Module Name: src
Committed By: christos
Date: Sat Dec 8 22:35:45 UTC 2018
Modified Files:
src/crypto/external/bsd/openssl/dist: CHANGES Configure NEWS README
e_os.h
src/crypto/external/bsd/openssl/dist/apps: ca.c ocsp.c openssl.cnf
s_server.c speed.c
src/crypto/external/bsd/openssl/dist/crypto: cryptlib.c
src/crypto/external/bsd/openssl/dist/crypto/bio: bio_lib.c bss_log.c
src/crypto/external/bsd/openssl/dist/crypto/bn: bn_exp.c bn_lib.c
src/crypto/external/bsd/openssl/dist/crypto/bn/asm: x86_64-gcc.c
src/crypto/external/bsd/openssl/dist/crypto/ec: ec_ameth.c
src/crypto/external/bsd/openssl/dist/crypto/engine: eng_devcrypto.c
src/crypto/external/bsd/openssl/dist/crypto/evp: e_aes.c
src/crypto/external/bsd/openssl/dist/crypto/rand: rand_unix.c
randfile.c
src/crypto/external/bsd/openssl/dist/crypto/rsa: rsa_lib.c
src/crypto/external/bsd/openssl/dist/crypto/ui: ui_openssl.c
src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c
src/crypto/external/bsd/openssl/dist/include/internal: tsan_assist.h
src/crypto/external/bsd/openssl/dist/ssl: d1_lib.c s3_cbc.c s3_enc.c
s3_lib.c ssl_ciph.c ssl_lib.c ssl_locl.h t1_lib.c
src/crypto/external/bsd/openssl/dist/test: ecdsatest.c evp_extra_test.c
evp_test.c
src/crypto/external/bsd/openssl/dist/util: mkdef.pl
src/crypto/external/bsd/openssl/lib/libcrypto: crypto.inc
Removed Files:
src/crypto/external/bsd/openssl/dist/doc/man3:
SSL_CTX_set_client_CA_list.pod SSL_get_client_CA_list.pod
SSL_get_server_tmp_key.pod
Log Message:
Merge conflicts
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssl/dist/CHANGES \
src/crypto/external/bsd/openssl/dist/NEWS \
src/crypto/external/bsd/openssl/dist/README
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssl/dist/Configure
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssl/dist/e_os.h
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssl/dist/apps/ca.c \
src/crypto/external/bsd/openssl/dist/apps/s_server.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssl/dist/apps/ocsp.c
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/openssl/dist/apps/openssl.cnf
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssl/dist/apps/speed.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c
cvs rdiff -u -r1.5 -r1.6 \
src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/bio/bss_log.c
cvs rdiff -u -r1.17 -r1.18 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gcc.c
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/external/bsd/openssl/dist/crypto/ec/ec_ameth.c
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c
cvs rdiff -u -r1.16 -r1.17 \
src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
cvs rdiff -u -r1.14 -r1.15 \
src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
cvs rdiff -u -r1.1.1.1 -r0 \
src/crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_client_CA_list.pod \
src/crypto/external/bsd/openssl/dist/doc/man3/SSL_get_client_CA_list.pod \
src/crypto/external/bsd/openssl/dist/doc/man3/SSL_get_server_tmp_key.pod
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/include/internal/tsan_assist.h
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c \
src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c \
src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
cvs rdiff -u -r1.16 -r1.17 \
src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h
cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssl/dist/test/ecdsatest.c
cvs rdiff -u -r1.4 -r1.5 \
src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c \
src/crypto/external/bsd/openssl/dist/test/evp_test.c
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssl/dist/util/mkdef.pl
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/openssl/lib/libcrypto/crypto.inc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/CHANGES
diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.17 src/crypto/external/bsd/openssl/dist/CHANGES:1.18
--- src/crypto/external/bsd/openssl/dist/CHANGES:1.17 Sun Sep 23 09:32:54 2018
+++ src/crypto/external/bsd/openssl/dist/CHANGES Sat Dec 8 17:35:42 2018
@@ -7,6 +7,42 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
+
+ *) Timing vulnerability in DSA signature generation
+
+ The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+ timing side channel attack. An attacker could use variations in the signing
+ algorithm to recover the private key.
+
+ This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+ (CVE-2018-0734)
+ [Paul Dale]
+
+ *) Timing vulnerability in ECDSA signature generation
+
+ The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
+ timing side channel attack. An attacker could use variations in the signing
+ algorithm to recover the private key.
+
+ This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
+ (CVE-2018-0735)
+ [Paul Dale]
+
+ *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
+ the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
+ are retained for backwards compatibility.
+ [Antoine Salon]
+
+ *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
+ if its length exceeds 4096 bytes. The limit has been raised to a buffer size
+ of two gigabytes and the error handling improved.
+
+ This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been
+ categorized as a normal bug, not a security issue, because the DRBG reseeds
+ automatically and is fully functional even without additional randomness
+ provided by the application.
+
Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
*) Add a new ClientHello callback. Provides a callback interface that gives
@@ -13103,4 +13139,3 @@ des-cbc 3624.96k 5258.21k
*) A minor bug in ssl/s3_clnt.c where there would always be 4 0
bytes sent in the client random.
[Edward Bishop <ebis...@spyglass.com>]
-
Index: src/crypto/external/bsd/openssl/dist/NEWS
diff -u src/crypto/external/bsd/openssl/dist/NEWS:1.17 src/crypto/external/bsd/openssl/dist/NEWS:1.18
--- src/crypto/external/bsd/openssl/dist/NEWS:1.17 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/NEWS Sat Dec 8 17:35:42 2018
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
+
+ o Timing vulnerability in DSA signature generation (CVE-2018-0734)
+ o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
+
Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
Index: src/crypto/external/bsd/openssl/dist/README
diff -u src/crypto/external/bsd/openssl/dist/README:1.17 src/crypto/external/bsd/openssl/dist/README:1.18
--- src/crypto/external/bsd/openssl/dist/README:1.17 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/README Sat Dec 8 17:35:42 2018
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1 11 Sep 2018
+ OpenSSL 1.1.1a 20 Nov 2018
Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Index: src/crypto/external/bsd/openssl/dist/Configure
diff -u src/crypto/external/bsd/openssl/dist/Configure:1.21 src/crypto/external/bsd/openssl/dist/Configure:1.22
--- src/crypto/external/bsd/openssl/dist/Configure:1.21 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/Configure Sat Dec 8 17:35:42 2018
@@ -1013,13 +1013,18 @@ if (scalar(@seed_sources) == 0) {
if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
warn <<_____ if scalar(@seed_sources) == 1;
-You have selected the --with-rand-seed=none option, which effectively disables
-automatic reseeding of the OpenSSL random generator. All operations depending
-on the random generator such as creating keys will not work unless the random
-generator is seeded manually by the application.
-Please read the 'Note on random number generation' section in the INSTALL
-instructions and the RAND_DRBG(7) manual page for more details.
+============================== WARNING ===============================
+You have selected the --with-rand-seed=none option, which effectively
+disables automatic reseeding of the OpenSSL random generator.
+All operations depending on the random generator such as creating keys
+will not work unless the random generator is seeded manually by the
+application.
+
+Please read the 'Note on random number generation' section in the
+INSTALL instructions and the RAND_DRBG(7) manual page for more details.
+============================== WARNING ===============================
+
_____
}
push @{$config{openssl_other_defines}},
@@ -2174,6 +2179,16 @@ EOF
# Massage the result
+ # If the user configured no-shared, we allow no shared sources
+ if ($disabled{shared}) {
+ foreach (keys %{$unified_info{shared_sources}}) {
+ foreach (keys %{$unified_info{shared_sources}->{$_}}) {
+ delete $unified_info{sources}->{$_};
+ }
+ }
+ $unified_info{shared_sources} = {};
+ }
+
# If we depend on a header file or a perl module, add an inclusion of
# its directory to allow smoothe inclusion
foreach my $dest (keys %{$unified_info{depends}}) {
@@ -2198,8 +2213,8 @@ EOF
next unless defined($unified_info{includes}->{$dest}->{$k});
my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
foreach my $obj (grep /\.o$/,
- (keys %{$unified_info{sources}->{$dest}},
- keys %{$unified_info{shared_sources}->{$dest}})) {
+ (keys %{$unified_info{sources}->{$dest} // {}},
+ keys %{$unified_info{shared_sources}->{$dest} // {}})) {
foreach my $inc (@incs) {
unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
@@ -2238,6 +2253,42 @@ EOF
[ @{$unified_info{includes}->{$dest}->{source}} ];
}
}
+
+ # For convenience collect information regarding directories where
+ # files are generated, those generated files and the end product
+ # they end up in where applicable. Then, add build rules for those
+ # directories
+ my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ],
+ "dso" => [ @{$unified_info{engines}} ],
+ "bin" => [ @{$unified_info{programs}} ],
+ "script" => [ @{$unified_info{scripts}} ] );
+ foreach my $type (keys %loopinfo) {
+ foreach my $product (@{$loopinfo{$type}}) {
+ my %dirs = ();
+ my $pd = dirname($product);
+
+ foreach (@{$unified_info{sources}->{$product} // []},
+ @{$unified_info{shared_sources}->{$product} // []}) {
+ my $d = dirname($_);
+
+ # We don't want to create targets for source directories
+ # when building out of source
+ next if ($config{sourcedir} ne $config{builddir}
+ && $d =~ m|^\Q$config{sourcedir}\E|);
+ # We already have a "test" target, and the current directory
+ # is just silly to make a target for
+ next if $d eq "test" || $d eq ".";
+
+ $dirs{$d} = 1;
+ push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
+ if $d ne $pd;
+ }
+ foreach (keys %dirs) {
+ push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
+ $product;
+ }
+ }
+ }
}
# For the schemes that need it, we provide the old *_obj configs
@@ -2712,10 +2763,16 @@ print <<"EOF";
**********************************************************************
*** ***
-*** If you want to report a building issue, please include the ***
-*** output from this command: ***
+*** OpenSSL has been successfully configured ***
+*** ***
+*** If you encounter a problem while building, please open an ***
+*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
+*** and include the output from the following command: ***
+*** ***
+*** perl configdata.pm --dump ***
*** ***
-*** perl configdata.pm --dump ***
+*** (If you are new to OpenSSL, you might want to consult the ***
+*** 'Troubleshooting' section in the INSTALL file first) ***
*** ***
**********************************************************************
EOF
Index: src/crypto/external/bsd/openssl/dist/e_os.h
diff -u src/crypto/external/bsd/openssl/dist/e_os.h:1.11 src/crypto/external/bsd/openssl/dist/e_os.h:1.12
--- src/crypto/external/bsd/openssl/dist/e_os.h:1.11 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/e_os.h Sat Dec 8 17:35:42 2018
@@ -245,7 +245,7 @@ extern FILE *_imp___iob;
Finally, we add the VMS C facility code 0x35a000, because there are some
programs, such as Perl, that will reinterpret the code back to something
- POSIXly. 'man perlvms' explains it further.
