ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.0.2p

Browse Source
This commit is contained in:
Steve Dower
2018-08-14 08:51:39 -07:00
parent 4933cd8231
commit 4b1c388f4d
157 changed files with 2471 additions and 1482 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/Makefile
View File

@@ -45,7 +45,7 @@ SRC= $(LIBSRC)
EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
ossl_typ.h
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
constant_time_locl.h $(EXHEADER)
constant_time_locl.h bn_int.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)

24
crypto/asn1/a_bool.c
View File

@@ -63,17 +63,31 @@
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
{
int r;
unsigned char *p;
unsigned char *p, *allocated = NULL;
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
if (pp == NULL)
return (r);
p = *pp;
if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
ASN1err(ASN1_F_I2D_ASN1_BOOLEAN, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
*(p++) = (unsigned char)a;
*pp = p;
return (r);
*p = (unsigned char)a;
/*
* If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + 1;
return r;
}
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)

21
crypto/asn1/a_object.c
View File

@@ -66,7 +66,7 @@
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{
unsigned char *p;
unsigned char *p, *allocated = NULL;
int objsize;
if ((a == NULL) || (a->data == NULL))
@@ -76,13 +76,24 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
if (pp == NULL || objsize == -1)
return objsize;
p = *pp;
if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p, a->data, a->length);
p += a->length;
*pp = p;
return (objsize);
/*
* If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + a->length;
return objsize;
}
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)

27
crypto/asn1/a_strex.c
View File

@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
* Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -194,18 +194,38 @@ static int do_buf(unsigned char *buf, int buflen,
int type, unsigned char flags, char *quotes, char_io *io_ch,
void *arg)
{
int i, outlen, len;
int i, outlen, len, charwidth;
unsigned char orflags, *p, *q;
unsigned long c;
p = buf;
q = buf + buflen;
outlen = 0;
charwidth = type & BUF_TYPE_WIDTH_MASK;
switch (charwidth) {
case 4:
if (buflen & 3) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
return -1;
}
break;
case 2:
if (buflen & 1) {
ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
return -1;
}
break;
default:
break;
}
while (p != q) {
if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
orflags = CHARTYPE_FIRST_ESC_2253;
else
orflags = 0;
switch (type & BUF_TYPE_WIDTH_MASK) {
switch (charwidth) {
case 4:
c = ((unsigned long)*p++) << 24;
c |= ((unsigned long)*p++) << 16;
@@ -226,6 +246,7 @@ static int do_buf(unsigned char *buf, int buflen,
i = UTF8_getc(p, buflen, &c);
if (i < 0)
return -1; /* Invalid UTF8String */
buflen -= i;
p += i;
break;
default:

14
crypto/asn1/ameth_lib.c
View File

@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -305,6 +305,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
} else
ameth->info = NULL;
/*
* One of the following must be true:
*
* pem_str == NULL AND ASN1_PKEY_ALIAS is set
* pem_str != NULL AND ASN1_PKEY_ALIAS is clear
*
* Anything else is an error and may lead to a corrupt ASN1 method table
*/
if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
|| (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
goto err;
if (pem_str) {
ameth->pem_str = BUF_strdup(pem_str);
if (!ameth->pem_str)

8
crypto/asn1/asn1.h
View File

@@ -1164,6 +1164,7 @@ int SMIME_text(BIO *in, BIO *out);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_ASN1_strings(void);
/* Error codes for the ASN1 functions. */
@@ -1264,7 +1265,10 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_D2I_X509 156
# define ASN1_F_D2I_X509_CINF 157
# define ASN1_F_D2I_X509_PKEY 159
# define ASN1_F_DO_BUF 221
# define ASN1_F_I2D_ASN1_BIO_STREAM 211
# define ASN1_F_I2D_ASN1_BOOLEAN 223
# define ASN1_F_I2D_ASN1_OBJECT 222
# define ASN1_F_I2D_ASN1_SET 188
# define ASN1_F_I2D_ASN1_TIME 160
# define ASN1_F_I2D_DSA_PUBKEY 161
@@ -1414,7 +1418,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_WRONG_TAG 168
# define ASN1_R_WRONG_TYPE 169
#ifdef __cplusplus
# ifdef __cplusplus
}
#endif
# endif
#endif

3
crypto/asn1/asn1_err.c
View File

@@ -166,7 +166,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
{ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BOOLEAN), "i2d_ASN1_BOOLEAN"},
{ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},

4
crypto/asn1/tasn_enc.c
View File

@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
* Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
* Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
otmp = (ASN1_OBJECT *)*pval;
cont = otmp->data;
len = otmp->length;
if (cont == NULL || len == 0)
return -1;
break;
case V_ASN1_NULL:

4
crypto/bio/bss_log.c
View File

@@ -1,6 +1,6 @@
/* crypto/bio/bss_log.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -242,7 +242,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) {
return (0);
}
strncpy(buf, in, inl);
memcpy(buf, in, inl);
buf[inl] = '\0';
i = 0;

2
crypto/bio/bss_mem.c
View File

@@ -188,6 +188,8 @@ static int mem_write(BIO *b, const char *in, int inl)
}
BIO_clear_retry_flags(b);
if (inl == 0)
return 0;
blen = bm->length;
if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
goto end;

71
crypto/bn/Makefile
View File

@@ -197,21 +197,24 @@ bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h
bn_add.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_add.c
bn_add.o: bn_lcl.h
bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h
bn_asm.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_asm.c
bn_asm.o: bn_lcl.h
bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
bn_blind.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h
bn_blind.o: bn_blind.c bn_lcl.h
bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
bn_const.o: ../../include/openssl/opensslconf.h
bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -223,7 +226,8 @@ bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h
bn_ctx.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_ctx.c
bn_ctx.o: bn_lcl.h
bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -231,14 +235,15 @@ bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
bn_depr.o: ../bn_int.h ../cryptlib.h bn_depr.c bn_lcl.h
bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h
bn_div.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_div.c
bn_div.o: bn_lcl.h
bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -252,7 +257,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
bn_exp.o: ../../include/openssl/symhacks.h ../bn_int.h ../constant_time_locl.h
bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h rsaz_exp.h
bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -260,70 +265,80 @@ bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h
bn_exp2.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_exp2.c
bn_exp2.o: bn_lcl.h
bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h
bn_gcd.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gcd.c
bn_gcd.o: bn_lcl.h
bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h
bn_gf2m.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gf2m.c
bn_gf2m.o: bn_lcl.h
bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h
bn_kron.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_kron.c
bn_kron.o: bn_lcl.h
bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c
bn_lib.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_lib.o: bn_lib.c
bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c
bn_mod.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_mod.o: bn_mod.c
bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c
bn_mont.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_mont.o: bn_mont.c
bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c
bn_mpi.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_mpi.o: bn_mpi.c
bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c
bn_mul.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_mul.o: bn_mul.c
bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
bn_nist.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_nist.o: bn_nist.c
bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -331,14 +346,15 @@ bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
bn_prime.o: ../bn_int.h ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c
bn_print.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_print.o: bn_print.c
bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -346,42 +362,47 @@ bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
bn_rand.o: ../bn_int.h ../cryptlib.h bn_lcl.h bn_rand.c
bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c
bn_recp.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_recp.o: bn_recp.c
bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c
bn_shift.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_shift.o: bn_shift.c
bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c
bn_sqr.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_sqr.o: bn_sqr.c
bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c
bn_sqrt.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_sqrt.o: bn_sqrt.c
bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
bn_word.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
bn_word.o: bn_word.c
bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h

9
crypto/bn/asm/alpha-mont.pl
View File

@@ -287,15 +287,12 @@ bn_mul_mont:
mov sp,$tp
mov $bp,$rp # restore rp
and sp,$hi0,$ap
bic $bp,$hi0,$bp
bis $bp,$ap,$ap # ap=borrow?tp:rp
.align 4
.Lcopy: ldq $aj,0($ap) # copy or in-place refresh
.Lcopy: ldq $aj,0($tp) # conditional copy
ldq $nj,0($rp)
lda $tp,8($tp)
lda $rp,8($rp)
lda $ap,8($ap)
cmoveq $hi0,$nj,$aj
stq zero,-8($tp) # zap tp
cmpult $tp,$tj,AT
stq $aj,-8($rp)

15
crypto/bn/asm/armv4-mont.pl
View File

@@ -216,14 +216,15 @@ bn_mul_mont:
mov $tp,sp @ "rewind" $tp
sub $rp,$rp,$aj @ "rewind" $rp
and $ap,$tp,$nhi
bic $np,$rp,$nhi
orr $ap,$ap,$np @ ap=borrow?tp:rp
.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh
.Lcopy: ldr $tj,[$tp] @ conditional copy
ldr $aj,[$rp]
str sp,[$tp],#4 @ zap tp
str $tj,[$rp],#4
cmp $tp,$num
#ifdef __thumb2__
it cc
#endif
movcc $aj,$tj
str $aj,[$rp],#4
teq $tp,$num @ preserve carry
bne .Lcopy
add sp,$num,#4 @ skip over tp[num+1]

18
crypto/bn/asm/ia64-mont.pl
View File

@@ -332,19 +332,19 @@ bn_mul_mont_general:
{ .mmb; sub rptr=rptr,len // rewind
sub tptr=tptr,len
clrrrb.pr };;
{ .mmi; and aptr=tptr,topbit
andcm bptr=rptr,topbit
{ .mmi; mov aptr=rptr
mov bptr=tptr
mov pr.rot=1<<16 };;
{ .mii; or nptr=aptr,bptr
{ .mii; cmp.eq p0,p6=topbit,r0
mov ar.lc=lc
mov ar.ec=3 };;
mov ar.ec=2 };;
.Lcopy_ctop:
{ .mmb; (p16) ld8 n[0]=[nptr],8
(p18) st8 [tptr]=r0,8
(p16) nop.b 0 }
{ .mmb; (p16) nop.m 0
(p18) st8 [rptr]=n[2],8
{ .mmi; (p16) ld8 a[0]=[aptr],8
(p16) ld8 t[0]=[bptr],8
(p6) mov a[1]=t[1] };; // (p17)
{ .mmb; (p17) st8 [rptr]=a[1],8
(p17) st8 [tptr]=r0,8
br.ctop.sptk .Lcopy_ctop };;
.Lcopy_cend:

