Module Name: src
Committed By: msaitoh
Date: Fri Aug 14 05:59:39 UTC 2015
Modified Files:
src/crypto/dist/openssl [netbsd-5-1]: e_os2.h
src/crypto/dist/openssl/crypto/asn1 [netbsd-5-1]: a_int.c tasn_new.c
src/crypto/dist/openssl/crypto/bn [netbsd-5-1]: bn.h bn_err.c
bn_print.c bn_rand.c bn_shift.c
src/crypto/dist/openssl/crypto/cms [netbsd-5-1]: cms_smime.c
src/crypto/dist/openssl/crypto/ec [netbsd-5-1]: ec2_smpl.c ec_check.c
ec_key.c ec_lib.c ecp_smpl.c ectest.c
src/crypto/dist/openssl/crypto/ecdsa [netbsd-5-1]: ecdsatest.c
ecs_ossl.c
src/crypto/dist/openssl/crypto/objects [netbsd-5-1]: obj_dat.c
src/crypto/dist/openssl/crypto/ocsp [netbsd-5-1]: ocsp_vfy.c
src/crypto/dist/openssl/crypto/pem [netbsd-5-1]: pem_pk8.c
src/crypto/dist/openssl/crypto/pkcs7 [netbsd-5-1]: pk7_doit.c
src/crypto/dist/openssl/crypto/x509 [netbsd-5-1]: x509_lu.c x509_vfy.c
src/crypto/dist/openssl/doc/crypto [netbsd-5-1]: BN_rand.pod
BN_set_bit.pod pem.pod
src/crypto/dist/openssl/ssl [netbsd-5-1]: d1_lib.c s3_clnt.c s3_srvr.c
ssl.h ssl_err.c ssl_lib.c ssl_locl.h ssl_sess.c
src/crypto/dist/openssl/util [netbsd-5-1]: mkerr.pl
Log Message:
Pull up following revision(s) (requested by spz in ticket #1976):
crypto/dist/openssl/e_os2.h patch
crypto/dist/openssl/crypto/asn1/a_int.c patch
crypto/dist/openssl/crypto/asn1/tasn_new.c patch
crypto/dist/openssl/crypto/bn/bn.h patch
crypto/dist/openssl/crypto/bn/bn_err.c patch
crypto/dist/openssl/crypto/bn/bn_print.c patch
crypto/dist/openssl/crypto/bn/bn_rand.c patch
crypto/dist/openssl/crypto/bn/bn_shift.c patch
crypto/dist/openssl/crypto/cms/cms_smime.c patch
crypto/dist/openssl/crypto/ec/ec2_smpl.c patch
crypto/dist/openssl/crypto/ec/ec_check.c patch
crypto/dist/openssl/crypto/ec/ec_key.c patch
crypto/dist/openssl/crypto/ec/ec_lib.c patch
crypto/dist/openssl/crypto/ec/ecp_smpl.c patch
crypto/dist/openssl/crypto/ec/ectest.c patch
crypto/dist/openssl/crypto/ecdsa/ecdsatest.c patch
crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c patch
crypto/dist/openssl/crypto/objects/obj_dat.c patch
crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c patch
crypto/dist/openssl/crypto/pem/pem_pk8.c patch
crypto/dist/openssl/crypto/pkcs7/pk7_doit.c patch
crypto/dist/openssl/crypto/x509/x509_lu.c patch
crypto/dist/openssl/crypto/x509/x509_vfy.c patch
crypto/dist/openssl/doc/crypto/BN_rand.pod patch
crypto/dist/openssl/doc/crypto/BN_set_bit.pod patch
crypto/dist/openssl/doc/crypto/pem.pod patch
crypto/dist/openssl/ssl/d1_lib.c patch
crypto/dist/openssl/ssl/s3_clnt.c patch
crypto/dist/openssl/ssl/s3_srvr.c patch
crypto/dist/openssl/ssl/ssl.h patch
crypto/dist/openssl/ssl/ssl_err.c patch
crypto/dist/openssl/ssl/ssl_lib.c patch
crypto/dist/openssl/ssl/ssl_locl.h patch
crypto/dist/openssl/ssl/ssl_sess.c patch
crypto/dist/openssl/util/mkerr.pl patch
This change covers the vulnerabilities relevant to netbsd-5 from the
June OpenSSL advisory, and also fixes a regression introduced with the
POODLE fix in October last year that caused the SSL server side to
fail to handshake.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.7.12.1 src/crypto/dist/openssl/e_os2.h
cvs rdiff -u -r1.1.1.8 -r1.1.1.8.12.1 \
src/crypto/dist/openssl/crypto/asn1/a_int.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.12.1 \
src/crypto/dist/openssl/crypto/asn1/tasn_new.c
cvs rdiff -u -r1.12.12.1 -r1.12.12.2 src/crypto/dist/openssl/crypto/bn/bn.h
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.12.1 \
src/crypto/dist/openssl/crypto/bn/bn_err.c
cvs rdiff -u -r1.9 -r1.9.12.1 src/crypto/dist/openssl/crypto/bn/bn_print.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.34.1 \
src/crypto/dist/openssl/crypto/bn/bn_rand.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.34.1 \
src/crypto/dist/openssl/crypto/bn/bn_shift.c
cvs rdiff -u -r1.1.1.1.8.1 -r1.1.1.1.8.1.6.1 \
src/crypto/dist/openssl/crypto/cms/cms_smime.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.12.1 \
src/crypto/dist/openssl/crypto/ec/ec2_smpl.c \
src/crypto/dist/openssl/crypto/ec/ectest.c
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.34.1 \
src/crypto/dist/openssl/crypto/ec/ec_check.c
cvs rdiff -u -r1.1.1.1.34.1 -r1.1.1.1.34.2 \
src/crypto/dist/openssl/crypto/ec/ec_key.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.12.1 \
src/crypto/dist/openssl/crypto/ec/ec_lib.c
cvs rdiff -u -r1.1.1.4.34.1 -r1.1.1.4.34.2 \
src/crypto/dist/openssl/crypto/ec/ecp_smpl.c
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.12.1 \
src/crypto/dist/openssl/crypto/ecdsa/ecdsatest.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.12.1 \
src/crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c
cvs rdiff -u -r1.10.12.1 -r1.10.12.2 \
src/crypto/dist/openssl/crypto/objects/obj_dat.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.12.1 \
src/crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.34.1 \
src/crypto/dist/openssl/crypto/pem/pem_pk8.c
cvs rdiff -u -r1.6.12.1 -r1.6.12.2 \
src/crypto/dist/openssl/crypto/pkcs7/pk7_doit.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.12.1 \
src/crypto/dist/openssl/crypto/x509/x509_lu.c
cvs rdiff -u -r1.9 -r1.9.12.1 src/crypto/dist/openssl/crypto/x509/x509_vfy.c
cvs rdiff -u -r1.5 -r1.5.46.1 src/crypto/dist/openssl/doc/crypto/BN_rand.pod
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.46.1 \
src/crypto/dist/openssl/doc/crypto/BN_set_bit.pod
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.34.1 \
src/crypto/dist/openssl/doc/crypto/pem.pod
cvs rdiff -u -r1.1.1.3.12.1 -r1.1.1.3.12.2 \
src/crypto/dist/openssl/ssl/d1_lib.c
cvs rdiff -u -r1.12.4.2.2.5 -r1.12.4.2.2.6 \
src/crypto/dist/openssl/ssl/s3_clnt.c
cvs rdiff -u -r1.15.4.3.2.4 -r1.15.4.3.2.5 \
src/crypto/dist/openssl/ssl/s3_srvr.c
cvs rdiff -u -r1.18.4.1.2.2 -r1.18.4.1.2.3 src/crypto/dist/openssl/ssl/ssl.h
cvs rdiff -u -r1.12.4.1.2.1 -r1.12.4.1.2.2 \