+ POSIX. 'man perlvms' explains it further.
NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
codes (status type = 1). I couldn't disagree more. Fortunately, the
@@ -317,8 +317,15 @@ struct servent *getservbyname(const char
# endif
/* end vxworks */
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-# define CRYPTO_memcmp memcmp
-#endif
+# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+# define CRYPTO_memcmp memcmp
+# endif
+/* unistd.h defines _POSIX_VERSION */
+# if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
+ && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
+ || defined(__sun) || defined(__hpux) || defined(__sgi) \
+ || defined(__osf__) )
+# define OPENSSL_SECURE_MEMORY /* secure memory is implemented */
+# endif
#endif
Index: src/crypto/external/bsd/openssl/dist/apps/ca.c
diff -u src/crypto/external/bsd/openssl/dist/apps/ca.c:1.17 src/crypto/external/bsd/openssl/dist/apps/ca.c:1.18
--- src/crypto/external/bsd/openssl/dist/apps/ca.c:1.17 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/apps/ca.c Sat Dec 8 17:35:43 2018
@@ -605,7 +605,7 @@ end_of_options:
/*
* outdir is a directory spec, but access() for VMS demands a
* filename. We could use the DEC C routine to convert the
- * directory syntax to Unixly, and give that to app_isdir,
+ * directory syntax to Unix, and give that to app_isdir,
* but for now the fopen will catch the error if it's not a
* directory
*/
@@ -976,7 +976,7 @@ end_of_options:
BIO_printf(bio_err, "Write out database with %d new entries\n",
sk_X509_num(cert_sk));
- if (!rand_ser
+ if (serialfile != NULL
&& !save_serial(serialfile, "new", serial, NULL))
goto end;
@@ -1044,7 +1044,8 @@ end_of_options:
if (sk_X509_num(cert_sk)) {
/* Rename the database and the serial file */
- if (!rotate_serial(serialfile, "new", "old"))
+ if (serialfile != NULL
+ && !rotate_serial(serialfile, "new", "old"))
goto end;
if (!rotate_index(dbfile, "new", "old"))
@@ -1177,10 +1178,9 @@ end_of_options:
}
/* we have a CRL number that need updating */
- if (crlnumberfile != NULL)
- if (!rand_ser
- && !save_serial(crlnumberfile, "new", crlnumber, NULL))
- goto end;
+ if (crlnumberfile != NULL
+ && !save_serial(crlnumberfile, "new", crlnumber, NULL))
+ goto end;
BN_free(crlnumber);
crlnumber = NULL;
@@ -1195,9 +1195,10 @@ end_of_options:
PEM_write_bio_X509_CRL(Sout, crl);
- if (crlnumberfile != NULL) /* Rename the crlnumber file */
- if (!rotate_serial(crlnumberfile, "new", "old"))
- goto end;
+ /* Rename the crlnumber file */
+ if (crlnumberfile != NULL
+ && !rotate_serial(crlnumberfile, "new", "old"))
+ goto end;
}
/*****************************************************************/
Index: src/crypto/external/bsd/openssl/dist/apps/s_server.c
diff -u src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.17 src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.18
--- src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.17 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/apps/s_server.c Sat Dec 8 17:35:43 2018
@@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl,
if (strlen(psk_identity) != identity_len
|| memcmp(psk_identity, identity, identity_len) != 0) {
- BIO_printf(bio_s_out,
- "PSK warning: client identity not what we expected"
- " (got '%s' expected '%s')\n", identity, psk_identity);
+ *sess = NULL;
+ return 1;
}
if (psksess != NULL) {
@@ -1622,6 +1621,11 @@ int s_server_main(int argc, char *argv[]
goto end;
}
#endif
+ if (early_data && (www > 0 || rev)) {
+ BIO_printf(bio_err,
+ "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
+ goto end;
+ }
#ifndef OPENSSL_NO_SCTP
if (protocol == IPPROTO_SCTP) {
Index: src/crypto/external/bsd/openssl/dist/apps/ocsp.c
diff -u src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.16 src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.17
--- src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.16 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/apps/ocsp.c Sat Dec 8 17:35:43 2018
@@ -950,6 +950,7 @@ static void spawn_loop(void)
sleep(30);
break;
case 0: /* child */
+ OPENSSL_free(kidpids);
signal(SIGINT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
if (termsig)
@@ -976,6 +977,7 @@ static void spawn_loop(void)
}
/* The loop above can only break on termsig */
+ OPENSSL_free(kidpids);
syslog(LOG_INFO, "terminating on signal: %d", termsig);
killall(0, kidpids);
}
Index: src/crypto/external/bsd/openssl/dist/apps/openssl.cnf
diff -u src/crypto/external/bsd/openssl/dist/apps/openssl.cnf:1.6 src/crypto/external/bsd/openssl/dist/apps/openssl.cnf:1.7
--- src/crypto/external/bsd/openssl/dist/apps/openssl.cnf:1.6 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/apps/openssl.cnf Sat Dec 8 17:35:43 2018
@@ -10,7 +10,6 @@
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
-RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
@@ -57,7 +56,6 @@ crlnumber = $dir/crlnumber # the current
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert
Index: src/crypto/external/bsd/openssl/dist/apps/speed.c
diff -u src/crypto/external/bsd/openssl/dist/apps/speed.c:1.15 src/crypto/external/bsd/openssl/dist/apps/speed.c:1.16
--- src/crypto/external/bsd/openssl/dist/apps/speed.c:1.15 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/apps/speed.c Sat Dec 8 17:35:43 2018
@@ -2896,7 +2896,7 @@ int speed_main(int argc, char **argv)
if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
- for (testnum++; testnum < EC_NUM; testnum++)
+ for (testnum++; testnum < ECDSA_NUM; testnum++)
ecdsa_doit[testnum] = 0;
}
}
Index: src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c:1.12 src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c:1.13
--- src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c:1.12 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/cryptlib.c Sat Dec 8 17:35:43 2018
@@ -204,7 +204,7 @@ int OPENSSL_isservice(void)
if (_OPENSSL_isservice.p == NULL) {
HANDLE mod = GetModuleHandle(NULL);
- FARPROC f;
+ FARPROC f = NULL;
if (mod != NULL)
f = GetProcAddress(mod, "_OPENSSL_isservice");
Index: src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c:1.5 src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c:1.6
--- src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c:1.5 Sun Sep 23 09:32:55 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c Sat Dec 8 17:35:43 2018
@@ -52,7 +52,7 @@ static long bio_call_callback(BIO *b, in
argi = (int)len;
}
- if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+ if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
if (*processed > INT_MAX)
return -1;
inret = *processed;
@@ -60,7 +60,7 @@ static long bio_call_callback(BIO *b, in
ret = b->callback(b, oper, argp, argi, argl, inret);
- if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+ if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
*processed = (size_t)ret;
ret = 1;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/bio/bss_log.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bio/bss_log.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/bio/bss_log.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/bio/bss_log.c:1.9 Sun Sep 23 09:32:56 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/bio/bss_log.c Sat Dec 8 17:35:43 2018
@@ -408,4 +408,9 @@ static void xcloselog(BIO *bp)
# endif /* Unix */
+#else /* NO_SYSLOG */
+const BIO_METHOD *BIO_s_log(void)
+{
+ return NULL;
+}
#endif /* NO_SYSLOG */
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.17 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.18
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.17 Sun Sep 23 09:32:56 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c Sat Dec 8 17:35:43 2018
@@ -1081,7 +1081,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
* is not only slower but also makes each bit vulnerable to
* EM (and likely other) side-channel attacks like One&Done
* (for details see "One&Done: A Single-Decryption EM-Based
- * Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam,
+ * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
* H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
* M. Prvulovic, in USENIX Security'18)
*/
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c:1.9 Sun Sep 23 09:32:56 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c Sat Dec 8 17:35:43 2018
@@ -767,26 +767,30 @@ void BN_consttime_swap(BN_ULONG conditio
b->neg ^= t;
/*-
- * Idea behind BN_FLG_STATIC_DATA is actually to
- * indicate that data may not be written to.
- * Intention is actually to treat it as it's
- * read-only data, and some (if not most) of it does
- * reside in read-only segment. In other words
- * observation of BN_FLG_STATIC_DATA in
- * BN_consttime_swap should be treated as fatal
- * condition. It would either cause SEGV or
- * effectively cause data corruption.