12
crypto/bn/asm/mips-mont.pl
View File

@@ -377,15 +377,13 @@ $code.=<<___;
$PTR_SUB $rp,$num # restore rp
not $hi1,$hi0
and $ap,$hi0,$sp
and $bp,$hi1,$rp
or $ap,$ap,$bp # ap=borrow?tp:rp
.align 4
.Lcopy: $LD $aj,($ap)
$PTR_ADD $ap,$BNSZ
.Lcopy: $LD $nj,($tp) # conditional move
$LD $aj,($rp)
$ST $zero,($tp)
$PTR_ADD $tp,$BNSZ
and $nj,$hi0
and $aj,$hi1
or $aj,$nj
sltu $at,$tp,$tj
$ST $aj,($rp)
bnez $at,.Lcopy

28
crypto/bn/asm/parisc-mont.pl
View File

@@ -510,7 +510,6 @@ L\$sub
stws,ma $hi1,4($rp)
subb $ti0,%r0,$hi1
ldo -4($tp),$tp
___
$code.=<<___ if ($BN_SZ==8);
ldd,ma 8($tp),$ti0
@@ -525,21 +524,19 @@ L\$sub
extrd,u $ti0,31,32,$ti0 ; carry in flipped word order
sub,db $ti0,%r0,$hi1
ldo -8($tp),$tp
___
$code.=<<___;
and $tp,$hi1,$ap
andcm $rp,$hi1,$bp
or $ap,$bp,$np
ldo `$LOCALS+32`($fp),$tp
sub $rp,$arrsz,$rp ; rewind rp
subi 0,$arrsz,$idx
ldo `$LOCALS+32`($fp),$tp
L\$copy
ldd $idx($np),$hi0
ldd 0($tp),$ti0
ldd 0($rp),$hi0
std,ma %r0,8($tp)
addib,<> 8,$idx,.-8 ; L\$copy
std,ma $hi0,8($rp)
comiclr,= 0,$hi1,%r0
copy $ti0,$hi0
addib,<> 8,$idx,L\$copy
std,ma $hi0,8($rp)
___
if ($BN_SZ==4) { # PA-RISC 1.1 code-path
@@ -849,17 +846,16 @@ L\$sub_pa11
stws,ma $hi1,4($rp)
subb $ti0,%r0,$hi1
ldo -4($tp),$tp
and $tp,$hi1,$ap
andcm $rp,$hi1,$bp
or $ap,$bp,$np
ldo `$LOCALS+32`($fp),$tp
sub $rp,$arrsz,$rp ; rewind rp
subi 0,$arrsz,$idx
ldo `$LOCALS+32`($fp),$tp
L\$copy_pa11
ldwx $idx($np),$hi0
ldw 0($tp),$ti0
ldw 0($rp),$hi0
stws,ma %r0,4($tp)
comiclr,= 0,$hi1,%r0
copy $ti0,$hi0
addib,<> 4,$idx,L\$copy_pa11
stws,ma $hi0,4($rp)

13
crypto/bn/asm/ppc-mont.pl
View File

@@ -294,15 +294,16 @@ Lsub: $LDX $tj,$tp,$j
li $j,0
mtctr $num
subfe $ovf,$j,$ovf ; handle upmost overflow bit
and $ap,$tp,$ovf
andc $np,$rp,$ovf
or $ap,$ap,$np ; ap=borrow?tp:rp
.align 4
Lcopy: ; copy or in-place refresh
$LDX $tj,$ap,$j
$STX $tj,$rp,$j
Lcopy: ; conditional copy
$LDX $tj,$tp,$j
$LDX $aj,$rp,$j
and $tj,$tj,$ovf
andc $aj,$aj,$ovf
$STX $j,$tp,$j ; zap at once
or $aj,$aj,$tj
$STX $aj,$rp,$j
addi $j,$j,$BNSZ
bdnz Lcopy

41
crypto/bn/asm/ppc64-mont.pl
View File

@@ -1494,16 +1494,14 @@ Lsub: ldx $t0,$tp,$i
li $i,0
subfe $ovf,$i,$ovf ; handle upmost overflow bit
and $ap,$tp,$ovf
andc $np,$rp,$ovf
or $ap,$ap,$np ; ap=borrow?tp:rp
addi $t7,$ap,8
mtctr $j
.align 4
Lcopy: ; copy or in-place refresh
ldx $t0,$ap,$i
ldx $t1,$t7,$i
Lcopy: ; conditional copy
ldx $t0,$tp,$i
ldx $t1,$t4,$i
ldx $t2,$rp,$i
ldx $t3,$t6,$i
std $i,8($nap_d) ; zap nap_d
std $i,16($nap_d)
std $i,24($nap_d)
@@ -1512,6 +1510,12 @@ Lcopy: ; copy or in-place refresh
std $i,48($nap_d)
std $i,56($nap_d)
stdu $i,64($nap_d)
and $t0,$t0,$ovf
and $t1,$t1,$ovf
andc $t2,$t2,$ovf
andc $t3,$t3,$ovf
or $t0,$t0,$t2
or $t1,$t1,$t3
stdx $t0,$rp,$i
stdx $t1,$t6,$i
stdx $i,$tp,$i ; zap tp at once
@@ -1554,20 +1558,21 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order
li $i,0
subfe $ovf,$i,$ovf ; handle upmost overflow bit
addi $tp,$sp,`$FRAME+$TRANSFER+4`
addi $ap,$sp,`$FRAME+$TRANSFER+4`
subf $rp,$num,$rp ; rewind rp
and $ap,$tp,$ovf
andc $np,$rp,$ovf
or $ap,$ap,$np ; ap=borrow?tp:rp
addi $tp,$sp,`$FRAME+$TRANSFER`
mtctr $j
.align 4
Lcopy: ; copy or in-place refresh
Lcopy: ; conditional copy
lwz $t0,4($ap)
lwz $t1,8($ap)
lwz $t2,12($ap)
lwzu $t3,16($ap)
lwz $t4,4($rp)
lwz $t5,8($rp)
lwz $t6,12($rp)
lwz $t7,16($rp)
std $i,8($nap_d) ; zap nap_d
std $i,16($nap_d)
std $i,24($nap_d)
@@ -1576,6 +1581,18 @@ Lcopy: ; copy or in-place refresh
std $i,48($nap_d)
std $i,56($nap_d)
stdu $i,64($nap_d)
and $t0,$t0,$ovf
and $t1,$t1,$ovf
and $t2,$t2,$ovf
and $t3,$t3,$ovf
andc $t4,$t4,$ovf
andc $t5,$t5,$ovf
andc $t6,$t6,$ovf
andc $t7,$t7,$ovf
or $t0,$t0,$t4
or $t1,$t1,$t5
or $t2,$t2,$t6
or $t3,$t3,$t7
stw $t0,4($rp)
stw $t1,8($rp)
stw $t2,12($rp)

2
crypto/bn/asm/rsaz-avx2.pl
View File

@@ -97,7 +97,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=11);
}
if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) {
if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$avx = ($ver>=3.0) + ($ver>=3.01);
$addx = ($ver>=3.03);

14
crypto/bn/asm/s390x-mont.pl
View File

@@ -245,16 +245,16 @@ $code.=<<___;
brct $count,.Lsub
lghi $ahi,0
slbgr $AHI,$ahi # handle upmost carry
ngr $ap,$AHI
lghi $np,-1
xgr $np,$AHI
ngr $np,$rp
ogr $ap,$np # ap=borrow?tp:rp
lghi $NHI,-1
xgr $NHI,$AHI
la $j,0(%r0)
lgr $count,$num
.Lcopy: lg $alo,0($j,$ap) # copy or in-place refresh
.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy
lg $alo,0($j,$rp)
ngr $ahi,$AHI
ngr $alo,$NHI
ogr $alo,$ahi
_dswap $alo
stg $j,$stdframe($j,$sp) # zap tp
stg $alo,0($j,$rp)

24
crypto/bn/asm/sparct4-mont.pl
View File

@@ -878,19 +878,17 @@ $code.=<<___;
sub $tp, $num, $tp
sub $rp, $num, $rp
subc $ovf, %g0, $ovf ! handle upmost overflow bit
and $tp, $ovf, $ap
andn $rp, $ovf, $np
or $np, $ap, $ap ! ap=borrow?tp:rp
subccc $ovf, %g0, $ovf ! handle upmost overflow bit
ba .Lcopy
sub $num, 8, $cnt
.align 16
.Lcopy: ! copy or in-place refresh
ldx [$ap+0], $t2
add $ap, 8, $ap
.Lcopy: ! conditional copy
ldx [$tp], $tj
ldx [$rp+0], $t2
stx %g0, [$tp] ! zap
add $tp, 8, $tp
movcs %icc, $tj, $t2
stx $t2, [$rp+0]
add $rp, 8, $rp
brnz $cnt, .Lcopy
@@ -1126,19 +1124,17 @@ $code.=<<___;
sub $tp, $num, $tp
sub $rp, $num, $rp
subc $ovf, %g0, $ovf ! handle upmost overflow bit
and $tp, $ovf, $ap
andn $rp, $ovf, $np
or $np, $ap, $ap ! ap=borrow?tp:rp
subccc $ovf, %g0, $ovf ! handle upmost overflow bit
ba .Lcopy_g5
sub $num, 8, $cnt
.align 16
.Lcopy_g5: ! copy or in-place refresh
ldx [$ap+0], $t2
add $ap, 8, $ap
.Lcopy_g5: ! conditional copy
ldx [$tp], $tj
ldx [$rp+0], $t2
stx %g0, [$tp] ! zap
add $tp, 8, $tp
movcs %icc, $tj, $t2
stx $t2, [$rp+0]
add $rp, 8, $rp
brnz $cnt, .Lcopy_g5

13
crypto/bn/asm/sparcv9-mont.pl
View File

@@ -255,7 +255,6 @@ $fname:
.Ltail:
add $np,$num,$np
add $rp,$num,$rp
mov $tp,$ap
sub %g0,$num,%o7 ! k=-num
ba .Lsub
subcc %g0,%g0,%g0 ! clear %icc.c
@@ -268,15 +267,14 @@ $fname:
add %o7,4,%o7
brnz %o7,.Lsub
st %o1,[$i]
subc $car2,0,$car2 ! handle upmost overflow bit
and $tp,$car2,$ap
andn $rp,$car2,$np
or $ap,$np,$ap
subccc $car2,0,$car2 ! handle upmost overflow bit
sub %g0,$num,%o7
.Lcopy:
ld [$ap+%o7],%o0 ! copy or in-place refresh
ld [$tp+%o7],%o1 ! conditional copy
ld [$rp+%o7],%o0
st %g0,[$tp+%o7] ! zap tp
movcs %icc,%o1,%o0
st %o0,[$rp+%o7]
add %o7,4,%o7
brnz %o7,.Lcopy
@@ -485,6 +483,9 @@ $code.=<<___;
mulx $npj,$mul1,$acc1
add $tpj,$car1,$car1
ld [$np+$j],$npj ! np[j]
srlx $car1,32,$tmp0
and $car1,$mask,$car1
add $tmp0,$sbit,$sbit
add $acc0,$car1,$car1
ld [$tp+8],$tpj ! tp[j]
add $acc1,$car1,$car1

