diff options
author | Dariusz Michaluk <d.michaluk@samsung.com> | 2018-05-09 13:32:57 +0200 |
---|---|---|
committer | Dariusz Michaluk <d.michaluk@samsung.com> | 2018-05-09 13:32:57 +0200 |
commit | 6e3d29609234c63db2e97ae09681c31f3e710b18 (patch) | |
tree | cd260eee5d59a3a657dcdb2ff58acdc333a4a259 | |
parent | 452b9ebcc5c6e26bd6b9f9cb3f339d3f268c4078 (diff) | |
download | openssl-6e3d29609234c63db2e97ae09681c31f3e710b18.tar.gz openssl-6e3d29609234c63db2e97ae09681c31f3e710b18.tar.bz2 openssl-6e3d29609234c63db2e97ae09681c31f3e710b18.zip |
Imported Upstream version 1.0.2oupstream/1.0.2o
173 files changed, 1106 insertions, 948 deletions
@@ -7,6 +7,21 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.0.2n and 1.0.2o [27 Mar 2018] + + *) Constructed ASN.1 types with a recursive definition could exceed the stack + + Constructed ASN.1 types with a recursive definition (such as can be found + in PKCS7) could eventually exceed the stack given malicious input with + excessive recursion. This could result in a Denial Of Service attack. There + are no such structures used within SSL/TLS that come from untrusted sources + so this is considered safe. + + This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz + project. + (CVE-2018-0739) + [Matt Caswell] + Changes between 1.0.2m and 1.0.2n [7 Dec 2017] *) Read/write after SSL object in error state @@ -2012,8 +2027,11 @@ to work with OPENSSL_NO_SSL_INTERN defined. [Steve Henson] - *) Add SRP support. - [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] + *) A long standing patch to add support for SRP from EdelWeb (Peter + Sylvester and Christophe Renou) was integrated. + [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester + <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and + Ben Laurie] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] @@ -354,7 +354,7 @@ my %table=( "hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### HP MPE/iX http://jazz.external.hp.com/src/openssl/ -"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +"MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", # DEC Alpha OSF/1/Tru64 targets. # @@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } else { $lflags=$prelflags; undef $prelflags; } -if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) +if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) { $cflags =~ s/\-mno\-cygwin\s*//; $shared_ldflag =~ s/\-mno\-cygwin\s*//; @@ -1661,18 +1661,25 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) $shlib_minor=$2; } -my $ecc = $cc; -$ecc = "clang" if `$cc --version 2>&1` =~ /clang/; +my %predefined; + +# collect compiler pre-defines from gcc or gcc-alike... +open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |"); +while (<PIPE>) { + m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last; + $predefined{$1} = defined($2) ? $2 : ""; +} +close(PIPE); if ($strict_warnings) { my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__}); foreach $wopt (split /\s+/, $gcc_devteam_warn) { $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } - if ($ecc eq "clang") + if (defined($predefined{__clang__})) { foreach $wopt (split /\s+/, $clang_devteam_warn) { @@ -1723,15 +1730,14 @@ while (<IN>) s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3; } else { s/^CC=.*$/CC= $cc/; s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; s/^RC=.*/RC= $windres/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang"; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/MacOS/Randomizer.cpp b/MacOS/Randomizer.cpp index cceb6bd..52dc884 100644 --- a/MacOS/Randomizer.cpp +++ b/MacOS/Randomizer.cpp @@ -266,7 +266,7 @@ void CRandomizer::AddCurrentMouse (void) if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 && labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2) - AddBytes (&mouseLoc, sizeof (mouseLoc), + AddBytes (&mouseLoc, sizeof(mouseLoc), kMousePositionEntropy); if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v) @@ -286,7 +286,7 @@ void CRandomizer::AddCurrentMouse (void) (kTypicalMouseIdleTicks/(double)lastCheck); if (entropy < 0.0) entropy = 0.0; - AddBytes (&mMouseStill, sizeof (mMouseStill), entropy); + AddBytes (&mMouseStill, sizeof(mMouseStill), entropy); mMouseStill = 0; } mLastMouse = mouseLoc; @@ -299,7 +299,7 @@ void CRandomizer::AddAbsoluteSystemStartupTime (void) GetDateTime (&now); now -= TickCount() / 60; // Time in ticks since machine // startup - AddBytes (&now, sizeof (now), kSysStartupEntropy); + AddBytes (&now, sizeof(now), kSysStartupEntropy); } void CRandomizer::AddTimeSinceMachineStartup (void) @@ -314,7 +314,7 @@ void CRandomizer::AddAppRunningTime (void) ProcessSerialNumber PSN; ProcessInfoRec ProcessInfo; - ProcessInfo.processInfoLength = sizeof (ProcessInfoRec); + ProcessInfo.processInfoLength = sizeof(ProcessInfoRec); ProcessInfo.processName = nil; ProcessInfo.processAppSpec = nil; @@ -324,7 +324,7 @@ void CRandomizer::AddAppRunningTime (void) // Now add the amount of time in ticks that the current process // has been active - AddBytes (&ProcessInfo, sizeof (ProcessInfoRec), + AddBytes (&ProcessInfo, sizeof(ProcessInfoRec), kApplicationUpTimeEntropy); } @@ -353,7 +353,7 @@ void CRandomizer::AddStartupVolumeInfo (void) // unpredictable, so might as well toss the whole block in. See // comments for entropy estimate justifications. - AddBytes (&pb, sizeof (pb), + AddBytes (&pb, sizeof(pb), kVolumeBytesEntropy + log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi) * 4294967296.0D + @@ -419,7 +419,7 @@ void CRandomizer::AddBytes (void *data, long size, double entropy) void CRandomizer::AddNow (double millisecondUncertainty) { long time = SysTimer(); - AddBytes (&time, sizeof (time), log2l (millisecondUncertainty * + AddBytes (&time, sizeof(time), log2l (millisecondUncertainty * mTimebaseTicksPerMillisec)); } @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2n +VERSION=1.0.2o MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -73,7 +73,7 @@ NM= nm PERL= /usr/bin/perl TAR= tar TARFLAGS= --no-recursion -MAKEDEPPROG=makedepend +MAKEDEPPROG= cc LIBDIR=lib # We let the C compiler driver to take care of .s files. This is done in diff --git a/Makefile.bak b/Makefile.bak index e766d35..1920c3c 100644 --- a/Makefile.bak +++ b/Makefile.bak @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2n +VERSION=1.0.2o MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] + + o Constructed ASN.1 types with a recursive definition could exceed the + stack (CVE-2018-0739) + Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] o Read/write after SSL object in error state (CVE-2017-3737) @@ -1,5 +1,5 @@ - OpenSSL 1.0.2n 7 Dec 2017 + OpenSSL 1.0.2o 27 Mar 2018 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/apps/app_rand.c b/apps/app_rand.c index 7f40bba..0bbf342 100644 --- a/apps/app_rand.c +++ b/apps/app_rand.c @@ -128,7 +128,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) #endif if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); + file = RAND_file_name(buffer, sizeof(buffer)); else if (RAND_egd(file) > 0) { /* * we try if the given filename is an EGD socket. if it is, we don't @@ -203,7 +203,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e) return 0; if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); + file = RAND_file_name(buffer, sizeof(buffer)); if (file == NULL || !RAND_write_file(file)) { BIO_printf(bio_e, "unable to write 'random state'\n"); return 0; diff --git a/apps/apps.c b/apps/apps.c index 29de1b7..c5a5152 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1738,9 +1738,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial, BUF_strlcpy(buf[0], serialfile, BSIZE); else { #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix); #endif } #ifdef RL_DEBUG @@ -1789,14 +1789,14 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", @@ -1877,9 +1877,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) goto err; #ifndef OPENSSL_SYS_VMS - BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); + BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile); #else - BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); + BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile); #endif dbattr_conf = NCONF_new(NULL); if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { @@ -1967,19 +1967,19 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db) goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile); #else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); @@ -2028,29 +2028,29 @@ int rotate_index(const char *dbfile, const char *new_suffix, goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); + j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile); #else - j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); + j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix); #else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix); #else - j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]); @@ -2604,7 +2604,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx) JPAKE_STEP3A_init(&s3a); JPAKE_STEP3A_generate(&s3a, ctx); - BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); + BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk)); (void)BIO_flush(bconn); JPAKE_STEP3A_release(&s3a); } @@ -2615,7 +2615,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx) JPAKE_STEP3B_init(&s3b); JPAKE_STEP3B_generate(&s3b, ctx); - BIO_write(bconn, s3b.hk, sizeof s3b.hk); + BIO_write(bconn, s3b.hk, sizeof(s3b.hk)); (void)BIO_flush(bconn); JPAKE_STEP3B_release(&s3b); } @@ -2625,7 +2625,7 @@ static void readbn(BIGNUM **bn, BIO *bconn) char buf[10240]; int l; - l = BIO_gets(bconn, buf, sizeof buf); + l = BIO_gets(bconn, buf, sizeof(buf)); assert(l > 0); assert(buf[l - 1] == '\n'); buf[l - 1] = '\0'; @@ -2672,8 +2672,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn) int l; JPAKE_STEP3A_init(&s3a); - l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); - assert(l == sizeof s3a.hhk); + l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk)); + assert(l == sizeof(s3a.hhk)); if (!JPAKE_STEP3A_process(ctx, &s3a)) { ERR_print_errors(bio_err); exit(1); @@ -2687,8 +2687,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn) int l; JPAKE_STEP3B_init(&s3b); - l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); - assert(l == sizeof s3b.hk); + l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk)); + assert(l == sizeof(s3b.hk)); if (!JPAKE_STEP3B_process(ctx, &s3b)) { ERR_print_errors(bio_err); exit(1); @@ -1628,8 +1628,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { - X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = - NULL; + X509_NAME *name = NULL, *CAname = NULL, *subject = NULL; ASN1_UTCTIME *tm, *tmptm; ASN1_STRING *str, *str2; ASN1_OBJECT *obj; @@ -1817,8 +1816,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (push != NULL) { if (!X509_NAME_add_entry(subject, push, -1, 0)) { - if (push != NULL) - X509_NAME_ENTRY_free(push); BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } @@ -1836,104 +1833,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto err; } - if (verbose) - BIO_printf(bio_err, - "The subject name appears to be ok, checking data base for clashes\n"); - - /* Build the correct Subject if no e-mail is wanted in the subject */ - /* - * and add it later on because of the method extensions are added - * (altName) - */ - - if (email_dn) - dn_subject = subject; - else { - X509_NAME_ENTRY *tmpne; - /* - * Its best to dup the subject DN and then delete any email addresses - * because this retains its structure. - */ - if (!(dn_subject = X509_NAME_dup(subject))) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto err; - } - while ((i = X509_NAME_get_index_by_NID(dn_subject, - NID_pkcs9_emailAddress, - -1)) >= 0) { - tmpne = X509_NAME_get_entry(dn_subject, i); - X509_NAME_delete_entry(dn_subject, i); - X509_NAME_ENTRY_free(tmpne); - } - } - - if (BN_is_zero(serial)) - row[DB_serial] = BUF_strdup("00"); - else - row[DB_serial] = BN_bn2hex(serial); - if (row[DB_serial] == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto err; - } - - if (db->attributes.unique_subject) { - OPENSSL_STRING *crow = row; - - rrow = TXT_DB_get_by_index(db->db, DB_name, crow); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:There is already a certificate for %s\n", - row[DB_name]); - } - } - if (rrow == NULL) { - rrow = TXT_DB_get_by_index(db->db, DB_serial, row); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:Serial number %s has already been issued,\n", - row[DB_serial]); - BIO_printf(bio_err, - " check the database/serial_file for corruption\n"); - } - } - - if (rrow != NULL) { - BIO_printf(bio_err, "The matching entry has the following details\n"); - if (rrow[DB_type][0] == 'E') - p = "Expired"; - else if (rrow[DB_type][0] == 'R') - p = "Revoked"; - else if (rrow[DB_type][0] == 'V') - p = "Valid"; - else - p = "\ninvalid type, Data base error\n"; - BIO_printf(bio_err, "Type :%s\n", p);; - if (rrow[DB_type][0] == 'R') { - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Was revoked on:%s\n", p); - } - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Expires on :%s\n", p); - p = rrow[DB_serial]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Serial Number :%s\n", p); - p = rrow[DB_file]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "File name :%s\n", p); - p = rrow[DB_name]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Subject Name :%s\n", p); - ok = -1; /* This is now a 'bad' error. */ - goto err; - } - /* We are now totally happy, lets make and sign the certificate */ if (verbose) BIO_printf(bio_err, @@ -2056,10 +1955,124 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto err; } - /* Set the right value for the noemailDN option */ - if (email_dn == 0) { - if (!X509_set_subject_name(ret, dn_subject)) + if (verbose) + BIO_printf(bio_err, + "The subject name appears to be ok, checking data base for clashes\n"); + + /* Build the correct Subject if no e-mail is wanted in the subject */ + + if (!email_dn) { + X509_NAME_ENTRY *tmpne; + X509_NAME *dn_subject; + + /* + * Its best to dup the subject DN and then delete any email addresses + * because this retains its structure. + */ + if (!(dn_subject = X509_NAME_dup(subject))) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + while ((i = X509_NAME_get_index_by_NID(dn_subject, + NID_pkcs9_emailAddress, + -1)) >= 0) { + tmpne = X509_NAME_get_entry(dn_subject, i); + X509_NAME_delete_entry(dn_subject, i); + X509_NAME_ENTRY_free(tmpne); + } + + if (!X509_set_subject_name(ret, dn_subject)) { + X509_NAME_free(dn_subject); + goto err; + } + X509_NAME_free(dn_subject); + } + + row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); + if (row[DB_name] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + + if (BN_is_zero(serial)) + row[DB_serial] = BUF_strdup("00"); + else + row[DB_serial] = BN_bn2hex(serial); + if (row[DB_serial] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + + if (row[DB_name][0] == '\0') { + /* + * An empty subject! We'll use the serial number instead. If + * unique_subject is in use then we don't want different entries with + * empty subjects matching each other. + */ + OPENSSL_free(row[DB_name]); + row[DB_name] = OPENSSL_strdup(row[DB_serial]); + if (row[DB_name] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); goto err; + } + } + + if (db->attributes.unique_subject) { + OPENSSL_STRING *crow = row; + + rrow = TXT_DB_get_by_index(db->db, DB_name, crow); + if (rrow != NULL) { + BIO_printf(bio_err, + "ERROR:There is already a certificate for %s\n", + row[DB_name]); + } + } + if (rrow == NULL) { + rrow = TXT_DB_get_by_index(db->db, DB_serial, row); + if (rrow != NULL) { + BIO_printf(bio_err, + "ERROR:Serial number %s has already been issued,\n", + row[DB_serial]); + BIO_printf(bio_err, + " check the database/serial_file for corruption\n"); + } + } + + if (rrow != NULL) { + BIO_printf(bio_err, "The matching entry has the following details\n"); + if (rrow[DB_type][0] == 'E') + p = "Expired"; + else if (rrow[DB_type][0] == 'R') + p = "Revoked"; + else if (rrow[DB_type][0] == 'V') + p = "Valid"; + else + p = "\ninvalid type, Data base error\n"; + BIO_printf(bio_err, "Type :%s\n", p);; + if (rrow[DB_type][0] == 'R') { + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Was revoked on:%s\n", p); + } + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Expires on :%s\n", p); + p = rrow[DB_serial]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Serial Number :%s\n", p); + p = rrow[DB_file]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "File name :%s\n", p); + p = rrow[DB_name]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Subject Name :%s\n", p); + ok = -1; /* This is now a 'bad' error. */ + goto err; } if (!default_op) { @@ -2110,10 +2123,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, row[DB_exp_date] = OPENSSL_malloc(tm->length + 1); row[DB_rev_date] = OPENSSL_malloc(1); row[DB_file] = OPENSSL_malloc(8); - row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || (row[DB_rev_date] == NULL) || - (row[DB_file] == NULL) || (row[DB_name] == NULL)) { + (row[DB_file] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } @@ -2143,18 +2155,16 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, irow = NULL; ok = 1; err: - if (irow != NULL) { + if (ok != 1) { for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); - OPENSSL_free(irow); } + OPENSSL_free(irow); if (CAname != NULL) X509_NAME_free(CAname); if (subject != NULL) X509_NAME_free(subject); - if ((dn_subject != NULL) && !email_dn) - X509_NAME_free(dn_subject); if (tmptm != NULL) ASN1_UTCTIME_free(tmptm); if (ok <= 0) { @@ -2357,6 +2367,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) else row[DB_serial] = BN_bn2hex(bn); BN_free(bn); + if (row[DB_name] != NULL && row[DB_name][0] == '\0') { + /* Entries with empty Subjects actually use the serial number instead */ + OPENSSL_free(row[DB_name]); + row[DB_name] = OPENSSL_strdup(row[DB_serial]); + } if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; diff --git a/apps/ciphers.c b/apps/ciphers.c index 66636d2..4856141 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -217,7 +217,7 @@ int MAIN(int argc, char **argv) BIO_printf(STDout, "%s - ", nm); } #endif - BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf)); + BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf))); } } @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -977,12 +977,16 @@ int MAIN(int argc, char **argv) signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, e, "signer certificate"); - if (!signer) + if (!signer) { + ret = 2; goto end; + } key = load_key(bio_err, keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) + if (!key) { + ret = 2; goto end; + } for (kparam = key_first; kparam; kparam = kparam->next) { if (kparam->idx == i) { tflags |= CMS_KEY_PARAM; diff --git a/apps/dgst.c b/apps/dgst.c index bc2601e..686fe34 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -145,7 +145,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0], pname, sizeof pname); + program_name(argv[0], pname, sizeof(pname)); md = EVP_get_digestbyname(pname); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index f2cf553..3a4a123 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -382,6 +382,9 @@ int MAIN(int argc, char **argv) printf("\treturn(dsa);\n\t}\n"); } + if (outformat == FORMAT_ASN1 && genkey) + noout = 1; + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_DSAparams_bio(out, dsa); diff --git a/apps/ecparam.c b/apps/ecparam.c index a9bf489..8d5b704 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -546,6 +546,9 @@ int MAIN(int argc, char **argv) BIO_printf(out, "\treturn(group);\n\t}\n"); } + if (outformat == FORMAT_ASN1 && genkey) + noout = 1; + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_ECPKParameters_bio(out, group); @@ -582,6 +585,9 @@ int MAIN(int argc, char **argv) if (EC_KEY_set_group(eckey, group) == 0) goto end; + if (new_form) + EC_KEY_set_conv_form(eckey, form); + if (!EC_KEY_generate_key(eckey)) { EC_KEY_free(eckey); goto end; @@ -114,7 +114,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { static const char magic[] = "Salted__"; - char mbuf[sizeof magic - 1]; + char mbuf[sizeof(magic) - 1]; char *strbuf = NULL; unsigned char *buff = NULL, *bufsize = NULL; int bsize = BSIZE, verbose = 0; @@ -154,7 +154,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0], pname, sizeof pname); + program_name(argv[0], pname, sizeof(pname)); if (strcmp(pname, "base64") == 0) base64 = 1; #ifdef ZLIB @@ -247,7 +247,7 @@ int MAIN(int argc, char **argv) goto bad; } buf[0] = '\0'; - if (!fgets(buf, sizeof buf, infile)) { + if (!fgets(buf, sizeof(buf), infile)) { BIO_printf(bio_err, "unable to read key from '%s'\n", file); goto bad; } @@ -432,7 +432,7 @@ int MAIN(int argc, char **argv) for (;;) { char buf[200]; - BIO_snprintf(buf, sizeof buf, "enter %s %s password:", + BIO_snprintf(buf, sizeof(buf), "enter %s %s password:", OBJ_nid2ln(EVP_CIPHER_nid(cipher)), (enc) ? "encryption" : "decryption"); strbuf[0] = '\0'; @@ -517,31 +517,31 @@ int MAIN(int argc, char **argv) else { if (enc) { if (hsalt) { - if (!set_hex(hsalt, salt, sizeof salt)) { + if (!set_hex(hsalt, salt, sizeof(salt))) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_bytes(salt, sizeof