- * BN_FLG_MALLOCED refers to BN structure itself,
- * and hence must be preserved. Remaining flags are
- * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be
- * preserved, because it determines how x->d was
- * allocated and hence how to free it. This leaves
- * BN_FLG_CONSTTIME that one can do something about.
- * To summarize it's sufficient to mask and swap
- * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should
- * be treated as fatal.
+ * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention
+ * is actually to treat it as it's read-only data, and some (if not most)
+ * of it does reside in read-only segment. In other words observation of
+ * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal
+ * condition. It would either cause SEGV or effectively cause data
+ * corruption.
+ *
+ * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be
+ * preserved.
+ *
+ * BN_FLG_SECURE: must be preserved, because it determines how x->d was
+ * allocated and hence how to free it.
+ *
+ * BN_FLG_CONSTTIME: sufficient to mask and swap
+ *
+ * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on
+ * the data, so the d array may be padded with additional 0 values (i.e.
+ * top could be greater than the minimal value that it could be). We should
+ * be swapping it
*/
- t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition;
+
+#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP)
+
+ t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition;
a->flags ^= t;
b->flags ^= t;
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gcc.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gcc.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gcc.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gcc.c:1.9 Sun Sep 23 09:32:56 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gcc.c Sat Dec 8 17:35:43 2018
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -64,12 +64,6 @@
* machine.
*/
-# if defined(_WIN64) || !defined(__LP64__)
-# define BN_ULONG unsigned long long
-# else
-# define BN_ULONG unsigned long
-# endif
-
# undef mul
# undef mul_add
Index: src/crypto/external/bsd/openssl/dist/crypto/ec/ec_ameth.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ec/ec_ameth.c:1.7 src/crypto/external/bsd/openssl/dist/crypto/ec/ec_ameth.c:1.8
--- src/crypto/external/bsd/openssl/dist/crypto/ec/ec_ameth.c:1.7 Sun Sep 23 09:32:57 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/ec/ec_ameth.c Sat Dec 8 17:35:43 2018
@@ -699,7 +699,7 @@ static int ecdh_cms_set_kdf_param(EVP_PK
if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
return 0;
- if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0)
+ if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
return 0;
kdf_md = EVP_get_digestbynid(kdfmd_nid);
@@ -864,7 +864,7 @@ static int ecdh_cms_encrypt(CMS_Recipien
ecdh_nid = NID_dh_cofactor_kdf;
if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
- kdf_type = EVP_PKEY_ECDH_KDF_X9_62;
+ kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
goto err;
} else
Index: src/crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c:1.2 src/crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c:1.3
--- src/crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c:1.2 Sat Dec 8 12:07:27 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c Sat Dec 8 17:35:43 2018
@@ -28,6 +28,13 @@
# define CHECK_BSD_STYLE_MACROS
#endif
+/*
+ * ONE global file descriptor for all sessions. This allows operations
+ * such as digest session data copying (see digest_copy()), but is also
+ * saner... why re-open /dev/crypto for every session?
+ */
+static int cfd;
+
/******************************************************************************
*
* Ciphers
@@ -39,7 +46,6 @@
*****/
struct cipher_ctx {
- int cfd;
struct session_op sess;
/* to pass from init to do_cipher */
@@ -69,7 +75,7 @@ static const struct cipher_data_st {
{ NID_aes_192_cbc, 16, 192 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
{ NID_aes_256_cbc, 16, 256 / 8, 16, EVP_CIPH_CBC_MODE, CRYPTO_AES_CBC },
#ifndef OPENSSL_NO_RC4
- { NID_rc4, 1, 16, 0, CRYPTO_ARC4 },
+ { NID_rc4, 1, 16, 0, EVP_CIPH_STREAM_CIPHER, CRYPTO_ARC4 },
#endif
#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_AES_CTR)
{ NID_aes_128_ctr, 16, 128 / 8, 16, EVP_CIPH_CTR_MODE, CRYPTO_AES_CTR },
@@ -135,19 +141,13 @@ static int cipher_init(EVP_CIPHER_CTX *c
const struct cipher_data_st *cipher_d =
get_cipher_data(EVP_CIPHER_CTX_nid(ctx));
- if ((cipher_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
- SYSerr(SYS_F_OPEN, errno);
- return 0;
- }
-
memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess));
cipher_ctx->sess.cipher = cipher_d->devcryptoid;
cipher_ctx->sess.keylen = cipher_d->keylen;
cipher_ctx->sess.key = (void *)key;
cipher_ctx->op = enc ? COP_ENCRYPT : COP_DECRYPT;
- if (ioctl(cipher_ctx->cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCGSESSION, &cipher_ctx->sess) < 0) {
SYSerr(SYS_F_IOCTL, errno);
- close(cipher_ctx->cfd);
return 0;
}
@@ -187,7 +187,7 @@ static int cipher_do_cipher(EVP_CIPHER_C
cryp.flags = COP_FLAG_WRITE_IV;
#endif
- if (ioctl(cipher_ctx->cfd, CIOCCRYPT, &cryp) < 0) {
+ if (ioctl(cfd, CIOCCRYPT, &cryp) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
@@ -213,14 +213,10 @@ static int cipher_cleanup(EVP_CIPHER_CTX
struct cipher_ctx *cipher_ctx =
(struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx);
- if (ioctl(cipher_ctx->cfd, CIOCFSESSION, &cipher_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
- if (close(cipher_ctx->cfd) < 0) {
- SYSerr(SYS_F_CLOSE, errno);
- return 0;
- }
return 1;
}
@@ -234,14 +230,10 @@ static int known_cipher_nids[OSSL_NELEM(
static int known_cipher_nids_amount = -1; /* -1 indicates not yet initialised */
static EVP_CIPHER *known_cipher_methods[OSSL_NELEM(cipher_data)] = { NULL, };
-static void prepare_cipher_methods()
+static void prepare_cipher_methods(void)
{
size_t i;
struct session_op sess;
- int cfd;
-
- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
- return;
memset(&sess, 0, sizeof(sess));
sess.key = (void *)"01234567890123456789012345678901234567890123456789";
@@ -256,7 +248,7 @@ static void prepare_cipher_methods()
sess.cipher = cipher_data[i].devcryptoid;
sess.keylen = cipher_data[i].keylen;
if (ioctl(cfd, CIOCGSESSION, &sess) < 0
- || ioctl(cfd, CIOCFSESSION, &sess) < 0)
+ || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
continue;
if ((known_cipher_methods[i] =
@@ -282,8 +274,6 @@ static void prepare_cipher_methods()
cipher_data[i].nid;
}
}
-
- close(cfd);
}
static const EVP_CIPHER *get_cipher_method(int nid)
@@ -309,7 +299,7 @@ static void destroy_cipher_method(int ni
known_cipher_methods[i] = NULL;
}
-static void destroy_all_cipher_methods()
+static void destroy_all_cipher_methods(void)
{
size_t i;
@@ -330,11 +320,12 @@ static int devcrypto_ciphers(ENGINE *e,
/*
* We only support digests if the cryptodev implementation supports multiple
- * data updates. Otherwise, we would be forced to maintain a cache, which is
- * perilous if there's a lot of data coming in (if someone wants to checksum
- * an OpenSSL tarball, for example).
+ * data updates and session copying. Otherwise, we would be forced to maintain
+ * a cache, which is perilous if there's a lot of data coming in (if someone
+ * wants to checksum an OpenSSL tarball, for example).
