From owner-svn-src-all@freebsd.org Thu Nov 2 17:35:24 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65D95E5F369; Thu, 2 Nov 2017 17:35:24 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0F0F22506; Thu, 2 Nov 2017 17:35:23 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vA2HZN9o058945; Thu, 2 Nov 2017 17:35:23 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vA2HZJ6k058910; Thu, 2 Nov 2017 17:35:19 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201711021735.vA2HZJ6k058910@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Thu, 2 Nov 2017 17:35:19 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r325326 - in vendor-crypto/openssl/dist: . apps crypto crypto/asn1 crypto/bn crypto/bn/asm crypto/dh crypto/dsa crypto/ec crypto/ec/asm crypto/ecdh crypto/ecdsa crypto/err crypto/evp cr... X-SVN-Group: vendor-crypto X-SVN-Commit-Author: jkim X-SVN-Commit-Paths: in vendor-crypto/openssl/dist: . apps crypto crypto/asn1 crypto/bn crypto/bn/asm crypto/dh crypto/dsa crypto/ec crypto/ec/asm crypto/ecdh crypto/ecdsa crypto/err crypto/evp crypto/lhash crypto/ocsp cr... X-SVN-Commit-Revision: 325326 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Nov 2017 17:35:24 -0000 Author: jkim Date: Thu Nov 2 17:35:19 2017 New Revision: 325326 URL: https://svnweb.freebsd.org/changeset/base/325326 Log: Import OpenSSL 1.0.2m. Added: vendor-crypto/openssl/dist/crypto/asn1/asn1_int.h (contents, props changed) vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_meth_new.pod vendor-crypto/openssl/dist/doc/crypto/X509_check_private_key.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tlsext_servername_callback.pod vendor-crypto/openssl/dist/doc/ssl/SSL_export_keying_material.pod Deleted: vendor-crypto/openssl/dist/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod Modified: vendor-crypto/openssl/dist/CHANGES vendor-crypto/openssl/dist/FREEBSD-upgrade vendor-crypto/openssl/dist/INSTALL vendor-crypto/openssl/dist/Makefile vendor-crypto/openssl/dist/NEWS vendor-crypto/openssl/dist/README vendor-crypto/openssl/dist/apps/ca.c vendor-crypto/openssl/dist/apps/s_client.c vendor-crypto/openssl/dist/apps/s_server.c vendor-crypto/openssl/dist/apps/speed.c vendor-crypto/openssl/dist/apps/spkac.c vendor-crypto/openssl/dist/apps/srp.c vendor-crypto/openssl/dist/apps/tsget vendor-crypto/openssl/dist/crypto/asn1/Makefile vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c vendor-crypto/openssl/dist/crypto/asn1/x_name.c vendor-crypto/openssl/dist/crypto/asn1/x_pkey.c vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl vendor-crypto/openssl/dist/crypto/bn/bn_exp.c vendor-crypto/openssl/dist/crypto/bn/bn_lib.c vendor-crypto/openssl/dist/crypto/bn/bn_mont.c vendor-crypto/openssl/dist/crypto/bn/bn_mul.c vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c vendor-crypto/openssl/dist/crypto/cryptlib.c vendor-crypto/openssl/dist/crypto/dh/Makefile vendor-crypto/openssl/dist/crypto/dh/dh.h vendor-crypto/openssl/dist/crypto/dh/dh_kdf.c vendor-crypto/openssl/dist/crypto/dh/dh_pmeth.c vendor-crypto/openssl/dist/crypto/dsa/dsa_ameth.c vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c vendor-crypto/openssl/dist/crypto/ec/asm/ecp_nistz256-x86_64.pl vendor-crypto/openssl/dist/crypto/ec/ecp_mont.c vendor-crypto/openssl/dist/crypto/ec/ecp_nistp224.c vendor-crypto/openssl/dist/crypto/ec/ecp_nistp256.c vendor-crypto/openssl/dist/crypto/ec/ecp_nistp521.c vendor-crypto/openssl/dist/crypto/ecdh/ech_lib.c vendor-crypto/openssl/dist/crypto/ecdsa/ecs_lib.c vendor-crypto/openssl/dist/crypto/ecdsa/ecs_ossl.c vendor-crypto/openssl/dist/crypto/err/err.c vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha256.c vendor-crypto/openssl/dist/crypto/evp/evp.h vendor-crypto/openssl/dist/crypto/evp/evp_key.c vendor-crypto/openssl/dist/crypto/evp/pmeth_lib.c vendor-crypto/openssl/dist/crypto/ex_data.c vendor-crypto/openssl/dist/crypto/lhash/lhash.c vendor-crypto/openssl/dist/crypto/ocsp/ocsp_vfy.c vendor-crypto/openssl/dist/crypto/opensslv.h vendor-crypto/openssl/dist/crypto/pem/pem_lib.c vendor-crypto/openssl/dist/crypto/pem/pem_pk8.c vendor-crypto/openssl/dist/crypto/pem/pem_pkey.