Module Name: src
Committed By: christos
Date: Sat Feb 20 03:22:14 UTC 2021
Modified Files:
src/crypto/external/bsd/openssl/dist: CHANGES Configure NEWS README
src/crypto/external/bsd/openssl/dist/apps: ca.c
src/crypto/external/bsd/openssl/dist/crypto: armcap.c ppccap.c
src/crypto/external/bsd/openssl/dist/crypto/conf: conf_def.c
src/crypto/external/bsd/openssl/dist/crypto/evp: evp_enc.c
src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c
src/crypto/external/bsd/openssl/dist/ssl: d1_lib.c
src/crypto/external/bsd/openssl/dist/test: rsa_test.c
Log Message:
merge conflicts
To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssl/dist/CHANGES \
src/crypto/external/bsd/openssl/dist/NEWS \
src/crypto/external/bsd/openssl/dist/README
cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssl/dist/Configure
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssl/dist/apps/ca.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssl/dist/crypto/armcap.c
cvs rdiff -u -r1.18 -r1.19 \
src/crypto/external/bsd/openssl/dist/crypto/ppccap.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c
cvs rdiff -u -r1.11 -r1.12 \
src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c
cvs rdiff -u -r1.21 -r1.22 \
src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/test/rsa_test.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/CHANGES
diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.25 src/crypto/external/bsd/openssl/dist/CHANGES:1.26
--- src/crypto/external/bsd/openssl/dist/CHANGES:1.25 Wed Dec 9 19:33:08 2020
+++ src/crypto/external/bsd/openssl/dist/CHANGES Fri Feb 19 22:22:13 2021
@@ -7,6 +7,43 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
+
+ *) Fixed the X509_issuer_and_serial_hash() function. It attempts to
+ create a unique hash value based on the issuer and serial number data
+ contained within an X509 certificate. However it was failing to correctly
+ handle any errors that may occur while parsing the issuer field (which might
+ occur if the issuer field is maliciously constructed). This may subsequently
+ result in a NULL pointer deref and a crash leading to a potential denial of
+ service attack.
+ (CVE-2021-23841)
+ [Matt Caswell]
+
+ *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks. This is considered a
+ bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is
+ CVE-2021-23839.
+ [Matt Caswell]
+
+ *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
+ functions. Previously they could overflow the output length argument in some
+ cases where the input length is close to the maximum permissable length for
+ an integer on the platform. In such cases the return value from the function
+ call would be 1 (indicating success), but the output length value would be
+ negative. This could cause applications to behave incorrectly or crash.
+ (CVE-2021-23840)
+ [Matt Caswell]
+
+ *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous
+ implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This
+ could be exploited in a side channel attack to recover the password. Since
+ the attack is local host only this is outside of the current OpenSSL
+ threat model and therefore no CVE is assigned.
+
+ Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
+ issue.
+ [Matt Caswell]
+
Changes between 1.1.1h and 1.1.1i [8 Dec 2020]
*) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
Index: src/crypto/external/bsd/openssl/dist/NEWS
diff -u src/crypto/external/bsd/openssl/dist/NEWS:1.25 src/crypto/external/bsd/openssl/dist/NEWS:1.26
--- src/crypto/external/bsd/openssl/dist/NEWS:1.25 Wed Dec 9 19:33:08 2020
+++ src/crypto/external/bsd/openssl/dist/NEWS Fri Feb 19 22:22:13 2021
@@ -5,6 +5,16 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
+
+ o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+ function (CVE-2021-23841)
+ o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks
+ o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+ EVP_DecryptUpdate functions (CVE-2021-23840)
+ o Fixed SRP_Calc_client_key so that it runs in constant time
+
Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
Index: src/crypto/external/bsd/openssl/dist/README
diff -u src/crypto/external/bsd/openssl/dist/README:1.25 src/crypto/external/bsd/openssl/dist/README:1.26
--- src/crypto/external/bsd/openssl/dist/README:1.25 Wed Dec 9 19:33:08 2020
+++ src/crypto/external/bsd/openssl/dist/README Fri Feb 19 22:22:13 2021
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1i 8 Dec 2020
+ OpenSSL 1.1.1j 16 Feb 2021
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Index: src/crypto/external/bsd/openssl/dist/Configure
