summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authordjm <>2012-01-05 22:59:08 +0000
committerdjm <>2012-01-05 22:59:08 +0000
commit7aa3571aba92d82f8dd3caabe48fad636f05a0fd (patch)
tree851ee61336830430906a0fb1d3eba6718e2bffd2 /src
parent074782d395f8a140cd5120b87574dcd928bacd24 (diff)
downloadopenbsd-7aa3571aba92d82f8dd3caabe48fad636f05a0fd.tar.gz
openbsd-7aa3571aba92d82f8dd3caabe48fad636f05a0fd.tar.bz2
openbsd-7aa3571aba92d82f8dd3caabe48fad636f05a0fd.zip
OpenSSL 1.0.0f: import upstream source
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/ecdsa/ecdsatest.c85
-rw-r--r--src/lib/libcrypto/x509v3/v3_addr.c125
-rw-r--r--src/lib/libssl/src/apps/cms.c2
-rwxr-xr-xsrc/lib/libssl/src/crypto/bn/asm/x86-mont.pl4
-rw-r--r--src/lib/libssl/src/crypto/ec/ec2_smpl.c2
-rw-r--r--src/lib/libssl/src/crypto/ecdsa/ecdsatest.c85
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_addr.c125
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost2001_keyx.c4
-rw-r--r--src/lib/libssl/src/engines/ccgost/gost94_keyx.c4
-rw-r--r--src/lib/libssl/src/ssl/d1_both.c23
-rw-r--r--src/lib/libssl/src/ssl/d1_lib.c9
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c26
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c2
13 files changed, 380 insertions, 116 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecdsatest.c b/src/lib/libcrypto/ecdsa/ecdsatest.c
index 26a4a9ee7c..54cfb8c753 100644
--- a/src/lib/libcrypto/ecdsa/ecdsatest.c
+++ b/src/lib/libcrypto/ecdsa/ecdsatest.c
@@ -286,9 +286,12 @@ int test_builtin(BIO *out)
286 size_t crv_len = 0, n = 0; 286 size_t crv_len = 0, n = 0;
287 EC_KEY *eckey = NULL, *wrong_eckey = NULL; 287 EC_KEY *eckey = NULL, *wrong_eckey = NULL;
288 EC_GROUP *group; 288 EC_GROUP *group;
289 ECDSA_SIG *ecdsa_sig = NULL;
289 unsigned char digest[20], wrong_digest[20]; 290 unsigned char digest[20], wrong_digest[20];
290 unsigned char *signature = NULL; 291 unsigned char *signature = NULL;
291 unsigned int sig_len; 292 unsigned char *sig_ptr;
293 unsigned char *raw_buf = NULL;
294 unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
292 int nid, ret = 0; 295 int nid, ret = 0;
293 296
294 /* fill digest values with some random data */ 297 /* fill digest values with some random data */
@@ -338,7 +341,8 @@ int test_builtin(BIO *out)
338 if (EC_KEY_set_group(eckey, group) == 0) 341 if (EC_KEY_set_group(eckey, group) == 0)
339 goto builtin_err; 342 goto builtin_err;
340 EC_GROUP_free(group); 343 EC_GROUP_free(group);
341 if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160) 344 degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
345 if (degree < 160)
342 /* drop the curve */ 346 /* drop the curve */
343 { 347 {
344 EC_KEY_free(eckey); 348 EC_KEY_free(eckey);
@@ -414,26 +418,89 @@ int test_builtin(BIO *out)
414 } 418 }
415 BIO_printf(out, "."); 419 BIO_printf(out, ".");
416 (void)BIO_flush(out); 420 (void)BIO_flush(out);
417 /* modify a single byte of the signature */ 421 /* wrong length */
418 offset = signature[10] % sig_len; 422 if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
419 dirt = signature[11]; 423 eckey) == 1)
420 signature[offset] ^= dirt ? dirt : 1; 424 {
425 BIO_printf(out, " failed\n");
426 goto builtin_err;
427 }
428 BIO_printf(out, ".");
429 (void)BIO_flush(out);
430
431 /* Modify a single byte of the signature: to ensure we don't
432 * garble the ASN1 structure, we read the raw signature and
433 * modify a byte in one of the bignums directly. */
434 sig_ptr = signature;
435 if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
436 {
437 BIO_printf(out, " failed\n");
438 goto builtin_err;
439 }
440
441 /* Store the two BIGNUMs in raw_buf. */
442 r_len = BN_num_bytes(ecdsa_sig->r);
443 s_len = BN_num_bytes(ecdsa_sig->s);
444 bn_len = (degree + 7) / 8;
445 if ((r_len > bn_len) || (s_len > bn_len))
446 {
447 BIO_printf(out, " failed\n");
448 goto builtin_err;
449 }
450 buf_len = 2 * bn_len;
451 if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
452 goto builtin_err;
453 /* Pad the bignums with leading zeroes. */
454 memset(raw_buf, 0, buf_len);
455 BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
456 BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
457
458 /* Modify a single byte in the buffer. */
459 offset = raw_buf[10] % buf_len;
460 dirt = raw_buf[11] ? raw_buf[11] : 1;
461 raw_buf[offset] ^= dirt;
462 /* Now read the BIGNUMs back in from raw_buf. */
463 if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
464 (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