src/crypto/dist/openssl/ssl/ssl_err.c
cvs rdiff -u -r1.5.12.2 -r1.5.12.3 src/crypto/dist/openssl/ssl/ssl_lib.c
cvs rdiff -u -r1.13.4.1.2.1 -r1.13.4.1.2.2 \
src/crypto/dist/openssl/ssl/ssl_locl.h
cvs rdiff -u -r1.12 -r1.12.12.1 src/crypto/dist/openssl/ssl/ssl_sess.c
cvs rdiff -u -r1.1.1.12 -r1.1.1.12.12.1 src/crypto/dist/openssl/util/mkerr.pl
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/openssl/e_os2.h
diff -u src/crypto/dist/openssl/e_os2.h:1.7 src/crypto/dist/openssl/e_os2.h:1.7.12.1
--- src/crypto/dist/openssl/e_os2.h:1.7 Fri May 9 21:49:39 2008
+++ src/crypto/dist/openssl/e_os2.h Fri Aug 14 05:59:38 2015
@@ -105,6 +105,12 @@ extern "C" {
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WIN32
# endif
+# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64)
+# undef OPENSSL_SYS_UNIX
+# if !defined(OPENSSL_SYS_WIN64)
+# define OPENSSL_SYS_WIN64
+# endif
+# endif
# if defined(OPENSSL_SYSNAME_WINNT)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WINNT
@@ -117,7 +123,7 @@ extern "C" {
#endif
/* Anything that tries to look like Microsoft is "Windows" */
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
# undef OPENSSL_SYS_UNIX
# define OPENSSL_SYS_WINDOWS
# ifndef OPENSSL_SYS_MSDOS
Index: src/crypto/dist/openssl/crypto/asn1/a_int.c
diff -u src/crypto/dist/openssl/crypto/asn1/a_int.c:1.1.1.8 src/crypto/dist/openssl/crypto/asn1/a_int.c:1.1.1.8.12.1
--- src/crypto/dist/openssl/crypto/asn1/a_int.c:1.1.1.8 Fri May 9 21:34:16 2008
+++ src/crypto/dist/openssl/crypto/asn1/a_int.c Fri Aug 14 05:59:38 2015
@@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
{
ret=a->length;
i=a->data[0];
+ if (ret == 1 && i == 0)
+ neg = 0;
if (!neg && (i > 127)) {
pad=1;
pb=0;
@@ -157,7 +159,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, un
p += a->length - 1;
i = a->length;
/* Copy zeros to destination as long as source is zero */
- while(!*n) {
+ while(!*n && i > 1) {
*(p--) = 0;
n--;
i--;
@@ -416,7 +418,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const B
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
goto err;
}
- if (BN_is_negative(bn))
+ if (BN_is_negative(bn) && !BN_is_zero(bn))
ret->type = V_ASN1_NEG_INTEGER;
else ret->type=V_ASN1_INTEGER;
j=BN_num_bits(bn);
Index: src/crypto/dist/openssl/crypto/asn1/tasn_new.c
diff -u src/crypto/dist/openssl/crypto/asn1/tasn_new.c:1.1.1.3 src/crypto/dist/openssl/crypto/asn1/tasn_new.c:1.1.1.3.12.1
--- src/crypto/dist/openssl/crypto/asn1/tasn_new.c:1.1.1.3 Fri May 9 21:34:18 2008
+++ src/crypto/dist/openssl/crypto/asn1/tasn_new.c Fri Aug 14 05:59:38 2015
@@ -100,8 +100,6 @@ static int asn1_item_ex_combine_new(ASN1
else
asn1_cb = 0;
- if (!combine) *pval = NULL;
-
#ifdef CRYPTO_MDEBUG
if (it->sname)
CRYPTO_push_info(it->sname);
Index: src/crypto/dist/openssl/crypto/bn/bn.h
diff -u src/crypto/dist/openssl/crypto/bn/bn.h:1.12.12.1 src/crypto/dist/openssl/crypto/bn/bn.h:1.12.12.2
--- src/crypto/dist/openssl/crypto/bn/bn.h:1.12.12.1 Fri Jun 6 06:44:04 2014
+++ src/crypto/dist/openssl/crypto/bn/bn.h Fri Aug 14 05:59:38 2015
@@ -826,6 +826,7 @@ void ERR_load_BN_strings(void);
#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
#define BN_F_BN_GF2M_MOD_SQR 136
#define BN_F_BN_GF2M_MOD_SQRT 137
+#define BN_F_BN_LSHIFT 145
#define BN_F_BN_MOD_EXP2_MONT 118
#define BN_F_BN_MOD_EXP_MONT 109
#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
@@ -841,12 +842,14 @@ void ERR_load_BN_strings(void);
#define BN_F_BN_NEW 113
#define BN_F_BN_RAND 114
#define BN_F_BN_RAND_RANGE 122
+#define BN_F_BN_RSHIFT 146
#define BN_F_BN_USUB 115
/* Reason codes. */
#define BN_R_ARG2_LT_ARG3 100
#define BN_R_BAD_RECIPROCAL 101
#define BN_R_BIGNUM_TOO_LONG 114
+#define BN_R_BITS_TOO_SMALL 118
#define BN_R_CALLED_WITH_EVEN_MODULUS 102
#define BN_R_DIV_BY_ZERO 103
#define BN_R_ENCODING_ERROR 104
@@ -854,6 +857,7 @@ void ERR_load_BN_strings(void);
#define BN_R_INPUT_NOT_REDUCED 110
#define BN_R_INVALID_LENGTH 106
#define BN_R_INVALID_RANGE 115
+#define BN_R_INVALID_SHIFT 119
#define BN_R_NOT_A_SQUARE 111
#define BN_R_NOT_INITIALIZED 107
#define BN_R_NO_INVERSE 108
Index: src/crypto/dist/openssl/crypto/bn/bn_err.c
diff -u src/crypto/dist/openssl/crypto/bn/bn_err.c:1.1.1.7 src/crypto/dist/openssl/crypto/bn/bn_err.c:1.1.1.7.12.1
--- src/crypto/dist/openssl/crypto/bn/bn_err.c:1.1.1.7 Fri May 9 21:34:19 2008
+++ src/crypto/dist/openssl/crypto/bn/bn_err.c Fri Aug 14 05:59:38 2015
@@ -1,6 +1,6 @@
/* crypto/bn/bn_err.c */
/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[]=
{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
+{ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"},
{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
@@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[]=
{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+{ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"},
{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
{0,NULL}
};
@@ -118,6 +120,7 @@ static ERR_STRING_DATA BN_str_reasons[]=
{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"},
{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"},
{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"},
+{ERR_REASON(BN_R_BITS_TOO_SMALL) ,"bits too small"},
{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"},
{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"},
@@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[]=
{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"},
{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"},
{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"},
+{ERR_REASON(BN_R_INVALID_SHIFT) ,"invalid shift"},
{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"},
{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"},
{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"},
Index: src/crypto/dist/openssl/crypto/bn/bn_print.c