salt) <= 0) + } else if (RAND_bytes(salt, sizeof(salt)) <= 0) goto end; /* * If -P option then don't bother writing */ if ((printkey != 2) && (BIO_write(wbio, magic, - sizeof magic - 1) != sizeof magic - 1 + sizeof(magic) - 1) != sizeof(magic) - 1 || BIO_write(wbio, (char *)salt, - sizeof salt) != sizeof salt)) { + sizeof(salt)) != sizeof(salt))) { BIO_printf(bio_err, "error writing output file\n"); goto end; } - } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf + } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf) || BIO_read(rbio, (unsigned char *)salt, - sizeof salt) != sizeof salt) { + sizeof(salt)) != sizeof(salt)) { BIO_printf(bio_err, "error reading input file\n"); goto end; - } else if (memcmp(mbuf, magic, sizeof magic - 1)) { + } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) { BIO_printf(bio_err, "bad magic number\n"); goto end; } @@ -564,7 +564,7 @@ int MAIN(int argc, char **argv) int siz = EVP_CIPHER_iv_length(cipher); if (siz == 0) { BIO_printf(bio_err, "warning: iv not use by this cipher\n"); - } else if (!set_hex(hiv, iv, sizeof iv)) { + } else if (!set_hex(hiv, iv, sizeof(iv))) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; } diff --git a/apps/errstr.c b/apps/errstr.c index c2d4fde..c3fef61 100644 --- a/apps/errstr.c +++ b/apps/errstr.c @@ -108,7 +108,7 @@ int MAIN(int argc, char **argv) for (i = 1; i < argc; i++) { if (sscanf(argv[i], "%lx", &l)) { - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); printf("%s\n", buf); } else { printf("%s: bad error code\n", argv[i]); diff --git a/apps/ocsp.c b/apps/ocsp.c index 5da51df..654eebc 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1195,7 +1195,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *pcbio = cbio; for (;;) { - len = BIO_gets(cbio, inbuf, sizeof inbuf); + len = BIO_gets(cbio, inbuf, sizeof(inbuf)); if (len <= 0) return 1; /* Look for "POST" signalling start of query */ diff --git a/apps/openssl.c b/apps/openssl.c index 6873145..c3da5d6 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[]) prog = prog_init(); /* first check the program name */ - program_name(Argv[0], pname, sizeof pname); + program_name(Argv[0], pname, sizeof(pname)); f.name = pname; fp = lh_FUNCTION_retrieve(prog, &f); @@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[]) for (;;) { ret = 0; p = buf; - n = sizeof buf; + n = sizeof(buf); i = 0; for (;;) { p[0] = '\0'; @@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void) /* Purely so it looks nice when the user hits ? */ for (i = 0, f = functions; f->name != NULL; ++f, ++i) ; - qsort(functions, i, sizeof *functions, SortFnByName); + qsort(functions, i, sizeof(*functions), SortFnByName); if ((ret = lh_FUNCTION_new()) == NULL) return (NULL); diff --git a/apps/passwd.c b/apps/passwd.c index 798a6d5..56e10ad 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -252,7 +252,7 @@ int MAIN(int argc, char **argv) /* ignore rest of line */ char trash[BUFSIZ]; do - r = BIO_gets(in, trash, sizeof trash); + r = BIO_gets(in, trash, sizeof(trash)); while ((r > 0) && (!strchr(trash, '\n'))); } @@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); - for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - EVP_DigestUpdate(&md, buf, sizeof buf); + for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) + EVP_DigestUpdate(&md, buf, sizeof(buf)); EVP_DigestUpdate(&md, buf, i); n = passwd_len; @@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) for (i = 0; i < 1000; i++) { EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, - (i & 1) ? passwd_len : sizeof buf); + (i & 1) ? passwd_len : sizeof(buf)); if (i % 3) EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, - (i & 1) ? sizeof buf : passwd_len); + (i & 1) ? sizeof(buf) : passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); } EVP_MD_CTX_cleanup(&md2); @@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) { /* transform buf into output string */ - unsigned char buf_perm[sizeof buf]; + unsigned char buf_perm[sizeof(buf)]; int dest, source; char *output; @@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) buf_perm[15] = buf[11]; # ifndef PEDANTIC /* Unfortunately, this generates a "no * effect" warning */ - assert(16 == sizeof buf_perm); + assert(16 == sizeof(buf_perm)); # endif output = salt_out + salt_len; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index d0bd97a..0ba4c9a 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -481,7 +481,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("read MAC password"); # endif if (EVP_read_pw_string - (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { + (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } @@ -629,13 +629,13 @@ int MAIN(int argc, char **argv) # endif if (!noprompt && - EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", + EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:", 1)) { BIO_printf(bio_err, "Can't read Password\n"); goto export_end; } if (!twopass) - BUF_strlcpy(macpass, pass, sizeof macpass); + BUF_strlcpy(macpass, pass, sizeof(macpass)); # ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -698,7 +698,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("read import password"); # endif if (!noprompt - && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", + && EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:", 0)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; @@ -708,7 +708,7 @@ int MAIN(int argc, char **argv) # endif if (!twopass) - BUF_strlcpy(macpass, pass, sizeof macpass); + BUF_strlcpy(macpass, pass, sizeof(macpass)); if ((options & INFO) && p12->mac) BIO_printf(bio_err, "MAC Iteration %ld\n", diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 71e3168..d7f0720 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -277,7 +277,7 @@ int MAIN(int argc, char **argv) else { p8pass = pass; if (EVP_read_pw_string - (pass, sizeof pass, "Enter Encryption Password:", 1)) + (pass, sizeof(pass), "Enter Encryption Password:", 1)) goto end; } app_RAND_load_file(NULL, bio_err, 0); @@ -331,7 +331,7 @@ int MAIN(int argc, char **argv) p8pass = passin; else { p8pass = pass; - EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); + EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0); } p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); } diff --git a/apps/rand.c b/apps/rand.c index 96dcb72..eddb8af 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -198,7 +198,7 @@ int MAIN(int argc, char **argv) chunk = num; if (chunk > (int)sizeof(buf)) - chunk = sizeof buf; + chunk = sizeof(buf); r = RAND_bytes(buf, chunk); if (r <= 0) goto err; @@ -1193,7 +1193,7 @@ static int prompt_info(X509_REQ *req, /* If OBJ not recognised ignore it */ if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start; - if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name) + if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name) >= (int)sizeof(buf)) { BIO_printf(bio_err, "Name '%s' too long\n", v->name); return 0; @@ -1204,19 +1204,19 @@ static int prompt_info(X509_REQ *req, def = ""; } - BIO_snprintf(buf, sizeof buf, "%s_value", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_value", v->name); if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { ERR_clear_error(); value = NULL; } - BIO_snprintf(buf, sizeof buf, "%s_min", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_min", v->name); if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; } - BIO_snprintf(buf, sizeof buf, "%s_max", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_max", v->name); if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; @@ -1252,7 +1252,7 @@ static int prompt_info(X509_REQ *req, if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start2; - if (BIO_snprintf(buf, sizeof buf, "%s_default", type) + if (BIO_snprintf(buf, sizeof(buf), "%s_default", type) >= (int)sizeof(buf)) { BIO_printf(bio_err, "Name '%s' too long\n", v->name); return 0; @@ -1264,20 +1264,20 @@ static int prompt_info(X509_REQ *req, def = ""; } - BIO_snprintf(buf, sizeof buf, "%s_value", type); + BIO_snprintf(buf, sizeof(buf), "%s_value", type); if ((value = NCONF_get_string(req_conf, attr_sect, buf)) == NULL) { ERR_clear_error(); value = NULL; } - BIO_snprintf(buf, sizeof buf, "%s_min", type); + BIO_snprintf(buf, sizeof(buf), "%s_min", type); if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; } - BIO_snprintf(buf, sizeof buf, "%s_max", type); + BIO_snprintf(buf, sizeof(buf), "%s_max", type); if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; @@ -1372,13 +1372,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, BIO_printf(bio_err, "%s [%s]:", text, def); (void)BIO_flush(bio_err); if (value != NULL) { - BUF_strlcpy(buf, value, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, value, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; if (!batch) { - if (!fgets(buf, sizeof buf, stdin)) + if (!fgets(buf, sizeof(buf), stdin)) return 0; } else { buf[0] = '\n'; @@ -1391,8 +1391,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) return (1); - BUF_strlcpy(buf, def, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, def, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); } else if ((buf[0] == '.') && (buf[1] == '\n')) return (1); @@ -1431,13 +1431,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, BIO_printf(bio_err, "%s [%s]:", text, def); (void)BIO_flush(bio_err); if (value != NULL) { - BUF_strlcpy(buf, value, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, value, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; if (!batch) { - if (!fgets(buf, sizeof buf, stdin)) + if (!fgets(buf, sizeof(buf), stdin)) return 0; } else { buf[0] = '\n'; @@ -1450,8 +1450,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) return (1); - BUF_strlcpy(buf, def, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, def, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); } else if ((buf[0] == '.') && (buf[1] == '\n')) return (1); diff --git a/apps/s_client.c b/apps/s_client.c index 2a0ead7..c855668 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2166,10 +2166,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio, "---\nCertificate chain\n"); for (i = 0; i < sk_X509_num(sk); i++) { X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), - buf, sizeof buf); + buf, sizeof(buf)); BIO_printf(bio, "%2d s:%s\n", i, buf); X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), - buf, sizeof buf); + buf, sizeof(buf)); BIO_printf(bio, " i:%s\n", buf); if (c_showcerts) PEM_write_bio_X509(bio, sk_X509_value(sk, i)); @@ -2184,9 +2184,9 @@ static void print_stuff(BIO *bio, SSL *s, int full) /* Redundant if we showed the whole chain */ if (!(c_showcerts && got_a_chain)) PEM_write_bio_X509(bio, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf)); BIO_printf(bio, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf)); BIO_printf(bio, "issuer=%s\n", buf); } else BIO_printf(bio, "no peer certificate available\n"); @@ -2203,7 +2203,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } else { BIO_printf(bio, "---\nNo client certificate CA names sent\n"); } - p = SSL_get_shared_ciphers(s, buf, sizeof buf); + p = SSL_get_shared_ciphers(s, buf, sizeof(buf)); if (p != NULL) { /* * This works only for SSL 2. In later protocol versions, the diff --git a/apps/s_server.c b/apps/s_server.c index 98ffc09..83918fb 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2008,7 +2008,7 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context, - sizeof s_server_session_id_context); + sizeof(s_server_session_id_context)); /* Set DTLS cookie generation and verification callbacks */ SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); @@ -2019,7 +2019,7 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); SSL_CTX_set_session_id_context(ctx2, (void *)&s_server_session_id_context, - sizeof s_server_session_id_context); + sizeof(s_server_session_id_context)); tlsextcbp.biodebug = bio_s_out; SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); @@ -2666,14 +2666,14 @@ static int init_ssl_connection(SSL *con) if (peer != NULL) { BIO_printf(bio_s_out, "Client certificate\n"); PEM_write_bio_X509(bio_s_out, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf)); BIO_printf(bio_s_out, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf)); BIO_printf(bio_s_out, "issuer=%s\n", buf); X509_free(peer); } - if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL) + if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL) BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); ssl_print_sigalgs(bio_s_out, con); diff --git a/apps/s_socket.c b/apps/s_socket.c index 77a7688..83624ca 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -235,7 +235,7 @@ int init_client(int *sock, char *host, int port, int type) { unsigned char ip[4]; - memset(ip, '\0', sizeof ip); + memset(ip, '\0', sizeof(ip)); if (!host_ip(host, &(ip[0]))) return 0; return init_client_ip(sock, ip, port, type); @@ -360,7 +360,7 @@ static int init_server_long(int *sock, int port, char *ip, int type) # if defined SOL_SOCKET && defined SO_REUSEADDR { int j = 1; - setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); + setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j)); } # endif if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { @@ -595,7 +595,7 @@ static struct hostent *GetHostByName(char *name) if (ret == NULL) return (NULL); /* else add to cache */ - if (strlen(name) < sizeof ghbn_cache[0].name) { + if (strlen(name) < sizeof(ghbn_cache[0].name)) { strcpy(ghbn_cache[lowi].name, name); memcpy((char *)&(ghbn_cache[lowi].ent), ret, sizeof(struct hostent)); diff --git a/apps/s_time.c b/apps/s_time.c index 38788f7..0bb2f8c 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -422,7 +422,7 @@ int MAIN(int argc, char **argv) goto end; if (s_www_path != NULL) { - BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", + BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path); SSL_write(scon, buf, strlen(buf)); while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) @@ -481,7 +481,7 @@ int MAIN(int argc, char **argv) } if (s_www_path != NULL) { - BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path); + BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path); SSL_write(scon, buf, strlen(buf)); while (SSL_read(scon, buf, sizeof(buf)) > 0) ; } @@ -517,7 +517,7 @@ int MAIN(int argc, char **argv) goto end; if (s_www_path) { - BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", + BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path); SSL_write(scon, buf, strlen(buf)); while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) diff --git a/apps/speed.c b/apps/speed.c index 5383678..aaa982e 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2091,7 +2091,7 @@ int MAIN(int argc, char **argv) RAND_pseudo_bytes(buf, 20); # ifndef OPENSSL_NO_DSA if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); rnd_fake = 1; } for (j = 0; j < DSA_NUM; j++) { @@ -2170,7 +2170,7 @@ int MAIN(int argc, char **argv) # ifndef OPENSSL_NO_ECDSA if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); rnd_fake = 1; } for (j = 0; j < EC_NUM; j++) { @@ -2265,7 +2265,7 @@ int MAIN(int argc, char **argv) # ifndef OPENSSL_NO_ECDH if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); rnd_fake = 1; } for (j = 0; j < EC_NUM; j++) { @@ -2588,7 +2588,7 @@ static char *sstrsep(char **string, const char *delim) if (**string == 0) return NULL; - memset(isdelim, 0, sizeof isdelim); + memset(isdelim, 0, sizeof(isdelim)); isdelim[0] = 1; while (*delim) { @@ -2615,7 +2615,7 @@ static int do_multi(int multi) int *fds; static char sep[] = ":"; - fds = malloc(multi * sizeof *fds); + fds = malloc(multi * sizeof(*fds)); if (fds == NULL) { fprintf(stderr, "Out of memory in speed (do_multi)\n"); exit(1); @@ -2653,7 +2653,7 @@ static int do_multi(int multi) char *p; f = fdopen(fds[n], "r"); - while (fgets(buf, sizeof buf, f)) { + while (fgets(buf, sizeof(buf), f)) { p = strchr(buf, '\n'); if (p) *p = '\0'; diff --git a/apps/vms_term_sock.c b/apps/vms_term_sock.c index a7d87ff..bc0c173 100755 --- a/apps/vms_term_sock.c +++ b/apps/vms_term_sock.c @@ -143,7 +143,7 @@ int main (int argc, char *argv[], char *envp[]) ** Process the terminal input */ LogMessage ("Waiting on terminal I/O ...\n"); - len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ; + len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ; TermBuff[len] = '\0'; LogMessage ("Received terminal I/O [%s]", TermBuff); @@ -209,7 +209,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) TerminalDeviceAst, 0, TerminalDeviceBuff, - sizeof (TerminalDeviceBuff) - 2, + sizeof(TerminalDeviceBuff) - 2, 0, 0, 0, 0); if (! (status & 1)) { LogMessage ("TerminalSocket: SYS$QIO () - %08X", status); @@ -317,7 +317,7 @@ static int CreateSocketPair (int SocketFamily, /* ** Initialize the socket information */ - slen = sizeof (sin); + slen = sizeof(sin); memset ((char *) &sin, 0, slen); sin.sin_family = SocketFamily; sin.sin_addr.s_addr = inet_addr (LocalHostAddr); @@ -434,12 +434,12 @@ static int CreateSocketPair (int SocketFamily, /* ** Now issue the connect */ - memset ((char *) &sin, 0, sizeof (sin)) ; + memset ((char *) &sin, 0, sizeof(sin)) ; sin.sin_family = SocketFamily; sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ; sin.sin_port = LocalHostPort ; - status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin)); + status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin)); if (status < 0 ) { LogMessage ("CreateSocketPair: connect () - %d", errno); sys$cantim (&sptb, 0); @@ -528,7 +528,7 @@ static int TerminalDeviceAst (int astparm) TerminalDeviceAst, 0, TerminalDeviceBuff, - sizeof (TerminalDeviceBuff) - 1, + sizeof(TerminalDeviceBuff) - 1, 0, 0, 0, 0); /* diff --git a/apps/winrand.c b/apps/winrand.c index 44f57a3..fd5cf3b 100644 --- a/apps/winrand.c +++ b/apps/winrand.c @@ -77,7 +77,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, char buffer[200]; if (cmdline[0] == '\0') - filename = RAND_file_name(buffer, sizeof buffer); + filename = RAND_file_name(buffer, sizeof(buffer)); else filename = cmdline; diff --git a/apps/x509.c b/apps/x509.c index ad9fc98..add74d5 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -817,10 +817,10 @@ int MAIN(int argc, char **argv) char *m; int y, z; - X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf)); BIO_printf(STDout, "/* subject:%s */\n", buf); m = X509_NAME_oneline(X509_get_issuer_name(x), buf, - sizeof buf); + sizeof(buf)); BIO_printf(STDout, "/* issuer :%s */\n", buf); z = i2d_X509(x, NULL); diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index 8511813..cb44815 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -78,7 +78,7 @@ int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) ASN1_STRING tmpstr = *(ASN1_STRING *)a; len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); + ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len); tmpstr.data = tmp; a = (ASN1_GENERALIZEDTIME *)&tmpstr; diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 6935efe..5b8028a 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -149,14 +149,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, if ((minsize > 0) && (nchar < minsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); - BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); + BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize); ERR_add_error_data(2, "minsize=", strbuf); return -1; } if ((maxsize > 0) && (nchar > maxsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); - BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); + BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize); ERR_add_error_data(2, "maxsize=", strbuf); return -1; } diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 229a40f..ad6b12a 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -89,7 +89,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) { int i, first, len = 0, c, use_bn; char ftmp[24], *tmp = ftmp; - int tmpsize = sizeof ftmp; + int tmpsize = sizeof(ftmp); const char *p; unsigned long l; BIGNUM *bl = NULL; @@ -226,7 +226,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) if ((a == NULL) || (a->data == NULL)) return (BIO_write(bp, "NULL", 4)); - i = i2t_ASN1_OBJECT(buf, sizeof buf, a); + i = i2t_ASN1_OBJECT(buf, sizeof(buf), a); if (i > (int)(sizeof(buf) - 1)) { p = OPENSSL_malloc(i + 1); if (!p) diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 2d562f9..95f0416 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -130,13 +130,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, if (c > 0xffffffffL) return -1; if (c > 0xffff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); + BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c); if (!io_ch(arg, tmphex, 10)) return -1; return 10; } if (c > 0xff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); + BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c); if (!io_ch(arg, tmphex, 6)) return -1; return 6; @@ -236,7 +236,7 @@ static int do_buf(unsigned char *buf, int buflen, if (type & BUF_TYPE_CONVUTF8) { unsigned char utfbuf[6]; int utflen; - utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); + utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); for (i = 0; i < utflen; i++) { /* * We don't need to worry about setting orflags correctly @@ -533,7 +533,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, if (fn_opt != XN_FLAG_FN_NONE) { int objlen, fld_len; if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { - OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); + OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1); fld_len = 0; /* XXX: what should this be? */ objbuf = objtmp; } else { diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 0eeb79c..28831d6 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -86,7 +86,7 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) tmpstr = *(ASN1_STRING *)a; len = tmpstr.length; ebcdic2ascii(tmp, tmpstr.data, - (len >= sizeof tmp) ? sizeof tmp : len); + (len >= sizeof(tmp)) ? sizeof(tmp) : len); tmpstr.data = tmp; a = (ASN1_GENERALIZEDTIME *)&tmpstr; } diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 0344482..9cbad7c 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -76,7 +76,7 @@ int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) ASN1_STRING x = *(ASN1_STRING *)a; len = x.length; - ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); + ebcdic2ascii(tmp, x.