diff options
Diffstat (limited to 'openssl/crypto')
30 files changed, 257 insertions, 140 deletions
diff --git a/openssl/crypto/aes/asm/aes-armv4.pl b/openssl/crypto/aes/asm/aes-armv4.pl index 943ce45ff..86b86c4a0 100644 --- a/openssl/crypto/aes/asm/aes-armv4.pl +++ b/openssl/crypto/aes/asm/aes-armv4.pl @@ -408,6 +408,7 @@ _armv4_AES_encrypt: .type private_AES_set_encrypt_key,%function .align 5 private_AES_set_encrypt_key: +_armv4_AES_set_encrypt_key: sub r3,pc,#8 @ AES_set_encrypt_key teq r0,#0 moveq r0,#-1 @@ -425,7 +426,7 @@ private_AES_set_encrypt_key: bne .Labrt .Lok: stmdb sp!,{r4-r12,lr} - sub $tbl,r3,#private_AES_set_encrypt_key-AES_Te-1024 @ Te4 + sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 mov $rounds,r0 @ inp mov lr,r1 @ bits @@ -685,7 +686,7 @@ private_AES_set_encrypt_key: .align 5 private_AES_set_decrypt_key: str lr,[sp,#-4]! @ push lr - bl private_AES_set_encrypt_key + bl _armv4_AES_set_encrypt_key teq r0,#0 ldrne lr,[sp],#4 @ pop lr bne .Labrt diff --git a/openssl/crypto/aes/asm/aes-s390x.pl b/openssl/crypto/aes/asm/aes-s390x.pl index f749a52d7..445a1e676 100644 --- a/openssl/crypto/aes/asm/aes-s390x.pl +++ b/openssl/crypto/aes/asm/aes-s390x.pl @@ -783,6 +783,7 @@ $code.=<<___; .type private_AES_set_encrypt_key,\@function .align 16 private_AES_set_encrypt_key: +_s390x_AES_set_encrypt_key: lghi $t0,0 cl${g}r $inp,$t0 je .Lminus1 @@ -836,7 +837,8 @@ $code.=<<___ if (!$softonly); je 1f lg %r1,24($inp) stg %r1,24($key) -1: st $bits,236($key) # save bits +1: st $bits,236($key) # save bits [for debugging purposes] + lgr $t0,%r5 st %r5,240($key) # save km code lghi %r2,0 br %r14 @@ -844,7 +846,7 @@ ___ $code.=<<___; .align 16 .Lekey_internal: - stm${g} %r6,%r13,6*$SIZE_T($sp) # all non-volatile regs + stm${g} %r4,%r13,4*$SIZE_T($sp) # all non-volatile regs and $key larl $tbl,AES_Te+2048 @@ -904,8 +906,9 @@ $code.=<<___; la $key,16($key) # key+=4 la $t3,4($t3) # i++ brct $rounds,.L128_loop + lghi $t0,10 lghi %r2,0 - lm${g} %r6,%r13,6*$SIZE_T($sp) + lm${g} %r4,%r13,4*$SIZE_T($sp) br $ra .align 16 @@ -952,8 +955,9 @@ $code.=<<___; st $s2,32($key) st $s3,36($key) brct $rounds,.L192_continue + lghi $t0,12 lghi %r2,0 - lm${g} %r6,%r13,6*$SIZE_T($sp) + lm${g} %r4,%r13,4*$SIZE_T($sp) br $ra .align 16 @@ -1014,8 +1018,9 @@ $code.=<<___; st $s2,40($key) st $s3,44($key) brct $rounds,.L256_continue + lghi $t0,14 lghi %r2,0 - lm${g} %r6,%r13,6*$SIZE_T($sp) + lm${g} %r4,%r13,4*$SIZE_T($sp) br $ra .align 16 @@ -1066,34 +1071,26 @@ $code.=<<___; .type private_AES_set_decrypt_key,\@function .align 16 private_AES_set_decrypt_key: - st${g} $key,4*$SIZE_T($sp) # I rely on AES_set_encrypt_key to - st${g} $ra,14*$SIZE_T($sp) # save non-volatile registers! - bras $ra,AES_set_encrypt_key - l${g} $key,4*$SIZE_T($sp) + #st${g} $key,4*$SIZE_T($sp) # I rely on AES_set_encrypt_key to + st${g} $ra,14*$SIZE_T($sp) # save non-volatile registers and $key! + bras $ra,_s390x_AES_set_encrypt_key + #l${g} $key,4*$SIZE_T($sp) l${g} $ra,14*$SIZE_T($sp) ltgr %r2,%r2 bnzr $ra ___ $code.=<<___ if (!$softonly); - l $t0,240($key) + #l $t0,240($key) lhi $t1,16 cr $t0,$t1 jl .Lgo oill $t0,0x80 # set "decrypt" bit st $t0,240($key) br $ra - -.align 16 -.Ldkey_internal: - st${g} $key,4*$SIZE_T($sp) - st${g} $ra,14*$SIZE_T($sp) - bras $ra,.Lekey_internal - l${g} $key,4*$SIZE_T($sp) - l${g} $ra,14*$SIZE_T($sp) ___ $code.