*/
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#if defined(CIOCCPHASH) && defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#define IMPLEMENT_DIGEST
/******************************************************************************
*
@@ -347,7 +338,6 @@ static int devcrypto_ciphers(ENGINE *e,
*****/
struct digest_ctx {
- int cfd;
struct session_op sess;
int init;
};
@@ -414,19 +404,12 @@ static int digest_init(EVP_MD_CTX *ctx)
const struct digest_data_st *digest_d =
get_digest_data(EVP_MD_CTX_type(ctx));
- if (digest_ctx->init == 0
- && (digest_ctx->cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
- SYSerr(SYS_F_OPEN, errno);
- return 0;
- }
-
digest_ctx->init = 1;
memset(&digest_ctx->sess, 0, sizeof(digest_ctx->sess));
digest_ctx->sess.mac = digest_d->devcryptoid;
- if (ioctl(digest_ctx->cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCGSESSION, &digest_ctx->sess) < 0) {
SYSerr(SYS_F_IOCTL, errno);
- close(digest_ctx->cfd);
return 0;
}
@@ -445,7 +428,7 @@ static int digest_op(struct digest_ctx *
cryp.dst = NULL;
cryp.mac = res;
cryp.flags = flags;
- return ioctl(ctx->cfd, CIOCCRYPT, &cryp);
+ return ioctl(cfd, CIOCCRYPT, &cryp);
}
static int digest_update(EVP_MD_CTX *ctx, const void *data, size_t count)
@@ -473,7 +456,7 @@ static int digest_final(EVP_MD_CTX *ctx,
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
- if (ioctl(digest_ctx->cfd, CIOCFSESSION, &digest_ctx->sess) < 0) {
+ if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) {
SYSerr(SYS_F_IOCTL, errno);
return 0;
}
@@ -481,16 +464,38 @@ static int digest_final(EVP_MD_CTX *ctx,
return 1;
}
-static int digest_cleanup(EVP_MD_CTX *ctx)
+static int digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
{
- struct digest_ctx *digest_ctx =
- (struct digest_ctx *)EVP_MD_CTX_md_data(ctx);
+ struct digest_ctx *digest_from =
+ (struct digest_ctx *)EVP_MD_CTX_md_data(from);
+ struct digest_ctx *digest_to =
+ (struct digest_ctx *)EVP_MD_CTX_md_data(to);
+ struct cphash_op cphash;
+
+ if (digest_from == NULL)
+ return 1;
- if (close(digest_ctx->cfd) < 0) {
- SYSerr(SYS_F_CLOSE, errno);
+ if (digest_from->init != 1) {
+ SYSerr(SYS_F_IOCTL, EINVAL);
return 0;
}
+ if (!digest_init(to)) {
+ SYSerr(SYS_F_IOCTL, errno);
+ return 0;
+ }
+
+ cphash.src_ses = digest_from->sess.ses;
+ cphash.dst_ses = digest_to->sess.ses;
+ if (ioctl(cfd, CIOCCPHASH, &cphash) < 0) {
+ SYSerr(SYS_F_IOCTL, errno);
+ return 0;
+ }
+ return 1;
+}
+
+static int digest_cleanup(EVP_MD_CTX *ctx)
+{
return 1;
}
@@ -503,14 +508,10 @@ static int known_digest_nids[OSSL_NELEM(
static int known_digest_nids_amount = -1; /* -1 indicates not yet initialised */
static EVP_MD *known_digest_methods[OSSL_NELEM(digest_data)] = { NULL, };
-static void prepare_digest_methods()
+static void prepare_digest_methods(void)
{
size_t i;
struct session_op sess;
- int cfd;
-
- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0)
- return;
memset(&sess, 0, sizeof(sess));
@@ -523,7 +524,7 @@ static void prepare_digest_methods()
*/
sess.mac = digest_data[i].devcryptoid;
if (ioctl(cfd, CIOCGSESSION, &sess) < 0
- || ioctl(cfd, CIOCFSESSION, &sess) < 0)
+ || ioctl(cfd, CIOCFSESSION, &sess.ses) < 0)
continue;
if ((known_digest_methods[i] = EVP_MD_meth_new(digest_data[i].nid,
@@ -533,6 +534,7 @@ static void prepare_digest_methods()
|| !EVP_MD_meth_set_init(known_digest_methods[i], digest_init)
|| !EVP_MD_meth_set_update(known_digest_methods[i], digest_update)
|| !EVP_MD_meth_set_final(known_digest_methods[i], digest_final)
+ || !EVP_MD_meth_set_copy(known_digest_methods[i], digest_copy)
|| !EVP_MD_meth_set_cleanup(known_digest_methods[i], digest_cleanup)
|| !EVP_MD_meth_set_app_datasize(known_digest_methods[i],
sizeof(struct digest_ctx))) {
@@ -542,8 +544,6 @@ static void prepare_digest_methods()
known_digest_nids[known_digest_nids_amount++] = digest_data[i].nid;
}
}
-
- close(cfd);
}
static const EVP_MD *get_digest_method(int nid)
@@ -569,7 +569,7 @@ static void destroy_digest_method(int ni
known_digest_methods[i] = NULL;
}
-static void destroy_all_digest_methods()
+static void destroy_all_digest_methods(void)
{
size_t i;
@@ -599,9 +599,12 @@ static int devcrypto_digests(ENGINE *e,
static int devcrypto_unload(ENGINE *e)
{
destroy_all_cipher_methods();
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#ifdef IMPLEMENT_DIGEST
destroy_all_digest_methods();
#endif
+
+ close(cfd);
+
return 1;
}
/*
@@ -612,23 +615,30 @@ void engine_load_devcrypto_int()
{
ENGINE *e = NULL;
- if (access("/dev/crypto", R_OK | W_OK) < 0) {
- fprintf(stderr,
- "/dev/crypto not present, not enabling devcrypto engine\n");
+ if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+ fprintf(stderr, "Could not open /dev/crypto: %s\n", strerror(errno));
return;
}
prepare_cipher_methods();
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#ifdef IMPLEMENT_DIGEST
prepare_digest_methods();
#endif
- if ((e = ENGINE_new()) == NULL)
+ if ((e = ENGINE_new()) == NULL
+ || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
+ ENGINE_free(e);
+ /*
+ * We know that devcrypto_unload() won't be called when one of the
+ * above two calls have failed, so we close cfd explicitly here to
+ * avoid leaking resources.
+ */
+ close(cfd);
return;
+ }
if (!ENGINE_set_id(e, "devcrypto")
|| !ENGINE_set_name(e, "/dev/crypto engine")
- || !ENGINE_set_destroy_function(e, devcrypto_unload)
/*
* Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD
@@ -665,7 +675,7 @@ void engine_load_devcrypto_int()
# endif
#endif
|| !ENGINE_set_ciphers(e, devcrypto_ciphers)
-#if defined(COP_FLAG_UPDATE) && defined(COP_FLAG_FINAL)
+#ifdef IMPLEMENT_DIGEST
|| !ENGINE_set_digests(e, devcrypto_digests)
#endif
) {
Index: src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.16 src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.17
--- src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c:1.16 Sun Sep 23 09:32:57 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c Sat Dec 8 17:35:43 2018
@@ -2241,7 +2241,7 @@ static int s390x_aes_ccm_cipher(EVP_CIPH
if (!cctx->aes.ccm.len_set) {
/*-
- * In case message length was not previously set explicitely via
+ * In case message length was not previously set explicitly via
* Update(), set it now.
*/
ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
Index: src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c:1.9 Sun Sep 23 09:32:58 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c Sat Dec 8 17:35:43 2018
@@ -77,6 +77,17 @@ static uint64_t get_timer_bits(void);
# endif
#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
+#if defined(OPENSSL_RAND_SEED_NONE)
+/* none means none. this simplifies the following logic */
+# undef OPENSSL_RAND_SEED_OS
+# undef OPENSSL_RAND_SEED_GETRANDOM
+# undef OPENSSL_RAND_SEED_LIBRANDOM
+# undef OPENSSL_RAND_SEED_DEVRANDOM
+# undef OPENSSL_RAND_SEED_RDTSC
+# undef OPENSSL_RAND_SEED_RDCPU
+# undef OPENSSL_RAND_SEED_EGD
+#endif
+
#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
!defined(OPENSSL_RAND_SEED_NONE)
# error "UEFI and VXWorks only support seeding NONE"
@@ -86,8 +97,6 @@ static uint64_t get_timer_bits(void);
|| defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
|| defined(OPENSSL_SYS_UEFI))
-static ssize_t syscall_random(void *buf, size_t buflen);
-
# if defined(OPENSSL_SYS_VOS)
# ifndef OPENSSL_RAND_SEED_OS
@@ -244,6 +253,7 @@ static ssize_t sysctl_random(char *buf,
}
# endif
+# if defined(OPENSSL_RAND_SEED_GETRANDOM)
/*
* syscall_random(): Try to get random data using a system call
* returns the number of bytes returned in buf, or < 0 on error.
@@ -254,7 +264,7 @@ static ssize_t syscall_random(void *buf,
* Note: 'buflen' equals the size of the buffer which is used by the
* get_entropy() callback of the RAND_DRBG. It is roughly bounded by
*
- * 2 * DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^13
+ * 2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
*
* which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
* between size_t and ssize_t is safe even without a range check.
@@ -302,8 +312,9 @@ static ssize_t syscall_random(void *buf,
return -1;
# endif
}
+# endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
-#if !defined(OPENSSL_RAND_SEED_NONE) && defined(OPENSSL_RAND_SEED_DEVRANDOM)
+# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
static const char *random_device_paths[] = { DEVRANDOM };
static struct random_device {
int fd;
@@ -375,21 +386,13 @@ static void close_random_device(size_t n
rd->fd = -1;
}
-static void open_random_devices(void)
-{
- size_t i;
-
- for (i = 0; i < OSSL_NELEM(random_devices); i++)
- (void)get_random_device(i);
-}
-
int rand_pool_init(void)
{
size_t i;
for (i = 0; i < OSSL_NELEM(random_devices); i++)
random_devices[i].fd = -1;
- open_random_devices();
+
return 1;
}
@@ -403,16 +406,13 @@ void rand_pool_cleanup(void)
void rand_pool_keep_random_devices_open(int keep)
{
- if (keep)
- open_random_devices();
- else
+ if (!keep)
rand_pool_cleanup();
+
keep_random_devices_open = keep;
}
-# else /* defined(OPENSSL_RAND_SEED_NONE)
- * || !defined(OPENSSL_RAND_SEED_DEVRANDOM)
- */
+# else /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
int rand_pool_init(void)
{
@@ -427,9 +427,7 @@ void rand_pool_keep_random_devices_open(
{
}
-# endif /* !defined(OPENSSL_RAND_SEED_NONE)
- * && defined(OPENSSL_RAND_SEED_DEVRANDOM)
- */
+# endif /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
/*
* Try the various seeding methods in turn, exit when successful.
