summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libcrypto/asn1/t_x509.c2
-rw-r--r--lib/libcrypto/asn1/x_pubkey.c2
-rw-r--r--lib/libcrypto/bio/b_print.c14
-rw-r--r--lib/libcrypto/bio/bf_buff.c2
-rw-r--r--lib/libcrypto/bn/asm/mips3.s430
-rw-r--r--lib/libcrypto/cryptlib.c10
-rw-r--r--lib/libcrypto/dsa/dsa.h1
-rw-r--r--lib/libcrypto/dsa/dsa_err.c1
-rw-r--r--lib/libcrypto/dsa/dsa_ossl.c21
-rw-r--r--lib/libcrypto/evp/e_bf.c2
-rw-r--r--lib/libcrypto/evp/evp.h6
-rw-r--r--lib/libcrypto/evp/evp_key.c6
-rw-r--r--lib/libcrypto/opensslv.h6
-rw-r--r--lib/libcrypto/perlasm/x86unix.pl2
-rw-r--r--lib/libcrypto/rand/md_rand.c99
-rw-r--r--lib/libcrypto/rand/randfile.c8
-rw-r--r--lib/libcrypto/rsa/rsa_oaep.c29
-rw-r--r--lib/libcrypto/x509/x509_obj.c2
-rw-r--r--lib/libcrypto/x509/x509_trs.c3
-rw-r--r--lib/libssl/s3_srvr.c26
-rw-r--r--lib/libssl/shlib_version2
-rw-r--r--lib/libssl/t1_enc.c16
-rw-r--r--lib/libssl/test/Makefile.ssl2
23 files changed, 430 insertions, 262 deletions
diff --git a/lib/libcrypto/asn1/t_x509.c b/lib/libcrypto/asn1/t_x509.c
index 314bdfb1c71..89ae73a6dec 100644
--- a/lib/libcrypto/asn1/t_x509.c
+++ b/lib/libcrypto/asn1/t_x509.c
@@ -349,6 +349,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
ll=80-2-obase;
s=X509_NAME_oneline(name,buf,256);
+ if (!*s)
+ return 1;
s++; /* skip the first slash */
l=ll;
diff --git a/lib/libcrypto/asn1/x_pubkey.c b/lib/libcrypto/asn1/x_pubkey.c
index b2e2a514777..4397a404b56 100644
--- a/lib/libcrypto/asn1/x_pubkey.c
+++ b/lib/libcrypto/asn1/x_pubkey.c
@@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
a=key->algor;
if (ret->type == EVP_PKEY_DSA)
{
- if (a->parameter->type == V_ASN1_SEQUENCE)
+ if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
{
ret->pkey.dsa->write_params=0;
p=a->parameter->value.sequence->data;
diff --git a/lib/libcrypto/bio/b_print.c b/lib/libcrypto/bio/b_print.c
index b4f7a85f2e4..91a049406e4 100644
--- a/lib/libcrypto/bio/b_print.c
+++ b/lib/libcrypto/bio/b_print.c
@@ -109,7 +109,11 @@
#endif
#if HAVE_LONG_LONG
-#define LLONG long long
+# if defined(WIN32) && !defined(__GNUC__)
+# define LLONG _int64
+# else
+# define LLONG long long
+# endif
#else
#define LLONG long
#endif
@@ -152,7 +156,7 @@ static void _dopr(char **sbuffer, char **buffer,
/* some handy macros */
#define char_to_int(p) (p - '0')
-#define MAX(p,q) ((p >= q) ? p : q)
+#define OSSL_MAX(p,q) ((p >= q) ? p : q)
static void
_dopr(
@@ -503,13 +507,13 @@ fmtint(
convert[place] = 0;
zpadlen = max - place;
- spadlen = min - MAX(max, place) - (signvalue ? 1 : 0);
+ spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
if (zpadlen < 0)
zpadlen = 0;
if (spadlen < 0)
spadlen = 0;
if (flags & DP_F_ZERO) {
- zpadlen = MAX(zpadlen, spadlen);
+ zpadlen = OSSL_MAX(zpadlen, spadlen);
spadlen = 0;
}
if (flags & DP_F_MINUS)
@@ -641,7 +645,7 @@ fmtfp(
(caps ? "0123456789ABCDEF"
: "0123456789abcdef")[fracpart % 10];
fracpart = (fracpart / 10);
- } while (fracpart && (fplace < 20));
+ } while (fplace < max);
if (fplace == 20)
fplace--;
fconvert[fplace] = 0;
diff --git a/lib/libcrypto/bio/bf_buff.c b/lib/libcrypto/bio/bf_buff.c
index f50e8f98a3d..c90238bae1e 100644
--- a/lib/libcrypto/bio/bf_buff.c
+++ b/lib/libcrypto/bio/bf_buff.c
@@ -70,7 +70,7 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
static int buffer_new(BIO *h);
static int buffer_free(BIO *data);
static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-#define DEFAULT_BUFFER_SIZE 1024
+#define DEFAULT_BUFFER_SIZE 4096
static BIO_METHOD methods_buffer=
{
diff --git a/lib/libcrypto/bn/asm/mips3.s b/lib/libcrypto/bn/asm/mips3.s
index 45786c00a5f..dca4105c7db 100644
--- a/lib/libcrypto/bn/asm/mips3.s
+++ b/lib/libcrypto/bn/asm/mips3.s
@@ -1,5 +1,5 @@
.rdata
-.asciiz "mips3.s, Version 1.0"
+.asciiz "mips3.s, Version 1.1"
.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
/*
@@ -849,6 +849,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
+ sltu c_3,c_2,t_2
dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -856,7 +857,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
- sltu c_3,c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -884,6 +886,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
+ sltu c_1,c_3,t_2
dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -891,7 +894,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