=<<___; - -.Lgo: llgf $rounds,240($key) +.align 16 +.Lgo: lgr $rounds,$t0 #llgf $rounds,240($key) la $i1,0($key) sllg $i2,$rounds,4 la $i2,0($i2,$key) diff --git a/openssl/crypto/aes/asm/bsaes-x86_64.pl b/openssl/crypto/aes/asm/bsaes-x86_64.pl index ff7e3afe8..c9c6312fa 100644 --- a/openssl/crypto/aes/asm/bsaes-x86_64.pl +++ b/openssl/crypto/aes/asm/bsaes-x86_64.pl @@ -65,12 +65,12 @@ # function is: # # conversion conversion/8x block -# Core 2 410 0.37 -# Nehalem 310 0.35 -# Atom 570 0.26 +# Core 2 240 0.22 +# Nehalem 180 0.20 +# Atom 430 0.19 # # The ratio values mean that 128-byte blocks will be processed -# 21-27% slower, 256-byte blocks - 12-16%, 384-byte blocks - 8-11%, +# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%, # etc. Then keep in mind that input sizes not divisible by 128 are # *effectively* slower, especially shortest ones, e.g. consecutive # 144-byte blocks are processed 44% slower than one would expect, @@ -85,6 +85,7 @@ # # Core 2 11.0 # Nehalem 9.16 +# Atom 20.9 # # November 2011. # @@ -754,7 +755,7 @@ _bsaes_encrypt8: movdqa ($key), @XMM[9] # round 0 key lea 0x10($key), $key - movdqa 0x60($const), @XMM[8] # .LM0SR + movdqa 0x50($const), @XMM[8] # .LM0SR pxor @XMM[9], @XMM[0] # xor with round0 key pxor @XMM[9], @XMM[1] pshufb @XMM[8], @XMM[0] @@ -905,46 +906,82 @@ $code.=<<___; .type _bsaes_key_convert,\@abi-omnipotent .align 16 _bsaes_key_convert: - lea .LBS1(%rip), $const + lea .Lmasks(%rip), $const movdqu ($inp), %xmm7 # load round 0 key - movdqa -0x10($const), %xmm8 # .LBS0 - movdqa 0x00($const), %xmm9 # .LBS1 - movdqa 0x10($const), %xmm10 # .LBS2 - movdqa 0x40($const), %xmm13 # .LM0 - movdqa 0x60($const), %xmm14 # .LNOT - - movdqu 0x10($inp), %xmm6 # load round 1 key lea 0x10($inp), $inp + movdqa 0x00($const), %xmm0 # 0x01... + movdqa 0x10($const), %xmm1 # 0x02... + movdqa 0x20($const), %xmm2 # 0x04... + movdqa 0x30($const), %xmm3 # 0x08... + movdqa 0x40($const), %xmm4 # .LM0 + pcmpeqd %xmm5, %xmm5 # .LNOT + + movdqu ($inp), %xmm6 # load round 1 key movdqa %xmm7, ($out) # save round 0 key lea 0x10($out), $out dec $rounds jmp .Lkey_loop .align 16 .Lkey_loop: - pshufb %xmm13, %xmm6 # .LM0 - movdqa %xmm6, %xmm7 -___ - &bitslice_key (map("%xmm$_",(0..7, 8..12))); -$code.=<<___; - pxor %xmm14, %xmm5 # "pnot" - pxor %xmm14, %xmm6 - pxor %xmm14, %xmm0 - pxor %xmm14, %xmm1 - lea 0x10($inp), $inp - movdqa %xmm0, 0x00($out) # write bit-sliced round key - movdqa %xmm1, 0x10($out) - movdqa %xmm2, 0x20($out) - movdqa %xmm3, 0x30($out) - movdqa %xmm4, 0x40($out) - movdqa %xmm5, 0x50($out) - movdqa %xmm6, 0x60($out) - movdqa %xmm7, 0x70($out) + pshufb %xmm4, %xmm6 # .LM0 + + movdqa %xmm0, %xmm8 + movdqa %xmm1, %xmm9 + + pand %xmm6, %xmm8 + pand %xmm6, %xmm9 + movdqa %xmm2, %xmm10 + pcmpeqb %xmm0, %xmm8 + psllq \$4, %xmm0 # 0x10... + movdqa %xmm3, %xmm11 + pcmpeqb %xmm1, %xmm9 + psllq \$4, %xmm1 # 0x20... + + pand %xmm6, %xmm10 + pand %xmm6, %xmm11 + movdqa %xmm0, %xmm12 + pcmpeqb %xmm2, %xmm10 + psllq \$4, %xmm2 # 0x40... + movdqa %xmm1, %xmm13 + pcmpeqb %xmm3, %xmm11 + psllq \$4, %xmm3 # 0x80... + + movdqa %xmm2, %xmm14 + movdqa %xmm3, %xmm15 + pxor %xmm5, %xmm8 # "pnot" + pxor %xmm5, %xmm9 + + pand %xmm6, %xmm12 + pand %xmm6, %xmm13 + movdqa %xmm8, 0x00($out) # write bit-sliced round key + pcmpeqb %xmm0, %xmm12 + psrlq \$4, %xmm0 # 0x01... + movdqa %xmm9, 0x10($out) + pcmpeqb %xmm1, %xmm13 + psrlq \$4, %xmm1 # 0x02... + lea 0x10($inp), $inp + + pand %xmm6, %xmm14 + pand %xmm6, %xmm15 + movdqa %xmm10, 0x20($out) + pcmpeqb %xmm2, %xmm14 + psrlq \$4, %xmm2 # 0x04... + movdqa %xmm11, 0x30($out) + pcmpeqb %xmm3, %xmm15 + psrlq \$4, %xmm3 # 0x08... + movdqu ($inp), %xmm6 # load next round key + + pxor %xmm5, %xmm13 # "pnot" + pxor %xmm5, %xmm14 + movdqa %xmm12, 0x40($out) + movdqa %xmm13, 0x50($out) + movdqa %xmm14, 0x60($out) + movdqa %xmm15, 0x70($out) lea 0x80($out),$out - movdqu ($inp), %xmm6 # load next round key dec $rounds jnz .Lkey_loop - movdqa 0x70($const), %xmm7 # .L63 + movdqa 0x50($const), %xmm7 # .L63 #movdqa %xmm6, ($out) # don't save last round key ret .size _bsaes_key_convert,.