@@ -450,14 +448,14 @@ void rand_pool_keep_random_devices_open(
*/
size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
-# ifdef OPENSSL_RAND_SEED_NONE
+# if defined(OPENSSL_RAND_SEED_NONE)
return rand_pool_entropy_available(pool);
# else
size_t bytes_needed;
size_t entropy_available = 0;
unsigned char *buffer;
-# ifdef OPENSSL_RAND_SEED_GETRANDOM
+# if defined(OPENSSL_RAND_SEED_GETRANDOM)
{
ssize_t bytes;
/* Maximum allowed number of consecutive unsuccessful attempts */
@@ -487,7 +485,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
}
# endif
-# ifdef OPENSSL_RAND_SEED_DEVRANDOM
+# if defined(OPENSSL_RAND_SEED_DEVRANDOM)
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
{
size_t i;
@@ -524,19 +522,19 @@ size_t rand_pool_acquire_entropy(RAND_PO
}
# endif
-# ifdef OPENSSL_RAND_SEED_RDTSC
+# if defined(OPENSSL_RAND_SEED_RDTSC)
entropy_available = rand_acquire_entropy_from_tsc(pool);
if (entropy_available > 0)
return entropy_available;
# endif
-# ifdef OPENSSL_RAND_SEED_RDCPU
+# if defined(OPENSSL_RAND_SEED_RDCPU)
entropy_available = rand_acquire_entropy_from_cpu(pool);
if (entropy_available > 0)
return entropy_available;
# endif
-# ifdef OPENSSL_RAND_SEED_EGD
+# if defined(OPENSSL_RAND_SEED_EGD)
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
if (bytes_needed > 0) {
static const char *paths[] = { DEVRANDOM_EGD, NULL };
@@ -577,7 +575,7 @@ int rand_pool_add_nonce_data(RAND_POOL *
/*
* Add process id, thread id, and a high resolution timestamp to
- * ensure that the nonce is unique whith high probability for
+ * ensure that the nonce is unique with high probability for
* different process instances.
*/
data.pid = getpid();
Index: src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c:1.10 src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c:1.11
--- src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c:1.10 Sun Sep 23 09:32:58 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/rand/randfile.c Sat Dec 8 17:35:43 2018
@@ -16,6 +16,7 @@
#include <openssl/crypto.h>
#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
#include <openssl/buffer.h>
#ifdef OPENSSL_SYS_VMS
@@ -48,7 +49,7 @@
# define S_ISREG(m) ((m) & S_IFREG)
# endif
-#define RAND_FILE_SIZE 1024
+#define RAND_BUF_SIZE 1024
#define RFILE ".rnd"
#ifdef OPENSSL_SYS_VMS
@@ -74,7 +75,16 @@ static __FILE_ptr32 (*const vms_fopen)(c
*/
int RAND_load_file(const char *file, long bytes)
{
- unsigned char buf[RAND_FILE_SIZE];
+ /*
+ * The load buffer size exceeds the chunk size by the comfortable amount
+ * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose
+ * to avoid calling RAND_add() with a small final chunk. Instead, such
+ * a small final chunk will be added together with the previous chunk
+ * (unless it's the only one).
+ */
+#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH)
+ unsigned char buf[RAND_LOAD_BUF_SIZE];
+
#ifndef OPENSSL_NO_POSIX_IO
struct stat sb;
#endif
@@ -98,8 +108,12 @@ int RAND_load_file(const char *file, lon
return -1;
}
- if (!S_ISREG(sb.st_mode) && bytes < 0)
- bytes = 256;
+ if (bytes < 0) {
+ if (S_ISREG(sb.st_mode))
+ bytes = sb.st_size;
+ else
+ bytes = RAND_DRBG_STRENGTH;
+ }
#endif
/*
* On VMS, setbuf() will only take 32-bit pointers, and a compilation
@@ -124,9 +138,9 @@ int RAND_load_file(const char *file, lon
for ( ; ; ) {
if (bytes > 0)
- n = (bytes < RAND_FILE_SIZE) ? (int)bytes : RAND_FILE_SIZE;
+ n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
else
- n = RAND_FILE_SIZE;
+ n = RAND_LOAD_BUF_SIZE;
i = fread(buf, 1, n, in);
#ifdef EINTR
if (ferror(in) && errno == EINTR){
@@ -148,12 +162,18 @@ int RAND_load_file(const char *file, lon
OPENSSL_cleanse(buf, sizeof(buf));
fclose(in);
+ if (!RAND_status()) {
+ RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
+ ERR_add_error_data(2, "Filename=", file);
+ return -1;
+ }
+
return ret;
}
int RAND_write_file(const char *file)
{
- unsigned char buf[RAND_FILE_SIZE];
+ unsigned char buf[RAND_BUF_SIZE];
int ret = -1;
FILE *out = NULL;
#ifndef OPENSSL_NO_POSIX_IO
@@ -222,9 +242,9 @@ int RAND_write_file(const char *file)
chmod(file, 0600);
#endif
- ret = fwrite(buf, 1, RAND_FILE_SIZE, out);
+ ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
fclose(out);
- OPENSSL_cleanse(buf, RAND_FILE_SIZE);
+ OPENSSL_cleanse(buf, RAND_BUF_SIZE);
return ret;
}
@@ -262,11 +282,9 @@ const char *RAND_file_name(char *buf, si
}
}
#else
- if (OPENSSL_issetugid() != 0) {
- use_randfile = 0;
- } else if ((s = getenv("RANDFILE")) == NULL || *s == '\0') {
+ if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
use_randfile = 0;
- s = getenv("HOME");
+ s = ossl_safe_getenv("HOME");
}
#endif
Index: src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c:1.4 src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c:1.5
--- src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c:1.4 Sun Sep 23 09:32:58 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c Sat Dec 8 17:35:44 2018
@@ -125,8 +125,8 @@ void RSA_free(RSA *r)
CRYPTO_THREAD_lock_free(r->lock);
- BN_clear_free(r->n);
- BN_clear_free(r->e);
+ BN_free(r->n);
+ BN_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
@@ -196,7 +196,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGN
r->e = e;
}
if (d != NULL) {
- BN_free(r->d);
+ BN_clear_free(r->d);
r->d = d;
}
@@ -213,11 +213,11 @@ int RSA_set0_factors(RSA *r, BIGNUM *p,
return 0;
if (p != NULL) {
- BN_free(r->p);
+ BN_clear_free(r->p);
r->p = p;
}
if (q != NULL) {
- BN_free(r->q);
+ BN_clear_free(r->q);
r->q = q;
}
@@ -235,15 +235,15 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *
return 0;
if (dmp1 != NULL) {
- BN_free(r->dmp1);
+ BN_clear_free(r->dmp1);
r->dmp1 = dmp1;
}
if (dmq1 != NULL) {
- BN_free(r->dmq1);
+ BN_clear_free(r->dmq1);
r->dmq1 = dmq1;
}
if (iqmp != NULL) {
- BN_free(r->iqmp);
+ BN_clear_free(r->iqmp);
r->iqmp = iqmp;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.12 src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.13
--- src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.12 Sun Sep 23 09:32:59 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c Sat Dec 8 17:35:44 2018
@@ -415,6 +415,24 @@ static int open_console(UI *ui)
is_a_tty = 0;
else
# endif
+# ifdef ENXIO
+ /*
+ * Solaris can return ENXIO.
+ * This should be ok
+ */
+ if (errno == ENXIO)
+ is_a_tty = 0;
+ else
+# endif
+# ifdef EIO
+ /*
+ * Linux can return EIO.
+ * This should be ok
+ */
+ if (errno == EIO)
+ is_a_tty = 0;
+ else
+# endif
# ifdef ENODEV
/*
* MacOS X returns ENODEV (Operation not supported by device),
Index: src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.14 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.15
--- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.14 Sun Sep 23 09:32:59 2018
+++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Sat Dec 8 17:35:44 2018
@@ -517,15 +517,14 @@ static int check_chain_extensions(X509_S
/* check_purpose() makes the callback as needed */
if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
return 0;
- /* Check pathlen if not self issued */
- if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
- && (x->ex_pathlen != -1)
- && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+ /* Check pathlen */
+ if ((i > 1) && (x->ex_pathlen != -1)
+ && (plen > (x->ex_pathlen + proxy_path_length))) {
if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
return 0;
}
- /* Increment path length if not self issued */
- if (!(x->ex_flags & EXFLAG_SI))
+ /* Increment path length if not a self issued intermediate CA */
+ if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
plen++;
/*
* If this certificate is a proxy certificate, the next certificate
Index: src/crypto/external/bsd/openssl/dist/include/internal/tsan_assist.h
diff -u src/crypto/external/bsd/openssl/dist/include/internal/tsan_assist.h:1.2 src/crypto/external/bsd/openssl/dist/include/internal/tsan_assist.h:1.3
--- src/crypto/external/bsd/openssl/dist/include/internal/tsan_assist.h:1.2 Sun Sep 23 09:33:02 2018
+++ src/crypto/external/bsd/openssl/dist/include/internal/tsan_assist.h Sat Dec 8 17:35:44 2018
@@ -57,6 +57,7 @@
# define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed)
# define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed)
# define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed)
+# define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed)
# define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire)
# define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release)
# endif
@@ -69,6 +70,7 @@
# define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED)
# define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED)
# define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED)
+# define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED)
# define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE)
# define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE)
# endif
@@ -113,8 +115,11 @@
# pragma intrinsic(_InterlockedExchangeAdd64)
# define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \
: _InterlockedExchangeAdd((ptr), 1))
+# define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \
+ : _InterlockedExchangeAdd((ptr), -1))
# else
# define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1)
+# define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1)
# endif
# if !defined(_ISO_VOLATILE)
# define tsan_ld_acq(ptr) (*(ptr))
@@ -129,6 +134,7 @@
# define tsan_load(ptr) (*(ptr))
# define tsan_store(ptr, val) (*(ptr) = (val))
# define tsan_counter(ptr) ((*(ptr))++)
+# define tsan_decr(ptr) ((*(ptr))--)
/*
* Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not
* sophisticated enough to support them. Code that relies on them should be
Index: src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.8 src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.9
--- src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.8 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c Sat Dec 8 17:35:44 2018
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -445,15 +445,14 @@ static void get_current_time(struct time
#ifndef OPENSSL_NO_SOCK
int DTLSv1_listen(SSL *s, BIO_ADDR *client)
{
- int next, n, ret = 0, clearpkt = 0;
+ int next, n, ret = 0;
unsigned char cookie[DTLS1_COOKIE_LENGTH];
unsigned char seq[SEQ_NUM_SIZE];
const unsigned char *data;
- unsigned char *buf;
- size_t fragoff, fraglen, msglen;
+ unsigned char *buf, *wbuf;
+ size_t fragoff, fraglen, msglen, reclen, align = 0;
unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
BIO *rbio, *wbio;
- BUF_MEM *bufm;
BIO_ADDR *tmpclient = NULL;
PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
@@ -477,13 +476,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
}
/*
- * We only peek at incoming ClientHello's until we're sure we are going to
- * to respond with a HelloVerifyRequest. If its a ClientHello with a valid
- * cookie then we leave it in the BIO for accept to handle.
