL the first time this function is called on a given DH -object. The private key may be NULL. On subsequent calls, either may be NULL, -which means the corresponding DH field is left untouched. As for DH_set0_pqg() -this function transfers the memory management of the key values to the DH -object, and therefore they should not be freed directly after this function has -been called. +The public and private key values can be set using DH_set0_key(). Either +parameter may be NULL, which means the corresponding DH field is left +untouched. As with DH_set0_pqg() this function transfers the memory management +of the key values to the DH object, and therefore they should not be freed +directly after this function has been called. DH_set_flags() sets the flags in the B parameter on the DH object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that @@ -98,7 +96,7 @@ L, L, L =head1 HISTORY -The functions described here were added in OpenSSL version 1.1.0. +The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/vendor/openssl/doc/crypto/DH_meth_new.pod b/vendor/openssl/doc/crypto/DH_meth_new.pod index bcf559215..ef0a80b19 100644 --- a/vendor/openssl/doc/crypto/DH_meth_new.pod +++ b/vendor/openssl/doc/crypto/DH_meth_new.pod @@ -19,7 +19,7 @@ DH_meth_set_generate_params - Routines to build up DH methods DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); const char *DH_meth_get0_name(const DH_METHOD *dhm); int DH_meth_set1_name(DH_METHOD *dhm, const char *name); - int DH_meth_get_flags(DH_METHOD *dhm); + int DH_meth_get_flags(const DH_METHOD *dhm); int DH_meth_set_flags(DH_METHOD *dhm, int flags); void *DH_meth_get0_app_data(const DH_METHOD *dhm); int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); @@ -142,11 +142,11 @@ L, L, L =head1 HISTORY -The functions described here were added in OpenSSL version 1.1.0. +The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/DH_set_method.pod b/vendor/openssl/doc/crypto/DH_set_method.pod index cd75a9b54..210060867 100644 --- a/vendor/openssl/doc/crypto/DH_set_method.pod +++ b/vendor/openssl/doc/crypto/DH_set_method.pod @@ -31,8 +31,11 @@ Initially, the default DH_METHOD is the OpenSSL internal implementation, as returned by DH_OpenSSL(). DH_set_default_method() makes B the default method for all DH -structures created later. B: This is true only whilst no ENGINE has been set +structures created later. +B: This is true only whilst no ENGINE has been set as a default for DH, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. DH_get_default_method() returns a pointer to the current default DH_METHOD. However, the meaningfulness of this result is dependent on whether the ENGINE diff --git a/vendor/openssl/doc/crypto/DSA_get0_pqg.pod b/vendor/openssl/doc/crypto/DSA_get0_pqg.pod index e87e42a45..6c1c09a56 100644 --- a/vendor/openssl/doc/crypto/DSA_get0_pqg.pod +++ b/vendor/openssl/doc/crypto/DSA_get0_pqg.pod @@ -88,7 +88,7 @@ L, L, L =head1 HISTORY -The functions described here were added in OpenSSL version 1.1.0. +The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/vendor/openssl/doc/crypto/DSA_meth_new.pod b/vendor/openssl/doc/crypto/DSA_meth_new.pod index 68f744abc..8ebf7ab6b 100644 --- a/vendor/openssl/doc/crypto/DSA_meth_new.pod +++ b/vendor/openssl/doc/crypto/DSA_meth_new.pod @@ -10,7 +10,7 @@ DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, -DSA_meth_set_keygen - Routines to build up DSA methods +DSA_meth_set_keygen - Routines to build up DSA methods =head1 SYNOPSIS @@ -21,7 +21,7 @@ DSA_meth_set_keygen - Routines to build up DSA methods DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); const char *DSA_meth_get0_name(const DSA_METHOD *dsam); int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); - int DSA_meth_get_flags(DSA_METHOD *dsam); + int DSA_meth_get_flags(const DSA_METHOD *dsam); int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); @@ -179,11 +179,11 @@ L, L, L =head1 HISTORY -The functions described here were added in OpenSSL version 1.1.0. +The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/DSA_set_method.pod b/vendor/openssl/doc/crypto/DSA_set_method.pod index a64725f7e..d870f56f2 100644 --- a/vendor/openssl/doc/crypto/DSA_set_method.pod +++ b/vendor/openssl/doc/crypto/DSA_set_method.pod @@ -31,8 +31,11 @@ Initially, the default DSA_METHOD is the OpenSSL internal implementation, as returned by DSA_OpenSSL(). DSA_set_default_method() makes B the default method for all DSA -structures created later. B: This is true only whilst no ENGINE has +structures created later. +B: This is true only whilst no ENGINE has been set as a default for DSA, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. DSA_get_default_method() returns a pointer to the current default DSA_METHOD. However, the meaningfulness of this result is dependent on diff --git a/vendor/openssl/doc/crypto/DSA_sign.pod b/vendor/openssl/doc/crypto/DSA_sign.pod index ba0f6b863..b91f89f07 100644 --- a/vendor/openssl/doc/crypto/DSA_sign.pod +++ b/vendor/openssl/doc/crypto/DSA_sign.pod @@ -24,13 +24,12 @@ digest B using the private key B and places its ASN.1 DER encoding at B. The length of the signature is places in *B. B must point to DSA_size(B) bytes of memory. -DSA_sign_setup() may be used to precompute part of the signing -operation in case signature generation is time-critical. It expects -B to contain DSA parameters. It places the precomputed values -in newly allocated Bs at *B and *B, after freeing -the old ones unless *B and *B are NULL. These values may -be passed to DSA_sign() in Bkinv> and Br>. -B is a pre-allocated B or NULL. +DSA_sign_setup() is defined only for backward binary compatibility and +should not be used. +Since OpenSSL 1.1.0 the DSA type is opaque and the output of +DSA_sign_setup() cannot be used anyway: calling this function will only +cause overhead, and does not affect the actual signature +(pre-)computation. DSA_verify() verifies that the signature B of size B matches a given message digest B of size B. @@ -60,7 +59,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/ECDSA_SIG_new.pod b/vendor/openssl/doc/crypto/ECDSA_SIG_new.pod index 9e1f662c6..f544ccbb3 100644 --- a/vendor/openssl/doc/crypto/ECDSA_SIG_new.pod +++ b/vendor/openssl/doc/crypto/ECDSA_SIG_new.pod @@ -114,6 +114,8 @@ returned as a newly allocated B structure (or NULL on error). =head1 RETURN VALUES +ECDSA_SIG_new() returns NULL if the allocation fails. + ECDSA_SIG_set0() returns 1 on success or 0 on failure. ECDSA_size() returns the maximum length signature or 0 on error. @@ -197,7 +199,7 @@ L =head1 COPYRIGHT -Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EC_POINT_new.pod b/vendor/openssl/doc/crypto/EC_POINT_new.pod index 3358a08d8..5ac41b329 100644 --- a/vendor/openssl/doc/crypto/EC_POINT_new.pod +++ b/vendor/openssl/doc/crypto/EC_POINT_new.pod @@ -164,7 +164,7 @@ EC_POINT_set_compressed_coordinates_GF2m() and EC_POINT_oct2point(). EC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT. -EC_POINT_point2oct() and EC_point2buf() return the length of the required +EC_POINT_point2oct() and EC_POINT_point2buf() return the length of the required buffer or 0 on error. EC_POINT_point2bn() returns the pointer to the BIGNUM supplied, or NULL on @@ -186,7 +186,7 @@ L, L =head1 COPYRIGHT -Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/ENGINE_add.pod b/vendor/openssl/doc/crypto/ENGINE_add.pod index 37384f69b..d5a7d7242 100644 --- a/vendor/openssl/doc/crypto/ENGINE_add.pod +++ b/vendor/openssl/doc/crypto/ENGINE_add.pod @@ -589,6 +589,16 @@ might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and ENGINE could therefore decide whether or not to support this "foo"-specific extension). +=head1 ENVIRONMENT + +=over 4 + +=item B + +The path to the engines directory. + +=back + =head1 SEE ALSO L, L, L, L, L @@ -601,7 +611,7 @@ OPENSSL_init_crypto(). =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EVP_CIPHER_meth_new.pod b/vendor/openssl/doc/crypto/EVP_CIPHER_meth_new.pod index ef47f0fdb..08e8290be 100644 --- a/vendor/openssl/doc/crypto/EVP_CIPHER_meth_new.pod +++ b/vendor/openssl/doc/crypto/EVP_CIPHER_meth_new.pod @@ -10,7 +10,7 @@ EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, -EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods +EVP_CIPHER_meth_get_ctrl - Routines to build up EVP_CIPHER methods =head1 SYNOPSIS @@ -204,17 +204,32 @@ EVP_CIPHER_CTX_get_cipher_data(). This cleanup function is called by EVP_CIPHER_CTX_reset() and EVP_CIPHER_CTX_free(). +EVP_CIPHER_meth_set_set_asn1_params() sets the function for B +to set the AlgorithmIdentifier "parameter" based on the passed cipher. +This function is called by EVP_CIPHER_param_to_asn1(). +EVP_CIPHER_meth_set_get_asn1_params() sets the function for B +that sets the cipher parameters based on an ASN.1 AlgorithmIdentifier +"parameter". +Both these functions are needed when there is a need for custom data +(more or other than the cipher IV). +They are called by EVP_CIPHER_param_to_asn1() and +EVP_CIPHER_asn1_to_param() respectively if defined. + EVP_CIPHER_meth_set_ctrl() sets the control function for B. +EVP_CIPHER_meth_get_init(), EVP_CIPHER_meth_get_do_cipher(), +EVP_CIPHER_meth_get_cleanup(), EVP_CIPHER_meth_get_set_asn1_params(), +EVP_CIPHER_meth_get_get_asn1_params() and EVP_CIPHER_meth_get_ctrl() +are all used to retrieve the method data given with the +EVP_CIPHER_meth_set_*() functions above. + =head1 RETURN VALUES -EVP_CIPHER_meth_get_input_blocksize(), EVP_CIPHER_meth_get_result_size(), -EVP_CIPHER_meth_get_app_datasize(), EVP_CIPHER_meth_get_flags(), -EVP_CIPHER_meth_get_init(), EVP_CIPHER_meth_get_update(), -EVP_CIPHER_meth_get_final(), EVP_CIPHER_meth_get_copy(), -EVP_CIPHER_meth_get_cleanup() and EVP_CIPHER_meth_get_ctrl() are all used -to retrieve the method data given with the EVP_CIPHER_meth_set_*() -functions above. +EVP_CIPHER_meth_new() and EVP_CIPHER_meth_dup() return a pointer to a +newly created B, or NULL on failure. +All EVP_CIPHER_meth_set_*() functions return 1. +All EVP_CIPHER_meth_get_*() functions return pointers to their +respective B function. =head1 SEE ALSO @@ -223,12 +238,12 @@ L =head1 HISTORY The B structure was openly available in OpenSSL before version -1.1. -The functions described here were added in OpenSSL version 1.1. +1.1.0. +The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EVP_DigestInit.pod b/vendor/openssl/doc/crypto/EVP_DigestInit.pod index bb7ef7a28..9fda29ba0 100644 --- a/vendor/openssl/doc/crypto/EVP_DigestInit.pod +++ b/vendor/openssl/doc/crypto/EVP_DigestInit.pod @@ -3,11 +3,12 @@ =head1 NAME EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, +EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, -EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1, -EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2, +EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_CTX_md_data, EVP_md_null, EVP_md2, +EVP_md5, EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2, EVP_ripemd160, EVP_blake2b512, EVP_blake2s256, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines @@ -18,6 +19,9 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines EVP_MD_CTX *EVP_MD_CTX_new(void); int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); void EVP_MD_CTX_free(EVP_MD_CTX *ctx); + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); + void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); + int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); @@ -41,6 +45,7 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines int EVP_MD_CTX_size(const EVP_MD *ctx); int EVP_MD_CTX_block_size(const EVP_MD *ctx); int EVP_MD_CTX_type(const EVP_MD *ctx); + void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); const EVP_MD *EVP_md_null(void); const EVP_MD *EVP_md2(void); @@ -73,6 +78,9 @@ to reuse an already existing context. EVP_MD_CTX_free() cleans up digest context B and frees up the space allocated to it. +EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() +sets, clears and tests B flags. See L below for more information. + EVP_DigestInit_ex() sets up digest context B to use a digest B from ENGINE B. B must be initialized before calling this function. B will typically be supplied by a function such as EVP_sha1(). @@ -117,6 +125,11 @@ representing the given message digest when passed an B structure. For example EVP_MD_type(EVP_sha1()) returns B. This function