diff -u src/crypto/dist/openssl/crypto/bn/bn_print.c:1.9 src/crypto/dist/openssl/crypto/bn/bn_print.c:1.9.12.1
--- src/crypto/dist/openssl/crypto/bn/bn_print.c:1.9 Fri May 9 21:49:39 2008
+++ src/crypto/dist/openssl/crypto/bn/bn_print.c Fri Aug 14 05:59:38 2015
@@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a)
char *buf;
char *p;
- buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
+ if (a->neg && BN_is_zero(a)) {
+ /* "-0" == 3 bytes including NULL terminator */
+ buf = OPENSSL_malloc(3);
+ } else {
+ buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
+ }
if (buf == NULL)
{
BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
Index: src/crypto/dist/openssl/crypto/bn/bn_rand.c
diff -u src/crypto/dist/openssl/crypto/bn/bn_rand.c:1.1.1.6 src/crypto/dist/openssl/crypto/bn/bn_rand.c:1.1.1.6.34.1
--- src/crypto/dist/openssl/crypto/bn/bn_rand.c:1.1.1.6 Fri Nov 25 03:04:41 2005
+++ src/crypto/dist/openssl/crypto/bn/bn_rand.c Fri Aug 14 05:59:38 2015
@@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM
int ret=0,bit,bytes,mask;
time_t tim;
+ if (bits < 0 || (bits == 1 && top > 0)) {
+ BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
+ return 0;
+ }
+
if (bits == 0)
{
BN_zero(rnd);
@@ -174,7 +179,7 @@ static int bnrand(int pseudorand, BIGNUM
}
#endif
- if (top != -1)
+ if (top >= 0)
{
if (top)
{
Index: src/crypto/dist/openssl/crypto/bn/bn_shift.c
diff -u src/crypto/dist/openssl/crypto/bn/bn_shift.c:1.1.1.4 src/crypto/dist/openssl/crypto/bn/bn_shift.c:1.1.1.4.34.1
--- src/crypto/dist/openssl/crypto/bn/bn_shift.c:1.1.1.4 Fri Nov 25 03:04:43 2005
+++ src/crypto/dist/openssl/crypto/bn/bn_shift.c Fri Aug 14 05:59:38 2015
@@ -138,6 +138,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a
bn_check_top(r);
bn_check_top(a);
+ if (n < 0) {
+ BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
+ return 0;
+ }
+
r->neg=a->neg;
nw=n/BN_BITS2;
if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
@@ -174,6 +179,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a
bn_check_top(r);
bn_check_top(a);
+ if (n < 0) {
+ BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
+ return 0;
+ }
+
nw=n/BN_BITS2;
rb=n%BN_BITS2;
lb=BN_BITS2-rb;
Index: src/crypto/dist/openssl/crypto/cms/cms_smime.c
diff -u src/crypto/dist/openssl/crypto/cms/cms_smime.c:1.1.1.1.8.1 src/crypto/dist/openssl/crypto/cms/cms_smime.c:1.1.1.1.8.1.6.1
--- src/crypto/dist/openssl/crypto/cms/cms_smime.c:1.1.1.1.8.1 Mon Mar 30 16:29:38 2009
+++ src/crypto/dist/openssl/crypto/cms/cms_smime.c Fri Aug 14 05:59:39 2015
@@ -136,7 +136,7 @@ static void do_free_upto(BIO *f, BIO *up
BIO_free(f);
f = tbio;
}
- while (f != upto);
+ while (f && f != upto);
}
else
BIO_free_all(f);
Index: src/crypto/dist/openssl/crypto/ec/ec2_smpl.c
diff -u src/crypto/dist/openssl/crypto/ec/ec2_smpl.c:1.1.1.3 src/crypto/dist/openssl/crypto/ec/ec2_smpl.c:1.1.1.3.12.1
--- src/crypto/dist/openssl/crypto/ec/ec2_smpl.c:1.1.1.3 Fri May 9 21:34:26 2008
+++ src/crypto/dist/openssl/crypto/ec/ec2_smpl.c Fri Aug 14 05:59:39 2015
@@ -723,7 +723,7 @@ int ec_GF2m_simple_oct2point(const EC_GR
if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
}
- if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+ if (EC_POINT_is_on_curve(group, point, ctx) <= 0) /* test required by X9.62 */
{
ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
@@ -887,7 +887,7 @@ int ec_GF2m_simple_is_on_curve(const EC_
field_sqr = group->meth->field_sqr;
/* only support affine coordinates */
- if (!point->Z_is_one) goto err;
+ if (!point->Z_is_one) return -1;
if (ctx == NULL)
{
Index: src/crypto/dist/openssl/crypto/ec/ectest.c
diff -u src/crypto/dist/openssl/crypto/ec/ectest.c:1.1.1.3 src/crypto/dist/openssl/crypto/ec/ectest.c:1.1.1.3.12.1
--- src/crypto/dist/openssl/crypto/ec/ectest.c:1.1.1.3 Fri May 9 21:34:27 2008
+++ src/crypto/dist/openssl/crypto/ec/ectest.c Fri Aug 14 05:59:39 2015
@@ -267,7 +267,7 @@ void prime_field_tests()
if (!BN_hex2bn(&x, "D")) ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, Q, ctx))
+ if (EC_POINT_is_on_curve(group, Q, ctx) <= 0)
{
if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
fprintf(stderr, "Point is not on curve: x = 0x");
@@ -363,7 +363,7 @@ void prime_field_tests()
if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;
if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;
if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
@@ -407,7 +407,7 @@ void prime_field_tests()
if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
@@ -451,7 +451,7 @@ void prime_field_tests()
if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
@@ -495,7 +495,7 @@ void prime_field_tests()
if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
"84F3B9CAC2FC632551")) ABORT;
if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
@@ -544,7 +544,7 @@ void prime_field_tests()
if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
"9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
@@ -598,7 +598,7 @@ void prime_field_tests()
"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
"3C1856A429BF97E7E31C2E5BD66")) ABORT;
if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
"C9B8899C47AEBB6FB71E91386409")) ABORT;
@@ -641,7 +641,7 @@ void prime_field_tests()
if (!EC_POINT_copy(Q, P)) ABORT;
if (EC_POINT_is_at_infinity(group, Q)) ABORT;
if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
@@ -754,7 +754,7 @@ void prime_field_tests()
#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
if (!BN_hex2bn(&x, _x)) ABORT; \
if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
if (!BN_hex2bn(&z, _order)) ABORT; \
if (!BN_hex2bn(&cof, _cof)) ABORT; \
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -772,7 +772,7 @@ void prime_field_tests()
if (!BN_hex2bn(&x, _x)) ABORT; \
if (!BN_hex2bn(&y, _y)) ABORT; \
if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \
if (!BN_hex2bn(&z, _order)) ABORT; \
if (!BN_hex2bn(&cof, _cof)) ABORT; \
if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
@@ -885,7 +885,7 @@ void char2_field_tests()
if (!BN_hex2bn(&y, "8")) ABORT;
if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
#endif
- if (!EC_POINT_is_on_curve(group, Q, ctx))
+ if (EC_POINT_is_on_curve(group, Q, ctx) <= 0)
{
/* Change test based on whether binary point compression is enabled or not. */
#ifdef OPENSSL_EC_BIN_PT_COMP
@@ -1124,7 +1124,7 @@ void char2_field_tests()
if (!EC_POINT_copy(Q, P)) ABORT;
if (EC_POINT_is_at_infinity(group, Q)) ABORT;
if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+ if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT;
if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
Index: src/crypto/dist/openssl/crypto/ec/ec_check.c
diff -u src/crypto/dist/openssl/crypto/ec/ec_check.c:1.1.1.2 src/crypto/dist/openssl/crypto/ec/ec_check.c:1.1.1.2.34.1
--- src/crypto/dist/openssl/crypto/ec/ec_check.c:1.1.1.2 Sat Jun 3 01:41:56 2006
+++ src/crypto/dist/openssl/crypto/ec/ec_check.c Fri Aug 14 05:59:39 2015
@@ -88,7 +88,7 @@ int EC_GROUP_check(const EC_GROUP *group
ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
goto err;
}
- if (!EC_POINT_is_on_curve(group, group->generator, ctx))
+ if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0)
{
ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
Index: src/crypto/dist/openssl/crypto/ec/ec_key.c
diff -u src/crypto/dist/openssl/crypto/ec/ec_key.c:1.1.1.1.34.1 src/crypto/dist/openssl/crypto/ec/ec_key.c:1.1.1.1.34.2
--- src/crypto/dist/openssl/crypto/ec/ec_key.c:1.1.1.1.34.1 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/crypto/ec/ec_key.c Fri Aug 14 05:59:39 2015
@@ -312,7 +312,7 @@ int EC_KEY_check_key(const EC_KEY *eckey
goto err;
/* testing whether the pub_key is on the elliptic curve */
- if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))
+ if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0)
{
ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
Index: src/crypto/dist/openssl/crypto/ec/ec_lib.c
diff -u src/crypto/dist/openssl/crypto/ec/ec_lib.c:1.1.1.4 src/crypto/dist/openssl/crypto/ec/ec_lib.c:1.1.1.4.12.1
--- src/crypto/dist/openssl/crypto/ec/ec_lib.c:1.1.1.4 Fri May 9 21:34:26 2008
+++ src/crypto/dist/openssl/crypto/ec/ec_lib.c Fri Aug 14 05:59:39 2015
@@ -1040,6 +1040,13 @@ int EC_POINT_is_at_infinity(const EC_GRO
}
+/*
+ * Check whether an EC_POINT is on the curve or not. Note that the return
+ * value for this function should NOT be treated as a boolean. Return values:
+ * 1: The point is on the curve
+ * 0: The point is not on the curve
+ * -1: An error occurred
+ */
int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
{
if (group->meth->is_on_curve == 0)
Index: src/crypto/dist/openssl/crypto/ec/ecp_smpl.c
diff -u src/crypto/dist/openssl/crypto/ec/ecp_smpl.c:1.1.1.4.34.1 src/crypto/dist/openssl/crypto/ec/ecp_smpl.c:1.1.1.4.34.2
--- src/crypto/dist/openssl/crypto/ec/ecp_smpl.c:1.1.1.4.34.1 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/crypto/ec/ecp_smpl.c Fri Aug 14 05:59:39 2015
@@ -983,7 +983,7 @@ int ec_GFp_simple_oct2point(const EC_GRO
if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
}
- if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+ if (EC_POINT_is_on_curve(group, point, ctx) <= 0) /* test required by X9.62 */
{
ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
goto err;
Index: src/crypto/dist/openssl/crypto/ecdsa/ecdsatest.c
diff -u src/crypto/dist/openssl/crypto/ecdsa/ecdsatest.c:1.1.1.2 src/crypto/dist/openssl/crypto/ecdsa/ecdsatest.c:1.1.1.2.12.1
--- src/crypto/dist/openssl/crypto/ecdsa/ecdsatest.c:1.1.1.2 Fri May 9 21:34:27 2008
+++ src/crypto/dist/openssl/crypto/ecdsa/ecdsatest.c Fri Aug 14 05:59:39 2015
@@ -168,8 +168,7 @@ int fbytes(unsigned char *buf, int num)
return 0;
}
fbytes_counter ++;
- ret = BN_bn2bin(tmp, buf);
- if (ret == 0 || ret != num)
+ if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
ret = 0;
else
ret = 1;
@@ -287,9 +286,12 @@ int test_builtin(BIO *out)
size_t crv_len = 0, n = 0;
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
EC_GROUP *group;
+ ECDSA_SIG *ecdsa_sig = NULL;
unsigned char digest[20], wrong_digest[20];
unsigned char *signature = NULL;
- unsigned int sig_len;
+ unsigned char *sig_ptr;
+ unsigned char *raw_buf = NULL;
+ unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
int nid, ret = 0;
/* fill digest values with some random data */
@@ -339,7 +341,8 @@ int test_builtin(BIO *out)
if (EC_KEY_set_group(eckey, group) == 0)
goto builtin_err;
EC_GROUP_free(group);
- if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160)
+ degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
+ if (degree < 160)
/* drop the curve */
{
EC_KEY_free(eckey);
@@ -415,26 +418,89 @@ int test_builtin(BIO *out)
}
BIO_printf(out, ".");
(void)BIO_flush(out);
- /* modify a single byte of the signature */
- offset = signature[10] % sig_len;
- dirt = signature[11];
- signature[offset] ^= dirt ? dirt : 1;
+ /* wrong length */
+ if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
+ eckey) == 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ /* Modify a single byte of the signature: to ensure we don't
+ * garble the ASN1 structure, we read the raw signature and
+ * modify a byte in one of the bignums directly. */
+ sig_ptr = signature;
+ if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, (const unsigned char **) &sig_ptr, sig_len)) == NULL)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+
+ /* Store the two BIGNUMs in raw_buf. */
+ r_len = BN_num_bytes(ecdsa_sig->r);
+ s_len = BN_num_bytes(ecdsa_sig->s);
+ bn_len = (degree + 7) / 8;
+ if ((r_len > bn_len) || (s_len > bn_len))
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ buf_len = 2 * bn_len;