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len); x.data = tmp; return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); # endif @@ -317,7 +317,7 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) struct tm tm; int offset; - memset(&tm, '\0', sizeof tm); + memset(&tm, '\0', sizeof(tm)); # define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') tm.tm_year = g2(s->data); diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 68e791f..35a2b2a 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 219 # define ASN1_R_NON_HEX_CHARACTERS 141 # define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ENOUGH_DATA 142 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index fd4ac8d..cfc1512 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, + {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index e63e82a..b52c3e1 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -456,8 +456,8 @@ void asn1_add_error(const unsigned char *address, int offset) { char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1]; - BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address); - BIO_snprintf(buf2, sizeof buf2, "%d", offset); + BIO_snprintf(buf1, sizeof(buf1), "%lu", (unsigned long)address); + BIO_snprintf(buf2, sizeof(buf2), "%d", offset); ERR_add_error_data(4, "address=", buf1, " offset=", buf2); } diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index e85e339..0b1a689 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -87,13 +87,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, p = str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) - BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag); + BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag); else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) - BIO_snprintf(str, sizeof str, "cont [ %d ]", tag); + BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag); else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) - BIO_snprintf(str, sizeof str, "appl [ %d ]", tag); + BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag); else if (tag > 30) - BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag); + BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag); else p = ASN1_tag2str(tag); diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 5170906..02b7c9b 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -473,6 +473,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); + sk_BIO_pop_free(parts, BIO_vfree); return NULL; } diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c index f4b8f94..d1b897a 100644 --- a/crypto/asn1/t_x509a.c +++ b/crypto/asn1/t_x509a.c @@ -81,7 +81,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, sizeof oidstr, + OBJ_obj2txt(oidstr, sizeof(oidstr), sk_ASN1_OBJECT_value(aux->trust, i), 0); BIO_puts(out, oidstr); } @@ -96,7 +96,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, sizeof oidstr, + OBJ_obj2txt(oidstr, sizeof(oidstr), sk_ASN1_OBJECT_value(aux->reject, i), 0); BIO_puts(out, oidstr); } diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index d49a5d5..e657c36 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -65,6 +65,14 @@ #include <openssl/buffer.h> #include <openssl/err.h> +/* + * Constructed types with a recursive definition (such as can be found in PKCS7) + * could eventually exceed the stack given malicious input with excessive + * recursion. Therefore we limit the stack depth. This is the maximum number of + * recursive invocations of asn1_item_embed_d2i(). + */ +#define ASN1_MAX_CONSTRUCTED_NEST 30 + static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); @@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx); + ASN1_TLC *ctx, int depth); static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx); + ASN1_TLC *ctx, int depth); static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, @@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval, { ASN1_TLC c; asn1_tlc_clear_nc(&c); - return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); + return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0); } /* * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and * tag mismatch return -1 to handle OPTIONAL */ - -int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) +static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it, int tag, int aclass, + char opt, ASN1_TLC *ctx, int depth) { const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_COMPAT_FUNCS *cf; @@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, else asn1_cb = 0; + if (++depth > ASN1_MAX_CONSTRUCTED_NEST) { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP); + goto err; + } + switch (it->itype) { case ASN1_ITYPE_PRIMITIVE: if (it->templates) { @@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, goto err; } return asn1_template_ex_d2i(pval, in, len, - it->templates, opt, ctx); + it->templates, opt, ctx, depth); } return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); @@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, /* * We mark field as OPTIONAL so its absence can be recognised. */ - ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); + ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth); /* If field not present, try the next one */ if (ret == -1) continue; @@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, * attempt to read in field, allowing each to be OPTIONAL */ - ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); + ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx, + depth); if (!ret) { errtt = seqtt; goto err; @@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, return 0; } +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0); +} + /* * Templates are handled with two separate functions. One handles any * EXPLICIT tag and the other handles the rest. @@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, static int asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx) + ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; @@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, return 0; } /* We've found the field so it can't be OPTIONAL now */ - ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); + ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; @@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, } } } else - return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); + return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth); *in = p; return 1; @@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx) + ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; @@ -665,8 +685,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, break; } skfield = NULL; - if (!ASN1_item_ex_d2i(&skfield, &p, len, - ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { + if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), + -1, 0, 0, ctx, depth)) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -684,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } } else if (flags & ASN1_TFLG_IMPTAG) { /* IMPLICIT tagging */ - ret = ASN1_item_ex_d2i(val, &p, len, - ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, - ctx); + ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, + aclass, opt, ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -694,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, return -1; } else { /* Nothing special */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); + ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx, + depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index f628cad..e93fd11 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -463,7 +463,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, ln = OBJ_nid2ln(OBJ_obj2nid(oid)); if (!ln) ln = ""; - OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1); + OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1); if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) return 0; return 1; diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c index 0b008f0..bd20a8e 100644 --- a/crypto/bf/bftest.c +++ b/crypto/bf/bftest.c @@ -462,9 +462,9 @@ static int test(void) len = strlen(cbc_data) + 1; BF_set_key(&key, 16, cbc_key); - memset(cbc_in, 0, sizeof cbc_in); - memset(cbc_out, 0, sizeof cbc_out); - memcpy(iv, cbc_iv, sizeof iv); + memset(cbc_in, 0, sizeof(cbc_in)); + memset(cbc_out, 0, sizeof(cbc_out)); + memcpy(iv, cbc_iv, sizeof(iv)); BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len, &key, iv, BF_ENCRYPT); if (memcmp(cbc_out, cbc_ok, 32) != 0) { diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index ccf0e28..fcfd699 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -64,7 +64,6 @@ #include "cryptlib.h" #include "bio_lcl.h" -#define TRUNCATE #define DUMP_WIDTH 16 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) @@ -79,17 +78,10 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), { int ret = 0; char buf[288 + 1], tmp[20], str[128 + 1]; - int i, j, rows, trc; + int i, j, rows; unsigned char ch; int dump_width; - trc = 0; - -#ifdef TRUNCATE - for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--) - trc++; -#endif - if (indent < 0) indent = 0; if (indent) { @@ -104,50 +96,43 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if ((rows * dump_width) < len) rows++; for (i = 0; i < rows; i++) { - BUF_strlcpy(buf, str, sizeof buf); - BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); - BUF_strlcat(buf, tmp, sizeof buf); + BUF_strlcpy(buf, str, sizeof(buf)); + BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width); + BUF_strlcat(buf, tmp, sizeof(buf)); for (j = 0; j < dump_width; j++) { if (((i * dump_width) + j) >= len) { - BUF_strlcat(buf, " ", sizeof buf); + BUF_strlcat(buf, " ", sizeof(buf)); } else { ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; - BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch, + BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch, j == 7 ? '-' : ' '); - BUF_strlcat(buf, tmp, sizeof buf); + BUF_strlcat(buf, tmp, sizeof(buf)); } } - BUF_strlcat(buf, " ", sizeof buf); + BUF_strlcat(buf, " ", sizeof(buf)); for (j = 0; j < dump_width; j++) { if (((i * dump_width) + j) >= len) break; ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; #ifndef CHARSET_EBCDIC - BIO_snprintf(tmp, sizeof tmp, "%c", + BIO_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.'); #else - BIO_snprintf(tmp, sizeof tmp, "%c", + BIO_snprintf(tmp, sizeof(tmp), "%c", ((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) ? os_toebcdic[ch] : '.'); #endif - BUF_strlcat(buf, tmp, sizeof buf); + BUF_strlcat(buf, tmp, sizeof(buf)); } - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcat(buf, "\n", sizeof(buf)); /* * if this is the last call then update the ddt_dump thing so that we * will move the selection point in the debug window */ ret += cb((void *)buf, strlen(buf), u); } -#ifdef TRUNCATE - if (trc > 0) { - BIO_snprintf(buf, sizeof buf, "%s%04x - <SPACES/NULS>\n", str, - len + trc); - ret += cb((void *)buf, strlen(buf), u); - } -#endif - return (ret); + return ret; } #ifndef OPENSSL_NO_FP_API diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 1c82f53..47654f8 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -663,7 +663,7 @@ fmtfp(char **sbuffer, iconvert[iplace++] = "0123456789"[intpart % 10]; intpart = (intpart / 10); } while (intpart && (iplace < (int)sizeof(iconvert))); - if (iplace == sizeof iconvert) + if (iplace == sizeof(iconvert)) iplace--; iconvert[iplace] = 0; @@ -672,7 +672,7 @@ fmtfp(char **sbuffer, fconvert[fplace++] = "0123456789"[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); - if (fplace == sizeof fconvert) + if (fplace == sizeof(fconvert)) fplace--; fconvert[fplace] = 0; diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index f96294b..2ff5263 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -76,7 +76,7 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, if (BIO_CB_RETURN & cmd) r = ret; - len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + len = BIO_snprintf(buf,sizeof(buf),"BIO[%p]: ",(void *)bio); /* Ignore errors and continue printing the other information. */ if (len < 0) diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index 3dd8187..096ea41 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -144,7 +144,7 @@ static int bio_new(BIO *bio) { struct bio_bio_st *b; - b = OPENSSL_malloc(sizeof *b); + b = OPENSSL_malloc(sizeof(*b)); if (b == NULL) return 0; diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 7d15ad2..bbc6d5a 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -481,7 +481,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) char buf[16]; unsigned char *p = ptr; - BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d", + BIO_snprintf(buf, sizeof(buf), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); if (data->param_hostname != NULL) OPENSSL_free(data->param_hostname); @@ -490,7 +490,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) } else if (num == 3) { char buf[DECIMAL_SIZE(int) + 1]; - BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr); + BIO_snprintf(buf, sizeof(buf), "%d", *(int *)ptr); if (data->param_port != NULL) OPENSSL_free(data->param_port); data->param_port = BUF_strdup(buf); diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 0cf67e5..bbf906f 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -375,15 +375,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num & BIO_CLOSE; if (num & BIO_FP_APPEND) { if (num & BIO_FP_READ) - BUF_strlcpy(p, "a+", sizeof p); + BUF_strlcpy(p, "a+", sizeof(p)); else - BUF_strlcpy(p, "a", sizeof p); + BUF_strlcpy(p, "a", sizeof(p)); } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) - BUF_strlcpy(p, "r+", sizeof p); + BUF_strlcpy(p, "r+", sizeof(p)); else if (num & BIO_FP_WRITE) - BUF_strlcpy(p, "w", sizeof p); + BUF_strlcpy(p, "w", sizeof(p)); else if (num & BIO_FP_READ) - BUF_strlcpy(p, "r", sizeof p); + BUF_strlcpy(p, "r", sizeof(p)); else { BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE); ret = 0; diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index c4b63e4..40115fc 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -727,7 +727,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, top = m->top; - bits = BN_num_bits(p); + /* + * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak + * whether the top bits are zero. + */ + bits = p->top * BN_BITS2; if (bits == 0) { /* x**0 mod 1 is still zero. */ if (BN_is_one(m)) { diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index f9c65f9..27b9bdb 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -144,74 +144,47 @@ const BIGNUM *BN_value_one(void) int BN_num_bits_word(BN_ULONG l) { - static const unsigned char bits[256] = { - 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, - 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - }; - -#if defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffffffff00000000L) { - if (l & 0xffff000000000000L) { - if (l & 0xff00000000000000L) { - return (bits[(int)(l >> 56)] + 56); - } else - return (bits[(int)(l >> 48)] + 48); - } else { - if (l & 0x0000ff0000000000L) { - return (bits[(int)(l >> 40)] + 40); - } else - return (bits[(int)(l >> 32)] + 32); - } - } else -#else -# ifdef SIXTY_FOUR_BIT - if (l & 0xffffffff00000000LL) { - if (l & 0xffff000000000000LL) { - if (l & 0xff00000000000000LL) { - return (bits[(int)(l >> 56)] + 56); - } else - return (bits[(int)(l >> 48)] + 48); - } else { - if (l & 0x0000ff0000000000LL) { - return (bits[(int)(l >> 40)] + 40); - } else - return (bits[(int)(l >> 32)] + 32); - } - } else -# endif -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffff0000L) { - if (l & 0xff000000L) - return (bits[(int)(l >> 24L)] + 24); - else - return (bits[(int)(l >> 16L)] + 16); - } else -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xff00L) - return (bits[(int)(l >> 8)] + 8); - else + BN_ULONG x, mask; + int bits = (l != 0); + +#if BN_BITS2 > 32 + x = l >> 32; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 32 & mask; + l ^= (x ^ l) & mask; #endif - return (bits[(int)(l)]); - } - } + + x = l >> 16; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 16 & mask; + l ^= (x ^ l) & mask; + + x = l >> 8; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 8 & mask; + l ^= (x ^ l) & mask; + + x = l >> 4; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 4 & mask; + l ^= (x ^ l) & mask; + + x = l >> 2; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 2 & mask; + l ^= (x ^ l) & mask; + + x = l >> 1; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 1 & mask; + + return bits; } int BN_num_bits(const BIGNUM *a) @@ -524,9 +497,6 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); #endif - if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0) - BN_set_flags(a, BN_FLG_CONSTTIME); - a->top = b->top; a->neg = b->neg; bn_check_top(a); diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 3af9db8..c170365 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -207,26 +207,13 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) r->top = max; n0 = mont->n0[0]; -# ifdef BN_COUNT - fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl); -# endif + /* + * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On + * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r| + * includes |carry| which is stored separately. + */ for (carry = 0, i = 0; i < nl; i++, rp++) { -# ifdef __TANDEM - { - long long t1; - long long t2; - long long t3; - t1 = rp[0] * (n0 & 0177777); - t2 = 037777600000l; - t2 = n0 & t2; - t3 = rp[0] & 0177777; - t2 = (t3 * t2) & BN_MASK2; - t1 = t1 + t2; - v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1); - } -# else v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); -# endif v = (v + carry + rp[nl]) & BN_MASK2; carry |= (v != rp[nl]); carry &= (v <= rp[nl]); @@ -239,46 +226,24 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) ret->neg = r->neg; rp = ret->d; - ap = &(r->d[nl]); -# define BRANCH_FREE 1 -# if BRANCH_FREE - { - BN_ULONG *nrp; - size_t m; + /* + * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap| + * includes |carry| which is stored separately. + */ + ap = &(r->d[nl]); - v = bn_sub_words(rp, ap, np, nl) - carry; - /* - * if subtraction result is real, then trick unconditional memcpy - * below to perform in-place "refresh" instead of actual copy. - */ - m = (0 - (size_t)v); - nrp = - (BN_ULONG *)(((PTR_SIZE_INT) rp & ~m) | ((PTR_SIZE_INT) ap & m)); - - for (i = 0, nl -= 4; i < nl; i += 4) { - BN_ULONG t1, t2, t3, t4; - - t1 = nrp[i + 0]; - t2 = nrp[i + 1]; - t3 = nrp[i + 2]; - ap[i + 0] = 0; - t4 = nrp[i + 3]; - ap[i + 1] = 0; - rp[i + 0] = t1; - ap[i + 2] = 0; - rp[i + 1] = t2; - ap[i + 3] = 0; - rp[i + 2] = t3; - rp[i + 3] = t4; - } - for (nl += 4; i < nl; i++) - rp[i] = nrp[i], ap[i] = 0; + /* + * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v| + * cannot be -1. That would imply the subtraction did not fit in |nl| words, + * and we know at most one subtraction is needed. + */ + v = bn_sub_words(rp, ap, np, nl) - carry; + v = 0 - v; + for (i = 0; i < nl; i++) { + rp[i] = (v & ap[i]) | (~v & rp[i]); + ap[i] = 0; } -# else - if (bn_sub_words(rp, ap, np, nl) - carry) - memcpy(rp, ap, nl * sizeof(BN_ULONG)); -# endif bn_correct_top(r); bn_correct_top(ret); bn_check_top(ret); @@ -382,6 +347,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) R = &(mont->RR); /* grab RR as a temp */ if (!BN_copy(&(mont->N), mod)) goto err; /* Set N */ + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(&(mont->N), BN_FLG_CONSTTIME); mont->N.neg = 0; #ifdef MONT_WORD diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index f85a655..c0b029d 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -391,10 +391,10 @@ char *BN_options(void) if (!init) { init++; #ifdef BN_LLONG - BIO_snprintf(data, sizeof data, "bn(%d,%d)", + BIO_snprintf(data, sizeof(data), "bn(%d,%d)", (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); #else - BIO_snprintf(data, sizeof data, "bn(%d,%d)", + BIO_snprintf(data, sizeof(data), "bn(%d,%d)", (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); #endif } diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index a327b1a..abe5dbe 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -148,7 +148,7 @@ int main(int argc, char *argv[]) results = 0; - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ argc--; argv++; diff --git a/crypto/bn/expspeed.c b/crypto/bn/expspeed.c index 513a568..8ea980c 100644 --- a/crypto/bn/expspeed.c +++ b/crypto/bn/expspeed.c @@ -198,7 +198,7 @@ static int mul_c[NUM_SIZES] = * static int sizes[NUM_SIZES]={59,179,299,419,539}; */ -#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); } +#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof(str)); } void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx); diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index ac611c2..779ee90 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -183,9 +183,11 @@ int main(int argc, char *argv[]) unsigned char c; BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m; - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we - * don't even check its return - * value (which we should) */ + /* + * Seed or BN_rand may fail, and we don't even check its return + * value (which we should) + */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); ERR_load_BN_strings(); diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 75e309a..6237f6a 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -423,7 +423,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) OPENSSL_free(section); if (line != NULL) *line = eline; - BIO_snprintf(btmp, sizeof btmp, "%ld", eline); + BIO_snprintf(btmp, sizeof(btmp), "%ld", eline); ERR_add_error_data(2, "line ", btmp); if ((h != conf->data) && (conf->data != NULL)) { CONF_free(conf->data); diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index e0c9a67..e2a9a81 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -221,7 +221,7 @@ static int module_run(const CONF *cnf, char *name, char *value, if (!