is normally used when setting ASN1 OIDs. +EVP_MD_CTX_md_data() return the digest method private data for the passed +B. +The space is allocated by OpenSSL and has the size originally set with +EVP_MD_meth_set_app_datasize(). + EVP_MD_CTX_md() returns the B structure corresponding to the passed B. @@ -139,6 +152,38 @@ EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() return an B structure when passed a digest name, a digest NID or an ASN1_OBJECT structure respectively. +=head1 FLAGS + +EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() +can be used the manipulate and test these B flags: + +=over 4 + +=item EVP_MD_CTX_FLAG_ONESHOT + +This flag instructs the digest to optimize for one update only, if possible. + +=for comment EVP_MD_CTX_FLAG_CLEANED is internal, don't mention it + +=for comment EVP_MD_CTX_FLAG_REUSE is internal, don't mention it + +=for comment We currently avoid documenting flags that are only bit holder: +EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, EVP_MD_CTX_FLAGS_PAD_* + +=item EVP_MD_CTX_FLAG_NO_INIT + +This flag instructs EVP_DigestInit() and similar not to initialise the +implementation specific data. + +=item EVP_MD_CTX_FLAG_FINALISE + +Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag. + +=back + =head1 RETURN VALUES EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for @@ -178,7 +223,7 @@ EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. -If digest contexts are not cleaned up after use +If digest contexts are not cleaned up after use, memory leaks will occur. EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), EVP_MD_CTX_type(), @@ -249,7 +294,7 @@ was removed in OpenSSL 1.1.0 =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EVP_DigestSignInit.pod b/vendor/openssl/doc/crypto/EVP_DigestSignInit.pod index 7ec06b7a2..a3938d580 100644 --- a/vendor/openssl/doc/crypto/EVP_DigestSignInit.pod +++ b/vendor/openssl/doc/crypto/EVP_DigestSignInit.pod @@ -19,26 +19,69 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestSignInit() sets up signing context B to use digest B from ENGINE B and private key B. B must be created with -EVP_MD_CTX_new() before calling this function. If B is not NULL the +EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can -be used to set alternative signing options. +be used to set alternative signing options. Note that any existing value in +B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed +directly by the application (it will be freed automatically when the EVP_MD_CTX +is freed). The digest B may be NULL if the signing algorithm supports it. + +Only EVP_PKEY types that support signing can be used with these functions. This +includes MAC algorithms where the MAC generation is considered as a form of +"signing". Built-in EVP_PKEY types supported by these functions are CMAC, DSA, +ECDSA, HMAC and RSA. + +Not all digests can be used for all key types. The following combinations apply. + +=over 4 + +=item DSA + +Supports SHA1, SHA224, SHA256, SHA384 and SHA512 + +=item ECDSA + +Supports SHA1, SHA224, SHA256, SHA384 and SHA512 + +=item RSA with no padding + +Supports no digests (the digest B must be NULL) + +=item RSA with X931 padding + +Supports SHA1, SHA256, SHA384 and SHA512 + +=item All other RSA padding types + +Support SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +RIPEMD160 + +=item HMAC + +Supports any digest + +=item CMAC + +Will ignore any digest provided. + +=back EVP_DigestSignUpdate() hashes B bytes of data at B into the signature context B. This function can be called several times on the same B to include additional data. This function is currently implemented using a macro. -EVP_DigestSignFinal() signs the data in B places the signature in B. +EVP_DigestSignFinal() signs the data in B and places the signature in B. If B is B then the maximum size of the output buffer is written to the B parameter. If B is not B then before the call the -B parameter should contain the length of the B buffer, if the +B parameter should contain the length of the B buffer. If the call is successful the signature is written to B and the amount of data written to B. =head1 RETURN VALUES EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return -1 for success and 0 or a negative value for failure. In particular a return +1 for success and 0 or a negative value for failure. In particular, a return value of -2 indicates the operation is not supported by the public key algorithm. @@ -62,7 +105,7 @@ The call to EVP_DigestSignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_DigestSignUpdate() and EVP_DigestSignFinal() can be called later to digest and sign additional data. -Since only a copy of the digest context is ever finalized the context must +Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur. @@ -86,7 +129,7 @@ were first added to OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EVP_DigestVerifyInit.pod b/vendor/openssl/doc/crypto/EVP_DigestVerifyInit.pod index ce59422d3..ff1153b64 100644 --- a/vendor/openssl/doc/crypto/EVP_DigestVerifyInit.pod +++ b/vendor/openssl/doc/crypto/EVP_DigestVerifyInit.pod @@ -19,9 +19,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B to use digest B from ENGINE B and public key B. B must be created -with EVP_MD_CTX_new() before calling this function. If B is not NULL the +with EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this -can be used to set alternative verification options. +can be used to set alternative verification options. Note that any existing +value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be +freed directly by the application (it will be freed automatically when the +EVP_MD_CTX is freed). EVP_DigestVerifyUpdate() hashes B bytes of data at B into the verification context B. This function can be called several times on the @@ -62,7 +65,7 @@ The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. -Since only a copy of the digest context is ever finalized the context must +Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur. @@ -81,7 +84,7 @@ were first added to OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EVP_EncryptInit.pod b/vendor/openssl/doc/crypto/EVP_EncryptInit.pod index b0832eb9b..d1af772fc 100644 --- a/vendor/openssl/doc/crypto/EVP_EncryptInit.pod +++ b/vendor/openssl/doc/crypto/EVP_EncryptInit.pod @@ -31,7 +31,7 @@ EVP_aes_256_cbc, EVP_aes_256_ecb, EVP_aes_256_cfb, EVP_aes_256_ofb, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, -EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256 +EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_chacha20, EVP_chacha20_poly1305 - EVP cipher routines =head1 SYNOPSIS @@ -45,38 +45,38 @@ EVP_chacha20, EVP_chacha20_poly1305 - EVP cipher routines void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); + ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv, int enc); + const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); @@ -448,9 +448,8 @@ either be 16 or the value previously set via EVP_CTRL_OCB_SET_TAGLEN. EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag); Sets the expected tag to B bytes from B. This call is only legal -when decrypting data and must be made B any data is processed (e.g. -before any EVP_DecryptUpdate() call). For OCB mode the taglen must -either be 16 or the value previously set via EVP_CTRL_AEAD_SET_TAG. +when decrypting data. For OCB mode the taglen must either be 16 or the value +previously set via EVP_CTRL_AEAD_SET_TAG. In OCB mode calling this with B set to NULL sets the tag length. The tag length can only be set before specifying an IV. If not called a default tag @@ -652,7 +651,7 @@ EVP_CIPHER_CTX_reset(). =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EVP_MD_meth_new.pod b/vendor/openssl/doc/crypto/EVP_MD_meth_new.pod index c15a31e7f..4dac67226 100644 --- a/vendor/openssl/doc/crypto/EVP_MD_meth_new.pod +++ b/vendor/openssl/doc/crypto/EVP_MD_meth_new.pod @@ -11,7 +11,7 @@ EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, -EVP_MD_meth_get_ctrl, EVP_MD_CTX_md_data +EVP_MD_meth_get_ctrl - Routines to build up EVP_MD methods =head1 SYNOPSIS @@ -34,7 +34,6 @@ EVP_MD_meth_get_ctrl, EVP_MD_CTX_md_data unsigned char *md)); int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from)); - void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)); @@ -140,7 +139,6 @@ EVP_MD_CTX_free(). EVP_MD_meth_set_ctrl() sets the control function for B. - EVP_MD_meth_get_input_blocksize(), EVP_MD_meth_get_result_size(), EVP_MD_meth_get_app_datasize(), EVP_MD_meth_get_flags(), EVP_MD_meth_get_init(), EVP_MD_meth_get_update(), @@ -149,6 +147,17 @@ EVP_MD_meth_get_cleanup() and EVP_MD_meth_get_ctrl() are all used to retrieve the method data given with the EVP_MD_meth_set_*() functions above. +=head1 RETURN VALUES + +EVP_MD_meth_new() and EVP_MD_meth_dup() return a pointer to a newly +created B, or NULL on failure. +All EVP_MD_meth_set_*() functions return 1. +EVP_MD_get_input_blocksize(), EVP_MD_meth_get_result_size(), +EVP_MD_meth_get_app_datasize() and EVP_MD_meth_get_flags() return the +indicated sizes or flags. +All other EVP_CIPHER_meth_get_*() functions return pointers to their +respective B function. + =head1 SEE ALSO L, L, L @@ -156,11 +165,11 @@ L, L, L =head1 HISTORY The B structure was openly available in OpenSSL before version -1.1. The functions described here were added in OpenSSL version 1.1. +1.1.0. The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EVP_PKEY_ASN1_METHOD.pod b/vendor/openssl/doc/crypto/EVP_PKEY_ASN1_METHOD.pod new file mode 100644 index 000000000..0eece53cf --- /dev/null +++ b/vendor/openssl/doc/crypto/EVP_PKEY_ASN1_METHOD.pod @@ -0,0 +1,358 @@ +=pod + +=head1 NAME + +EVP_PKEY_ASN1_METHOD, +EVP_PKEY_asn1_new, +EVP_PKEY_asn1_copy, +EVP_PKEY_asn1_free, +EVP_PKEY_asn1_add0, +EVP_PKEY_asn1_add_alias, +EVP_PKEY_asn1_set_public, +EVP_PKEY_asn1_set_private, +EVP_PKEY_asn1_set_param, +EVP_PKEY_asn1_set_free, +EVP_PKEY_asn1_set_ctrl, +EVP_PKEY_asn1_set_item, +EVP_PKEY_asn1_set_security_bits, +EVP_PKEY_get0_asn1 +- manipulating and registering EVP_PKEY_ASN1_METHOD structure + +=head1 SYNOPSIS + + #include + + typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + + EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); + void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); + void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); + int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); + int EVP_PKEY_asn1_add_alias(int to, int from); + + void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode) (EVP_PKEY *pk, + X509_PUBKEY *pub), + int (*pub_encode) (X509_PUBKEY *pub, + const EVP_PKEY *pk), + int (*pub_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*pub_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, ASN1_PCTX *pctx), + int (*pkey_size) (const EVP_PKEY *pk), + int (*pkey_bits) (const EVP_PKEY *pk)); + void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, + const PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), + int (*priv_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, + int derlen), + int (*param_encode) (const EVP_PKEY *pkey, + unsigned char **pder), + int (*param_missing) (const EVP_PKEY *pk), + int (*param_copy) (EVP_PKEY *to, + const EVP_PKEY *from), + int (*param_cmp) (const EVP_PKEY *a, + const EVP_PKEY *b), + int (*param_print) (BIO *out, + const EVP_PKEY *pkey, + int indent, + ASN1_PCTX *pctx)); + + void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free) (EVP_PKEY *pkey)); + void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, + long arg1, void *arg2)); + void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + + void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits) (const EVP_PKEY + *pk)); + + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); + +=head1 DESCRIPTION + +B is a structure which holds a set of ASN.1 +conversion, printing and information methods for a specific public key +algorithm. + +There are two places where the B objects are +stored: one is a built-in array representing the standard methods for +different algorithms, and the other one is a stack of user-defined +application-specific methods, which can be manipulated by using +L. + +=head2 Methods + +The methods are the underlying implementations of a particular public +key algorithm present by the B