13
crypto/bn/asm/via-mont.pl
View File

@@ -203,18 +203,15 @@ $sp=&DWP(28,"esp");
&mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit
&sbb ("eax",0);
&and ("esi","eax");
&not ("eax");
&mov ("ebp","edi");
&and ("ebp","eax");
&or ("esi","ebp"); # tp=carry?tp:rp
&mov ("ecx","edx"); # num
&xor ("edx","edx"); # i=0
&mov ("edx",0); # i=0
&set_label("copy",8);
&mov ("eax",&DWP(0,"esi","edx",4));
&mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp
&mov ("ebx",&DWP(0,"esi","edx",4));
&mov ("eax",&DWP(0,"edi","edx",4));
&mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp
&cmovc ("eax","ebx");
&mov (&DWP(0,"edi","edx",4),"eax");
&lea ("edx",&DWP(1,"edx")); # i++
&loop (&label("copy"));

16
crypto/bn/asm/vis3-mont.pl
View File

@@ -299,23 +299,23 @@ $code.=<<___;
sub $anp, $num, $anp
sub $rp, $num, $rp
subc $ovf, %g0, $ovf ! handle upmost overflow bit
and $tp, $ovf, $ap
andn $rp, $ovf, $np
or $np, $ap, $ap ! ap=borrow?tp:rp
subccc $ovf, %g0, $ovf ! handle upmost overflow bit
ba .Lcopy
sub $num, 8, $cnt
.align 16
.Lcopy: ! copy or in-place refresh
ld [$ap+0], $t2
ld [$ap+4], $t3
add $ap, 8, $ap
.Lcopy: ! conditional copy
ld [$tp+0], $t0
ld [$tp+4], $t1
ld [$rp+0], $t2
ld [$rp+4], $t3
stx %g0, [$tp] ! zap
add $tp, 8, $tp
stx %g0, [$anp] ! zap
stx %g0, [$anp+8]
add $anp, 16, $anp
movcs %icc, $t0, $t2
movcs %icc, $t1, $t3
st $t3, [$rp+0] ! flip order
st $t2, [$rp+4]
add $rp, 8, $rp

18
crypto/bn/asm/x86-mont.pl
View File

@@ -592,16 +592,18 @@ $sbit=$num;
&jge (&label("sub"));
&sbb ("eax",0); # handle upmost overflow bit
&and ($tp,"eax");
&not ("eax");
&mov ($np,$rp);
&and ($np,"eax");
&or ($tp,$np); # tp=carry?tp:rp
&mov ("edx",-1);
&xor ("edx","eax");
&jmp (&label("copy"));
&set_label("copy",16); # copy or in-place refresh
&mov ("eax",&DWP(0,$tp,$num,4));
&mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i]
&set_label("copy",16); # conditional copy
&mov ($tp,&DWP($frame,"esp",$num,4));
&mov ($np,&DWP(0,$rp,$num,4));
&mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector
&and ($tp,"eax");
&and ($np,"edx");
&or ($np,$tp);
&mov (&DWP(0,$rp,$num,4),$np);
&dec ($num);
&jge (&label("copy"));

81
crypto/bn/asm/x86_64-mont.pl
View File

@@ -293,30 +293,30 @@ $code.=<<___;
xor $i,$i # i=0 and clear CF!
mov (%rsp),%rax # tp[0]
lea (%rsp),$ap # borrow ap for tp
mov $num,$j # j=num
jmp .Lsub
.align 16
.Lsub: sbb ($np,$i,8),%rax
mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i]
mov 8($ap,$i,8),%rax # tp[i+1]
mov 8(%rsp,$i,8),%rax # tp[i+1]
lea 1($i),$i # i++
dec $j # doesnn't affect CF!
jnz .Lsub
sbb \$0,%rax # handle upmost overflow bit
mov \$-1,%rbx
xor %rax,%rbx # not %rax
xor $i,$i
and %rax,$ap
not %rax
mov $rp,$np
and %rax,$np
mov $num,$j # j=num
or $np,$ap # ap=borrow?tp:rp
.align 16
.Lcopy: # copy or in-place refresh
mov ($ap,$i,8),%rax
mov $i,(%rsp,$i,8) # zap temporary vector
mov %rax,($rp,$i,8) # rp[i]=tp[i]
.Lcopy: # conditional copy
mov ($rp,$i,8),%rcx
mov (%rsp,$i,8),%rdx
and %rbx,%rcx
and %rax,%rdx
mov $num,(%rsp,$i,8) # zap temporary vector
or %rcx,%rdx
mov %rdx,($rp,$i,8) # rp[i]=tp[i]
lea 1($i),$i
sub \$1,$j
jnz .Lcopy
@@ -686,10 +686,10 @@ ___
my @ri=("%rax","%rdx",$m0,$m1);
$code.=<<___;
mov 16(%rsp,$num,8),$rp # restore $rp
lea -4($num),$j
mov 0(%rsp),@ri[0] # tp[0]
pxor %xmm0,%xmm0
mov 8(%rsp),@ri[1] # tp[1]
shr \$2,$num # num/=4
shr \$2,$j # j=num/4-1
lea (%rsp),$ap # borrow ap for tp
xor $i,$i # i=0 and clear CF!
@@ -697,9 +697,7 @@ $code.=<<___;
mov 16($ap),@ri[2] # tp[2]
mov 24($ap),@ri[3] # tp[3]
sbb 8($np),@ri[1]
lea -1($num),$j # j=num/4-1
jmp .Lsub4x
.align 16
.Lsub4x:
mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i]
mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i]
@@ -726,34 +724,35 @@ $code.=<<___;
sbb \$0,@ri[0] # handle upmost overflow bit
mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i]
xor $i,$i # i=0
and @ri[0],$ap
not @ri[0]
mov $rp,$np
and @ri[0],$np
lea -1($num),$j
or $np,$ap # ap=borrow?tp:rp
pxor %xmm0,%xmm0
movq @ri[0],%xmm4
pcmpeqd %xmm5,%xmm5
pshufd \$0,%xmm4,%xmm4
mov $num,$j
pxor %xmm4,%xmm5
shr \$2,$j # j=num/4
xor %eax,%eax # i=0
movdqu ($ap),%xmm1
movdqa %xmm0,(%rsp)
movdqu %xmm1,($rp)
jmp .Lcopy4x
.align 16
.Lcopy4x: # copy or in-place refresh
movdqu 16($ap,$i),%xmm2
movdqu 32($ap,$i),%xmm1
movdqa %xmm0,16(%rsp,$i)
movdqu %xmm2,16($rp,$i)
movdqa %xmm0,32(%rsp,$i)
movdqu %xmm1,32($rp,$i)
lea 32($i),$i
.Lcopy4x: # conditional copy
movdqa (%rsp,%rax),%xmm1
movdqu ($rp,%rax),%xmm2
pand %xmm4,%xmm1
pand %xmm5,%xmm2
movdqa 16(%rsp,%rax),%xmm3
movdqa %xmm0,(%rsp,%rax)
por %xmm2,%xmm1
movdqu 16($rp,%rax),%xmm2
movdqu %xmm1,($rp,%rax)
pand %xmm4,%xmm3
pand %xmm5,%xmm2
movdqa %xmm0,16(%rsp,%rax)
por %xmm2,%xmm3
movdqu %xmm3,16($rp,%rax)
lea 32(%rax),%rax
dec $j
jnz .Lcopy4x
shl \$2,$num
movdqu 16($ap,$i),%xmm2
movdqa %xmm0,16(%rsp,$i)
movdqu %xmm2,16($rp,$i)
___
}
$code.=<<___;

19
crypto/bn/asm/x86_64-mont5.pl
View File

@@ -405,18 +405,19 @@ $code.=<<___;
jnz .Lsub
sbb \$0,%rax # handle upmost overflow bit
mov \$-1,%rbx
xor %rax,%rbx
xor $i,$i
and %rax,$ap
not %rax
mov $rp,$np
and %rax,$np
mov $num,$j # j=num
or $np,$ap # ap=borrow?tp:rp
.align 16
.Lcopy: # copy or in-place refresh
mov ($ap,$i,8),%rax
.Lcopy: # conditional copy
mov ($rp,$i,8),%rcx
mov (%rsp,$i,8),%rdx
and %rbx,%rcx
and %rax,%rdx
mov $i,(%rsp,$i,8) # zap temporary vector
mov %rax,($rp,$i,8) # rp[i]=tp[i]
or %rcx,%rdx
mov %rdx,($rp,$i,8) # rp[i]=tp[i]
lea 1($i),$i
sub \$1,$j
jnz .Lcopy