+ if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
+ goto builtin_err;
+ /* Pad the bignums with leading zeroes. */
+ memset(raw_buf, 0, buf_len);
+ BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
+ BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
+
+ /* Modify a single byte in the buffer. */
+ offset = raw_buf[10] % buf_len;
+ dirt = raw_buf[11] ? raw_buf[11] : 1;
+ raw_buf[offset] ^= dirt;
+ /* Now read the BIGNUMs back in from raw_buf. */
+ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+ goto builtin_err;
+
+ sig_ptr = signature;
+ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
{
BIO_printf(out, " failed\n");
goto builtin_err;
}
+ /* Sanity check: undo the modification and verify signature. */
+ raw_buf[offset] ^= dirt;
+ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+ goto builtin_err;
+
+ sig_ptr = signature;
+ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+ {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
BIO_printf(out, ".");
(void)BIO_flush(out);
BIO_printf(out, " ok\n");
/* cleanup */
+ /* clean bogus errors */
+ ERR_clear_error();
OPENSSL_free(signature);
signature = NULL;
EC_KEY_free(eckey);
eckey = NULL;
EC_KEY_free(wrong_eckey);
wrong_eckey = NULL;
+ ECDSA_SIG_free(ecdsa_sig);
+ ecdsa_sig = NULL;
+ OPENSSL_free(raw_buf);
+ raw_buf = NULL;
}
ret = 1;
@@ -443,8 +509,12 @@ builtin_err:
EC_KEY_free(eckey);
if (wrong_eckey)
EC_KEY_free(wrong_eckey);
+ if (ecdsa_sig)
+ ECDSA_SIG_free(ecdsa_sig);
if (signature)
OPENSSL_free(signature);
+ if (raw_buf)
+ OPENSSL_free(raw_buf);
if (curves)
OPENSSL_free(curves);
Index: src/crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c
diff -u src/crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c:1.1.1.3 src/crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c:1.1.1.3.12.1
--- src/crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c:1.1.1.3 Fri May 9 21:34:27 2008
+++ src/crypto/dist/openssl/crypto/ecdsa/ecs_ossl.c Fri Aug 14 05:59:39 2015
@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *ecke
}
while (BN_is_zero(k));
+ /* We do not want timing information to leak the length of k,
+ * so we compute G*k using an equivalent scalar of fixed
+ * bit-length. */
+
+ if (!BN_add(k, k, order)) goto err;
+ if (BN_num_bits(k) <= BN_num_bits(order))
+ if (!BN_add(k, k, order)) goto err;
+
/* compute r the x-coordinate of generator * k */
if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
{
Index: src/crypto/dist/openssl/crypto/objects/obj_dat.c
diff -u src/crypto/dist/openssl/crypto/objects/obj_dat.c:1.10.12.1 src/crypto/dist/openssl/crypto/objects/obj_dat.c:1.10.12.2
--- src/crypto/dist/openssl/crypto/objects/obj_dat.c:1.10.12.1 Wed Aug 27 13:32:35 2014
+++ src/crypto/dist/openssl/crypto/objects/obj_dat.c Fri Aug 14 05:59:39 2015
@@ -397,6 +397,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
if (a->nid != 0)
return(a->nid);
+ if (a->length == 0)
+ return(NID_undef);
+
if (added != NULL)
{
ad.type=ADDED_DATA;
Index: src/crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c
diff -u src/crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c:1.1.1.4 src/crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c:1.1.1.4.12.1
--- src/crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c:1.1.1.4 Fri May 9 21:34:32 2008
+++ src/crypto/dist/openssl/crypto/ocsp/ocsp_vfy.c Fri Aug 14 05:59:39 2015
@@ -77,6 +77,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
{
X509 *signer, *x;
STACK_OF(X509) *chain = NULL;
+ STACK_OF(X509) *untrusted = NULL;
X509_STORE_CTX ctx;
int i, ret = 0;
ret = ocsp_find_signer(&signer, bs, certs, st, flags);
@@ -102,10 +103,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
if (!(flags & OCSP_NOVERIFY))
{
int init_res;
- if(flags & OCSP_NOCHAIN)
- init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
- else
- init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ if(flags & OCSP_NOCHAIN) {
+ untrusted = NULL;
+ } else if (bs->certs && certs) {
+ untrusted = sk_X509_dup(bs->certs);
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ }
+ } else {
+ untrusted = bs->certs;
+ }
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
if(!init_res)
{
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
@@ -154,7 +165,10 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs
end:
- if(chain) sk_X509_pop_free(chain, X509_free);
+ if(chain)
+ sk_X509_pop_free(chain, X509_free);
+ if (bs->certs && certs)
+ sk_X509_free(untrusted);
return ret;
}
Index: src/crypto/dist/openssl/crypto/pem/pem_pk8.c
diff -u src/crypto/dist/openssl/crypto/pem/pem_pk8.c:1.1.1.2 src/crypto/dist/openssl/crypto/pem/pem_pk8.c:1.1.1.2.34.1
--- src/crypto/dist/openssl/crypto/pem/pem_pk8.c:1.1.1.2 Fri Nov 25 03:06:40 2005
+++ src/crypto/dist/openssl/crypto/pem/pem_pk8.c Fri Aug 14 05:59:39 2015
@@ -137,6 +137,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY
p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
if(kstr == buf) OPENSSL_cleanse(buf, klen);
PKCS8_PRIV_KEY_INFO_free(p8inf);
+ if (p8 == NULL)
+ return 0;
if(isder) ret = i2d_PKCS8_bio(bp, p8);
else ret = PEM_write_bio_PKCS8(bp, p8);
X509_SIG_free(p8);
Index: src/crypto/dist/openssl/crypto/pkcs7/pk7_doit.c
diff -u src/crypto/dist/openssl/crypto/pkcs7/pk7_doit.c:1.6.12.1 src/crypto/dist/openssl/crypto/pkcs7/pk7_doit.c:1.6.12.2
--- src/crypto/dist/openssl/crypto/pkcs7/pk7_doit.c:1.6.12.1 Thu Mar 19 16:40:07 2015
+++ src/crypto/dist/openssl/crypto/pkcs7/pk7_doit.c Fri Aug 14 05:59:39 2015
@@ -462,12 +462,20 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
switch (i)
{
case NID_pkcs7_signed:
+ /*
+ * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
+ * field and optional content.
+ * data_body is NULL if that structure has no (=detached) content
+ * or if the contentType is wrong (i.e., not "data").