diff -u src/crypto/external/bsd/openssl/dist/Configure:1.27 src/crypto/external/bsd/openssl/dist/Configure:1.28
--- src/crypto/external/bsd/openssl/dist/Configure:1.27 Wed Dec 9 19:33:08 2020
+++ src/crypto/external/bsd/openssl/dist/Configure Fri Feb 19 22:22:13 2021
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -1201,6 +1201,10 @@ foreach (keys %useradd) {
# At this point, we can forget everything about %user and %useradd,
# because it's now all been merged into the corresponding $config entry
+if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
+ disable('static', 'pic', 'threads');
+}
+
# Allow overriding the build file name
$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
@@ -1521,10 +1525,6 @@ if ($strict_warnings)
}
}
-if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
- disable('static', 'pic', 'threads');
-}
-
$config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings'
? @strict_warnings_collection
: ( $_ ) }
@@ -2611,19 +2611,22 @@ _____
}
print "\nEnabled features:\n\n";
foreach my $what (@disablables) {
- print " $what\n" unless $disabled{$what};
+ print " $what\n"
+ unless grep { $_ =~ /^${what}$/ } keys %disabled;
}
print "\nDisabled features:\n\n";
foreach my $what (@disablables) {
- if ($disabled{$what}) {
- print " $what", ' ' x ($longest - length($what) + 1),
- "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1);
- print $disabled_info{$what}->{macro}
- if $disabled_info{$what}->{macro};
+ my @what2 = grep { $_ =~ /^${what}$/ } keys %disabled;
+ my $what3 = $what2[0];
+ if ($what3) {
+ print " $what3", ' ' x ($longest - length($what3) + 1),
+ "[$disabled{$what3}]", ' ' x ($longest2 - length($disabled{$what3}) + 1);
+ print $disabled_info{$what3}->{macro}
+ if $disabled_info{$what3}->{macro};
print ' (skip ',
- join(', ', @{$disabled_info{$what}->{skipped}}),
+ join(', ', @{$disabled_info{$what3}->{skipped}}),
')'
- if $disabled_info{$what}->{skipped};
+ if $disabled_info{$what3}->{skipped};
print "\n";
}
}
Index: src/crypto/external/bsd/openssl/dist/apps/ca.c
diff -u src/crypto/external/bsd/openssl/dist/apps/ca.c:1.20 src/crypto/external/bsd/openssl/dist/apps/ca.c:1.21
--- src/crypto/external/bsd/openssl/dist/apps/ca.c:1.20 Wed Dec 9 19:33:08 2020
+++ src/crypto/external/bsd/openssl/dist/apps/ca.c Fri Feb 19 22:22:13 2021
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2223,62 +2223,51 @@ static int get_certificate_status(const
static int do_updatedb(CA_DB *db)
{
- ASN1_UTCTIME *a_tm = NULL;
+ ASN1_TIME *a_tm = NULL;
int i, cnt = 0;
- int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
- char **rrow, *a_tm_s;
+ char **rrow;
- a_tm = ASN1_UTCTIME_new();
+ a_tm = ASN1_TIME_new();
if (a_tm == NULL)
return -1;
- /* get actual time and make a string */
+ /* get actual time */
if (X509_gmtime_adj(a_tm, 0) == NULL) {
- ASN1_UTCTIME_free(a_tm);
+ ASN1_TIME_free(a_tm);
return -1;
}
- a_tm_s = app_malloc(a_tm->length + 1, "time string");
-
- memcpy(a_tm_s, a_tm->data, a_tm->length);
- a_tm_s[a_tm->length] = '\0';
-
- if (strncmp(a_tm_s, "49", 2) <= 0)
- a_y2k = 1;
- else
- a_y2k = 0;
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (rrow[DB_type][0] == DB_TYPE_VAL) {
/* ignore entries that are not valid */
- if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
- db_y2k = 1;
- else
- db_y2k = 0;
+ ASN1_TIME *exp_date = NULL;
- if (db_y2k == a_y2k) {
- /* all on the same y2k side */
- if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
- rrow[DB_type][0] = DB_TYPE_EXP;
- rrow[DB_type][1] = '\0';
- cnt++;
+ exp_date = ASN1_TIME_new();
+ if (exp_date == NULL) {
+ ASN1_TIME_free(a_tm);
+ return -1;
+ }
- BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
- }
- } else if (db_y2k < a_y2k) {
+ if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) {
+ ASN1_TIME_free(a_tm);
+ ASN1_TIME_free(exp_date);
+ return -1;
+ }
+
+ if (ASN1_TIME_compare(exp_date, a_tm) <= 0) {
rrow[DB_type][0] = DB_TYPE_EXP;
rrow[DB_type][1] = '\0';
cnt++;
BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
}
-
+ ASN1_TIME_free(exp_date);
}
}
- ASN1_UTCTIME_free(a_tm);
- OPENSSL_free(a_tm_s);
+ ASN1_TIME_free(a_tm);
return cnt;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/armcap.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/armcap.c:1.12 src/crypto/external/bsd/openssl/dist/crypto/armcap.c:1.13
--- src/crypto/external/bsd/openssl/dist/crypto/armcap.c:1.12 Mon Jun 22 18:43:56 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/armcap.c Fri Feb 19 22:22:13 2021
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,6 +69,23 @@ void OPENSSL_cpuid_setup(void) __attribu