- sltu c_1,c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -928,6 +932,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
+ sltu c_2,c_1,t_2
dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -935,7 +940,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
- sltu c_2,c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -981,6 +987,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
+ sltu c_3,c_2,t_2
dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -988,7 +995,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
- sltu c_3,c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1043,6 +1051,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
+ sltu c_1,c_3,t_2
dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1050,7 +1059,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
- sltu c_1,c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1114,6 +1124,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
+ sltu c_2,c_1,t_2
dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1121,7 +1132,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
- sltu c_2,c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1176,6 +1188,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
+ sltu c_3,c_2,t_2
dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1183,7 +1196,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
- sltu c_3,c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1229,6 +1243,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
+ sltu c_1,c_3,t_2
dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1236,7 +1251,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
- sltu c_1,c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1273,6 +1289,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
+ sltu c_2,c_1,t_2
dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1280,7 +1297,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
- sltu c_2,c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1308,6 +1326,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
+ sltu c_3,c_2,t_2
dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1315,7 +1334,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
- sltu c_3,c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1334,6 +1354,7 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
+ sltu c_1,c_3,t_2
dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1341,7 +1362,8 @@ LEAF(bn_mul_comba8)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
- sltu c_1,c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
sd c_2,104(a0) /* r[13]=c2; */
dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -1430,6 +1452,7 @@ LEAF(bn_mul_comba4)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
+ sltu c_3,c_2,t_2
dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1437,7 +1460,8 @@ LEAF(bn_mul_comba4)
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
- sltu c_3,c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1465,6 +1489,7 @@ LEAF(bn_mul_comba4)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
+ sltu c_1,c_3,t_2
dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1472,7 +1497,8 @@ LEAF(bn_mul_comba4)
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
- sltu c_1,c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -1491,6 +1517,7 @@ LEAF(bn_mul_comba4)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
+ sltu c_2,c_1,t_2
dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1498,7 +1525,8 @@ LEAF(bn_mul_comba4)
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
- sltu c_2,c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
sd c_3,40(a0)
dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
@@ -1543,28 +1571,30 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu c_3,t_2,AT
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
sd c_2,8(a0)
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
- sltu c_2,c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -1579,24 +1609,26 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
+ slt c_3,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
- sltu c_3,c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
- sltu AT,c_2,a2
+ slt AT,t_2,zero
daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -1608,24 +1640,26 @@ LEAF(bn_sqr_comba8)
dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