(flags & CONF_MFLAGS_SILENT)) { char rcode[DECIMAL_SIZE(ret) + 1]; CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); - BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); + BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); } diff --git a/crypto/des/destest.c b/crypto/des/destest.c index c6be342..f2041c1 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -398,7 +398,7 @@ int main(int argc, char *argv[]) i = strlen((char *)cbc_data) + 1; /* i=((i+7)/8)*8; */ memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - memset(iv2, '\0', sizeof iv2); + memset(iv2, '\0', sizeof(iv2)); DES_ede3_cbcm_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, &iv2, DES_ENCRYPT); @@ -412,7 +412,7 @@ int main(int argc, char *argv[]) } */ memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - memset(iv2, '\0', sizeof iv2); + memset(iv2, '\0', sizeof(iv2)); DES_ede3_cbcm_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, &iv2, DES_DECRYPT); if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c index f97fd97..60470d6 100644 --- a/crypto/des/ecb_enc.c +++ b/crypto/des/ecb_enc.c @@ -96,7 +96,7 @@ const char *DES_options(void) size = "int"; else size = "long"; - BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll, + BIO_snprintf(buf, sizeof(buf), "des(%s,%s,%s,%s)", ptr, risc, unroll, size); init = 0; } diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c index 111f1e4..09f5792 100644 --- a/crypto/des/fcrypt.c +++ b/crypto/des/fcrypt.c @@ -80,10 +80,10 @@ char *DES_crypt(const char *buf, const char *salt) e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0'; /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ - ebcdic2ascii(e_salt, e_salt, sizeof e_salt); + ebcdic2ascii(e_salt, e_salt, sizeof(e_salt)); /* Convert the cleartext password to ASCII */ - ebcdic2ascii(e_buf, e_buf, sizeof e_buf); + ebcdic2ascii(e_buf, e_buf, sizeof(e_buf)); /* Encrypt it (from/to ASCII) */ ret = DES_fcrypt(e_buf, e_salt, buff); diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index 514a706..080d3e8 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -434,7 +434,7 @@ static void pushsig(void) # ifdef SIGACTION struct sigaction sa; - memset(&sa, 0, sizeof sa); + memset(&sa, 0, sizeof(sa)); sa.sa_handler = recsig; # endif diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index d9c5e7f..0a9ddb4 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -377,7 +377,7 @@ void private_DES_set_key_unchecked(const_DES_cblock *key, register int i; #ifdef OPENBSD_DEV_CRYPTO - memcpy(schedule->key, key, sizeof schedule->key); + memcpy(schedule->key, key, sizeof(schedule->key)); schedule->session = NULL; #endif k = &schedule->ks->deslong[0]; diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index c5d3d87..cb83109 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -116,7 +116,7 @@ int main(int argc, char *argv[]) CRYPTO_malloc_init(); # endif - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); out = BIO_new(BIO_s_file()); if (out == NULL) diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 8a224a8..bee9543 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -157,7 +157,7 @@ int main(int argc, char **argv) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); BIO_printf(bio_err, "test generation of DSA parameters\n"); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 3ffa112..3241aa5 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -85,7 +85,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) return NULL; } - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -164,7 +164,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) OPENSSL_free(group->seed); } - OPENSSL_cleanse(group, sizeof *group); + OPENSSL_cleanse(group, sizeof(*group)); OPENSSL_free(group); } @@ -575,7 +575,7 @@ int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, /* no explicit entry needed */ return 1; - d = OPENSSL_malloc(sizeof *d); + d = OPENSSL_malloc(sizeof(*d)); if (d == NULL) return 0; @@ -712,7 +712,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) return NULL; } - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -747,7 +747,7 @@ void EC_POINT_clear_free(EC_POINT *point) point->meth->point_clear_finish(point); else if (point->meth->point_finish != 0) point->meth->point_finish(point); - OPENSSL_cleanse(point, sizeof *point); + OPENSSL_cleanse(point, sizeof(*point)); OPENSSL_free(point); } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 24ca67a..2231f99 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -169,11 +169,11 @@ static void ec_pre_comp_clear_free(void *pre_) for (p = pre->points; *p != NULL; p++) { EC_POINT_clear_free(*p); - OPENSSL_cleanse(p, sizeof *p); + OPENSSL_cleanse(p, sizeof(*p)); } OPENSSL_free(pre->points); } - OPENSSL_cleanse(pre, sizeof *pre); + OPENSSL_cleanse(pre, sizeof(*pre)); OPENSSL_free(pre); } @@ -430,11 +430,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, totalnum = num + numblocks; - wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); - wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); - wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space - * for pivot */ - val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); + wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0])); + wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0])); + /* include space for pivot */ + wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0])); + val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0])); /* Ensure wNAF is initialised in case we end up going to err */ if (wNAF) @@ -580,7 +580,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a * subarray of 'pre_comp->points' if we already have precomputation. */ - val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); + val = OPENSSL_malloc((num_val + 1) * sizeof(val[0])); if (val == NULL) { ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index fcd754e..121f587 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -48,7 +48,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit typedef uint8_t u8; typedef uint64_t u64; -typedef int64_t s64; /******************************************************************************/ /*- @@ -351,9 +350,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) unsigned num_bytes; /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof b_out); + memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof b_out) { + if (num_bytes > sizeof(b_out)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -372,8 +371,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { felem_bytearray b_in, b_out; felem_to_bin28(b_in, in); - flip_endian(b_out, b_in, sizeof b_out); - return BN_bin2bn(b_out, sizeof b_out, out); + flip_endian(b_out, b_in, sizeof(b_out)); + return BN_bin2bn(b_out, sizeof(b_out), out); } /******************************************************************************/ @@ -1234,7 +1233,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, static NISTP224_PRE_COMP *nistp224_pre_comp_new() { NISTP224_PRE_COMP *ret = NULL; - ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof *ret); + ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof(*ret)); if (!ret) { ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; @@ -1281,7 +1280,7 @@ static void nistp224_pre_comp_clear_free(void *pre_) if (i > 0) return; - OPENSSL_cleanse(pre, sizeof *pre); + OPENSSL_cleanse(pre, sizeof(*pre)); OPENSSL_free(pre); } @@ -1568,7 +1567,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, /* the scalar for the generator */ if ((scalar != NULL) && (have_pre_comp)) { - memset(g_secret, 0, sizeof g_secret); + memset(g_secret, 0, sizeof(g_secret)); /* reduce scalar to 0 <= scalar < 2^224 */ if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) { /* diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 1272966..378f0ba 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -51,7 +51,6 @@ typedef __int128_t int128_t; typedef uint8_t u8; typedef uint32_t u32; typedef uint64_t u64; -typedef int64_t s64; /* * The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We @@ -161,9 +160,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) unsigned num_bytes; /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof b_out); + memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof b_out) { + if (num_bytes > sizeof(b_out)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -182,8 +181,8 @@ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) { felem_bytearray b_in, b_out; smallfelem_to_bin32(b_in, in); - flip_endian(b_out, b_in, sizeof b_out); - return BN_bin2bn(b_out, sizeof b_out, out); + flip_endian(b_out, b_in, sizeof(b_out)); + return BN_bin2bn(b_out, sizeof(b_out), out); } /*- @@ -392,7 +391,7 @@ static void felem_shrink(smallfelem out, const felem in) { felem tmp; u64 a, b, mask; - s64 high, low; + u64 high, low; static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */ /* Carry 2->3 */ @@ -433,29 +432,31 @@ static void felem_shrink(smallfelem out, const felem in) * In order to make space in tmp[3] for the carry from 2 -> 3, we * conditionally subtract kPrime if tmp[3] is large enough. */ - high = tmp[3] >> 64; + high = (u64)(tmp[3] >> 64); /* As tmp[3] < 2^65, high is either 1 or 0 */ - high <<= 63; - high >>= 63; + high = 0 - high; /*- * high is: * all ones if the high word of tmp[3] is 1 - * all zeros if the high word of tmp[3] if 0 */ - low = tmp[3]; - mask = low >> 63; + * all zeros if the high word of tmp[3] if 0 + */ + low = (u64)tmp[3]; + mask = 0 - (low >> 63); /*- * mask is: * all ones if the MSB of low is 1 - * all zeros if the MSB of low if 0 */ + * all zeros if the MSB of low if 0 + */ low &= bottom63bits; low -= kPrime3Test; /* if low was greater than kPrime3Test then the MSB is zero */ low = ~low; - low >>= 63; + low = 0 - (low >> 63); /*- * low is: * all ones if low was > kPrime3Test - * all zeros if low was <= kPrime3Test */ + * all zeros if low was <= kPrime3Test + */ mask = (mask & low) | high; tmp[0] -= mask & kPrime[0]; tmp[1] -= mask & kPrime[1]; @@ -889,7 +890,7 @@ static void felem_contract(smallfelem out, const felem in) equal &= equal << 4; equal &= equal << 2; equal &= equal << 1; - equal = ((s64) equal) >> 63; + equal = 0 - (equal >> 63); all_equal_so_far &= equal; } @@ -956,7 +957,7 @@ static limb smallfelem_is_zero(const smallfelem small) is_zero &= is_zero << 4; is_zero &= is_zero << 2; is_zero &= is_zero << 1; - is_zero = ((s64) is_zero) >> 63; + is_zero = 0 - (is_zero >> 63); is_p = (small[0] ^ kPrime[0]) | (small[1] ^ kPrime[1]) | @@ -968,7 +969,7 @@ static limb smallfelem_is_zero(const smallfelem small) is_p &= is_p << 4; is_p &= is_p << 2; is_p &= is_p << 1; - is_p = ((s64) is_p) >> 63; + is_p = 0 - (is_p >> 63); is_zero |= is_p; @@ -1820,7 +1821,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void) static NISTP256_PRE_COMP *nistp256_pre_comp_new() { NISTP256_PRE_COMP *ret = NULL; - ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof *ret); + ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof(*ret)); if (!ret) { ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; @@ -1867,7 +1868,7 @@ static void nistp256_pre_comp_clear_free(void *pre_) if (i > 0) return; - OPENSSL_cleanse(pre, sizeof *pre); + OPENSSL_cleanse(pre, sizeof(*pre)); OPENSSL_free(pre); } diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index a1dc994..90989c5 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -49,7 +49,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit typedef uint8_t u8; typedef uint64_t u64; -typedef int64_t s64; /* * The underlying field. P521 operates over GF(2^521-1). We can serialise an @@ -185,9 +184,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) unsigned num_bytes; /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof b_out); + memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof b_out) { + if (num_bytes > sizeof(b_out)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -206,8 +205,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { felem_bytearray b_in, b_out; felem_to_bin66(b_in, in); - flip_endian(b_out, b_in, sizeof b_out); - return BN_bin2bn(b_out, sizeof b_out, out); + flip_endian(b_out, b_in, sizeof(b_out)); + return BN_bin2bn(b_out, sizeof(b_out), out); } /*- @@ -852,7 +851,7 @@ static limb felem_is_zero(const felem in) * We know that ftmp[i] < 2^63, therefore the only way that the top bit * can be set is if is_zero was 0 before the decrement. */ - is_zero = ((s64) is_zero) >> 63; + is_zero = 0 - (is_zero >> 63); is_p = ftmp[0] ^ kPrime[0]; is_p |= ftmp[1] ^ kPrime[1]; @@ -865,7 +864,7 @@ static limb felem_is_zero(const felem in) is_p |= ftmp[8] ^ kPrime[8]; is_p--; - is_p = ((s64) is_p) >> 63; + is_p = 0 - (is_p >> 63); is_zero |= is_p; return is_zero; @@ -936,7 +935,7 @@ static void felem_contract(felem out, const felem in) is_p &= is_p << 4; is_p &= is_p << 2; is_p &= is_p << 1; - is_p = ((s64) is_p) >> 63; + is_p = 0 - (is_p >> 63); is_p = ~is_p; /* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */ @@ -962,7 +961,7 @@ static void felem_contract(felem out, const felem in) is_greater |= is_greater << 4; is_greater |= is_greater << 2; is_greater |= is_greater << 1; - is_greater = ((s64) is_greater) >> 63; + is_greater = 0 - (is_greater >> 63); out[0] -= kPrime[0] & is_greater; out[1] -= kPrime[1] & is_greater; diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 99b8d61..9a53a39 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1504,7 +1504,7 @@ static void ecp_nistz256_pre_comp_clear_free(void *pre_) 32 * sizeof(unsigned char) * (1 << pre->w) * 2 * 37); OPENSSL_free(pre->precomp_storage); } - OPENSSL_cleanse(pre, sizeof *pre); + OPENSSL_cleanse(pre, sizeof(*pre)); OPENSSL_free(pre); } diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 2b84821..e94a7d4 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -1270,7 +1270,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, if (tmp == NULL || tmp_Z == NULL) goto err; - prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0])); if (prod_Z == NULL) goto err; for (i = 0; i < num; i++) { diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index 40a1f00..5e1ef50 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -469,7 +469,7 @@ static void prime_field_tests(void) len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -482,7 +482,7 @@ static void prime_field_tests(void) len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -494,7 +494,7 @@ static void prime_field_tests(void) fprintf(stdout, "%02X", buf[i]); len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, + EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), ctx); if (len == 0) ABORT; @@ -1206,7 +1206,7 @@ static void char2_field_tests(void) # ifdef OPENSSL_EC_BIN_PT_COMP len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -1220,7 +1220,7 @@ static void char2_field_tests(void) len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -1234,7 +1234,7 @@ static void char2_field_tests(void) /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, + EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), ctx); if (len == 0) ABORT; @@ -1844,7 +1844,7 @@ int main(int argc, char *argv[]) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ prime_field_tests(); puts(""); diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 2fe2c66..3febf10 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -490,7 +490,7 @@ int main(int argc, char *argv[]) CRYPTO_malloc_init(); # endif - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); out = BIO_new(BIO_s_file()); if (out == NULL) diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index af59471..d8cac4b 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -1057,7 +1057,7 @@ static int crparam2bn(struct crparam *crp, BIGNUM *a) return (-1); for (i = 0; i < bytes; i++) - pd[i] = crp->crp_p[bytes - i - 1]; + pd[i] = ((char *)crp->crp_p)[bytes - i - 1]; BN_bin2bn(pd, bytes, a); free(pd); @@ -1133,7 +1133,7 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return (ret); } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_MOD_EXP; /* inputs: a^p % m */ @@ -1184,7 +1184,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) return (0); } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_MOD_EXP_CRT; /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ if (bn2crparam(rsa->p, &kop.crk_param[0])) @@ -1287,7 +1287,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, goto err; } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DSA_SIGN; /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ @@ -1330,7 +1330,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, struct crypt_kop kop; int dsaret = 1; - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DSA_VERIFY; /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ @@ -1403,7 +1403,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) keylen = BN_num_bits(dh->p); - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DH_COMPUTE_KEY; /* inputs: dh->priv_key pub_key dh->p key */ diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index 27d31f7..709393f 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -159,6 +159,11 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, } fnd->funct = NULL; (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd); + if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) { + sk_ENGINE_free(fnd->sk); + OPENSSL_free(fnd); + goto end; + } } /* A registration shouldn't add duplciate entries */ (void)sk_ENGINE_delete_ptr(fnd->sk, e); diff --git a/crypto/err/err.c b/crypto/err/err.c index cfe0e80..e9ef215 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -602,8 +602,8 @@ static void build_SYS_str_reasons(void) char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); char *src = strerror(i); if (src != NULL) { - strncpy(*dest, src, sizeof *dest); - (*dest)[sizeof *dest - 1] = '\0'; + strncpy(*dest, src, sizeof(*dest)); + (*dest)[sizeof(*dest) - 1] = '\0'; str->string = *dest; } } diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 6e352ef..25c808e 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -77,7 +77,7 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), CRYPTO_THREADID_current(&cur); es = CRYPTO_THREADID_hash(&cur); while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, file, line, (flags & ERR_TXT_STRING) ? data : ""); if (cb(buf2, strlen(buf2), u) <= 0) diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 538b520..5ad5a95 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -330,6 +330,14 @@ static int b64_read(BIO *b, char *out, int outl) (unsigned char *)ctx->tmp, i); ctx->tmp_len = 0; } + /* + * If eof or an error was signalled, then the condition + * 'ctx->cont <= 0' will prevent b64_read() from reading + * more data on subsequent calls. This assignment was + * deleted accidentally in commit 5562cfaca4f3. + */ + ctx->cont = i; + ctx->buf_off = 0; if (i < 0) { ret_code = 0; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 4db1796..d4274c5 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -124,12 +124,12 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); } EVP_MD_CTX *EVP_MD_CTX_create(void) { - EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx) EVP_MD_CTX_init(ctx); @@ -316,7 +316,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) } else tmp_buf = NULL; EVP_MD_CTX_cleanup(out); - memcpy(out, in, sizeof *out); + memcpy(out, in, sizeof(*out)); if (in->md_data && out->digest->ctx_size) { if (tmp_buf) @@ -402,7 +402,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) #ifdef OPENSSL_FIPS FIPS_md_ctx_cleanup(ctx); #endif - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); return 1; } diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index b45b364..ccc626f 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1089,6 +1089,8 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, ctx->iv, &ctx->num, ctx->encrypt, dat->block); len -= MAXBITCHUNK; + out += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c index f273f9c..996aed2 100644 --- a/crypto/evp/e_camellia.c +++ b/crypto/evp/e_camellia.c @@ -1,6 +1,6 @@ /* crypto/evp/e_camellia.c */ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -356,6 +356,8 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, ctx->iv, &ctx->num, ctx->encrypt, dat->block); len -= MAXBITCHUNK; + out += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index be577ba..0c740d1 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -85,7 +85,7 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { - EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx) EVP_CIPHER_CTX_init(ctx); return ctx; @@ -402,7 +402,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->buf); + OPENSSL_assert(b <= sizeof(ctx->buf)); if (b == 1) { *outl = 0; return 1; @@ -454,7 +454,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return EVP_EncryptUpdate(ctx, out, outl, in, inl); b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->final); + OPENSSL_assert(b <= sizeof(ctx->final)); if (ctx->final_used) { memcpy(out, ctx->final, b); @@ -520,7 +520,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); return (0); } - OPENSSL_assert(b <= sizeof ctx->final); + OPENSSL_assert(b <= sizeof(ctx->final)); /* * The following assumes that the ciphertext has been authenticated. @@ -651,7 +651,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) #endif EVP_CIPHER_CTX_cleanup(out); - memcpy(out, in, sizeof *out); + memcpy(out, in, sizeof(*out)); if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 2bb709a..bee7f6d 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -116,7 +116,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (inl<chunk) chunk=inl;\ while(inl && inl>=chunk)\ {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ inl-=chunk;\ in +=chunk;\ out+=chunk;\ diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 7934c95..5d2f04b 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -161,9 +161,9 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); if (!pbe_obj) - BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); + BUF_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp)); else - i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); + i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; } diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 9879642..97a2083 100755 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -506,7 +506,7 @@ int main(int argc, char **argv) int an = 0; int tn = 0; - if (!fgets((char *)line, sizeof line, f)) + if (!fgets((char *)line, sizeof(line), f)) break; if (line[0] == '#' || line[0] == '\n') continue; diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c index 07decf2..24a358e 100644 --- a/crypto/evp/openbsd_hw.c +++ b/crypto/evp/openbsd_hw.c @@ -111,7 +111,7 @@ static int dev_crypto_init(session_op *ses) close(cryptodev_fd); } assert(ses); - memset(ses, '\0', sizeof *ses); + memset(ses, '\0', sizeof(*ses)); return 1; } @@ -164,7 +164,7 @@ static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, assert(CDATA(ctx)); assert(!dev_failed); - memset(&cryp, '\0', sizeof cryp); + memset(&cryp, '\0', sizeof(cryp)); cryp.ses = CDATA(ctx)->ses; cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; cryp.flags = 0; @@ -329,7 +329,7 @@ static int do_digest(int ses, unsigned char *md, const void *data, int len) return 1; } - memset(&cryp, '\0', sizeof cryp); + memset(&cryp, '\0', sizeof(cryp)); cryp.ses = ses; cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check * it */ diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index f2ae1e5..46fefa9 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -262,7 +262,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); - OPENSSL_assert(keylen <= sizeof key); + OPENSSL_assert(keylen <= sizeof(key)); /* Decode parameter */ diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 213504e..023ec45 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -234,7 +234,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx) EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); - OPENSSL_cleanse(ctx, sizeof *ctx); + OPENSSL_cleanse(ctx, sizeof(*ctx)); } unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index 2ba75f0..daf2722 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -108,14 +108,14 @@ static void JPAKE_CTX_release(JPAKE_CTX *ctx) OPENSSL_free(ctx->p.peer_name); OPENSSL_free(ctx->p.name); - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); } JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, const BIGNUM *secret) { - JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + JPAKE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx == NULL) return NULL; @@ -460,7 +460,7 @@ void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a) int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx) { quickhashbn(send->hhk, ctx->key); - SHA1(send->hhk, sizeof send->hhk, send->hhk); + SHA1(send->hhk, sizeof(send->hhk), send->hhk); return 1; } @@ -470,8 +470,8 @@ int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received) unsigned char hhk[SHA_DIGEST_LENGTH]; quickhashbn(hhk, ctx->key); - SHA1(hhk, sizeof hhk, hhk); - if (memcmp(hhk, received->hhk, sizeof hhk)) { + SHA1(hhk, sizeof(hhk), hhk); + if (memcmp(hhk, received->hhk, sizeof(hhk))) { JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH); return 0; @@ -499,7 +499,7 @@ int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received) unsigned char hk[SHA_DIGEST_LENGTH]; quickhashbn(hk, ctx->key); - if (memcmp(hk, received->hk, sizeof hk)) { + if (memcmp(hk, received->hk, sizeof(hk))) { JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH); return 0; } diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index 7f5d9ba..44193e2 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -122,9 +122,9 @@ const char *MD2_options(void) fips_md_init(MD2) { c->num = 0; - memset(c->state, 0, sizeof c->state); - memset(c->cksm, 0, sizeof c->cksm); - memset(c->data, 0, sizeof c->data); + memset(c->state, 0, sizeof(c->state)); + memset(c->cksm, 0, sizeof(c->cksm)); + memset(c->data, 0, sizeof(c->data)); return 1; } diff --git a/crypto/md4/md4.c b/crypto/md4/md4.c index c9fab66..a79997f 100644 --- a/crypto/md4/md4.c +++ b/crypto/md4/md4.c @@ -102,7 +102,7 @@ void do_fp(FILE *f) fd = fileno(f); MD4_Init(&c); for (;;) { - i = read(fd, buf, sizeof buf); + i = read(fd, buf, sizeof(buf)); if (i <= 0) break; MD4_Update(&c, buf, (unsigned long)i); diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 8525ded..9e1be50 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -633,16 +633,22 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) APP_INFO *amip; int ami_cnt; struct tm *lcl = NULL; + struct tm result = {0}; CRYPTO_THREADID ti; -#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) +#define BUF_REMAIN (sizeof(buf) - (size_t)(bufp - buf)) if (m->addr == (char *)l->bio) return; if (options & V_CRYPTO_MDEBUG_TIME) { +# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \ + !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \ + (!defined(OPENSSL_SYS_VMS) || defined(localtime_r)) + lcl = localtime_r(&m->time, &result); +# else lcl = localtime(&m->time); - +# endif BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", lcl->tm_hour, lcl->tm_min, lcl->tm_sec); bufp += strlen(bufp); @@ -679,7 +685,7 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) ami_cnt++; memset(buf, '>', ami_cnt); - BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, + BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt, " thread=%lu, file=%s, line=%d, info=\"", CRYPTO_THREADID_hash(&amip->threadid), amip->file, amip->line); @@ -689,10 +695,10 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); buf_len = 128 - 3; } else { - BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); + BUF_strlcpy(buf + buf_len, amip->info, sizeof(buf) - buf_len); buf_len = strlen(buf); } - BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); + BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n"); BIO_puts(l->bio, buf); diff --git a/crypto/o_init.c b/crypto/o_init.c index 185841e..18bb858 100644 --- a/crypto/o_init.c +++ b/crypto/o_init.c @@ -58,6 +58,11 @@ #ifdef OPENSSL_FIPS # include <openssl/fips.h> # include <openssl/rand.h> + +# ifndef OPENSSL_NO_DEPRECATED +/* the prototype is missing in <openssl/fips.h> */ +void FIPS_crypto_set_id_callback(unsigned long (*func)(void)); +# endif #endif /* diff --git a/crypto/o_time.c b/crypto/o_time.c index 04d805d..6192743 100755 --- a/crypto/o_time.c +++ b/crypto/o_time.c @@ -8,7 +8,7 @@ * 2008. */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -105,7 +105,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) { struct tm *ts = NULL; -#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) +#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_SUNOS) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; @@ -141,14 +141,14 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) pitem->ileb_64$w_mbo = 1; pitem->ileb_64$w_code = LNM$_STRING; pitem->ileb_64$l_mbmo = -1; - pitem->ileb_64$q_length = sizeof (logvalue); + pitem->ileb_64$q_length = sizeof(logvalue); pitem->ileb_64$pq_bufaddr = logvalue; pitem->ileb_64$pq_retlen_addr = (unsigned __int64 *) &reslen; pitem++; /* Last item of the item list is null terminated */ pitem->ileb_64$q_length = pitem->ileb_64$w_code = 0; # else - pitem->ile3$w_length = sizeof (logvalue); + pitem->ile3$w_length = sizeof(logvalue); pitem->ile3$w_code = LNM$_STRING; pitem->ile3$ps_bufaddr = logvalue; pitem->ile3$ps_retlen_addr = (unsigned short int *) &reslen; diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index f106905..b8bdc5c 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -312,13 +312,13 @@ void OBJ_NAME_do_all_sorted(int type, d.type = type; d.names = - OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); + OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof(*d.names)); /* Really should return an error if !d.names...but its a void function! */ if (d.names) { d.n = 0; OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); + qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp); for (n = 0; n < d.n; ++n) fn(d.names[n], arg); diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index aca382a..315afa9 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -305,9 +305,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj) for (i = ADDED_DATA; i <= ADDED_NID; i++) if (ao[i] != NULL) OPENSSL_free(ao[i]); - if (o != NULL) - OPENSSL_free(o); - return (NID_undef); + ASN1_OBJECT_free(o); + return NID_undef; } ASN1_OBJECT *OBJ_nid2obj(int n) @@ -591,7 +590,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) n += i; OPENSSL_free(bndec); } else { - BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l); + BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l); i = strlen(tbuf); if (buf && (buf_len > 0)) { BUF_strlcpy(buf, tbuf, buf_len); @@ -725,6 +724,10 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, return (p); } +/* + * Parse a BIO sink to create some extra oid's objects. + * Line format:<OID:isdigit or '.']><isspace><SN><isspace><LN> + */ int OBJ_create_objects(BIO *in) { MS_STATIC char buf[512]; @@ -746,9 +749,9 @@ int OBJ_create_objects(BIO *in) *(s++) = '\0'; while (isspace((unsigned char)*s)) s++; - if (*s == '\0') + if (*s == '\0') { s = NULL; - else { + } else { l = s; while ((*l != '\0') && !isspace((unsigned char)*l)) l++; @@ -756,15 +759,18 @@ int OBJ_create_objects(BIO *in) *(l++) = '\0'; while (isspace((unsigned char)*l)) l++; - if (*l == '\0') + if (*l == '\0') { l = NULL; - } else + } + } else { l = NULL; + } } - } else + } else { s = NULL; - if ((o == NULL) || (*o == '\0')) - return (num); + } + if (*o == '\0') + return num; if (!OBJ_create(o, s, l)) return (num); num++; diff --git a/crypto/opensslv.h b/crypto/opensslv.h index baee2d0..77f124e 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100020efL +# define OPENSSL_VERSION_NUMBER 0x100020ffL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-fips 7 Dec 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n 7 Dec 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o 27 Mar 2018" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 4d736a1..0994020 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -354,7 +354,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, /* create the right magic header stuff */ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= - sizeof buf); + sizeof(buf)); buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 865976b..4d5f053 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -406,7 +406,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, OPENSSL_cleanse(buf, PEM_BUFSIZE); OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= - sizeof buf); + sizeof(buf)); buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 6cf8253..6a46368 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -375,16 +375,18 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) } if (bio == NULL) { - if (PKCS7_is_detached(p7)) + if (PKCS7_is_detached(p7)) { bio = BIO_new(BIO_s_null()); - else if (os && os->length > 0) + } else if (os && os->length > 0) { bio = BIO_new_mem_buf(os->data, os->length); - if (bio == NULL) { + } else { bio = BIO_new(BIO_s_mem()); if (bio == NULL) goto err; BIO_set_mem_eof_return(bio, 0); } + if (bio == NULL) + goto err; } if (out) BIO_push(out, bio); diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 29e465b..a7af9f9 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -238,7 +238,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) md_c[0] = md_count[0]; md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); + memcpy(local_md, md, sizeof(md)); /* state_index <= state_num <= STATE_SIZE */ state_index += num; @@ -454,7 +454,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) st_num = state_num; md_c[0] = md_count[0]; md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); + memcpy(local_md, md, sizeof(md)); state_index += num_ceil; if (state_index > state_num) @@ -480,7 +480,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) goto err; #ifndef GETPID_IS_MEANINGLESS if (curr_pid) { /* just in the first iteration to save time */ - if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid)) + if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof(curr_pid))) goto err; curr_pid = 0; } diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c index 737aebf..66fb14c 100644 --- a/crypto/rand/rand_egd.c +++ b/crypto/rand/rand_egd.c @@ -148,7 +148,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) addr.sun_family = AF_UNIX; if (strlen(path) >= sizeof(addr.sun_path)) return (-1); - BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path); + BUF_strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); len = offsetof(struct sockaddr_un, sun_path) + strlen(path); fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 6c5b65d..097e409 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -181,15 +181,15 @@ int RAND_poll(void) */ curr_gid = getgid(); - RAND_add(&curr_gid, sizeof curr_gid, 1); + RAND_add(&curr_gid, sizeof(curr_gid), 1); curr_gid = 0; curr_pid = getpid(); - RAND_add(&curr_pid, sizeof curr_pid, 1); + RAND_add(&curr_pid, sizeof(curr_pid), 1); curr_pid = 0; curr_uid = getuid(); - RAND_add(&curr_uid, sizeof curr_uid, 1); + RAND_add(&curr_uid, sizeof(curr_uid), 1); curr_uid = 0; for (i = 0; i < (ENTROPY_NEEDED * 4); i++) { @@ -217,7 +217,7 @@ int RAND_poll(void) /* take 8 bits */ v = (unsigned char)(ts.tv_nsec % 256); - RAND_add(&v, sizeof v, 1); + RAND_add(&v, sizeof(v), 1); v = 0; } return 1; @@ -402,7 +402,7 @@ int RAND_poll(void) # if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) if (n > 0) { - RAND_add(tmpbuf, sizeof tmpbuf, (double)n); + RAND_add(tmpbuf, sizeof(tmpbuf), (double)n); OPENSSL_cleanse(tmpbuf, n); } # endif diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index 5c416b5..68f2981 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -219,7 +219,7 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) * if PRNG is not properly seeded, resort to secret exponent as * unpredictable seed */ - RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); + RAND_add(rsa->d->d, rsa->d->dmax * sizeof(rsa->d->d[0]), 0.0); } if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index a85493d..9ca5dfe 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -109,6 +109,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BIGNUM *pr0, *d, *p; int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; + unsigned long error = 0; /* * When generating ridiculously small keys, we can get stuck @@ -155,16 +156,26 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (BN_copy(rsa->e, e_value) == NULL) goto err; + BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } if (!BN_GENCB_call(cb, 2, n++)) goto err; } @@ -177,10 +188,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, } while (BN_cmp(rsa->p, rsa->q) == 0); if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } if (!BN_GENCB_call(cb, 2, n++)) goto err; } diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 2c3fd73..3c9250b 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -157,7 +157,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, goto err; } if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(&ctx, zeroes, sizeof(zeroes)) || !EVP_DigestUpdate(&ctx, mHash, hLen)) goto err; if (maskedDBLen - i) { @@ -252,7 +252,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, H = EM + maskedDBLen; EVP_MD_CTX_init(&ctx); if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(&ctx, zeroes, sizeof(zeroes)) || !EVP_DigestUpdate(&ctx, mHash, hLen)) goto err; if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c index 85c7440..ed78f01 100644 --- a/crypto/rsa/rsa_test.c +++ b/crypto/rsa/rsa_test.c @@ -226,7 +226,7 @@ int main(int argc, char *argv[]) CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or OAEP may fail */ plen = sizeof(ptext_ex) - 1; diff --git a/crypto/srp/srp_grps.h b/crypto/srp/srp_grps.h index 31312de..f76652c 100644 --- a/crypto/srp/srp_grps.h +++ b/crypto/srp/srp_grps.h @@ -21,8 +21,8 @@ static BN_ULONG bn_group_1024_value[] = { static BIGNUM bn_group_1024 = { bn_group_1024_value, - (sizeof bn_group_1024_value) / sizeof(BN_ULONG), - (sizeof bn_group_1024_value) / sizeof(BN_ULONG), + (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -56,8 +56,8 @@ static BN_ULONG bn_group_1536_value[] = { static BIGNUM bn_group_1536 = { bn_group_1536_value, - (sizeof bn_group_1536_value) / sizeof(BN_ULONG), - (sizeof bn_group_1536_value) / sizeof(BN_ULONG), + (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -99,8 +99,8 @@ static BN_ULONG bn_group_2048_value[] = { static BIGNUM bn_group_2048 = { bn_group_2048_value, - (sizeof bn_group_2048_value) / sizeof(BN_ULONG), - (sizeof bn_group_2048_value) / sizeof(BN_ULONG), + (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -158,8 +158,8 @@ static BN_ULONG bn_group_3072_value[] = { static BIGNUM bn_group_3072 = { bn_group_3072_value, - (sizeof bn_group_3072_value) / sizeof(BN_ULONG), - (sizeof bn_group_3072_value) / sizeof(BN_ULONG), + (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -233,8 +233,8 @@ static BN_ULONG bn_group_4096_value[] = { static BIGNUM bn_group_4096 = { bn_group_4096_value, - (sizeof bn_group_4096_value) / sizeof(BN_ULONG), - (sizeof bn_group_4096_value) / sizeof(BN_ULONG), + (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -340,8 +340,8 @@ static BN_ULONG bn_group_6144_value[] = { static BIGNUM bn_group_6144 = { bn_group_6144_value, - (sizeof bn_group_6144_value) / sizeof(BN_ULONG), - (sizeof bn_group_6144_value) / sizeof(BN_ULONG), + (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -479,8 +479,8 @@ static BN_ULONG bn_group_8192_value[] = { static BIGNUM bn_group_8192 = { bn_group_8192_value, - (sizeof bn_group_8192_value) / sizeof(BN_ULONG), - (sizeof bn_group_8192_value) / sizeof(BN_ULONG), + (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index dbff4a6..b26ed28 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -190,7 +190,7 @@ int main(int argc, char *argv[]) char *ccert = TEST_CLIENT_CERT; const SSL_METHOD *ssl_method = SSLv23_method(); - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); if (bio_err == NULL) bio_err = BIO_new_fd(2, BIO_NOCLOSE); diff --git a/crypto/ts/Makefile b/crypto/ts/Makefile index cf991ef..4a3c0f0 100644 --- a/crypto/ts/Makefile +++ b/crypto/ts/Makefile @@ -217,7 +217,8 @@ ts_rsp_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ts_rsp_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_rsp_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ts_rsp_sign.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_sign.c +ts_rsp_sign.o: ../../include/openssl/x509v3.h ../cryptlib.h ../o_time.h +ts_rsp_sign.o: ts_rsp_sign.c ts_rsp_utils.