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# endif
+# if defined(__FreeBSD__)
+# include <sys/param.h>
+# if __FreeBSD_version >= 1200000
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+
+static unsigned long getauxval(unsigned long key)
+{
+ unsigned long val = 0ul;
+
+ if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
+ return 0ul;
+
+ return val;
+}
+# endif
+# endif
/*
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
Index: src/crypto/external/bsd/openssl/dist/crypto/ppccap.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ppccap.c:1.18 src/crypto/external/bsd/openssl/dist/crypto/ppccap.c:1.19
--- src/crypto/external/bsd/openssl/dist/crypto/ppccap.c:1.18 Sun Jul 19 11:33:08 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/ppccap.c Fri Feb 19 22:22:13 2021
@@ -1,5 +1,5 @@
/*
- * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -222,6 +222,24 @@ size_t OPENSSL_instrument_bus2(unsigned
# endif
#endif
+#if defined(__FreeBSD__)
+# include <sys/param.h>
+# if __FreeBSD_version >= 1200000
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+
+static unsigned long getauxval(unsigned long key)
+{
+ unsigned long val = 0ul;
+
+ if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
+ return 0ul;
+
+ return val;
+}
+# endif
+#endif
+
/* I wish <sys/auxv.h> was universally available */
#define HWCAP 16 /* AT_HWCAP */
#define HWCAP_PPC64 (1U << 30)
Index: src/crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c:1.12 src/crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c:1.13
--- src/crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c:1.12 Wed Dec 9 19:33:09 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c Fri Feb 19 22:22:13 2021
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -185,6 +185,7 @@ static int def_load_bio(CONF *conf, BIO
BUF_MEM *buff = NULL;
char *s, *p, *end;
int again;
+ int first_call = 1;
long eline = 0;
char btmp[DECIMAL_SIZE(eline) + 1];
CONF_VALUE *v = NULL, *tv;
@@ -233,6 +234,19 @@ static int def_load_bio(CONF *conf, BIO
BIO_gets(in, p, CONFBUFSIZE - 1);
p[CONFBUFSIZE - 1] = '\0';
ii = i = strlen(p);
+ if (first_call) {
+ /* Other BOMs imply unsupported multibyte encoding,
+ * so don't strip them and let the error raise */
+ const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF};
+
+ if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) {
+ memmove(p, p + 3, i - 3);
+ p[i - 3] = 0;
+ i -= 3;
+ ii -= 3;
+ }
+ first_call = 0;
+ }
if (i == 0 && !again) {
/* the currently processed BIO is at EOF */
BIO *parent;
Index: src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c:1.11 src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c:1.12
--- src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c:1.11 Sat Mar 21 20:53:05 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c Fri Feb 19 22:22:13 2021
@@ -8,6 +8,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include <assert.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
@@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_
return 1;
} else {
j = bl - i;
+
+ /*
+ * Once we've processed the first j bytes from in, the amount of
+ * data left that is a multiple of the block length is:
+ * (inl - j) & ~(bl - 1)
+ * We must ensure that this amount of data, plus the one block that
+ * we process from ctx->buf does not exceed INT_MAX
+ */
+ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
+ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
+ EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(&(ctx->buf[i]), in, j);
inl -= j;
in += j;
@@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
+ /*
+ * final_used is only ever set if buf_len is 0. Therefore the maximum
+ * length output we will ever see from evp_EncryptDecryptUpdate is
+ * the maximum multiple of the block length that is <= inl, or just:
+ * inl & ~(b - 1)
+ * Since final_used has been set then the final output length is:
+ * (inl & ~(b - 1)) + b
+ * This must never exceed INT_MAX
+ */
+ if ((inl & ~(b - 1)) > INT_MAX - b) {
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
Index: src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.21 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.22
--- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.21 Wed Dec 9 19:33:10 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Fri Feb 19 22:22:13 2021
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -323,9 +323,10 @@ static int sk_X509_contains(STACK_OF(X50
}
/*
- * Find in given STACK_OF(X509) sk a non-expired issuer cert (if any) of given cert x.