mflo t_1
mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu a2,t_2,AT
- daddu c_3,a2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
- sltu c_1,c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu a2,t_2,AT
- daddu c_3,a2
- sltu AT,c_3,a2
+ slt AT,t_2,zero
daddu c_1,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
@@ -1646,24 +1680,26 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
- sltu c_2,c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
- sltu AT,c_1,a2
+ slt AT,t_2,zero
daddu c_2,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
@@ -1673,12 +1709,12 @@ LEAF(bn_sqr_comba8)
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
- sltu AT,c_1,a2
+ slt AT,t_2,zero
daddu c_2,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
@@ -1690,24 +1726,26 @@ LEAF(bn_sqr_comba8)
dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
+ slt c_3,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
- sltu c_3,c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
- sltu AT,c_2,a2
+ slt AT,t_2,zero
daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -1717,12 +1755,12 @@ LEAF(bn_sqr_comba8)
dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
- sltu AT,c_2,a2
+ slt AT,t_2,zero
daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -1743,24 +1781,26 @@ LEAF(bn_sqr_comba8)
dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
mflo t_1
mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu a2,t_2,AT
- daddu c_3,a2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
- sltu c_1,c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
mflo t_1
mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu a2,t_2,AT
- daddu c_3,a2
- sltu AT,c_3,a2
+ slt AT,t_2,zero
daddu c_1,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
@@ -1770,12 +1810,12 @@ LEAF(bn_sqr_comba8)
dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
mflo t_1
mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu a2,t_2,AT
- daddu c_3,a2
- sltu AT,c_3,a2
+ slt AT,t_2,zero
daddu c_1,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
@@ -1785,12 +1825,12 @@ LEAF(bn_sqr_comba8)
dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu a2,t_2,AT
- daddu c_3,a2
- sltu AT,c_3,a2
+ slt AT,t_2,zero
daddu c_1,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
@@ -1802,24 +1842,26 @@ LEAF(bn_sqr_comba8)
dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
- sltu c_2,c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
- sltu AT,c_1,a2
+ slt AT,t_2,zero
daddu c_2,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
@@ -1829,12 +1871,12 @@ LEAF(bn_sqr_comba8)
dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
- sltu AT,c_1,a2
+ slt AT,t_2,zero
daddu c_2,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
@@ -1855,24 +1897,26 @@ LEAF(bn_sqr_comba8)
dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
+ slt c_3,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
- sltu c_3,c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
- sltu AT,c_2,a2
+ slt AT,t_2,zero
daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -1882,12 +1926,12 @@ LEAF(bn_sqr_comba8)
dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
- sltu AT,c_2,a2
+ slt AT,t_2,zero
daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -1899,24 +1943,26 @@ LEAF(bn_sqr_comba8)
dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
mflo t_1
mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu a2,t_2,AT
- daddu c_3,a2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
- sltu c_1,c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
mflo t_1
mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu a2,t_2,AT
- daddu c_3,a2
- sltu AT,c_3,a2
+ slt AT,t_2,zero
daddu c_1,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
@@ -1937,24 +1983,26 @@ LEAF(bn_sqr_comba8)
dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
- sltu c_2,c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
- sltu AT,c_1,a2
+ slt AT,t_2,zero
daddu c_2,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
@@ -1966,15 +2014,17 @@ LEAF(bn_sqr_comba8)
dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
+ slt c_3,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
- sltu c_3,c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
mflo t_1
mfhi t_2
@@ -1989,15 +2039,17 @@ LEAF(bn_sqr_comba8)
dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
mflo t_1
mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu a2,t_2,AT
- daddu c_3,a2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
- sltu c_1,c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
sd c_2,104(a0)
dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -2028,28 +2080,30 @@ LEAF(bn_sqr_comba4)
dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu c_3,t_2,AT
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
sd c_2,8(a0)
dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
- sltu c_2,c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
mflo t_1
mfhi t_2
@@ -2064,24 +2118,26 @@ LEAF(bn_sqr_comba4)
dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
+ slt c_3,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
daddu c_2,t_2
- sltu c_3,c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
mflo t_1
mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu a2,t_2,AT
- daddu c_2,a2
- sltu AT,c_2,a2
+ slt AT,t_2,zero
daddu c_3,AT
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_1,t_1
sltu AT,c_1,t_1
daddu t_2,AT
@@ -2093,15 +2149,17 @@ LEAF(bn_sqr_comba4)
dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
mflo t_1
mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu a2,t_2,AT
- daddu c_3,a2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_2,t_1
sltu AT,c_2,t_1
daddu t_2,AT
daddu c_3,t_2
- sltu c_1,c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
mflo t_1
mfhi t_2
@@ -2116,15 +2174,17 @@ LEAF(bn_sqr_comba4)
dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
mflo t_1
mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu a2,t_2,AT
- daddu c_1,a2
+ slt c_2,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
daddu c_3,t_1
sltu AT,c_3,t_1
daddu t_2,AT
daddu c_1,t_2
- sltu c_2,c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
sd c_3,40(a0)
dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c
index 9de60fd5281..a7a9262133e 100644
--- a/lib/libcrypto/cryptlib.c
+++ b/lib/libcrypto/cryptlib.c
@@ -241,7 +241,7 @@ void CRYPTO_destroy_dynlockid(int i)
}
else
#endif
- if (--(pointer->references) <= 0)
+ if (pointer->references <= 0)
{
sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
}
@@ -396,16 +396,15 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
#endif
if (type < 0)
{
- int i = -type - 1;
struct CRYPTO_dynlock_value *pointer
- = CRYPTO_get_dynlock_value(i);
+ = CRYPTO_get_dynlock_value(type);
- if (pointer)
+ if (pointer && dynlock_lock_callback)
{
dynlock_lock_callback(mode, pointer, file, line);
}
- CRYPTO_destroy_dynlockid(i);
+ CRYPTO_destroy_dynlockid(type);
}
else
if (locking_callback != NULL)
@@ -431,7 +430,6 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
CRYPTO_get_lock_name(type),
file,line);
#endif
- *pointer=ret;
}
else
{
diff --git a/lib/libcrypto/dsa/dsa.h b/lib/libcrypto/dsa/dsa.h
index 65689a34266..12b60a8faa0 100644
--- a/lib/libcrypto/dsa/dsa.h
+++ b/lib/libcrypto/dsa/dsa.h
@@ -248,6 +248,7 @@ DH *DSA_dup_DH(DSA *r);
/* Reason codes. */
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
+#define DSA_R_MISSING_PARAMETERS 101
#ifdef __cplusplus
}
diff --git a/lib/libcrypto/dsa/dsa_err.c b/lib/libcrypto/dsa/dsa_err.c
index 2b3ab3a9ad8..736aeef7c47 100644
--- a/lib/libcrypto/dsa/dsa_err.c
+++ b/lib/libcrypto/dsa/dsa_err.c
@@ -85,6 +85,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
static ERR_STRING_DATA DSA_str_reasons[]=
{
{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
+{DSA_R_MISSING_PARAMETERS ,"missing parameters"},
{0,NULL}
};
diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c
index 5cbbdddfb96..34c6e9a1412 100644
--- a/lib/libcrypto/dsa/dsa_ossl.c
+++ b/lib/libcrypto/dsa/dsa_ossl.c
@@ -108,6 +108,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
int i,reason=ERR_R_BN_LIB;
DSA_SIG *ret=NULL;
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ reason=DSA_R_MISSING_PARAMETERS;
+ goto err;
+ }
BN_init(&m);
BN_init(&xr);
s=BN_new();
@@ -170,6 +175,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
BIGNUM k,*kinv=NULL,*r=NULL;
int ret=0;
+ if (!dsa->p || !dsa->q || !dsa->g)
+ {
+ DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+ return 0;
+ }
if (ctx_in == NULL)
{