- */
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
-
- /*
* Note: This check deliberately excludes DTLS1_BAD_VER because that version
* requires the MAC to be calculated *including* the first ClientHello
* (without the cookie). Since DTLSv1_listen is stateless that cannot be
@@ -495,35 +487,32 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
return -1;
}
- if (s->init_buf == NULL) {
- if ((bufm = BUF_MEM_new()) == NULL) {
- SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
- return -1;
- }
-
- if (!BUF_MEM_grow(bufm, SSL3_RT_MAX_PLAIN_LENGTH)) {
- BUF_MEM_free(bufm);
- SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- s->init_buf = bufm;
+ if (!ssl3_setup_buffers(s)) {
+ /* SSLerr already called */
+ return -1;
}
- buf = (unsigned char *)s->init_buf->data;
+ buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+ wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
+#if defined(SSL3_ALIGN_PAYLOAD)
+# if SSL3_ALIGN_PAYLOAD != 0
+ /*
+ * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for
+ * consistency with ssl3_read_n. In practice it should make no difference
+ * for sensible values of SSL3_ALIGN_PAYLOAD because the difference between
+ * SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8
+ */
+ align = (size_t)buf + SSL3_RT_HEADER_LENGTH;
+ align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+# endif
+#endif
+ buf += align;
do {
/* Get a packet */
clear_sys_error();
- /*
- * Technically a ClientHello could be SSL3_RT_MAX_PLAIN_LENGTH
- * + DTLS1_RT_HEADER_LENGTH bytes long. Normally init_buf does not store
- * the record header as well, but we do here. We've set up init_buf to
- * be the standard size for simplicity. In practice we shouldn't ever
- * receive a ClientHello as long as this. If we do it will get dropped
- * in the record length check below.
- */
- n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
-
+ n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH
+ + DTLS1_RT_HEADER_LENGTH);
if (n <= 0) {
if (BIO_should_retry(rbio)) {
/* Non-blocking IO */
@@ -532,9 +521,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
return -1;
}
- /* If we hit any problems we need to clear this packet from the BIO */
- clearpkt = 1;
-
if (!PACKET_buf_init(&pkt, buf, n)) {
SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
return -1;
@@ -587,6 +573,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
goto end;
}
+ reclen = PACKET_remaining(&msgpkt);
/*
* We allow data remaining at the end of the packet because there could
* be a second record (but we ignore it)
@@ -706,14 +693,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
* to resend, we just drop it.
*/
- /*
- * Dump the read packet, we don't need it any more. Ignore return
- * value
- */
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
- BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 1, NULL);
-
/* Generate the cookie */
if (s->ctx->app_gen_cookie_cb == NULL ||
s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
@@ -732,7 +711,11 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
: s->version;
/* Construct the record and message headers */
- if (!WPACKET_init(&wpkt, s->init_buf)
+ if (!WPACKET_init_static_len(&wpkt,
+ wbuf,
+ ssl_get_max_send_fragment(s)
+ + DTLS1_RT_HEADER_LENGTH,
+ 0)
|| !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE)
|| !WPACKET_put_bytes_u16(&wpkt, version)
/*
@@ -790,8 +773,8 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
* plus one byte for the message content type. The source is the
* last 3 bytes of the message header
*/
- memcpy(&buf[DTLS1_RT_HEADER_LENGTH + 1],
- &buf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
+ memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1],
+ &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
3);
if (s->msg_callback)
@@ -815,7 +798,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
tmpclient = NULL;
/* TODO(size_t): convert this call */
- if (BIO_write(wbio, buf, wreclen) < (int)wreclen) {
+ if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) {
if (BIO_should_retry(wbio)) {
/*
* Non-blocking IO...but we're stateless, so we're just
@@ -865,15 +848,13 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *clie
if (BIO_dgram_get_peer(rbio, client) <= 0)
BIO_ADDR_clear(client);
+ /* Buffer the record in the processed_rcds queue */
+ if (!dtls_buffer_listen_record(s, reclen, seq, align))
+ return -1;
+
ret = 1;
- clearpkt = 0;
end:
BIO_ADDR_free(tmpclient);
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_PEEK_MODE, 0, NULL);
- if (clearpkt) {
- /* Dump this packet. Ignore return value */
- BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH);
- }
return ret;
}
#endif
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c:1.8 src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c:1.9
--- src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c:1.8 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_cbc.c Sat Dec 8 17:35:44 2018
@@ -1,5 +1,5 @@
/*
- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -256,12 +256,13 @@ int ssl3_cbc_digest_record(const EVP_MD_
* of hash termination (0x80 + 64-bit length) don't fit in the final
* block, we say that the final two blocks can vary based on the padding.
* TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
- * required to be minimal. Therefore we say that the final six blocks can
+ * required to be minimal. Therefore we say that the final |variance_blocks|
+ * blocks can
* vary based on the padding. Later in the function, if the message is
* short and there obviously cannot be this many blocks then
* variance_blocks can be reduced.
*/
- variance_blocks = is_sslv3 ? 2 : 6;
+ variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1);
/*
* From now on we're dealing with the MAC, which conceptually has 13
* bytes of `header' before the start of the data (TLS) or 71/75 bytes
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.13 src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.14
--- src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.13 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c Sat Dec 8 17:35:44 2018
@@ -442,15 +442,16 @@ size_t ssl3_final_finish_mac(SSL *s, con
if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
- return 0;
+ ret = 0;
+ goto err;
}
ret = EVP_MD_CTX_size(ctx);
if (ret < 0) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
ERR_R_INTERNAL_ERROR);
- EVP_MD_CTX_reset(ctx);
- return 0;
+ ret = 0;
+ goto err;
}
if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
@@ -463,6 +464,7 @@ size_t ssl3_final_finish_mac(SSL *s, con
ret = 0;
}
+ err:
EVP_MD_CTX_free(ctx);
return ret;
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.13 src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.14
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.13 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c Sat Dec 8 17:35:44 2018
@@ -654,6 +654,10 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
ctx->method = meth;
+ if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
+ SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+ return 0;
+ }
sk = ssl_create_cipher_list(ctx->method,
ctx->tls13_ciphersuites,
&(ctx->cipher_list),
@@ -1192,6 +1196,7 @@ void SSL_free(SSL *s)
EVP_MD_CTX_free(s->pha_dgst);
sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
sk_X509_pop_free(s->verified_chain, X509_free);
@@ -2951,6 +2956,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
goto err;
+ if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
+ goto err;
+
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
goto err;
@@ -3108,6 +3116,7 @@ void SSL_CTX_free(SSL_CTX *a)
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
+ sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
sk_X509_pop_free(a->extra_certs, X509_free);
a->comp_methods = NULL;
#ifndef OPENSSL_NO_SRTP
@@ -3653,10 +3662,38 @@ const char *SSL_get_version(const SSL *s
return ssl_protocol_to_string(s->version);
}
-SSL *SSL_dup(SSL *s)
+static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
{
STACK_OF(X509_NAME) *sk;
X509_NAME *xn;
+ int i;
+
+ if (src == NULL) {
+ *dst = NULL;
+ return 1;
+ }
+
+ if ((sk = sk_X509_NAME_new_null()) == NULL)
+ return 0;
+ for (i = 0; i < sk_X509_NAME_num(src); i++) {
+ xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
+ if (xn == NULL) {
+ sk_X509_NAME_pop_free(sk, X509_NAME_free);
+ return 0;
+ }
+ if (sk_X509_NAME_insert(sk, xn, i) == 0) {
+ X509_NAME_free(xn);
+ sk_X509_NAME_pop_free(sk, X509_NAME_free);
+ return 0;
+ }
+ }
+ *dst = sk;
+
+ return 1;
+}
+
+SSL *SSL_dup(SSL *s)
+{
SSL *ret;
int i;
@@ -3761,18 +3798,10 @@ SSL *SSL_dup(SSL *s)
goto err;
/* Dup the client_CA list */
- if (s->ca_names != NULL) {
- if ((sk = sk_X509_NAME_dup(s->ca_names)) == NULL)
- goto err;
- ret->ca_names = sk;
- for (i = 0; i < sk_X509_NAME_num(sk); i++) {
- xn = sk_X509_NAME_value(sk, i);
- if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
- X509_NAME_free(xn);
- goto err;
- }
- }
- }
+ if (!dup_ca_names(&ret->ca_names, s->ca_names)
+ || !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
+ goto err;
+
return ret;
err:
@@ -5102,7 +5131,8 @@ static int nss_keylog_int(const char *pr
size_t i;
size_t prefix_len;
- if (ssl->ctx->keylog_callback == NULL) return 1;
+ if (ssl->ctx->keylog_callback == NULL)
+ return 1;
/*
* Our output buffer will contain the following strings, rendered with
@@ -5113,7 +5143,7 @@ static int nss_keylog_int(const char *pr
* hexadecimal, so we need a buffer that is twice their lengths.