object. + + int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); + int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); + int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); + int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + +The pub_decode() and pub_encode() methods are called to decode / +encode B ASN.1 parameters to / from B. +They MUST return 0 on error, 1 on success. +They're called by L and L. + +The pub_cmp() method is called when two public keys are to be +compared. +It MUST return 1 when the keys are equal, 0 otherwise. +It's called by L. + +The pub_print() method is called to print a public key in humanly +readable text to B, indented B spaces. +It MUST return 0 on error, 1 on success. +It's called by L. + + int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); + int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + +The priv_decode() and priv_encode() methods are called to decode / +encode B form private key to / from B. +They MUST return 0 on error, 1 on success. +They're called by L and L. + +The priv_print() method is called to print a private key in humanly +readable text to B, indented B spaces. +It MUST return 0 on error, 1 on success. +It's called by L. + + int (*pkey_size) (const EVP_PKEY *pk); + int (*pkey_bits) (const EVP_PKEY *pk); + int (*pkey_security_bits) (const EVP_PKEY *pk); + +The pkey_size() method returns the key size in bytes. +It's called by L. + +The pkey_bits() method returns the key size in bits. +It's called by L. + + int (*param_decode) (EVP_PKEY *pkey, + const unsigned char **pder, int derlen); + int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); + int (*param_missing) (const EVP_PKEY *pk); + int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); + int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); + int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + +The param_decode() and param_encode() methods are called to decode / +encode DER formatted parameters to / from B. +They MUST return 0 on error, 1 on success. +They're called by L and the B +L. + +The param_missing() method returns 0 if a key parameter is missing, +otherwise 1. +It's called by L. + +The param_copy() method copies key parameters from B to B. +It MUST return 0 on error, 1 on success. +It's called by L. + +The param_cmp() method compares the parameters of keys B and B. +It MUST return 1 when the keys are equal, 0 when not equal, or a +negative number on error. +It's called by L. + +The param_print() method prints the private key parameters in humanly +readable text to B, indented B spaces. +It MUST return 0 on error, 1 on success. +It's called by L. + + int (*sig_print) (BIO *out, + const X509_ALGOR *sigalg, const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx); + +The sig_print() method prints a signature in humanly readable text to +B, indented B spaces. +B contains the exact signature algorithm. +If the signature in B doesn't correspond to what this method +expects, X509_signature_dump() must be used as a last resort. +It MUST return 0 on error, 1 on success. +It's called by L. + + void (*pkey_free) (EVP_PKEY *pkey); + +The pkey_free() method helps freeing the internals of B. +It's called by L, L, +L, and L. + + int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); + +The pkey_ctrl() method adds extra algorithm specific control. +It's called by L, +L, +L, L, +L, ... + + int (*old_priv_decode) (EVP_PKEY *pkey, + const unsigned char **pder, int derlen); + int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); + +The old_priv_decode() and old_priv_encode() methods decode / encode +they private key B from / to a DER formatted array. +These are exclusively used to help decoding / encoding older (pre +PKCS#8) PEM formatted encrypted private keys. +old_priv_decode() MUST return 0 on error, 1 on success. +old_priv_encode() MUST the return same kind of values as +i2d_PrivateKey(). +They're called by L and L. + + int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); + int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *alg1, X509_ALGOR *alg2, + ASN1_BIT_STRING *sig); + +The item_sign() and item_verify() methods make it possible to have +algorithm specific signatures and verification of them. + +item_sign() MUST return one of: + +=over 4 + +=item <=0 + +error + +=item Z<>1 + +item_sign() did everything, OpenSSL internals just needs to pass the +signature length back. + +=item Z<>2 + +item_sign() did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. + +=item Z<>3 + +item_sign() set the algorithm identifier B and B, +OpenSSL internals should just sign using those algorithms. + +=back + +item_verify() MUST return one of: + +=over 4 + +=item <=0 + +error + +=item Z<>1 + +item_sign() did everything, OpenSSL internals just needs to pass the +signature length back. + +=item Z<>2 + +item_sign() did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. + +=back + +item_verify() and item_sign() are called by L and +L, and by extension, L, +L, L, L, ... + +=head2 Functions + +EVP_PKEY_asn1_new() creates and returns a new B +object, and associates the given B, B, B and +B. +B is a NID, B is the PEM type string, B is a +descriptive string. +The following B are supported: + + ASN1_PKEY_SIGPARAM_NULL + +If B is set, then the signature algorithm +parameters are given the type B by default, otherwise +they will be given the type B (i.e. the parameter is +omitted). +See L for more information. + +EVP_PKEY_asn1_copy() copies an B object from +B to B. +This function is not thread safe, it's recommended to only use this +when initializing the application. + +EVP_PKEY_asn1_free() frees an existing B pointed +by B. + +EVP_PKEY_asn1_add0() adds B to the user defined stack of +methods unless another B with the same NID is +already there. +This function is not thread safe, it's recommended to only use this +when initializing the application. + +EVP_PKEY_asn1_add_alias() creates an alias with the NID B for the +B with NID B unless another +B with the same NID is already added. +This function is not thread safe, it's recommended to only use this +when initializing the application. + +EVP_PKEY_asn1_set_public(), EVP_PKEY_asn1_set_private(), +EVP_PKEY_asn1_set_param(), EVP_PKEY_asn1_set_free(), +EVP_PKEY_asn1_set_ctrl(), EVP_PKEY_asn1_set_item(), and +EVP_PKEY_asn1_set_security_bits() set the diverse methods of the given +B object. + +EVP_PKEY_get0_asn1() finds the B associated +with the key B. + +=head1 RETURN VALUES + +EVP_PKEY_asn1_new() returns NULL on error, or a pointer to an +B object otherwise. + +EVP_PKEY_asn1_add0() and EVP_PKEY_asn1_add_alias() return 0 on error, +or 1 on success. + +EVP_PKEY_get0_asn1() returns NULL on error, or a pointer to a constant +B object otherwise. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/vendor/openssl/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod b/vendor/openssl/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod index 61e0eec52..459e7a02f 100644 --- a/vendor/openssl/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod +++ b/vendor/openssl/doc/crypto/EVP_PKEY_CTX_set_hkdf_md.pod @@ -59,7 +59,7 @@ All these functions are implemented as macros. A context for HKDF can be obtained by calling: - EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_HKDF, NULL); + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); The digest, key, salt and info values must be set before a key is derived or an error occurs. @@ -118,7 +118,7 @@ L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod b/vendor/openssl/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod index f1f0ae4fb..fe35a5ece 100644 --- a/vendor/openssl/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod +++ b/vendor/openssl/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod @@ -50,7 +50,7 @@ All these functions are implemented as macros. A context for the TLS PRF can be obtained by calling: - EVP_PKEY_CTX *pctx = EVP_PKEY_new_id(EVP_PKEY_TLS1_PRF, NULL); + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); The digest, secret value and seed must be set before a key is derived or an error occurs. @@ -98,7 +98,7 @@ L =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EVP_PKEY_asn1_get_count.pod b/vendor/openssl/doc/crypto/EVP_PKEY_asn1_get_count.pod new file mode 100644 index 000000000..9ad2daed4 --- /dev/null +++ b/vendor/openssl/doc/crypto/EVP_PKEY_asn1_get_count.pod @@ -0,0 +1,80 @@ +=pod + +=head1 NAME + +EVP_PKEY_asn1_find, +EVP_PKEY_asn1_find_str, +EVP_PKEY_asn1_get_count, +EVP_PKEY_asn1_get0, +EVP_PKEY_asn1_get0_info +- enumerate public key ASN.1 methods + +=head1 SYNOPSIS + + #include + + int EVP_PKEY_asn1_get_count(void); + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); + int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + int *ppkey_flags, const char **pinfo, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +=head1 DESCRIPTION + +EVP_PKEY_asn1_count() returns a count of the number of public key +ASN.1 methods available: it includes standard methods and any methods +added by the application. + +EVP_PKEY_asn1_get0() returns the public key ASN.1 method B. +The value of B must be between zero and EVP_PKEY_asn1_get_count() +- 1. + +EVP_PKEY_asn1_find() looks up the B with NID +B. +If B isn't B, then it will look up an engine implementing a +B for the NID B and return that instead, +and also set B<*pe> to point at the engine that implements it. + +EVP_PKEY_asn1_find_str() looks up the B with PEM +type string B. +Just like EVP_PKEY_asn1_find(), if B isn't B, then it will +look up an engine implementing a B for the NID +B and return that instead, and also set B<*pe> to point at the +engine that implements it. + +EVP_PKEY_asn1_get0_info() returns the public key ID, base public key +ID (both NIDs), any flags, the method description and PEM type string +associated with the public key ASN.1 method B<*ameth>. + +EVP_PKEY_asn1_count(), EVP_PKEY_asn1_get0(), EVP_PKEY_asn1_find() and +EVP_PKEY_asn1_find_str() are not thread safe, but as long as all +B objects are added before the application gets +threaded, using them is safe. See L. + +=head1 RETURN VALUES + +EVP_PKEY_asn1_count() returns the number of available public key methods. + +EVP_PKEY_asn1_get0() return a public key method or B if B is +out of range. + +EVP_PKEY_asn1_get0_info() returns 0 on failure, 1 on success. + +=head1 SEE ALSO + +L, L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/vendor/openssl/doc/crypto/EVP_PKEY_keygen.pod b/vendor/openssl/doc/crypto/EVP_PKEY_keygen.pod index ed4a3e1db..b1e708fc5 100644 --- a/vendor/openssl/doc/crypto/EVP_PKEY_keygen.pod +++ b/vendor/openssl/doc/crypto/EVP_PKEY_keygen.pod @@ -18,7 +18,7 @@ EVP_PKEY_gen_cb int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); - typedef int (*EVP_PKEY_gen_cb)(EVP_PKEY_CTX *ctx); + typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); diff --git a/vendor/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod b/vendor/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod index e1b7110fe..884cf91cb 100644 --- a/vendor/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod +++ b/vendor/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod @@ -5,10 +5,9 @@ EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, -EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, -EVP_PKEY_get0_hmac, -EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id -- EVP_PKEY assignment functions +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, +EVP_PKEY_assign_EC_KEY, EVP_PKEY_get0_hmac, EVP_PKEY_type, EVP_PKEY_id, +EVP_PKEY_base_id, EVP_PKEY_set1_engine - EVP_PKEY assignment functions =head1 SYNOPSIS @@ -39,6 +38,8 @@ EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_type(int type); + int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); + =head1 DESCRIPTION EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and @@ -72,6 +73,11 @@ often seen in practice. EVP_PKEY_type() returns the underlying type of the NID B. For example EVP_PKEY_type(EVP_PKEY_RSA2) will return B. +EVP_PKEY_set1_engine() sets the ENGINE handling B to B. It +must be called after the key algorithm and components are set up. +If B does not include an B for B an +error occurs. + =head1 NOTES In accordance with the OpenSSL naming convention the key obtained @@ -89,6 +95,9 @@ Previous versions of this document suggested using EVP_PKEY_type(pkey->type) to determine the type of