if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -233,6 +243,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
BN_init(&u2);
BN_init(&t1);
+ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+ {
+ ret = 0;
+ goto err;
+ }
+ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
+ {
+ ret = 0;
+ goto err;
+ }
+
/* Calculate W = inv(S) mod Q
* save W in u2 */
if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
diff --git a/lib/libcrypto/evp/e_bf.c b/lib/libcrypto/evp/e_bf.c
index 72047f64dab..53559b0b657 100644
--- a/lib/libcrypto/evp/e_bf.c
+++ b/lib/libcrypto/evp/e_bf.c
@@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc);
IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
- 0, bf_init_key, NULL,
+ EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h
index 76d417b44a3..fd431270927 100644
--- a/lib/libcrypto/evp/evp.h
+++ b/lib/libcrypto/evp/evp.h
@@ -553,9 +553,9 @@ int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
void EVP_set_pw_prompt(char *prompt);
char * EVP_get_pw_prompt(void);
-int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
- unsigned char *data, int datal, int count,
- unsigned char *key,unsigned char *iv);
+int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
+ const unsigned char *salt, const unsigned char *data, int datal,
+ int count, unsigned char *key, unsigned char *iv);
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
unsigned char *key, unsigned char *iv);
diff --git a/lib/libcrypto/evp/evp_key.c b/lib/libcrypto/evp/evp_key.c
index 09b72bf4bdd..e7434ef9b27 100644
--- a/lib/libcrypto/evp/evp_key.c
+++ b/lib/libcrypto/evp/evp_key.c
@@ -95,9 +95,9 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
#endif
}
-int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
- unsigned char *data, int datal, int count, unsigned char *key,
- unsigned char *iv)
+int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
+ const unsigned char *salt, const unsigned char *data, int datal,
+ int count, unsigned char *key, unsigned char *iv)
{
EVP_MD_CTX c;
unsigned char md_buf[EVP_MAX_MD_SIZE];
diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h
index dc50f6d7da6..4b25018e494 100644
--- a/lib/libcrypto/opensslv.h
+++ b/lib/libcrypto/opensslv.h
@@ -2,7 +2,7 @@
#define HEADER_OPENSSLV_H
/* Numeric release version identifier:
- * MMNNFFPPS: major minor fix patch status
+ * MNNFFPPS: major minor fix patch status
* The status nibble has one of the values 0 for development, 1 to e for betas
* 1 to 14, and f for release. The patch level is exactly that.
* For example:
@@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090601fL
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a [engine] 5 Apr 2001"
+#define OPENSSL_VERSION_NUMBER 0x0090602fL
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6b [engine] 9 Jul 2001"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/lib/libcrypto/perlasm/x86unix.pl b/lib/libcrypto/perlasm/x86unix.pl
index 309060ea001..10a7af8bffd 100644
--- a/lib/libcrypto/perlasm/x86unix.pl
+++ b/lib/libcrypto/perlasm/x86unix.pl
@@ -79,7 +79,7 @@ sub main'DWP
local($addr,$reg1,$reg2,$idx)=@_;
$ret="";
- $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+ $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
$reg1="$regs{$reg1}" if defined($regs{$reg1});
$reg2="$regs{$reg2}" if defined($regs{$reg2});
$ret.=$addr if ($addr ne "") && ($addr ne 0);
diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c
index ae57570608c..04b9d695b0d 100644
--- a/lib/libcrypto/rand/md_rand.c
+++ b/lib/libcrypto/rand/md_rand.c
@@ -141,10 +141,11 @@ static long md_count[2]={0,0};
static double entropy=0;
static int initialized=0;
-/* This should be set to 1 only when ssleay_rand_add() is called inside
- an already locked state, so it doesn't try to lock and thereby cause
- a hang. And it should always be reset back to 0 before unlocking. */
-static int add_do_not_lock=0;
+static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
+ * holds CRYPTO_LOCK_RAND
+ * (to prevent double locking) */
+static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
+
#ifdef PREDICT
int rand_predictable=0;
@@ -191,6 +192,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
MD_CTX m;
+ int do_not_lock;
/*
* (Based on the rand(3) manpage)
@@ -207,7 +209,10 @@ static void ssleay_rand_add(const void *buf, int num, double add)
* hash function.