+ */
+
data_body=PKCS7_get_octet_string(p7->d.sign->contents);
md_sk=p7->d.sign->md_algs;
break;
case NID_pkcs7_signedAndEnveloped:
rsk=p7->d.signed_and_enveloped->recipientinfo;
md_sk=p7->d.signed_and_enveloped->md_algs;
+ /* data_body is NULL if the optional EncryptedContent is missing. */
data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
@@ -481,6 +489,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
case NID_pkcs7_enveloped:
rsk=p7->d.enveloped->recipientinfo;
enc_alg=p7->d.enveloped->enc_data->algorithm;
+ /* data_body is NULL if the optional EncryptedContent is missing. */
data_body=p7->d.enveloped->enc_data->enc_data;
evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
if (evp_cipher == NULL)
@@ -495,6 +504,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
goto err;
}
+ /* Detached content must be supplied via in_bio instead. */
+ if (data_body == NULL && in_bio == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+ goto err;
+ }
+
/* We will be checking the signature */
if (md_sk != NULL)
{
@@ -629,7 +644,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
}
#if 1
- if (PKCS7_is_detached(p7) || (in_bio != NULL))
+ if (in_bio != NULL)
{
bio=in_bio;
}
Index: src/crypto/dist/openssl/crypto/x509/x509_lu.c
diff -u src/crypto/dist/openssl/crypto/x509/x509_lu.c:1.1.1.6 src/crypto/dist/openssl/crypto/x509/x509_lu.c:1.1.1.6.12.1
--- src/crypto/dist/openssl/crypto/x509/x509_lu.c:1.1.1.6 Fri May 9 21:34:38 2008
+++ src/crypto/dist/openssl/crypto/x509/x509_lu.c Fri Aug 14 05:59:39 2015
@@ -207,6 +207,8 @@ X509_STORE *X509_STORE_new(void)
static void cleanup(X509_OBJECT *a)
{
+ if (!a)
+ return;
if (a->type == X509_LU_X509)
{
X509_free(a->data.x509);
Index: src/crypto/dist/openssl/crypto/x509/x509_vfy.c
diff -u src/crypto/dist/openssl/crypto/x509/x509_vfy.c:1.9 src/crypto/dist/openssl/crypto/x509/x509_vfy.c:1.9.12.1
--- src/crypto/dist/openssl/crypto/x509/x509_vfy.c:1.9 Fri May 9 21:49:42 2008
+++ src/crypto/dist/openssl/crypto/x509/x509_vfy.c Fri Aug 14 05:59:39 2015
@@ -1168,49 +1168,91 @@ int X509_cmp_time(const ASN1_TIME *ctm,
ASN1_TIME atm;
long offset;
char buff1[24],buff2[24],*p;
- int i,j;
+ int i,j, remaining;
p=buff1;
- i=ctm->length;
+ remaining=ctm->length;
str=(char *)ctm->data;
+ /*
+ * Note that the following (historical) code allows much more slack in the
+ * time format than RFC5280. In RFC5280, the representation is fixed:
+ * UTCTime: YYMMDDHHMMSSZ
+ * GeneralizedTime: YYYYMMDDHHMMSSZ
+ */
if (ctm->type == V_ASN1_UTCTIME)
{
- if ((i < 11) || (i > 17)) return 0;
+ /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
+ int min_length = sizeof("YYMMDDHHMMZ") - 1;
+ int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
+ if (remaining < min_length || remaining > max_length)
+ return 0;
memcpy(p,str,10);
p+=10;
str+=10;
+ remaining -= 10;
}
else
{
- if (i < 13) return 0;
+ /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
+ int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
+ int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
+ if (remaining < min_length || remaining > max_length)
+ return 0;
memcpy(p,str,12);
p+=12;
str+=12;
+ remaining -= 12;
}
if ((*str == 'Z') || (*str == '-') || (*str == '+'))
{ *(p++)='0'; *(p++)='0'; }
else
{
+ /* SS (seconds) */
+ if (remaining < 2)
+ return 0;
*(p++)= *(str++);
*(p++)= *(str++);
- /* Skip any fractional seconds... */
- if (*str == '.')
- {
+ remaining -= 2;
+ /*
+ * Skip any (up to three) fractional seconds...
+ * TODO(emilia): in RFC5280, fractional seconds are forbidden.
+ * Can we just kill them altogether?
+ */
+ if (remaining && *str == '.')
+ {
str++;
- while ((*str >= '0') && (*str <= '9')) str++;
+ remaining--;
+ for (i = 0; i < 3 && remaining; i++, str++, remaining--)
+ {
+ if (*str < '0' || *str > '9')
+ break;
+ }
}
-
}
*(p++)='Z';
*(p++)='\0';
+ /* We now need either a terminating 'Z' or an offset. */
+ if (!remaining)
+ return 0;
if (*str == 'Z')
- offset=0;
+ {
+ if (remaining != 1)
+ return 0;
+ offset = 0;
+ }
else
{
+ /* (+-)HHMM */
if ((*str != '+') && (*str != '-'))
return 0;
+ /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
+ if (remaining != 5)
+ return 0;
+ if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
+ str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
+ return 0;
offset=((str[1]-'0')*10+(str[2]-'0'))*60;
offset+=(str[3]-'0')*10+(str[4]-'0');
if (*str == '-')
@@ -1458,6 +1500,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
{
+ if (!ctx)
+ return;
X509_STORE_CTX_cleanup(ctx);
OPENSSL_free(ctx);
}
Index: src/crypto/dist/openssl/doc/crypto/BN_rand.pod
diff -u src/crypto/dist/openssl/doc/crypto/BN_rand.pod:1.5 src/crypto/dist/openssl/doc/crypto/BN_rand.pod:1.5.46.1
--- src/crypto/dist/openssl/doc/crypto/BN_rand.pod:1.5 Thu Jul 24 14:17:36 2003
+++ src/crypto/dist/openssl/doc/crypto/BN_rand.pod Fri Aug 14 05:59:39 2015
@@ -24,7 +24,8 @@ most significant bit of the random numbe
it is set to 1, and if B<top> is 1, the two most significant bits of
the number will be set to 1, so that the product of two such random
numbers will always have 2*B<bits> length. If B<bottom> is true, the
-number will be odd.
+number will be odd. The value of B<bits> must be zero or greater. If B<bits> is
+1 then B<top> cannot also be 1.
BN_pseudo_rand() does the same, but pseudo-random numbers generated by
this function are not necessarily unpredictable. They can be used for
Index: src/crypto/dist/openssl/doc/crypto/BN_set_bit.pod
diff -u src/crypto/dist/openssl/doc/crypto/BN_set_bit.pod:1.1.1.1 src/crypto/dist/openssl/doc/crypto/BN_set_bit.pod:1.1.1.1.46.1
--- src/crypto/dist/openssl/doc/crypto/BN_set_bit.pod:1.1.1.1 Sun Jul 16 05:08:47 2000
+++ src/crypto/dist/openssl/doc/crypto/BN_set_bit.pod Fri Aug 14 05:59:39 2015
@@ -37,12 +37,12 @@ BN_mask_bits() truncates B<a> to an B<n>
shorter than B<n> bits.
BN_lshift() shifts B<a> left by B<n> bits and places the result in
-B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places
-the result in B<r> (C<r=2*a>).
+B<r> (C<r=a*2^n>). Note that B<n> must be non-negative. BN_lshift1() shifts
+B<a> left by one and places the result in B<r> (C<r=2*a>).
BN_rshift() shifts B<a> right by B<n> bits and places the result in
-B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places
-the result in B<r> (C<r=a/2>).
+B<r> (C<r=a/2^n>). Note that B<n> must be non-negative. BN_rshift1() shifts
+B<a> right by one and places the result in B<r> (C<r=a/2>).
For the shift functions, B<r> and B<a> may be the same variable.
Index: src/crypto/dist/openssl/doc/crypto/pem.pod
diff -u src/crypto/dist/openssl/doc/crypto/pem.pod:1.1.1.3 src/crypto/dist/openssl/doc/crypto/pem.pod:1.1.1.3.34.1
--- src/crypto/dist/openssl/doc/crypto/pem.pod:1.1.1.3 Fri Mar 25 19:10:16 2005
+++ src/crypto/dist/openssl/doc/crypto/pem.pod Fri Aug 14 05:59:39 2015
@@ -239,7 +239,8 @@ SubjectPublicKeyInfo structure and an er
key is not DSA.