106
crypto/bn/bn.h
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -375,25 +375,76 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
* on the size of the number */
/*
* number of Miller-Rabin iterations for an error rate of less than 2^-80 for
* random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of
* Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
* original paper: Damgaard, Landrock, Pomerance: Average case error
* estimates for the strong probable prime test. -- Math. Comp. 61 (1993)
* 177-194)
* BN_prime_checks_for_size() returns the number of Miller-Rabin iterations
* that will be done for checking that a random number is probably prime. The
* error rate for accepting a composite number as prime depends on the size of
* the prime |b|. The error rates used are for calculating an RSA key with 2 primes,
* and so the level is what you would expect for a key of double the size of the
* prime.
*
* This table is generated using the algorithm of FIPS PUB 186-4
* Digital Signature Standard (DSS), section F.1, page 117.
* (https://dx.doi.org/10.6028/NIST.FIPS.186-4)
*
* The following magma script was used to generate the output:
* securitybits:=125;
* k:=1024;
* for t:=1 to 65 do
* for M:=3 to Floor(2*Sqrt(k-1)-1) do
* S:=0;
* // Sum over m
* for m:=3 to M do
* s:=0;
* // Sum over j
* for j:=2 to m do
* s+:=(RealField(32)!2)^-(j+(k-1)/j);
* end for;
* S+:=2^(m-(m-1)*t)*s;
* end for;
* A:=2^(k-2-M*t);
* B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S;
* pkt:=2.00743*Log(2)*k*2^-k*(A+B);
* seclevel:=Floor(-Log(2,pkt));
* if seclevel ge securitybits then
* printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M;
* break;
* end if;
* end for;
* if seclevel ge securitybits then break; end if;
* end for;
*
* It can be run online at:
* http://magma.maths.usyd.edu.au/calc
*
* And will output:
* k: 1024, security: 129 bits (t: 6, M: 23)
*
* k is the number of bits of the prime, securitybits is the level we want to
* reach.
*
* prime length | RSA key size | # MR tests | security level
* -------------+--------------|------------+---------------
* (b) >= 6394 | >= 12788 | 3 | 256 bit
* (b) >= 3747 | >= 7494 | 3 | 192 bit
* (b) >= 1345 | >= 2690 | 4 | 128 bit
* (b) >= 1080 | >= 2160 | 5 | 128 bit
* (b) >= 852 | >= 1704 | 5 | 112 bit
* (b) >= 476 | >= 952 | 5 | 80 bit
* (b) >= 400 | >= 800 | 6 | 80 bit
* (b) >= 347 | >= 694 | 7 | 80 bit
* (b) >= 308 | >= 616 | 8 | 80 bit
* (b) >= 55 | >= 110 | 27 | 64 bit
* (b) >= 6 | >= 12 | 34 | 64 bit
*/
# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \
(b) >= 850 ? 3 : \
(b) >= 650 ? 4 : \
(b) >= 550 ? 5 : \
(b) >= 450 ? 6 : \
(b) >= 400 ? 7 : \
(b) >= 350 ? 8 : \
(b) >= 300 ? 9 : \
(b) >= 250 ? 12 : \
(b) >= 200 ? 15 : \
(b) >= 150 ? 18 : \
/* b >= 100 */ 27)
# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \
(b) >= 1345 ? 4 : \
(b) >= 476 ? 5 : \
(b) >= 400 ? 6 : \
(b) >= 347 ? 7 : \
(b) >= 308 ? 8 : \
(b) >= 55 ? 27 : \
/* b >= 6 */ 34)
# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
@@ -773,6 +824,16 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
/* We only need assert() when debugging */
# include <assert.h>
/*
* The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with
* bn_correct_top, in other words such vectors are permitted to have zeros
* in most significant limbs. Such vectors are used internally to achieve
* execution time invariance for critical operations with private keys.
* It's BN_DEBUG-only flag, because user application is not supposed to
* observe it anyway. Moreover, optimizing compiler would actually remove
* all operations manipulating the bit in question in non-BN_DEBUG build.
*/
# define BN_FLG_FIXED_TOP 0x10000
# ifdef BN_DEBUG_RAND
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
# ifndef RAND_pseudo_bytes
@@ -805,8 +866,10 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
do { \
const BIGNUM *_bnum2 = (a); \
if (_bnum2 != NULL) { \
assert((_bnum2->top == 0) || \
(_bnum2->d[_bnum2->top - 1] != 0)); \
int _top = _bnum2->top; \
assert((_top == 0) || \
(_bnum2->flags & BN_FLG_FIXED_TOP) || \
(_bnum2->d[_top - 1] != 0)); \
bn_pollute(_bnum2); \
} \
} while(0)
@@ -824,6 +887,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
# else /* !BN_DEBUG */
# define BN_FLG_FIXED_TOP 0
# define bn_pollute(a)
# define bn_check_top(a)
# define bn_fix_top(a) bn_correct_top(a)

1
crypto/bn/bn_div.c
View File

@@ -290,6 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
wnum.neg = 0;
wnum.d = &(snum->d[loop]);
wnum.top = div_n;
wnum.flags = BN_FLG_STATIC_DATA;
/*
* only needed when BN_ucmp messes up the values between top and max
*/

69
crypto/bn/bn_exp.c
View File

@@ -290,8 +290,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(r);
} else {
@@ -432,8 +432,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(rr);
} else {
@@ -473,17 +473,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
ret = 1;
goto err;
}
if (!BN_to_montgomery(val[0], aa, mont, ctx))
if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
goto err; /* 1 */
window = BN_window_bits_for_exponent_size(bits);
if (window > 1) {
if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx))
goto err; /* 2 */
j = 1 << (window - 1);
for (i = 1; i < j; i++) {
if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
!BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
!bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx))
goto err;
}
}
@@ -505,19 +505,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
for (i = 1; i < j; i++)
r->d[i] = (~m->d[i]) & BN_MASK2;
r->top = j;
/*
* Upper words will be zero if the corresponding words of 'm' were
* 0xfff[...], so decrement r->top accordingly.
*/
bn_correct_top(r);
r->flags |= BN_FLG_FIXED_TOP;
} else
#endif
if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx))
goto err;
for (;;) {
if (BN_is_bit_set(p, wstart) == 0) {
if (!start) {
if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
goto err;
}
if (wstart == 0)
@@ -548,12 +544,12 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/* add the 'bytes above' */
if (!start)
for (i = 0; i < j; i++) {
if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
goto err;
}
/* wvalue will be an odd number < 2^window */
if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx))
goto err;
/* move the 'window' down further */
@@ -563,6 +559,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
if (wstart < 0)
break;
}
/*
* Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
* removes padding [if any] and makes return value suitable for public
* API consumer.
*/
#if defined(SPARC_T4_MONT)
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
j = mont->N.top; /* borrow j */
@@ -681,7 +682,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
}
b->top = top;
bn_correct_top(b);
b->flags |= BN_FLG_FIXED_TOP;
return 1;
}
@@ -733,8 +734,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
*/
bits = p->top * BN_BITS2;
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(rr);
} else {
@@ -852,16 +853,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
tmp.top = top;
} else
#endif
if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx))
goto err;
/* prepare a^1 in Montgomery domain */
if (a->neg || BN_ucmp(a, m) >= 0) {
if (!BN_mod(&am, a, m, ctx))
goto err;
if (!BN_to_montgomery(&am, &am, mont, ctx))
if (!bn_to_mont_fixed_top(&am, &am, mont, ctx))
goto err;
} else if (!BN_to_montgomery(&am, a, mont, ctx))
} else if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
goto err;
#if defined(SPARC_T4_MONT)
@@ -1128,14 +1129,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
* performance advantage of sqr over mul).
*/
if (window > 1) {
if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
window))
goto err;
for (i = 3; i < numPowers; i++) {
/* Calculate a^i = a^(i-1) * a */
if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
window))
@@ -1159,7 +1160,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/* Scan the window, squaring the result as we go */
for (i = 0; i < window; i++, bits--) {
if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx))
if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx))
goto err;
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
}
@@ -1172,12 +1173,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
goto err;
/* Multiply the result into the intermediate result */
if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx))
goto err;
}
}
/* Convert the final result from montgomery to standard format */
/*
* Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
* removes padding [if any] and makes return value suitable for public
* API consumer.
*/
#if defined(SPARC_T4_MONT)
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
am.d[0] = 1; /* borrow am */
@@ -1247,8 +1252,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(rr);
} else {
@@ -1369,9 +1374,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1 is still zero. */
if (BN_is_one(m)) {
if (bits == 0) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(r);
} else {

34
crypto/bn/bn_gf2m.c
View File

@@ -36,7 +36,7 @@
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -103,30 +103,32 @@
*/
# define MAX_ITERATIONS 50
static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21,
64, 65, 68, 69, 80, 81, 84, 85
};
# define SQR_nibble(w) ((((w) & 8) << 3) \
| (((w) & 4) << 2) \
| (((w) & 2) << 1) \
| ((w) & 1))
/* Platform-specific macros to accelerate squaring. */
# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
# define SQR1(w) \
SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF]
SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \
SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \
SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \
SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32)
# define SQR0(w) \
SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \
SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \
SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \
SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) )
# endif
# ifdef THIRTY_TWO_BIT
# define SQR1(w) \
SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF]
SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \
SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16)
# define SQR0(w) \
SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \
SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) )
# endif
# if !defined(OPENSSL_BN_ASM_GF2m)

3
crypto/bn/bn_lcl.h
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -113,6 +113,7 @@
# define HEADER_BN_LCL_H
# include <openssl/bn.h>
# include "bn_int.h"
#ifdef __cplusplus
extern "C" {

57
crypto/bn/bn_lib.c
View File

@@ -263,8 +263,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
const BN_ULONG *B;
int i;
bn_check_top(b);
if (words > (INT_MAX / (4 * BN_BITS2))) {
BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
return NULL;
@@ -398,8 +396,6 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
BIGNUM *bn_expand2(BIGNUM *b, int words)
{
bn_check_top(b);
if (words > b->dmax) {
BN_ULONG *a = bn_expand_internal(b, words);
if (!a)
@@ -433,7 +429,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
assert(A == &(b->d[b->dmax]));
}
#endif
bn_check_top(b);
return b;
}
@@ -497,12 +492,18 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif
a->top = b->top;
a->neg = b->neg;
a->top = b->top;
a->flags |= b->flags & BN_FLG_FIXED_TOP;
bn_check_top(a);
return (a);
}
#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \
| BN_FLG_CONSTTIME \
| BN_FLG_FIXED_TOP))
#define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED))
void BN_swap(BIGNUM *a, BIGNUM *b)
{
int flags_old_a, flags_old_b;
@@ -530,10 +531,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
b->dmax = tmp_dmax;
b->neg = tmp_neg;
a->flags =
(flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
b->flags =
(flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b);
b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a);
bn_check_top(a);
bn_check_top(b);
}
@@ -545,6 +544,7 @@ void BN_clear(BIGNUM *a)
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
a->top = 0;
a->neg = 0;
a->flags &= ~BN_FLG_FIXED_TOP;
}
BN_ULONG BN_get_word(const BIGNUM *a)
@@ -565,6 +565,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w)
a->neg = 0;
a->d[0] = w;
a->top = (w ? 1 : 0);
a->flags &= ~BN_FLG_FIXED_TOP;
bn_check_top(a);
return (1);
}
@@ -613,6 +614,41 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
}
/* ignore negative */
static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
{
int n;
size_t i, inc, lasti, j;
BN_ULONG l;
n = BN_num_bytes(a);
if (tolen == -1)
tolen = n;
else if (tolen < n)
return -1;
if (n == 0) {
OPENSSL_cleanse(to, tolen);
return tolen;
}
lasti = n - 1;
for (i = 0, inc = 1, j = tolen; j > 0;) {
l = a->d[i / BN_BYTES];
to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc));
inc = (i - lasti) >> (8 * sizeof(i) - 1);
i += inc; /* stay on top limb */
}
return tolen;
}
int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
{
if (tolen < 0)
return -1;
return bn2binpad(a, to, tolen);
}
int BN_bn2bin(const BIGNUM *a, unsigned char *to)
{
int n, i;
@@ -711,6 +747,7 @@ int BN_set_bit(BIGNUM *a, int n)
for (k = a->top; k < i + 1; k++)
a->d[k] = 0;
a->top = i + 1;
a->flags &= ~BN_FLG_FIXED_TOP;
}
a->d[i] |= (((BN_ULONG)1) << j);