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_kiss.c vendor-crypto/openssl/dist/crypto/rsa/rsa_ameth.c vendor-crypto/openssl/dist/crypto/rsa/rsa_oaep.c vendor-crypto/openssl/dist/crypto/rsa/rsa_pk1.c vendor-crypto/openssl/dist/crypto/rsa/rsa_pmeth.c vendor-crypto/openssl/dist/crypto/ui/ui_lib.c vendor-crypto/openssl/dist/crypto/whrlpool/wp_dgst.c vendor-crypto/openssl/dist/crypto/x509/by_dir.c vendor-crypto/openssl/dist/crypto/x509/by_file.c vendor-crypto/openssl/dist/crypto/x509v3/pcy_tree.c vendor-crypto/openssl/dist/crypto/x509v3/v3_addr.c vendor-crypto/openssl/dist/crypto/x509v3/v3_genn.c vendor-crypto/openssl/dist/crypto/x509v3/v3_ncons.c vendor-crypto/openssl/dist/crypto/x86_64cpuid.pl vendor-crypto/openssl/dist/doc/apps/asn1parse.pod vendor-crypto/openssl/dist/doc/apps/ca.pod vendor-crypto/openssl/dist/doc/apps/ciphers.pod vendor-crypto/openssl/dist/doc/apps/cms.pod vendor-crypto/openssl/dist/doc/apps/crl.pod vendor-crypto/openssl/dist/doc/apps/crl2pkcs7.pod vendor-crypto/openssl/dist/doc/apps/dgst.pod vendor-crypto/openssl/dist/doc/apps/dhparam.pod vendor-crypto/openssl/dist/doc/apps/dsa.pod vendor-crypto/openssl/dist/doc/apps/dsaparam.pod vendor-crypto/openssl/dist/doc/apps/ec.pod vendor-crypto/openssl/dist/doc/apps/ecparam.pod vendor-crypto/openssl/dist/doc/apps/enc.pod vendor-crypto/openssl/dist/doc/apps/errstr.pod vendor-crypto/openssl/dist/doc/apps/gendsa.pod vendor-crypto/openssl/dist/doc/apps/genpkey.pod vendor-crypto/openssl/dist/doc/apps/genrsa.pod vendor-crypto/openssl/dist/doc/apps/nseq.pod vendor-crypto/openssl/dist/doc/apps/ocsp.pod vendor-crypto/openssl/dist/doc/apps/passwd.pod vendor-crypto/openssl/dist/doc/apps/pkcs12.pod vendor-crypto/openssl/dist/doc/apps/pkcs7.pod vendor-crypto/openssl/dist/doc/apps/pkcs8.pod vendor-crypto/openssl/dist/doc/apps/pkey.pod vendor-crypto/openssl/dist/doc/apps/pkeyparam.pod vendor-crypto/openssl/dist/doc/apps/pkeyutl.pod vendor-crypto/openssl/dist/doc/apps/rand.pod vendor-crypto/openssl/dist/doc/apps/req.pod vendor-crypto/openssl/dist/doc/apps/rsa.pod vendor-crypto/openssl/dist/doc/apps/rsautl.pod vendor-crypto/openssl/dist/doc/apps/s_client.pod vendor-crypto/openssl/dist/doc/apps/s_server.pod vendor-crypto/openssl/dist/doc/apps/s_time.pod vendor-crypto/openssl/dist/doc/apps/sess_id.pod vendor-crypto/openssl/dist/doc/apps/smime.pod vendor-crypto/openssl/dist/doc/apps/speed.pod vendor-crypto/openssl/dist/doc/apps/spkac.pod vendor-crypto/openssl/dist/doc/apps/ts.pod vendor-crypto/openssl/dist/doc/apps/tsget.pod vendor-crypto/openssl/dist/doc/apps/verify.pod vendor-crypto/openssl/dist/doc/apps/version.pod vendor-crypto/openssl/dist/doc/apps/x509.pod vendor-crypto/openssl/dist/doc/crypto/BN_bn2bin.pod vendor-crypto/openssl/dist/doc/crypto/BN_new.pod vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod vendor-crypto/openssl/dist/doc/crypto/RSA_padding_add_PKCS1_type_1.pod vendor-crypto/openssl/dist/doc/crypto/RSA_public_encrypt.pod vendor-crypto/openssl/dist/doc/crypto/hmac.pod vendor-crypto/openssl/dist/doc/ssl/SSL_set_connect_state.pod vendor-crypto/openssl/dist/ssl/s23_clnt.c vendor-crypto/openssl/dist/ssl/s3_pkt.c vendor-crypto/openssl/dist/ssl/s3_srvr.c vendor-crypto/openssl/dist/ssl/ssl_ciph.c vendor-crypto/openssl/dist/ssl/ssl_lib.c vendor-crypto/openssl/dist/ssl/ssl_sess.c vendor-crypto/openssl/dist/ssl/ssltest.c vendor-crypto/openssl/dist/ssl/tls1.h vendor-crypto/openssl/dist/util/copy-if-different.pl vendor-crypto/openssl/dist/util/copy.pl vendor-crypto/openssl/dist/util/libeay.num vendor-crypto/openssl/dist/util/mk1mf.pl Modified: vendor-crypto/openssl/dist/CHANGES ============================================================================== --- vendor-crypto/openssl/dist/CHANGES Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/CHANGES Thu Nov 2 17:35:19 2017 (r325326) @@ -2,6 +2,44 @@ OpenSSL CHANGES _______________ + This is a high-level summary of the most important changes. + For a full list of changes, see the git commit log; for example, + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + + Changes between 1.0.2l and 1.0.2m [2 Nov 2017] + + *) bn_sqrx8x_internal carry bug on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. + + This only affects processors that support the BMI1, BMI2 and ADX extensions + like Intel Broadwell (5th generation) and later or AMD Ryzen. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3736) + [Andy Polyakov] + + *) Malformed X.509 IPAddressFamily could cause OOB read + + If an X.509 certificate has a malformed IPAddressFamily extension, + OpenSSL could do a one-byte buffer overread. The most likely result + would be an erroneous display of the certificate in text format. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3735) + [Rich Salz] + Changes between 1.0.2k and 1.0.2l [25 May 2017] *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target Modified: vendor-crypto/openssl/dist/FREEBSD-upgrade ============================================================================== --- vendor-crypto/openssl/dist/FREEBSD-upgrade Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/FREEBSD-upgrade Thu Nov 2 17:35:19 2017 (r325326) @@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/V # Xlist setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist setenv FSVN "svn+ssh://repo.freebsd.org/base" -setenv OSSLVER 1.0.2l -# OSSLTAG format: v1_0_2l +setenv OSSLVER 1.0.2m +# OSSLTAG format: v1_0_2m ###setenv OSSLTAG v`echo ${OSSLVER} | tr . _` Modified: vendor-crypto/openssl/dist/INSTALL ============================================================================== --- vendor-crypto/openssl/dist/INSTALL Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/INSTALL Thu Nov 2 17:35:19 2017 (r325326) @@ -190,10 +190,8 @@ the failure that isn't a problem in OpenSSL itself (like a missing or malfunctioning bc). If it is a problem with OpenSSL itself, try removing any compiler optimization flags from the CFLAG line - in Makefile.ssl and run "make clean; make". Please send a bug - report to , including the output of - "make report" in order to be added to the request tracker at - http://www.openssl.org/support/rt.html. + in Makefile.ssl and run "make clean; make". To report a bug please open an + issue on GitHub, at https://github.com/openssl/openssl/issues. 4. If everything tests ok, install OpenSSL with Modified: vendor-crypto/openssl/dist/Makefile ============================================================================== --- vendor-crypto/openssl/dist/Makefile Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/Makefile Thu Nov 2 17:35:19 2017 (r325326) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2l +VERSION=1.0.2m MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 Modified: vendor-crypto/openssl/dist/NEWS ============================================================================== --- vendor-crypto/openssl/dist/NEWS Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/NEWS Thu Nov 2 17:35:19 2017 (r325326) @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017] + + o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) + o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) + Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017] o config now recognises 64-bit mingw and chooses mingw64 instead of mingw Modified: vendor-crypto/openssl/dist/README ============================================================================== --- vendor-crypto/openssl/dist/README Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/README Thu Nov 2 17:35:19 2017 (r325326) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2l 25 May 2017 + OpenSSL 1.0.2m 2 Nov 2017 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: vendor-crypto/openssl/dist/apps/ca.c ============================================================================== --- vendor-crypto/openssl/dist/apps/ca.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/apps/ca.c Thu Nov 2 17:35:19 2017 (r325326) @@ -1985,10 +1985,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * /* Lets add the extensions, if there are any */ if (ext_sect) { X509V3_CTX ctx; - if (ci->version == NULL) - if ((ci->version = ASN1_INTEGER_new()) == NULL) - goto err; - ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */ /* * Free the current entries if any, there should not be any I believe @@ -2049,6 +2045,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 * BIO_printf(bio_err, "ERROR: adding extensions from request\n"); ERR_print_errors(bio_err); goto err; + } + + { + STACK_OF(X509_EXTENSION) *exts = ci->extensions; + + if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0) + /* Make it an X509 v3 certificate. */ + if (!X509_set_version(ret, 2)) + goto err; } /* Set the right value for the noemailDN option */ Modified: vendor-crypto/openssl/dist/apps/s_client.c ============================================================================== --- vendor-crypto/openssl/dist/apps/s_client.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/apps/s_client.c Thu Nov 2 17:35:19 2017 (r325326) @@ -1667,6 +1667,8 @@ int MAIN(int argc, char **argv) if (strstr(mbuf, "/stream:features>")) goto shut; seen = BIO_read(sbio, mbuf, BUFSIZZ); + if (seen <= 0) + goto shut; mbuf[seen] = 0; } BIO_printf(sbio, Modified: vendor-crypto/openssl/dist/apps/s_server.c ============================================================================== --- vendor-crypto/openssl/dist/apps/s_server.