From owner-svn-src-vendor@freebsd.org Tue Nov 20 18:59:51 2018 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9699B1139FDC; Tue, 20 Nov 2018 18:59:50 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 43B087C507; Tue, 20 Nov 2018 18:59:50 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 23CDE154FC; Tue, 20 Nov 2018 18:59:50 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAKIxoZQ060703; Tue, 20 Nov 2018 18:59:50 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAKIxgXI060663; Tue, 20 Nov 2018 18:59:42 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201811201859.wAKIxgXI060663@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Tue, 20 Nov 2018 18:59:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r340690 - in vendor-crypto/openssl/dist: . apps crypto crypto/async/arch crypto/bio crypto/bn crypto/bn/asm crypto/conf crypto/ct crypto/dsa crypto/ec crypto/engine crypto/err crypto/ev... X-SVN-Group: vendor-crypto X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: in vendor-crypto/openssl/dist: . apps crypto crypto/async/arch crypto/bio crypto/bn crypto/bn/asm crypto/conf crypto/ct crypto/dsa crypto/ec crypto/engine crypto/err crypto/evp crypto/include/internal... X-SVN-Commit-Revision: 340690 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 43B087C507 X-Spamd-Result: default: False [0.52 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.01)[0.012,0]; NEURAL_SPAM_SHORT(0.31)[0.309,0]; NEURAL_SPAM_MEDIUM(0.19)[0.194,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 18:59:51 -0000 Author: jkim Date: Tue Nov 20 18:59:41 2018 New Revision: 340690 URL: https://svnweb.freebsd.org/changeset/base/340690 Log: Import OpenSSL 1.1.1a. Added: vendor-crypto/openssl/dist/crypto/getenv.c (contents, props changed) vendor-crypto/openssl/dist/doc/man3/SSL_get_peer_tmp_key.pod Deleted: vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_client_CA_list.pod vendor-crypto/openssl/dist/doc/man3/SSL_get_client_CA_list.pod vendor-crypto/openssl/dist/doc/man3/SSL_get_server_tmp_key.pod Modified: vendor-crypto/openssl/dist/CHANGES vendor-crypto/openssl/dist/Configure vendor-crypto/openssl/dist/INSTALL vendor-crypto/openssl/dist/NEWS vendor-crypto/openssl/dist/README vendor-crypto/openssl/dist/apps/app_rand.c vendor-crypto/openssl/dist/apps/apps.c vendor-crypto/openssl/dist/apps/apps.h vendor-crypto/openssl/dist/apps/ca.c vendor-crypto/openssl/dist/apps/ocsp.c vendor-crypto/openssl/dist/apps/openssl.cnf vendor-crypto/openssl/dist/apps/opt.c vendor-crypto/openssl/dist/apps/rehash.c vendor-crypto/openssl/dist/apps/rsa.c vendor-crypto/openssl/dist/apps/s_cb.c vendor-crypto/openssl/dist/apps/s_server.c vendor-crypto/openssl/dist/apps/speed.c vendor-crypto/openssl/dist/apps/x509.c vendor-crypto/openssl/dist/crypto/LPdir_unix.c vendor-crypto/openssl/dist/crypto/async/arch/async_posix.h vendor-crypto/openssl/dist/crypto/bio/b_sock2.c vendor-crypto/openssl/dist/crypto/bio/bio_lib.c vendor-crypto/openssl/dist/crypto/bio/bss_log.c vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c vendor-crypto/openssl/dist/crypto/bn/bn_exp.c vendor-crypto/openssl/dist/crypto/bn/bn_lib.c vendor-crypto/openssl/dist/crypto/build.info vendor-crypto/openssl/dist/crypto/conf/conf_api.c vendor-crypto/openssl/dist/crypto/conf/conf_mod.c vendor-crypto/openssl/dist/crypto/cryptlib.c vendor-crypto/openssl/dist/crypto/ct/ct_log.c vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c vendor-crypto/openssl/dist/crypto/ec/ec_ameth.c vendor-crypto/openssl/dist/crypto/ec/ec_mult.c vendor-crypto/openssl/dist/crypto/ec/ec_pmeth.c vendor-crypto/openssl/dist/crypto/ec/ecdh_kdf.c vendor-crypto/openssl/dist/crypto/engine/eng_devcrypto.c vendor-crypto/openssl/dist/crypto/engine/eng_list.c vendor-crypto/openssl/dist/crypto/err/openssl.txt vendor-crypto/openssl/dist/crypto/evp/e_aes.c vendor-crypto/openssl/dist/crypto/evp/e_rc2.c vendor-crypto/openssl/dist/crypto/evp/pmeth_lib.c vendor-crypto/openssl/dist/crypto/include/internal/ec_int.h vendor-crypto/openssl/dist/crypto/include/internal/rand_int.h vendor-crypto/openssl/dist/crypto/kdf/hkdf.c vendor-crypto/openssl/dist/crypto/mem_sec.c vendor-crypto/openssl/dist/crypto/o_fopen.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_mutl.c vendor-crypto/openssl/dist/crypto/poly1305/poly1305_ieee754.c vendor-crypto/openssl/dist/crypto/rand/drbg_ctr.c vendor-crypto/openssl/dist/crypto/rand/drbg_lib.c vendor-crypto/openssl/dist/crypto/rand/rand_err.c vendor-crypto/openssl/dist/crypto/rand/rand_lcl.h vendor-crypto/openssl/dist/crypto/rand/rand_lib.c vendor-crypto/openssl/dist/crypto/rand/rand_unix.c vendor-crypto/openssl/dist/crypto/rand/randfile.c vendor-crypto/openssl/dist/crypto/rsa/rsa_lib.c vendor-crypto/openssl/dist/crypto/rsa/rsa_meth.c vendor-crypto/openssl/dist/crypto/rsa/rsa_ossl.c vendor-crypto/openssl/dist/crypto/sha/asm/keccak1600-s390x.pl vendor-crypto/openssl/dist/crypto/sha/asm/sha512p8-ppc.pl vendor-crypto/openssl/dist/crypto/siphash/siphash.c vendor-crypto/openssl/dist/crypto/sm2/sm2_crypt.c vendor-crypto/openssl/dist/crypto/sm2/sm2_sign.c vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c vendor-crypto/openssl/dist/crypto/x509/by_dir.c vendor-crypto/openssl/dist/crypto/x509/by_file.c vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c vendor-crypto/openssl/dist/doc/man1/ca.pod vendor-crypto/openssl/dist/doc/man1/enc.pod vendor-crypto/openssl/dist/doc/man1/openssl.pod vendor-crypto/openssl/dist/doc/man1/req.pod vendor-crypto/openssl/dist/doc/man1/rsa.pod vendor-crypto/openssl/dist/doc/man1/s_server.pod vendor-crypto/openssl/dist/doc/man1/storeutl.pod vendor-crypto/openssl/dist/doc/man1/x509.pod vendor-crypto/openssl/dist/doc/man3/DES_random_key.pod vendor-crypto/openssl/dist/doc/man3/EVP_DigestInit.pod vendor-crypto/openssl/dist/doc/man3/EVP_PKEY_CTX_ctrl.pod vendor-crypto/openssl/dist/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod vendor-crypto/openssl/dist/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod vendor-crypto/openssl/dist/doc/man3/EVP_PKEY_set1_RSA.pod vendor-crypto/openssl/dist/doc/man3/EVP_aes.pod vendor-crypto/openssl/dist/doc/man3/EVP_aria.pod vendor-crypto/openssl/dist/doc/man3/EVP_bf_cbc.pod vendor-crypto/openssl/dist/doc/man3/EVP_camellia.pod vendor-crypto/openssl/dist/doc/man3/EVP_cast5_cbc.pod vendor-crypto/openssl/dist/doc/man3/EVP_des.pod vendor-crypto/openssl/dist/doc/man3/EVP_idea_cbc.pod vendor-crypto/openssl/dist/doc/man3/EVP_md5.pod vendor-crypto/openssl/dist/doc/man3/EVP_rc2_cbc.pod vendor-crypto/openssl/dist/doc/man3/EVP_rc5_32_12_16_cbc.pod vendor-crypto/openssl/dist/doc/man3/EVP_seed_cbc.pod vendor-crypto/openssl/dist/doc/man3/EVP_sm4_cbc.pod vendor-crypto/openssl/dist/doc/man3/OPENSSL_VERSION_NUMBER.pod vendor-crypto/openssl/dist/doc/man3/RSA_meth_new.pod vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set0_CA_list.pod vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set1_curves.pod vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_quiet_shutdown.pod vendor-crypto/openssl/dist/doc/man3/SSL_get_error.pod vendor-crypto/openssl/dist/doc/man3/SSL_get_peer_signature_nid.pod vendor-crypto/openssl/dist/doc/man3/SSL_set_bio.pod vendor-crypto/openssl/dist/doc/man3/SSL_set_shutdown.pod vendor-crypto/openssl/dist/doc/man3/SSL_shutdown.pod vendor-crypto/openssl/dist/doc/man7/RAND_DRBG.pod vendor-crypto/openssl/dist/e_os.h vendor-crypto/openssl/dist/include/internal/cryptlib.h vendor-crypto/openssl/dist/include/internal/tsan_assist.h vendor-crypto/openssl/dist/include/openssl/cryptoerr.h vendor-crypto/openssl/dist/include/openssl/ec.h vendor-crypto/openssl/dist/include/openssl/ocsp.h vendor-crypto/openssl/dist/include/openssl/opensslv.h vendor-crypto/openssl/dist/include/openssl/rand_drbg.h vendor-crypto/openssl/dist/include/openssl/randerr.h vendor-crypto/openssl/dist/include/openssl/rsa.h vendor-crypto/openssl/dist/include/openssl/ssl.h vendor-crypto/openssl/dist/include/openssl/symhacks.h vendor-crypto/openssl/dist/include/openssl/tls1.h vendor-crypto/openssl/dist/ssl/d1_lib.c vendor-crypto/openssl/dist/ssl/record/rec_layer_d1.c vendor-crypto/openssl/dist/ssl/record/record.h vendor-crypto/openssl/dist/ssl/record/record_locl.h vendor-crypto/openssl/dist/ssl/record/ssl3_record.c vendor-crypto/openssl/dist/ssl/s3_cbc.c vendor-crypto/openssl/dist/ssl/s3_enc.c vendor-crypto/openssl/dist/ssl/s3_lib.c vendor-crypto/openssl/dist/ssl/ssl_cert.c vendor-crypto/openssl/dist/ssl/ssl_ciph.c vendor-crypto/openssl/dist/ssl/ssl_lib.c vendor-crypto/openssl/dist/ssl/ssl_locl.h vendor-crypto/openssl/dist/ssl/statem/extensions.c vendor-crypto/openssl/dist/ssl/statem/extensions_clnt.c vendor-crypto/openssl/dist/ssl/statem/statem.c vendor-crypto/openssl/dist/ssl/statem/statem_clnt.c vendor-crypto/openssl/dist/ssl/statem/statem_lib.c vendor-crypto/openssl/dist/ssl/statem/statem_locl.h vendor-crypto/openssl/dist/ssl/statem/statem_srvr.c vendor-crypto/openssl/dist/ssl/t1_lib.c vendor-crypto/openssl/dist/ssl/tls13_enc.c Modified: vendor-crypto/openssl/dist/CHANGES ============================================================================== --- vendor-crypto/openssl/dist/CHANGES Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/CHANGES Tue Nov 20 18:59:41 2018 (r340690) @@ -7,6 +7,42 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1 and 1.1.1a [20 Nov 2018] + + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Timing vulnerability in ECDSA signature generation + + The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. + (CVE-2018-0735) + [Paul Dale] + + *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for + the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names + are retained for backwards compatibility. + [Antoine Salon] + + *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input + if its length exceeds 4096 bytes. The limit has been raised to a buffer size + of two gigabytes and the error handling improved. + + This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been + categorized as a normal bug, not a security issue, because the DRBG reseeds + automatically and is fully functional even without additional randomness + provided by the application. + Changes between 1.1.0i and 1.1.1 [11 Sep 2018] *) Add a new ClientHello callback. Provides a callback interface that gives @@ -13103,4 +13139,3 @@ des-cbc 3624.96k 5258.21k 5530.91k *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes sent in the client random. [Edward Bishop ] - Modified: vendor-crypto/openssl/dist/Configure ============================================================================== --- vendor-crypto/openssl/dist/Configure Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/Configure Tue Nov 20 18:59:41 2018 (r340690) @@ -1013,13 +1013,18 @@ if (scalar(@seed_sources) == 0) { if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; warn <<_____ if scalar(@seed_sources) == 1; -You have selected the --with-rand-seed=none option, which effectively disables -automatic reseeding of the OpenSSL random generator. All operations depending -on the random generator such as creating keys will not work unless the random -generator is seeded manually by the application. -Please read the 'Note on random number generation' section in the INSTALL -instructions and the RAND_DRBG(7) manual page for more details. +============================== WARNING =============================== +You have selected the --with-rand-seed=none option, which effectively +disables automatic reseeding of the OpenSSL random generator. +All operations depending on the random generator such as creating keys +will not work unless the random generator is seeded manually by the +application. + +Please read the 'Note on random number generation' section in the +INSTALL instructions and the RAND_DRBG(7) manual page for more details. +============================== WARNING =============================== + _____ } push @{$config{openssl_other_defines}}, @@ -2174,6 +2179,16 @@ EOF # Massage the result + # If the user configured no-shared, we allow no shared sources + if ($disabled{shared}) { + foreach (keys %{$unified_info{shared_sources}}) { + foreach (keys %{$unified_info{shared_sources}->{$_}}) { + delete $unified_info{sources}->{$_}; + } + } + $unified_info{shared_sources} = {}; + } + # If we depend on a header file or a perl module, add an inclusion of # its directory to allow smoothe inclusion foreach my $dest (keys %{$unified_info{depends}}) { @@ -2198,8 +2213,8 @@ EOF next unless defined($unified_info{includes}->{$dest}->{$k}); my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}}; foreach my $obj (grep /\.o$/, - (keys %{$unified_info{sources}->{$dest}}, - keys %{$unified_info{shared_sources}->{$dest}})) { + (keys %{$unified_info{sources}->{$dest} // {}}, + keys %{$unified_info{shared_sources}->{$dest} // {}})) { foreach my $inc (@incs) { unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}}; @@ -2238,6 +2253,42 @@ EOF [ @{$unified_info{includes}->{$dest}->{source}} ]; } } + + # For convenience collect information regarding directories where + # files are generated, those generated files and the end product + # they end up in where applicable. Then, add build rules for those + # directories + my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ], + "dso" => [ @{$unified_info{engines}} ], + "bin" => [ @{$unified_info{programs}} ], + "script" => [ @{$unified_info{scripts}} ] ); + foreach my $type (keys %loopinfo) { + foreach my $product (@{$loopinfo{$type}}) { + my %dirs = (); + my $pd = dirname($product); + + foreach (@{$unified_info{sources}->{$product} // []}, + @{$unified_info{shared_sources}->{$product} // []}) { + my $d = dirname($_); + + # We don't want to create targets for source directories + # when building out of source + next if ($config{sourcedir} ne $config{builddir} + && $d =~ m|^\Q$config{sourcedir}\E|); + # We already have a "test" target, and the current directory + # is just silly to make a target for + next if $d eq "test" || $d eq "."; + + $dirs{$d} = 1; + push @{$unified_info{dirinfo}->{$d}->{deps}}, $_ + if $d ne $pd; + } + foreach (keys %dirs) { + push @{$unified_info{dirinfo}->{$_}->{products}->{$type}}, + $product; + } + } + } } # For the schemes that need it, we provide the old *_obj configs @@ -2712,10 +2763,16 @@ print <<"EOF"; ********************************************************************** *** *** -*** If you want to report a building issue, please include the *** -*** output from this command: *** +*** OpenSSL has been successfully configured *** *** *** -*** perl configdata.pm --dump *** +*** If you encounter a problem while building, please open an *** +*** issue on GitHub *** +*** and include the output from the following command: *** +*** *** +*** perl configdata.pm --dump *** +*** *** +*** (If you are new to OpenSSL, you might want to consult the *** +*** 'Troubleshooting' section in the INSTALL file first) *** *** *** ********************************************************************** EOF Modified: vendor-crypto/openssl/dist/INSTALL ============================================================================== --- vendor-crypto/openssl/dist/INSTALL Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/INSTALL Tue Nov 20 18:59:41 2018 (r340690) @@ -614,8 +614,8 @@ Windows, and as a comma separated list of libraries on VMS. RANLIB The library archive indexer. - RC The Windows resources manipulator. - RCFLAGS Flags for the Windows reources manipulator. + RC The Windows resource compiler. + RCFLAGS Flags for the Windows resource compiler. RM The command to remove files and directories. These cannot be mixed with compiling / linking flags given @@ -969,7 +969,7 @@ BUILDFILE Use a different build file name than the platform default - ("Makefile" on Unixly platforms, "makefile" on native Windows, + ("Makefile" on Unix-like platforms, "makefile" on native Windows, "descrip.mms" on OpenVMS). This requires that there is a corresponding build file template. See Configurations/README for further information. @@ -1171,7 +1171,7 @@ part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of the name. - On most POSIXly platforms, shared libraries are named libcrypto.so.1.1 + On most POSIX platforms, shared libraries are named libcrypto.so.1.1 and libssl.so.1.1. on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll @@ -1202,7 +1202,7 @@ The seeding method can be configured using the --with-rand-seed option, which can be used to specify a comma separated list of seed methods. However in most cases OpenSSL will choose a suitable default method, - so it is not necessary to explicitely provide this option. Note also + so it is not necessary to explicitly provide this option. Note also that not all methods are available on all platforms. I) On operating systems which provide a suitable randomness source (in Modified: vendor-crypto/openssl/dist/NEWS ============================================================================== --- vendor-crypto/openssl/dist/NEWS Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/NEWS Tue Nov 20 18:59:41 2018 (r340690) @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018] + + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + o Timing vulnerability in ECDSA signature generation (CVE-2018-0735) + Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018] o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3 Modified: vendor-crypto/openssl/dist/README ============================================================================== --- vendor-crypto/openssl/dist/README Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/README Tue Nov 20 18:59:41 2018 (r340690) @@ -1,5 +1,5 @@ - OpenSSL 1.1.1 11 Sep 2018 + OpenSSL 1.1.1a 20 Nov 2018 Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist/apps/app_rand.c ============================================================================== --- vendor-crypto/openssl/dist/apps/app_rand.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/app_rand.c Tue Nov 20 18:59:41 2018 (r340690) @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,6 @@ void app_RAND_load_conf(CONF *c, const char *section) if (RAND_load_file(randfile, -1) < 0) { BIO_printf(bio_err, "Can't load %s into RNG\n", randfile); ERR_print_errors(bio_err); - return; } if (save_rand_file == NULL) save_rand_file = OPENSSL_strdup(randfile); Modified: vendor-crypto/openssl/dist/apps/apps.c ============================================================================== --- vendor-crypto/openssl/dist/apps/apps.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/apps.c Tue Nov 20 18:59:41 2018 (r340690) @@ -1831,6 +1831,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int opt_getprog(), typestr); continue; } + if (*valstr == '\0') { + BIO_printf(bio_err, + "%s: No value provided for Subject Attribute %s, skipped\n", + opt_getprog(), typestr); + continue; + } if (!X509_NAME_add_entry_by_NID(n, nid, chtype, valstr, strlen((char *)valstr), -1, ismulti ? -1 : 0)) Modified: vendor-crypto/openssl/dist/apps/apps.h ============================================================================== --- vendor-crypto/openssl/dist/apps/apps.h Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/apps.h Tue Nov 20 18:59:41 2018 (r340690) @@ -369,7 +369,7 @@ typedef struct string_int_pair_st { # define OPT_FMT_SMIME (1L << 3) # define OPT_FMT_ENGINE (1L << 4) # define OPT_FMT_MSBLOB (1L << 5) -# define OPT_FMT_NETSCAPE (1L << 6) +/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */ # define OPT_FMT_NSS (1L << 7) # define OPT_FMT_TEXT (1L << 8) # define OPT_FMT_HTTP (1L << 9) @@ -378,8 +378,8 @@ typedef struct string_int_pair_st { # define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) # define OPT_FMT_ANY ( \ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ - OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \ - OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) + OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \ + OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) char *opt_progname(const char *argv0); char *opt_getprog(void); Modified: vendor-crypto/openssl/dist/apps/ca.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ca.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/ca.c Tue Nov 20 18:59:41 2018 (r340690) @@ -605,7 +605,7 @@ end_of_options: /* * outdir is a directory spec, but access() for VMS demands a * filename. We could use the DEC C routine to convert the - * directory syntax to Unixly, and give that to app_isdir, + * directory syntax to Unix, and give that to app_isdir, * but for now the fopen will catch the error if it's not a * directory */ @@ -976,7 +976,7 @@ end_of_options: BIO_printf(bio_err, "Write out database with %d new entries\n", sk_X509_num(cert_sk)); - if (!rand_ser + if (serialfile != NULL && !save_serial(serialfile, "new", serial, NULL)) goto end; @@ -1044,7 +1044,8 @@ end_of_options: if (sk_X509_num(cert_sk)) { /* Rename the database and the serial file */ - if (!rotate_serial(serialfile, "new", "old")) + if (serialfile != NULL + && !rotate_serial(serialfile, "new", "old")) goto end; if (!rotate_index(dbfile, "new", "old")) @@ -1177,10 +1178,9 @@ end_of_options: } /* we have a CRL number that need updating */ - if (crlnumberfile != NULL) - if (!rand_ser - && !save_serial(crlnumberfile, "new", crlnumber, NULL)) - goto end; + if (crlnumberfile != NULL + && !save_serial(crlnumberfile, "new", crlnumber, NULL)) + goto end; BN_free(crlnumber); crlnumber = NULL; @@ -1195,9 +1195,10 @@ end_of_options: PEM_write_bio_X509_CRL(Sout, crl); - if (crlnumberfile != NULL) /* Rename the crlnumber file */ - if (!rotate_serial(crlnumberfile, "new", "old")) - goto end; + /* Rename the crlnumber file */ + if (crlnumberfile != NULL + && !rotate_serial(crlnumberfile, "new", "old")) + goto end; } /*****************************************************************/ Modified: vendor-crypto/openssl/dist/apps/ocsp.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ocsp.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/ocsp.c Tue Nov 20 18:59:41 2018 (r340690) @@ -950,6 +950,7 @@ static void spawn_loop(void) sleep(30); break; case 0: /* child */ + OPENSSL_free(kidpids); signal(SIGINT, SIG_DFL); signal(SIGTERM, SIG_DFL); if (termsig) @@ -976,6 +977,7 @@ static void spawn_loop(void) } /* The loop above can only break on termsig */ + OPENSSL_free(kidpids); syslog(LOG_INFO, "terminating on signal: %d", termsig); killall(0, kidpids); } Modified: vendor-crypto/openssl/dist/apps/openssl.cnf ============================================================================== --- vendor-crypto/openssl/dist/apps/openssl.cnf Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/openssl.cnf Tue Nov 20 18:59:41 2018 (r340690) @@ -10,7 +10,6 @@ # This definition stops the following lines choking if HOME isn't # defined. HOME = . -RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid @@ -57,7 +56,6 @@ crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extensions to add to the cert Modified: vendor-crypto/openssl/dist/apps/opt.c ============================================================================== --- vendor-crypto/openssl/dist/apps/opt.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/opt.c Tue Nov 20 18:59:41 2018 (r340690) @@ -168,7 +168,6 @@ static OPT_PAIR formats[] = { {"smime", OPT_FMT_SMIME}, {"engine", OPT_FMT_ENGINE}, {"msblob", OPT_FMT_MSBLOB}, - {"netscape", OPT_FMT_NETSCAPE}, {"nss", OPT_FMT_NSS}, {"text", OPT_FMT_TEXT}, {"http", OPT_FMT_HTTP}, Modified: vendor-crypto/openssl/dist/apps/rehash.c ============================================================================== --- vendor-crypto/openssl/dist/apps/rehash.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/rehash.c Tue Nov 20 18:59:41 2018 (r340690) @@ -1,6 +1,6 @@ /* * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2013-2014 Timo Teräs + * Copyright (c) 2013-2014 Timo Teräs * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy Modified: vendor-crypto/openssl/dist/apps/rsa.c ============================================================================== --- vendor-crypto/openssl/dist/apps/rsa.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/rsa.c Tue Nov 20 18:59:41 2018 (r340690) @@ -38,8 +38,8 @@ typedef enum OPTION_choice { const OPTIONS rsa_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"}, - {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"}, + {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"}, + {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"}, {"in", OPT_IN, 's', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, @@ -269,6 +269,9 @@ int rsa_main(int argc, char **argv) } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { EVP_PKEY *pk; pk = EVP_PKEY_new(); + if (pk == NULL) + goto end; + EVP_PKEY_set1_RSA(pk, rsa); if (outformat == FORMAT_PVK) { if (pubin) { Modified: vendor-crypto/openssl/dist/apps/s_cb.c ============================================================================== --- vendor-crypto/openssl/dist/apps/s_cb.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/s_cb.c Tue Nov 20 18:59:41 2018 (r340690) @@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared) int ssl_print_tmp_key(BIO *out, SSL *s) { EVP_PKEY *key; - if (!SSL_get_server_tmp_key(s, &key)) + + if (!SSL_get_peer_tmp_key(s, &key)) return 1; BIO_puts(out, "Server Temp Key: "); switch (EVP_PKEY_id(key)) { Modified: vendor-crypto/openssl/dist/apps/s_server.c ============================================================================== --- vendor-crypto/openssl/dist/apps/s_server.