The B<DSAparams> functions process DSA parameters using a DSA
-structure. The parameters are encoded using a foobar structure.
+structure. The parameters are encoded using a Dss-Parms structure
+as defined in RFC2459.
The B<DHparams> functions process DH parameters using a DH
structure. The parameters are encoded using a PKCS#3 DHparameter
Index: src/crypto/dist/openssl/ssl/d1_lib.c
diff -u src/crypto/dist/openssl/ssl/d1_lib.c:1.1.1.3.12.1 src/crypto/dist/openssl/ssl/d1_lib.c:1.1.1.3.12.2
--- src/crypto/dist/openssl/ssl/d1_lib.c:1.1.1.3.12.1 Mon Jan 26 11:47:24 2015
+++ src/crypto/dist/openssl/ssl/d1_lib.c Fri Aug 14 05:59:39 2015
@@ -125,13 +125,18 @@ int dtls1_new(SSL *s)
void dtls1_free(SSL *s)
{
- pitem *item = NULL;
- hm_fragment *frag = NULL;
+ pitem *item = NULL;
+ hm_fragment *frag = NULL;
+ DTLS1_RECORD_DATA *rdata;
ssl3_free(s);
while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
{
+ rdata = (DTLS1_RECORD_DATA *)item->data;
+ if (rdata->rbuf.buf) {
+ OPENSSL_free(rdata->rbuf.buf);
+ }
OPENSSL_free(item->data);
pitem_free(item);
}
@@ -139,6 +144,10 @@ void dtls1_free(SSL *s)
while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
{
+ rdata = (DTLS1_RECORD_DATA *)item->data;
+ if (rdata->rbuf.buf) {
+ OPENSSL_free(rdata->rbuf.buf);
+ }
OPENSSL_free(item->data);
pitem_free(item);
}
Index: src/crypto/dist/openssl/ssl/s3_clnt.c
diff -u src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.2.2.5 src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.2.2.6
--- src/crypto/dist/openssl/ssl/s3_clnt.c:1.12.4.2.2.5 Mon Jan 26 11:47:24 2015
+++ src/crypto/dist/openssl/ssl/s3_clnt.c Fri Aug 14 05:59:39 2015
@@ -1879,6 +1879,38 @@ int ssl3_get_new_session_ticket(SSL *s)
goto f_err;
}
p=d=(unsigned char *)s->init_msg;
+
+ if (s->session->session_id_length > 0) {
+ int i = s->session_ctx->session_cache_mode;
+ SSL_SESSION *new_sess;
+ /*
+ * We reused an existing session, so we need to replace it with a new
+ * one
+ */
+ if (i & SSL_SESS_CACHE_CLIENT) {
+ /*
+ * Remove the old session from the cache
+ */
+ if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) {
+ if (s->session_ctx->remove_session_cb != NULL)
+ s->session_ctx->remove_session_cb(s->session_ctx,
+ s->session);
+ } else {
+ /* We carry on if this fails */
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ }
+ }
+
+ if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+
+ SSL_SESSION_free(s->session);
+ s->session = new_sess;
+ }
+
n2l(p, s->session->tlsext_tick_lifetime_hint);
n2s(p, ticklen);
/* ticket_lifetime_hint + ticket_length + ticket */
Index: src/crypto/dist/openssl/ssl/s3_srvr.c
diff -u src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.3.2.4 src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.3.2.5
--- src/crypto/dist/openssl/ssl/s3_srvr.c:1.15.4.3.2.4 Mon Jan 26 11:47:24 2015
+++ src/crypto/dist/openssl/ssl/s3_srvr.c Fri Aug 14 05:59:39 2015
@@ -790,6 +790,16 @@ int ssl3_get_client_hello(SSL *s)
s->first_packet=0;
d=p=(unsigned char *)s->init_msg;
+ /*
+ * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte
+ * for session id length
+ */
+ if (n < 2 + SSL3_RANDOM_SIZE + 1) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+
/* use version from inside client hello, not from record header
* (may differ: see RFC 2246, Appendix E, second paragraph) */
s->client_version=(((int)p[0])<<8)|(int)p[1];
@@ -815,6 +825,12 @@ int ssl3_get_client_hello(SSL *s)
/* get the session-id */
j= *(p++);
+ if (p + j > d + n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+
s->hit=0;
/* Versions before 0.9.7 always allow session reuse during renegotiation
* (i.e. when s->new_session is true), option
@@ -850,18 +866,35 @@ int ssl3_get_client_hello(SSL *s)
if (s->version == DTLS1_VERSION)
{
/* cookie stuff */
+ if (p + 1 > d + n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
cookie_len = *(p++);
- if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
- s->d1->send_cookie == 0)
+ if (p + cookie_len > d + n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+
+ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
{
- /* HelloVerifyMessage has already been sent */
- if ( cookie_len != s->d1->cookie_len)
- {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+ unsigned int session_length, cookie_length;
+
+ session_length = *(p + SSL3_RANDOM_SIZE);
+
+ if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
+ cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
+
+ if (cookie_length == 0)
+ return 1;
+
}
/*
@@ -908,6 +941,13 @@ int ssl3_get_client_hello(SSL *s)
p += cookie_len;
}
+ if (p + 2 > d + n)
+ {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+
n2s(p,i);
if ((i == 0) && (j != 0))
{
@@ -916,7 +956,8 @@ int ssl3_get_client_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
goto f_err;
}
- if ((p+i) >= (d+n))
+ /* i bytes of cipher data + 1 byte for compression length later */
+ if ((p+i+1) >= (d+n))
{
/* not enough data */
al=SSL_AD_DECODE_ERROR;
@@ -2039,6 +2080,7 @@ int ssl3_get_client_key_exchange(SSL *s)
int padl, outl;
krb5_timestamp authtime = 0;
krb5_ticket_times ttimes;
+ int kerr = 0;
EVP_CIPHER_CTX_init(&ciph_ctx);
@@ -2151,26 +2193,30 @@ int ssl3_get_client_key_exchange(SSL *s)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
- goto err;
+ kerr = 1;
+ goto kclean;
}
if (outl > SSL_MAX_MASTER_KEY_LENGTH)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
+ kerr = 1;
+ goto kclean;
}
if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DECRYPTION_FAILED);
- goto err;
+ kerr = 1;
+ goto kclean;
}
outl += padl;
if (outl > SSL_MAX_MASTER_KEY_LENGTH)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
+ kerr = 1;
+ goto kclean;
}
if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
{
@@ -2187,7 +2233,8 @@ int ssl3_get_client_key_exchange(SSL *s)
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_AD_DECODE_ERROR);
- goto err;