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index db6ce32..d55e903 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -4,7 +4,7 @@ * 2002. */ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -58,6 +58,7 @@ */ #include "cryptlib.h" +#include "o_time.h" #if defined(OPENSSL_SYS_UNIX) # include <sys/time.h> @@ -948,6 +949,7 @@ static ASN1_GENERALIZEDTIME { time_t time_sec = (time_t)sec; struct tm *tm = NULL; + struct tm result = {0}; char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; char *p = genTime_str; char *p_end = genTime_str + sizeof(genTime_str); @@ -955,7 +957,7 @@ static ASN1_GENERALIZEDTIME if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) goto err; - if (!(tm = gmtime(&time_sec))) + if (!(tm = OPENSSL_gmtime(&time_sec, &result))) goto err; /* diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 17d14f5..8a43590 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -614,7 +614,7 @@ static void pushsig(void) # ifdef SIGACTION struct sigaction sa; - memset(&sa, 0, sizeof sa); + memset(&sa, 0, sizeof(sa)); sa.sa_handler = recsig; # endif diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 35db095..594031e 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -212,7 +212,7 @@ const char *X509_verify_cert_error_string(long n) return ("proxy subject name violation"); default: - BIO_snprintf(buf, sizeof buf, "error number %ld", n); + BIO_snprintf(buf, sizeof(buf), "error number %ld", n); return (buf); } } diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 4a03445..9a3517e 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -177,7 +177,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, err2: if (new_ex != NULL) X509_EXTENSION_free(new_ex); - if (sk != NULL) + if (x != NULL && *x == NULL && sk != NULL) sk_X509_EXTENSION_free(sk); return (NULL); } diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 1ac15a8..7d68a4a 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -173,7 +173,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) X509_VERIFY_PARAM *param; X509_VERIFY_PARAM_ID *paramid; - param = OPENSSL_malloc(sizeof *param); + param = OPENSSL_malloc(sizeof(*param)); if (!param) return NULL; memset(param, 0, sizeof(*param)); diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index a0351fa..d4d024c 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -157,12 +157,12 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, case GEN_IPADD: p = gen->d.ip->data; if (gen->d.ip->length == 4) - BIO_snprintf(oline, sizeof oline, + BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); else if (gen->d.ip->length == 16) { oline[0] = 0; for (i = 0; i < 8; i++) { - BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]); + BIO_snprintf(htmp, sizeof(htmp), "%X", p[0] << 8 | p[1]); p += 2; strcat(oline, htmp); if (i != 7) diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index c1b4c1a..a38848c 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -4,7 +4,7 @@ * 1999. */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -340,8 +340,12 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, val = sk_CONF_VALUE_value(nval, i); if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) return 0; - if (sk) - X509v3_add_ext(sk, ext, -1); + if (sk != NULL) { + if (X509v3_add_ext(sk, ext, -1) == NULL) { + X509_EXTENSION_free(ext); + return 0; + } + } X509_EXTENSION_free(ext); } return 1; diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index 7064c72..0c64b0a 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -126,7 +126,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( goto err; tret = tmp; vtmp = sk_CONF_VALUE_value(tret, i); - i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); + i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); if (ntmp == NULL) diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index 45063a4..717b81a 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -295,9 +295,9 @@ static void tls_errflush(void *apparg) if (errbuf_i == 0) return; - assert(errbuf_i < sizeof errbuf); + assert(errbuf_i < sizeof(errbuf)); assert(errbuf[errbuf_i] == 0); - if (errbuf_i == sizeof errbuf - 1) { + if (errbuf_i == sizeof(errbuf) - 1) { /* make sure we have a newline, even if string has been truncated */ errbuf[errbuf_i - 1] = '\n'; } @@ -316,11 +316,11 @@ static void tls_errprintf(int flush, void *apparg, const char *fmt, ...) va_list args; int r; - if (errbuf_i < sizeof errbuf - 1) { + if (errbuf_i < sizeof(errbuf) - 1) { size_t n; va_start(args, fmt); - n = (sizeof errbuf) - errbuf_i; + n = (sizeof(errbuf)) - errbuf_i; r = vsnprintf(errbuf + errbuf_i, n, fmt, args); va_end(args); if (r >= n) @@ -328,10 +328,10 @@ static void tls_errprintf(int flush, void *apparg, const char *fmt, ...) if (r >= 0) { errbuf_i += r; } else { - errbuf_i = sizeof errbuf - 1; + errbuf_i = sizeof(errbuf) - 1; errbuf[errbuf_i] = '\0'; } - assert(errbuf_i < sizeof errbuf); + assert(errbuf_i < sizeof(errbuf)); assert(errbuf[errbuf_i] == 0); } #ifndef TLS_CUMULATE_ERRORS @@ -369,11 +369,11 @@ static char *tls_openssl_errors(const char *app_prefix_1, default_text = "?" "?" "?"; while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { - if (reasons_i < sizeof reasons) { + if (reasons_i < sizeof(reasons)) { size_t n; int r; - n = (sizeof reasons) - reasons_i; + n = (sizeof(reasons)) - reasons_i; r = snprintf(reasons + reasons_i, n, "%s%s", (reasons_i > 0 ? ", " : ""), ERR_reason_error_string(err)); @@ -382,9 +382,9 @@ static char *tls_openssl_errors(const char *app_prefix_1, if (r >= 0) { reasons_i += r; } else { - reasons_i = sizeof reasons; + reasons_i = sizeof(reasons); } - assert(reasons_i <= sizeof reasons); + assert(reasons_i <= sizeof(reasons)); } errstring = ERR_error_string(err, NULL); @@ -397,7 +397,7 @@ static char *tls_openssl_errors(const char *app_prefix_1, if (!printed_something) { assert(reasons_i == 0); - snprintf(reasons, sizeof reasons, "%s", default_text); + snprintf(reasons, sizeof(reasons), "%s", default_text); tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1, app_prefix_2, default_text); } @@ -442,7 +442,7 @@ static void tls_rand_seed_uniquely(void) data.time = time(NULL); data.stack = (void *)&data; - RAND_seed((const void *)&data, sizeof data); + RAND_seed((const void *)&data, sizeof(data)); } void tls_rand_seed(void) @@ -465,7 +465,7 @@ void tls_rand_seed(void) data.gid = getgid(); data.egid = getegid(); - RAND_seed((const void *)&data, sizeof data); + RAND_seed((const void *)&data, sizeof(data)); tls_rand_seed_uniquely(); } @@ -543,7 +543,7 @@ tls_get_x509_subject_name_oneline(X509 *cert, name = X509_get_subject_name(cert); /* does not increment any reference * counter */ - assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */ + assert(sizeof(namestring->str) >= 4); /* "?" or "...", plus 0 */ if (name == NULL) { namestring->str[0] = '?'; @@ -551,12 +551,12 @@ tls_get_x509_subject_name_oneline(X509 *cert, } else { size_t len; - X509_NAME_oneline(name, namestring->str, sizeof namestring->str); + X509_NAME_oneline(name, namestring->str, sizeof(namestring->str)); len = strlen(namestring->str); assert(namestring->str[len] == 0); - assert(len < sizeof namestring->str); + assert(len < sizeof(namestring->str)); - if (len + 1 == sizeof namestring->str) { + if (len + 1 == sizeof(namestring->str)) { /* * (Probably something was cut off.) Does not really work -- * X509_NAME_oneline truncates after name components, we cannot @@ -617,7 +617,7 @@ void tls_set_dhe1024(int i, void *apparg) tls_init(apparg); if (i >= 0) { - i %= sizeof seed / sizeof seed[0]; + i %= sizeof(seed) / sizeof(seed[0]); assert(strlen(seed[i]) == 20); memcpy(seedbuf, seed[i], 20); dsaparams = @@ -711,7 +711,7 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) if ((a.ca_file != NULL) || (a.verify_depth > 0)) { context_num++; r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num, - (unsigned int)sizeof context_num); + (unsigned int)sizeof(context_num)); if (!r) goto err; @@ -762,7 +762,7 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) if (tls_dhe1024 == NULL) { int i; - if (RAND_bytes((unsigned char *)&i, sizeof i) <= 0) + if (RAND_bytes((unsigned char *)&i, sizeof(i)) <= 0) goto err_return; /* * make sure that i is non-negative -- pick one of the provided @@ -955,11 +955,11 @@ static void write_info(SSL *ssl, int *info_fd) /* should not happen, but make sure */ *strchr(peer.str, '\n') = '\0'; } - r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok, + r = snprintf(infobuf, sizeof(infobuf), "%c:%s\n%s\n", v_ok, X509_verify_cert_error_string(v), peer.str); DEBUG_MSG2("snprintf", r); - if (r == -1 || r >= sizeof infobuf) - r = sizeof infobuf - 1; + if (r == -1 || r >= sizeof(infobuf)) + r = sizeof(infobuf) - 1; write(*info_fd, infobuf, r); close(*info_fd); *info_fd = -1; @@ -1082,7 +1082,7 @@ tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p) if (!closed) { if (clear_to_tls.offset + clear_to_tls.len < - sizeof clear_to_tls.buf) { + sizeof(clear_to_tls.buf)) { r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select, &closed, &progress); if (r != 0) @@ -1096,7 +1096,7 @@ tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p) if (!closed && !in_handshake) { if (tls_to_clear.offset + tls_to_clear.len < - sizeof tls_to_clear.buf) { + sizeof(tls_to_clear.buf)) { r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1); @@ -1231,13 +1231,13 @@ tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, DEBUG_MSG("tls_read_attempt"); total = buf->offset + buf->len; - assert(total < sizeof buf->buf); - n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total); + assert(total < sizeof(buf->buf)); + n = SSL_read(ssl, buf->buf + total, sizeof(buf->buf) - total); DEBUG_MSG2("SSL_read", n); r = tls_get_error(ssl, n, write_select, read_select, closed, progress); if (n > 0) { buf->len += n; - assert(buf->offset + buf->len <= sizeof buf->buf); + assert(buf->offset + buf->len <= sizeof(buf->buf)); } if (r == -1) *err_pref = " during SSL_read"; @@ -1297,13 +1297,13 @@ read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, DEBUG_MSG("read_attempt"); total = buf->offset + buf->len; - assert(total < sizeof buf->buf); - n = read(fd, buf->buf + total, (sizeof buf->buf) - total); + assert(total < sizeof(buf->buf)); + n = read(fd, buf->buf + total, sizeof(buf->buf) - total); DEBUG_MSG2("read", n); r = get_error(n, select, closed, progress); if (n > 0) { buf->len += n; - assert(buf->offset + buf->len <= sizeof buf->buf); + assert(buf->offset + buf->len <= sizeof(buf->buf)); } if (r == -1) tls_errprintf(1, tls_child_apparg, "read error: %s\n", diff --git a/demos/easy_tls/test.c b/demos/easy_tls/test.c index d1dd53d..3877370 100644 --- a/demos/easy_tls/test.c +++ b/demos/easy_tls/test.c @@ -78,7 +78,7 @@ int main(int argc, char *argv[]) if (client_p) { struct sockaddr_in addr; - size_t addr_len = sizeof addr; + size_t addr_len = sizeof(addr); addr.sin_family = AF_INET; assert(argc > 1); @@ -101,7 +101,7 @@ int main(int argc, char *argv[]) { int i = 1; - r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&i, sizeof i); + r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&i, sizeof(i)); if (r == -1) { perror("setsockopt"); exit(1); @@ -110,7 +110,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in addr; - size_t addr_len = sizeof addr; + size_t addr_len = sizeof(addr); if (argc > 1) sscanf(argv[1], "%d", &port); @@ -158,7 +158,7 @@ int main(int argc, char *argv[]) setvbuf(conn_in, NULL, _IOLBF, 256); setvbuf(conn_out, NULL, _IOLBF, 256); - while (fgets(buf, sizeof buf, stdin) != NULL) { + while (fgets(buf, sizeof(buf), stdin) != NULL) { if (buf[0] == 'W') { fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1), buf + 1); @@ -174,7 +174,7 @@ int main(int argc, char *argv[]) sscanf(buf + 1, "%d", &lines); do { - if (fgets(buf, sizeof buf, conn_in) == NULL) { + if (fgets(buf, sizeof(buf), conn_in) == NULL) { if (ferror(conn_in)) { fprintf(stderr, "ERROR\n"); exit(1); @@ -225,7 +225,7 @@ int main(int argc, char *argv[]) exit(1); } - r = read(infofd, infobuf, sizeof infobuf - 1); + r = read(infofd, infobuf, sizeof(infobuf) - 1); if (r > 0) { const char *info = infobuf; const char *eol; diff --git a/demos/engines/zencod/hw_zencod.c b/demos/engines/zencod/hw_zencod.c index daf0aef..dfbe7d1 100644 --- a/demos/engines/zencod/hw_zencod.c +++ b/demos/engines/zencod/hw_zencod.c @@ -1289,10 +1289,10 @@ static const EVP_MD engine_sha1_md = { engine_md_cleanup, /* dev_crypto_sha_cleanup */ EVP_PKEY_RSA_method, SHA_CBLOCK, - /* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */ + /* sizeof(EVP_MD *) + sizeof(SHA_CTX) */ sizeof(ZEN_MD_DATA) /* - * sizeof ( MD_CTX_DATA ) The message digest data structure ... + * sizeof(MD_CTX_DATA) The message digest data structure ... */ }; @@ -1315,10 +1315,10 @@ static const EVP_MD engine_md5_md = { engine_md_cleanup, /* dev_crypto_md5_cleanup */ EVP_PKEY_RSA_method, MD5_CBLOCK, - /* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */ + /* sizeof(EVP_MD *) + sizeof(MD5_CTX) */ sizeof(ZEN_MD_DATA) /* - * sizeof ( MD_CTX_DATA ) The message digest data structure ... + * sizeof(MD_CTX_DATA) The message digest data structure ... */ }; diff --git a/demos/spkigen.c b/demos/spkigen.c index c272a8c..9ccb34a 100644 --- a/demos/spkigen.c +++ b/demos/spkigen.c @@ -73,7 +73,7 @@ char *argv[]; fprintf(stderr, "please enter challenge string:"); fflush(stderr); buf[0] = '\0'; - fgets(buf, sizeof buf, stdin); + fgets(buf, sizeof(buf), stdin); i = strlen(buf); if (i > 0) buf[--i] = '\0'; diff --git a/demos/ssl/serv.cpp b/demos/ssl/serv.cpp index b142c75..bccce2b 100644 --- a/demos/ssl/serv.cpp +++ b/demos/ssl/serv.cpp @@ -87,7 +87,7 @@ void main () sa_serv.sin_port = htons (1111); /* Server Port number */ err = bind(listen_sd, (struct sockaddr*) &sa_serv, - sizeof (sa_serv)); CHK_ERR(err, "bind"); + sizeof(sa_serv)); CHK_ERR(err, "bind"); /* Receive a TCP connection. */ diff --git a/demos/state_machine/state_machine.c b/demos/state_machine/state_machine.c index 2ec196a..aca9cd8 100644 --- a/demos/state_machine/state_machine.c +++ b/demos/state_machine/state_machine.c @@ -106,7 +106,7 @@ void SSLStateMachine_print_error(SSLStateMachine * pMachine, while ((l = ERR_get_error())) { char buf[1024]; - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); fprintf(stderr, "Error %lx: %s\n", l, buf); } } @@ -114,7 +114,7 @@ void SSLStateMachine_print_error(SSLStateMachine * pMachine, SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile, const char *szKeyFile) { - SSLStateMachine *pMachine = malloc(sizeof *pMachine); + SSLStateMachine *pMachine = malloc(sizeof(*pMachine)); int n; die_unless(pMachine); @@ -252,15 +252,15 @@ int OpenSocket(int nPort) } if (setsockopt - (nSocket, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof one) < 0) { + (nSocket, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof(one)) < 0) { perror("setsockopt"); exit(2); } - memset(&saServer, 0, sizeof saServer); + memset(&saServer, 0, sizeof(saServer)); saServer.sin_family = AF_INET; saServer.sin_port = htons(nPort); - nSize = sizeof saServer; + nSize = sizeof(saServer); if (bind(nSocket, (struct sockaddr *)&saServer, nSize) < 0) { perror("bind"); exit(3); @@ -271,7 +271,7 @@ int OpenSocket(int nPort) exit(4); } - nLen = sizeof saClient; + nLen = sizeof(saClient); nFD = accept(nSocket, (struct sockaddr *)&saClient, &nLen); if (nFD < 0) { perror("accept"); @@ -343,7 +343,7 @@ int main(int argc, char **argv) /* Socket is ready for input */ if (FD_ISSET(nFD, &rfds)) { - n = read(nFD, buf, sizeof buf); + n = read(nFD, buf, sizeof(buf)); if (n == 0) { fprintf(stderr, "Got EOF on socket\n"); exit(0); @@ -360,7 +360,7 @@ int main(int argc, char **argv) nrbuf = 0; n = SSLStateMachine_read_extract(pMachine, buf + 1, - sizeof buf - 1); + sizeof(buf) - 1); if (n < 0) { SSLStateMachine_print_error(pMachine, "read extract failed"); break; @@ -382,7 +382,7 @@ int main(int argc, char **argv) if (FD_ISSET(nFD, &wfds)) { int w; - n = SSLStateMachine_write_extract(pMachine, buf, sizeof buf); + n = SSLStateMachine_write_extract(pMachine, buf, sizeof(buf)); assert(n > 0); w = write(nFD, buf, n); @@ -392,7 +392,7 @@ int main(int argc, char **argv) /* Stdin is ready for input */ if (FD_ISSET(0, &rfds)) { - n = read(0, buf, sizeof buf); + n = read(0, buf, sizeof(buf)); if (n == 0) { fprintf(stderr, "Got EOF on stdin\n"); exit(0); diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index cc26bf4..8d94ecb 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -424,6 +424,10 @@ versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value B<no>, especially if combined with the B<-selfsign> command line option. +Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate. + =item B<serial> a text file containing the next serial number to use in hex. Mandatory. diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod index ba2f3b9..9482095 100644 --- a/doc/apps/ecparam.pod +++ b/doc/apps/ecparam.pod @@ -86,8 +86,8 @@ currently implemented EC parameters names and exit. =item B<-conv_form> This specifies how the points on the elliptic curve are converted -into octet strings. Possible values are: B<compressed> (the default -value), B<uncompressed> and B<hybrid>. For more information regarding +into octet strings. Possible values are: B<compressed>, B<uncompressed> (the +default value) and B<hybrid>. For more information regarding the point conversion forms please read the X9.62 standard. B<Note> Due to patent issues the B<compressed> option is disabled by default for binary curves and can be enabled by defining diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index d9413a0..d2cad29 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -250,7 +250,7 @@ use the server's cipher preferences; only used for SSLV2. send the protocol-specific message(s) to switch to TLS for communication. B<protocol> is a keyword for the intended protocol. Currently, the only -supported keywords are "smtp", "pop3", "imap", and "ftp". +supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp". =item B<-tlsextdebug> diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index 321d5ac..2516718 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -15,7 +15,7 @@ B<openssl> B<verify> [B<-ignore_critical>] [B<-attime timestamp>] [B<-check_ss_sig>] -[B<-crlfile file>] +[B<-CRLfile file>] [B<-crl_download>] [B<-crl_check>] [B<-crl_check_all>] @@ -69,7 +69,7 @@ current system time. B<timestamp> is the number of seconds since Verify the signature on the self-signed root CA. This is disabled by default because it doesn't add any security. -=item B<-crlfile file> +=item B<-CRLfile file> File containing one or more CRL's (in PEM format) to load. diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index d506258..408a5c6 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -225,8 +225,11 @@ non-zero if yes it will expire or zero if not. =item B<-fingerprint> -prints out the digest of the DER encoded version of the whole certificate -(see digest options). +Calculates and outputs the digest of the DER encoded version of the entire +certificate (see digest options). +This is commonly called a "fingerprint". Because of the nature of message +digests, the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same. =item B<-C> @@ -674,10 +677,6 @@ supporting UTF8: openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb -Display the certificate MD5 fingerprint: - - openssl x509 -in cert.pem -noout -fingerprint - Display the certificate SHA1 fingerprint: openssl x509 -sha1 -in cert.pem -noout -fingerprint @@ -731,13 +730,6 @@ T61Strings use the ISO8859-1 character set. This is wrong but Netscape and MSIE do this as do many certificates. So although this is incorrect it is more likely to display the majority of certificates correctly. -The B<-fingerprint> option takes the digest of the DER encoded certificate. -This is commonly called a "fingerprint". Because of the nature of message -digests the fingerprint of a certificate is unique to that certificate and -two certificates with the same fingerprint can be considered to be the same. - -The Netscape fingerprint uses MD5 whereas MSIE uses SHA1. - The B<-email> option searches the subject name and the subject alternative name extension. Only unique email addresses will be printed out: it will not print the same address more than once. diff --git a/doc/crypto/ASN1_STRING_length.pod b/doc/crypto/ASN1_STRING_length.pod index f651e4f..4ea6e8c 100644 --- a/doc/crypto/ASN1_STRING_length.pod +++ b/doc/crypto/ASN1_STRING_length.pod @@ -66,8 +66,8 @@ utility functions should be used instead. In general it cannot be assumed that the data returned by ASN1_STRING_data() is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example -for and IA5String the data will be ASCII, for a BMPString two bytes per -character in big endian format, UTF8String will be in UTF8 format. +for an IA5String the data will be ASCII, for a BMPString two bytes per +character in big endian format, and for an UTF8String it will be in UTF8 format. Similar care should be take to ensure the data is in the correct format when calling ASN1_STRING_set(). diff --git a/doc/crypto/BIO_s_mem.pod b/doc/crypto/BIO_s_mem.pod index 