-_bsaes_key_convert @@ -2800,14 +2837,8 @@ _bsaes_const: .quad 0x0504070600030201, 0x0f0e0d0c0a09080b .LSRM0: .quad 0x0304090e00050a0f, 0x01060b0c0207080d -.LM0: - .quad 0x02060a0e03070b0f, 0x0004080c0105090d .LM0SR: .quad 0x0a0e02060f03070b, 0x0004080c05090d01 -.LNOT: # magic constants - .quad 0xffffffffffffffff, 0xffffffffffffffff -.L63: - .quad 0x6363636363636363, 0x6363636363636363 .LSWPUP: # byte-swap upper dword .quad 0x0706050403020100, 0x0c0d0e0f0b0a0908 .LSWPUPM0SR: @@ -2830,6 +2861,15 @@ _bsaes_const: .quad 0x0000000000000000, 0x0000000800000000 .Lxts_magic: .long 0x87,0,1,0 +.Lmasks: + .quad 0x0101010101010101, 0x0101010101010101 + .quad 0x0202020202020202, 0x0202020202020202 + .quad 0x0404040404040404, 0x0404040404040404 + .quad 0x0808080808080808, 0x0808080808080808 +.LM0: + .quad 0x02060a0e03070b0f, 0x0004080c0105090d +.L63: + .quad 0x6363636363636363, 0x6363636363636363 .asciz "Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov" .align 64 .size _bsaes_const,.-_bsaes_const diff --git a/openssl/crypto/aes/asm/vpaes-x86.pl b/openssl/crypto/aes/asm/vpaes-x86.pl index 84a6f6d33..1533e2c30 100644 --- a/openssl/crypto/aes/asm/vpaes-x86.pl +++ b/openssl/crypto/aes/asm/vpaes-x86.pl @@ -843,6 +843,8 @@ $k_dsbo=0x2c0; # decryption sbox final output &mov ($out,&wparam(1)); # out &mov ($round,&wparam(2)); # len &mov ($key,&wparam(3)); # key + &sub ($round,16); + &jc (&label("cbc_abort")); &lea ($base,&DWP(-56,"esp")); &mov ($const,&wparam(4)); # ivp &and ($base,-16); @@ -853,7 +855,6 @@ $k_dsbo=0x2c0; # decryption sbox final output &mov (&DWP(48,"esp"),$base); &mov (&DWP(0,"esp"),$out); # save out - &sub ($round,16); &mov (&DWP(4,"esp"),$key) # save key &mov (&DWP(8,"esp"),$const); # save ivp &mov ($out,$round); # $out works as $len @@ -896,6 +897,7 @@ $k_dsbo=0x2c0; # decryption sbox final output &mov ($base,&DWP(8,"esp")); # restore ivp &mov ("esp",&DWP(48,"esp")); &movdqu (&QWP(0,$base),"xmm1"); # write IV +&set_label("cbc_abort"); &function_end("${PREFIX}_cbc_encrypt"); &asm_finish(); diff --git a/openssl/crypto/aes/asm/vpaes-x86_64.pl b/openssl/crypto/aes/asm/vpaes-x86_64.pl index 025470223..37998db5e 100644 --- a/openssl/crypto/aes/asm/vpaes-x86_64.pl +++ b/openssl/crypto/aes/asm/vpaes-x86_64.pl @@ -263,7 +263,7 @@ _vpaes_decrypt_core: pshufb %xmm2, %xmm4 # 4 = sbou pxor %xmm0, %xmm4 # 4 = sb1u + k movdqa 0x70(%r10), %xmm0 # 0 : sbot - movdqa .Lk_sr-.Lk_dsbd(%r11), %xmm2 + movdqa -0x160(%r11), %xmm2 # .Lk_sr-.Lk_dsbd=-0x160 pshufb %xmm3, %xmm0 # 0 = sb1t pxor %xmm4, %xmm0 # 0 = A pshufb %xmm2, %xmm0 @@ -869,6 +869,8 @@ ${PREFIX}_cbc_encrypt: ___ ($len,$key)=($key,$len); $code.=<<___; + sub \$16,$len + jc .Lcbc_abort ___ $code.=<<___ if ($win64); lea -0xb8(%rsp),%rsp @@ -887,7 +889,6 @@ ___ $code.=<<___; movdqu ($ivp),%xmm6 # load IV sub $inp,$out - sub \$16,$len call _vpaes_preheat cmp \$0,${enc}d je .Lcbc_dec_loop @@ -932,6 +933,7 @@ $code.=<<___ if ($win64); .Lcbc_epilogue: ___ $code.=<<___; +.Lcbc_abort: ret .size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt ___ diff --git a/openssl/crypto/asn1/a_d2i_fp.c b/openssl/crypto/asn1/a_d2i_fp.c index ece40bc4c..52b2ebdb6 100644 --- a/openssl/crypto/asn1/a_d2i_fp.c +++ b/openssl/crypto/asn1/a_d2i_fp.c @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <limits.h> #include "cryptlib.h" #include <openssl/buffer.h> #include <openssl/asn1_mac.h> @@ -143,17 +144,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) BUF_MEM *b; unsigned char *p; int i; - int ret=-1; ASN1_const_CTX c; - int want=HEADER_SIZE; + size_t want=HEADER_SIZE; int eos=0; -#if defined(__GNUC__) && defined(__ia64) - /* pathetic compiler bug in all known versions as of Nov. 2002 */ - long off=0; -#else - int off=0; -#endif - int len=0; + size_t off=0; + size_t len=0; b=BUF_MEM_new(); if (b == NULL) @@ -169,7 +164,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { want-=(len-off); - if (!BUF_MEM_grow_clean(b,len+want)) + if (len + want < len || !BUF_MEM_grow_clean(b,len+want)) { ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; @@ -181,7 +176,14 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) goto err; } if (i > 0) + { + if (len+i < len) + { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); + goto err; + } len+=i; + } } /* else data already loaded */ @@ -206,6 +208,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) { /* no data body so go round again */ eos++; + if (eos < 0) + { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG); + goto err; + } want=HEADER_SIZE; } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) @@ -220,10 +227,16 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) else { /* suck in c.slen bytes of data */ - want=(int)c.slen; + want=c.slen; if (want > (len-off)) { want-=(len-off); + if (want > INT_MAX /* BIO_read takes an int length */ || + len+want < len) + { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); + goto err; + } if (!BUF_MEM_grow_clean(b,len+want)) { ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); @@ -238,11 +251,18 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) ASN1_R_NOT_ENOUGH_DATA); goto err; } + /* This can't overflow because + * |len+want| didn't overflow. */ len+=i; - want -= i; + want-=i; } } - off+=(int)c.slen; + if (off + c.slen < off) + { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); + goto err; + } + off+=c.slen; if (eos <= 0) { break; @@ -252,9 +272,15 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) } } + if (off > INT_MAX) + { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); + goto err; + } + *pb = b; return off; err: if (b != NULL) BUF_MEM_free(b); - return(ret); + return -1; } diff --git a/openssl/crypto/asn1/tasn_prn.c b/openssl/crypto/asn1/tasn_prn.c index 453698012..542a091a6 100644 --- a/openssl/crypto/asn1/tasn_prn.c +++ b/openssl/crypto/asn1/tasn_prn.c @@ -446,11 +446,11 @@ static int asn1_print_fsname(BIO *out, int indent, return 1; } -static int asn1_print_boolean_ctx(BIO *out, const int bool, +static int asn1_print_boolean_ctx(BIO *out, int boolval, const ASN1_PCTX *pctx) { const char *str; - switch (bool) + switch (boolval) { case -1: str = "BOOL ABSENT"; @@ -574,10 +574,10 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, { case V_ASN1_BOOLEAN: { - int bool = *(int *)fld; - if (bool == -1) - bool = it->size; - ret = asn1_print_boolean_ctx(out, bool, pctx); + int boolval = *(int *)fld; + if (boolval == -1) + boolval = it->size; + ret = asn1_print_boolean_ctx(out, boolval, pctx); } break; diff --git a/openssl/crypto/bio/b_sock.c b/openssl/crypto/bio/b_sock.c index d47310d65..41f958be7 100644 --- a/openssl/crypto/bio/b_sock.c +++ b/openssl/crypto/bio/b_sock.c @@ -960,7 +960,6 @@ int BIO_set_tcp_ndelay(int s, int on) #endif return(ret == 0); } -#endif int BIO_socket_nbio(int s, int mode) { @@ -973,3 +972,4 @@ int BIO_socket_nbio(int s, int mode) #endif return(ret == 0); } +#endif diff --git a/openssl/crypto/bio/bio_lib.c b/openssl/crypto/bio/bio_lib.c index e12bc3a2c..9c9646afa 100644 --- a/openssl/crypto/bio/bio_lib.c +++ b/openssl/crypto/bio/bio_lib.c @@ -521,40 +521,40 @@ void BIO_free_all(BIO *bio) BIO *BIO_dup_chain(BIO *in) { - BIO *ret=NULL,*eoc=NULL,*bio,*new; + BIO *ret=NULL,*eoc=NULL,*bio,*new_bio; for (bio=in; bio != NULL; bio=bio->next_bio) { - if ((new=BIO_new(bio->method)) == NULL) goto err; - new->callback=bio->callback; - new->cb_arg=bio->cb_arg; - new->init=bio->init; - new->shutdown=bio->shutdown; - new->flags=bio->flags; + if ((new_bio=BIO_new(bio->method)) == NULL) goto err; + new_bio->callback=bio->callback; + new_bio->cb_arg=bio->cb_arg; + new_bio->init=bio->init; + new_bio->shutdown=bio->shutdown; + new_bio->flags=bio->flags; /* This