69
crypto/bn/bn_mod.c
View File

@@ -4,7 +4,7 @@
* for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -149,16 +149,71 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
/*
* BN_mod_add variant that may be used if both a and b are non-negative and
* less than m
* less than m. The original algorithm was
*
* if (!BN_uadd(r, a, b))
* return 0;
* if (BN_ucmp(r, m) >= 0)
* return BN_usub(r, r, m);
*
* which is replaced with addition, subtracting modulus, and conditional
* move depending on whether or not subtraction borrowed.
*/
int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *m)
{
size_t i, ai, bi, mtop = m->top;
BN_ULONG storage[1024 / BN_BITS2];
BN_ULONG carry, temp, mask, *rp, *tp = storage;
const BN_ULONG *ap, *bp;
if (bn_wexpand(r, m->top) == NULL)
return 0;
if (mtop > sizeof(storage) / sizeof(storage[0])
&& (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL)
return 0;
ap = a->d != NULL ? a->d : tp;
bp = b->d != NULL ? b->d : tp;
for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) {
mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
temp = ((ap[ai] & mask) + carry) & BN_MASK2;
carry = (temp < carry);
mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2;
carry += (tp[i] < temp);
i++;
ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
}
rp = r->d;
carry -= bn_sub_words(rp, tp, m->d, mtop);
for (i = 0; i < mtop; i++) {
rp[i] = (carry & tp[i]) | (~carry & rp[i]);
((volatile BN_ULONG *)tp)[i] = 0;
}
r->top = mtop;
r->neg = 0;
if (tp != storage)
OPENSSL_free(tp);
return 1;
}
int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *m)
{
if (!BN_uadd(r, a, b))
return 0;
if (BN_ucmp(r, m) >= 0)
return BN_usub(r, r, m);
return 1;
int ret = bn_mod_add_fixed_top(r, a, b, m);
if (ret)
bn_correct_top(r);
return ret;
}
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,

58
crypto/bn/bn_mont.c
View File

@@ -123,11 +123,22 @@
#define MONT_WORD /* use the faster word-based algorithm */
#ifdef MONT_WORD
static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
#endif
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
BN_MONT_CTX *mont, BN_CTX *ctx)
{
int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx);
bn_correct_top(r);
bn_check_top(r);
return ret;
}
int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
BN_MONT_CTX *mont, BN_CTX *ctx)
{
BIGNUM *tmp;
int ret = 0;
@@ -140,8 +151,8 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
r->neg = a->neg ^ b->neg;
r->top = num;
bn_correct_top(r);
return (1);
r->flags |= BN_FLG_FIXED_TOP;
return 1;
}
}
#endif
@@ -161,13 +172,12 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
}
/* reduce from aRR to aR */
#ifdef MONT_WORD
if (!BN_from_montgomery_word(r, tmp, mont))
if (!bn_from_montgomery_word(r, tmp, mont))
goto err;
#else
if (!BN_from_montgomery(r, tmp, mont, ctx))
goto err;
#endif
bn_check_top(r);
ret = 1;
err:
BN_CTX_end(ctx);
@@ -175,7 +185,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
}
#ifdef MONT_WORD
static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
{
BIGNUM *n;
BN_ULONG *ap, *np, *rp, n0, v, carry;
@@ -205,6 +215,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
# endif
r->top = max;
r->flags |= BN_FLG_FIXED_TOP;
n0 = mont->n0[0];
/*
@@ -223,6 +234,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
if (bn_wexpand(ret, nl) == NULL)
return (0);
ret->top = nl;
ret->flags |= BN_FLG_FIXED_TOP;
ret->neg = r->neg;
rp = ret->d;
@@ -233,20 +245,16 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
*/
ap = &(r->d[nl]);
carry -= bn_sub_words(rp, ap, np, nl);
/*
* |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v|
* cannot be -1. That would imply the subtraction did not fit in |nl| words,
* and we know at most one subtraction is needed.
* |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
* |carry| cannot be 1. That would imply the subtraction did not fit in
* |nl| words, and we know at most one subtraction is needed.
*/
v = bn_sub_words(rp, ap, np, nl) - carry;
v = 0 - v;
for (i = 0; i < nl; i++) {
rp[i] = (v & ap[i]) | (~v & rp[i]);
rp[i] = (carry & ap[i]) | (~carry & rp[i]);
ap[i] = 0;
}
bn_correct_top(r);
bn_correct_top(ret);
bn_check_top(ret);
return (1);
}
@@ -260,8 +268,11 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
BIGNUM *t;
BN_CTX_start(ctx);
if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
retn = BN_from_montgomery_word(ret, t, mont);
if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) {
retn = bn_from_montgomery_word(ret, t, mont);
bn_correct_top(ret);
bn_check_top(ret);
}
BN_CTX_end(ctx);
#else /* !MONT_WORD */
BIGNUM *t1, *t2;
@@ -299,6 +310,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
return (retn);
}
int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
BN_CTX *ctx)
{
return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx);
}
BN_MONT_CTX *BN_MONT_CTX_new(void)
{
BN_MONT_CTX *ret;
@@ -335,7 +352,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
{
int ret = 0;
int i, ret = 0;
BIGNUM *Ri, *R;
if (BN_is_zero(mod))
@@ -466,6 +483,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
goto err;
for (i = mont->RR.top, ret = mont->N.top; i < ret; i++)
mont->RR.d[i] = 0;
mont->RR.top = ret;
mont->RR.flags |= BN_FLG_FIXED_TOP;
ret = 1;
err:
BN_CTX_end(ctx);

10
crypto/bn/bn_sqr.c
View File

@@ -135,14 +135,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
}
rr->neg = 0;
/*
* If the most-significant half of the top word of 'a' is zero, then the
* square of 'a' will max-1 words.
*/
if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
rr->top = max - 1;
else
rr->top = max;
rr->top = max;
bn_correct_top(rr);
if (r != rr && BN_copy(r, rr) == NULL)
goto err;

15
crypto/bn_int.h Normal file
View File

@@ -0,0 +1,15 @@
/*
* Some BIGNUM functions assume most significant limb to be non-zero, which
* is customarily arranged by bn_correct_top. Output from below functions
* is not processed with bn_correct_top, and for this reason it may not be
* returned out of public API. It may only be passed internally into other
* functions known to support non-minimal or zero-padded BIGNUMs.
*/
int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
BN_MONT_CTX *mont, BN_CTX *ctx);
int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
BN_CTX *ctx);
int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *m);
int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);

4
crypto/buildinf.h
View File

@@ -9,11 +9,11 @@
/* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
#define CFLAGS "compiler: cl /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_IDEA -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE "
#define PLATFORM "VC-WIN32"
#define DATE "Fri Apr 13 17:33:21 2018"
#define DATE "Tue Aug 14 16:04:24 2018"
#endif
#ifdef MK1MF_PLATFORM_BC_NT
/* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
#define CFLAGS "compiler: bcc32 -DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -O2 -ff -fp -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM -DOPENSSL_NO_IDEA -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_DYNAMIC_ENGINE "
#define PLATFORM "BC-NT"
#define DATE "Fri Apr 13 17:33:21 2018"
#define DATE "Tue Aug 14 16:04:24 2018"
#endif

2
crypto/conf/conf_api.c
View File

@@ -290,6 +290,8 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
vv = lh_CONF_VALUE_insert(conf->data, v);
OPENSSL_assert(vv == NULL);
if (lh_CONF_VALUE_error(conf->data) > 0)
goto err;
ok = 1;
err:
if (!ok) {

7
crypto/dh/dh_key.c
View File

@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
int ok = 0;
int generate_new_key = 0;
unsigned l;
BN_CTX *ctx;
BN_CTX *ctx = NULL;
BN_MONT_CTX *mont = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
return 0;
}
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;

4
crypto/dh/dh_pmeth.c
View File

@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -486,7 +486,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
return ret;
}
#endif
return 1;
return 0;
}
const EVP_PKEY_METHOD dh_pkey_meth = {

9
crypto/dsa/dsa.h
View File

@@ -249,10 +249,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x);
int DSA_print_fp(FILE *bp, const DSA *x, int off);
# endif
# define DSS_prime_checks 50
# define DSS_prime_checks 64
/*
* Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
* Rabin-Miller
* Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
* have one value here we set the number of checks to 64 which is the 128 bit
* security level that is the highest level and valid for creating a 3072 bit
* DSA key.
*/
# define DSA_is_prime(n, callback, cb_arg) \
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
@@ -307,6 +309,7 @@ void ERR_load_DSA_strings(void);
# define DSA_F_I2D_DSA_SIG 111
# define DSA_F_OLD_DSA_PRIV_DECODE 122
# define DSA_F_PKEY_DSA_CTRL 120
# define DSA_F_PKEY_DSA_CTRL_STR 127
# define DSA_F_PKEY_DSA_KEYGEN 121
# define DSA_F_SIG_CB 114

3
crypto/dsa/dsa_err.c
View File

@@ -1,6 +1,6 @@
/* crypto/dsa/dsa_err.c */
/* ====================================================================
* Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -95,6 +95,7 @@ static ERR_STRING_DATA DSA_str_functs[] = {
{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"},
{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
{ERR_FUNC(DSA_F_PKEY_DSA_CTRL_STR), "PKEY_DSA_CTRL_STR"},
{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"},
{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
{0, NULL}

13
crypto/dsa/dsa_gen.c
View File

@@ -146,9 +146,16 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
/* invalid q size */
return 0;
if (evpmd == NULL)
/* use SHA1 as default */
evpmd = EVP_sha1();
if (evpmd == NULL) {
if (qsize == SHA_DIGEST_LENGTH)
evpmd = EVP_sha1();
else if (qsize == SHA224_DIGEST_LENGTH)
evpmd = EVP_sha224();
else
evpmd = EVP_sha256();
} else {
qsize = EVP_MD_size(evpmd);
}
if (bits < 512)
bits = 512;