*/
prefix_len = strlen(prefix);
- out_len = prefix_len + (2*parameter_1_len) + (2*parameter_2_len) + 3;
+ out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
ERR_R_MALLOC_FAILURE);
@@ -5137,7 +5167,7 @@ static int nss_keylog_int(const char *pr
*cursor = '\0';
ssl->ctx->keylog_callback(ssl, (const char *)out);
- OPENSSL_free(out);
+ OPENSSL_clear_free(out, out_len);
return 1;
}
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.22 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.23
--- src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.22 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Sat Dec 8 17:35:44 2018
@@ -3681,9 +3681,15 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
*(int *)parg = s->s3->tmp.peer_sigalg->hash;
return 1;
- case SSL_CTRL_GET_SERVER_TMP_KEY:
+ case SSL_CTRL_GET_SIGNATURE_NID:
+ if (s->s3->tmp.sigalg == NULL)
+ return 0;
+ *(int *)parg = s->s3->tmp.sigalg->hash;
+ return 1;
+
+ case SSL_CTRL_GET_PEER_TMP_KEY:
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
- if (s->server || s->session == NULL || s->s3->peer_tmp == NULL) {
+ if (s->session == NULL || s->s3->peer_tmp == NULL) {
return 0;
} else {
EVP_PKEY_up_ref(s->s3->peer_tmp);
@@ -3693,6 +3699,20 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
#else
return 0;
#endif
+
+ case SSL_CTRL_GET_TMP_KEY:
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+ if (s->session == NULL || s->s3->tmp.pkey == NULL) {
+ return 0;
+ } else {
+ EVP_PKEY_up_ref(s->s3->tmp.pkey);
+ *(EVP_PKEY **)parg = s->s3->tmp.pkey;
+ return 1;
+ }
+#else
+ return 0;
+#endif
+
#ifndef OPENSSL_NO_EC
case SSL_CTRL_GET_EC_POINT_FORMATS:
{
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.16 src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.17
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.16 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c Sat Dec 8 17:35:44 2018
@@ -1301,7 +1301,7 @@ static int ciphersuite_cb(const char *el
return 1;
}
-int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
+static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
{
STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null();
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.19 src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.20
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h:1.19 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_locl.h Sat Dec 8 17:35:44 2018
@@ -471,7 +471,11 @@ struct ssl_method_st {
long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
};
-# define TLS13_MAX_RESUMPTION_PSK_LENGTH 64
+/*
+ * Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for
+ * consistency, even in the event of OPENSSL_NO_PSK being defined.
+ */
+# define TLS13_MAX_RESUMPTION_PSK_LENGTH 256
/*-
* Lets make this into an ASN.1 type structure as follows
@@ -850,9 +854,11 @@ struct ssl_ctx_st {
/*
* What we put in certificate_authorities extension for TLS 1.3
* (ClientHello and CertificateRequest) or just client cert requests for
- * earlier versions.
+ * earlier versions. If client_ca_names is populated then it is only used
+ * for client cert requests, and in preference to ca_names.
*/
STACK_OF(X509_NAME) *ca_names;
+ STACK_OF(X509_NAME) *client_ca_names;
/*
* Default values to use in SSL structures follow (these are copied by
@@ -1229,8 +1235,14 @@ struct ssl_st {
long verify_result;
/* extra application data */
CRYPTO_EX_DATA ex_data;
- /* for server side, keep the list of CA_dn we can use */
+ /*
+ * What we put in certificate_authorities extension for TLS 1.3
+ * (ClientHello and CertificateRequest) or just client cert requests for
+ * earlier versions. If client_ca_names is populated then it is only used
+ * for client cert requests, and in preference to ca_names.
+ */
STACK_OF(X509_NAME) *ca_names;
+ STACK_OF(X509_NAME) *client_ca_names;
CRYPTO_REF_COUNT references;
/* protocol behaviour */
uint32_t options;
@@ -2251,7 +2263,6 @@ __owur int ssl_cipher_id_cmp(const SSL_C
DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
-__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
STACK_OF(SSL_CIPHER) **cipher_list,
@@ -2561,6 +2572,9 @@ __owur int tls1_process_sigalgs(SSL *s);
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
+# ifndef OPENSSL_NO_EC
+__owur int tls_check_sigalg_curve(const SSL *s, int curve);
+# endif
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
__owur int ssl_set_client_disabled(SSL *s);
__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.27 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.28
--- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.27 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Sat Dec 8 17:35:44 2018
@@ -343,6 +343,10 @@ int tls1_set_groups(uint16_t **pext, siz
*/
unsigned long dup_list = 0;
+ if (ngroups == 0) {
+ SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH);
+ return 0;
+ }
if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) {
SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE);
return 0;
@@ -945,6 +949,39 @@ size_t tls12_get_psigalgs(SSL *s, int se
}
}
+#ifndef OPENSSL_NO_EC
+/*
+ * Called by servers only. Checks that we have a sig alg that supports the
+ * specified EC curve.
+ */
+int tls_check_sigalg_curve(const SSL *s, int curve)
+{
+ const uint16_t *sigs;
+ size_t siglen, i;
+
+ if (s->cert->conf_sigalgs) {
+ sigs = s->cert->conf_sigalgs;
+ siglen = s->cert->conf_sigalgslen;
+ } else {
+ sigs = tls12_sigalgs;
+ siglen = OSSL_NELEM(tls12_sigalgs);
+ }
+
+ for (i = 0; i < siglen; i++) {
+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]);
+
+ if (lu == NULL)
+ continue;
+ if (lu->sig == EVP_PKEY_EC
+ && lu->curve != NID_undef
+ && curve == lu->curve)
+ return 1;
+ }
+
+ return 0;
+}
+#endif
+
/*
* Check signature algorithm is consistent with sent supported signature
* algorithms and if so set relevant digest and signature scheme in
@@ -1087,6 +1124,14 @@ int SSL_get_peer_signature_type_nid(cons
return 1;
}
+int SSL_get_signature_type_nid(const SSL *s, int *pnid)
+{
+ if (s->s3->tmp.sigalg == NULL)
+ return 0;
+ *pnid = s->s3->tmp.sigalg->sig;
+ return 1;
+}
+
/*
* Set a mask of disabled algorithms: an algorithm is disabled if it isn't
* supported, doesn't appear in supported signature algorithms, isn't supported
Index: src/crypto/external/bsd/openssl/dist/test/ecdsatest.c
diff -u src/crypto/external/bsd/openssl/dist/test/ecdsatest.c:1.3 src/crypto/external/bsd/openssl/dist/test/ecdsatest.c:1.4
--- src/crypto/external/bsd/openssl/dist/test/ecdsatest.c:1.3 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/test/ecdsatest.c Sat Dec 8 17:35:44 2018
@@ -13,7 +13,7 @@
#include <string.h>
#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_EC is defined */
-# include "testutil.h"
+#include "testutil.h"
#ifndef OPENSSL_NO_EC
@@ -25,6 +25,7 @@
# ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
# endif
+# include <openssl/sha.h>
# include <openssl/err.h>
# include <openssl/rand.h>
@@ -103,7 +104,7 @@ static int x9_62_test_internal(int nid,
{
int ret = 0;
const char message[] = "abc";
- unsigned char digest[20];
+ unsigned char digest[SHA_DIGEST_LENGTH];
unsigned int dgst_len = 0;
EVP_MD_CTX *md_ctx;
EC_KEY *key = NULL;
@@ -135,7 +136,8 @@ static int x9_62_test_internal(int nid,
/* Use ECDSA_sign_setup to avoid use of ECDSA nonces */
if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp)))
goto x962_int_err;
- if (!TEST_ptr(signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key)))
+ if (!TEST_ptr(signature =
+ ECDSA_do_sign_ex(digest, SHA_DIGEST_LENGTH, kinv, rp, key)))
goto x962_int_err;
/* compare the created signature with the expected signature */
@@ -149,7 +151,8 @@ static int x9_62_test_internal(int nid,
goto x962_int_err;
/* verify the signature */
- if (!TEST_int_eq(ECDSA_do_verify(digest, 20, signature, key), 1))
+ if (!TEST_int_eq(ECDSA_do_verify(digest, SHA_DIGEST_LENGTH,
+ signature, key), 1))
goto x962_int_err;
ret = 1;
@@ -211,7 +214,8 @@ static int test_builtin(void)
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
EC_GROUP *group;
ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL;
- unsigned char digest[20], wrong_digest[20];
+ unsigned char digest[SHA512_DIGEST_LENGTH];
+ unsigned char wrong_digest[SHA512_DIGEST_LENGTH];
unsigned char *signature = NULL;
const unsigned char *sig_ptr;
unsigned char *sig_ptr2;
@@ -223,8 +227,8 @@ static int test_builtin(void)
int nid, ret = 0;
/* fill digest values with some random data */
- if (!TEST_true(RAND_bytes(digest, 20))
- || !TEST_true(RAND_bytes(wrong_digest, 20)))
+ if (!TEST_true(RAND_bytes(digest, SHA512_DIGEST_LENGTH))
+ || !TEST_true(RAND_bytes(wrong_digest, SHA512_DIGEST_LENGTH)))
goto builtin_err;
/* create and verify a ecdsa signature with every available curve */
@@ -239,7 +243,7 @@ static int test_builtin(void)