will let SSL_s_sock() work with stdin/stdout */ - new->num=bio->num; + new_bio->num=bio->num; - if (!BIO_dup_state(bio,(char *)new)) + if (!BIO_dup_state(bio,(char *)new_bio)) { - BIO_free(new); + BIO_free(new_bio); goto err; } /* copy app data */ - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, &bio->ex_data)) goto err; if (ret == NULL) { - eoc=new; + eoc=new_bio; ret=eoc; } else { - BIO_push(eoc,new); - eoc=new; + BIO_push(eoc,new_bio); + eoc=new_bio; } } return(ret); diff --git a/openssl/crypto/bn/bn_gf2m.c b/openssl/crypto/bn/bn_gf2m.c index 08ab9fd22..8a4dc20ad 100644 --- a/openssl/crypto/bn/bn_gf2m.c +++ b/openssl/crypto/bn/bn_gf2m.c @@ -628,8 +628,11 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } if (ubits==vbits) { - bn_correct_top(u); - ubits = BN_num_bits(u); + BN_ULONG ul; + int utop = (ubits-1)/BN_BITS2; + + while ((ul=udp[utop])==0 && utop) utop--; + ubits = utop*BN_BITS2 + BN_num_bits_word(ul); } } bn_correct_top(b); diff --git a/openssl/crypto/buffer/buffer.c b/openssl/crypto/buffer/buffer.c index f4b358bbb..d7aa79ad7 100644 --- a/openssl/crypto/buffer/buffer.c +++ b/openssl/crypto/buffer/buffer.c @@ -60,6 +60,11 @@ #include "cryptlib.h" #include <openssl/buffer.h> +/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That + * function is applied in several functions in this file and this limit ensures + * that the result fits in an int. */ +#define LIMIT_BEFORE_EXPANSION 0x5ffffffc + BUF_MEM *BUF_MEM_new(void) { BUF_MEM *ret; @@ -105,6 +110,12 @@ int BUF_MEM_grow(BUF_MEM *str, size_t len) str->length=len; return(len); } + /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ + if (len > LIMIT_BEFORE_EXPANSION) + { + BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); + return 0; + } n=(len+3)/3*4; if (str->data == NULL) ret=OPENSSL_malloc(n); @@ -142,6 +153,12 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len) str->length=len; return(len); } + /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ + if (len > LIMIT_BEFORE_EXPANSION) + { + BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); + return 0; + } n=(len+3)/3*4; if (str->data == NULL) ret=OPENSSL_malloc(n); diff --git a/openssl/crypto/cmac/cmac.c b/openssl/crypto/cmac/cmac.c index b58602680..8b72b0968 100644 --- a/openssl/crypto/cmac/cmac.c +++ b/openssl/crypto/cmac/cmac.c @@ -179,6 +179,8 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 0; if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) return 0; + memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx)); + ctx->nlast_block = 0; return 1; } /* Initialiase context */ diff --git a/openssl/crypto/cms/cms_enc.c b/openssl/crypto/cms/cms_enc.c index 580083b45..f873ce379 100644 --- a/openssl/crypto/cms/cms_enc.c +++ b/openssl/crypto/cms/cms_enc.c @@ -139,10 +139,10 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; } + tkeylen = EVP_CIPHER_CTX_key_length(ctx); /* Generate random session key */ if (!enc || !ec->key) { - tkeylen = EVP_CIPHER_CTX_key_length(ctx); tkey = OPENSSL_malloc(tkeylen); if (!tkey) { @@ -174,7 +174,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) /* Only reveal failure if debugging so we don't * leak information which may be useful in MMA. */ - if (ec->debug) + if (enc || ec->debug) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_INVALID_KEY_LENGTH); diff --git a/openssl/crypto/evp/Makefile b/openssl/crypto/evp/Makefile index 9c79f66f5..0fe1b96bf 100644 --- a/openssl/crypto/evp/Makefile +++ b/openssl/crypto/evp/Makefile @@ -211,6 +211,7 @@ e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h e_aes_cbc_hmac_sha1.c +e_aes_cbc_hmac_sha1.o: evp_locl.h e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c index 278c6caa2..710fb79ba 100644 --- a/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -83,6 +83,8 @@ typedef struct } aux; } EVP_AES_HMAC_SHA1; +#define NO_PAYLOAD_LENGTH ((size_t)-1) + #if defined(AES_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) || \ @@ -124,7 +126,7 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, key->tail = key->head; key->md = key->head; - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return ret<0?0:1; } @@ -185,7 +187,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (len%AES_BLOCK_SIZE) return 0; if (ctx->encrypt) { - if (plen==0) + if (plen==NO_PAYLOAD_LENGTH) plen = len; else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE)) return 0; @@ -271,7 +273,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return 1; } diff --git a/openssl/crypto/evp/e_rc4_hmac_md5.c b/openssl/crypto/evp/e_rc4_hmac_md5.c index eaa7a5312..56563191b 100644 --- a/openssl/crypto/evp/e_rc4_hmac_md5.c +++ b/openssl/crypto/evp/e_rc4_hmac_md5.c @@ -75,6 +75,8 @@ typedef struct size_t payload_length; } EVP_RC4_HMAC_MD5; +#define NO_PAYLOAD_LENGTH ((size_t)-1) + void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out, MD5_CTX *ctx,const void *inp,size_t blocks); @@ -93,7 +95,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, key->tail = key->head; key->md = key->head; - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return 1; } @@ -120,18 +122,20 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, md5_off = MD5_CBLOCK-key->md.num, blocks; unsigned int l; + extern unsigned int OPENSSL_ia32cap_P[]; #endif size_t plen = key->payload_length; - if (plen && len!=(plen+MD5_DIGEST_LENGTH)) return 0; + if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0; if (ctx->encrypt) { - if (plen==0) plen = len; + if (plen==NO_PAYLOAD_LENGTH) plen = len; #if defined(STITCHED_CALL) /* cipher has to "fall behind" */ if (rc4_off>md5_off) md5_off+=MD5_CBLOCK; - if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK)) { + if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) && + (OPENSSL_ia32cap_P[0]&(1<<20))==0) { MD5_Update(&key->md,in,md5_off); RC4(&key->ks,rc4_off,in,out); @@ -171,7 +175,8 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (md5_off>rc4_off) rc4_off += 2*MD5_CBLOCK; else rc4_off += MD5_CBLOCK; - if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK)) { + if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) && + (OPENSSL_ia32cap_P[0]&(1<<20))==0) { RC4(&key->ks,rc4_off,in,out); MD5_Update(&key->md,out,md5_off); @@ -191,7 +196,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #endif /* decrypt HMAC at once */ RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off); - if (plen) { /* "TLS" mode of operation */ + if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ MD5_Update(&key->md,out+md5_off,plen-md5_off); /* calculate HMAC and verify it */ @@ -207,7 +212,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } } - key->payload_length = 0; + key->payload_length = NO_PAYLOAD_LENGTH; return 1; } diff --git a/openssl/crypto/evp/evp_enc.c b/openssl/crypto/evp/evp_enc.c index 691072655..0c54f05e6 100644 --- a/openssl/crypto/evp/evp_enc.c +++ b/openssl/crypto/evp/evp_enc.c @@ -170,8 +170,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp #endif #ifdef OPENSSL_FIPS - return FIPS_cipherinit(ctx, cipher, key, iv, enc); -#else + if (FIPS_mode()) + return FIPS_cipherinit(ctx, cipher, key, iv, enc); +#endif ctx->cipher=cipher; if (ctx->cipher->ctx_size) { @@ -196,7 +197,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp return 0; } } -#endif } else if(!ctx->cipher) { @@ -207,8 +207,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp skip_to_init: #endif #ifdef OPENSSL_FIPS - return FIPS_cipherinit(ctx, cipher, key, iv, enc); -#else + if (FIPS_mode()) + return FIPS_cipherinit(ctx, cipher, key, iv, enc); +#endif /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 @@ -255,7 +256,6 @@ skip_to_init: ctx->final_used=0; ctx->block_mask=ctx->cipher->block_size-1; return 1; -#endif } int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, diff --git a/openssl/crypto/evp/p5_crpt.c b/openssl/crypto/evp/p5_crpt.c index 7d9c1f012..294cc90d8 100644 --- a/openssl/crypto/evp/p5_crpt.c +++ b/openssl/crypto/evp/p5_crpt.c @@ -138,5 +138,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); rv = 1; err: + EVP_MD_CTX_cleanup(&ctx); return rv; } diff --git a/openssl/crypto/mem.c b/openssl/crypto/mem.c index 8f736c3b1..21c001138 100644 --- a/openssl/crypto/mem.c +++ b/openssl/crypto/mem.c @@ -363,6 +363,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, if (num <= 0) return NULL; + /* We don't support shrinking the buffer. Note the memcpy that copies + * |old_len| bytes to the new buffer, below. */ + if (num < old_len) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret=malloc_ex_func(num,file,line); diff --git a/openssl/crypto/modes/asm/ghash-s390x.pl b/openssl/crypto/modes/asm/ghash-s390x.pl index 48cb08d33..6a40d5d89 100644 --- a/openssl/crypto/modes/asm/ghash-s390x.pl +++ b/openssl/crypto/modes/asm/ghash-s390x.pl @@ -138,7 +138,7 @@ $code.=<<___ if(!$softonly); .align 32 .Lsoft_ghash: ___ -$cdoe.=<<___ if ($flavour =~ /3[12]/); +$code.=<<___ if ($flavour =~ /3[12]/); llgfr $len,$len ___ $code.=<<___; diff --git a/openssl/crypto/modes/modes_lcl.h b/openssl/crypto/modes/modes_lcl.h index 7a82a981c..b6dc3c336 100644 --- a/openssl/crypto/modes/modes_lcl.h +++ b/openssl/crypto/modes/modes_lcl.h @@ -45,7 +45,7 @@ typedef unsigned char u8; # define BSWAP4(x) ({ u32 ret=(x); \ asm ("bswapl %0" \ : "+r"(ret)); ret; }) -# elif (defined(__i386) || defined(__i386__)) +# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) # define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ asm ("bswapl %0; bswapl %1" \ : "+r"(hi),"+r"(lo)); \ diff --git a/openssl/crypto/o_fips.c b/openssl/crypto/o_fips.c index 6a8239575..f6d1b2185 100644 --- a/openssl/crypto/o_fips.c +++ b/openssl/crypto/o_fips.c @@ -64,6 +64,7 @@ int FIPS_mode(void) { + OPENSSL_init(); #ifdef OPENSSL_FIPS return FIPS_module_mode(); #else diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h index bf4255607..71be3590a 100644 --- a/openssl/crypto/opensslv.h +++ b/openssl/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000100fL +#define OPENSSL_VERSION_NUMBER 0x1000103fL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1-fips 14 Mar 2012" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c-fips 10 May 2012" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1 14 Mar 2012" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1c 10 May 2012" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl/crypto/perlasm/x86masm.pl b/openssl/crypto/perlasm/x86masm.pl index 3af045396..96b1b73e1 100644 --- a/openssl/crypto/perlasm/x86masm.pl +++ b/openssl/crypto/perlasm/x86masm.pl @@ -16,7 +16,7 @@ sub ::generic # fix hexadecimal constants for (@arg) { s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/oi; } - if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+([^\[]+)$/$1/) # no [] + if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/) # no [] { $opcode="mov"; } elsif ($opcode !