*/
- if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ /* check if we already have the lock */
+ do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
+
+ if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
st_idx=state_index;
/* use our own copies of the counters so that even
@@ -239,7 +244,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
- if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
for (i=0; i<num; i+=MD_DIGEST_LENGTH)
{
@@ -281,7 +286,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
}
memset((char *)&m,0,sizeof(m));
- if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
/* Don't just copy back local_md into md -- this could mean that
* other thread's seeding remains without effect (except for
* the incremented counter). By XORing it we keep at least as
@@ -292,7 +297,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
}
if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
entropy += add;
- if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
#if !defined(THREADS) && !defined(WIN32)
assert(md_c[1] == md_count[1]);
@@ -340,28 +345,31 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
*
* For each group of 10 bytes (or less), we do the following:
*
- * Input into the hash function the top 10 bytes from the
- * local 'md' (which is initialized from the global 'md'
- * before any bytes are generated), the bytes that are
- * to be overwritten by the random bytes, and bytes from the
- * 'state' (incrementing looping index). From this digest output
- * (which is kept in 'md'), the top (up to) 10 bytes are
- * returned to the caller and the bottom (up to) 10 bytes are xored
- * into the 'state'.
+ * Input into the hash function the local 'md' (which is initialized from
+ * the global 'md' before any bytes are generated), the bytes that are to
+ * be overwritten by the random bytes, and bytes from the 'state'
+ * (incrementing looping index). From this digest output (which is kept
+ * in 'md'), the top (up to) 10 bytes are returned to the caller and the
+ * bottom 10 bytes are xored into the 'state'.
+ *
* Finally, after we have finished 'num' random bytes for the
* caller, 'count' (which is incremented) and the local and global 'md'
* are fed into the hash function and the results are kept in the
* global 'md'.
*/
- if (!initialized)
- RAND_poll();
-
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- add_do_not_lock = 1; /* Since we call ssleay_rand_add while in
- this locked state. */
- initialized = 1;
+ /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+ crypto_lock_rand = 1;
+ locking_thread = CRYPTO_thread_id();
+
+ if (!initialized)
+ {
+ RAND_poll();
+ initialized = 1;
+ }
+
if (!stirred_pool)
do_stir_pool = 1;
@@ -387,11 +395,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
if (do_stir_pool)
{
- /* Our output function chains only half of 'md', so we better
- * make sure that the required entropy gets 'evenly distributed'
- * through 'state', our randomness pool. The input function
- * (ssleay_rand_add) chains all of 'md', which makes it more
- * suitable for this purpose.
+ /* In the output function only half of 'md' remains secret,
+ * so we better make sure that the required entropy gets
+ * 'evenly distributed' through 'state', our randomness pool.
+ * The input function (ssleay_rand_add) chains all of 'md',
+ * which makes it more suitable for this purpose.
