diff options
-rw-r--r-- | lib/libcrypto/asn1/t_x509.c | 2 | ||||
-rw-r--r-- | lib/libcrypto/asn1/x_pubkey.c | 2 | ||||
-rw-r--r-- | lib/libcrypto/bio/b_print.c | 14 | ||||
-rw-r--r-- | lib/libcrypto/bio/bf_buff.c | 2 | ||||
-rw-r--r-- | lib/libcrypto/bn/asm/mips3.s | 430 | ||||
-rw-r--r-- | lib/libcrypto/cryptlib.c | 10 | ||||
-rw-r--r-- | lib/libcrypto/dsa/dsa.h | 1 | ||||
-rw-r--r-- | lib/libcrypto/dsa/dsa_err.c | 1 | ||||
-rw-r--r-- | lib/libcrypto/dsa/dsa_ossl.c | 21 | ||||
-rw-r--r-- | lib/libcrypto/evp/e_bf.c | 2 | ||||
-rw-r--r-- | lib/libcrypto/evp/evp.h | 6 | ||||
-rw-r--r-- | lib/libcrypto/evp/evp_key.c | 6 | ||||
-rw-r--r-- | lib/libcrypto/opensslv.h | 6 | ||||
-rw-r--r-- | lib/libcrypto/perlasm/x86unix.pl | 2 | ||||
-rw-r--r-- | lib/libcrypto/rand/md_rand.c | 99 | ||||
-rw-r--r-- | lib/libcrypto/rand/randfile.c | 8 | ||||
-rw-r--r-- | lib/libcrypto/rsa/rsa_oaep.c | 29 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_obj.c | 2 | ||||
-rw-r--r-- | lib/libcrypto/x509/x509_trs.c | 3 | ||||
-rw-r--r-- | lib/libssl/s3_srvr.c | 26 | ||||
-rw-r--r-- | lib/libssl/shlib_version | 2 | ||||
-rw-r--r-- | lib/libssl/t1_enc.c | 16 | ||||
-rw-r--r-- | lib/libssl/test/Makefile.ssl | 2 |
23 files changed, 430 insertions, 262 deletions
diff --git a/lib/libcrypto/asn1/t_x509.c b/lib/libcrypto/asn1/t_x509.c index 314bdfb1c71..89ae73a6dec 100644 --- a/lib/libcrypto/asn1/t_x509.c +++ b/lib/libcrypto/asn1/t_x509.c @@ -349,6 +349,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) ll=80-2-obase; s=X509_NAME_oneline(name,buf,256); + if (!*s) + return 1; s++; /* skip the first slash */ l=ll; diff --git a/lib/libcrypto/asn1/x_pubkey.c b/lib/libcrypto/asn1/x_pubkey.c index b2e2a514777..4397a404b56 100644 --- a/lib/libcrypto/asn1/x_pubkey.c +++ b/lib/libcrypto/asn1/x_pubkey.c @@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) a=key->algor; if (ret->type == EVP_PKEY_DSA) { - if (a->parameter->type == V_ASN1_SEQUENCE) + if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { ret->pkey.dsa->write_params=0; p=a->parameter->value.sequence->data; diff --git a/lib/libcrypto/bio/b_print.c b/lib/libcrypto/bio/b_print.c index b4f7a85f2e4..91a049406e4 100644 --- a/lib/libcrypto/bio/b_print.c +++ b/lib/libcrypto/bio/b_print.c @@ -109,7 +109,11 @@ #endif #if HAVE_LONG_LONG -#define LLONG long long +# if defined(WIN32) && !defined(__GNUC__) +# define LLONG _int64 +# else +# define LLONG long long +# endif #else #define LLONG long #endif @@ -152,7 +156,7 @@ static void _dopr(char **sbuffer, char **buffer, /* some handy macros */ #define char_to_int(p) (p - '0') -#define MAX(p,q) ((p >= q) ? p : q) +#define OSSL_MAX(p,q) ((p >= q) ? p : q) static void _dopr( @@ -503,13 +507,13 @@ fmtint( convert[place] = 0; zpadlen = max - place; - spadlen = min - MAX(max, place) - (signvalue ? 1 : 0); + spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0); if (zpadlen < 0) zpadlen = 0; if (spadlen < 0) spadlen = 0; if (flags & DP_F_ZERO) { - zpadlen = MAX(zpadlen, spadlen); + zpadlen = OSSL_MAX(zpadlen, spadlen); spadlen = 0; } if (flags & DP_F_MINUS) @@ -641,7 +645,7 @@ fmtfp( (caps ? "0123456789ABCDEF" : "0123456789abcdef")[fracpart % 10]; fracpart = (fracpart / 10); - } while (fracpart && (fplace < 20)); + } while (fplace < max); if (fplace == 20) fplace--; fconvert[fplace] = 0; diff --git a/lib/libcrypto/bio/bf_buff.c b/lib/libcrypto/bio/bf_buff.c index f50e8f98a3d..c90238bae1e 100644 --- a/lib/libcrypto/bio/bf_buff.c +++ b/lib/libcrypto/bio/bf_buff.c @@ -70,7 +70,7 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int buffer_new(BIO *h); static int buffer_free(BIO *data); static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -#define DEFAULT_BUFFER_SIZE 1024 +#define DEFAULT_BUFFER_SIZE 4096 static BIO_METHOD methods_buffer= { diff --git a/lib/libcrypto/bn/asm/mips3.s b/lib/libcrypto/bn/asm/mips3.s index 45786c00a5f..dca4105c7db 100644 --- a/lib/libcrypto/bn/asm/mips3.s +++ b/lib/libcrypto/bn/asm/mips3.s @@ -1,5 +1,5 @@ .rdata -.asciiz "mips3.s, Version 1.0" +.asciiz "mips3.s, Version 1.1" .asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" /* @@ -849,6 +849,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -856,7 +857,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -884,6 +886,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -891,7 +894,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -928,6 +932,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -935,7 +940,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -981,6 +987,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -988,7 +995,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1043,6 +1051,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1050,7 +1059,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1114,6 +1124,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1121,7 +1132,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1176,6 +1188,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1183,7 +1196,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1229,6 +1243,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1236,7 +1251,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1273,6 +1289,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1280,7 +1297,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1308,6 +1326,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1315,7 +1334,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1334,6 +1354,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1341,7 +1362,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT sd c_2,104(a0) /* r[13]=c2; */ dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -1430,6 +1452,7 @@ LEAF(bn_mul_comba4) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1437,7 +1460,8 @@ LEAF(bn_mul_comba4) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1465,6 +1489,7 @@ LEAF(bn_mul_comba4) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1472,7 +1497,8 @@ LEAF(bn_mul_comba4) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1491,6 +1517,7 @@ LEAF(bn_mul_comba4) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1498,7 +1525,8 @@ LEAF(bn_mul_comba4) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT sd c_3,40(a0) dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ @@ -1543,28 +1571,30 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu c_3,t_2,AT - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 sd c_2,8(a0) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1579,24 +1609,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1608,24 +1640,26 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1646,24 +1680,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1673,12 +1709,12 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1690,24 +1726,26 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1717,12 +1755,12 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1743,24 +1781,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1770,12 +1810,12 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1785,12 +1825,12 @@ LEAF(bn_sqr_comba8) dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1802,24 +1842,26 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1829,12 +1871,12 @@ LEAF(bn_sqr_comba8) dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1855,24 +1897,26 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1882,12 +1926,12 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1899,24 +1943,26 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1937,24 +1983,26 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1966,15 +2014,17 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1989,15 +2039,17 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT sd c_2,104(a0) dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -2028,28 +2080,30 @@ LEAF(bn_sqr_comba4) dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu c_3,t_2,AT - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 sd c_2,8(a0) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -2064,24 +2118,26 @@ LEAF(bn_sqr_comba4) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -2093,15 +2149,17 @@ LEAF(bn_sqr_comba4) dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -2116,15 +2174,17 @@ LEAF(bn_sqr_comba4) dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT sd c_3,40(a0) dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c index 9de60fd5281..a7a9262133e 100644 --- a/lib/libcrypto/cryptlib.c +++ b/lib/libcrypto/cryptlib.c @@ -241,7 +241,7 @@ void CRYPTO_destroy_dynlockid(int i) } else #endif - if (--(pointer->references) <= 0) + if (pointer->references <= 0) { sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); } @@ -396,16 +396,15 @@ void CRYPTO_lock(int mode, int type, const char *file, int line) #endif if (type < 0) { - int i = -type - 1; struct CRYPTO_dynlock_value *pointer - = CRYPTO_get_dynlock_value(i); + = CRYPTO_get_dynlock_value(type); - if (pointer) + if (pointer && dynlock_lock_callback) { dynlock_lock_callback(mode, pointer, file, line); } - CRYPTO_destroy_dynlockid(i); + CRYPTO_destroy_dynlockid(type); } else if (locking_callback != NULL) @@ -431,7 +430,6 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, CRYPTO_get_lock_name(type), file,line); #endif - *pointer=ret; } else { diff --git a/lib/libcrypto/dsa/dsa.h b/lib/libcrypto/dsa/dsa.h index 65689a34266..12b60a8faa0 100644 --- a/lib/libcrypto/dsa/dsa.h +++ b/lib/libcrypto/dsa/dsa.h @@ -248,6 +248,7 @@ DH *DSA_dup_DH(DSA *r); /* Reason codes. */ #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +#define DSA_R_MISSING_PARAMETERS 101 #ifdef __cplusplus } diff --git a/lib/libcrypto/dsa/dsa_err.c b/lib/libcrypto/dsa/dsa_err.c index 2b3ab3a9ad8..736aeef7c47 100644 --- a/lib/libcrypto/dsa/dsa_err.c +++ b/lib/libcrypto/dsa/dsa_err.c @@ -85,6 +85,7 @@ static ERR_STRING_DATA DSA_str_functs[]= static ERR_STRING_DATA DSA_str_reasons[]= { {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, +{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, {0,NULL} }; diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c index 5cbbdddfb96..34c6e9a1412 100644 --- a/lib/libcrypto/dsa/dsa_ossl.c +++ b/lib/libcrypto/dsa/dsa_ossl.c @@ -108,6 +108,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) int i,reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; + if (!dsa->p || !dsa->q || !dsa->g) + { + reason=DSA_R_MISSING_PARAMETERS; + goto err; + } BN_init(&m); BN_init(&xr); s=BN_new(); @@ -170,6 +175,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) BIGNUM k,*kinv=NULL,*r=NULL; int ret=0; + if (!dsa->p || !dsa->q || !dsa->g) + { + DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); + return 0; + } if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -233,6 +243,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, BN_init(&u2); BN_init(&t1); + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) + { + ret = 0; + goto err; + } + if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) + { + ret = 0; + goto err; + } + /* Calculate W = inv(S) mod Q * save W in u2 */ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; diff --git a/lib/libcrypto/evp/e_bf.c b/lib/libcrypto/evp/e_bf.c index 72047f64dab..53559b0b657 100644 --- a/lib/libcrypto/evp/e_bf.c +++ b/lib/libcrypto/evp/e_bf.c @@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc); IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8, - 0, bf_init_key, NULL, + EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index 76d417b44a3..fd431270927 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -553,9 +553,9 @@ int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); void EVP_set_pw_prompt(char *prompt); char * EVP_get_pw_prompt(void); -int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, - unsigned char *data, int datal, int count, - unsigned char *key,unsigned char *iv); +int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, + int count, unsigned char *key, unsigned char *iv); int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, unsigned char *key, unsigned char *iv); diff --git a/lib/libcrypto/evp/evp_key.c b/lib/libcrypto/evp/evp_key.c index 09b72bf4bdd..e7434ef9b27 100644 --- a/lib/libcrypto/evp/evp_key.c +++ b/lib/libcrypto/evp/evp_key.c @@ -95,9 +95,9 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) #endif } -int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt, - unsigned char *data, int datal, int count, unsigned char *key, - unsigned char *iv) +int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, + int count, unsigned char *key, unsigned char *iv) { EVP_MD_CTX c; unsigned char md_buf[EVP_MAX_MD_SIZE]; diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h index dc50f6d7da6..4b25018e494 100644 --- a/lib/libcrypto/opensslv.h +++ b/lib/libcrypto/opensslv.h @@ -2,7 +2,7 @@ #define HEADER_OPENSSLV_H /* Numeric release version identifier: - * MMNNFFPPS: major minor fix patch status + * MNNFFPPS: major minor fix patch status * The status nibble has one of the values 0 for development, 1 to e for betas * 1 to 14, and f for release. The patch level is exactly that. * For example: @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090601fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a [engine] 5 Apr 2001" +#define OPENSSL_VERSION_NUMBER 0x0090602fL +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6b [engine] 9 Jul 2001" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/lib/libcrypto/perlasm/x86unix.pl b/lib/libcrypto/perlasm/x86unix.pl index 309060ea001..10a7af8bffd 100644 --- a/lib/libcrypto/perlasm/x86unix.pl +++ b/lib/libcrypto/perlasm/x86unix.pl @@ -79,7 +79,7 @@ sub main'DWP local($addr,$reg1,$reg2,$idx)=@_; $ret=""; - $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; + $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/; $reg1="$regs{$reg1}" if defined($regs{$reg1}); $reg2="$regs{$reg2}" if defined($regs{$reg2}); $ret.