- * The issuer must not be the same as x and must not yet be in ctx->chain, where the
- * exceptional case x is self-issued and ctx->chain has just one element is allowed.
+ * Find in given STACK_OF(X509) sk an issuer cert of given cert x.
+ * The issuer must not yet be in ctx->chain, where the exceptional case
+ * that x is self-issued and ctx->chain has just one element is allowed.
+ * Prefer the first one that is not expired, else take the last expired one.
*/
static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
{
@@ -334,11 +335,7 @@ static X509 *find_issuer(X509_STORE_CTX
for (i = 0; i < sk_X509_num(sk); i++) {
issuer = sk_X509_value(sk, i);
- /*
- * Below check 'issuer != x' is an optimization and safety precaution:
- * Candidate issuer cert cannot be the same as the subject cert 'x'.
- */
- if (issuer != x && ctx->check_issued(ctx, x, issuer)
+ if (ctx->check_issued(ctx, x, issuer)
&& (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
|| !sk_X509_contains(ctx->chain, issuer))) {
rv = issuer;
Index: src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.10 src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.11
--- src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c:1.10 Sat Mar 21 20:53:10 2020
+++ src/crypto/external/bsd/openssl/dist/ssl/d1_lib.c Fri Feb 19 22:22:13 2021
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -142,10 +142,11 @@ void dtls1_free(SSL *s)
ssl3_free(s);
- dtls1_clear_queues(s);
-
- pqueue_free(s->d1->buffered_messages);
- pqueue_free(s->d1->sent_messages);
+ if (s->d1 != NULL) {
+ dtls1_clear_queues(s);
+ pqueue_free(s->d1->buffered_messages);
+ pqueue_free(s->d1->sent_messages);
+ }
OPENSSL_free(s->d1);
s->d1 = NULL;
Index: src/crypto/external/bsd/openssl/dist/test/rsa_test.c
diff -u src/crypto/external/bsd/openssl/dist/test/rsa_test.c:1.6 src/crypto/external/bsd/openssl/dist/test/rsa_test.c:1.7
--- src/crypto/external/bsd/openssl/dist/test/rsa_test.c:1.6 Wed Dec 9 19:33:10 2020
+++ src/crypto/external/bsd/openssl/dist/test/rsa_test.c Fri Feb 19 22:22:14 2021
@@ -42,7 +42,8 @@ int setup_tests(void)
BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL), \
BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \
BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \
- memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+ if (c != NULL) \
+ memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
return sizeof(ctext_ex) - 1;
static int key1(RSA *key, unsigned char *c)
@@ -211,16 +212,7 @@ static int key3(RSA *key, unsigned char
SetKey;
}
-static int pad_unknown(void)
-{
- unsigned long l;
- while ((l = ERR_get_error()) != 0)
- if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
- return 1;
- return 0;
-}
-
-static int rsa_setkey(RSA** key, unsigned char* ctext, int idx)
+static int rsa_setkey(RSA** key, unsigned char *ctext, int idx)
{
int clen = 0;
@@ -240,63 +232,72 @@ static int rsa_setkey(RSA** key, unsigne
return clen;
}
-static int test_rsa_pkcs1(int idx)
+static int test_rsa_simple(int idx, int en_pad_type, int de_pad_type,
+ int success, unsigned char *ctext_ex, int *clen,
+ RSA **retkey)
{
int ret = 0;
RSA *key;
unsigned char ptext[256];
unsigned char ctext[256];
static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