9f23964..7663d8b 100644 --- a/doc/crypto/BIO_s_mem.pod +++ b/doc/crypto/BIO_s_mem.pod @@ -50,14 +50,14 @@ zero then it will return B<v> when it is empty and it will set the read retry flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal positive return value B<v> should be set to a negative value, typically -1. -BIO_get_mem_data() sets B<pp> to a pointer to the start of the memory BIOs data +BIO_get_mem_data() sets *B<pp> to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro. BIO_set_mem_buf() sets the internal BUF_MEM structure to B<bm> and sets the close flag to B<c>, that is B<c> should be either BIO_CLOSE or BIO_NOCLOSE. It is a macro. -BIO_get_mem_ptr() places the underlying BUF_MEM structure in B<pp>. It is +BIO_get_mem_ptr() places the underlying BUF_MEM structure in *B<pp>. It is a macro. BIO_new_mem_buf() creates a memory BIO using B<len> bytes of data at B<buf>, diff --git a/doc/crypto/BN_zero.pod b/doc/crypto/BN_zero.pod index b555ec3..8aa9c14 100644 --- a/doc/crypto/BN_zero.pod +++ b/doc/crypto/BN_zero.pod @@ -14,34 +14,37 @@ operations const BIGNUM *BN_value_one(void); - int BN_set_word(BIGNUM *a, unsigned long w); - unsigned long BN_get_word(BIGNUM *a); + int BN_set_word(BIGNUM *a, BN_ULONG w); + BN_ULONG BN_get_word(BIGNUM *a); =head1 DESCRIPTION +B<BN_ULONG> is a macro that will be an unsigned integral type optimied +for the most efficient implementation on the local platform. + BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and B<w> respectively. BN_zero() and BN_one() are macros. BN_value_one() returns a B<BIGNUM> constant of value 1. This constant is useful for use in comparisons and assignment. -BN_get_word() returns B<a>, if it can be represented as an unsigned -long. +BN_get_word() returns B<a>, if it can be represented as a B<BN_ULONG>. =head1 RETURN VALUES -BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot -be represented as an unsigned long. +BN_get_word() returns the value B<a>, or all-bits-set if B<a> cannot +be represented as a B<BN_ULONG>. BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise. BN_value_one() returns the constant. =head1 BUGS -Someone might change the constant. +If a B<BIGNUM> is equal to the value of all-bits-set, it will collide +with the error condition returned by BN_get_word() which uses that +as an error value. -If a B<BIGNUM> is equal to 0xffffffffL it can be represented as an -unsigned long but this value is also returned on error. +B<BN_ULONG> should probably be a typedef. =head1 SEE ALSO diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index 4cd24d7..4973f0a 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -38,38 +38,38 @@ EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); + ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv, int enc); + const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 44792f9..10399ec 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -203,6 +203,27 @@ chain found is not trusted, then OpenSSL will continue to check to see if an alternative chain can be found that is trusted. With this flag set the behaviour will match that of OpenSSL versions prior to 1.0.2b. +The B<X509_V_FLAG_TRUSTED_FIRST> flag causes chain construction to look for +issuers in the trust store before looking at the untrusted certificates +provided as part of the the peer chain. +Though it is not on by default in OpenSSL 1.0.2, applications should generally +set this flag. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important When some certificates in the trust store have +explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>). + +The B<X509_V_FLAG_PARTIAL_CHAIN> flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root CA certificates. +This makes it possible to trust certificates issued by an intermediate CA +without having to trust its ancestor root CA. +With OpenSSL 1.0.2, chain construction continues as long as there are +additional trusted issuers in the trust store, and the last trusted issuer +becomes the trust-anchor. +Thus, even when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may still be anchored by a root CA. + =head1 NOTES The above functions should be used to manipulate verification parameters @@ -235,7 +256,8 @@ connections associated with an B<SSL_CTX> structure B<ctx>: L<X509_verify_cert(3)|X509_verify_cert(3)>, L<X509_check_host(3)|X509_check_host(3)>, L<X509_check_email(3)|X509_check_email(3)>, -L<X509_check_ip(3)|X509_check_ip(3)> +L<X509_check_ip(3)|X509_check_ip(3)>, +L<x509(1)|x509(1)> =head1 HISTORY diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod index dc0e939..30c19b8 100644 --- a/doc/crypto/threads.pod +++ b/doc/crypto/threads.pod @@ -63,9 +63,13 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support =head1 DESCRIPTION -OpenSSL can safely be used in multi-threaded applications provided -that at least two callback functions are set, locking_function and +OpenSSL can generally be used safely in multi-threaded applications provided +that at least two callback functions are set, the locking_function and threadid_func. +Note that OpenSSL is not completely thread-safe, and unfortunately not all +global resources have the necessary locks. +Further, the thread-safety does not extend to things like multiple threads +using the same B<SSL> object at the same time. locking_function(int mode, int n, const char *file, int line) is needed to perform locking on shared data structures. diff --git a/engines/ccgost/README.gost b/engines/ccgost/README.gost index c96cccc..80f7900 100644 --- a/engines/ccgost/README.gost +++ b/engines/ccgost/README.gost @@ -193,7 +193,7 @@ Russian clients and RSA/DSA ciphersuites for foreign clients. openssl dgst -mac gost-mac -macopt key:<32 bytes of key> datafile - Note absense of an option that specifies digest algorithm. gost-mac + Note absence of an option that specifies digest algorithm. gost-mac algorithm supports only one digest (which is actually part of implementation of this mac) and OpenSSL is clever enough to find out this. @@ -216,8 +216,8 @@ openssl pksc12 -export -inkey gost.pem -in gost_cert.pem -keypbe gost89\ 7. Testing speed of symmetric ciphers. To test performance of GOST symmetric ciphers you should use -evp switch -of the openssl speed command. Engine-provided ciphers couldn't be -accessed by cipher-specific functions, only via generic evp interface +of the openssl speed command. Engine-provided ciphers can be accessed only via +generic evp interface and not by cipher-specific functions. openssl speed -evp gost89 openssl speed -evp gost89-cnt @@ -225,7 +225,7 @@ accessed by cipher-specific functions, only via generic evp interface PROGRAMMING INTERFACES DETAILS -Applications never should access engine directly. They only use provided +Applications should never access engine directly. They should only use provided EVP_PKEY API. But there are some details, which should be taken into account. @@ -281,12 +281,11 @@ If UKM is not set by this control command, encrypt operation would generate random UKM. -This sources include implementation of GOST 28147-89 and GOST R 34.11-94 -which are completely indepentent from OpenSSL and can be used separately -(files gost89.c, gost89.h, gosthash.c, gosthash.h) Utility gostsum (file -gostsum.c) is provided as example of such separate usage. This is -program, simular to md5sum and sha1sum utilities, but calculates GOST R -34.11-94 hash. +These sources include implementation of GOST 28147-89 and GOST R 34.11-94 +which are completely independent from OpenSSL and can be used separately +(files gost89.c, gost89.h, gosthash.c, gosthash.h). Utility gostsum (file +gostsum.c) is provided as an example of such separate usage. This program is +similar to md5sum and sha1sum utilities, but calculates GOST R 34.11-94 hash. Makefile doesn't include rule for compiling gostsum. Use command diff --git a/engines/ccgost/gost_eng.c b/engines/ccgost/gost_eng.c index 5924791..ea52c4d 100644 --- a/engines/ccgost/gost_eng.c +++ b/engines/ccgost/gost_eng.c @@ -157,10 +157,6 @@ static int bind_gost(ENGINE *e, const char *id) return ret; } -#ifndef OPENSSL_NO_DYNAMIC_ENGINE -IMPLEMENT_DYNAMIC_BIND_FN(bind_gost) - IMPLEMENT_DYNAMIC_CHECK_FN() -#endif /* ndef OPENSSL_NO_DYNAMIC_ENGINE */ static int gost_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) { @@ -278,4 +274,7 @@ void ENGINE_load_gost(void) ENGINE_free(toadd); ERR_clear_error(); } +#else +IMPLEMENT_DYNAMIC_BIND_FN(bind_gost) +IMPLEMENT_DYNAMIC_CHECK_FN() #endif diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 6a324e6..7d136ff 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -494,7 +494,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; } /* Prepare the key-data */ - memset(&keydata, 0, sizeof keydata); + memset(&keydata, 0, sizeof(keydata)); numbytes = BN_num_bytes(m); memset(exponent->d, 0, numbytes); memset(modulus->d, 0, numbytes); diff --git a/openssl.spec b/openssl.spec index b5cb87e..7130564 100644 --- a/openssl.spec +++ b/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2n +Version: 1.0.2o Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/ssl/Makefile b/ssl/Makefile index 7866a3c..b0a4ee8 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -269,7 +269,7 @@ d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c d1_srvr.o: ssl_locl.h -kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h +kssl.o: ../crypto/o_time.h ../include/openssl/asn1.h ../include/openssl/bio.h kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h kssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h kssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h diff --git a/ssl/bad_dtls_test.c b/ssl/bad_dtls_test.c index 34af37d..ff754e1 100644 --- a/ssl/bad_dtls_test.c +++ b/ssl/bad_dtls_test.c @@ -19,7 +19,7 @@ * Note that unlike other SSL tests, we don't test against our own SSL * server method. Firstly because we don't have one; we *only* support * DTLS1_BAD_VER as a client. And secondly because even if that were - * fixed up it's the wrong thing to test against — because if changes + * fixed up it's the wrong thing to test against - because if changes * are made in generic DTLS code which don't take DTLS1_BAD_VER into * account, there's plenty of scope for making those changes such that * they break *both* the client and the server in the same way. diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index debd4fd..95b5033 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -126,9 +126,9 @@ int dtls1_new(SSL *s) if (!ssl3_new(s)) return (0); - if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) + if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL) return (0); - memset(d1, 0, sizeof *d1); + memset(d1, 0, sizeof(*d1)); /* d1->handshake_epoch=0; */ diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 10586fe..f5deddf 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -4,7 +4,7 @@ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -706,8 +706,11 @@ int dtls1_get_record(SSL *s) n2s(p, rr->length); - /* Lets check version */ - if (!s->first_packet) { + /* + * Lets check the version. We tolerate alerts that don't have the exact + * version number (e.g. because of protocol version errors) + */ + if (!s->first_packet && rr->type != SSL3_RT_ALERT) { if (version != s->version) { /* unexpected version, silently discard */ rr->length = 0; @@ -1061,7 +1064,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) unsigned int *dest_len = NULL; if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof s->d1->handshake_fragment; + dest_maxlen = sizeof(s->d1->handshake_fragment); dest = s->d1->handshake_fragment; dest_len = &s->d1->handshake_fragment_len; } else if (rr->type == SSL3_RT_ALERT) { @@ -1202,6 +1205,24 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) goto start; } + /* + * If we are a server and get a client hello when renegotiation isn't + * allowed send back a no renegotiation alert and carry on. + */ + if (s->server + && SSL_is_init_finished(s) + && !s->s3->send_connection_binding + && s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH + && s->d1->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO + && s->s3->previous_client_finished_len != 0 + && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) { + s->d1->handshake_fragment_len = 0; + rr->length = 0; + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + goto start; + } + + if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { int alert_level = s->d1->alert_fragment[0]; int alert_descr = s->d1->alert_fragment[1]; @@ -1286,7 +1307,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->s3->fatal_alert = alert_descr; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); + BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); diff --git a/ssl/fatalerrtest.c b/ssl/fatalerrtest.c index 0288c33..f9d66e2 100644 --- a/ssl/fatalerrtest.c +++ b/ssl/fatalerrtest.c @@ -13,8 +13,8 @@ int main(int argc, char *argv[]) { - SSL_CTX *sctx, *cctx; - SSL *sssl, *cssl; + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *sssl = NULL, *cssl = NULL; const char *msg = "Dummy"; BIO *err = NULL, *wbio = NULL; int ret = 1, len; @@ -76,7 +76,7 @@ int main(int argc, char *argv[]) } /* SSL_read()/SSL_write should fail because of a previous fatal error */ - if ((len = SSL_read(sssl, buf, sizeof(buf - 1))) > 0) { + if ((len = SSL_read(sssl, buf, sizeof(buf) - 1)) > 0) { buf[len] = '\0'; printf("Unexpected success reading data: %s\n", buf); goto err; @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -78,6 +78,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/krb5_asn.h> +#include "o_time.h" #include "kssl_lcl.h" #ifndef OPENSSL_NO_KRB5 @@ -2026,6 +2027,8 @@ krb5_error_code kssl_check_authent( int outl, unencbufsize; struct tm tm_time, *tm_l, *tm_g; time_t now, tl, tg, tr, tz_offset; + struct tm gmt_result = {0}; + struct tm lt_result = {0}; EVP_CIPHER_CTX_init(&ciph_ctx); *atimep = 0; @@ -2082,7 +2085,7 @@ krb5_error_code kssl_check_authent( } # endif enc = kssl_map_enc(enctype); - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ if (enc == NULL) { /* @@ -2140,9 +2143,17 @@ krb5_error_code kssl_check_authent( if (k_gmtime(auth->ctime, &tm_time) && ((tr = mktime(&tm_time)) != (time_t)(-1))) { now = time(&now); + tm_g = OPENSSL_gmtime(&now, &gmt_result); + +# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \ + !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \ + (!defined(OPENSSL_SYS_VMS) || defined(localtime_r)) + tm_l = localtime_r(&now, <_result); +# else tm_l = localtime(&now); +# endif + tl = mktime(tm_l); - tm_g = gmtime(&now); tg = mktime(tm_g); tz_offset = tg - tl; diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c index d3f6db1..d2017e7 100644 --- a/ssl/s23_srvr.c +++ b/ssl/s23_srvr.c @@ -268,8 +268,8 @@ int ssl23_get_client_hello(SSL *s) if (!ssl3_setup_buffers(s)) goto err; - n = ssl23_read_bytes(s, sizeof buf_space); - if (n != sizeof buf_space) + n = ssl23_read_bytes(s, sizeof(buf_space)); + if (n != sizeof(buf_space)) return (n); /* n == -1 || n == 0 */ p = s->packet; diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c index 20de1a8..3a8345b 100644 --- a/ssl/s2_clnt.c +++ b/ssl/s2_clnt.c @@ -523,7 +523,7 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length = s->s2->tmp.conn_id_length; - if (s->s2->conn_id_length > sizeof s->s2->conn_id) { + if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); return -1; @@ -708,7 +708,7 @@ static int client_finished(SSL *s) if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) { p = (unsigned char *)s->init_buf->data; *(p++) = SSL2_MT_CLIENT_FINISHED; - if (s->s2->conn_id_length > sizeof s->s2->conn_id) { + if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) { SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); return -1; } @@ -981,7 +981,7 @@ static int get_server_finished(SSL *s) } else { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { if ((s->session->session_id_length > - sizeof s->session->session_id) + sizeof(s->session->session_id)) || (0 != memcmp(buf + 1, s->session->session_id, (unsigned int)s->session->session_id_length))) { diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c index 23eef72..0115d20 100644 --- a/ssl/s2_enc.c +++ b/ssl/s2_enc.c @@ -99,7 +99,7 @@ int ssl2_enc_init(SSL *s, int client) num = c->key_len; s->s2->key_material_length = num * 2; - OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material); + OPENSSL_assert(s->s2->key_material_length <= sizeof(s->s2->key_material)); if (ssl2_generate_key_material(s) <= 0) return 0; diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index cc13603..f03fe69 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -326,9 +326,9 @@ int ssl2_new(SSL *s) { SSL2_STATE *s2; - if ((s2 = OPENSSL_malloc(sizeof *s2)) == NULL) + if ((s2 = OPENSSL_malloc(sizeof(*s2))) == NULL) goto err; - memset(s2, 0, sizeof *s2); + memset(s2, 0, sizeof(*s2)); # if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2 # error "assertion failed" @@ -371,7 +371,7 @@ void ssl2_free(SSL *s) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - OPENSSL_cleanse(s2, sizeof *s2); + OPENSSL_cleanse(s2, sizeof(*s2)); OPENSSL_free(s2); s->s2 = NULL; } @@ -386,7 +386,7 @@ void ssl2_clear(SSL *s) rbuf = s2->rbuf; wbuf = s2->wbuf; - memset(s2, 0, sizeof *s2); + memset(s2, 0, sizeof(*s2)); s2->rbuf = rbuf; s2->wbuf = wbuf; diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index d3b243c..c301611 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -724,7 +724,7 @@ static int get_client_hello(SSL *s) p += s->s2->tmp.session_id_length; /* challenge */ - if (s->s2->challenge_length > sizeof s->s2->challenge) { + if (s->s2->challenge_length > sizeof(s->s2->challenge)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); return -1; @@ -872,7 +872,7 @@ static int get_client_finished(SSL *s) } /* SSL2_ST_GET_CLIENT_FINISHED_B */ - if (s->s2->conn_id_length > sizeof s->s2->conn_id) { + if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); return -1; @@ -903,7 +903,7 @@ static int server_verify(SSL *s) if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) { p = (unsigned char *)s->init_buf->data; *(p++) = SSL2_MT_SERVER_VERIFY; - if (s->s2->challenge_length > sizeof s->s2->challenge) { + if (s->s2->challenge_length > sizeof(s->s2->challenge)) { SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR); return -1; } @@ -925,7 +925,7 @@ static int server_finish(SSL *s) p = (unsigned char *)s->init_buf->data; *(p++) = SSL2_MT_SERVER_FINISHED; - if (s->session->session_id_length > sizeof s->session->session_id) { + if (s->session->session_id_length > sizeof(s->session->session_id)) { SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR); return -1; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 5b8b2da..bd0929d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -984,7 +984,7 @@ int ssl3_get_server_hello(SSL *s) /* get the session-id */ j = *(p++); - if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { + if ((j > sizeof(s->session->session_id)) || (j > SSL3_SESSION_ID_SIZE)) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; @@ -2561,16 +2561,16 @@ int ssl3_send_client_key_exchange(SSL *s) tmp_buf[0] = s->client_version >> 8; tmp_buf[1] = s->client_version & 0xff; - if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) + if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0) goto err; - s->session->master_key_length = sizeof tmp_buf; + s->session->master_key_length = sizeof(tmp_buf); q = p; /* Fix buf for TLS and beyond */ if (s->version > SSL3_VERSION) p += 2; - n = RSA_public_encrypt(sizeof tmp_buf, + n = RSA_public_encrypt(sizeof(tmp_buf), tmp_buf, p, rsa, RSA_PKCS1_PADDING); # ifdef PKCS1_CHECK if (s->options & SSL_OP_PKCS1_CHECK_1) @@ -2595,8 +2595,8 @@ int ssl3_send_client_key_exchange(SSL *s) s-> session->master_key, tmp_buf, - sizeof tmp_buf); - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); + sizeof(tmp_buf)); + OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf)); } #endif #ifndef OPENSSL_NO_KRB5 @@ -2688,7 +2688,7 @@ int ssl3_send_client_key_exchange(SSL *s) tmp_buf[0] = s->client_version >> 8; tmp_buf[1] = s->client_version & 0xff; - if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) + if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0) goto err; /*- @@ -2699,13 +2699,13 @@ int ssl3_send_client_key_exchange(SSL *s) * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); */ - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf, - sizeof tmp_buf); + sizeof(tmp_buf)); EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); outl += padl; - if (outl > (int)sizeof epms) { + if (outl > (int)sizeof(epms)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; @@ -2723,9 +2723,9 @@ int ssl3_send_client_key_exchange(SSL *s) s-> session->master_key, tmp_buf, - sizeof tmp_buf); + sizeof(tmp_buf)); - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); + OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf)); OPENSSL_cleanse(epms, outl); } #endif diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 1014a3f..7e27dae 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3018,9 +3018,9 @@ int ssl3_new(SSL *s) { SSL3_STATE *s3; - if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) + if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL) goto err; - memset(s3, 0, sizeof *s3); + memset(s3, 0, sizeof(*s3)); memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); @@ -3078,7 +3078,7 @@ void ssl3_free(SSL *s) #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); #endif - OPENSSL_cleanse(s->s3, sizeof *s->s3); + OPENSSL_cleanse(s->s3, sizeof(*s->s3)); OPENSSL_free(s->s3); s->s3 = NULL; } @@ -3142,7 +3142,7 @@ void ssl3_clear(SSL *s) s->s3->alpn_selected = NULL; } #endif - memset(s->s3, 0, sizeof *s->s3); + memset(s->s3, 0, sizeof(*s->s3)); s->s3->rbuf.buf = rp; s->s3->wbuf.buf = wp; s->s3->rbuf.len = rlen; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index b914568..6527df8 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1096,10 +1096,9 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, int i; SSL3_BUFFER *wb = &(s->s3->wbuf); -/* XXXX */ if ((s->s3->wpend_tot > (int)len) - || ((s->s3->wpend_buf != buf) && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) + || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) + && (s->s3->wpend_buf != buf)) || (s->s3->wpend_type != type)) { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); return (-1); @@ -1314,11 +1313,11 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) unsigned int *dest_len = NULL; if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof s->s3->handshake_fragment; + dest_maxlen = sizeof(s->s3->handshake_fragment); dest = s->s3->handshake_fragment; dest_len = &s->s3->handshake_fragment_len; } else if (rr->type == SSL3_RT_ALERT) { - dest_maxlen = sizeof s->s3->alert_fragment; + dest_maxlen = sizeof(s->s3->alert_fragment); dest = s->s3->alert_fragment; dest_len = &s->s3->alert_fragment_len; } @@ -1421,26 +1420,25 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) */ goto start; } + /* * If we are a server and get a client hello when renegotiation isn't - * allowed send back a no renegotiation alert and carry on. WARNING: - * experimental code, needs reviewing (steve) + * allowed send back a no renegotiation alert and carry on. */ - if (s->server && - SSL_is_init_finished(s) && - !s->s3->send_connection_binding && - (s->version > SSL3_VERSION) && - (s->s3->handshake_fragment_len >= 4) && - (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL) && - !