a key. Since B is now opaque this is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). +EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM +key as part of its routine to load a private key. + =head1 RETURN VALUES EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and @@ -104,6 +113,8 @@ and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure. EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key type or B (equivalently B) on error. +EVP_PKEY_set1_engine() returns 1 for success and 0 for failure. + =head1 SEE ALSO L diff --git a/vendor/openssl/doc/crypto/EVP_SignInit.pod b/vendor/openssl/doc/crypto/EVP_SignInit.pod index c40da1ea3..21eb868b1 100644 --- a/vendor/openssl/doc/crypto/EVP_SignInit.pod +++ b/vendor/openssl/doc/crypto/EVP_SignInit.pod @@ -59,11 +59,6 @@ The B interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. -Due to the link between message digests and public key algorithms the correct -digest algorithm must be used with the correct public key type. A list of -algorithms and associated public key algorithms appears in -L. - When signing with DSA private keys the random number generator must be seeded or the operation will fail. The random number generator does not need to be seeded for RSA signatures. @@ -100,7 +95,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/EVP_VerifyInit.pod b/vendor/openssl/doc/crypto/EVP_VerifyInit.pod index ffb6f140b..92146098a 100644 --- a/vendor/openssl/doc/crypto/EVP_VerifyInit.pod +++ b/vendor/openssl/doc/crypto/EVP_VerifyInit.pod @@ -51,11 +51,6 @@ The B interface to digital signatures should almost always be used in preference to the low level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. -Due to the link between message digests and public key algorithms the correct -digest algorithm must be used with the correct public key type. A list of -algorithms and associated public key algorithms appears in -L. - The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. @@ -89,7 +84,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/HMAC.pod b/vendor/openssl/doc/crypto/HMAC.pod index 87f7e3308..219c9ba20 100644 --- a/vendor/openssl/doc/crypto/HMAC.pod +++ b/vendor/openssl/doc/crypto/HMAC.pod @@ -57,7 +57,8 @@ B bytes long. It places the result in B (which must have space for the output of the hash function, which is no more than B bytes). If B is NULL, the digest is placed in a static array. The size of -the output is placed in B, unless it is B. +the output is placed in B, unless it is B. Note: passing a NULL +value for B to use the static array is not thread safe. B can be EVP_sha1(), EVP_ripemd160() etc. diff --git a/vendor/openssl/doc/crypto/OBJ_nid2obj.pod b/vendor/openssl/doc/crypto/OBJ_nid2obj.pod index 3ada6679c..c84adb2e4 100644 --- a/vendor/openssl/doc/crypto/OBJ_nid2obj.pod +++ b/vendor/openssl/doc/crypto/OBJ_nid2obj.pod @@ -54,7 +54,7 @@ constants. OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B to an ASN1_OBJECT structure, its long name and its short name respectively, -or B is an error occurred. +or B if an error occurred. OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID for the object B, the long name or the short name respectively @@ -188,7 +188,7 @@ OBJ_cleanup() was deprecated in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/OCSP_resp_find_status.pod b/vendor/openssl/doc/crypto/OCSP_resp_find_status.pod index 36f66a858..a4e3c1c2f 100644 --- a/vendor/openssl/doc/crypto/OCSP_resp_find_status.pod +++ b/vendor/openssl/doc/crypto/OCSP_resp_find_status.pod @@ -3,10 +3,15 @@ =head1 NAME OCSP_resp_get0_certs, +OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get0_produced_at, +OCSP_resp_get0_signature, +OCSP_resp_get0_tbs_sigalg, +OCSP_resp_get0_respdata, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, -OCSP_single_get0_status, OCSP_check_validity +OCSP_single_get0_status, OCSP_check_validity, +OCSP_basic_verify - OCSP response utility functions =head1 SYNOPSIS @@ -30,8 +35,14 @@ OCSP_single_get0_status, OCSP_check_validity const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( const OCSP_BASICRESP* single); + const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); + const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); + const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); + int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname); @@ -40,6 +51,9 @@ OCSP_single_get0_status, OCSP_check_validity ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + =head1 DESCRIPTION OCSP_resp_find_status() searches B for an OCSP response for B. If it is @@ -70,9 +84,21 @@ B<*revtime>, B<*thisupd> and B<*nextupd>. OCSP_resp_get0_produced_at() extracts the B field from the single response B. +OCSP_resp_get0_signature() returns the signature from B. + +OCSP_resp_get0_tbs_sigalg() returns the B from B. + +OCSP_resp_get0_respdata() returns the B from B. + OCSP_resp_get0_certs() returns any certificates included in B. -OCSP_resp_get0_id() gets the responder id of . If the responder ID is +OCSP_resp_get0_signer() attempts to retrieve the certificate that directly +signed B. The OCSP protocol does not require that this certificate +is included in the B field of the response, so additional certificates +can be supplied in B if the certificates that may have +signed the response are known via some out-of-band mechanism. + +OCSP_resp_get0_id() gets the responder id of B. If the responder ID is a name then <*pname> is set to the name and B<*pid> is set to NULL. If the responder ID is by key ID then B<*pid> is set to the key ID and B<*pname> is set to NULL. @@ -83,6 +109,27 @@ OCSP_single_get0_status(). If B is non-zero it indicates how many seconds leeway should be allowed in the check. If B is positive it indicates the maximum age of B in seconds. +OCSP_basic_verify() checks that the basic response message B is correctly +signed and that the signer certificate can be validated. It takes B as +the trusted store and B as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response +in . It also searches the certificates the responder may have included +in B unless the B contain B. +It fails if the signer certificate cannot be found. +Next, the function checks the signature of B and fails on error +unless the B contain B. Then the function already returns +success if the B contain B or if the signer certificate +was found in B and the B contain B. +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in B and in B are considered as +untrusted certificates for the construction of the validation path for the +signer certificate unless the B flag is set. After successful path +validation the function returns success if the B flag is set. +Otherwise it verifies that the signer certificate meets the OCSP issuer +criteria including potential delegation. If this does not succeed and the +B do not contain B the function checks for explicit +trust for OCSP signing in the root CA certificate. + =head1 RETURN VALUES OCSP_resp_find_status() returns 1 if B is found in B and 0 otherwise. @@ -99,6 +146,12 @@ B was not found. OCSP_single_get0_status() returns the status of B or -1 if an error occurred. +OCSP_resp_get0_signer() returns 1 if the signing certificate was located, +or 0 on error. + +OCSP_basic_verify() returns 1 on success, 0 on error, or -1 on fatal error such +as malloc failure. + =head1 NOTES Applications will typically call OCSP_resp_find_status() using the certificate @@ -129,7 +182,7 @@ L =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/OCSP_response_status.pod b/vendor/openssl/doc/crypto/OCSP_response_status.pod index 81946a639..180ab8d30 100644 --- a/vendor/openssl/doc/crypto/OCSP_response_status.pod +++ b/vendor/openssl/doc/crypto/OCSP_response_status.pod @@ -86,7 +86,7 @@ L =head1 HISTORY The OCSP_RESPID_set_by_name(), OCSP_RESPID_set_by_key() and OCSP_RESPID_match() -functions were added in OpenSSL version 1.1.0a. +functions were added in OpenSSL 1.1.0a. =head1 COPYRIGHT diff --git a/vendor/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/vendor/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod index 9cc1ed1d9..01623bac7 100644 --- a/vendor/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod +++ b/vendor/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod @@ -2,13 +2,14 @@ =head1 NAME -OPENSSL_VERSION_NUMBER, OpenSSL_version, +OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num - get OpenSSL version number =head1 SYNOPSIS #include #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL + #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" #include @@ -45,6 +46,10 @@ Version 0.9.5a had an interim interpretation that is like the current one, except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f. +OPENSSL_VERSION_TEXT is the text variant of the version number and the +release date. For example, +"OpenSSL 1.0.1a 15 Oct 2015". + OpenSSL_version_num() returns the version number. OpenSSL_version() returns different strings depending on B: @@ -96,7 +101,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/OPENSSL_init_crypto.pod b/vendor/openssl/doc/crypto/OPENSSL_init_crypto.pod index f0b3c8aa8..f9664ee35 100644 --- a/vendor/openssl/doc/crypto/OPENSSL_init_crypto.pod +++ b/vendor/openssl/doc/crypto/OPENSSL_init_crypto.pod @@ -190,10 +190,10 @@ resources should be freed at an earlier time, or under the circumstances described in the NOTES section below. The B flag will load a default configuration -file. To specify a different file, an B must -be created and used. The routines -OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can be used to -allocate the object and set the application name, and then the +file. For optional configuration file settings, an B +must be created and used. +The routines OPENSSL_init_new() and OPENSSL_INIT_set_config_appname() can +be used to allocate the object and set the application name, and then the object can be released with OPENSSL_INIT_free() when done. =head1 NOTES @@ -235,7 +235,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/OPENSSL_malloc.pod b/vendor/openssl/doc/crypto/OPENSSL_malloc.pod index 2104f4310..ba5dc1069 100644 --- a/vendor/openssl/doc/crypto/OPENSSL_malloc.pod +++ b/vendor/openssl/doc/crypto/OPENSSL_malloc.pod @@ -68,8 +68,8 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions int CRYPTO_mem_debug_push(const char *info, const char *file, int line); int CRYPTO_mem_debug_pop(void); - void CRYPTO_mem_leaks(BIO *b); - void CRYPTO_mem_leaks_fp(FILE *fp); + int CRYPTO_mem_leaks(BIO *b); + int CRYPTO_mem_leaks_fp(FILE *fp); =head1 DESCRIPTION @@ -197,7 +197,7 @@ only, say, the malloc() implementation is outright dangerous.