73
crypto/dsa/dsa_ossl.c
View File

@@ -133,17 +133,13 @@ const DSA_METHOD *DSA_OpenSSL(void)
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
BIGNUM m;
BIGNUM xr;
BIGNUM *m, *blind, *blindm, *tmp;
BN_CTX *ctx = NULL;
int reason = ERR_R_BN_LIB;
DSA_SIG *ret = NULL;
int noredo = 0;
BN_init(&m);
BN_init(&xr);
if (!dsa->p || !dsa->q || !dsa->g) {
if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
reason = DSA_R_MISSING_PARAMETERS;
goto err;
}
@@ -154,6 +150,13 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
m = BN_CTX_get(ctx);
blind = BN_CTX_get(ctx);
blindm = BN_CTX_get(ctx);
tmp = BN_CTX_get(ctx);
if (tmp == NULL)
goto err;
redo:
if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
@@ -173,20 +176,52 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
* 4.2
*/
dlen = BN_num_bytes(dsa->q);
if (BN_bin2bn(dgst, dlen, &m) == NULL)
if (BN_bin2bn(dgst, dlen, m) == NULL)
goto err;
/* Compute s = inv(k) (m + xr) mod q */
if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
goto err; /* s = xr */
if (!BN_add(s, &xr, &m))
goto err; /* s = m + xr */
if (BN_cmp(s, dsa->q) > 0)
if (!BN_sub(s, s, dsa->q))
/*
* The normal signature calculation is:
*
* s := k^-1 * (m + r * priv_key) mod q
*
* We will blind this to protect against side channel attacks
*
* s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q
*/
/* Generate a blinding value */
do {
if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, -1, 0))
goto err;
} while (BN_is_zero(blind));
BN_set_flags(blind, BN_FLG_CONSTTIME);
BN_set_flags(blindm, BN_FLG_CONSTTIME);
BN_set_flags(tmp, BN_FLG_CONSTTIME);
/* tmp := blind * priv_key * r mod q */
if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx))
goto err;
if (!BN_mod_mul(tmp, tmp, r, dsa->q, ctx))
goto err;
/* blindm := blind * m mod q */
if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx))
goto err;
/* s : = (blind * priv_key * r) + (blind * m) mod q */
if (!BN_mod_add_quick(s, tmp, blindm, dsa->q))
goto err;
/* s := s * k^-1 mod q */
if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
goto err;
/* s:= s * blind^-1 mod q */
if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL)
goto err;
if (!BN_mod_mul(s, s, blind, dsa->q, ctx))
goto err;
/*
* Redo if r or s is zero as required by FIPS 186-3: this is very
* unlikely.
@@ -210,13 +245,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
BN_free(r);
BN_free(s);
}
if (ctx != NULL)
BN_CTX_free(ctx);
BN_clear_free(&m);
BN_clear_free(&xr);
if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
BN_clear_free(kinv);
return (ret);
BN_CTX_free(ctx);
BN_clear_free(kinv);
return ret;
}
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,

12
crypto/dsa/dsa_pmeth.c
View File

@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -230,10 +230,16 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits,
NULL);
}
if (!strcmp(type, "dsa_paramgen_md")) {
if (strcmp(type, "dsa_paramgen_md") == 0) {
const EVP_MD *md = EVP_get_digestbyname(value);
if (md == NULL) {
DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE);
return 0;
}
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
(void *)EVP_get_digestbyname(value));
(void *)md);
}
return -2;
}

22
crypto/ec/ec_ameth.c
View File

@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -143,19 +143,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
static EC_KEY *eckey_type2param(int ptype, void *pval)
{
EC_KEY *eckey = NULL;
EC_GROUP *group = NULL;
if (ptype == V_ASN1_SEQUENCE) {
ASN1_STRING *pstr = pval;
const unsigned char *pm = NULL;
int pmlen;
pm = pstr->data;
pmlen = pstr->length;
if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) {
const ASN1_STRING *pstr = pval;
const unsigned char *pm = pstr->data;
int pmlen = pstr->length;
if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) {
ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
goto ecerr;
}
} else if (ptype == V_ASN1_OBJECT) {
ASN1_OBJECT *poid = pval;
EC_GROUP *group;
const ASN1_OBJECT *poid = pval;
/*
* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
@@ -179,8 +179,8 @@ static EC_KEY *eckey_type2param(int ptype, void *pval)
return eckey;
ecerr:
if (eckey)
EC_KEY_free(eckey);
EC_KEY_free(eckey);
EC_GROUP_free(group);
return NULL;
}

10
crypto/ec/ec_lib.c
View File

@@ -3,7 +3,7 @@
* Originally written by Bodo Moeller for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -319,12 +319,16 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
BN_zero(&group->cofactor);
/*
* We ignore the return value because some groups have an order with
* Some groups have an order with
* factors of two, which makes the Montgomery setup fail.
* |group->mont_data| will be NULL in this case.
*/
ec_precompute_mont_data(group);
if (BN_is_odd(&group->order)) {
return ec_precompute_mont_data(group);
}
BN_MONT_CTX_free(group->mont_data);
group->mont_data = NULL;
return 1;
}

23
crypto/ec/ecp_nistz256.c
View File

@@ -1118,23 +1118,32 @@ static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
const P256_POINT_AFFINE *in,
BN_CTX *ctx)
{
BIGNUM x, y;
BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS];
BIGNUM x, y, z;
int ret = 0;
memcpy(d_x, in->X, sizeof(d_x));
x.d = d_x;
/*
* |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
* flag, which effectively means "read-only data".
*/
x.d = (BN_ULONG *)in->X;
x.dmax = x.top = P256_LIMBS;
x.neg = 0;
x.flags = BN_FLG_STATIC_DATA;
memcpy(d_y, in->Y, sizeof(d_y));
y.d = d_y;
y.d = (BN_ULONG *)in->Y;
y.dmax = y.top = P256_LIMBS;
y.neg = 0;
y.flags = BN_FLG_STATIC_DATA;
ret = EC_POINT_set_affine_coordinates_GFp(group, out, &x, &y, ctx);
z.d = (BN_ULONG *)ONE;
z.dmax = z.top = P256_LIMBS;
z.neg = 0;
z.flags = BN_FLG_STATIC_DATA;
if ((ret = (BN_copy(&out->X, &x) != NULL))
&& (ret = (BN_copy(&out->Y, &y) != NULL))
&& (ret = (BN_copy(&out->Z, &z) != NULL)))
out->Z_is_one = 1;
return ret;
}

2
crypto/ecdsa/Makefile
View File

@@ -114,7 +114,7 @@ ecs_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
ecs_ossl.o: ../../include/openssl/opensslconf.h
ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c
ecs_ossl.o: ../../include/openssl/symhacks.h ../bn_int.h ecs_locl.h ecs_ossl.c
ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

11
crypto/ecdsa/ecdsatest.c
View File

@@ -3,7 +3,7 @@
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
* Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -137,7 +137,7 @@ int restore_rand(void)
return 1;
}
static int fbytes_counter = 0;
static int fbytes_counter = 0, use_fake = 0;
static const char *numbers[8] = {
"651056770906015076056810763456358567190100156695615665659",
"6140507067065001063065065565667405560006161556565665656654",
@@ -158,6 +158,11 @@ int fbytes(unsigned char *buf, int num)
int ret;
BIGNUM *tmp = NULL;
if (use_fake == 0)
return old_rand->bytes(buf, num);
use_fake = 0;
if (fbytes_counter >= 8)
return 0;
tmp = BN_new();
@@ -199,11 +204,13 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
/* create the key */
if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
goto x962_int_err;
use_fake = 1;
if (!EC_KEY_generate_key(key))
goto x962_int_err;
BIO_printf(out, ".");
(void)BIO_flush(out);
/* create the signature */
use_fake = 1;
signature = ECDSA_do_sign(digest, 20, key);
if (signature == NULL)
goto x962_int_err;

36
crypto/ecdsa/ecs_ossl.c
View File

@@ -3,7 +3,7 @@
* Written by Nils Larsch for the OpenSSL project
*/
/* ====================================================================
* Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -60,6 +60,7 @@
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/bn.h>
#include "bn_int.h"
static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
const BIGNUM *, const BIGNUM *,
@@ -251,13 +252,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
EC_KEY *eckey)
{
int ok = 0, i;
BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL;
BIGNUM *kinv = NULL, *s, *m = NULL, *order = NULL;
const BIGNUM *ckinv;
BN_CTX *ctx = NULL;
const EC_GROUP *group;
ECDSA_SIG *ret;
ECDSA_DATA *ecdsa;
const BIGNUM *priv_key;
BN_MONT_CTX *mont_data;
ecdsa = ecdsa_check(eckey);
group = EC_KEY_get0_group(eckey);
@@ -276,7 +278,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
s = ret->s;
if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
(tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
(m = BN_new()) == NULL) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -285,6 +287,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
goto err;
}
mont_data = EC_GROUP_get_mont_data(group);
i = BN_num_bits(order);
/*
* Need to truncate digest if it is too long: first truncate whole bytes.
@@ -315,15 +319,27 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
}
}
if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
/*
* With only one multiplicant being in Montgomery domain
* multiplication yields real result without post-conversion.
* Also note that all operations but last are performed with
* zero-padded vectors. Last operation, BN_mod_mul_montgomery
* below, returns user-visible value with removed zero padding.
*/
if (!bn_to_mont_fixed_top(s, ret->r, mont_data, ctx)
|| !bn_mul_mont_fixed_top(s, s, priv_key, mont_data, ctx)) {
goto err;
}
if (!bn_mod_add_fixed_top(s, s, m, order)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_add_quick(s, tmp, m, order)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
/*
* |s| can still be larger than modulus, because |m| can be. In
* such case we count on Montgomery reduction to tie it up.
*/
if (!bn_to_mont_fixed_top(s, s, mont_data, ctx)
|| !BN_mod_mul_montgomery(s, s, ckinv, mont_data, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
@@ -353,8 +369,6 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
BN_CTX_free(ctx);
if (m)
BN_clear_free(m);
if (tmp)
BN_clear_free(tmp);
if (order)
BN_free(order);
if (kinv)

8
crypto/engine/eng_lib.c
View File

@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
* Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -188,8 +188,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
if (!int_cleanup_check(1))
return;
item = int_cleanup_item(cb);
if (item)
sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
if (item != NULL) {
if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
OPENSSL_free(item);
}
}
/* The API function that performs all cleanup */