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/s_server.c Tue Nov 20 18:59:41 2018 (r340690) @@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigne if (strlen(psk_identity) != identity_len || memcmp(psk_identity, identity, identity_len) != 0) { - BIO_printf(bio_s_out, - "PSK warning: client identity not what we expected" - " (got '%s' expected '%s')\n", identity, psk_identity); + *sess = NULL; + return 1; } if (psksess != NULL) { @@ -1622,6 +1621,11 @@ int s_server_main(int argc, char *argv[]) goto end; } #endif + if (early_data && (www > 0 || rev)) { + BIO_printf(bio_err, + "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n"); + goto end; + } #ifndef OPENSSL_NO_SCTP if (protocol == IPPROTO_SCTP) { Modified: vendor-crypto/openssl/dist/apps/speed.c ============================================================================== --- vendor-crypto/openssl/dist/apps/speed.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/speed.c Tue Nov 20 18:59:41 2018 (r340690) @@ -2896,7 +2896,7 @@ int speed_main(int argc, char **argv) if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ - for (testnum++; testnum < EC_NUM; testnum++) + for (testnum++; testnum < ECDSA_NUM; testnum++) ecdsa_doit[testnum] = 0; } } Modified: vendor-crypto/openssl/dist/apps/x509.c ============================================================================== --- vendor-crypto/openssl/dist/apps/x509.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/apps/x509.c Tue Nov 20 18:59:41 2018 (r340690) @@ -67,10 +67,10 @@ typedef enum OPTION_choice { const OPTIONS x509_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'f', - "Input format - default PEM (one of DER, NET or PEM)"}, + "Input format - default PEM (one of DER or PEM)"}, {"in", OPT_IN, '<', "Input file - default stdin"}, {"outform", OPT_OUTFORM, 'f', - "Output format - default PEM (one of DER, NET or PEM)"}, + "Output format - default PEM (one of DER or PEM)"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"}, Modified: vendor-crypto/openssl/dist/crypto/LPdir_unix.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/LPdir_unix.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/LPdir_unix.c Tue Nov 20 18:59:41 2018 (r340690) @@ -51,7 +51,7 @@ #endif /* - * The POSIXly macro for the maximum number of characters in a file path is + * The POSIX macro for the maximum number of characters in a file path is * NAME_MAX. However, some operating systems use PATH_MAX instead. * Therefore, it seems natural to first check for PATH_MAX and use that, and * if it doesn't exist, use NAME_MAX. Modified: vendor-crypto/openssl/dist/crypto/async/arch/async_posix.h ============================================================================== --- vendor-crypto/openssl/dist/crypto/async/arch/async_posix.h Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/async/arch/async_posix.h Tue Nov 20 18:59:41 2018 (r340690) @@ -17,7 +17,8 @@ # include -# if _POSIX_VERSION >= 200112L +# if _POSIX_VERSION >= 200112L \ + && (_POSIX_VERSION < 200809L || defined(__GLIBC__)) # include Modified: vendor-crypto/openssl/dist/crypto/bio/b_sock2.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bio/b_sock2.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/bio/b_sock2.c Tue Nov 20 18:59:41 2018 (r340690) @@ -133,7 +133,9 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int op */ int BIO_bind(int sock, const BIO_ADDR *addr, int options) { +# ifndef OPENSSL_SYS_WINDOWS int on = 1; +# endif if (sock == -1) { BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET); Modified: vendor-crypto/openssl/dist/crypto/bio/bio_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bio/bio_lib.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/bio/bio_lib.c Tue Nov 20 18:59:41 2018 (r340690) @@ -52,7 +52,7 @@ static long bio_call_callback(BIO *b, int oper, const argi = (int)len; } - if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { if (*processed > INT_MAX) return -1; inret = *processed; @@ -60,7 +60,7 @@ static long bio_call_callback(BIO *b, int oper, const ret = b->callback(b, oper, argp, argi, argl, inret); - if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { + if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { *processed = (size_t)ret; ret = 1; } Modified: vendor-crypto/openssl/dist/crypto/bio/bss_log.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bio/bss_log.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/bio/bss_log.c Tue Nov 20 18:59:41 2018 (r340690) @@ -408,4 +408,9 @@ static void xcloselog(BIO *bp) # endif /* Unix */ +#else /* NO_SYSLOG */ +const BIO_METHOD *BIO_s_log(void) +{ + return NULL; +} #endif /* NO_SYSLOG */ Modified: vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c Tue Nov 20 18:59:41 2018 (r340690) @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,12 +63,6 @@ * very much like 64-bit code compiled with no-asm on the same * machine. */ - -# if defined(_WIN64) || !defined(__LP64__) -# define BN_ULONG unsigned long long -# else -# define BN_ULONG unsigned long -# endif # undef mul # undef mul_add Modified: vendor-crypto/openssl/dist/crypto/bn/bn_exp.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_exp.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/bn/bn_exp.c Tue Nov 20 18:59:41 2018 (r340690) @@ -1077,7 +1077,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM * is not only slower but also makes each bit vulnerable to * EM (and likely other) side-channel attacks like One&Done * (for details see "One&Done: A Single-Decryption EM-Based - * Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam, + * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam, * H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and * M. Prvulovic, in USENIX Security'18) */ Modified: vendor-crypto/openssl/dist/crypto/bn/bn_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Tue Nov 20 18:59:41 2018 (r340690) @@ -767,26 +767,30 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, b->neg ^= t; /*- - * Idea behind BN_FLG_STATIC_DATA is actually to - * indicate that data may not be written to. - * Intention is actually to treat it as it's - * read-only data, and some (if not most) of it does - * reside in read-only segment. In other words - * observation of BN_FLG_STATIC_DATA in - * BN_consttime_swap should be treated as fatal - * condition. It would either cause SEGV or - * effectively cause data corruption. - * BN_FLG_MALLOCED refers to BN structure itself, - * and hence must be preserved. Remaining flags are - * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be - * preserved, because it determines how x->d was - * allocated and hence how to free it. This leaves - * BN_FLG_CONSTTIME that one can do something about. - * To summarize it's sufficient to mask and swap - * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should - * be treated as fatal. + * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention + * is actually to treat it as it's read-only data, and some (if not most) + * of it does reside in read-only segment. In other words observation of + * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal + * condition. It would either cause SEGV or effectively cause data + * corruption. + * + * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be + * preserved. + * + * BN_FLG_SECURE: must be preserved, because it determines how x->d was + * allocated and hence how to free it. + * + * BN_FLG_CONSTTIME: sufficient to mask and swap + * + * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on + * the data, so the d array may be padded with additional 0 values (i.e. + * top could be greater than the minimal value that it could be). We should + * be swapping it */ - t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition; + +#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP) + + t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition; a->flags ^= t; b->flags ^= t; Modified: vendor-crypto/openssl/dist/crypto/build.info ============================================================================== --- vendor-crypto/openssl/dist/crypto/build.info Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/build.info Tue Nov 20 18:59:41 2018 (r340690) @@ -2,7 +2,7 @@ LIBS=../libcrypto SOURCE[../libcrypto]=\ cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \ - threads_pthread.c threads_win.c threads_none.c \ + threads_pthread.c threads_win.c threads_none.c getenv.c \ o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \ {- $target{uplink_aux_src} -} EXTRA= ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \ Modified: vendor-crypto/openssl/dist/crypto/conf/conf_api.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/conf/conf_api.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/conf/conf_api.c Tue Nov 20 18:59:41 2018 (r340690) @@ -10,6 +10,7 @@ /* Part of the code in here was originally in conf.c, which is now removed */ #include "e_os.h" +#include "internal/cryptlib.h" #include #include #include @@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *s if (v != NULL) return v->value; if (strcmp(section, "ENV") == 0) { - p = getenv(name); + p = ossl_safe_getenv(name); if (p != NULL) return p; } @@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *s else return NULL; } else - return getenv(name); + return ossl_safe_getenv(name); } static unsigned long conf_value_hash(const CONF_VALUE *v) Modified: vendor-crypto/openssl/dist/crypto/conf/conf_mod.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/conf/conf_mod.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/conf/conf_mod.c Tue Nov 20 18:59:41 2018 (r340690) @@ -480,11 +480,8 @@ char *CONF_get1_default_config_file(void) char *file, *sep = ""; int len; - if (!OPENSSL_issetugid()) { - file = getenv("OPENSSL_CONF"); - if (file) - return OPENSSL_strdup(file); - } + if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL) + return OPENSSL_strdup(file); len = strlen(X509_get_default_cert_area()); #ifndef OPENSSL_SYS_VMS Modified: vendor-crypto/openssl/dist/crypto/cryptlib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/cryptlib.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/cryptlib.c Tue Nov 20 18:59:41 2018 (r340690) @@ -204,7 +204,7 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p == NULL) { HANDLE mod = GetModuleHandle(NULL); - FARPROC f; + FARPROC f = NULL; if (mod != NULL) f = GetProcAddress(mod, "_OPENSSL_isservice"); Modified: vendor-crypto/openssl/dist/crypto/ct/ct_log.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/ct/ct_log.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/ct/ct_log.c Tue Nov 20 18:59:41 2018 (r340690) @@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const C int CTLOG_STORE_load_default_file(CTLOG_STORE *store) { - const char *fpath = getenv(CTLOG_FILE_EVP); + const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP); if (fpath == NULL) fpath = CTLOG_FILE; Modified: vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c Tue Nov 20 18:59:41 2018 (r340690) @@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N if (mctx == NULL) goto err; + /* make sure L > N, otherwise we'll get trapped in an infinite loop */ + if (L <= N) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); Modified: vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c Tue Nov 20 18:59:41 2018 (r340690) @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "internal/bn_int.h" #include #include #include "dsa_locl.h" @@ -23,6 +24,8 @@ static int dsa_do_verify(const unsigned char *dgst, in DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", @@ -178,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, { BN_CTX *ctx = NULL; BIGNUM *k, *kinv = NULL, *r = *rp; - BIGNUM *l, *m; + BIGNUM *l; int ret = 0; - int q_bits; + int q_bits, q_words; if (!dsa->p || !dsa->q || !dsa->g) { DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); @@ -189,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, k = BN_new(); l = BN_new(); - m = BN_new(); - if (k == NULL || l == NULL || m == NULL) + if (k == NULL || l == NULL) goto err; if (ctx_in == NULL) { @@ -201,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, /* Preallocate space */ q_bits = BN_num_bits(dsa->q); - if (!BN_set_bit(k, q_bits) - || !BN_set_bit(l, q_bits) - || !BN_set_bit(m, q_bits)) + q_words = bn_get_top(dsa->q); + if (!bn_wexpand(k, q_words + 2) + || !bn_wexpand(l, q_words + 2)) goto err; /* Get random k */ @@ -221,6 +223,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, } while (BN_is_zero(k)); BN_set_flags(k, BN_FLG_CONSTTIME); + BN_set_flags(l, BN_FLG_CONSTTIME); if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, @@ -238,14 +241,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, * small timing information leakage. We then choose the sum that is * one bit longer than the modulus. * - * TODO: revisit the BN_copy aiming for a memory access agnostic - * conditional copy. + * There are some concerns about the efficacy of doing this. More + * specificly refer to the discussion starting with: + * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 + * The fix is to rework BN so these gymnastics aren't required. */ if (!BN_add(l, k, dsa->q) - || !BN_add(m, l, dsa->q) - || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m)) + || !BN_add(k, l, dsa->q)) goto err; + BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2); + if ((dsa)->meth->bn_mod_exp != NULL) { if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p)) @@ -258,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_mod(r, r, dsa->q, ctx)) goto err; - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL) + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL) goto err; BN_clear_free(*kinvp); @@ -273,7 +279,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BN_CTX_free(ctx); BN_clear_free(k); BN_clear_free(l); - BN_clear_free(m); return ret; } @@ -392,4 +397,32 @@ static int dsa_finish(DSA *dsa) { BN_MONT_CTX_free(dsa->method_mont_p); return 1; +} + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *res = NULL; + BIGNUM *r, *e; + + if ((r = BN_new()) == NULL) + return NULL; + + BN_CTX_start(ctx); + if ((e = BN_CTX_get(ctx)) != NULL + && BN_set_word(r, 2) + && BN_sub(e, q, r) + && BN_mod_exp_mont(r, k, e, q, ctx, NULL)) + res = r; + else + BN_free(r); + BN_CTX_end(ctx); + return res; } Modified: vendor-crypto/openssl/dist/crypto/ec/ec_ameth.