> =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/OPENSSL_secure_malloc.pod b/vendor/openssl/doc/crypto/OPENSSL_secure_malloc.pod index 3f49abf6f..3f27d76d2 100644 --- a/vendor/openssl/doc/crypto/OPENSSL_secure_malloc.pod +++ b/vendor/openssl/doc/crypto/OPENSSL_secure_malloc.pod @@ -5,8 +5,9 @@ CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, -CRYPTO_secure_free, OPENSSL_secure_actual_size, OPENSSL_secure_allocated, -CRYPTO_secure_used - secure heap storage +OPENSSL_secure_clear_free, CRYPTO_secure_free, CRYPTO_secure_clear_free, +OPENSSL_secure_actual_size, OPENSSL_secure_allocated, CRYPTO_secure_used +- secure heap storage =head1 SYNOPSIS @@ -27,6 +28,9 @@ CRYPTO_secure_used - secure heap storage void OPENSSL_secure_free(void* ptr); void CRYPTO_secure_free(void *ptr, const char *, int); + void OPENSSL_secure_clear_free(void* ptr, size_t num); + void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int); + size_t OPENSSL_secure_actual_size(const void *ptr); int OPENSSL_secure_allocated(const void *ptr); @@ -104,13 +108,17 @@ CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 i CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not. -OPENSSL_secure_free() returns no values. +OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values. =head1 SEE ALSO L, L +=head1 HISTORY + +OPENSSL_secure_clear_free() was added in OpenSSL 1.1.0g. + =head1 COPYRIGHT Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/vendor/openssl/doc/crypto/PEM_read_bio_PrivateKey.pod b/vendor/openssl/doc/crypto/PEM_read_bio_PrivateKey.pod index fbfe975be..b0ba62a3b 100644 --- a/vendor/openssl/doc/crypto/PEM_read_bio_PrivateKey.pod +++ b/vendor/openssl/doc/crypto/PEM_read_bio_PrivateKey.pod @@ -30,7 +30,7 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines #include - typedef int (*pem_password_cb)(char *buf, int size, int rwflag, void *u); + typedef int pem_password_cb(char *buf, int size, int rwflag, void *u); EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); @@ -294,7 +294,7 @@ for it twice) if B is 1. The B parameter has the same value as the B parameter passed to the PEM routine. It allows arbitrary data to be passed to the callback by the application (for example a window handle in a GUI application). The callback -B return the number of characters in the passphrase or 0 if +B return the number of characters in the passphrase or -1 if an error occurred. =head1 EXAMPLES @@ -348,17 +348,16 @@ Skeleton pass phrase callback: int pass_cb(char *buf, int size, int rwflag, void *u) { - int len; - char *tmp; /* We'd probably do something else if 'rwflag' is 1 */ printf("Enter pass phrase for \"%s\"\n", (char *)u); /* get pass phrase, length 'len' into 'tmp' */ - tmp = "hello"; - len = strlen(tmp); - if (len <= 0) - return 0; + char *tmp = "hello"; + if (tmp == NULL) /* An error occurred */ + return -1; + + size_t len = strlen(tmp); if (len > size) len = size; @@ -471,7 +470,7 @@ L, L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/PKCS7_sign.pod b/vendor/openssl/doc/crypto/PKCS7_sign.pod index b5a52da9a..f319f664b 100644 --- a/vendor/openssl/doc/crypto/PKCS7_sign.pod +++ b/vendor/openssl/doc/crypto/PKCS7_sign.pod @@ -46,7 +46,7 @@ required by the S/MIME specifications) if B is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. -The signedData structure includes several PKCS#7 autenticatedAttributes +The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If B is set then no authenticatedAttributes will be used. If B is set then just diff --git a/vendor/openssl/doc/crypto/PKCS7_sign_add_signer.pod b/vendor/openssl/doc/crypto/PKCS7_sign_add_signer.pod index c2a06e7a7..88fef771b 100644 --- a/vendor/openssl/doc/crypto/PKCS7_sign_add_signer.pod +++ b/vendor/openssl/doc/crypto/PKCS7_sign_add_signer.pod @@ -55,7 +55,7 @@ B parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message. -The signedData structure includes several PKCS#7 autenticatedAttributes +The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If B is set then no authenticatedAttributes will be used. If B is set then just diff --git a/vendor/openssl/doc/crypto/RAND_load_file.pod b/vendor/openssl/doc/crypto/RAND_load_file.pod index 39084b2c5..1053a925a 100644 --- a/vendor/openssl/doc/crypto/RAND_load_file.pod +++ b/vendor/openssl/doc/crypto/RAND_load_file.pod @@ -55,7 +55,7 @@ RAND_load_file() in a later session. =head1 RETURN VALUES -RAND_load_file() returns the number of bytes read. +RAND_load_file() returns the number of bytes read or -1 on error. RAND_write_file() returns the number of bytes written, and -1 if the bytes written were generated without appropriate seed. diff --git a/vendor/openssl/doc/crypto/RSA_get0_key.pod b/vendor/openssl/doc/crypto/RSA_get0_key.pod index 52f83e1b9..579a2df00 100644 --- a/vendor/openssl/doc/crypto/RSA_get0_key.pod +++ b/vendor/openssl/doc/crypto/RSA_get0_key.pod @@ -58,6 +58,10 @@ set with RSA_get0_factors() and RSA_set0_factors(), and the B, B and B parameters can be obtained and set with RSA_get0_crt_params() and RSA_set0_crt_params(). +For RSA_get0_key(), RSA_get0_factors(), and RSA_get0_crt_params(), +NULL value BIGNUM ** output parameters are permitted. The functions +ignore NULL parameters but return values for other, non-NULL, parameters. + RSA_set_flags() sets the flags in the B parameter on the RSA object. Multiple flags can be passed in one go (bitwise ORed together). Any flags that are already set are left set. RSA_test_flags() tests to @@ -94,7 +98,7 @@ L, L, L =head1 HISTORY -The functions described here were added in OpenSSL version 1.1.0. +The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/vendor/openssl/doc/crypto/RSA_meth_new.pod b/vendor/openssl/doc/crypto/RSA_meth_new.pod index e46b3984f..8f6d428af 100644 --- a/vendor/openssl/doc/crypto/RSA_meth_new.pod +++ b/vendor/openssl/doc/crypto/RSA_meth_new.pod @@ -24,7 +24,7 @@ RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); const char *RSA_meth_get0_name(const RSA_METHOD *meth); int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); - int RSA_meth_get_flags(RSA_METHOD *meth); + int RSA_meth_get_flags(const RSA_METHOD *meth); int RSA_meth_set_flags(RSA_METHOD *meth, int flags); void *RSA_meth_get0_app_data(const RSA_METHOD *meth); int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); @@ -58,9 +58,9 @@ RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen int padding)); /* Can be null */ int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); + (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); int RSA_meth_set_mod_exp(RSA_METHOD *rsa, - int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, + int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)); /* Can be null */ int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) @@ -221,11 +221,11 @@ L, L, L =head1 HISTORY -The functions described here were added in OpenSSL version 1.1.0. +The functions described here were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/vendor/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod index 30899440a..5b53eb9e9 100644 --- a/vendor/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod +++ b/vendor/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod @@ -104,6 +104,13 @@ The RSA_padding_check_xxx() functions return the length of the recovered data, -1 on error. Error codes can be obtained by calling L. +=head1 WARNING + +The RSA_padding_check_PKCS1_type_2() padding check leaks timing +information which can potentially be used to mount a Bleichenbacher +padding oracle attack. This is an inherent weakness in the PKCS #1 +v1.5 padding design. Prefer PKCS1_OAEP padding. + =head1 SEE ALSO L, diff --git a/vendor/openssl/doc/crypto/RSA_public_encrypt.pod b/vendor/openssl/doc/crypto/RSA_public_encrypt.pod index 05eda9446..b1dd50d75 100644 --- a/vendor/openssl/doc/crypto/RSA_public_encrypt.pod +++ b/vendor/openssl/doc/crypto/RSA_public_encrypt.pod @@ -67,6 +67,13 @@ recovered plaintext. On error, -1 is returned; the error codes can be obtained by L. +=head1 WARNING + +Decryption failures in the RSA_PKCS1_PADDING mode leak information +which can potentially be used to mount a Bleichenbacher padding oracle +attack. This is an inherent weakness in the PKCS #1 v1.5 padding +design. Prefer RSA_PKCS1_OAEP_PADDING. + =head1 CONFORMING TO SSL, PKCS #1 v2.0 diff --git a/vendor/openssl/doc/crypto/RSA_set_method.pod b/vendor/openssl/doc/crypto/RSA_set_method.pod index 7e7d27cf9..668ad7a16 100644 --- a/vendor/openssl/doc/crypto/RSA_set_method.pod +++ b/vendor/openssl/doc/crypto/RSA_set_method.pod @@ -3,7 +3,7 @@ =head1 NAME RSA_set_default_method, RSA_get_default_method, RSA_set_method, -RSA_get_method, RSA_PKCS1_OpenSSL, RSA_null_method, RSA_flags, +RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method - select RSA method =head1 SYNOPSIS @@ -20,8 +20,6 @@ RSA_new_method - select RSA method RSA_METHOD *RSA_PKCS1_OpenSSL(void); - RSA_METHOD *RSA_null_method(void); - int RSA_flags(const RSA *rsa); RSA *RSA_new_method(ENGINE *engine); @@ -38,8 +36,11 @@ Initially, the default RSA_METHOD is the OpenSSL internal implementation, as returned by RSA_PKCS1_OpenSSL(). RSA_set_default_method() makes B the default method for all RSA -structures created later. B: This is true only whilst no ENGINE has +structures created later. +B: This is true only whilst no ENGINE has been set as a default for RSA, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. RSA_get_default_method() returns a pointer to the current default RSA_METHOD. However, the meaningfulness of this result is dependent on @@ -168,6 +169,11 @@ not currently exist). L +=head1 HISTORY + +The RSA_null_method(), which was a partial attempt to avoid patent issues, +was replaced to always return NULL in OpenSSL 1.1.0f. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/vendor/openssl/doc/crypto/SCT_new.pod b/vendor/openssl/doc/crypto/SCT_new.pod index 23595e105..fb395a51a 100644 --- a/vendor/openssl/doc/crypto/SCT_new.pod +++ b/vendor/openssl/doc/crypto/SCT_new.pod @@ -11,7 +11,7 @@ SCT_get_signature_nid, SCT_set_signature_nid, SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, SCT_get_source, SCT_set_source - - A Certificate Transparency Signed Certificate Timestamp +- A Certificate Transparency Signed Certificate Timestamp =head1 SYNOPSIS diff --git a/vendor/openssl/doc/crypto/SMIME_read_PKCS7.pod b/vendor/openssl/doc/crypto/SMIME_read_PKCS7.pod index 3eb8bbc9a..c11090891 100644 --- a/vendor/openssl/doc/crypto/SMIME_read_PKCS7.pod +++ b/vendor/openssl/doc/crypto/SMIME_read_PKCS7.pod @@ -57,7 +57,7 @@ streaming single pass option should be available. =head1 RETURN VALUES SMIME_read_PKCS7() returns a valid B structure or B -is an error occurred. The error can be obtained from ERR_get_error(3). +if an error occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO @@ -68,7 +68,7 @@ L =head1 COPYRIGHT -Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod b/vendor/openssl/doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod new file mode 100644 index 000000000..2746d5018 --- /dev/null +++ b/vendor/openssl/doc/crypto/SSL_CTX_set_tlsext_use_srtp.pod @@ -0,0 +1,111 @@ +=pod + +=head1 NAME + +SSL_CTX_set_tlsext_use_srtp, +SSL_set_tlsext_use_srtp, +SSL_get_srtp_profiles, +SSL_get_selected_srtp_profile +- Configure and query SRTP support + +=head1 SYNOPSIS + + #include + + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); + int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); + + STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); + SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +=head1 DESCRIPTION + +SRTP is the Secure Real-Time Transport Protocol. OpenSSL implements support for +the "use_srtp" DTLS extension defined in RFC5764. This provides a mechanism for +establishing SRTP keying material, algorithms and parameters using DTLS. This +capability may be used as part of an implementation that conforms to RFC5763. +OpenSSL does not implement SRTP itself or RFC5763. Note that OpenSSL does not +support the use of SRTP Master Key Identifiers (MKIs). Also note that this +extension is only supported in DTLS. Any SRTP configuration will be ignored if a +TLS connection is attempted. + +An OpenSSL client wishing to send the "use_srtp" extension should call +SSL_CTX_set_tlsext_use_srtp() to set its use for all SSL objects subsequently +created from an SSL_CTX. Alternatively a client may call +SSL_set_tlsext_use_srtp() to set its use for an individual SSL object. The +B parameters should point to a NUL-terminated, colon delimited list of +SRTP protection profile names. + +The currently supported protection profile names are: + +=over 4 + +=item SRTP_AES128_CM_SHA1_80 + +This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764. + +=item SRTP_AES128_CM_SHA1_32 + +This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764. + +=item SRTP_AEAD_AES_128_GCM + +This corresponds to the profile of the same name defined in RFC7714. + +=item SRTP_AEAD_AES_256_GCM + +This corresponds to the profile of the same name defined in RFC7714. + +=back + +Supplying an unrecognised protection profile name will result in an error. + +An OpenSSL server wishing to support the "use_srtp" extension should also call +SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() to indicate the +protection profiles that it is willing to negotiate. + +The currently configured list of protection profiles for either a client or a +server can be obtained by calling SSL_get_srtp_profiles(). This returns a stack +of SRTP_PROTECTION_PROFILE objects. The memory pointed to in the return value of +this function should not be freed by the caller. + +After a handshake has been completed the negotiated SRTP protection profile (if +any) can be obtained (on the client or the server) by calling +SSL_get_selected_srtp_profile(). This function will return NULL if no SRTP +protection profile was negotiated. The memory returned from this function should +not be freed by the caller. + +If an SRTP protection profile has been sucessfully negotiated then the SRTP +keying material (on both the client and server) should be obtained via a call to +L. This call should provide a label value of +"EXTRACTOR-dtls_srtp" and a NULL context value (use_context is 0). The total +length of keying material obtained should be equal to two times the sum of the +master key length and the salt length as defined for the protection profile in +use. This provides the client write master key, the server write master key, the +client write master salt and the server write master salt in that order. + +=head1 RETURN VALUES + +SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success +or 1 on error. + +SSL_get_srtp_profiles() returns a stack of SRTP_PROTECTION_PROFILE objects on +success or NULL on error or if no protection profiles have been configured. + +SSL_get_selected_srtp_profile() returns a pointer to an SRTP_PROTECTION_PROFILE +object if one has been negotiated or NULL otherwise. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/vendor/openssl/doc/crypto/UI_STRING.pod b/vendor/openssl/doc/crypto/UI_STRING.pod index 12d5a40b3..340d9b2ae 100644 --- a/vendor/openssl/doc/crypto/UI_STRING.pod +++ b/vendor/openssl/doc/crypto/UI_STRING.pod @@ -99,9 +99,9 @@ UI_get0_output_string() returns the UI string output string. UI_get0_action_string() returns the UI string action description string for B type UI strings, NULL for any other type. -UI_get0_result_string() returns the UI string action description -string for B and B type UI strings, NULL for -any other type. +UI_get0_result_string() returns the UI string result buffer for +B and B type UI strings, NULL for any other +type. UI_get0_test_string() returns the UI string action description string for B type UI strings, NULL for any other type. diff --git a/vendor/openssl/doc/crypto/X509_LOOKUP_hash_dir.pod b/vendor/openssl/doc/crypto/X509_LOOKUP_hash_dir.pod index 5f8dfa93b..4f2768d4f 100644 --- a/vendor/openssl/doc/crypto/X509_LOOKUP_hash_dir.pod +++ b/vendor/openssl/doc/crypto/X509_LOOKUP_hash_dir.pod @@ -117,10 +117,11 @@ L, L, L, L, +L, =head1 COPYRIGHT -Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/X509_LOOKUP_meth_new.pod b/vendor/openssl/doc/crypto/X509_LOOKUP_meth_new.pod new file mode 100644 index 000000000..fb165fd6a --- /dev/null +++ b/vendor/openssl/doc/crypto/X509_LOOKUP_meth_new.pod @@ -0,0 +1,189 @@ +=pod + +=head1 NAME + +X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, +X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, +X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, +X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, +X509_LOOKUP_meth_get_shutdown, +X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, +X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, +X509_LOOKUP_meth_get_get_by_subject, +X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, +X509_LOOKUP_meth_get_get_by_issuer_serial, +X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, +X509_LOOKUP_meth_get_get_by_fingerprint, +X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, +X509_LOOKUP_meth_get_get_by_alias, +X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, +X509_LOOKUP_get_store, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL +- Routines to build up X509_LOOKUP methods + +=head1 SYNOPSIS + + #include + + X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); + void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); + + int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)); + int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)); + void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)); + int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)); + int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx); + + typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl_fn); + X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn fn); + X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + X509_NAME *name, + ASN1_INTEGER *serial, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_issuer_serial( + X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); + X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( + const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const unsigned char* bytes, + int len, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn fn); + X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method); + + typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, + X509_LOOKUP_TYPE type, + const char *str, + int len, + X509_OBJECT *ret); + int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn fn); + X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method); + + int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); + void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); + + X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); + + int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); + int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); + +=head1 DESCRIPTION + +The B type is a structure used for the implementation of new +X509_LOOKUP types. It provides a set of functions used by OpenSSL for the +implementation of various X509 and X509_CRL lookup capabilities. One instance +of an X509_LOOKUP_METHOD can be associated to many instantiations of an +B structure. + +X509_LOOKUP_meth_new() creates a new B structure. It should +be given a human-readable string containing a brief description of the lookup +method. + +X509_LOOKUP_meth_free() destroys a B structure. + +X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the +function that is called when an B object is created with +X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP +specific data, the supplied new_item function should allocate this data and +invoke X509_LOOKUP_set_method_data(). + +X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function +that is used to free any method data that was allocated and set from within +new_item function. + +X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the +function that is used to initialize the method data that was set with +X509_LOOKUP_set_method_data() as part of the new_item routine. + +X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set +the function that is used to shut down the method data whose state was +previously initialized in the init function. + +X509_LOOKUP_meth_get_ctrl() and X509_LOOKUP_meth_set_ctrl() get and set a +function to be used to handle arbitrary control commands issued by +X509_LOOKUP_ctrl(). The control function is given the X509_LOOKUP +B, along with the arguments passed by X509_LOOKUP_ctrl. B is +an arbitrary integer that defines some operation. B is a pointer +to an array of characters. B is an integer. B, if set, +points to a location where any return data should be written to. How +B and B are used depends entirely on the control function. + + +X509_LOOKUP_set_get_by_subject(), X509_LOOKUP_set_get_by_issuer_serial(), +X509_LOOKUP_set_get_by_fingerprint(), X509_LOOKUP_set_get_by_alias() set +the functions used to retrieve an X509 or X509_CRL object by the object's +subject, issuer, fingerprint, and alias respectively. These functions are given +the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters +related to the lookup, and an X509_OBJECT that will receive the requested +object. + +Implementations should use either X509_OBJECT_set1_X509() or +X509_OBJECT_set1_X509_CRL() to set the result. Any method data that was +created as a result of the new_item function set by +X509_LOOKUP_meth_set_new_item() can be accessed with +X509_LOOKUP_get_method_data(). The B object that owns the +X509_LOOKUP may be accessed with X509_LOOKUP_get_store(). Successful lookups +should return 1, and unsuccessful lookups should return 0. + +X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(), +X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve +the function set by the corresponding setter. + +=head1 RETURN VALUES + +The B functions return 1 on success or 0 on error. + +The B functions return the corresponding function +pointers. + +=head1 SEE ALSO + +L, L + +=head1 HISTORY + +The functions described here were added in OpenSSL 1.1.0i. + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/vendor/openssl/doc/crypto/X509_STORE_get0_param.pod b/vendor/openssl/doc/crypto/X509_STORE_get0_param.pod index 2144f2b0a..0aed725ad 100644 --- a/vendor/openssl/doc/crypto/X509_STORE_get0_param.pod +++ b/vendor/openssl/doc/crypto/X509_STORE_get0_param.pod @@ -43,7 +43,7 @@ L =head1 HISTORY B and B were added in -OpenSSL version 1.1.0. +OpenSSL 1.1.0. =head1 COPYRIGHT diff --git a/vendor/openssl/doc/crypto/X509_STORE_set_verify_cb_func.pod b/vendor/openssl/doc/crypto/X509_STORE_set_verify_cb_func.pod index 68d6a6506..12a464674 100644 --- a/vendor/openssl/doc/crypto/X509_STORE_set_verify_cb_func.pod +++ b/vendor/openssl/doc/crypto/X509_STORE_set_verify_cb_func.pod @@ -30,7 +30,7 @@ X509_STORE_get_verify_cb, X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, -X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn +X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn - set verification callback diff --git a/vendor/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/vendor/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index d081d98b1..320b258a8 100644 --- a/vendor/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/vendor/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -11,7 +11,9 @@ X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, -X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, +X509_VERIFY_PARAM_set_hostflags, +X509_VERIFY_PARAM_get_hostflags, +X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters @@ -54,6 +56,7 @@ X509_VERIFY_PARAM_set1_ip_asc const char *name, size_t namelen); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags); + unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, size_t emaillen); @@ -130,14 +133,32 @@ B clearing any previously specified host name or names. If B is NULL, or empty the list of hostnames is cleared, and name checks are not performed on the peer certificate. If B is NUL-terminated, B may be zero, otherwise B -must be set to the length of B. When a hostname is specified, +must be set to the length of B. + +When a hostname is specified, certificate verification automatically invokes L with flags equal to the B argument given to X509_VERIFY_PARAM_set_hostflags() (default zero). Applications are strongly advised to use this interface in preference to explicitly -calling L, hostname checks are out of scope +calling L, hostname checks may be out of scope with the DANE-EE(3) certificate usage, and the internal check will -be suppressed as appropriate when DANE support is added to OpenSSL. +be suppressed as appropriate when DANE verification is enabled. + +When the subject CommonName will not be ignored, whether as a result of the +B host flag, or because no DNS subject +alternative names are present in the certificate, any DNS name constraints in +issuer certificates apply to the subject CommonName as well as the subject +alternative name extension. + +When the subject CommonName will be ignored, whether as a result of the +B host flag, or because some DNS subject +alternative names are present in the certificate, DNS name constraints in +issuer certificates will not be applied to the subject DN. +As described in X509_check_host(3) the B +flag takes precendence over the B flag. + +X509_VERIFY_PARAM_get_hostflags() returns any host flags previously set via a +call to X509_VERIFY_PARAM_set_hostflags(). X509_VERIFY_PARAM_add1_host() adds B as an additional reference identifier that can match the peer's certificate. Any previous names @@ -186,6 +207,8 @@ failure. X509_VERIFY_PARAM_get_flags() returns the current verification flags. +X509_VERIFY_PARAM_get_hostflags() returns any current host flags. + X509_VERIFY_PARAM_get_inh_flags() returns the current inheritance flags. X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return @@ -248,10 +271,14 @@ check the signature anyway. A side effect of not checking the root CA signature is that disabled or unsupported message digests on the root CA are not treated as fatal errors. -If B is set, when constructing the certificate chain, -L will search the trust store for issuer certificates before -searching the provided untrusted certificates. -As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. +When B is set, construction of the certificate