4
crypto/engine/tb_asnmth.c
View File

@@ -1,5 +1,5 @@
/* ====================================================================
* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -215,7 +215,7 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
ENGINE *e = sk_ENGINE_value(sk, i);
EVP_PKEY_ASN1_METHOD *ameth;
e->pkey_asn1_meths(e, &ameth, NULL, nid);
if (((int)strlen(ameth->pem_str) == lk->len) &&
if (ameth != NULL && ((int)strlen(ameth->pem_str) == lk->len) &&
!strncasecmp(ameth->pem_str, lk->str, lk->len)) {
lk->e = e;
lk->ameth = ameth;

4
crypto/o_time.c
View File

@@ -109,6 +109,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
if (gmtime_r(timer, result) == NULL)
return NULL;
ts = result;
#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400
if (gmtime_s(result, timer))
return NULL;
ts = result;
#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
ts = gmtime(timer);
if (ts == NULL)

6
crypto/opensslv.h
View File

@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x100020ffL
# define OPENSSL_VERSION_NUMBER 0x1000210fL
# ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2p-fips 14 Aug 2018"
# else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o 27 Mar 2018"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2p 14 Aug 2018"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

3
crypto/pem/pem.h
View File

@@ -442,7 +442,8 @@ void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, EVP_PKEY *pkey);
int PEM_def_callback(char *buf, int num, int w, void *key);
/* The default pem_password_cb that's used internally */
int PEM_def_callback(char *buf, int num, int rwflag, void *userdata);
void PEM_proc_type(char *buf, int type);
void PEM_dek_info(char *buf, const char *type, int len, char *str);

59
crypto/pem/pem_lib.c
View File

@@ -82,51 +82,39 @@ static int load_iv(char **fromp, unsigned char *to, int num);
static int check_pem(const char *nm, const char *name);
int pem_check_suffix(const char *pem_str, const char *suffix);
int PEM_def_callback(char *buf, int num, int w, void *key)
int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
{
#ifdef OPENSSL_NO_FP_API
/*
* We should not ever call the default callback routine from windows.
*/
PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (-1);
#else
int i, j;
int i, min_len;
const char *prompt;
if (key) {
i = strlen(key);
/* We assume that the user passes a default password as userdata */
if (userdata) {
i = strlen(userdata);
i = (i > num) ? num : i;
memcpy(buf, key, i);
return (i);
memcpy(buf, userdata, i);
return i;
}
prompt = EVP_get_pw_prompt();
if (prompt == NULL)
prompt = "Enter PEM pass phrase:";
for (;;) {
/*
* We assume that w == 0 means decryption,
* while w == 1 means encryption
*/
int min_len = w ? MIN_LENGTH : 0;
/*
* rwflag == 0 means decryption
* rwflag == 1 means encryption
*
* We assume that for encryption, we want a minimum length, while for
* decryption, we cannot know any minimum length, so we assume zero.
*/
min_len = rwflag ? MIN_LENGTH : 0;
i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
if (i != 0) {
PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)num);
return (-1);
}
j = strlen(buf);
if (min_len && j < min_len) {
fprintf(stderr,
"phrase is too short, needs to be at least %d chars\n",
min_len);
} else
break;
i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag);
if (i != 0) {
PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)num);
return -1;
}
return (j);
#endif
return strlen(buf);
}
void PEM_proc_type(char *buf, int type)
@@ -459,7 +447,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
else
klen = callback(buf, PEM_BUFSIZE, 0, u);
if (klen <= 0) {
if (klen < 0) {
PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
return (0);
}
@@ -499,6 +487,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
char **header_pp = &header;
cipher->cipher = NULL;
memset(cipher->iv, 0, sizeof(cipher->iv));
if ((header == NULL) || (*header == '\0') || (*header == '\n'))
return (1);
if (strncmp(header, "Proc-Type: ", 11) != 0) {

2
crypto/pem/pem_pk8.c
View File

@@ -171,7 +171,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (klen <= 0) {
if (klen < 0) {
PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
return NULL;

2
crypto/pem/pem_pkey.c
View File

@@ -113,7 +113,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (klen <= 0) {
if (klen < 0) {
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
goto err;

4
crypto/pem/pvkfmt.c
View File

@@ -3,7 +3,7 @@
* 2005.
*/
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 2005-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -702,7 +702,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (inlen <= 0) {
if (inlen < 0) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
goto err;
}

4
crypto/pkcs12/p12_asn.c
View File

@@ -4,7 +4,7 @@
* 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -100,7 +100,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_
ASN1_ADB(PKCS12_SAFEBAG) = {
ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))

2
crypto/rsa/Makefile
View File

@@ -153,7 +153,7 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
rsa_eay.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h rsa_eay.c
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

41
crypto/rsa/rsa_eay.c
View File

@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -114,6 +114,7 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include "bn_int.h"
#ifndef RSA_NULL
@@ -156,7 +157,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret;
int i, j, k, num = 0, r = -1;
int i, num = 0, r = -1;
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
@@ -232,15 +233,10 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
goto err;
/*
* put in leading 0 bytes if the number is less than the length of the
* modulus
* BN_bn2binpad puts in leading 0 bytes if the number is less than
* the length of the modulus.
*/
j = BN_num_bytes(ret);
i = BN_bn2bin(ret, &(to[num - j]));
for (k = 0; k < (num - i); k++)
to[k] = 0;
r = num;
r = bn_bn2binpad(ret, to, num);
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
@@ -349,7 +345,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret, *res;
int i, j, k, num = 0, r = -1;
int i, num = 0, r = -1;
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
int local_blinding = 0;
@@ -459,15 +455,10 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
res = ret;
/*
* put in leading 0 bytes if the number is less than the length of the
* modulus
* BN_bn2binpad puts in leading 0 bytes if the number is less than
* the length of the modulus.
*/
j = BN_num_bytes(res);
i = BN_bn2bin(res, &(to[num - j]));
for (k = 0; k < (num - i); k++)
to[k] = 0;
r = num;
r = bn_bn2binpad(res, to, num);
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
@@ -485,7 +476,6 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
{
BIGNUM *f, *ret;
int j, num = 0, r = -1;
unsigned char *p;
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
int local_blinding = 0;
@@ -576,8 +566,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
goto err;
p = buf;
j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */
j = bn_bn2binpad(ret, buf, num);
switch (padding) {
case RSA_PKCS1_PADDING:
@@ -592,7 +581,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
r = RSA_padding_check_SSLv23(to, num, buf, j, num);
break;
case RSA_NO_PADDING:
r = RSA_padding_check_none(to, num, buf, j, num);
memcpy(to, buf, (r = j));
break;
default:
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
@@ -619,7 +608,6 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
{
BIGNUM *f, *ret;
int i, num = 0, r = -1;
unsigned char *p;
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
@@ -684,8 +672,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
if (!BN_sub(ret, rsa->n, ret))
goto err;
p = buf;
i = BN_bn2bin(ret, p);
i = bn_bn2binpad(ret, buf, num);
switch (padding) {
case RSA_PKCS1_PADDING:
@@ -695,7 +682,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
r = RSA_padding_check_X931(to, num, buf, i, num);
break;
case RSA_NO_PADDING:
r = RSA_padding_check_none(to, num, buf, i, num);
memcpy(to, buf, (r = i));
break;
default:
RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);

2
crypto/rsa/rsa_gen.c
View File

@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
if (BN_copy(rsa->e, e_value) == NULL)
goto err;
BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
BN_set_flags(r2, BN_FLG_CONSTTIME);
/* generate p and q */
for (;;) {

41
crypto/rsa/rsa_oaep.c
View File

@@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
int plen, const EVP_MD *md,
const EVP_MD *mgf1md)
{
int i, dblen, mlen = -1, one_index = 0, msg_index;
int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
unsigned int good, found_one_byte;
const unsigned char *maskedseed, *maskeddb;
/*
@@ -153,32 +153,41 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
dblen = num - mdlen - 1;
db = OPENSSL_malloc(dblen);
em = OPENSSL_malloc(num);
if (db == NULL || em == NULL) {
if (db == NULL) {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
goto cleanup;
}
/*
* Always do this zero-padding copy (even when num == flen) to avoid
* leaking that information. The copy still leaks some side-channel
* information, but it's impossible to have a fixed memory access
* pattern since we can't read out of the bounds of |from|.
*
* TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
*/
memset(em, 0, num);
memcpy(em + num - flen, from, flen);
if (flen != num) {
em = OPENSSL_malloc(num);
if (em == NULL) {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
ERR_R_MALLOC_FAILURE);
goto cleanup;
}
/*
* Caller is encouraged to pass zero-padded message created with
* BN_bn2binpad, but if it doesn't, we do this zero-padding copy
* to avoid leaking that information. The copy still leaks some
* side-channel information, but it's impossible to have a fixed
* memory access pattern since we can't read out of the bounds of
* |from|.
*/
memset(em, 0, num);
memcpy(em + num - flen, from, flen);
from = em;
}
/*
* The first byte must be zero, however we must not leak if this is
* true. See James H. Manger, "A Chosen Ciphertext Attack on RSA
* Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
*/
good = constant_time_is_zero(em[0]);
good = constant_time_is_zero(from[0]);
maskedseed = em + 1;
maskeddb = em + 1 + mdlen;
maskedseed = from + 1;
maskeddb = from + 1 + mdlen;
if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
goto cleanup;