- unsigned char ctext_ex[256];
int plen;
- int clen = 0;
+ int clentmp = 0;
int num;
plen = sizeof(ptext_ex) - 1;
- clen = rsa_setkey(&key, ctext_ex, idx);
+ clentmp = rsa_setkey(&key, ctext_ex, idx);
+ if (clen != NULL)
+ *clen = clentmp;
- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
- RSA_PKCS1_PADDING);
- if (!TEST_int_eq(num, clen))
+ num = RSA_public_encrypt(plen, ptext_ex, ctext, key, en_pad_type);
+ if (!TEST_int_eq(num, clentmp))
goto err;
- num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING);
- if (!TEST_mem_eq(ptext, num, ptext_ex, plen))
- goto err;
+ num = RSA_private_decrypt(num, ctext, ptext, key, de_pad_type);
+ if (success) {
+ if (!TEST_int_gt(num, 0) || !TEST_mem_eq(ptext, num, ptext_ex, plen))
+ goto err;
+ } else {
+ if (!TEST_int_lt(num, 0))
+ goto err;
+ }
ret = 1;
+ if (retkey != NULL) {
+ *retkey = key;
+ key = NULL;
+ }
err:
RSA_free(key);
return ret;
}
-static int test_rsa_sslv23(int idx)
+static int test_rsa_pkcs1(int idx)
{
- int ret = 0;
- RSA *key;
- unsigned char ptext[256];
- unsigned char ctext[256];
- static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
- unsigned char ctext_ex[256];
- int plen;
- int clen = 0;
- int num;
-
- plen = sizeof(ptext_ex) - 1;
- clen = rsa_setkey(&key, ctext_ex, idx);
+ return test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_PKCS1_PADDING, 1, NULL,
+ NULL, NULL);
+}
- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
- RSA_SSLV23_PADDING);
- if (!TEST_int_eq(num, clen))
- goto err;
+static int test_rsa_sslv23(int idx)
+{
+ int ret;
- num = RSA_private_decrypt(num, ctext, ptext, key, RSA_SSLV23_PADDING);
- if (!TEST_mem_eq(ptext, num, ptext_ex, plen))
- goto err;
+ /* Simulate an SSLv2 only client talking to a TLS capable server */
+ ret = test_rsa_simple(idx, RSA_PKCS1_PADDING, RSA_SSLV23_PADDING, 1, NULL,
+ NULL, NULL);
+
+ /* Simulate a TLS capable client talking to an SSLv2 only server */
+ ret &= test_rsa_simple(idx, RSA_SSLV23_PADDING, RSA_PKCS1_PADDING, 1, NULL,
+ NULL, NULL);
+
+ /*
+ * Simulate a TLS capable client talking to a TLS capable server. Should
+ * fail due to detecting a rollback attack.
+ */
+ ret &= test_rsa_simple(idx, RSA_SSLV23_PADDING, RSA_SSLV23_PADDING, 0, NULL,
+ NULL, NULL);
- ret = 1;
-err:
- RSA_free(key);
return ret;
}
@@ -313,28 +314,16 @@ static int test_rsa_oaep(int idx)
int num;
int n;
- plen = sizeof(ptext_ex) - 1;
- clen = rsa_setkey(&key, ctext_ex, idx);
-
- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
- RSA_PKCS1_OAEP_PADDING);
- if (num == -1 && pad_unknown()) {
- TEST_info("Skipping: No OAEP support");
- ret = 1;
- goto err;
- }
- if (!TEST_int_eq(num, clen))
+ if (!test_rsa_simple(idx, RSA_PKCS1_OAEP_PADDING, RSA_PKCS1_OAEP_PADDING, 1,
+ ctext_ex, &clen, &key))
goto err;
- num = RSA_private_decrypt(num, ctext, ptext, key,
- RSA_PKCS1_OAEP_PADDING);
- if (!TEST_mem_eq(ptext, num, ptext_ex, plen))
- goto err;
+ plen = sizeof(ptext_ex) - 1;
/* Different ciphertexts. Try decrypting ctext_ex */
num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
RSA_PKCS1_OAEP_PADDING);
- if (!TEST_mem_eq(ptext, num, ptext_ex, plen))
+ if (num <= 0 || !TEST_mem_eq(ptext, num, ptext_ex, plen))
goto err;
/* Try decrypting corrupted ciphertexts. */