chain +in L will search the trust store for issuer certificates +before searching the provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store have +explicit trust settings (see "TRUST SETTINGS" in L). +As of OpenSSL 1.1.0 this option is on by default. The B flag suppresses checking for alternative chains. @@ -263,6 +290,19 @@ found that is trusted. As of OpenSSL 1.1.0, with B always set, this option has no effect. +The B flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root CA certificates. +This makes it possible to trust certificates issued by an intermediate CA +without having to trust its ancestor root CA. +With OpenSSL 1.1.0 and later and set, chain +construction stops as soon as the first certificate from the trust store is +added to the chain, whether that certificate is a self-signed "root" +certificate or a not self-signed intermediate certificate. +Thus, when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may be shorter than it otherwise would +be without the B flag. + The B flag suppresses checking the validity period of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() is used to specify a verification time, the check is not suppressed. @@ -321,7 +361,8 @@ connections associated with an B structure B: L, L, L, -L +L, +L =head1 HISTORY @@ -329,9 +370,11 @@ The B flag was added in OpenSSL 1.1.0 The legacy B flag is deprecated as of OpenSSL 1.1.0, and has no effect. +X509_VERIFY_PARAM_get_hostflags() was added in OpenSSL 1.1.0i. + =head1 COPYRIGHT -Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/X509_check_host.pod b/vendor/openssl/doc/crypto/X509_check_host.pod index 93848152b..fb9f6a64e 100644 --- a/vendor/openssl/doc/crypto/X509_check_host.pod +++ b/vendor/openssl/doc/crypto/X509_check_host.pod @@ -93,6 +93,9 @@ consider the subject DN even if the certificate contains no subject alternative names of the right type (DNS name or email address as appropriate); the default is to use the subject DN when no corresponding subject alternative names are present. +If both B and +B are specified, the latter takes +precedence and the subject DN is not checked for matching names. If set, B disables wildcard expansion; this only applies to B. @@ -128,9 +131,9 @@ NULs. Applications are encouraged to use X509_VERIFY_PARAM_set1_host() rather than explicitly calling L. Host name -checks are out of scope with the DANE-EE(3) certificate usage, +checks may be out of scope with the DANE-EE(3) certificate usage, and the internal checks will be suppressed as appropriate when -DANE support is added to OpenSSL. +DANE support is enabled. =head1 SEE ALSO @@ -147,7 +150,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/X509_cmp_time.pod b/vendor/openssl/doc/crypto/X509_cmp_time.pod new file mode 100644 index 000000000..5bf511145 --- /dev/null +++ b/vendor/openssl/doc/crypto/X509_cmp_time.pod @@ -0,0 +1,39 @@ +=pod + +=head1 NAME + +X509_cmp_time - X509 time functions + +=head1 SYNOPSIS + + X509_cmp_time(const ASN1_TIME *asn1_time, time_t *cmp_time); + +=head1 DESCRIPTION + +X509_cmp_time() compares the ASN1_TIME in B with the time in +. + +B must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., +its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ. + +If B is NULL the current time is used. + +=head1 BUGS + +Unlike many standard comparison functions, X509_cmp_time returns 0 on error. + +=head1 RETURN VALUES + +X509_cmp_time() returns -1 if B is earlier than, or equal to, +B, and 1 otherwise. It returns 0 on error. + +=head1 COPYRIGHT + +Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/vendor/openssl/doc/crypto/X509_digest.pod b/vendor/openssl/doc/crypto/X509_digest.pod index 6f78a5cbb..3c76c8fdf 100644 --- a/vendor/openssl/doc/crypto/X509_digest.pod +++ b/vendor/openssl/doc/crypto/X509_digest.pod @@ -5,7 +5,7 @@ X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, -X509_REQ_digest +X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest - get digest of various objects diff --git a/vendor/openssl/doc/crypto/X509_get_notBefore.pod b/vendor/openssl/doc/crypto/X509_get0_notBefore.pod similarity index 99% rename from vendor/openssl/doc/crypto/X509_get_notBefore.pod rename to vendor/openssl/doc/crypto/X509_get0_notBefore.pod index 82502f658..0427d4122 100644 --- a/vendor/openssl/doc/crypto/X509_get_notBefore.pod +++ b/vendor/openssl/doc/crypto/X509_get0_notBefore.pod @@ -36,7 +36,7 @@ the call. X509_getm_notBefore() and X509_getm_notAfter() are similar to X509_get0_notBefore() and X509_get0_notAfter() except they return non-constant mutable references to the associated date field of -the certficate. +the certificate. X509_set1_notBefore() and X509_set1_notAfter() set the B and B fields of B to B. Ownership of the passed diff --git a/vendor/openssl/doc/crypto/X509_get_extension_flags.pod b/vendor/openssl/doc/crypto/X509_get_extension_flags.pod index c78e4573c..c07ef972e 100644 --- a/vendor/openssl/doc/crypto/X509_get_extension_flags.pod +++ b/vendor/openssl/doc/crypto/X509_get_extension_flags.pod @@ -3,6 +3,7 @@ =head1 NAME X509_get0_subject_key_id, +X509_get0_authority_key_id, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, @@ -20,6 +21,7 @@ X509_get_proxy_pathlen - retrieve certificate extension data uint32_t X509_get_key_usage(X509 *x); uint32_t X509_get_extended_key_usage(X509 *x); const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); + const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); void X509_set_proxy_flag(X509 *x); void X509_set_proxy_pathlen(int l); long X509_get_proxy_pathlen(X509 *x); @@ -109,6 +111,10 @@ X509_get0_subject_key_id() returns an internal pointer to the subject key identifier of B as an B or B if the extension is not present or cannot be parsed. +X509_get0_authority_key_id() returns an internal pointer to the authority key +identifier of B as an B or B if the extension +is not present or cannot be parsed. + X509_set_proxy_flag() marks the certificate with the B flag. This is for the users who need to mark non-RFC3820 proxy certificates as such, as OpenSSL only detects RFC3820 compliant ones. @@ -165,7 +171,7 @@ X509_get_proxy_pathlen() were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/ct.pod b/vendor/openssl/doc/crypto/ct.pod index 355204d2a..60718b3f6 100644 --- a/vendor/openssl/doc/crypto/ct.pod +++ b/vendor/openssl/doc/crypto/ct.pod @@ -1,5 +1,7 @@ =pod +=for comment openssl_manual_section:7 + =head1 NAME ct - Certificate Transparency diff --git a/vendor/openssl/doc/crypto/d2i_PrivateKey.pod b/vendor/openssl/doc/crypto/d2i_PrivateKey.pod index 30caeebcb..f5b4667ac 100644 --- a/vendor/openssl/doc/crypto/d2i_PrivateKey.pod +++ b/vendor/openssl/doc/crypto/d2i_PrivateKey.pod @@ -2,7 +2,8 @@ =head1 NAME -d2i_PrivateKey, d2i_AutoPrivateKey, i2d_PrivateKey, +d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, +i2d_PrivateKey, i2d_PublicKey, d2i_PrivateKey_bio, d2i_PrivateKey_fp - decode and encode functions for reading and saving EVP_PKEY structures @@ -12,9 +13,12 @@ d2i_PrivateKey_bio, d2i_PrivateKey_fp EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length); + EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length); int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) @@ -25,12 +29,14 @@ d2i_PrivateKey() decodes a private key using algorithm B. It attempts to use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The B parameter should be a public key algorithm constant such as B. An error occurs if the decoded key does not match B. +d2i_PublicKey() does the same for public keys. d2i_AutoPrivateKey() is similar to d2i_PrivateKey() except it attempts to automatically detect the private key format. i2d_PrivateKey() encodes B. It uses a key specific format or, if none is defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. +i2d_PublicKey() does the same for public keys. These functions are similar to the d2i_X509() functions; see L. diff --git a/vendor/openssl/doc/crypto/d2i_X509.pod b/vendor/openssl/doc/crypto/d2i_X509.pod index f78d02065..1fbe5cad4 100644 --- a/vendor/openssl/doc/crypto/d2i_X509.pod +++ b/vendor/openssl/doc/crypto/d2i_X509.pod @@ -46,6 +46,7 @@ d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSAPublicKey, +d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio, d2i_DSA_PUBKEY_fp, d2i_DSA_SIG, @@ -121,7 +122,6 @@ d2i_POLICYINFO, d2i_POLICYQUALINFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, -d2i_PublicKey, d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp, @@ -217,6 +217,7 @@ i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio, i2d_DSAPrivateKey_fp, i2d_DSAPublicKey, +i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSA_SIG, @@ -353,11 +354,11 @@ i2d_X509_VAL, =for comment generic - TYPE *d2i_TYPE(TYPE **a, unsigned char **pp, long length); + TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); - int i2d_TYPE(TYPE *a, unsigned char **pp); + int i2d_TYPE(TYPE *a, unsigned char **ppout); int i2d_TYPE_fp(FILE *fp, TYPE *a); int i2d_TYPE_bio(BIO *bp, TYPE *a); @@ -365,14 +366,16 @@ i2d_X509_VAL, In the description here, I is used a placeholder for any of the OpenSSL datatypes, such as I. +The function parameters I and I are generally +either both named I in the headers, or I and I. These functions convert OpenSSL objects to and from their ASN.1/DER encoding. Unlike the C structures which can have pointers to sub-objects within, the DER is a serialized encoding, suitable for sending over the network, writing to a file, and so on. -d2i_TYPE() attempts to decode B bytes at B<*in>. If successful a -pointer to the B structure is returned and B<*in> is incremented to +d2i_TYPE() attempts to decode B bytes at B<*ppin>. If successful a +pointer to the B structure is returned and B<*ppin> is incremented to the byte following the parsed data. If B is not B then a pointer to the returned structure is also written to B<*a>. If an error occurred then B is returned. @@ -390,13 +393,13 @@ d2i_TYPE_fp() is similar to d2i_TYPE() except it attempts to parse data from FILE pointer B. i2d_TYPE() encodes the structure pointed to by B into DER format. -If B is not B, it writes the DER encoded data to the buffer -at B<*out>, and increments it to point after the data just written. +If B is not B, it writes the DER encoded data to the buffer +at B<*ppout>, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data. -If B<*out> is B memory will be allocated for a buffer and the encoded -data written to it. In this case B<*out> is not incremented and it points +If B<*ppout> is B memory will be allocated for a buffer and the encoded +data written to it. In this case B<*ppout> is not incremented and it points to the start of the data just written. i2d_TYPE_bio() is similar to i2d_TYPE() except it writes @@ -427,7 +430,7 @@ Therefore any FILE pointers or BIOs should be opened in binary mode. Functions such as strlen() will B return the correct length of the encoded structure. -The ways that B<*in> and B<*out> are incremented after the operation +The ways that B<*ppin> and B<*ppout> are incremented after the operation can trap the unwary. See the B section for some common errors. The reason for this-auto increment behaviour is to reflect a typical @@ -465,7 +468,7 @@ Represents a PKCS#1 RSA public key structure. =item B -Represents an B structure as used in IETF RFC 6960 and +Represents an B structure as used in IETF RFC 6960 and elsewhere. =item B @@ -588,7 +591,7 @@ occurs. =head1 COPYRIGHT -Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/crypto/des_modes.pod b/vendor/openssl/doc/crypto/des_modes.pod index 7c1796980..d5a3f8d63 100644 --- a/vendor/openssl/doc/crypto/des_modes.pod +++ b/vendor/openssl/doc/crypto/des_modes.pod @@ -1,4 +1,5 @@ =pod + =for comment openssl_manual_section:7 =head1 NAME diff --git a/vendor/openssl/doc/crypto/x509.pod b/vendor/openssl/doc/crypto/x509.pod index 06584e3ae..483b03764 100644 --- a/vendor/openssl/doc/crypto/x509.pod +++ b/vendor/openssl/doc/crypto/x509.pod @@ -1,5 +1,7 @@ =pod +=for comment openssl_manual_section:7 + =head1 NAME x509 - X.509 certificate handling diff --git a/vendor/openssl/doc/fingerprints.txt b/vendor/openssl/doc/fingerprints.txt index 1863224df..2cb74aec2 100644 --- a/vendor/openssl/doc/fingerprints.txt +++ b/vendor/openssl/doc/fingerprints.txt @@ -18,10 +18,7 @@ uid Richard Levitte uid Richard Levitte uid Richard Levitte -pub 4096R/FA40E9E2 