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/apps/s_server.c Thu Nov 2 17:35:19 2017 (r325326) @@ -3017,7 +3017,7 @@ static int www_body(char *hostname, int s, int stype, PEM_write_bio_X509(io, peer); } else BIO_puts(io, "no client certificate available\n"); - BIO_puts(io, "\r\n\r\n"); + BIO_puts(io, "\r\n\r\n"); break; } else if ((www == 2 || www == 3) && (strncmp("GET /", buf, 5) == 0)) { Modified: vendor-crypto/openssl/dist/apps/speed.c ============================================================================== --- vendor-crypto/openssl/dist/apps/speed.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/apps/speed.c Thu Nov 2 17:35:19 2017 (r325326) @@ -307,7 +307,8 @@ static SIGRETTYPE sig_done(int sig) # if !defined(SIGALRM) # define SIGALRM # endif -static unsigned int lapse, schlock; +static volatile unsigned int lapse; +static volatile unsigned int schlock; static void alarm_win32(unsigned int secs) { lapse = secs * 1000; @@ -725,6 +726,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "no EVP given\n"); goto end; } + evp_md = NULL; evp_cipher = EVP_get_cipherbyname(*argv); if (!evp_cipher) { evp_md = EVP_get_digestbyname(*argv); Modified: vendor-crypto/openssl/dist/apps/spkac.c ============================================================================== --- vendor-crypto/openssl/dist/apps/spkac.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/apps/spkac.c Thu Nov 2 17:35:19 2017 (r325326) @@ -5,7 +5,7 @@ * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2017 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -185,20 +185,23 @@ int MAIN(int argc, char **argv) } e = setup_engine(bio_err, engine, 0); - if (keyfile) { + if (keyfile != NULL) { pkey = load_key(bio_err, strcmp(keyfile, "-") ? keyfile : NULL, FORMAT_PEM, 1, passin, e, "private key"); - if (!pkey) { + if (pkey == NULL) goto end; - } spki = NETSCAPE_SPKI_new(); - if (challenge) + if (spki == NULL) + goto end; + if (challenge != NULL) ASN1_STRING_set(spki->spkac->challenge, challenge, (int)strlen(challenge)); NETSCAPE_SPKI_set_pubkey(spki, pkey); NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(spki); + if (spkstr == NULL) + goto end; if (outfile) out = BIO_new_file(outfile, "w"); @@ -253,7 +256,7 @@ int MAIN(int argc, char **argv) spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); - if (!spki) { + if (spki == NULL) { BIO_printf(bio_err, "Error loading SPKAC\n"); ERR_print_errors(bio_err); goto end; @@ -282,9 +285,9 @@ int MAIN(int argc, char **argv) pkey = NETSCAPE_SPKI_get_pubkey(spki); if (verify) { i = NETSCAPE_SPKI_verify(spki, pkey); - if (i > 0) + if (i > 0) { BIO_printf(bio_err, "Signature OK\n"); - else { + } else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); goto end; Modified: vendor-crypto/openssl/dist/apps/srp.c ============================================================================== --- vendor-crypto/openssl/dist/apps/srp.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/apps/srp.c Thu Nov 2 17:35:19 2017 (r325326) @@ -123,13 +123,14 @@ static int get_index(CA_DB *db, char *id, char type) int i; if (id == NULL) return -1; - if (type == DB_SRP_INDEX) + if (type == DB_SRP_INDEX) { for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id, pp[DB_srpid])) return i; - } else + } + } else { for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); @@ -137,6 +138,7 @@ static int get_index(CA_DB *db, char *id, char type) && !strcmp(id, pp[DB_srpid])) return i; } + } return -1; } @@ -177,8 +179,8 @@ static int update_index(CA_DB *db, BIO *bio, char **ro char **irow; int i; - if ((irow = - (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { + irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1)); + if (irow == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); return 0; } @@ -205,30 +207,32 @@ static char *srp_verify_user(const char *user, const c char *srp_usersalt, const char *g, const char *N, const char *passin, BIO *bio, int verbose) { - char password[1024]; + char password[1025]; PW_CB_DATA cb_tmp; char *verifier = NULL; char *gNid = NULL; + int len; cb_tmp.prompt_info = user; cb_tmp.password = passin; - if (password_callback(password, 1024, 0, &cb_tmp) > 0) { + len = password_callback(password, sizeof(password)-1, 0, &cb_tmp); + if (len > 0) { + password[len] = 0; VERBOSE BIO_printf(bio, "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, srp_verifier, srp_usersalt, g, N); - BIO_printf(bio, "Pass %s\n", password); + VVERBOSE BIO_printf(bio, "Pass %s\n", password); - if (! - (gNid = - SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, - g))) { + if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt, + &verifier, N, g))) { BIO_printf(bio, "Internal error validating SRP verifier\n"); } else { if (strcmp(verifier, srp_verifier)) gNid = NULL; OPENSSL_free(verifier); } + OPENSSL_cleanse(password, len); } return gNid; } @@ -237,24 +241,27 @@ static char *srp_create_user(char *user, char **srp_ve char **srp_usersalt, char *g, char *N, char *passout, BIO *bio, int verbose) { - char password[1024]; + char password[1025]; PW_CB_DATA cb_tmp; char *gNid = NULL; char *salt = NULL; + int len; cb_tmp.prompt_info = user; cb_tmp.password = passout; - if (password_callback(password, 1024, 1, &cb_tmp) > 0) { + len = password_callback(password, sizeof(password)-1, 1, &cb_tmp); + if (len > 0) { + password[len] = 0; VERBOSE BIO_printf(bio, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", user, g, N); - if (! - (gNid = - SRP_create_verifier(user, password, &salt, srp_verifier, N, - g))) { + if (!(gNid = SRP_create_verifier(user, password, &salt, + srp_verifier, N, g))) { BIO_printf(bio, "Internal error creating SRP verifier\n"); - } else + } else { *srp_usersalt = salt; + } + OPENSSL_cleanse(password, len); VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid, salt, *srp_verifier); @@ -314,9 +321,9 @@ int MAIN(int argc, char **argv) argc--; argv++; while (argc >= 1 && badops == 0) { - if (strcmp(*argv, "-verbose") == 0) + if (strcmp(*argv, "-verbose") == 0) { verbose++; - else if (strcmp(*argv, "-config") == 0) { + } else if (strcmp(*argv, "-config") == 0) { if (--argc < 1) goto bad; configfile = *(++argv); @@ -328,15 +335,15 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; dbfile = *(++argv); - } else if (strcmp(*argv, "-add") == 0) + } else if (strcmp(*argv, "-add") == 0) { add_user = 1; - else if (strcmp(*argv, "-delete") == 0) + } else if (strcmp(*argv, "-delete") == 0) { delete_user = 1; - else if (strcmp(*argv, "-modify") == 0) + } else if (strcmp(*argv, "-modify") == 0) { modify_user = 1; - else if (strcmp(*argv, "-list") == 0) + } else if (strcmp(*argv, "-list") == 0) { list_user = 1; - else if (strcmp(*argv, "-gn") == 0) { + } else if (strcmp(*argv, "-gn") == 0) { if (--argc < 1) goto bad; gN = *(++argv); @@ -366,8 +373,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "unknown option %s\n", *argv); badops = 1; break; - } else + } else { break; + } argc--; argv++; @@ -388,7 +396,7 @@ int MAIN(int argc, char **argv) "Need at least one user for options -add, -delete, -modify. \n"); badops = 1; } - if ((passin || passout) && argc != 1) { + if ((passargin || passargout) && argc != 1) { BIO_printf(bio_err, "-passin, -passout arguments only valid with one user.\n"); badops = 1; @@ -706,9 +714,9 @@ int MAIN(int argc, char **argv) doupdatedb = 1; } } - if (--argc > 0) + if (--argc > 0) { user = *(argv++); - else { + } else { user = NULL; list_user = 0; } Modified: vendor-crypto/openssl/dist/apps/tsget ============================================================================== --- vendor-crypto/openssl/dist/apps/tsget Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/apps/tsget Thu Nov 2 17:35:19 2017 (r325326) @@ -193,4 +193,3 @@ REQUEST: foreach (@ARGV) { STDERR->printflush(", $output written.\n") if $options{v}; } $curl->cleanup(); -WWW::Curl::Easy::global_cleanup(); Modified: vendor-crypto/openssl/dist/crypto/asn1/Makefile ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/Makefile Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/asn1/Makefile Thu Nov 2 17:35:19 2017 (r325326) @@ -680,7 +680,7 @@ tasn_fre.o: ../../include/openssl/e_os2.h ../../includ tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c +tasn_fre.o: ../../include/openssl/symhacks.h asn1_int.h tasn_fre.c tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -688,7 +688,7 @@ tasn_new.o: ../../include/openssl/lhash.h ../../includ tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c +tasn_new.o: ../../include/openssl/symhacks.h asn1_int.h tasn_new.c tasn_prn.o: ../../e_os.h ../../include/openssl/asn1.h tasn_prn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h tasn_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h Modified: vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c Thu Nov 2 17:35:19 2017 (r325326) @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include "cryptlib.h" #include @@ -133,6 +134,11 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING * if (len < 1) { i = ASN1_R_STRING_TOO_SHORT; + goto err; + } + + if (len > INT_MAX) { + i = ASN1_R_STRING_TOO_LONG; goto err; } Added: vendor-crypto/openssl/dist/crypto/asn1/asn1_int.