62
crypto/rsa/rsa_pk1.c
View File

@@ -98,6 +98,27 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *p;
p = from;
/*
* The format is
* 00 || 01 || PS || 00 || D
* PS - padding string, at least 8 bytes of FF
* D - data.
*/
if (num < 11)
return -1;
/* Accept inputs with and without the leading 0-byte. */
if (num == flen) {
if ((*p++) != 0x00) {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
RSA_R_INVALID_PADDING);
return -1;
}
flen--;
}
if ((num != (flen + 1)) || (*(p++) != 01)) {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
RSA_R_BLOCK_TYPE_IS_NOT_01);
@@ -203,28 +224,31 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
if (num < 11)
goto err;
em = OPENSSL_malloc(num);
if (em == NULL) {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
return -1;
if (flen != num) {
em = OPENSSL_malloc(num);
if (em == NULL) {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
return -1;
}
/*
* Caller is encouraged to pass zero-padded message created with
* BN_bn2binpad, but if it doesn't, we do this zero-padding copy
* to avoid leaking that information. The copy still leaks some
* side-channel information, but it's impossible to have a fixed
* memory access pattern since we can't read out of the bounds of
* |from|.
*/
memset(em, 0, num);
memcpy(em + num - flen, from, flen);
from = em;
}
memset(em, 0, num);
/*
* Always do this zero-padding copy (even when num == flen) to avoid
* leaking that information. The copy still leaks some side-channel
* information, but it's impossible to have a fixed memory access
* pattern since we can't read out of the bounds of |from|.
*
* TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
*/
memcpy(em + num - flen, from, flen);
good = constant_time_is_zero(em[0]);
good &= constant_time_eq(em[1], 2);
good = constant_time_is_zero(from[0]);
good &= constant_time_eq(from[1], 2);
found_zero_byte = 0;
for (i = 2; i < num; i++) {
unsigned int equals0 = constant_time_is_zero(em[i]);
unsigned int equals0 = constant_time_is_zero(from[i]);
zero_index =
constant_time_select_int(~found_zero_byte & equals0, i,
zero_index);
@@ -232,7 +256,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
}
/*
* PS must be at least 8 bytes long, and it starts two bytes into |em|.
* PS must be at least 8 bytes long, and it starts two bytes into |from|.
* If we never found a 0-byte, then |zero_index| is 0 and the check
* also fails.
*/
@@ -261,7 +285,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
goto err;
}
memcpy(to, em + msg_index, mlen);
memcpy(to, from + msg_index, mlen);
err:
if (em != NULL) {

4
crypto/rsa/rsa_sign.c
View File

@@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
return 0;
}
#endif
if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
}
/* Special case: SSL signature, just check the length */
@@ -293,7 +293,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
}

8
crypto/rsa/rsa_ssl.c
View File

@@ -112,6 +112,14 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
return (-1);
}
/* Accept even zero-padded input */
if (flen == num) {
if (*(p++) != 0) {
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
return -1;
}
flen--;
}
if ((num != (flen + 1)) || (*(p++) != 02)) {
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
return (-1);

2
crypto/sha/asm/sha1-586.pl
View File

@@ -131,7 +131,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
`ml 2>&1` =~ /Version ([0-9]+)\./ &&
$1>=10); # first version supporting AVX
$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ &&
$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ &&
$2>=3.0); # first version supporting AVX
$shaext=$xmm; ### set to zero if compiling for 1.0.1

2
crypto/sha/asm/sha256-586.pl
View File

@@ -83,7 +83,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" &&
$avx = ($1>=10) + ($1>=11);
}
if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) {
if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}

8
crypto/ui/ui_openssl.c
View File

@@ -4,7 +4,7 @@
* OpenSSL project 2001.
*/
/* ====================================================================
* Copyright (c) 2001 The OpenSSL Project. All rights reserved.
* Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -567,17 +567,13 @@ static int echo_console(UI *ui)
{
#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
tty_new.TTY_FLAGS |= ECHO;
#endif
#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
return 0;
#endif
#ifdef OPENSSL_SYS_VMS
if (is_a_tty) {
tty_new[0] = tty_orig[0];
tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
tty_new[1] = tty_orig[1];
tty_new[2] = tty_orig[2];
status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
0, 0, 0, 0);

2
crypto/x509/x509_cmp.c
View File

@@ -219,7 +219,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
ret = a->canon_enclen - b->canon_enclen;
if (ret)
if (ret != 0 || a->canon_enclen == 0)
return ret;
return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);

16
crypto/x509/x509_lu.c
View File

@@ -311,7 +311,11 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
X509_OBJECT stmp, *tmp;
int i, j;
if (ctx == NULL)
return 0;
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
@@ -506,6 +510,10 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
STACK_OF(X509) *sk;
X509 *x;
X509_OBJECT *obj;
if (ctx->ctx == NULL)
return NULL;
sk = sk_X509_new_null();
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
@@ -551,6 +559,11 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
STACK_OF(X509_CRL) *sk;
X509_CRL *x;
X509_OBJECT *obj, xobj;
if (ctx->ctx == NULL)
return NULL;
sk = sk_X509_CRL_new_null();
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
@@ -651,6 +664,9 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
}
X509_OBJECT_free_contents(&obj);
if (ctx->ctx == NULL)
return 0;
/* Else find index of first cert accepted by 'check_issued' */
ret = 0;
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);

149
crypto/x509/x509_vfy.c
View File

@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
#include <ctype.h>
#include <stdio.h>
#include <time.h>
#include <errno.h>
@@ -1937,119 +1938,67 @@ int X509_cmp_current_time(const ASN1_TIME *ctm)
int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
{
char *str;
ASN1_TIME atm;
long offset;
char buff1[24], buff2[24], *p;
int i, j, remaining;
static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1;
ASN1_TIME *asn1_cmp_time = NULL;
int i, day, sec, ret = 0;
p = buff1;
remaining = ctm->length;
str = (char *)ctm->data;
/*
* Note that the following (historical) code allows much more slack in the
* time format than RFC5280. In RFC5280, the representation is fixed:
* Note that ASN.1 allows much more slack in the time format than RFC5280.
* In RFC5280, the representation is fixed:
* UTCTime: YYMMDDHHMMSSZ
* GeneralizedTime: YYYYMMDDHHMMSSZ
*
* We do NOT currently enforce the following RFC 5280 requirement:
* "CAs conforming to this profile MUST always encode certificate
* validity dates through the year 2049 as UTCTime; certificate validity
* dates in 2050 or later MUST be encoded as GeneralizedTime."
*/
if (ctm->type == V_ASN1_UTCTIME) {
/* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
int min_length = sizeof("YYMMDDHHMMZ") - 1;
int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
if (remaining < min_length || remaining > max_length)
switch (ctm->type) {
case V_ASN1_UTCTIME:
if (ctm->length != (int)(utctime_length))
return 0;
memcpy(p, str, 10);
p += 10;
str += 10;
remaining -= 10;
} else {
/* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
if (remaining < min_length || remaining > max_length)
break;
case V_ASN1_GENERALIZEDTIME:
if (ctm->length != (int)(generalizedtime_length))
return 0;
memcpy(p, str, 12);
p += 12;
str += 12;
remaining -= 12;
}
if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
*(p++) = '0';
*(p++) = '0';
} else {
/* SS (seconds) */
if (remaining < 2)
return 0;
*(p++) = *(str++);
*(p++) = *(str++);
remaining -= 2;
/*
* Skip any (up to three) fractional seconds...
* TODO(emilia): in RFC5280, fractional seconds are forbidden.
* Can we just kill them altogether?
*/
if (remaining && *str == '.') {
str++;
remaining--;
for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
if (*str < '0' || *str > '9')
break;
}
}
}
*(p++) = 'Z';
*(p++) = '\0';
/* We now need either a terminating 'Z' or an offset. */
if (!remaining)
break;
default:
return 0;
if (*str == 'Z') {
if (remaining != 1)
return 0;
offset = 0;
} else {
/* (+-)HHMM */
if ((*str != '+') && (*str != '-'))
return 0;
/* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
if (remaining != 5)
return 0;
if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
return 0;
offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
offset += (str[3] - '0') * 10 + (str[4] - '0');
if (*str == '-')
offset = -offset;
}
atm.type = ctm->type;
atm.flags = 0;
atm.length = sizeof(buff2);
atm.data = (unsigned char *)buff2;
if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
/**
* Verify the format: the ASN.1 functions we use below allow a more
* flexible format than what's mandated by RFC 5280.
* Digit and date ranges will be verified in the conversion methods.
*/
for (i = 0; i < ctm->length - 1; i++) {
if (!isdigit(ctm->data[i]))
return 0;
}
if (ctm->data[ctm->length - 1] != 'Z')
return 0;
if (ctm->type == V_ASN1_UTCTIME) {
i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
if (i < 50)
i += 100; /* cf. RFC 2459 */
j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
if (j < 50)
j += 100;
/*
* There is ASN1_UTCTIME_cmp_time_t but no
* ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t,
* so we go through ASN.1
*/
asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time);
if (asn1_cmp_time == NULL)
goto err;
if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
goto err;
if (i < j)
return -1;
if (i > j)
return 1;
}
i = strcmp(buff1, buff2);
if (i == 0) /* wait a second then return younger :-) */
return -1;
else
return i;
/*
* X509_cmp_time comparison is <=.
* The return value 0 is reserved for errors.
*/
ret = (day >= 0 && sec >= 0) ? -1 : 1;
err:
ASN1_TIME_free(asn1_cmp_time);
return ret;
}
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)

27
crypto/x509v3/v3_purp.c
View File

@@ -4,7 +4,7 @@
* 2001.
*/
/* ====================================================================
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -128,11 +128,10 @@ int X509_check_purpose(X509 *x, int id, int ca)
{
int idx;
const X509_PURPOSE *pt;
if (!(x->ex_flags & EXFLAG_SET)) {
CRYPTO_w_lock(CRYPTO_LOCK_X509);
x509v3_cache_extensions(x);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
}
x509v3_cache_extensions(x);
/* Return if side-effect only call */
if (id == -1)
return 1;
idx = X509_PURPOSE_get_by_id(id);
@@ -399,8 +398,16 @@ static void x509v3_cache_extensions(X509 *x)
X509_EXTENSION *ex;
int i;
if (x->ex_flags & EXFLAG_SET)
return;
CRYPTO_w_lock(CRYPTO_LOCK_X509);
if (x->ex_flags & EXFLAG_SET) {
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
return;
}
#ifndef OPENSSL_NO_SHA
X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
#endif
@@ -536,6 +543,7 @@ static void x509v3_cache_extensions(X509 *x)
}
}
x->ex_flags |= EXFLAG_SET;
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
}
/*-
@@ -578,11 +586,7 @@ static int check_ca(const X509 *x)
int X509_check_ca(X509 *x)
{
if (!(x->ex_flags & EXFLAG_SET)) {
CRYPTO_w_lock(CRYPTO_LOCK_X509);
x509v3_cache_extensions(x);
CRYPTO_w_unlock(CRYPTO_LOCK_X509);
}
x509v3_cache_extensions(x);
return check_ca(x);
}
@@ -796,6 +800,7 @@ int X509_check_issued(X509 *issuer, X509 *subject)
if (X509_NAME_cmp(X509_get_subject_name(issuer),
X509_get_issuer_name(subject)))
return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
x509v3_cache_extensions(issuer);
x509v3_cache_extensions(subject);