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/ec/ec_ameth.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/ec/ec_ameth.c Tue Nov 20 18:59:41 2018 (r340690) @@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0) return 0; - if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0) + if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0) return 0; kdf_md = EVP_get_digestbynid(kdfmd_nid); @@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) ecdh_nid = NID_dh_cofactor_kdf; if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) { - kdf_type = EVP_PKEY_ECDH_KDF_X9_62; + kdf_type = EVP_PKEY_ECDH_KDF_X9_63; if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) goto err; } else Modified: vendor-crypto/openssl/dist/crypto/ec/ec_mult.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/ec/ec_mult.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/ec/ec_mult.c Tue Nov 20 18:59:41 2018 (r340690) @@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POI */ cardinality_bits = BN_num_bits(cardinality); group_top = bn_get_top(cardinality); - if ((bn_wexpand(k, group_top + 1) == NULL) - || (bn_wexpand(lambda, group_top + 1) == NULL)) { + if ((bn_wexpand(k, group_top + 2) == NULL) + || (bn_wexpand(lambda, group_top + 2) == NULL)) { ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; } @@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POI * k := scalar + 2*cardinality */ kbit = BN_is_bit_set(lambda, cardinality_bits); - BN_consttime_swap(kbit, k, lambda, group_top + 1); + BN_consttime_swap(kbit, k, lambda, group_top + 2); group_top = bn_get_top(group->field); if ((bn_wexpand(s->X, group_top) == NULL) Modified: vendor-crypto/openssl/dist/crypto/ec/ec_pmeth.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/ec/ec_pmeth.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/ec/ec_pmeth.c Tue Nov 20 18:59:41 2018 (r340690) @@ -209,7 +209,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, if (!pkey_ec_derive(ctx, ktmp, &ktmplen)) goto err; /* Do KDF stuff */ - if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen, + if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen, dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) goto err; rv = 1; @@ -281,7 +281,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, i case EVP_PKEY_CTRL_EC_KDF_TYPE: if (p1 == -2) return dctx->kdf_type; - if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62) + if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63) return -2; dctx->kdf_type = p1; return 1; Modified: vendor-crypto/openssl/dist/crypto/ec/ecdh_kdf.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/ec/ecdh_kdf.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/ec/ecdh_kdf.c Tue Nov 20 18:59:41 2018 (r340690) @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,12 +10,13 @@ #include #include #include +#include "ec_lcl.h" -/* Key derivation function from X9.62/SECG */ +/* Key derivation function from X9.63/SECG */ /* Way more than we will ever need */ #define ECDH_KDF_MAX (1 << 30) -int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, +int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md) @@ -65,4 +66,16 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, err: EVP_MD_CTX_free(mctx); return rv; +} + +/*- + * The old name for ecdh_KDF_X9_63 + * Retained for ABI compatibility + */ +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md) +{ + return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md); } Modified: vendor-crypto/openssl/dist/crypto/engine/eng_devcrypto.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/engine/eng_devcrypto.c Tue Nov 20 18:38:28 2018 (r340689) +++ vendor-crypto/openssl/dist/crypto/engine/eng_devcrypto.c Tue Nov 20 18:59:41 2018 (r340690) @@ -28,6 +28,13 @@ # define CHECK_BSD_STYLE_MACROS #endif +/* + * ONE global file descriptor for all sessions. This allows operations + * such as digest session data copying (see digest_copy()), but is also + * saner... why re-open /dev/crypto for every session? + */ +static int cfd; + /****************************************************************************** * * Ciphers @@ -39,7 +46,6 @@ *****/ struct cipher_ctx { - int cfd; struct session_op sess; /* to pass from init to do_cipher */ @@ -69,7 +75,7 @@ static const struct cipher_data_st { { NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, { NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC }, #ifndef OPENSSL_NO_RC4 - { NID_rc4, 1, 16, 0, CRYPTO_ARC4 }, + { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 }, *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@freebsd.org Tue Nov 20 19:00:21 2018 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 11FB1113A05E; Tue, 20 Nov 2018 19:00:21 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A7D657C653; Tue, 20 Nov 2018 19:00:20 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7199E15501; Tue, 20 Nov 2018 19:00:20 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAKJ0KBQ060827; Tue, 20 Nov 2018 19:00:20 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAKJ0KAN060826; Tue, 20 Nov 2018 19:00:20 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201811201900.wAKJ0KAN060826@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Tue, 20 Nov 2018 19:00:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r340691 - vendor-crypto/openssl/1.1.1a X-SVN-Group: vendor-crypto X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: vendor-crypto/openssl/1.1.1a X-SVN-Commit-Revision: 340691 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: A7D657C653 X-Spamd-Result: default: False [0.41 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.31)[0.310,0]; NEURAL_HAM_LONG(-0.01)[-0.006,0]; NEURAL_SPAM_MEDIUM(0.11)[0.109,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 19:00:21 -0000 Author: jkim Date: Tue Nov 20 19:00:20 2018 New Revision: 340691 URL: https://svnweb.freebsd.org/changeset/base/340691 Log: Tag OpenSSL 1.1.1a. Added: vendor-crypto/openssl/1.1.1a/ - copied from r340690, vendor-crypto/openssl/dist/ From owner-svn-src-vendor@freebsd.org Tue Nov 20 19:01:24 2018 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 571C9113A227; Tue, 20 Nov 2018 19:01:24 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 08FC47C987; Tue, 20 Nov 2018 19:01:24 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DE3621554B; Tue, 20 Nov 2018 19:01:23 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAKJ1Nk8061726; Tue, 20 Nov 2018 19:01:23 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAKJ1IwI061696; Tue, 20 Nov 2018 19:01:18 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201811201901.wAKJ1IwI061696@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Tue, 20 Nov 2018 19:01:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r340692 - in vendor-crypto/openssl/dist-1.0.2: . apps crypto crypto/bio crypto/bn crypto/bn/asm crypto/conf crypto/dsa crypto/ec crypto/engine crypto/pkcs12 crypto/pkcs7 crypto/rand cry... X-SVN-Group: vendor-crypto X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: in vendor-crypto/openssl/dist-1.0.2: . apps crypto crypto/bio crypto/bn crypto/bn/asm crypto/conf crypto/dsa crypto/ec crypto/engine crypto/pkcs12 crypto/pkcs7 crypto/rand crypto/rsa crypto/ui crypto/... X-SVN-Commit-Revision: 340692 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 08FC47C987 X-Spamd-Result: default: False [0.52 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.01)[0.012,0]; NEURAL_SPAM_MEDIUM(0.19)[0.194,0]; NEURAL_SPAM_SHORT(0.31)[0.309,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 19:01:24 -0000 Author: jkim Date: Tue Nov 20 19:01:17 2018 New Revision: 340692 URL: https://svnweb.freebsd.org/changeset/base/340692 Log: Import OpenSSL 1.0.2q. Added: vendor-crypto/openssl/dist-1.0.2/crypto/getenv.c (contents, props changed) Modified: vendor-crypto/openssl/dist-1.0.2/CHANGES vendor-crypto/openssl/dist-1.0.2/FREEBSD-upgrade vendor-crypto/openssl/dist-1.0.2/Makefile vendor-crypto/openssl/dist-1.0.2/NEWS vendor-crypto/openssl/dist-1.0.2/README vendor-crypto/openssl/dist-1.0.2/apps/req.c vendor-crypto/openssl/dist-1.0.2/config vendor-crypto/openssl/dist-1.0.2/crypto/Makefile vendor-crypto/openssl/dist-1.0.2/crypto/bio/b_sock.c vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/x86_64-gcc.c vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_blind.c vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_lib.c vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mod.c vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mont.c vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mul.c vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_sqr.c vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_x931p.c vendor-crypto/openssl/dist-1.0.2/crypto/bn_int.h vendor-crypto/openssl/dist-1.0.2/crypto/conf/Makefile vendor-crypto/openssl/dist-1.0.2/crypto/conf/conf_api.c vendor-crypto/openssl/dist-1.0.2/crypto/conf/conf_mod.c vendor-crypto/openssl/dist-1.0.2/crypto/cryptlib.h vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_gen.c vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_ossl.c vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_lcl.h vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_lib.c vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_mult.c vendor-crypto/openssl/dist-1.0.2/crypto/engine/eng_list.c vendor-crypto/openssl/dist-1.0.2/crypto/opensslconf.h vendor-crypto/openssl/dist-1.0.2/crypto/opensslv.h vendor-crypto/openssl/dist-1.0.2/crypto/pkcs12/p12_init.c vendor-crypto/openssl/dist-1.0.2/crypto/pkcs7/pk7_lib.c vendor-crypto/openssl/dist-1.0.2/crypto/rand/Makefile vendor-crypto/openssl/dist-1.0.2/crypto/rand/md_rand.c vendor-crypto/openssl/dist-1.0.2/crypto/rand/rand_lcl.h vendor-crypto/openssl/dist-1.0.2/crypto/rand/rand_lib.c vendor-crypto/openssl/dist-1.0.2/crypto/rand/randfile.c vendor-crypto/openssl/dist-1.0.2/crypto/rsa/rsa_eay.c vendor-crypto/openssl/dist-1.0.2/crypto/ui/ui_openssl.c vendor-crypto/openssl/dist-1.0.2/crypto/x509/by_dir.c vendor-crypto/openssl/dist-1.0.2/crypto/x509/by_file.c vendor-crypto/openssl/dist-1.0.2/crypto/x509/x509_vfy.c vendor-crypto/openssl/dist-1.0.2/crypto/x509v3/v3_purp.c vendor-crypto/openssl/dist-1.0.2/doc/apps/crl.pod vendor-crypto/openssl/dist-1.0.2/doc/apps/req.pod vendor-crypto/openssl/dist-1.0.2/doc/apps/s_server.pod vendor-crypto/openssl/dist-1.0.2/doc/crypto/EVP_DigestSignInit.pod vendor-crypto/openssl/dist-1.0.2/doc/crypto/EVP_DigestVerifyInit.pod vendor-crypto/openssl/dist-1.0.2/doc/crypto/OPENSSL_VERSION_NUMBER.pod vendor-crypto/openssl/dist-1.0.2/engines/e_capi.c vendor-crypto/openssl/dist-1.0.2/ssl/d1_pkt.c vendor-crypto/openssl/dist-1.0.2/ssl/ssl_ciph.c vendor-crypto/openssl/dist-1.0.2/ssl/ssl_lib.c vendor-crypto/openssl/dist-1.0.2/ssl/t1_lib.c vendor-crypto/openssl/dist-1.0.2/util/domd vendor-crypto/openssl/dist-1.0.2/util/libeay.num Modified: vendor-crypto/openssl/dist-1.0.2/CHANGES ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/CHANGES Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/CHANGES Tue Nov 20 19:01:17 2018 (r340692) @@ -7,6 +7,36 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.0.2p and 1.0.2q [20 Nov 2018] + + *) Microarchitecture