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor-crypto/openssl/dist/crypto/asn1/asn1_int.h Thu Nov 2 17:35:19 2017 (r325326) @@ -0,0 +1,63 @@ +/* asn1t.h */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Internal ASN1 template structures and functions: not for application use */ + +void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + int combine); Modified: vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c Thu Nov 2 17:35:19 2017 (r325326) @@ -61,10 +61,8 @@ #include #include #include +#include "asn1_int.h" -static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - int combine); - /* Free up an ASN1 structure */ void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) @@ -77,8 +75,7 @@ void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_I asn1_item_combine_free(pval, it, 0); } -static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, - int combine) +void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) { const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_EXTERN_FUNCS *ef; Modified: vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c Thu Nov 2 17:35:19 2017 (r325326) @@ -63,6 +63,7 @@ #include #include #include +#include "asn1_int.h" static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); @@ -199,7 +200,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, return 1; memerr2: - ASN1_item_ex_free(pval, it); + asn1_item_combine_free(pval, it, combine); memerr: ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); #ifdef CRYPTO_MDEBUG @@ -209,7 +210,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, return 0; auxerr2: - ASN1_item_ex_free(pval, it); + asn1_item_combine_free(pval, it, combine); auxerr: ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); #ifdef CRYPTO_MDEBUG Modified: vendor-crypto/openssl/dist/crypto/asn1/x_name.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/x_name.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/asn1/x_name.c Thu Nov 2 17:35:19 2017 (r325326) @@ -523,19 +523,11 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { - X509_NAME *in; - - if (!xn || !name) - return (0); - - if (*xn != name) { - in = X509_NAME_dup(name); - if (in != NULL) { - X509_NAME_free(*xn); - *xn = in; - } - } - return (*xn != NULL); + if ((name = X509_NAME_dup(name)) == NULL) + return 0; + X509_NAME_free(*xn); + *xn = name; + return 1; } IMPLEMENT_STACK_OF(X509_NAME_ENTRY) Modified: vendor-crypto/openssl/dist/crypto/asn1/x_pkey.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/asn1/x_pkey.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/asn1/x_pkey.c Thu Nov 2 17:35:19 2017 (r325326) @@ -106,10 +106,14 @@ X509_PKEY *X509_PKEY_new(void) X509_PKEY *ret = NULL; ASN1_CTX c; - M_ASN1_New_Malloc(ret, X509_PKEY); + ret = OPENSSL_malloc(sizeof(X509_PKEY)); + if (ret == NULL) { + c.line = __LINE__; + goto err; + } ret->version = 0; - M_ASN1_New(ret->enc_algor, X509_ALGOR_new); - M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new); + ret->enc_algor = X509_ALGOR_new(); + ret->enc_pkey = M_ASN1_OCTET_STRING_new(); ret->dec_pkey = NULL; ret->key_length = 0; ret->key_data = NULL; @@ -117,8 +121,15 @@ X509_PKEY *X509_PKEY_new(void) ret->cipher.cipher = NULL; memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); ret->references = 1; - return (ret); - M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); + if (ret->enc_algor == NULL || ret->enc_pkey == NULL) { + c.line = __LINE__; + goto err; + } + return ret; +err: + X509_PKEY_free(ret); + ASN1_MAC_H_err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE, c.line); + return NULL; } void X509_PKEY_free(X509_PKEY *x) Modified: vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl Thu Nov 2 17:35:19 2017 (r325326) @@ -3090,11 +3090,19 @@ $code.=<<___; .align 32 .Lsqrx8x_break: - sub 16+8(%rsp),%r8 # consume last carry + xor $zero,$zero + sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf + adcx $zero,%r8 mov 24+8(%rsp),$carry # initial $tptr, borrow $carry + adcx $zero,%r9 mov 0*8($aptr),%rdx # a[8], modulo-scheduled - xor %ebp,%ebp # xor $zero,$zero + adc \$0,%r10 mov %r8,0*8($tptr) + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 cmp $carry,$tptr # cf=0, of=0 je .Lsqrx8x_outer_loop Modified: vendor-crypto/openssl/dist/crypto/bn/bn_exp.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_exp.