diff options
Diffstat (limited to 'crypto/openssl/crypto/evp')
-rw-r--r-- | crypto/openssl/crypto/evp/bio_enc.c | 21 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/bio_ok.c | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/c_all.c | 5 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/digest.c | 16 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/e_rc4_hmac_md5.c | 4 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/e_seed.c | 3 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/evp_enc.c | 2 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/evp_test.c | 4 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/openbsd_hw.c | 22 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/p_lib.c | 8 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/pmeth_gn.c | 4 | ||||
-rw-r--r-- | crypto/openssl/crypto/evp/pmeth_lib.c | 2 |
12 files changed, 68 insertions, 25 deletions
diff --git a/crypto/openssl/crypto/evp/bio_enc.c b/crypto/openssl/crypto/evp/bio_enc.c index 363e024..0806f23 100644 --- a/crypto/openssl/crypto/evp/bio_enc.c +++ b/crypto/openssl/crypto/evp/bio_enc.c @@ -201,9 +201,14 @@ static int enc_read(BIO *b, char *out, int outl) break; } } else { - EVP_CipherUpdate(&(ctx->cipher), - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)&(ctx->buf[BUF_OFFSET]), i); + if (!EVP_CipherUpdate(&ctx->cipher, + (unsigned char *)ctx->buf, &ctx->buf_len, + (unsigned char *)&(ctx->buf[BUF_OFFSET]), + i)) { + BIO_clear_retry_flags(b); + ctx->ok = 0; + return 0; + } ctx->cont = 1; /* * Note: it is possible for EVP_CipherUpdate to decrypt zero @@ -260,9 +265,13 @@ static int enc_write(BIO *b, const char *in, int inl) ctx->buf_off = 0; while (inl > 0) { n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; - EVP_CipherUpdate(&(ctx->cipher), - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)in, n); + if (!EVP_CipherUpdate(&ctx->cipher, + (unsigned char *)ctx->buf, &ctx->buf_len, + (unsigned char *)in, n)) { + BIO_clear_retry_flags(b); + ctx->ok = 0; + return 0; + } inl -= n; in += n; diff --git a/crypto/openssl/crypto/evp/bio_ok.c b/crypto/openssl/crypto/evp/bio_ok.c index 5c32e35..16e151f 100644 --- a/crypto/openssl/crypto/evp/bio_ok.c +++ b/crypto/openssl/crypto/evp/bio_ok.c @@ -491,7 +491,7 @@ static int sig_out(BIO *b) * FIXME: there's absolutely no guarantee this makes any sense at all, * particularly now EVP_MD_CTX has been restructured. */ - if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0) + if (RAND_bytes(md->md_data, md->digest->md_size) <= 0) goto berr; memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); diff --git a/crypto/openssl/crypto/evp/c_all.c b/crypto/openssl/crypto/evp/c_all.c index a3ed00d..719e34d 100644 --- a/crypto/openssl/crypto/evp/c_all.c +++ b/crypto/openssl/crypto/evp/c_all.c @@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void) OPENSSL_cpuid_setup(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); -#ifndef OPENSSL_NO_ENGINE -# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) - ENGINE_setup_bsd_cryptodev(); -# endif -#endif } diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c index 5b642b2..4db1796 100644 --- a/crypto/openssl/crypto/evp/digest.c +++ b/crypto/openssl/crypto/evp/digest.c @@ -253,10 +253,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { #ifdef OPENSSL_FIPS - return FIPS_digestupdate(ctx, data, count); -#else - return ctx->update(ctx, data, count); + if (FIPS_mode()) + return FIPS_digestupdate(ctx, data, count); #endif + return ctx->update(ctx, data, count); } /* The caller can assume that this removes any secret data from the context */ @@ -271,10 +271,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) /* The caller can assume that this removes any secret data from the context */ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { -#ifdef OPENSSL_FIPS - return FIPS_digestfinal(ctx, md, size); -#else int ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return FIPS_digestfinal(ctx, md, size); +#endif OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret = ctx->digest->final(ctx, md); @@ -284,9 +285,8 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) ctx->digest->cleanup(ctx); EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); } - memset(ctx->md_data, 0, ctx->digest->ctx_size); + OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); return ret; -#endif } int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) diff --git a/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c b/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c index 2da1117..5e92855 100644 --- a/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c @@ -99,7 +99,7 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, return 1; } -# if !defined(OPENSSL_NO_ASM) && ( \ +# if defined(RC4_ASM) && defined(MD5_ASM) && ( \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) && \ @@ -254,6 +254,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, MD5_Init(&key->tail); MD5_Update(&key->tail, hmac_key, sizeof(hmac_key)); + OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); + return 1; } case EVP_CTRL_AEAD_TLS1_AAD: diff --git a/crypto/openssl/crypto/evp/e_seed.c b/crypto/openssl/crypto/evp/e_seed.c index 7249d1b..3d01eac 100644 --- a/crypto/openssl/crypto/evp/e_seed.c +++ b/crypto/openssl/crypto/evp/e_seed.c @@ -70,7 +70,8 @@ typedef struct { } EVP_SEED_KEY; IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed, - 16, 16, 16, 128, 0, seed_init_key, 0, 0, 0, 0) + 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1, + seed_init_key, 0, 0, 0, 0) static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c index 7d7be24..0e40f09 100644 --- a/crypto/openssl/crypto/evp/evp_enc.c +++ b/crypto/openssl/crypto/evp/evp_enc.c @@ -170,7 +170,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, #ifdef OPENSSL_FIPS if (FIPS_mode()) { - const EVP_CIPHER *fcipher; + const EVP_CIPHER *fcipher = NULL; if (cipher) fcipher = evp_get_fips_cipher(cipher); if (fcipher) diff --git a/crypto/openssl/crypto/evp/evp_test.c b/crypto/openssl/crypto/evp/evp_test.c index d7441ec..9879642 100644 --- a/crypto/openssl/crypto/evp/evp_test.c +++ b/crypto/openssl/crypto/evp/evp_test.c @@ -76,6 +76,7 @@ static void hexdump(FILE *f, const char *title, const unsigned char *s, int l) static int convert(unsigned char *s) { unsigned char *d; + int digits = 0; for (d = s; *s; s += 2, ++d) { unsigned int n; @@ -86,8 +87,9 @@ static int convert(unsigned char *s) } sscanf((char *)s, "%2x", &n); *d = (unsigned char)n; + digits++; } - return s - d; + return digits; } static char *sstrsep(char **string, const char *delim) diff --git a/crypto/openssl/crypto/evp/openbsd_hw.c b/crypto/openssl/crypto/evp/openbsd_hw.c index 75d12e2..07decf2 100644 --- a/crypto/openssl/crypto/evp/openbsd_hw.c +++ b/crypto/openssl/crypto/evp/openbsd_hw.c @@ -133,6 +133,10 @@ static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher, return 0; CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY); + if (CDATA(ctx)->key == NULL { + err("CDATA(ctx)->key memory allocation failed"); + return 0; + } assert(ctx->cipher->iv_len <= MAX_HW_IV); @@ -186,6 +190,11 @@ static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (((unsigned long)in & 3) || cinl != inl) { cin = OPENSSL_malloc(cinl); + if (cin == NULL) { + err("cin - memory allocation failed"); + abort(); + return 0; + } memcpy(cin, in, inl); cryp.src = cin; } @@ -334,6 +343,11 @@ static int do_digest(int ses, unsigned char *md, const void *data, int len) char *dcopy; dcopy = OPENSSL_malloc(len); + if (dcopy == NULL) { + err("dcopy - memory allocation failed"); + abort(); + return 0; + } memcpy(dcopy, data, len); cryp.src = dcopy; cryp.dst = cryp.src; // FIXME!!! @@ -364,6 +378,10 @@ static int dev_crypto_md5_update(EVP_MD_CTX *ctx, const void *data, return do_digest(md_data->sess.ses, md_data->md, data, len); md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len); + if (md_data->data == NULL) { + err("DEV_CRYPTO_MD5_UPDATE: unable to allocate memory"); + abort(); + } memcpy(md_data->data + md_data->len, data, len); md_data->len += len; @@ -397,6 +415,10 @@ static int dev_crypto_md5_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) assert(from->digest->flags & EVP_MD_FLAG_ONESHOT); to_md->data = OPENSSL_malloc(from_md->len); + if (to_md->data == NULL) { + err("DEV_CRYPTO_MD5_COPY: unable to allocate memory"); + abort(); + } memcpy(to_md->data, from_md->data, from_md->len); return 1; diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c index c017124..545d04f 100644 --- a/crypto/openssl/crypto/evp/p_lib.c +++ b/crypto/openssl/crypto/evp/p_lib.c @@ -130,6 +130,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS); goto err; } + + if (!EVP_PKEY_missing_parameters(to)) { + if (EVP_PKEY_cmp_parameters(to, from) == 1) + return 1; + EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS); + return 0; + } + if (from->ameth && from->ameth->param_copy) return from->ameth->param_copy(to, from); err: diff --git a/crypto/openssl/crypto/evp/pmeth_gn.c b/crypto/openssl/crypto/evp/pmeth_gn.c index 6435f1b..6a4d357 100644 --- a/crypto/openssl/crypto/evp/pmeth_gn.c +++ b/crypto/openssl/crypto/evp/pmeth_gn.c @@ -149,8 +149,10 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) if (!ppkey) return -1; - if (!*ppkey) + if (*ppkey == NULL) *ppkey = EVP_PKEY_new(); + if (*ppkey == NULL) + return -1; ret = ctx->pmeth->keygen(ctx, *ppkey); if (ret <= 0) { diff --git a/crypto/openssl/crypto/evp/pmeth_lib.c b/crypto/openssl/crypto/evp/pmeth_lib.c index 9f81d10..9668b3a 100644 --- a/crypto/openssl/crypto/evp/pmeth_lib.c +++ b/crypto/openssl/crypto/evp/pmeth_lib.c @@ -91,7 +91,9 @@ static const EVP_PKEY_METHOD *standard_methods[] = { &ec_pkey_meth, #endif &hmac_pkey_meth, +#ifndef OPENSSL_NO_CMAC &cmac_pkey_meth, +#endif #ifndef OPENSSL_NO_DH &dhx_pkey_meth #endif |