timing vulnerability in ECC scalar multiplication + + OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been + shown to be vulnerable to a microarchitecture timing side channel attack. + An attacker with sufficient access to mount local timing attacks during + ECDSA signature generation could recover the private key. + + This issue was reported to OpenSSL on 26th October 2018 by Alejandro + Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and + Nicola Tuveri. + (CVE-2018-5407) + [Billy Brumley] + + *) Timing vulnerability in DSA signature generation + + The OpenSSL DSA signature algorithm has been shown to be vulnerable to a + timing side channel attack. An attacker could use variations in the signing + algorithm to recover the private key. + + This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. + (CVE-2018-0734) + [Paul Dale] + + *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object + Module, accidentally introduced while backporting security fixes from the + development branch and hindering the use of ECC in FIPS mode. + [Nicola Tuveri] + Changes between 1.0.2o and 1.0.2p [14 Aug 2018] *) Client DoS due to large DH parameter Modified: vendor-crypto/openssl/dist-1.0.2/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/FREEBSD-upgrade Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/FREEBSD-upgrade Tue Nov 20 19:01:17 2018 (r340692) @@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/V # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://repo.freebsd.org/base" -setenv OSSLVER 1.0.2p -# OSSLTAG format: v1_0_2p +setenv OSSLVER 1.0.2q +# OSSLTAG format: v1_0_2q ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` Modified: vendor-crypto/openssl/dist-1.0.2/Makefile ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/Makefile Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/Makefile Tue Nov 20 19:01:17 2018 (r340692) @@ -4,18 +4,18 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2p +VERSION=1.0.2q MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 SHLIB_VERSION_HISTORY= SHLIB_MAJOR=1 SHLIB_MINOR=0.0 -SHLIB_EXT= -PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine -CONFIGURE_ARGS=dist -SHLIB_TARGET= +SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +PLATFORM=linux-x86_64 +OPTIONS=-Wa,--noexecstack no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine +CONFIGURE_ARGS=linux-x86_64 -Wa,--noexecstack +SHLIB_TARGET=linux-shared # HERE indicates where this Makefile lives. This can be used to indicate # where sub-Makefiles are expected to be. Currently has very limited usage, @@ -59,11 +59,11 @@ OPENSSLDIR=/usr/local/ssl # equal 4. # PKCS1_CHECK - pkcs1 tests. -CC= cc -CFLAG= -O +CC= gcc +CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS PEX_LIBS= -EX_LIBS= +EX_LIBS= -ldl EXE_EXT= ARFLAGS= AR= ar $(ARFLAGS) r @@ -73,7 +73,7 @@ NM= nm PERL= /usr/bin/perl TAR= tar TARFLAGS= --no-recursion -MAKEDEPPROG= cc +MAKEDEPPROG= gcc LIBDIR=lib # We let the C compiler driver to take care of .s files. This is done in @@ -89,23 +89,23 @@ ASFLAG=$(CFLAG) PROCESSOR= # CPUID module collects small commonly used assembler snippets -CPUID_OBJ= mem_clr.o -BN_ASM= bn_asm.o -EC_ASM= +CPUID_OBJ= x86_64cpuid.o +BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o DES_ENC= des_enc.o fcrypt_b.o -AES_ENC= aes_core.o aes_cbc.o +AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o BF_ENC= bf_enc.o CAST_ENC= c_enc.o -RC4_ENC= rc4_enc.o rc4_skey.o +RC4_ENC= rc4-x86_64.o rc4-md5-x86_64.o RC5_ENC= rc5_enc.o -MD5_ASM_OBJ= -SHA1_ASM_OBJ= +MD5_ASM_OBJ= md5-x86_64.o +SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o RMD160_ASM_OBJ= -WP_ASM_OBJ= wp_block.o -CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o -MODES_ASM_OBJ= +WP_ASM_OBJ= wp-x86_64.o +CMLL_ENC= cmll-x86_64.o cmll_misc.o +MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o ENGINES_ASM_OBJ= -PERLASM_SCHEME= +PERLASM_SCHEME= elf # KRB5 stuff KRB5_INCLUDES= @@ -177,8 +177,8 @@ LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= -SHARED_LIBS_LINK_EXTS= -SHARED_LDFLAGS= +SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so +SHARED_LDFLAGS=-m64 GENERAL= Makefile BASENAME= openssl Modified: vendor-crypto/openssl/dist-1.0.2/NEWS ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/NEWS Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/NEWS Tue Nov 20 19:01:17 2018 (r340692) @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2p and OpenSSL 1.0.2q [20 Nov 2018] + + o Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) + o Timing vulnerability in DSA signature generation (CVE-2018-0734) + Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018] o Client DoS due to large DH parameter (CVE-2018-0732) Modified: vendor-crypto/openssl/dist-1.0.2/README ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/README Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/README Tue Nov 20 19:01:17 2018 (r340692) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2p 14 Aug 2018 + OpenSSL 1.0.2q 20 Nov 2018 Copyright (c) 1998-2018 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist-1.0.2/apps/req.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/apps/req.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/apps/req.c Tue Nov 20 19:01:17 2018 (r340692) @@ -659,8 +659,7 @@ int MAIN(int argc, char **argv) } } - BIO_printf(bio_err, "Generating a %ld bit %s private key\n", - newkey, keyalgstr); + BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr); EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); EVP_PKEY_CTX_set_app_data(genctx, bio_err); Modified: vendor-crypto/openssl/dist-1.0.2/config ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/config Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/config Tue Nov 20 19:01:17 2018 (r340692) @@ -992,5 +992,6 @@ if [ $? = "0" ]; then fi else echo "This system ($OUT) is not supported. See file INSTALL for details." + exit 1 fi ) Modified: vendor-crypto/openssl/dist-1.0.2/crypto/Makefile ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/Makefile Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/Makefile Tue Nov 20 19:01:17 2018 (r340692) @@ -36,9 +36,11 @@ TEST=constant_time_test.c LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ - ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c + ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c \ + getenv.c LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \ - uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ) + uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o getenv.o \ + $(CPUID_OBJ) SRC= $(LIBSRC) @@ -178,6 +180,13 @@ ex_data.o: ../include/openssl/ossl_typ.h ../include/op ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h ex_data.o: ex_data.c fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c +getenv.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h +getenv.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +getenv.o: ../include/openssl/err.h ../include/openssl/lhash.h +getenv.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +getenv.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +getenv.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h +getenv.o: getenv.c mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem.o: ../include/openssl/err.h ../include/openssl/lhash.h Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bio/b_sock.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/bio/b_sock.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/bio/b_sock.c Tue Nov 20 19:01:17 2018 (r340692) @@ -56,6 +56,9 @@ * [including the GNU Public Licence.] */ +#define _DEFAULT_SOURCE +#define _BSD_SOURCE + #include #include #include @@ -83,6 +86,11 @@ NETDB_DEFINE_CONTEXT static int wsa_init_done = 0; # endif +# if defined(__GLIBC__) +# define HAVE_GETHOSTBYNAME_R +# define GETHOSTNAME_R_BUF (2 * 1024) +# endif + /* * WSAAPI specifier is required to make indirect calls to run-time * linked WinSock 2 functions used in this module, to be specific @@ -116,7 +124,12 @@ int BIO_get_host_ip(const char *str, unsigned char *ip int i; int err = 1; int locked = 0; - struct hostent *he; + struct hostent *he = NULL; +# ifdef HAVE_GETHOSTBYNAME_R + char buf[GETHOSTNAME_R_BUF]; + struct hostent hostent; + int h_errnop; +# endif i = get_ip(str, ip); if (i < 0) { @@ -138,10 +151,18 @@ int BIO_get_host_ip(const char *str, unsigned char *ip if (i > 0) return (1); + /* if gethostbyname_r is supported, use it. */ +# ifdef HAVE_GETHOSTBYNAME_R + memset(&hostent, 0x00, sizeof(hostent)); + /* gethostbyname_r() sets |he| to NULL on error, we check it further down */ + gethostbyname_r(str, &hostent, buf, sizeof(buf), &he, &h_errnop); +# else /* do a gethostbyname */ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); locked = 1; he = BIO_gethostbyname(str); +# endif + if (he == NULL) { BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP); goto err; Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/x86_64-gcc.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/x86_64-gcc.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/bn/asm/x86_64-gcc.c Tue Nov 20 19:01:17 2018 (r340692) @@ -55,12 +55,6 @@ * machine. */ -# if defined(_WIN64) || !defined(__LP64__) -# define BN_ULONG unsigned long long -# else -# define BN_ULONG unsigned long -# endif - # undef mul # undef mul_add Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_blind.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_blind.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_blind.c Tue Nov 20 19:01:17 2018 (r340692) @@ -1,6 +1,6 @@ /* crypto/bn/bn_blind.c */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -206,10 +206,15 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) goto err; } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) { - if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) - goto err; - if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)) - goto err; + if (b->m_ctx != NULL) { + if (!bn_mul_mont_fixed_top(b->Ai, b->Ai, b->Ai, b->m_ctx, ctx) + || !bn_mul_mont_fixed_top(b->A, b->A, b->A, b->m_ctx, ctx)) + goto err; + } else { + if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx) + || !BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) + goto err; + } } ret = 1; @@ -241,13 +246,13 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BL else if (!BN_BLINDING_update(b, ctx)) return (0); - if (r != NULL) { - if (!BN_copy(r, b->Ai)) - ret = 0; - } + if (r != NULL && (BN_copy(r, b->Ai) == NULL)) + return 0; - if (!BN_mod_mul(n, n, b->A, b->mod, ctx)) - ret = 0; + if (b->m_ctx != NULL) + ret = BN_mod_mul_montgomery(n, n, b->A, b->m_ctx, ctx); + else + ret = BN_mod_mul(n, n, b->A, b->mod, ctx); return ret; } @@ -264,14 +269,29 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, bn_check_top(n); - if (r != NULL) - ret = BN_mod_mul(n, n, r, b->mod, ctx); - else { - if (b->Ai == NULL) { - BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); - return (0); + if (r == NULL && (r = b->Ai) == NULL) { + BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); + return 0; + } + + if (b->m_ctx != NULL) { + /* ensure that BN_mod_mul_montgomery takes pre-defined path */ + if (n->dmax >= r->top) { + size_t i, rtop = r->top, ntop = n->top; + BN_ULONG mask; + + for (i = 0; i < rtop; i++) { + mask = (BN_ULONG)0 - ((i - ntop) >> (8 * sizeof(i) - 1)); + n->d[i] &= mask; + } + mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1)); + /* always true, if (rtop >= ntop) n->top = r->top; */ + n->top = (int)(rtop & ~mask) | (ntop & mask); + n->flags |= (BN_FLG_FIXED_TOP & ~mask); } - ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); + ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx); + } else { + ret = BN_mod_mul(n, n, r, b->mod, ctx); } bn_check_top(n); @@ -366,11 +386,16 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, } while (1); if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { - if (!ret->bn_mod_exp - (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) + if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) goto err; } else { if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) + goto err; + } + + if (ret->m_ctx != NULL) { + if (!bn_to_mont_fixed_top(ret->Ai, ret->Ai, ret->m_ctx, ctx) + || !bn_to_mont_fixed_top(ret->A, ret->A, ret->m_ctx, ctx)) goto err; } Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_lib.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_lib.