import OpenSSL 1.0.0e

author: djm <> 2011-11-03 02:32:21 +0000
committer: djm <> 2011-11-03 02:32:21 +0000
commit: 074782d395f8a140cd5120b87574dcd928bacd24 (patch)
tree: 79374ba6e81c08ba6e78220557d6f6e9ca03f7b7 /src/lib/libcrypto
parent: f6ca1ae73bb9eabfb510df2cffc2599db98d35a9 (diff)
download: openbsd-074782d395f8a140cd5120b87574dcd928bacd24.tar.gz
openbsd-074782d395f8a140cd5120b87574dcd928bacd24.tar.bz2
openbsd-074782d395f8a140cd5120b87574dcd928bacd24.zip
10 files changed, 140 insertions, 46 deletions
diff --git a/src/lib/libcrypto/LPdir_vms.c b/src/lib/libcrypto/LPdir_vms.c
index 85b427a623..7613bd254e 100644
--- a/src/lib/libcrypto/LPdir_vms.c
+++ b/src/lib/libcrypto/LPdir_vms.c
@@ -40,22 +40,18 @@
 #ifndef LPDIR_H
 #include "LPdir.h"
 #endif
+#include "vms_rms.h"
-/* Because some compiler options hide this macor */
+/* Some compiler options hide EVMSERR. */
 #ifndef EVMSERR
-#define EVMSERR         65535  /* error for non-translatable VMS errors */
+# define EVMSERR        65535  /* error for non-translatable VMS errors */
 #endif
 struct LP_dir_context_st
 {
  unsigned long VMS_context;
-#ifdef NAML$C_MAXRSS
+  char filespec[ NAMX_MAXRSS+ 1];
-  char filespec[NAML$C_MAXRSS+1];
+  char result[ NAMX_MAXRSS+ 1];
-  char result[NAML$C_MAXRSS+1];
-#else
-  char filespec[256];
-  char result[256];
-#endif
  struct dsc$descriptor_d filespec_dsc;
  struct dsc$descriptor_d result_dsc;
 };
@@ -66,6 +62,16 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
  char *p, *r;
  size_t l;
  unsigned long flags = 0;
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+        char *ctx_filespec_32p;
+# pragma pointer_size restore
+        char ctx_filespec_32[ NAMX_MAXRSS+ 1];
+#endif /* __INITIAL_POINTER_SIZE == 64 */
 #ifdef NAML$C_MAXRSS
  flags |= LIB$M_FIL_LONG_NAMES;
 #endif
@@ -93,13 +99,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
      filespeclen += 4;         /* "*.*;" */
-      if (filespeclen >
+      if (filespeclen > NAMX_MAXRSS)
-#ifdef NAML$C_MAXRSS
-          NAML$C_MAXRSS
-#else
-          255
-#endif
-          )
        {
          errno = ENAMETOOLONG;
          return 0;
@@ -115,14 +115,21 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
      strcpy((*ctx)->filespec,directory);
      strcat((*ctx)->filespec,"*.*;");
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define CTX_FILESPEC ctx_filespec_32p
+        /* Copy the file name to storage with a 32-bit pointer. */
+        ctx_filespec_32p = ctx_filespec_32;
+        strcpy( ctx_filespec_32p, (*ctx)->filespec);
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define CTX_FILESPEC (*ctx)->filespec
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
      (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
      (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
      (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
-      (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
+      (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
-      (*ctx)->result_dsc.dsc$w_length = 0;
-      (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-      (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
-      (*ctx)->result_dsc.dsc$a_pointer = 0;
    }
  (*ctx)->result_dsc.dsc$w_length = 0;
diff --git a/src/lib/libcrypto/ecdsa/ecdsatest.c b/src/lib/libcrypto/ecdsa/ecdsatest.c
index aa4e1481a8..26a4a9ee7c 100644
--- a/src/lib/libcrypto/ecdsa/ecdsatest.c
+++ b/src/lib/libcrypto/ecdsa/ecdsatest.c
@@ -168,10 +168,9 @@ int fbytes(unsigned char *buf, int num)
                return 0;
                }
        fbytes_counter ++;
-        ret = BN_bn2bin(tmp, buf);      
+        if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
-        if (ret == 0 || ret != num)
                ret = 0;
-        else
+        else 
                ret = 1;
        if (tmp)
                BN_free(tmp);
diff --git a/src/lib/libcrypto/jpake/jpake.c b/src/lib/libcrypto/jpake/jpake.c
index 086d9f47e0..8e4b633ccc 100644
--- a/src/lib/libcrypto/jpake/jpake.c
+++ b/src/lib/libcrypto/jpake/jpake.c
@@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
    return 1;
    }
+/* g^x is a legal value */
+static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
+    {
+    BIGNUM *t;
+    int res;
+    
+    if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
+        return 0;
+    t = BN_new();
+    BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
+    res = BN_is_one(t);
+    BN_free(t);
+    return res;
+    }
 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
    {
+    if(!is_legal(received->p1.gx, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
+        return 0;
+        }
+    if(!is_legal(received->p2.gx, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
+        return 0;
+        }
   /* verify their ZKP(xc) */