2005-03-19 - Key fingerprint = 6260 5AA4 334A F9F0 DDE5 D349 D357 7507 FA40 E9E2 -uid Dr Stephen N Henson - pub 2048R/0E604491 2013-04-30 Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 +uid Matt Caswell uid Matt Caswell diff --git a/vendor/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/vendor/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod deleted file mode 100644 index 3b0a50956..000000000 --- a/vendor/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod +++ /dev/null @@ -1,62 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, -SSL_get_servername_type, SSL_get_servername - handle server name indication -(SNI) - -=head1 SYNOPSIS - - #include - - long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, - int (*cb)(SSL *, int *, void *)); - long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); - - const char *SSL_get_servername(const SSL *s, const int type); - int SSL_get_servername_type(const SSL *s); - -=head1 DESCRIPTION - -SSL_CTX_set_tlsext_servername_callback() sets the application callback B -used by a server to perform any actions or configuration required based on -the servername extension received in the incoming connection. When B -is NULL, SNI is not used. The B value is a pointer which is passed to -the application callback. - -SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be -passed into the callback for this B. - -SSL_get_servername() returns a servername extension value of the specified -type if provided in the Client Hello or NULL. - -SSL_get_servername_type() returns the servername type or -1 if no servername -is present. Currently the only supported type (defined in RFC3546) is -B. - -=head1 NOTES - -The ALPN and SNI callbacks are both executed during Client Hello processing. -The servername callback is executed first, followed by the ALPN callback. - -=head1 RETURN VALUES - -SSL_CTX_set_tlsext_servername_callback() and -SSL_CTX_set_tlsext_servername_arg() both always return 1 indicating success. - -=head1 SEE ALSO - -L, L, -L - -=head1 COPYRIGHT - -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the OpenSSL license (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/vendor/openssl/doc/openssl-c-indent.el b/vendor/openssl/doc/openssl-c-indent.el index c28814a67..852f794f9 100644 --- a/vendor/openssl/doc/openssl-c-indent.el +++ b/vendor/openssl/doc/openssl-c-indent.el @@ -2,7 +2,7 @@ ;;; ;;; This definition is for the "CC mode" package, which is the default ;;; mode for editing C source files in Emacs 20, not for the older -;;; c-mode.el (which was the default in less recent releaes of Emacs 19). +;;; c-mode.el (which was the default in less recent release of Emacs 19). ;;; ;;; Recommended use is to add this line in your .emacs: ;;; @@ -54,6 +54,7 @@ (arglist-close . c-lineup-arglist) ; From "gnu" style (inline-open . 0) ; From "gnu" style (brace-list-open . +) ; From "gnu" style + (inextern-lang . 0) ; Don't indent inside extern block (topmost-intro-cont first c-lineup-topmost-intro-cont c-lineup-gnu-DEFUN-intro-cont) ; From "gnu" style ) diff --git a/vendor/openssl/doc/ssl/SSL_CONF_cmd.pod b/vendor/openssl/doc/ssl/SSL_CONF_cmd.pod index d8c0e9b95..12fdcab83 100644 --- a/vendor/openssl/doc/ssl/SSL_CONF_cmd.pod +++ b/vendor/openssl/doc/ssl/SSL_CONF_cmd.pod @@ -110,6 +110,11 @@ Attempts to use the file B as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted. +=item B<-no_renegotiation> + +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +B. + =item B<-min_protocol>, B<-max_protocol> Sets the minimum and maximum supported protocol. @@ -227,6 +232,11 @@ Attempts to use the file B as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted. +=item B + +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +B. + =item B This sets the supported signature algorithms for TLS v1.2. For clients this @@ -424,7 +434,7 @@ SSLv3 is B disabled and attempt to override this by the user are ignored. By checking the return code of SSL_CTX_cmd() it is possible to query if a -given B is recognised, this is useful is SSL_CTX_cmd() values are +given B is recognised, this is useful if SSL_CTX_cmd() values are mixed with additional application specific operations. For example an application might call SSL_CTX_cmd() and if it returns @@ -496,10 +506,6 @@ Set supported curves to P-256, P-384: SSL_CONF_cmd(ctx, "Curves", "P-256:P-384"); -Set automatic support for any elliptic curve for key exchange: - - SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic"); - =head1 RETURN VALUES SSL_CONF_cmd() returns 1 if the value of B is recognised and B is @@ -543,7 +549,7 @@ B and B where added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/ssl/SSL_CTX_config.pod b/vendor/openssl/doc/ssl/SSL_CTX_config.pod index 802c4c359..ec744ad03 100644 --- a/vendor/openssl/doc/ssl/SSL_CTX_config.pod +++ b/vendor/openssl/doc/ssl/SSL_CTX_config.pod @@ -40,7 +40,7 @@ If the file "config.cnf" contains the following: testapp = test_sect [test_sect] - # list of confuration modules + # list of configuration modules ssl_conf = ssl_sect diff --git a/vendor/openssl/doc/ssl/SSL_CTX_dane_enable.pod b/vendor/openssl/doc/ssl/SSL_CTX_dane_enable.pod index fb535ec52..cdb6d1bdf 100644 --- a/vendor/openssl/doc/ssl/SSL_CTX_dane_enable.pod +++ b/vendor/openssl/doc/ssl/SSL_CTX_dane_enable.pod @@ -3,10 +3,10 @@ =head1 NAME SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, -SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa +SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, -SSL_dane_set_flags, SSL_dane_clear_flags - -enable DANE TLS authentication of the remote TLS server in the local +SSL_dane_set_flags, SSL_dane_clear_flags +- enable DANE TLS authentication of the remote TLS server in the local TLS client =head1 SYNOPSIS @@ -76,6 +76,8 @@ TLSA records that apply to the remote TLS peer. The arguments specify the fields of the TLSA record. The B field is provided in binary (wire RDATA) form, not the hexadecimal ASCII presentation form, with an explicit length passed via B. +The library takes a copy of the B buffer contents and the caller may +free the original B buffer when convenient. A return value of 0 indicates that "unusable" TLSA records (with invalid or unsupported parameters) were provided. A negative return value indicates an internal error in processing the record. @@ -372,7 +374,7 @@ These functions were first added to OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/ssl/SSL_CTX_set_min_proto_version.pod b/vendor/openssl/doc/ssl/SSL_CTX_set_min_proto_version.pod index 3e9fe80b7..ff080e48f 100644 --- a/vendor/openssl/doc/ssl/SSL_CTX_set_min_proto_version.pod +++ b/vendor/openssl/doc/ssl/SSL_CTX_set_min_proto_version.pod @@ -3,7 +3,9 @@ =head1 NAME SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, -SSL_set_min_proto_version, SSL_set_max_proto_version - Set minimum +SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, +SSL_set_min_proto_version, SSL_set_max_proto_version, +SSL_get_min_proto_version, SSL_get_max_proto_version - Get and set minimum and maximum supported protocol version =head1 SYNOPSIS @@ -12,12 +14,17 @@ and maximum supported protocol version int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); + int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); + int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); + int SSL_set_min_proto_version(SSL *ssl, int version); int SSL_set_max_proto_version(SSL *ssl, int version); + int SSL_get_min_proto_version(SSL *ssl); + int SSL_get_max_proto_version(SSL *ssl); =head1 DESCRIPTION -The functions set the minimum and maximum supported protocol versions +The functions get or set the minimum and maximum supported protocol versions for the B or B. This works in combination with the options set via L that also make it possible to disable @@ -28,13 +35,18 @@ Setting the minimum or maximum version to 0, will enable protocol versions down to the lowest version, or up to the highest version supported by the library, respectively. +Getters return 0 in case B or B have been configured to +automatically use the lowest or highest version supported by the library. + Currently supported versions are B, B, B, B for TLS and B, B for DTLS. =head1 RETURN VALUES -These functions return 1 on success and 0 on failure. +These setter functions return 1 on success and 0 on failure. The getter +functions return the configured version or 0 for auto-configuration of +lowest or highest protocol, respectively. =head1 NOTES @@ -42,7 +54,8 @@ All these functions are implemented using macros. =head1 HISTORY -The functions were added in OpenSSL 1.1.0 +The setter functions were added in OpenSSL 1.1.0. The getter functions +were added in OpenSSL 1.1.1. =head1 SEE ALSO diff --git a/vendor/openssl/doc/ssl/SSL_CTX_set_options.pod b/vendor/openssl/doc/ssl/SSL_CTX_set_options.pod index 635b470e1..241aeb3ce 100644 --- a/vendor/openssl/doc/ssl/SSL_CTX_set_options.pod +++ b/vendor/openssl/doc/ssl/SSL_CTX_set_options.pod @@ -189,6 +189,19 @@ Allow legacy insecure renegotiation between OpenSSL and unpatched servers B: this option is currently set by default. See the B section for more details. +=item SSL_OP_NO_ENCRYPT_THEN_MAC + +Normally clients and servers will transparently attempt to negotiate the +RFC7366 Encrypt-then-MAC option on TLS and DTLS connection. + +If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension. + +=item SSL_OP_NO_RENEGOTIATION + +Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +messages, and ignore renegotiation requests via ClientHello. + =back =head1 SECURE RENEGOTIATION @@ -280,9 +293,11 @@ L The attempt to always try to use secure renegotiation was added in Openssl 0.9.8m. +B was added in OpenSSL 1.1.0h. + =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/ssl/SSL_CTX_use_certificate.pod b/vendor/openssl/doc/ssl/SSL_CTX_use_certificate.pod index c645f5807..8ed7b5ea1 100644 --- a/vendor/openssl/doc/ssl/SSL_CTX_use_certificate.pod +++ b/vendor/openssl/doc/ssl/SSL_CTX_use_certificate.pod @@ -153,6 +153,13 @@ L. of view, it however does not make sense as the data in the certificate is considered public anyway.) +All of the functions to set a new certificate will replace any existing +certificate of the same type that has already been set. Similarly all of the +functions to set a new private key will replace any private key that has already +been set. Applications should call L or +L as appropriate after loading a new certificate and +private key to confirm that the certificate and key match. + =head1 RETURN VALUES On success, the functions return 1. @@ -170,7 +177,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/vendor/openssl/doc/ssl/SSL_export_keying_material.pod b/vendor/openssl/doc/ssl/SSL_export_keying_material.pod new file mode 100644 index 000000000..ccb99ec9a --- /dev/null +++ b/vendor/openssl/doc/ssl/SSL_export_keying_material.pod @@ -0,0 +1,61 @@ +=pod + +=head1 NAME + +SSL_export_keying_material - obtain keying material for application use + +=head1 SYNOPSIS + + #include + + int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *context, + size_t contextlen, int use_context); + +=head1 DESCRIPTION + +During the creation of a TLS or DTLS connection shared keying material is +established between the two endpoints. The function SSL_export_keying_material() +enables an application to use some of this keying material for its own purposes +in accordance with RFC5705. + +An application may need to securely establish the context within which this +keying material will be used. For example this may include identifiers for the +application session, application algorithms or parameters, or the lifetime of +the context. The context value is left to the application but must be the same +on both sides of the communication. + +For a given SSL connection B, B bytes of data will be written to +B. The application specific context should be supplied in the location +pointed to by B and should be B bytes long. Provision of +a context is optional. If the context should be omitted entirely then +B should be set to 0. Otherwise it should be any other value. If +B is 0 then the values of B and B are ignored. +Note that a zero length context is treated differently to no context at all, and +will result in different keying material being returned. + +An application specific label should be provided in the location pointed to by +B