~ /movq/) { # fix xmm references diff --git a/openssl/crypto/pkcs7/pk7_doit.c b/openssl/crypto/pkcs7/pk7_doit.c index fae8eda46..77fda3b82 100644 --- a/openssl/crypto/pkcs7/pk7_doit.c +++ b/openssl/crypto/pkcs7/pk7_doit.c @@ -430,6 +430,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) STACK_OF(X509_ALGOR) *md_sk=NULL; STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; PKCS7_RECIP_INFO *ri=NULL; + unsigned char *ek = NULL, *tkey = NULL; + int eklen = 0, tkeylen = 0; i=OBJ_obj2nid(p7->type); p7->state=PKCS7_S_HEADER; @@ -507,8 +509,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) int max; X509_OBJECT ret; #endif - unsigned char *ek = NULL, *tkey = NULL; - int eklen, tkeylen; if ((etmp=BIO_new(BIO_f_cipher())) == NULL) { @@ -609,11 +609,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) { OPENSSL_cleanse(ek,eklen); OPENSSL_free(ek); + ek = NULL; } if (tkey) { OPENSSL_cleanse(tkey,tkeylen); OPENSSL_free(tkey); + tkey = NULL; } if (out == NULL) @@ -656,6 +658,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) if (0) { err: + if (ek) + { + OPENSSL_cleanse(ek,eklen); + OPENSSL_free(ek); + } + if (tkey) + { + OPENSSL_cleanse(tkey,tkeylen); + OPENSSL_free(tkey); + } if (out != NULL) BIO_free_all(out); if (btmp != NULL) BIO_free_all(btmp); if (etmp != NULL) BIO_free_all(etmp); diff --git a/openssl/crypto/ppccpuid.pl b/openssl/crypto/ppccpuid.pl index 067746947..4ba736a1d 100644 --- a/openssl/crypto/ppccpuid.pl +++ b/openssl/crypto/ppccpuid.pl @@ -105,7 +105,7 @@ Ladd: lwarx r5,0,r3 Little: mtctr r4 stb r0,0(r3) addi r3,r3,1 - bdnz- \$-8 + bdnz \$-8 blr Lot: andi. r5,r3,3 beq Laligned @@ -118,7 +118,7 @@ Laligned: mtctr r5 stw r0,0(r3) addi r3,r3,4 - bdnz- \$-8 + bdnz \$-8 andi. r4,r4,3 bne Little blr diff --git a/openssl/crypto/rc4/asm/rc4-s390x.pl b/openssl/crypto/rc4/asm/rc4-s390x.pl index 1aa754820..7528ece13 100644 --- a/openssl/crypto/rc4/asm/rc4-s390x.pl +++ b/openssl/crypto/rc4/asm/rc4-s390x.pl @@ -171,10 +171,10 @@ $ikey="%r7"; $iinp="%r8"; $code.=<<___; -.globl RC4_set_key -.type RC4_set_key,\@function +.globl private_RC4_set_key +.type private_RC4_set_key,\@function .align 64 -RC4_set_key: +private_RC4_set_key: stm${g} %r6,%r8,6*$SIZE_T($sp) lhi $cnt,256 la $idx,0(%r0) @@ -210,7 +210,7 @@ RC4_set_key: .Ldone: lm${g} %r6,%r8,6*$SIZE_T($sp) br $rp -.size RC4_set_key,.-RC4_set_key +.size private_RC4_set_key,.-private_RC4_set_key ___ } diff --git a/openssl/crypto/rsa/Makefile b/openssl/crypto/rsa/Makefile index ec9c74d78..f798d2f74 100644 --- a/openssl/crypto/rsa/Makefile +++ b/openssl/crypto/rsa/Makefile @@ -225,11 +225,12 @@ rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -rsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -rsa_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -rsa_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -rsa_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_pmeth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h +rsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +rsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_pmeth.o: ../../include/openssl/objects.h rsa_pmeth.o: ../../include/openssl/opensslconf.h rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h diff --git a/openssl/crypto/ui/ui.h b/openssl/crypto/ui/ui.h index 2b1cfa228..bd78aa413 100644 --- a/openssl/crypto/ui/ui.h +++ b/openssl/crypto/ui/ui.h @@ -316,7 +316,7 @@ int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*); int (*UI_method_get_flusher(UI_METHOD *method))(UI*); int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*); int (*UI_method_get_closer(UI_METHOD *method))(UI*); -char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*); +char * (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*); /* The following functions are helpers for method writers to access relevant data from a UI_STRING. */ diff --git a/openssl/crypto/x509/x509_lu.c b/openssl/crypto/x509/x509_lu.c index 3a6e04a1d..38525a8cd 100644 --- a/openssl/crypto/x509/x509_lu.c +++ b/openssl/crypto/x509/x509_lu.c @@ -87,7 +87,7 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx) if (ctx == NULL) return; if ( (ctx->method != NULL) && (ctx->method->free != NULL)) - ctx->method->free(ctx); + (*ctx->method->free)(ctx); OPENSSL_free(ctx); } |