=$addr if ($addr ne "") && ($addr ne 0); diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c index ae57570608c..04b9d695b0d 100644 --- a/lib/libcrypto/rand/md_rand.c +++ b/lib/libcrypto/rand/md_rand.c @@ -141,10 +141,11 @@ static long md_count[2]={0,0}; static double entropy=0; static int initialized=0; -/* This should be set to 1 only when ssleay_rand_add() is called inside - an already locked state, so it doesn't try to lock and thereby cause - a hang. And it should always be reset back to 0 before unlocking. */ -static int add_do_not_lock=0; +static unsigned int crypto_lock_rand = 0; /* may be set only when a thread + * holds CRYPTO_LOCK_RAND + * (to prevent double locking) */ +static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ + #ifdef PREDICT int rand_predictable=0; @@ -191,6 +192,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) long md_c[2]; unsigned char local_md[MD_DIGEST_LENGTH]; MD_CTX m; + int do_not_lock; /* * (Based on the rand(3) manpage) @@ -207,7 +209,10 @@ static void ssleay_rand_add(const void *buf, int num, double add) * hash function. */ - if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); + /* check if we already have the lock */ + do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id()); + + if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); st_idx=state_index; /* use our own copies of the counters so that even @@ -239,7 +244,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); - if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); for (i=0; i<num; i+=MD_DIGEST_LENGTH) { @@ -281,7 +286,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) } memset((char *)&m,0,sizeof(m)); - if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); + if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); /* Don't just copy back local_md into md -- this could mean that * other thread's seeding remains without effect (except for * the incremented counter). By XORing it we keep at least as @@ -292,7 +297,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) } if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ entropy += add; - if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); #if !defined(THREADS) && !defined(WIN32) assert(md_c[1] == md_count[1]); @@ -340,28 +345,31 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) * * For each group of 10 bytes (or less), we do the following: * - * Input into the hash function the top 10 bytes from the - * local 'md' (which is initialized from the global 'md' - * before any bytes are generated), the bytes that are - * to be overwritten by the random bytes, and bytes from the - * 'state' (incrementing looping index). From this digest output - * (which is kept in 'md'), the top (up to) 10 bytes are - * returned to the caller and the bottom (up to) 10 bytes are xored - * into the 'state'. + * Input into the hash function the local 'md' (which is initialized from + * the global 'md' before any bytes are generated), the bytes that are to + * be overwritten by the random bytes, and bytes from the 'state' + * (incrementing looping index). From this digest output (which is kept + * in 'md'), the top (up to) 10 bytes are returned to the caller and the + * bottom 10 bytes are xored into the 'state'. + * * Finally, after we have finished 'num' random bytes for the * caller, 'count' (which is incremented) and the local and global 'md' * are fed into the hash function and the results are kept in the * global 'md'. */ - if (!initialized) - RAND_poll(); - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - add_do_not_lock = 1; /* Since we call ssleay_rand_add while in - this locked state. */ - initialized = 1; + /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ + crypto_lock_rand = 1; + locking_thread = CRYPTO_thread_id(); + + if (!initialized) + { + RAND_poll(); + initialized = 1; + } + if (!stirred_pool) do_stir_pool = 1; @@ -387,11 +395,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) if (do_stir_pool) { - /* Our output function chains only half of 'md', so we better - * make sure that the required entropy gets 'evenly distributed' - * through 'state', our randomness pool. The input function - * (ssleay_rand_add) chains all of 'md', which makes it more - * suitable for this purpose. + /* In the output function only half of 'md' remains secret, + * so we better make sure that the required entropy gets + * 'evenly distributed' through 'state', our randomness pool. + * The input function (ssleay_rand_add) chains all of 'md', + * which makes it more suitable for this purpose. */ int n = STATE_SIZE; /* so that the complete pool gets accessed */ @@ -425,8 +433,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) md_count[0] += 1; - add_do_not_lock = 0; /* If this would ever be forgotten, we can - expect any evil god to eat our souls. */ + /* before unlocking, we must clear 'crypto_lock_rand' */ + crypto_lock_rand = 0; + locking_thread = 0; CRYPTO_w_unlock(CRYPTO_LOCK_RAND); while (num > 0) @@ -492,11 +501,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) { int ret; + unsigned long err; ret = RAND_bytes(buf, num); if (ret == 0) { - long err = ERR_peek_error(); + err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_RAND && ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) (void)ERR_get_error(); @@ -507,14 +517,37 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) static int ssleay_rand_status(void) { int ret; + int do_not_lock; + /* check if we already have the lock + * (could happen if a RAND_poll() implementation calls RAND_status()) */ + do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id()); + + if (!do_not_lock) + { + CRYPTO_w_lock(CRYPTO_LOCK_RAND); + + /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ + crypto_lock_rand = 1; + locking_thread = CRYPTO_thread_id(); + } + if (!initialized) + { RAND_poll(); + initialized = 1; + } - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - initialized = 1; ret = entropy >= ENTROPY_NEEDED; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + if (!do_not_lock) + { + /* before unlocking, we must clear 'crypto_lock_rand' */ + crypto_lock_rand = 0; + locking_thread = 0; + + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + } + return ret; } diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c index f4376cf8cc5..2ffb84c89e2 100644 --- a/lib/libcrypto/rand/randfile.c +++ b/lib/libcrypto/rand/randfile.c @@ -233,6 +233,12 @@ const char *RAND_file_name(char *buf, size_t size) { if (issetugid() == 0) s=getenv("HOME"); +#ifdef DEFAULT_HOME + if (s == NULL) + { + s = DEFAULT_HOME; + } +#endif if (s && *s && strlen(s)+strlen(RFILE)+2 < size) { strlcpy(buf,s,size); @@ -242,7 +248,7 @@ const char *RAND_file_name(char *buf, size_t size) strlcat(buf,RFILE,size); ret=buf; } - else + else buf[0] = '\0'; /* no file name */ } diff --git a/lib/libcrypto/rsa/rsa_oaep.c b/lib/libcrypto/rsa/rsa_oaep.c index fd0b7f361fb..1849e55cd5d 100644 --- a/lib/libcrypto/rsa/rsa_oaep.c +++ b/lib/libcrypto/rsa/rsa_oaep.c @@ -77,14 +77,16 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, int i, dblen, mlen = -1; unsigned char *maskeddb; int lzero; - unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; if (--num < 2 * SHA_DIGEST_LENGTH + 1) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); - return (-1); - } + goto decoding_err; + lzero = num - flen; + if (lzero < 0) + goto decoding_err; + maskeddb = from - lzero + SHA_DIGEST_LENGTH; + dblen = num - SHA_DIGEST_LENGTH; db = OPENSSL_malloc(dblen); if (db == NULL) @@ -93,9 +95,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, return (-1); } - lzero = num - flen; - maskeddb = from - lzero + SHA_DIGEST_LENGTH; - MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); for (i = lzero; i < SHA_DIGEST_LENGTH; i++) seed[i] ^= from[i - lzero]; @@ -107,21 +106,20 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, SHA1(param, plen, phash); if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + goto decoding_err; else { for (i = SHA_DIGEST_LENGTH; i < dblen; i++) if (db[i] != 0x00) break; if (db[i] != 0x01 || i++ >= dblen) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, - RSA_R_OAEP_DECODING_ERROR); + goto decoding_err; else { mlen = dblen - i; if (tlen < mlen) { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); mlen = -1; } else @@ -130,6 +128,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, } OPENSSL_free(db); return (mlen); + +decoding_err: + /* to avoid chosen ciphertext attacks, the error message should not reveal + * which kind of decoding error happened */ + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + if (db != NULL) OPENSSL_free(db); + return -1; } int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) diff --git a/lib/libcrypto/x509/x509_obj.c b/lib/libcrypto/x509/x509_obj.c index 6a3ba8eb154..f0271fdfa14 100644 --- a/lib/libcrypto/x509/x509_obj.c +++ b/lib/libcrypto/x509/x509_obj.c @@ -214,6 +214,8 @@ int i; } else p=buf; + if (i == 0) + *p = '\0'; return(p); err: X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index a7b1543461b..86b3b79dcc0 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -228,7 +228,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp) static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) { - if(x->aux) return obj_trust(trust->arg1, x, flags); + if(x->aux && (x->aux->trust || x->aux->reject)) + return obj_trust(trust->arg1, x, flags); /* we don't have any trust settings: for compatibility * we return trusted if it is self signed */ diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c index d04232960e3..258af84867a 100644 --- a/lib/libssl/s3_srvr.c +++ b/lib/libssl/s3_srvr.c @@ -1322,14 +1322,15 @@ static int ssl3_get_client_key_exchange(SSL *s) i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); + al = -1; + if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); - goto f_err; } - if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) + if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) { /* The premaster secret must contain the same version number as the * ClientHello to detect version rollback attacks (strangely, the @@ -1347,6 +1348,27 @@ static int ssl3_get_client_key_exchange(SSL *s) } } + if (al != -1) + { +#if 0 + goto f_err; +#else + /* Some decryption failure -- use random value instead as countermeasure + * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding + * (see RFC 2246, section 7.4.7.1). + * But note that due to length and protocol version checking, the + * attack is impractical anyway (see section 5 in D. Bleichenbacher: + * "Chosen Ciphertext Attacks Against Protocols Based on the RSA + * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). + */ + ERR_clear_error(); + i = SSL_MAX_MASTER_KEY_LENGTH; + p[0] = s->client_version >> 8; + p[1] = s->client_version & 0xff; + RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ +#endif + } + s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, diff --git a/lib/libssl/shlib_version b/lib/libssl/shlib_version index 3066b9771e7..900b4048a96 100644 --- a/lib/libssl/shlib_version +++ b/lib/libssl/shlib_version @@ -1,2 +1,2 @@ major=5 -minor=0 +minor=1 diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c index d10a23af8eb..a0758e92614 100644 --- a/lib/libssl/t1_enc.c +++ b/lib/libssl/t1_enc.c @@ -420,7 +420,7 @@ int tls1_enc(SSL *s, int send) if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { - memcpy(rec->data,rec->input,rec->length); + memmove(rec->data,rec->input,rec->length); rec->input=rec->data; } else @@ -447,11 +447,21 @@ int tls1_enc(SSL *s, int send) rec->length+=i; } + if (!send) + { + if (l == 0 || l%bs != 0) + { + SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); + return(0); + } + } + EVP_Cipher(ds,rec->data,rec->input,l); if ((bs != 1) && !send) { - ii=i=rec->data[l-1]; + ii=i=rec->data[l-1]; /* padding_length */ i++; if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) { @@ -462,6 +472,8 @@ int tls1_enc(SSL *s, int send) if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) i--; } + /* TLS 1.0 does not bound the number of padding bytes by the block size. + * All of them must have value 'padding_length'. */ if (i > (int)rec->length) { SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); diff --git a/lib/libssl/test/Makefile.ssl b/lib/libssl/test/Makefile.ssl index 9c7b7dd1588..7384243cbdb 100644 --- a/lib/libssl/test/Makefile.ssl +++ b/lib/libssl/test/Makefile.ssl @@ -192,7 +192,7 @@ test_bn: @./$(BNTEST) >tmp.bntest @echo quit >>tmp.bntest @echo "running bc" - @<tmp.bntest sh -c "`sh ./bctest || true`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' + @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' @echo 'test a^b%c implementations' ./$(EXPTEST) |