*/
int n = STATE_SIZE; /* so that the complete pool gets accessed */
@@ -425,8 +433,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
md_count[0] += 1;
- add_do_not_lock = 0; /* If this would ever be forgotten, we can
- expect any evil god to eat our souls. */
+ /* before unlocking, we must clear 'crypto_lock_rand' */
+ crypto_lock_rand = 0;
+ locking_thread = 0;
CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
while (num > 0)
@@ -492,11 +501,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
{
int ret;
+ unsigned long err;
ret = RAND_bytes(buf, num);
if (ret == 0)
{
- long err = ERR_peek_error();
+ err = ERR_peek_error();
if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
(void)ERR_get_error();
@@ -507,14 +517,37 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
static int ssleay_rand_status(void)
{
int ret;
+ int do_not_lock;
+ /* check if we already have the lock
+ * (could happen if a RAND_poll() implementation calls RAND_status()) */
+ do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
+
+ if (!do_not_lock)
+ {
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+ /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+ crypto_lock_rand = 1;
+ locking_thread = CRYPTO_thread_id();
+ }
+
if (!initialized)
+ {
RAND_poll();
+ initialized = 1;
+ }
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- initialized = 1;
ret = entropy >= ENTROPY_NEEDED;
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ if (!do_not_lock)
+ {
+ /* before unlocking, we must clear 'crypto_lock_rand' */
+ crypto_lock_rand = 0;
+ locking_thread = 0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ }
+
return ret;
}
diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c
index f4376cf8cc5..2ffb84c89e2 100644
--- a/lib/libcrypto/rand/randfile.c
+++ b/lib/libcrypto/rand/randfile.c
@@ -233,6 +233,12 @@ const char *RAND_file_name(char *buf, size_t size)
{
if (issetugid() == 0)
s=getenv("HOME");
+#ifdef DEFAULT_HOME
+ if (s == NULL)
+ {
+ s = DEFAULT_HOME;
+ }
+#endif
if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
{
strlcpy(buf,s,size);
@@ -242,7 +248,7 @@ const char *RAND_file_name(char *buf, size_t size)
strlcat(buf,RFILE,size);
ret=buf;
}
- else
+ else
buf[0] = '\0'; /* no file name */
}
diff --git a/lib/libcrypto/rsa/rsa_oaep.c b/lib/libcrypto/rsa/rsa_oaep.c
index fd0b7f361fb..1849e55cd5d 100644
--- a/lib/libcrypto/rsa/rsa_oaep.c
+++ b/lib/libcrypto/rsa/rsa_oaep.c
@@ -77,14 +77,16 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
int i, dblen, mlen = -1;
unsigned char *maskeddb;
int lzero;
- unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
+ unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
if (--num < 2 * SHA_DIGEST_LENGTH + 1)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
- return (-1);
- }
+ goto decoding_err;
+ lzero = num - flen;
+ if (lzero < 0)
+ goto decoding_err;
+ maskeddb = from - lzero + SHA_DIGEST_LENGTH;
+
dblen = num - SHA_DIGEST_LENGTH;
db = OPENSSL_malloc(dblen);
if (db == NULL)
@@ -93,9 +95,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
return (-1);
}
- lzero = num - flen;
- maskeddb = from - lzero + SHA_DIGEST_LENGTH;
-
MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= from[i - lzero];
@@ -107,21 +106,20 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
SHA1(param, plen, phash);
if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+ goto decoding_err;
else
{
for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
if (db[i] != 0x00)
break;
if (db[i] != 0x01 || i++ >= dblen)
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
- RSA_R_OAEP_DECODING_ERROR);
+ goto decoding_err;
else
{
mlen = dblen - i;
if (tlen < mlen)
{
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
mlen = -1;
}
else
@@ -130,6 +128,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
}
OPENSSL_free(db);
return (mlen);
+
+decoding_err:
+ /* to avoid chosen ciphertext attacks, the error message should not reveal
+ * which kind of decoding error happened */
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+ if (db != NULL) OPENSSL_free(db);