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_lib.c Tue Nov 20 19:01:17 2018 (r340692) @@ -617,26 +617,40 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIG static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { int n; - size_t i, inc, lasti, j; + size_t i, lasti, j, atop, mask; BN_ULONG l; + /* + * In case |a| is fixed-top, BN_num_bytes can return bogus length, + * but it's assumed that fixed-top inputs ought to be "nominated" + * even for padded output, so it works out... + */ n = BN_num_bytes(a); - if (tolen == -1) + if (tolen == -1) { tolen = n; - else if (tolen < n) - return -1; + } else if (tolen < n) { /* uncommon/unlike case */ + BIGNUM temp = *a; - if (n == 0) { + bn_correct_top(&temp); + n = BN_num_bytes(&temp); + if (tolen < n) + return -1; + } + + /* Swipe through whole available data and don't give away padded zero. */ + atop = a->dmax * BN_BYTES; + if (atop == 0) { OPENSSL_cleanse(to, tolen); return tolen; } - lasti = n - 1; - for (i = 0, inc = 1, j = tolen; j > 0;) { + lasti = atop - 1; + atop = a->top * BN_BYTES; + for (i = 0, j = 0, to += tolen; j < (size_t)tolen; j++) { l = a->d[i / BN_BYTES]; - to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc)); - inc = (i - lasti) >> (8 * sizeof(i) - 1); - i += inc; /* stay on top limb */ + mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); + *--to = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ } return tolen; @@ -888,6 +902,38 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, t = (a->top ^ b->top) & condition; a->top ^= t; b->top ^= t; + + t = (a->neg ^ b->neg) & condition; + a->neg ^= t; + b->neg ^= t; + + /*- + * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention + * is actually to treat it as it's read-only data, and some (if not most) + * of it does reside in read-only segment. In other words observation of + * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal + * condition. It would either cause SEGV or effectively cause data + * corruption. + * + * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be + * preserved. + * + * BN_FLG_SECURE: must be preserved, because it determines how x->d was + * allocated and hence how to free it. + * + * BN_FLG_CONSTTIME: sufficient to mask and swap + * + * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on + * the data, so the d array may be padded with additional 0 values (i.e. + * top could be greater than the minimal value that it could be). We should + * be swapping it + */ + +#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP) + + t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition; + a->flags ^= t; + b->flags ^= t; #define BN_CONSTTIME_SWAP(ind) \ do { \ Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mod.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mod.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mod.c Tue Nov 20 19:01:17 2018 (r340692) @@ -172,7 +172,7 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, c if (mtop > sizeof(storage) / sizeof(storage[0]) && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL) - return 0; + return 0; ap = a->d != NULL ? a->d : tp; bp = b->d != NULL ? b->d : tp; @@ -197,6 +197,7 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, c ((volatile BN_ULONG *)tp)[i] = 0; } r->top = mtop; + r->flags |= BN_FLG_FIXED_TOP; r->neg = 0; if (tp != storage) @@ -222,6 +223,70 @@ int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNU if (!BN_sub(r, a, b)) return 0; return BN_nnmod(r, r, m, ctx); +} + +/* + * BN_mod_sub variant that may be used if both a and b are non-negative, + * a is less than m, while b is of same bit width as m. It's implemented + * as subtraction followed by two conditional additions. + * + * 0 <= a < m + * 0 <= b < 2^w < 2*m + * + * after subtraction + * + * -2*m < r = a - b < m + * + * Thus it takes up to two conditional additions to make |r| positive. + */ +int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) +{ + size_t i, ai, bi, mtop = m->top; + BN_ULONG borrow, carry, ta, tb, mask, *rp; + const BN_ULONG *ap, *bp; + + if (bn_wexpand(r, m->top) == NULL) + return 0; + + rp = r->d; + ap = a->d != NULL ? a->d : rp; + bp = b->d != NULL ? b->d : rp; + + for (i = 0, ai = 0, bi = 0, borrow = 0; i < mtop;) { + mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); + ta = ap[ai] & mask; + + mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); + tb = bp[bi] & mask; + rp[i] = ta - tb - borrow; + if (ta != tb) + borrow = (ta < tb); + + i++; + ai += (i - a->dmax) >> (8 * sizeof(i) - 1); + bi += (i - b->dmax) >> (8 * sizeof(i) - 1); + } + ap = m->d; + for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) { + ta = ((ap[i] & mask) + carry) & BN_MASK2; + carry = (ta < carry); + rp[i] = (rp[i] + ta) & BN_MASK2; + carry += (rp[i] < ta); + } + borrow -= carry; + for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) { + ta = ((ap[i] & mask) + carry) & BN_MASK2; + carry = (ta < carry); + rp[i] = (rp[i] + ta) & BN_MASK2; + carry += (rp[i] < ta); + } + + r->top = mtop; + r->flags |= BN_FLG_FIXED_TOP; + r->neg = 0; + + return 1; } /* Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mont.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mont.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mont.c Tue Nov 20 19:01:17 2018 (r340692) @@ -164,10 +164,10 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, bn_check_top(tmp); if (a == b) { - if (!BN_sqr(tmp, a, ctx)) + if (!bn_sqr_fixed_top(tmp, a, ctx)) goto err; } else { - if (!BN_mul(tmp, a, b, ctx)) + if (!bn_mul_fixed_top(tmp, a, b, ctx)) goto err; } /* reduce from aRR to aR */ @@ -190,6 +190,7 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM BIGNUM *n; BN_ULONG *ap, *np, *rp, n0, v, carry; int nl, max, i; + unsigned int rtop; n = &(mont->N); nl = n->top; @@ -207,12 +208,10 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM rp = r->d; /* clear the top words of T */ -# if 1 - for (i = r->top; i < max; i++) /* memset? XXX */ - rp[i] = 0; -# else - memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); -# endif + for (rtop = r->top, i = 0; i < max; i++) { + v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1)); + rp[i] &= v; + } r->top = max; r->flags |= BN_FLG_FIXED_TOP; @@ -263,6 +262,18 @@ static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx) { + int retn; + + retn = bn_from_mont_fixed_top(ret, a, mont, ctx); + bn_correct_top(ret); + bn_check_top(ret); + + return retn; +} + +int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) +{ int retn = 0; #ifdef MONT_WORD BIGNUM *t; @@ -270,8 +281,6 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, B BN_CTX_start(ctx); if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) { retn = bn_from_montgomery_word(ret, t, mont); - bn_correct_top(ret); - bn_check_top(ret); } BN_CTX_end(ctx); #else /* !MONT_WORD */ Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mul.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mul.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_mul.c Tue Nov 20 19:01:17 2018 (r340692) @@ -936,6 +936,16 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { + int ret = bn_mul_fixed_top(r, a, b, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +{ int ret = 0; int top, al, bl; BIGNUM *rr; @@ -1042,7 +1052,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif - bn_correct_top(rr); + rr->flags |= BN_FLG_FIXED_TOP; if (r != rr && BN_copy(r, rr) == NULL) goto err; Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_sqr.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_sqr.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_sqr.c Tue Nov 20 19:01:17 2018 (r340692) @@ -66,6 +66,16 @@ */ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { + int ret = bn_sqr_fixed_top(r, a, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +{ int max, al; int ret = 0; BIGNUM *tmp, *rr; @@ -136,7 +146,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) rr->neg = 0; rr->top = max; - bn_correct_top(rr); + rr->flags |= BN_FLG_FIXED_TOP; if (r != rr && BN_copy(r, rr) == NULL) goto err; Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_x931p.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_x931p.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/bn/bn_x931p.c Tue Nov 20 19:01:17 2018 (r340692) @@ -4,7 +4,7 @@ * 2005. */ /* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2005-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -223,8 +223,10 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int n for (i = 0; i < 1000; i++) { if (!BN_rand(Xq, nbits, 1, 0)) goto err; + /* Check that |Xp - Xq| > 2^(nbits - 100) */ - BN_sub(t, Xp, Xq); + if (!BN_sub(t, Xp, Xq)) + goto err; if (BN_num_bits(t) > (nbits - 100)) break; } Modified: vendor-crypto/openssl/dist-1.0.2/crypto/bn_int.h ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/bn_int.h Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/bn_int.h Tue Nov 20 19:01:17 2018 (r340692) @@ -7,9 +7,15 @@ */ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); +int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); Modified: vendor-crypto/openssl/dist-1.0.2/crypto/conf/Makefile ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/conf/Makefile Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/conf/Makefile Tue Nov 20 19:01:17 2018 (r340692) @@ -80,12 +80,13 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. conf_api.o: ../../e_os.h ../../include/openssl/bio.h -conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h -conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +conf_api.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h +conf_api.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h +conf_api.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_api.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -conf_api.o: ../../include/openssl/symhacks.h conf_api.c +conf_api.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_api.c conf_def.o: ../../e_os.h ../../include/openssl/bio.h conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h Modified: vendor-crypto/openssl/dist-1.0.2/crypto/conf/conf_api.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/conf/conf_api.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/conf/conf_api.c Tue Nov 20 19:01:17 2018 (r340692) @@ -66,6 +66,7 @@ #include #include #include +#include "cryptlib.h" #include #include #include "e_os.h" @@ -141,7 +142,7 @@ char *_CONF_get_string(const CONF *conf, const char *s if (v != NULL) return (v->value); if (strcmp(section, "ENV") == 0) { - p = getenv(name); + p = ossl_safe_getenv(name); if (p != NULL) return (p); } @@ -154,7 +155,7 @@ char *_CONF_get_string(const CONF *conf, const char *s else return (NULL); } else - return (getenv(name)); + return (ossl_safe_getenv(name)); } #if 0 /* There's no way to provide error checking Modified: vendor-crypto/openssl/dist-1.0.2/crypto/conf/conf_mod.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/conf/conf_mod.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/conf/conf_mod.c Tue Nov 20 19:01:17 2018 (r340692) @@ -4,7 +4,7 @@ * 2001. */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -530,7 +530,7 @@ char *CONF_get1_default_config_file(void) char *file; int len; - file = getenv("OPENSSL_CONF"); + file = ossl_safe_getenv("OPENSSL_CONF"); if (file) return BUF_strdup(file); Modified: vendor-crypto/openssl/dist-1.0.2/crypto/cryptlib.h ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/cryptlib.h Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/cryptlib.h Tue Nov 20 19:01:17 2018 (r340692) @@ -104,6 +104,8 @@ void OPENSSL_showfatal(const char *fmta, ...); void *OPENSSL_stderr(void); extern int OPENSSL_NONPIC_relocated; +char *ossl_safe_getenv(const char *); + #ifdef __cplusplus } #endif Modified: vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_gen.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_gen.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_gen.c Tue Nov 20 19:01:17 2018 (r340692) @@ -435,6 +435,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N EVP_MD_CTX_init(&mctx); + /* make sure L > N, otherwise we'll get trapped in an infinite loop */ + if (L <= N) { + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS); + goto err; + } + if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); Modified: vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_ossl.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_ossl.