unsigned char dirt, offset;
nid = curves[n].nid;
- if (nid == NID_ipsec4)
+ if (nid == NID_ipsec4 || nid == NID_ipsec3)
continue;
/* create new ecdsa key (== EC_KEY) */
if (!TEST_ptr(eckey = EC_KEY_new())
@@ -248,12 +252,7 @@ static int test_builtin(void)
goto builtin_err;
EC_GROUP_free(group);
degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
- if (degree < 160) {
- /* drop the curve */
- EC_KEY_free(eckey);
- eckey = NULL;
- continue;
- }
+
TEST_info("testing %s", OBJ_nid2sn(nid));
/* create key */
@@ -275,28 +274,32 @@ static int test_builtin(void)
/* create signature */
sig_len = ECDSA_size(eckey);
if (!TEST_ptr(signature = OPENSSL_malloc(sig_len))
- || !TEST_true(ECDSA_sign(0, digest, 20, signature, &sig_len,
- eckey)))
+ || !TEST_true(ECDSA_sign(0, digest, SHA512_DIGEST_LENGTH,
+ signature, &sig_len, eckey)))
goto builtin_err;
/* verify signature */
- if (!TEST_int_eq(ECDSA_verify(0, digest, 20, signature, sig_len,
- eckey), 1))
+ if (!TEST_int_eq(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len, eckey),
+ 1))
goto builtin_err;
/* verify signature with the wrong key */
- if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len,
- wrong_eckey), 1))
+ if (!TEST_int_ne(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len, wrong_eckey),
+ 1))
goto builtin_err;
/* wrong digest */
- if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, 20, signature,
- sig_len, eckey), 1))
+ if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len, eckey),
+ 1))
goto builtin_err;
/* wrong length */
- if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature,
- sig_len - 1, eckey), 1))
+ if (!TEST_int_ne(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len - 1, eckey),
+ 1))
goto builtin_err;
/*
@@ -342,14 +345,15 @@ static int test_builtin(void)
}
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
- if (!TEST_false(ECDSA_verify(0, digest, 20, signature, sig_len, eckey)))
+ if (!TEST_false(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len, eckey)))
goto builtin_err;
/* Sanity check: undo the modification and verify signature. */
raw_buf[offset] ^= dirt;
if (!TEST_ptr(unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL))
|| !TEST_ptr(unmodified_s = BN_bin2bn(raw_buf + bn_len,
- bn_len, NULL))
+ bn_len, NULL))
|| !TEST_true(ECDSA_SIG_set0(modified_sig, unmodified_r,
unmodified_s))) {
BN_free(unmodified_r);
@@ -359,7 +363,8 @@ static int test_builtin(void)
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
- if (!TEST_true(ECDSA_verify(0, digest, 20, signature, sig_len, eckey)))
+ if (!TEST_true(ECDSA_verify(0, digest, SHA512_DIGEST_LENGTH,
+ signature, sig_len, eckey)))
goto builtin_err;
/* cleanup */
Index: src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c
diff -u src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.4 src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.5
--- src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.4 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c Sat Dec 8 17:35:44 2018
@@ -17,6 +17,7 @@
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
+#include <openssl/kdf.h>
#include "testutil.h"
#include "internal/nelem.h"
#include "internal/evp_int.h"
@@ -918,6 +919,50 @@ static int test_EVP_PKEY_check(int i)
return ret;
}
+static int test_HKDF(void)
+{
+ EVP_PKEY_CTX *pctx;
+ unsigned char out[20];
+ size_t outlen;
+ int i, ret = 0;
+ unsigned char salt[] = "0123456789";
+ unsigned char key[] = "012345678901234567890123456789";
+ unsigned char info[] = "infostring";
+ const unsigned char expected[] = {
+ 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
+ 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
+ };
+ size_t expectedlen = sizeof(expected);
+
+ if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)))
+ goto done;
+
+ /* We do this twice to test reuse of the EVP_PKEY_CTX */
+ for (i = 0; i < 2; i++) {
+ outlen = sizeof(out);
+ memset(out, 0, outlen);
+
+ if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
+ sizeof(salt) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
+ sizeof(key) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
+ sizeof(info) - 1), 0)
+ || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
+ || !TEST_mem_eq(out, outlen, expected, expectedlen))
+ goto done;
+ }
+
+ ret = 1;
+
+ done:
+ EVP_PKEY_CTX_free(pctx);
+
+ return ret;
+}
+
int setup_tests(void)
{
ADD_TEST(test_EVP_DigestSignInit);
@@ -941,5 +986,6 @@ int setup_tests(void)
if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
return 0;
ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
+ ADD_TEST(test_HKDF);
return 1;
}
Index: src/crypto/external/bsd/openssl/dist/test/evp_test.c
diff -u src/crypto/external/bsd/openssl/dist/test/evp_test.c:1.4 src/crypto/external/bsd/openssl/dist/test/evp_test.c:1.5
--- src/crypto/external/bsd/openssl/dist/test/evp_test.c:1.4 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/test/evp_test.c Sat Dec 8 17:35:44 2018
@@ -73,8 +73,6 @@ static KEY_LIST *public_keys;
static int find_key(EVP_PKEY **ppk, const char *name, KEY_LIST *lst);
static int parse_bin(const char *value, unsigned char **buf, size_t *buflen);
-static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
- const char *value);
/*
* Compare two memory regions for equality, returning zero if they differ.
@@ -459,7 +457,7 @@ typedef struct cipher_data_st {
size_t plaintext_len;
unsigned char *ciphertext;
size_t ciphertext_len;
- /* GCM, CCM only */
+ /* GCM, CCM and OCB only */
unsigned char *aad;
size_t aad_len;
unsigned char *tag;
@@ -487,7 +485,7 @@ static int cipher_test_init(EVP_TEST *t,
if (m == EVP_CIPH_GCM_MODE
|| m == EVP_CIPH_OCB_MODE
|| m == EVP_CIPH_CCM_MODE)
- cdat->aead = EVP_CIPHER_mode(cipher);
+ cdat->aead = m;
else if (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
cdat->aead = -1;
else
@@ -927,6 +925,28 @@ static int mac_test_parse(EVP_TEST *t,
return 0;
}
+static int mac_test_ctrl_pkey(EVP_TEST *t, EVP_PKEY_CTX *pctx,
+ const char *value)
+{
+ int rv;
+ char *p, *tmpval;
+
+ if (!TEST_ptr(tmpval = OPENSSL_strdup(value)))
+ return 0;
+ p = strchr(tmpval, ':');
+ if (p != NULL)
+ *p++ = '\0';
+ rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p);
+ if (rv == -2)
+ t->err = "PKEY_CTRL_INVALID";
+ else if (rv <= 0)
+ t->err = "PKEY_CTRL_ERROR";
+ else
+ rv = 1;
+ OPENSSL_free(tmpval);
+ return rv > 0;
+}
+
static int mac_test_run(EVP_TEST *t)
{
MAC_DATA *expected = t->data;
@@ -972,8 +992,9 @@ static int mac_test_run(EVP_TEST *t)
goto err;
}
for (i = 0; i < sk_OPENSSL_STRING_num(expected->controls); i++)
- if (!pkey_test_ctrl(t, pctx,
- sk_OPENSSL_STRING_value(expected->controls, i))) {
+ if (!mac_test_ctrl_pkey(t, pctx,
+ sk_OPENSSL_STRING_value(expected->controls,
+ i))) {
t->err = "EVPPKEYCTXCTRL_ERROR";
goto err;
}
@@ -2614,8 +2635,8 @@ top:
return 0;
}
if (rv < 0) {
- TEST_info("Line %d: error processing keyword %s\n",
- t->s.curr, pp->key);
+ TEST_info("Line %d: error processing keyword %s = %s\n",
+ t->s.curr, pp->key, pp->value);
return 0;
}
}
Index: src/crypto/external/bsd/openssl/dist/util/mkdef.pl
diff -u src/crypto/external/bsd/openssl/dist/util/mkdef.pl:1.9 src/crypto/external/bsd/openssl/dist/util/mkdef.pl:1.10
--- src/crypto/external/bsd/openssl/dist/util/mkdef.pl:1.9 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/util/mkdef.pl Sat Dec 8 17:35:44 2018
@@ -247,7 +247,7 @@ $crypto.=" include/internal/o_str.h";
$crypto.=" include/internal/err.h";
$crypto.=" include/internal/sslconf.h";
foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) {
- my $fn = "include/openssl/" . lc(basename($f));
+ my $fn = "include/openssl/" . basename($f);
$crypto .= " $fn" if !defined $skipthese{$fn};
}
@@ -936,16 +936,6 @@ sub do_defs
}
}
- # Prune the returned symbols
-
- delete $syms{"bn_dump1"};
- $platform{"BIO_s_log"} .= ",!WIN32,!macintosh";
-
- $platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
- $platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
- $platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
- $platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
-
# Info we know about
push @ret, map { $_."\\".&info_string($_,"EXIST",
Index: src/crypto/external/bsd/openssl/lib/libcrypto/crypto.inc
diff -u src/crypto/external/bsd/openssl/lib/libcrypto/crypto.inc:1.8 src/crypto/external/bsd/openssl/lib/libcrypto/crypto.inc:1.9
--- src/crypto/external/bsd/openssl/lib/libcrypto/crypto.inc:1.8 Sun Sep 23 09:33:04 2018
+++ src/crypto/external/bsd/openssl/lib/libcrypto/crypto.inc Sat Dec 8 17:35:44 2018
@@ -1,4 +1,4 @@
-# $NetBSD: crypto.inc,v 1.8 2018/09/23 13:33:04 christos Exp $
+# $NetBSD: crypto.inc,v 1.9 2018/12/08 22:35:44 christos Exp $
#
# @(#) Copyright (c) 1995 Simon J. Gerraty
#
@@ -15,6 +15,7 @@ ctype.c \
cversion.c \
ebcdic.c \
ex_data.c \
+getenv.c \
init.c \
mem.c \
mem_dbg.c \