+ return -1;
}
int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
diff --git a/lib/libcrypto/x509/x509_obj.c b/lib/libcrypto/x509/x509_obj.c
index 6a3ba8eb154..f0271fdfa14 100644
--- a/lib/libcrypto/x509/x509_obj.c
+++ b/lib/libcrypto/x509/x509_obj.c
@@ -214,6 +214,8 @@ int i;
}
else
p=buf;
+ if (i == 0)
+ *p = '\0';
return(p);
err:
X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c
index a7b1543461b..86b3b79dcc0 100644
--- a/lib/libcrypto/x509/x509_trs.c
+++ b/lib/libcrypto/x509/x509_trs.c
@@ -228,7 +228,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
{
- if(x->aux) return obj_trust(trust->arg1, x, flags);
+ if(x->aux && (x->aux->trust || x->aux->reject))
+ return obj_trust(trust->arg1, x, flags);
/* we don't have any trust settings: for compatibility
* we return trusted if it is self signed
*/
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index d04232960e3..258af84867a 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1322,14 +1322,15 @@ static int ssl3_get_client_key_exchange(SSL *s)
i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+ al = -1;
+
if (i != SSL_MAX_MASTER_KEY_LENGTH)
{
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
}
- if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
+ if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
{
/* The premaster secret must contain the same version number as the
* ClientHello to detect version rollback attacks (strangely, the
@@ -1347,6 +1348,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
}
}
+ if (al != -1)
+ {
+#if 0
+ goto f_err;
+#else
+ /* Some decryption failure -- use random value instead as countermeasure
+ * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
+ * (see RFC 2246, section 7.4.7.1).
+ * But note that due to length and protocol version checking, the
+ * attack is impractical anyway (see section 5 in D. Bleichenbacher:
+ * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
+ * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
+ */
+ ERR_clear_error();
+ i = SSL_MAX_MASTER_KEY_LENGTH;
+ p[0] = s->client_version >> 8;
+ p[1] = s->client_version & 0xff;
+ RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
+#endif
+ }
+
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
diff --git a/lib/libssl/shlib_version b/lib/libssl/shlib_version
index 3066b9771e7..900b4048a96 100644
--- a/lib/libssl/shlib_version
+++ b/lib/libssl/shlib_version
@@ -1,2 +1,2 @@
major=5
-minor=0
+minor=1
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index d10a23af8eb..a0758e92614 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -420,7 +420,7 @@ int tls1_enc(SSL *s, int send)
if ((s->session == NULL) || (ds == NULL) ||
(enc == NULL))
{
- memcpy(rec->data,rec->input,rec->length);
+ memmove(rec->data,rec->input,rec->length);
rec->input=rec->data;
}
else
@@ -447,11 +447,21 @@ int tls1_enc(SSL *s, int send)
rec->length+=i;
}
+ if (!send)
+ {
+ if (l == 0 || l%bs != 0)
+ {
+ SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
+ return(0);
+ }
+ }
+
EVP_Cipher(ds,rec->data,rec->input,l);
if ((bs != 1) && !send)
{
- ii=i=rec->data[l-1];
+ ii=i=rec->data[l-1]; /* padding_length */
i++;
if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
{
@@ -462,6 +472,8 @@ int tls1_enc(SSL *s, int send)
if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
i--;
}
+ /* TLS 1.0 does not bound the number of padding bytes by the block size.
+ * All of them must have value 'padding_length'. */
if (i > (int)rec->length)
{
SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
diff --git a/lib/libssl/test/Makefile.ssl b/lib/libssl/test/Makefile.ssl
index 9c7b7dd1588..7384243cbdb 100644
--- a/lib/libssl/test/Makefile.ssl
+++ b/lib/libssl/test/Makefile.ssl
@@ -192,7 +192,7 @@ test_bn:
@./$(BNTEST) >tmp.bntest
@echo quit >>tmp.bntest
@echo "running bc"
- @<tmp.bntest sh -c "`sh ./bctest || true`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
+ @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
@echo 'test a^b%c implementations'
./$(EXPTEST)