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/dsa/dsa_ossl.c Tue Nov 20 19:01:17 2018 (r340692) @@ -73,6 +73,8 @@ static int dsa_do_verify(const unsigned char *dgst, in DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx); static DSA_METHOD openssl_dsa_meth = { "OpenSSL DSA method", @@ -279,7 +281,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BI goto err; /* Preallocate space */ - q_bits = BN_num_bits(dsa->q); + q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16; if (!BN_set_bit(&k, q_bits) || !BN_set_bit(&l, q_bits) || !BN_set_bit(&m, q_bits)) @@ -293,9 +295,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BI if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { BN_set_flags(&k, BN_FLG_CONSTTIME); + BN_set_flags(&l, BN_FLG_CONSTTIME); } - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, CRYPTO_LOCK_DSA, dsa->p, ctx)) @@ -333,8 +335,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BI if (!BN_mod(r, r, dsa->q, ctx)) goto err; - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL) + /* Compute part of 's = inv(k) (m + xr) mod q' */ + if ((kinv = dsa_mod_inverse_fermat(&k, dsa->q, ctx)) == NULL) goto err; if (*kinvp != NULL) @@ -467,4 +469,32 @@ static int dsa_finish(DSA *dsa) if (dsa->method_mont_p) BN_MONT_CTX_free(dsa->method_mont_p); return (1); +} + +/* + * Compute the inverse of k modulo q. + * Since q is prime, Fermat's Little Theorem applies, which reduces this to + * mod-exp operation. Both the exponent and modulus are public information + * so a mod-exp that doesn't leak the base is sufficient. A newly allocated + * BIGNUM is returned which the caller must free. + */ +static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *res = NULL; + BIGNUM *r, e; + + if ((r = BN_new()) == NULL) + return NULL; + + BN_init(&e); + + if (BN_set_word(r, 2) + && BN_sub(&e, q, r) + && BN_mod_exp_mont(r, k, &e, q, ctx, NULL)) + res = r; + else + BN_free(r); + BN_free(&e); + return res; } Modified: vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_lcl.h ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_lcl.h Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_lcl.h Tue Nov 20 19:01:17 2018 (r340692) @@ -3,7 +3,7 @@ * Originally written by Bodo Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -214,7 +214,7 @@ struct ec_group_st { int asn1_flag; /* flag to control the asn1 encoding */ /* * Kludge: upper bit of ans1_flag is used to denote structure - * version. Is set, then last field is present. This is done + * version. If set, then last field is present. This is done * for interoperation with FIPS code. */ #define EC_GROUP_ASN1_FLAG_MASK 0x7fffffff @@ -549,7 +549,6 @@ void ec_GFp_nistp_points_make_affine_internal(size_t n void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in); #endif -int ec_precompute_mont_data(EC_GROUP *); #ifdef ECP_NISTZ256_ASM /** Returns GFp methods using montgomery multiplication, with x86-64 optimized Modified: vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_lib.c ============================================================================== --- vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_lib.c Tue Nov 20 19:00:20 2018 (r340691) +++ vendor-crypto/openssl/dist-1.0.2/crypto/ec/ec_lib.c Tue Nov 20 19:01:17 2018 (r340692) @@ -70,6 +70,10 @@ const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; +/* local function prototypes */ + +static int ec_precompute_mont_data(EC_GROUP *group); + /* functions for EC_GROUP objects */ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) @@ -318,17 +322,25 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_P } else BN_zero(&group->cofactor); - /* - * Some groups have an order with - * factors of two, which makes the Montgomery setup fail. - * |group->mont_data| will be NULL in this case. + /*- + * Access to the `mont_data` field of an EC_GROUP struct should always be + * guarded by an EC_GROUP_VERSION(group) check to avoid OOB accesses, as the + * group might come from the FIPS module, which does not define the + * `mont_data` field inside the EC_GROUP structure. */ - if (BN_is_odd(&group->order)) { - return ec_precompute_mont_data(group); + if (EC_GROUP_VERSION(group)) { + /*- + * Some groups have an order with + * factors of two, which makes the Montgomery setup fail. + * |group->mont_data| will be NULL in this case. + */ + if (BN_is_odd(&group->order)) + return ec_precompute_mont_data(group); + + BN_MONT_CTX_free(group->mont_data); + group->mont_data = NULL; } - BN_MONT_CTX_free(group->mont_data); - group->mont_data = NULL; return 1; } @@ -1098,17 +1110,22 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *grou * been performed */ } -/* +/*- * ec_precompute_mont_data sets |group->mont_data| from |group->order| and * returns one on success. On error it returns zero. + * *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@freebsd.org Tue Nov 20 19:02:11 2018 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74AF0113A2C1; Tue, 20 Nov 2018 19:02:11 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1AE297CB64; Tue, 20 Nov 2018 19:02:11 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D239A15587; Tue, 20 Nov 2018 19:02:10 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAKJ2A38064720; Tue, 20 Nov 2018 19:02:10 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAKJ2ALq064719; Tue, 20 Nov 2018 19:02:10 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201811201902.wAKJ2ALq064719@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Tue, 20 Nov 2018 19:02:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r340693 - vendor-crypto/openssl/1.0.2q X-SVN-Group: vendor-crypto X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: vendor-crypto/openssl/1.0.2q X-SVN-Commit-Revision: 340693 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 1AE297CB64 X-Spamd-Result: default: False [0.41 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.31)[0.310,0]; NEURAL_HAM_LONG(-0.01)[-0.006,0]; NEURAL_SPAM_MEDIUM(0.11)[0.109,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2018 19:02:11 -0000 Author: jkim Date: Tue Nov 20 19:02:10 2018 New Revision: 340693 URL: https://svnweb.freebsd.org/changeset/base/340693 Log: Tag OpenSSL 1.0.2q. Added: vendor-crypto/openssl/1.0.2q/ - copied from r340692, vendor-crypto/openssl/dist-1.0.2/ From owner-svn-src-vendor@freebsd.org Sat Nov 24 01:15:12 2018 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 563A6113676B; Sat, 24 Nov 2018 01:15:12 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0A01C7C6B3; Sat, 24 Nov 2018 01:15:12 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C79FF268A1; Sat, 24 Nov 2018 01:15:11 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAO1FBGX098919; Sat, 24 Nov 2018 01:15:11 GMT (envelope-from mm@FreeBSD.org) Received: (from mm@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAO1F9K5098905; Sat, 24 Nov 2018 01:15:09 GMT (envelope-from mm@FreeBSD.org) Message-Id: <201811240115.wAO1F9K5098905@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mm set sender to mm@FreeBSD.org using -f From: Martin Matuska Date: Sat, 24 Nov 2018 01:15:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r340865 - in vendor/libarchive/dist: build/cmake cpio libarchive libarchive/test tar X-SVN-Group: vendor X-SVN-Commit-Author: mm X-SVN-Commit-Paths: in vendor/libarchive/dist: build/cmake cpio libarchive libarchive/test tar X-SVN-Commit-Revision: 340865 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 0A01C7C6B3 X-Spamd-Result: default: False [1.41 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_LONG(0.46)[0.458,0]; NEURAL_SPAM_MEDIUM(0.76)[0.762,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_SPAM_SHORT(0.19)[0.194,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2018 01:15:12 -0000 Author: mm Date: Sat Nov 24 01:15:08 2018 New Revision: 340865 URL: https://svnweb.freebsd.org/changeset/base/340865 Log: Update vendor/libarchive/dist to git 0e416f2fe757ad6841dbb3386a17d88b5c9f5533 Relevant vendor changes: PR #1080: Spelling fixes PR #1084: RAR5 reader bugfixes PR #1091: fix use-after-free in delayed newc link processing PR #1092: Fix a few obvious resource leaks and strcpy() misuses Modified: vendor/libarchive/dist/build/cmake/config.h.in vendor/libarchive/dist/cpio/cpio.c vendor/libarchive/dist/libarchive/archive_acl.c vendor/libarchive/dist/libarchive/archive_read_support_format_rar5.c vendor/libarchive/dist/libarchive/archive_windows.c vendor/libarchive/dist/libarchive/archive_write_set_format_iso9660.c vendor/libarchive/dist/libarchive/archive_write_set_format_mtree.c vendor/libarchive/dist/libarchive/archive_write_set_format_pax.c vendor/libarchive/dist/libarchive/archive_write_set_format_xar.c vendor/libarchive/dist/libarchive/test/test_fuzz.c vendor/libarchive/dist/libarchive/test/test_read_format_rar5.c vendor/libarchive/dist/libarchive/test/test_write_disk_perms.c vendor/libarchive/dist/tar/write.c Modified: vendor/libarchive/dist/build/cmake/config.h.in ============================================================================== --- vendor/libarchive/dist/build/cmake/config.h.in Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/build/cmake/config.h.in Sat Nov 24 01:15:08 2018 (r340865) @@ -680,6 +680,12 @@ typedef uint64_t uintmax_t; /* Define to 1 if you have the `bz2' library (-lbz2). */ #cmakedefine HAVE_LIBBZ2 1 +/* Define to 1 if you have the `b2' library (-lb2). */ +#cmakedefine HAVE_LIBB2 1 + +/* Define to 1 if you have the header file. */ +#cmakedefine HAVE_BLAKE2_H 1 + /* Define to 1 if you have the `charset' library (-lcharset). */ #cmakedefine HAVE_LIBCHARSET 1 Modified: vendor/libarchive/dist/cpio/cpio.c ============================================================================== --- vendor/libarchive/dist/cpio/cpio.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/cpio/cpio.c Sat Nov 24 01:15:08 2018 (r340865) @@ -755,8 +755,10 @@ file_to_archive(struct cpio *cpio, const char *srcpath } if (cpio->option_rename) destpath = cpio_rename(destpath); - if (destpath == NULL) + if (destpath == NULL) { + archive_entry_free(entry); return (0); + } archive_entry_copy_pathname(entry, destpath); /* Modified: vendor/libarchive/dist/libarchive/archive_acl.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_acl.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/libarchive/archive_acl.c Sat Nov 24 01:15:08 2018 (r340865) @@ -753,8 +753,10 @@ archive_acl_to_text_w(struct archive_acl *acl, ssize_t append_entry_w(&wp, prefix, ap->type, ap->tag, flags, wname, ap->permset, id); count++; - } else if (r < 0 && errno == ENOMEM) + } else if (r < 0 && errno == ENOMEM) { + free(ws); return (NULL); + } } /* Add terminating character */ @@ -975,8 +977,10 @@ archive_acl_to_text_l(struct archive_acl *acl, ssize_t prefix = NULL; r = archive_mstring_get_mbs_l( &ap->name, &name, &len, sc); - if (r != 0) + if (r != 0) { + free(s); return (NULL); + } if (count > 0) *p++ = separator; if (name == NULL || Modified: vendor/libarchive/dist/libarchive/archive_read_support_format_rar5.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_read_support_format_rar5.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/libarchive/archive_read_support_format_rar5.c Sat Nov 24 01:15:08 2018 (r340865) @@ -88,6 +88,7 @@ struct file_header { uint8_t solid : 1; /* Is this a solid stream? */ uint8_t service : 1; /* Is this file a service data? */ + uint8_t eof : 1; /* Did we finish unpacking the file? */ /* Optional time fields. */ uint64_t e_mtime; @@ -176,7 +177,7 @@ struct comp_state { decompression. */ uint8_t* filtered_buf; /* Buffer used when applying filters. */ const uint8_t* block_buf; /* Buffer used when merging blocks. */ - size_t window_mask; /* Convinience field; window_size - 1. */ + size_t window_mask; /* Convenience field; window_size - 1. */ int64_t write_ptr; /* This amount of data has been unpacked in the window buffer. */ int64_t last_write_ptr; /* This amount of data has been stored in @@ -279,7 +280,7 @@ struct rar5 { int skip_mode; /* An offset to QuickOpen list. This is not supported by this unpacker, - * becuase we're focusing on streaming interface. QuickOpen is designed + * because we're focusing on streaming interface. QuickOpen is designed * to make things quicker for non-stream interfaces, so it's not our * use case. */ uint64_t qlist_offset; @@ -387,7 +388,7 @@ static void cdeque_pop_front_fast(struct cdeque* d, vo d->size--; } -/* Pops a front element of this cicrular deque object and returns its value. +/* Pops a front element of this circular deque object and returns its value. * This function performs bounds checking. */ static int cdeque_pop_front(struct cdeque* d, void** value) { if(!d || !value) @@ -400,17 +401,17 @@ static int cdeque_pop_front(struct cdeque* d, void** v return CDE_OK; } -/* Convinience function to cast filter_info** to void **. */ +/* Convenience function to cast filter_info** to void **. */ static void** cdeque_filter_p(struct filter_info** f) { return (void**) (size_t) f; } -/* Convinience function to cast filter_info* to void *. */ +/* Convenience function to cast filter_info* to void *. */ static void* cdeque_filter(struct filter_info* f) { return (void**) (size_t) f; } -/* Destroys this circular deque object. Dellocates the memory of the collection +/* Destroys this circular deque object. Deallocates the memory of the collection * buffer, but doesn't deallocate the memory of any pointer passed to this * deque as a value. */ static void cdeque_free(struct cdeque* d) { @@ -434,7 +435,7 @@ static inline struct rar5* get_context(struct archive_ // TODO: make sure these functions return a little endian number -/* Convinience functions used by filter implementations. */ +/* Convenience functions used by filter implementations. */ static uint32_t read_filter_data(struct rar5* rar, uint32_t offset) { uint32_t* dptr = (uint32_t*) &rar->cstate.window_buf[offset]; @@ -672,7 +673,7 @@ static void push_data(struct archive_read* a, struct r } } -/* Convinience function that submits the data to the user. It uses the +/* Convenience function that submits the data to the user. It uses the * unpack window buffer as a source location. */ static void push_window_data(struct archive_read* a, struct rar5* rar, int64_t idx_begin, int64_t idx_end) @@ -753,7 +754,7 @@ static void free_filters(struct rar5* rar) { /* Free any remaining filters. All filters should be naturally consumed by * the unpacking function, so remaining filters after unpacking normally - * mean that unpacking wasn't successfull. But still of course we shouldn't + * mean that unpacking wasn't successful. But still of course we shouldn't * leak memory in such case. */ /* cdeque_size() is a fast operation, so we can use it as a loop @@ -885,7 +886,7 @@ static int read_var(struct archive_read* a, uint64_t* * it will not have the possibility to advance the file * pointer, because it will not know how many bytes it needs * to consume. This is why we handle such situation here - * autmatically. */ + * automatically. */ if(ARCHIVE_OK != consume(a, 1 + i)) { return 0; } @@ -918,7 +919,7 @@ static int read_var_sized(struct archive_read* a, size size_t* pvalue_len) { uint64_t v; - uint64_t v_size; + uint64_t v_size = 0; const int ret = pvalue_len ? read_var(a, &v, &v_size) @@ -1218,7 +1219,7 @@ static int process_head_file_extra(struct archive_read ssize_t extra_data_size) { size_t extra_field_size; - size_t extra_field_id; + size_t extra_field_id = 0; int ret = ARCHIVE_FATAL; size_t var_size; @@ -1288,7 +1289,7 @@ static int process_head_file(struct archive_read* a, s size_t host_os = 0; size_t name_size = 0; uint64_t unpacked_size; - uint32_t mtime = 0, crc; + uint32_t mtime = 0, crc = 0; int c_method = 0, c_version = 0, is_dir; char name_utf8_buf[2048 * 4]; const uint8_t* p; @@ -1522,7 +1523,7 @@ static int process_head_main(struct archive_read* a, s enum MAIN_FLAGS { VOLUME = 0x0001, /* multi-volume archive */ - VOLUME_NUMBER = 0x0002, /* volume number, first vol doesnt have it */ + VOLUME_NUMBER = 0x0002, /* volume number, first vol doesn't have it */ SOLID = 0x0004, /* solid archive */ PROTECT = 0x0008, /* contains Recovery info */ LOCK = 0x0010, /* readonly flag, not used */ @@ -1647,7 +1648,7 @@ static int process_base_block(struct archive_read* a, { struct rar5* rar = get_context(a); uint32_t hdr_crc, computed_crc; - size_t raw_hdr_size, hdr_size_len, hdr_size; + size_t raw_hdr_size = 0, hdr_size_len, hdr_size; size_t header_id = 0; size_t header_flags = 0; const uint8_t* p; @@ -2211,7 +2212,7 @@ static int parse_block_header(struct archive_read* a, return ARCHIVE_OK; } -/* Convinience function used during filter processing. */ +/* Convenience function used during filter processing. */ static int parse_filter_data(struct rar5* rar, const uint8_t* p, uint32_t* filter_data) { @@ -2685,6 +2686,12 @@ static int merge_block(struct archive_read* a, ssize_t cur_block_size = rar5_min(rar->file.bytes_remaining, block_size - partial_offset); + if(cur_block_size == 0) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Encountered block size == 0 during block merge"); + return ARCHIVE_FATAL; + } + if(!read_ahead(a, cur_block_size, &lp)) return ARCHIVE_EOF; @@ -3116,6 +3123,9 @@ static int do_unstore_file(struct archive_read* a, } size_t to_read = rar5_min(rar->file.bytes_remaining, 64 * 1024); + if(to_read == 0) { + return ARCHIVE_EOF; + } if(!read_ahead(a, to_read, &p)) { archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "I/O error " @@ -3186,7 +3196,7 @@ static int verify_checksums(struct archive_read* a) { * data and discarding the result). */ if(!rar->skip_mode) { - /* Always check checkums if we're not in skip mode */ + /* Always check checksums if we're not in skip mode */ verify_crc = 1; } else { /* We can override the logic above with a compile-time option @@ -3283,9 +3293,14 @@ static int rar5_read_data(struct archive_read *a, cons } ret = use_data(rar, buff, size, offset); - if(ret == ARCHIVE_OK) + if(ret == ARCHIVE_OK) { return ret; + } + if(rar->file.eof == 1) { + return ARCHIVE_EOF; + } + ret = do_unpack(a, rar, buff, size, offset); if(ret != ARCHIVE_OK) { return ret; @@ -3301,6 +3316,7 @@ static int rar5_read_data(struct archive_read *a, cons * value in the last `archive_read_data` call to signal an error * to the user. */ + rar->file.eof = 1; return verify_global_checksums(a); } Modified: vendor/libarchive/dist/libarchive/archive_windows.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_windows.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/libarchive/archive_windows.c Sat Nov 24 01:15:08 2018 (r340865) @@ -445,7 +445,8 @@ fileTimeToUTC(const FILETIME *filetime, time_t *t, lon * Windows' stat() does not accept the path added "\\?\" especially "?" * character. * It means we cannot access the long name path longer than MAX_PATH. - * So I've implemented simular Windows' stat() to access the long name path. + * So I've implemented a function similar to Windows' stat() to access the + * long name path. * And I've added some feature. * 1. set st_ino by nFileIndexHigh and nFileIndexLow of * BY_HANDLE_FILE_INFORMATION. Modified: vendor/libarchive/dist/libarchive/archive_write_set_format_iso9660.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_write_set_format_iso9660.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/libarchive/archive_write_set_format_iso9660.c Sat Nov 24 01:15:08 2018 (r340865) @@ -4899,10 +4899,10 @@ isofile_gen_utility_names(struct archive_write *a, str if (p[0] == '/') { if (p[1] == '/') /* Convert '//' --> '/' */ - strcpy(p, p+1); + memmove(p, p+1, strlen(p+1) + 1); else if (p[1] == '.' && p[2] == '/') /* Convert '/./' --> '/' */ - strcpy(p, p+2); + memmove(p, p+2, strlen(p+2) + 1); else if (p[1] == '.' && p[2] == '.' && p[3] == '/') { /* Convert 'dir/dir1/../dir2/' * --> 'dir/dir2/' Modified: vendor/libarchive/dist/libarchive/archive_write_set_format_mtree.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_write_set_format_mtree.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/libarchive/archive_write_set_format_mtree.c Sat Nov 24 01:15:08 2018 (r340865) @@ -1810,10 +1810,10 @@ mtree_entry_setup_filenames(struct archive_write *a, s if (p[0] == '/') { if (p[1] == '/') /* Convert '//' --> '/' */ - strcpy(p, p+1); + memmove(p, p+1, strlen(p+1) + 1); else if (p[1] == '.' && p[2] == '/') /* Convert '/./' --> '/' */ - strcpy(p, p+2); + memmove(p, p+2, strlen(p+2) + 1); else if (p[1] == '.' && p[2] == '.' && p[3] == '/') { /* Convert 'dir/dir1/../dir2/' * --> 'dir/dir2/' Modified: vendor/libarchive/dist/libarchive/archive_write_set_format_pax.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_write_set_format_pax.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/libarchive/archive_write_set_format_pax.c Sat Nov 24 01:15:08 2018 (r340865) @@ -522,11 +522,13 @@ add_pax_acl(struct archive_write *a, ARCHIVE_ERRNO_FILE_FORMAT, "%s %s %s", "Can't translate ", attr, " to UTF-8"); return(ARCHIVE_WARN); - } else if (*p != '\0') { + } + + if (*p != '\0') { add_pax_attr(&(pax->pax_header), attr, p); - free(p); } + free(p); return(ARCHIVE_OK); } Modified: vendor/libarchive/dist/libarchive/archive_write_set_format_xar.c ============================================================================== --- vendor/libarchive/dist/libarchive/archive_write_set_format_xar.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/libarchive/archive_write_set_format_xar.c Sat Nov 24 01:15:08 2018 (r340865) @@ -2120,10 +2120,10 @@ file_gen_utility_names(struct archive_write *a, struct if (p[0] == '/') { if (p[1] == '/') /* Convert '//' --> '/' */ - strcpy(p, p+1); + memmove(p, p+1, strlen(p+1) + 1); else if (p[1] == '.' && p[2] == '/') /* Convert '/./' --> '/' */ - strcpy(p, p+2); + memmove(p, p+2, strlen(p+2) + 1); else if (p[1] == '.' && p[2] == '.' && p[3] == '/') { /* Convert 'dir/dir1/../dir2/' * --> 'dir/dir2/' @@ -3169,8 +3169,10 @@ save_xattrs(struct archive_write *a, struct file *file checksum_update(&(xar->a_sumwrk), xar->wbuff, size); if (write_to_temp(a, xar->wbuff, size) - != ARCHIVE_OK) + != ARCHIVE_OK) { + free(heap); return (ARCHIVE_FATAL); + } if (r == ARCHIVE_OK) { xar->stream.next_out = xar->wbuff; xar->stream.avail_out = sizeof(xar->wbuff); Modified: vendor/libarchive/dist/libarchive/test/test_fuzz.c ============================================================================== --- vendor/libarchive/dist/libarchive/test/test_fuzz.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/libarchive/test/test_fuzz.c Sat Nov 24 01:15:08 2018 (r340865) @@ -433,7 +433,7 @@ DEFINE_TEST(test_fuzz_tar) {0, fileset9}, /* Exercise lzo decompressor. */ #endif #if HAVE_ZSTD_H && HAVE_LIBZSTD - {0, fileset10}, /* Excercise zstd decompressor. */ + {0, fileset10}, /* Exercise zstd decompressor. */ #endif {1, NULL} }; Modified: vendor/libarchive/dist/libarchive/test/test_read_format_rar5.c ============================================================================== --- vendor/libarchive/dist/libarchive/test/test_read_format_rar5.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/libarchive/test/test_read_format_rar5.c Sat Nov 24 01:15:08 2018 (r340865) @@ -726,3 +726,44 @@ DEFINE_TEST(test_read_format_rar5_extract_win32) assertA(0 == extract_one(a, ae, 0x36A448FF)); EPILOGUE(); } + +DEFINE_TEST(test_read_format_rar5_block_by_block) +{ + /* This test uses strange buffer sizes intentionally. */ + + struct archive_entry *ae; + struct archive *a; + uint8_t buf[173]; + int bytes_read; + uint32_t computed_crc = 0; + + extract_reference_file("test_read_format_rar5_compressed.rar"); + assert((a = archive_read_new()) != NULL); + assertA(0 == archive_read_support_filter_all(a)); + assertA(0 == archive_read_support_format_all(a)); + assertA(0 == archive_read_open_filename(a, "test_read_format_rar5_compressed.rar", 130)); + assertA(0 == archive_read_next_header(a, &ae)); + assertEqualString("test.bin", archive_entry_pathname(ae)); + assertEqualInt(1200, archive_entry_size(ae)); + + /* File size is 1200 bytes, we're reading it using a buffer of 173 bytes. + * Libarchive is configured to use a buffer of 130 bytes. */ + + while(1) { + /* archive_read_data should return one of: + * a) 0, if there is no more data to be read, + * b) negative value, if there was an error, + * c) positive value, meaning how many bytes were read. + */ + + bytes_read = archive_read_data(a, buf, sizeof(buf)); + assertA(bytes_read >= 0); + if(bytes_read <= 0) + break; + + computed_crc = crc32(computed_crc, buf, bytes_read); + } + + assertEqualInt(computed_crc, 0x7CCA70CD); + EPILOGUE(); +} Modified: vendor/libarchive/dist/libarchive/test/test_write_disk_perms.c ============================================================================== --- vendor/libarchive/dist/libarchive/test/test_write_disk_perms.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/libarchive/test/test_write_disk_perms.c Sat Nov 24 01:15:08 2018 (r340865) @@ -203,7 +203,7 @@ DEFINE_TEST(test_write_disk_perms) failure("dir_overwrite_0744: st.st_mode=%o", st.st_mode); assertEqualInt(st.st_mode & 0777, 0744); - /* For dir, the owner should get left when not overwritting. */ + /* For dir, the owner should get left when not overwriting. */ assertMakeDir("dir_owner", 0744); if (getuid() == 0) { Modified: vendor/libarchive/dist/tar/write.c ============================================================================== --- vendor/libarchive/dist/tar/write.c Fri Nov 23 23:33:55 2018 (r340864) +++ vendor/libarchive/dist/tar/write.c Sat Nov 24 01:15:08 2018 (r340865) @@ -540,8 +540,7 @@ write_archive(struct archive *a, struct bsdtar *bsdtar lafe_warnc(archive_errno(disk), "%s", archive_error_string(disk)); bsdtar->return_value = 1; - archive_entry_free(entry); - continue; + goto next_entry; } /* @@ -557,15 +556,14 @@ write_archive(struct archive *a, struct bsdtar *bsdtar "%s", archive_error_string(disk)); if (r == ARCHIVE_FATAL) bsdtar->return_value = 1; - else - archive_read_close(disk); - archive_entry_free(entry); - continue; + archive_read_close(disk); + goto next_entry; } write_file(bsdtar, a, entry); - archive_entry_free(entry); archive_read_close(disk); +next_entry: + archive_entry_free(entry); entry = NULL; archive_entry_linkify(bsdtar->resolver, &entry, &sparse_entry); }