    if(!verify_zkp(&received->p1, ctx->p.g, ctx))
        {
diff --git a/src/lib/libcrypto/jpake/jpake.h b/src/lib/libcrypto/jpake/jpake.h
index 693ea188cb..fd143b4d9b 100644
--- a/src/lib/libcrypto/jpake/jpake.h
+++ b/src/lib/libcrypto/jpake/jpake.h
@@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void);
 #define JPAKE_F_VERIFY_ZKP                               100
 /* Reason codes. */
+#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL                 108
+#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL                 109
 #define JPAKE_R_G_TO_THE_X4_IS_ONE                       105
 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH             106
 #define JPAKE_R_HASH_OF_KEY_MISMATCH                     107
diff --git a/src/lib/libcrypto/jpake/jpake_err.c b/src/lib/libcrypto/jpake/jpake_err.c
index 1b95067967..a9a9dee75c 100644
--- a/src/lib/libcrypto/jpake/jpake_err.c
+++ b/src/lib/libcrypto/jpake/jpake_err.c
@@ -1,6 +1,6 @@
 /* crypto/jpake/jpake_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]=
 static ERR_STRING_DATA JPAKE_str_reasons[]=
        {
+{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
 {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
 {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
 {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
diff --git a/src/lib/libcrypto/pqueue/pqueue.c b/src/lib/libcrypto/pqueue/pqueue.c
index 99a6fb874d..eab13a1250 100644
--- a/src/lib/libcrypto/pqueue/pqueue.c
+++ b/src/lib/libcrypto/pqueue/pqueue.c
@@ -167,14 +167,13 @@ pqueue_pop(pqueue_s *pq)
 pitem *
 pqueue_find(pqueue_s *pq, unsigned char *prio64be)
        {
-        pitem *next, *prev = NULL;
+        pitem *next;
        pitem *found = NULL;
        if ( pq->items == NULL)
                return NULL;
-        for ( next = pq->items; next->next != NULL; 
+        for ( next = pq->items; next->next != NULL; next = next->next)
-                  prev = next, next = next->next)
                {
                if ( memcmp(next->priority, prio64be,8) == 0)
                        {
diff --git a/src/lib/libcrypto/rand/rand_nw.c b/src/lib/libcrypto/rand/rand_nw.c
index f177ffbe82..8d5b8d2e32 100644
--- a/src/lib/libcrypto/rand/rand_nw.c
+++ b/src/lib/libcrypto/rand/rand_nw.c
@@ -160,8 +160,8 @@ int RAND_poll(void)
         rdtsc
         mov tsc, eax        
      }
-#else
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-      asm volatile("rdtsc":"=A" (tsc));
+      asm volatile("rdtsc":"=a"(tsc)::"edx");
 #endif
      RAND_add(&tsc, sizeof(tsc), 1);
diff --git a/src/lib/libcrypto/vms_rms.h b/src/lib/libcrypto/vms_rms.h
new file mode 100755
index 0000000000..00a00d993f
--- /dev/null
+++ b/src/lib/libcrypto/vms_rms.h
@@ -0,0 +1,51 @@
+#ifdef NAML$C_MAXRSS
+# define CC_RMS_NAMX cc$rms_naml
+# define FAB_NAMX fab$l_naml
+# define FAB_OR_NAML( fab, naml) naml
+# define FAB_OR_NAML_DNA naml$l_long_defname
+# define FAB_OR_NAML_DNS naml$l_long_defname_size
+# define FAB_OR_NAML_FNA naml$l_long_filename
+# define FAB_OR_NAML_FNS naml$l_long_filename_size
+# define NAMX_ESA naml$l_long_expand
+# define NAMX_ESL naml$l_long_expand_size
+# define NAMX_ESS naml$l_long_expand_alloc
+# define NAMX_NOP naml$b_nop
+# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1
+# if __INITIAL_POINTER_SIZE == 64
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \
+   fab.fab$l_fna = (__char_ptr32) -1;
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \
+   fab.fab$l_fna = (char *) -1;
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+# define NAMX_MAXRSS NAML$C_MAXRSS
+# define NAMX_STRUCT NAML
+#else /* def NAML$C_MAXRSS */
+# define CC_RMS_NAMX cc$rms_nam
+# define FAB_NAMX fab$l_nam
+# define FAB_OR_NAML( fab, naml) fab
+# define FAB_OR_NAML_DNA fab$l_dna
+# define FAB_OR_NAML_DNS fab$b_dns
+# define FAB_OR_NAML_FNA fab$l_fna
+# define FAB_OR_NAML_FNS fab$b_fns
+# define NAMX_ESA nam$l_esa
+# define NAMX_ESL nam$b_esl
+# define NAMX_ESS nam$b_ess
+# define NAMX_NOP nam$b_nop
+# define NAMX_DNA_FNA_SET(fab)
+# define NAMX_MAXRSS NAM$C_MAXRSS
+# define NAMX_STRUCT NAM
+# ifdef NAM$M_NO_SHORT_UPCASE
+#  define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1
+# else /* def NAM$M_NO_SHORT_UPCASE */
+#  define SET_NAMX_NO_SHORT_UPCASE( nam)
+# endif /* def NAM$M_NO_SHORT_UPCASE [else] */
+#endif /* def NAML$C_MAXRSS [else] */
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
index 9087d66e0a..0d70e8696d 100644
--- a/src/lib/libcrypto/x509v3/v3_addr.c
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
  unsigned char addr[ADDR_RAW_BUF_LEN];
  int i, n;
+  if (bs->length < 0)
+    return 0;
  switch (afi) {
  case IANA_AFI_IPV4:
+    if (bs->length > 4)
+      return 0;
    addr_expand(addr, bs, 4, fill);
    BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
    break;
  case IANA_AFI_IPV6:
+    if (bs->length > 16)
+      return 0;
    addr_expand(addr, bs, 16, fill);
    for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
      ;
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c
index 56702f86b9..3f434c0603 100644
--- a/src/lib/libcrypto/x509v3/v3_asid.c
+++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -61,7 +61,6 @@
 #include <stdio.h>
 #include <string.h>
-#include <assert.h>
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
@@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
 {
  const ASIdOrRange *a = *a_, *b = *b_;
-  assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+  OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
         (a->type == ASIdOrRange_range && a->u.range != NULL &&
          a->u.range->min != NULL && a->u.range->max != NULL));
-  assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+  OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
         (b->type == ASIdOrRange_range && b->u.range != NULL &&
          b->u.range->min != NULL && b->u.range->max != NULL));
@@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
  if (*choice == NULL) {
    if ((*choice = ASIdentifierChoice_new()) == NULL)
      return 0;
-    assert((*choice)->u.inherit == NULL);
+    OPENSSL_assert((*choice)->u.inherit == NULL);
    if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
      return 0;
    (*choice)->type = ASIdentifierChoice_inherit;
@@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
  if (*choice == NULL) {
    if ((*choice = ASIdentifierChoice_new()) == NULL)
      return 0;
-    assert((*choice)->u.asIdsOrRanges == NULL);
+    OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
    (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
    if ((*choice)->u.asIdsOrRanges == NULL)
      return 0;
@@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
                            ASN1_INTEGER **min,
                            ASN1_INTEGER **max)
 {
-  assert(aor != NULL && min != NULL && max != NULL);
+  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
  switch (aor->type) {
  case ASIdOrRange_id:
    *min = aor->u.id;
@@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 int v3_asid_is_canonical(ASIdentifiers *asid)
 {
  return (asid == NULL ||
-          (ASIdentifierChoice_is_canonical(asid->asnum) ||
+          (ASIdentifierChoice_is_canonical(asid->asnum) &&
           ASIdentifierChoice_is_canonical(asid->rdi)));
 }
@@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
  /*
   * We have a list.  Sort it.
   */
-  assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
+  OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
  sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
  /*
@@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
    /*
     * Make sure we're properly sorted (paranoia).
     */
-    assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
    /*
     * Check for overlaps.
@@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
    }
  }
-  assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+  OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
  ret = 1;
@@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
  int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
  X509 *x;
-  assert(chain != NULL && sk_X509_num(chain) > 0);
+  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-  assert(ctx != NULL || ext != NULL);
+  OPENSSL_assert(ctx != NULL || ext != NULL);
-  assert(ctx == NULL || ctx->verify_cb != NULL);
+  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
  /*
   * Figure out where to start.  If we don't have an extension to
@@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
  } else {
    i = 0;
    x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
    if ((ext = x->rfc3779_asid) == NULL)
      goto done;
  }
@@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   */
  for (i++; i < sk_X509_num(chain); i++) {
    x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
    if (x->rfc3779_asid == NULL) {
      if (child_as != NULL || child_rdi != NULL)
        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
  /*
   * Trust anchor can't inherit.
   */
-  assert(x != NULL);
+  OPENSSL_assert(x != NULL);
  if (x->rfc3779_asid != NULL) {
    if (x->rfc3779_asid->asnum != NULL &&
        x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
author	djm <>	2011-11-03 02:32:21 +0000
committer	djm <>	2011-11-03 02:32:21 +0000
commit	074782d395f8a140cd5120b87574dcd928bacd24 (patch)
tree	79374ba6e81c08ba6e78220557d6f6e9ca03f7b7 /src/lib/libcrypto
parent	f6ca1ae73bb9eabfb510df2cffc2599db98d35a9 (diff)
download	openbsd-074782d395f8a140cd5120b87574dcd928bacd24.tar.gz openbsd-074782d395f8a140cd5120b87574dcd928bacd24.tar.bz2 openbsd-074782d395f8a140cd5120b87574dcd928bacd24.zip