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { - /* - * s->s3->handshake_fragment_len = 0; - */ + if (s->server + && SSL_is_init_finished(s) + && !s->s3->send_connection_binding + && s->version > SSL3_VERSION + && s->s3->handshake_fragment_len >= SSL3_HM_HEADER_LENGTH + && s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO + && s->s3->previous_client_finished_len != 0 + && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) { + s->s3->handshake_fragment_len = 0; rr->length = 0; ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); goto start; } + if (s->s3->alert_fragment_len >= 2) { int alert_level = s->s3->alert_fragment[0]; int alert_descr = s->s3->alert_fragment[1]; @@ -1498,7 +1496,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->rwstate = SSL_NOTHING; s->s3->fatal_alert = alert_descr; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); + BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 0fb4845..96d973c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2510,7 +2510,7 @@ int ssl3_get_client_key_exchange(SSL *s) /* * Note that the length is checked again below, ** after decryption */ - if (enc_pms.length > sizeof pms) { + if (enc_pms.length > sizeof(pms)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); goto err; @@ -2563,7 +2563,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (enc == NULL) goto err; - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 155728d..363d2b2 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -636,13 +636,13 @@ SESS_CERT *ssl_sess_cert_new(void) { SESS_CERT *ret; - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof *ret); + memset(ret, 0, sizeof(*ret)); ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; @@ -1018,15 +1018,15 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, char buf[1024]; int r; - if (strlen(dir) + strlen(filename) + 2 > sizeof buf) { + if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) { SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, SSL_R_PATH_TOO_LONG); goto err; } #ifdef OPENSSL_SYS_VMS - r = BIO_snprintf(buf, sizeof buf, "%s%s", dir, filename); + r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename); #else - r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename); + r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename); #endif if (r <= 0 || r >= (int)sizeof(buf)) goto err; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3539f4b..3a6c1b1 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -343,7 +343,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_depth = ctx->verify_depth; #endif s->sid_ctx_length = ctx->sid_ctx_length; - OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); + OPENSSL_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)); memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); s->verify_callback = ctx->default_verify_callback; s->generate_session_id = ctx->generate_session_id; @@ -437,7 +437,7 @@ SSL *SSL_new(SSL_CTX *ctx) int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if (sid_ctx_len > sizeof ctx->sid_ctx) { + if (sid_ctx_len > sizeof(ctx->sid_ctx)) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; @@ -490,7 +490,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, */ SSL_SESSION r, *p; - if (id_len > sizeof r.session_id) + if (id_len > sizeof(r.session_id)) return 0; r.ssl_version = ssl->version; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 23dd3e7..6a5ad53 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -529,7 +529,7 @@ int ssl_get_new_session(SSL *s, int session) ss->session_id_length = 0; } - if (s->sid_ctx_length > sizeof ss->sid_ctx) { + if (s->sid_ctx_length > sizeof(ss->sid_ctx)) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; @@ -870,9 +870,9 @@ void SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); - OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); - OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); + OPENSSL_cleanse(ss->key_arg, sizeof(ss->key_arg)); + OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key)); + OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id)); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index f6a8f19..b861e49 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1102,7 +1102,7 @@ int main(int argc, char *argv[]) } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); @@ -1673,9 +1673,9 @@ int main(int argc, char *argv[]) { int session_id_context = 0; SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, - sizeof session_id_context); + sizeof(session_id_context)); SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context, - sizeof session_id_context); + sizeof(session_id_context)); } /* Use PSK only if PSK key is given */ @@ -1861,9 +1861,9 @@ int main(int argc, char *argv[]) if (c_ssl && c_ssl->kssl_ctx) { char localhost[MAXHOSTNAMELEN + 2]; - if (gethostname(localhost, sizeof localhost - 1) == 0) { - localhost[sizeof localhost - 1] = '\0'; - if (strlen(localhost) == sizeof localhost - 1) { + if (gethostname(localhost, sizeof(localhost) - 1) == 0) { + localhost[sizeof(localhost) - 1] = '\0'; + if (strlen(localhost) == sizeof(localhost) - 1) { BIO_printf(bio_err, "localhost name too long\n"); goto end; } @@ -2041,8 +2041,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (cw_num > 0) { /* Write to server. */ - if (cw_num > (long)sizeof cbuf) - i = sizeof cbuf; + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); else i = (int)cw_num; r = BIO_write(c_ssl_bio, cbuf, i); @@ -2118,8 +2118,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (sw_num > 0) { /* Write to client. */ - if (sw_num > (long)sizeof sbuf) - i = sizeof sbuf; + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); else i = (int)sw_num; r = BIO_write(s_ssl_bio, sbuf, i); @@ -2630,7 +2630,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) char *s, buf[256]; s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, - sizeof buf); + sizeof(buf)); if (s != NULL) { if (ok) fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index b6d1ee9..50491ff 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -972,7 +972,7 @@ int tls1_final_finish_mac(SSL *s, int hashsize = EVP_MD_size(md); EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; if (!hdgst || hashsize < 0 - || hashsize > (int)(sizeof buf - (size_t)(q - buf))) { + || hashsize > (int)(sizeof(buf) - (size_t)(q - buf))) { /* * internal error: 'buf' is too small for this cipersuite! */ @@ -990,7 +990,7 @@ int tls1_final_finish_mac(SSL *s, if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0, s->session->master_key, s->session->master_key_length, - out, buf2, sizeof buf2)) + out, buf2, sizeof(buf2))) err = 1; EVP_MD_CTX_cleanup(&ctx); @@ -999,7 +999,7 @@ int tls1_final_finish_mac(SSL *s, if (err) return 0; else - return sizeof buf2; + return sizeof(buf2); } int tls1_mac(SSL *ssl, unsigned char *md, int send) @@ -1165,8 +1165,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s->s3->client_random, SSL3_RANDOM_SIZE, co, col, s->s3->server_random, SSL3_RANDOM_SIZE, - so, sol, p, len, s->session->master_key, buff, sizeof buff); - OPENSSL_cleanse(buff, sizeof buff); + so, sol, p, len, s->session->master_key, buff, sizeof(buff)); + OPENSSL_cleanse(buff, sizeof(buff)); #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); BIO_dump_fp(stderr, (char *)p, len); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 1a4387b..75c2f41 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -2284,8 +2284,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; - int ecpointformatlist_length = *(sdata++); + int ecpointformatlist_length; + if (size == 0) + goto err; + + ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1 || ecpointformatlist_length < 1) goto err; @@ -2711,8 +2715,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; - int ecpointformatlist_length = *(sdata++); + int ecpointformatlist_length; + + if (size == 0) { + *al = TLS1_AD_DECODE_ERROR; + return 0; + } + ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1) { *al = TLS1_AD_DECODE_ERROR; return 0; @@ -3505,6 +3515,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, EVP_CIPHER_CTX ctx; SSL_CTX *tctx = s->initial_ctx; + /* Need at least keyname + iv */ + if (eticklen < 16 + EVP_MAX_IV_LENGTH) + return 2; + /* Initialize session ticket encryption and HMAC contexts */ HMAC_CTX_init(&hctx); EVP_CIPHER_CTX_init(&ctx); @@ -3513,9 +3527,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, &ctx, &hctx, 0); if (rv < 0) - return -1; - if (rv == 0) + goto err; + if (rv == 0) { + HMAC_CTX_cleanup(&hctx); + EVP_CIPHER_CTX_cleanup(&ctx); return 2; + } if (rv == 2) renew_ticket = 1; } else { diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index c5e21df..dc62df8 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1247,13 +1247,15 @@ void SSL_trace(int write_p, int version, int content_type, break; case SSL3_RT_ALERT: - if (msglen != 2) + if (msglen != 2) { BIO_puts(bio, " Illegal Alert Length\n"); - else { + } else { BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n", SSL_alert_type_string_long(msg[0] << 8), msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); } + break; + case TLS1_RT_HEARTBEAT: ssl_print_heartbeat(bio, 4, msg, msglen); break; diff --git a/test/igetest.c b/test/igetest.c index 08f361a..748685d 100644 --- a/test/igetest.c +++ b/test/igetest.c @@ -200,16 +200,16 @@ static int run_test_vectors(void) assert(v->length <= MAX_VECTOR_SIZE); if (v->encrypt == AES_ENCRYPT) - AES_set_encrypt_key(v->key, 8 * sizeof v->key, &key); + AES_set_encrypt_key(v->key, 8 * sizeof(v->key), &key); else - AES_set_decrypt_key(v->key, 8 * sizeof v->key, &key); - memcpy(iv, v->iv, sizeof iv); + AES_set_decrypt_key(v->key, 8 * sizeof(v->key), &key); + memcpy(iv, v->iv, sizeof(iv)); AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt); if (memcmp(v->out, buf, v->length)) { printf("IGE test vector %d failed\n", n); - hexdump(stdout, "key", v->key, sizeof v->key); - hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "key", v->key, sizeof(v->key)); + hexdump(stdout, "iv", v->iv, sizeof(v->iv)); hexdump(stdout, "in", v->in, v->length); hexdump(stdout, "expected", v->out, v->length); hexdump(stdout, "got", buf, v->length); @@ -218,14 +218,14 @@ static int run_test_vectors(void) } /* try with in == out */ - memcpy(iv, v->iv, sizeof iv); + memcpy(iv, v->iv, sizeof(iv)); memcpy(buf, v->in, v->length); AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); if (memcmp(v->out, buf, v->length)) { printf("IGE test vector %d failed (with in == out)\n", n); - hexdump(stdout, "key", v->key, sizeof v->key); - hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "key", v->key, sizeof(v->key)); + hexdump(stdout, "iv", v->iv, sizeof(v->iv)); hexdump(stdout, "in", v->in, v->length); hexdump(stdout, "expected", v->out, v->length); hexdump(stdout, "got", buf, v->length); @@ -257,9 +257,9 @@ static int run_test_vectors(void) if (memcmp(v->out, buf, v->length)) { printf("Bidirectional IGE test vector %d failed\n", n); - hexdump(stdout, "key 1", v->key1, sizeof v->key1); - hexdump(stdout, "key 2", v->key2, sizeof v->key2); - hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "key 1", v->key1, sizeof(v->key1)); + hexdump(stdout, "key 2", v->key2, sizeof(v->key2)); + hexdump(stdout, "iv", v->iv, sizeof(v->iv)); hexdump(stdout, "in", v->in, v->length); hexdump(stdout, "expected", v->out, v->length); hexdump(stdout, "got", buf, v->length); @@ -288,19 +288,19 @@ int main(int argc, char **argv) assert(BIG_TEST_SIZE >= TEST_SIZE); - RAND_pseudo_bytes(rkey, sizeof rkey); - RAND_pseudo_bytes(plaintext, sizeof plaintext); - RAND_pseudo_bytes(iv, sizeof iv); - memcpy(saved_iv, iv, sizeof saved_iv); + RAND_pseudo_bytes(rkey, sizeof(rkey)); + RAND_pseudo_bytes(plaintext, sizeof(plaintext)); + RAND_pseudo_bytes(iv, sizeof(iv)); + memcpy(saved_iv, iv, sizeof(saved_iv)); /* Forward IGE only... */ /* Straight encrypt/decrypt */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT); - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT); if (memcmp(checktext, plaintext, TEST_SIZE)) { @@ -311,16 +311,16 @@ int main(int argc, char **argv) } /* Now check encrypt chaining works */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv, AES_ENCRYPT); AES_ige_encrypt(plaintext + TEST_SIZE / 2, ciphertext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv, AES_ENCRYPT); - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT); if (memcmp(checktext, plaintext, TEST_SIZE)) { @@ -331,16 +331,16 @@ int main(int argc, char **argv) } /* And check decrypt chaining */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv, AES_ENCRYPT); AES_ige_encrypt(plaintext + TEST_SIZE / 2, ciphertext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv, AES_ENCRYPT); - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv, AES_DECRYPT); AES_ige_encrypt(ciphertext + TEST_SIZE / 2, @@ -355,29 +355,29 @@ int main(int argc, char **argv) } /* make sure garble extends forwards only */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); - AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, AES_ENCRYPT); /* corrupt halfway through */ - ++ciphertext[sizeof ciphertext / 2]; - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); - AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + ++ciphertext[sizeof(ciphertext) / 2]; + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, AES_DECRYPT); matches = 0; - for (n = 0; n < sizeof checktext; ++n) + for (n = 0; n < sizeof(checktext); ++n) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof checktext / 2 + sizeof checktext / 100) { + if (matches > sizeof(checktext) / 2 + sizeof(checktext) / 100) { printf("More than 51%% matches after garbling\n"); ++err; } - if (matches < sizeof checktext / 2) { + if (matches < sizeof(checktext) / 2) { printf("Garble extends backwards!\n"); ++err; } @@ -389,16 +389,16 @@ int main(int argc, char **argv) */ /* possible with biIGE, so the IV is not updated. */ - RAND_pseudo_bytes(rkey2, sizeof rkey2); + RAND_pseudo_bytes(rkey2, sizeof(rkey2)); /* Straight encrypt/decrypt */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2); + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv, AES_ENCRYPT); - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2); + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv, AES_DECRYPT); @@ -410,70 +410,70 @@ int main(int argc, char **argv) } /* make sure garble extends both ways */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, AES_ENCRYPT); /* corrupt halfway through */ - ++ciphertext[sizeof ciphertext / 2]; - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + ++ciphertext[sizeof(ciphertext) / 2]; + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, AES_DECRYPT); matches = 0; - for (n = 0; n < sizeof checktext; ++n) + for (n = 0; n < sizeof(checktext); ++n) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof checktext / 100) { + if (matches > sizeof(checktext) / 100) { printf("More than 1%% matches after bidirectional garbling\n"); ++err; } /* make sure garble extends both ways (2) */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, AES_ENCRYPT); /* corrupt right at the end */ - ++ciphertext[sizeof ciphertext - 1]; - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + ++ciphertext[sizeof(ciphertext) - 1]; + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, AES_DECRYPT); matches = 0; - for (n = 0; n < sizeof checktext; ++n) + for (n = 0; n < sizeof(checktext); ++n) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof checktext / 100) { + if (matches > sizeof(checktext) / 100) { printf("More than 1%% matches after bidirectional garbling (2)\n"); ++err; } /* make sure garble extends both ways (3) */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, AES_ENCRYPT); /* corrupt right at the start */ ++ciphertext[0]; - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, AES_DECRYPT); matches = 0; - for (n = 0; n < sizeof checktext; ++n) + for (n = 0; n < sizeof(checktext); ++n) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof checktext / 100) { + if (matches > sizeof(checktext) / 100) { printf("More than 1%% matches after bidirectional garbling (3)\n"); ++err; } diff --git a/test/maketests.com b/test/maketests.com index 6223659..f4e418b 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -150,8 +150,8 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "EVP_TEST,EVP_EXTRA_TEST,IGETEST,JPAKETEST,SRPTEST,"+ - "ASN1TEST,V3NAMETEST,HEARTBEAT_TEST,"+ - "CONSTANT_TIME_TEST,VERIFY_EXTRA_TEST,"+ - - "CLIENTHELLOTEST,SSLV2CONFTEST,DTLSTEST" -$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? + "CLIENTHELLOTEST,SSLV2CONFTEST,DTLSTEST,"+ - + "BAD_DTLS_TEST,FATALERRTEST" $! $! Additional directory information. $ T_D_BNTEST := [-.crypto.bn] @@ -194,10 +194,13 @@ $ T_D_HEARTBEAT_TEST := [-.ssl] $ T_D_CONSTANT_TIME_TEST := [-.crypto] $ T_D_VERIFY_EXTRA_TEST := [-.crypto.x509] $ T_D_CLIENTHELLOTEST := [-.ssl] +$ T_D_BAD_DTLS_TEST := [-.ssl] $ T_D_SSLV2CONFTEST := [-.ssl] $ T_D_DTLSTEST := [-.ssl] +$ T_D_FATALERRTEST := [-.ssl] $ $ EXOBJ_DTLSTEST := SSLTESTLIB +$ EXOBJ_FATALERRTEST := SSLTESTLIB $! $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - diff --git a/test/ssltest_old b/test/ssltest_old Binary files differdeleted file mode 100755 index 3e3a27d..0000000 --- a/test/ssltest_old +++ /dev/null diff --git a/test/tests.com b/test/tests.com index 59745e1..27b01b6 100644 --- a/test/tests.com +++ b/test/tests.com @@ -57,7 +57,8 @@ $ tests := - test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- test_ss,test_ca,test_engine,test_evp,test_evp_extra,test_ssl,test_tsa,test_ige,- test_jpake,test_srp,test_cms,test_ocsp,test_v3name,test_heartbeat,- - test_constant_time,test_verify_extra,test_clienthello,test_sslv2conftest,test_dtls + test_constant_time,test_verify_extra,test_clienthello,test_sslv2conftest,- + test_dtls,test_bad_dtls,test_fatalerr $ endif $ tests = f$edit(tests,"COLLAPSE") $ @@ -102,8 +103,10 @@ $ HEARTBEATTEST := heartbeat_test $ CONSTTIMETEST := constant_time_test $ VERIFYEXTRATEST := verify_extra_test $ CLIENTHELLOTEST := clienthellotest +$ BADDTLSTEST := bad_dtls_test $ SSLV2CONFTEST := sslv2conftest $ DTLSTEST := dtlstest +$ FATALERRTEST := fatalerrtest $! $ tests_i = 0 $ loop_tests: @@ -402,6 +405,16 @@ $ test_clienthello: $ write sys$output "''START' test_clienthello" $ mcr 'texe_dir''clienthellotest' $ return +$ test_bad_dtls: +$ write sys$output "''START' test_bad_dtls" +$ mcr 'texe_dir''baddtlstest' +$ return +$ +$ test_fatalerr: +$ write sys$output "''START' test_fatalerrtest" +$ mcr 'texe_dir''fatalerrtest' 'ROOT'.APPS]server.pem 'ROOT'.APPS]server.pem +$ return +$ $ test_sslv2conftest: $ write sys$output "''START' test_sslv2conftest" $ mcr 'texe_dir''sslv2conftest' diff --git a/test/v3ext b/test/v3ext Binary files differdeleted file mode 100755 index 09a0c3a..0000000 --- a/test/v3ext +++ /dev/null diff --git a/test/x509aux b/test/x509aux Binary files differdeleted file mode 100755 index 35378a8..0000000 --- a/test/x509aux +++ /dev/null |