+ kerr = 1;
+ goto kclean;
}
}
@@ -2213,6 +2260,11 @@ int ssl3_get_client_key_exchange(SSL *s)
** kssl_ctx = kssl_ctx_free(kssl_ctx);
** if (s->kssl_ctx) s->kssl_ctx = NULL;
*/
+
+kclean:
+ OPENSSL_cleanse(pms, sizeof(pms));
+ if (kerr)
+ goto err;
}
else
#endif /* OPENSSL_NO_KRB5 */
Index: src/crypto/dist/openssl/ssl/ssl.h
diff -u src/crypto/dist/openssl/ssl/ssl.h:1.18.4.1.2.2 src/crypto/dist/openssl/ssl/ssl.h:1.18.4.1.2.3
--- src/crypto/dist/openssl/ssl/ssl.h:1.18.4.1.2.2 Mon Jan 26 11:47:24 2015
+++ src/crypto/dist/openssl/ssl/ssl.h Fri Aug 14 05:59:39 2015
@@ -1909,6 +1909,7 @@ void ERR_load_SSL_strings(void);
#define SSL_F_SSL_READ 223
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
+#define SSL_F_SSL_SESSION_DUP 348
#define SSL_F_SSL_SESSION_NEW 189
#define SSL_F_SSL_SESSION_PRINT_FP 190
#define SSL_F_SSL_SESS_CERT_NEW 225
Index: src/crypto/dist/openssl/ssl/ssl_err.c
diff -u src/crypto/dist/openssl/ssl/ssl_err.c:1.12.4.1.2.1 src/crypto/dist/openssl/ssl/ssl_err.c:1.12.4.1.2.2
--- src/crypto/dist/openssl/ssl/ssl_err.c:1.12.4.1.2.1 Sun Oct 19 20:10:11 2014
+++ src/crypto/dist/openssl/ssl/ssl_err.c Fri Aug 14 05:59:39 2015
@@ -223,6 +223,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
+{ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"},
{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
Index: src/crypto/dist/openssl/ssl/ssl_lib.c
diff -u src/crypto/dist/openssl/ssl/ssl_lib.c:1.5.12.2 src/crypto/dist/openssl/ssl/ssl_lib.c:1.5.12.3
--- src/crypto/dist/openssl/ssl/ssl_lib.c:1.5.12.2 Mon Jan 26 11:47:24 2015
+++ src/crypto/dist/openssl/ssl/ssl_lib.c Fri Aug 14 05:59:39 2015
@@ -1371,27 +1371,6 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_ciphe
SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
return(NULL);
}
- if ((skp == NULL) || (*skp == NULL))
- sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
- else
- {
- sk= *skp;
- sk_SSL_CIPHER_zero(sk);
- }
-
- for (i=0; i<num; i+=n)
- {
- c=ssl_get_cipher_by_char(s,p);
- p+=n;
- if (c != NULL)
- {
- if (!sk_SSL_CIPHER_push(sk,c))
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- }
if ((skp == NULL) || (*skp == NULL))
sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
Index: src/crypto/dist/openssl/ssl/ssl_locl.h
diff -u src/crypto/dist/openssl/ssl/ssl_locl.h:1.13.4.1.2.1 src/crypto/dist/openssl/ssl/ssl_locl.h:1.13.4.1.2.2
--- src/crypto/dist/openssl/ssl/ssl_locl.h:1.13.4.1.2.1 Mon Jan 26 11:47:24 2015
+++ src/crypto/dist/openssl/ssl/ssl_locl.h Fri Aug 14 05:59:39 2015
@@ -770,6 +770,7 @@ void ssl_sess_cert_free(SESS_CERT *sc);
int ssl_set_peer_cert_type(SESS_CERT *c, int type);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
const SSL_CIPHER * const *bp);
Index: src/crypto/dist/openssl/ssl/ssl_sess.c
diff -u src/crypto/dist/openssl/ssl/ssl_sess.c:1.12 src/crypto/dist/openssl/ssl/ssl_sess.c:1.12.12.1
--- src/crypto/dist/openssl/ssl/ssl_sess.c:1.12 Fri May 9 21:49:42 2008
+++ src/crypto/dist/openssl/ssl/ssl_sess.c Fri Aug 14 05:59:39 2015
@@ -218,6 +218,79 @@ SSL_SESSION *SSL_SESSION_new(void)
return(ss);
}
+/*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
+{
+ SSL_SESSION *dest;
+
+ dest = OPENSSL_malloc(sizeof(*src));
+ if (dest == NULL) {
+ goto err;
+ }
+ memcpy(dest, src, sizeof(*dest));
+
+ /*
+ * Set the various pointers to NULL so that we can call SSL_SESSION_free in
+ * the case of an error whilst halfway through constructing dest
+ */
+ dest->ciphers = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+ dest->tlsext_hostname = NULL;
+#endif
+ dest->tlsext_tick = NULL;
+ memset(&dest->ex_data, 0, sizeof(dest->ex_data));
+
+ /* We deliberately don't copy the prev and next pointers */
+ dest->prev = NULL;
+ dest->next = NULL;
+
+ dest->references = 1;
+
+ if (src->sess_cert != NULL)
+ CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT);
+
+ if (src->peer != NULL)
+ CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
+
+ if(src->ciphers != NULL) {
+ dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers);
+ if (dest->ciphers == NULL)
+ goto err;
+ }
+
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
+ &dest->ex_data, &src->ex_data)) {
+ goto err;
+ }
+
+#ifndef OPENSSL_NO_TLSEXT
+ if (src->tlsext_hostname) {
+ dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname);
+ if (dest->tlsext_hostname == NULL) {
+ goto err;
+ }
+ }
+#endif
+
+ if (ticket != 0) {
+ dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen);
+ if(dest->tlsext_tick == NULL)
+ goto err;
+ } else {
+ dest->tlsext_tick_lifetime_hint = 0;
+ dest->tlsext_ticklen = 0;
+ }
+
+ return dest;
+err:
+ SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
+ SSL_SESSION_free(dest);
+ return NULL;
+}
+
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
{
if(len)
@@ -428,6 +501,13 @@ int ssl_get_prev_session(SSL *s, unsigne
if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
goto err;
+
+ if (session_id + len > limit)
+ {
+ fatal = 1;
+ goto err;
+ }
+
#ifndef OPENSSL_NO_TLSEXT
r = tls1_process_ticket(s, session_id, len, limit, &ret);
if (r == -1)
Index: src/crypto/dist/openssl/util/mkerr.pl
diff -u src/crypto/dist/openssl/util/mkerr.pl:1.1.1.12 src/crypto/dist/openssl/util/mkerr.pl:1.1.1.12.12.1
--- src/crypto/dist/openssl/util/mkerr.pl:1.1.1.12 Fri May 9 21:34:48 2008
+++ src/crypto/dist/openssl/util/mkerr.pl Fri Aug 14 05:59:39 2015
@@ -463,9 +463,17 @@ EOF
# First, read any existing reason string definitions:
my %err_reason_strings;
if (open(IN,"<$cfile")) {
+ my $line = "";
while (<IN>) {
- if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
- $err_reason_strings{$1} = $2;
+ chomp;
+ $_ = $line . $_;
+ $line = "";
+ if (/{ERR_REASON\(/) {
+ if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
+ $err_reason_strings{$1} = $2;
+ } else {
+ $line = $_;
+ }
}
if (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) {
if (!exists $ftrans{$1} && ($1 ne $2)) {