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/bn/bn_exp.c Thu Nov 2 17:35:19 2017 (r325326) @@ -145,7 +145,8 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p int i, bits, ret = 0; BIGNUM *v, *rr; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; @@ -245,7 +246,9 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNU if (BN_is_odd(m)) { # ifdef MONT_EXP_WORD if (a->top == 1 && !a->neg - && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) { + && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0) + && (BN_get_flags(a, BN_FLG_CONSTTIME) == 0) + && (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) { BN_ULONG A = a->d[0]; ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL); } else @@ -277,7 +280,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *val[TABLE_SIZE]; BN_RECP_CTX recp; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; @@ -411,7 +416,9 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *val[TABLE_SIZE]; BN_MONT_CTX *mont = NULL; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); } @@ -1217,7 +1224,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; @@ -1348,7 +1356,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, cons /* Table of variables obtained from 'ctx' */ BIGNUM *val[TABLE_SIZE]; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; Modified: vendor-crypto/openssl/dist/crypto/bn/bn_lib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/bn/bn_lib.c Thu Nov 2 17:35:19 2017 (r325326) @@ -524,6 +524,9 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); #endif + if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0) + BN_set_flags(a, BN_FLG_CONSTTIME); + a->top = b->top; a->neg = b->neg; bn_check_top(a); Modified: vendor-crypto/openssl/dist/crypto/bn/bn_mont.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_mont.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/bn/bn_mont.c Thu Nov 2 17:35:19 2017 (r325326) @@ -394,6 +394,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m tmod.dmax = 2; tmod.neg = 0; + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(&tmod, BN_FLG_CONSTTIME); + mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; # if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) Modified: vendor-crypto/openssl/dist/crypto/bn/bn_mul.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_mul.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/bn/bn_mul.c Thu Nov 2 17:35:19 2017 (r325326) @@ -1032,46 +1032,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b rr->top = top; goto end; } -# if 0 - if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) { - BIGNUM *tmp_bn = (BIGNUM *)b; - if (bn_wexpand(tmp_bn, al) == NULL) - goto err; - tmp_bn->d[bl] = 0; - bl++; - i--; - } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { - BIGNUM *tmp_bn = (BIGNUM *)a; - if (bn_wexpand(tmp_bn, bl) == NULL) - goto err; - tmp_bn->d[al] = 0; - al++; - i++; - } - if (i == 0) { - /* symmetric and > 4 */ - /* 16 or larger */ - j = BN_num_bits_word((BN_ULONG)al); - j = 1 << (j - 1); - k = j + j; - t = BN_CTX_get(ctx); - if (al == j) { /* exact multiple */ - if (bn_wexpand(t, k * 2) == NULL) - goto err; - if (bn_wexpand(rr, k * 2) == NULL) - goto err; - bn_mul_recursive(rr->d, a->d, b->d, al, t->d); - } else { - if (bn_wexpand(t, k * 4) == NULL) - goto err; - if (bn_wexpand(rr, k * 4) == NULL) - goto err; - bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d); - } - rr->top = top; - goto end; - } -# endif } #endif /* BN_RECURSION */ if (bn_wexpand(rr, top) == NULL) Modified: vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c Thu Nov 2 17:35:19 2017 (r325326) @@ -217,6 +217,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int n BN_CTX_start(ctx); t = BN_CTX_get(ctx); + if (t == NULL) + goto err; for (i = 0; i < 1000; i++) { if (!BN_rand(Xq, nbits, 1, 0)) @@ -255,10 +257,12 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, B int ret = 0; BN_CTX_start(ctx); - if (!Xp1) + if (Xp1 == NULL) Xp1 = BN_CTX_get(ctx); - if (!Xp2) + if (Xp2 == NULL) Xp2 = BN_CTX_get(ctx); + if (Xp1 == NULL || Xp2 == NULL) + goto error; if (!BN_rand(Xp1, 101, 0, 0)) goto error; Modified: vendor-crypto/openssl/dist/crypto/cryptlib.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/cryptlib.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/cryptlib.c Thu Nov 2 17:35:19 2017 (r325326) @@ -469,11 +469,18 @@ void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, } } +#ifdef OPENSSL_FIPS +extern int FIPS_crypto_threadid_set_callback(void (*func) (CRYPTO_THREADID *)); +#endif + int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *)) { if (threadid_callback) return 0; threadid_callback = func; +#ifdef OPENSSL_FIPS + FIPS_crypto_threadid_set_callback(func); +#endif return 1; } Modified: vendor-crypto/openssl/dist/crypto/dh/Makefile ============================================================================== --- vendor-crypto/openssl/dist/crypto/dh/Makefile Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/dh/Makefile Thu Nov 2 17:35:19 2017 (r325326) @@ -134,7 +134,7 @@ dh_gen.o: ../../include/openssl/opensslconf.h ../../in dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dh_gen.o: ../cryptlib.h dh_gen.c -dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +dh_kdf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_kdf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h Modified: vendor-crypto/openssl/dist/crypto/dh/dh.h ============================================================================== --- vendor-crypto/openssl/dist/crypto/dh/dh.h Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/dh/dh.h Thu Nov 2 17:35:19 2017 (r325326) @@ -257,11 +257,13 @@ DH *DH_get_1024_160(void); DH *DH_get_2048_224(void); DH *DH_get_2048_256(void); +# ifndef OPENSSL_NO_CMS /* RFC2631 KDF */ int DH_KDF_X9_42(unsigned char *out, size_t outlen, const unsigned char *Z, size_t Zlen, ASN1_OBJECT *key_oid, const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); +# endif # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ Modified: vendor-crypto/openssl/dist/crypto/dh/dh_kdf.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/dh/dh_kdf.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/dh/dh_kdf.c Thu Nov 2 17:35:19 2017 (r325326) @@ -51,6 +51,9 @@ * ==================================================================== */ +#include + +#ifndef OPENSSL_NO_CMS #include #include #include @@ -185,3 +188,4 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, EVP_MD_CTX_cleanup(&mctx); return rv; } +#endif Modified: vendor-crypto/openssl/dist/crypto/dh/dh_pmeth.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/dh/dh_pmeth.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/dh/dh_pmeth.c Thu Nov 2 17:35:19 2017 (r325326) @@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, i case EVP_PKEY_CTRL_DH_KDF_TYPE: if (p1 == -2) return dctx->kdf_type; +#ifdef OPENSSL_NO_CMS + if (p1 != EVP_PKEY_DH_KDF_NONE) +#else if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) +#endif return -2; dctx->kdf_type = p1; return 1; @@ -448,7 +452,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned return ret; *keylen = ret; return 1; - } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { + } +#ifndef OPENSSL_NO_CMS + else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { unsigned char *Z = NULL; size_t Zlen = 0; if (!dctx->kdf_outlen || !dctx->kdf_oid) @@ -479,6 +485,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned } return ret; } +#endif return 1; } Modified: vendor-crypto/openssl/dist/crypto/dsa/dsa_ameth.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/dsa/dsa_ameth.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/dsa/dsa_ameth.c Thu Nov 2 17:35:19 2017 (r325326) @@ -258,6 +258,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_ goto dsaerr; } + BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME); if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); goto dsaerr; Modified: vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c Thu Nov 2 17:35:19 2017 (r325326) @@ -482,6 +482,8 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N } else { p = BN_CTX_get(ctx); q = BN_CTX_get(ctx); + if (q == NULL) + goto err; } if (!BN_lshift(test, BN_value_one(), L - 1)) Modified: vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c ============================================================================== --- vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c Thu Nov 2 15:40:19 2017 (r325325) +++ vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c Thu Nov 2 17:35:19 2017 (r325326) @@ -224,7 +224,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BI { BN_CTX *ctx; BIGNUM k, kq, *K, *kinv = NULL, *r = NULL; + BIGNUM l, m; int ret = 0; + int q_bits; if (!dsa->p || !dsa->q || !dsa->g) { DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); @@ -233,6 +235,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BI BN_init(&k); BN_init(&kq); + BN_init(&l); + BN_init(&m); if (ctx_in == NULL) { if ((ctx = BN_CTX_new()) == NULL) @@ -243,6 +247,13 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BI if ((r = BN_new()) == NULL) goto err; + /* Preallocate space */ + q_bits = BN_num_bits(dsa->q); + if (!BN_set_bit(&k, q_bits) + || !BN_set_bit(&l, q_bits) + || !BN_set_bit(&m, q_bits)) + goto err; + /* Get random k */ do if (!BN_rand_range(&k, dsa->q)) @@ -263,25 +274,24 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BI /* Compute r = (g^k mod p) mod q */ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { - if (!BN_copy(&kq, &k)) - goto err; - *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***