465 goto builtin_err;
466
467 sig_ptr = signature;
468 sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
421 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) 469 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
422 { 470 {
423 BIO_printf(out, " failed\n"); 471 BIO_printf(out, " failed\n");
424 goto builtin_err; 472 goto builtin_err;
425 } 473 }
474 /* Sanity check: undo the modification and verify signature. */
475 raw_buf[offset] ^= dirt;
476 if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
477 (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
478 goto builtin_err;
479
480 sig_ptr = signature;
481 sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
482 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
483 {
484 BIO_printf(out, " failed\n");
485 goto builtin_err;
486 }
426 BIO_printf(out, "."); 487 BIO_printf(out, ".");
427 (void)BIO_flush(out); 488 (void)BIO_flush(out);
428 489
429 BIO_printf(out, " ok\n"); 490 BIO_printf(out, " ok\n");
430 /* cleanup */ 491 /* cleanup */
492 /* clean bogus errors */
493 ERR_clear_error();
431 OPENSSL_free(signature); 494 OPENSSL_free(signature);
432 signature = NULL; 495 signature = NULL;
433 EC_KEY_free(eckey); 496 EC_KEY_free(eckey);
434 eckey = NULL; 497 eckey = NULL;
435 EC_KEY_free(wrong_eckey); 498 EC_KEY_free(wrong_eckey);
436 wrong_eckey = NULL; 499 wrong_eckey = NULL;
500 ECDSA_SIG_free(ecdsa_sig);
501 ecdsa_sig = NULL;
502 OPENSSL_free(raw_buf);
503 raw_buf = NULL;
437 } 504 }
438 505
439 ret = 1; 506 ret = 1;
@@ -442,8 +509,12 @@ builtin_err:
442 EC_KEY_free(eckey); 509 EC_KEY_free(eckey);
443 if (wrong_eckey) 510 if (wrong_eckey)
444 EC_KEY_free(wrong_eckey); 511 EC_KEY_free(wrong_eckey);
512 if (ecdsa_sig)
513 ECDSA_SIG_free(ecdsa_sig);
445 if (signature) 514 if (signature)
446 OPENSSL_free(signature); 515 OPENSSL_free(signature);
516 if (raw_buf)
517 OPENSSL_free(raw_buf);
447 if (curves) 518 if (curves)
448 OPENSSL_free(curves); 519 OPENSSL_free(curves);
449 520
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
index 0d70e8696d..df46a4983b 100644
--- a/src/lib/libcrypto/x509v3/v3_addr.c
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -142,12 +142,13 @@ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
142 * Expand the bitstring form of an address into a raw byte array. 142 * Expand the bitstring form of an address into a raw byte array.
143 * At the moment this is coded for simplicity, not speed. 143 * At the moment this is coded for simplicity, not speed.
144 */ 144 */
145static void addr_expand(unsigned char *addr, 145static int addr_expand(unsigned char *addr,
146 const ASN1_BIT_STRING *bs, 146 const ASN1_BIT_STRING *bs,
147 const int length, 147 const int length,
148 const unsigned char fill) 148 const unsigned char fill)
149{ 149{
150 OPENSSL_assert(bs->length >= 0 && bs->length <= length); 150 if (bs->length < 0 || bs->length > length)
151 return 0;
151 if (bs->length > 0) { 152 if (bs->length > 0) {
152 memcpy(addr, bs->data, bs->length); 153 memcpy(addr, bs->data, bs->length);
153 if ((bs->flags & 7) != 0) { 154 if ((bs->flags & 7) != 0) {
@@ -159,6 +160,7 @@ static void addr_expand(unsigned char *addr,
159 } 160 }
160 } 161 }
161 memset(addr + bs->length, fill, length - bs->length); 162 memset(addr + bs->length, fill, length - bs->length);
163 return 1;
162} 164}
163 165
164/* 166/*
@@ -181,15 +183,13 @@ static int i2r_address(BIO *out,
181 return 0; 183 return 0;
182 switch (afi) { 184 switch (afi) {
183 case IANA_AFI_IPV4: 185 case IANA_AFI_IPV4:
184 if (bs->length > 4) 186 if (!addr_expand(addr, bs, 4, fill))
185 return 0; 187 return 0;
186 addr_expand(addr, bs, 4, fill);
187 BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); 188 BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
188 break; 189 break;
189 case IANA_AFI_IPV6: 190 case IANA_AFI_IPV6:
190 if (bs->length > 16) 191 if (!addr_expand(addr, bs, 16, fill))
191 return 0; 192 return 0;
192 addr_expand(addr, bs, 16, fill);
193 for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) 193 for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
194 ; 194 ;
195 for (i = 0; i < n; i += 2) 195 for (i = 0; i < n; i += 2)
@@ -315,6 +315,12 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
315/* 315/*
316 * Sort comparison function for a sequence of IPAddressOrRange 316 * Sort comparison function for a sequence of IPAddressOrRange
317 * elements. 317 * elements.
318 *
319 * There's no sane answer we can give if addr_expand() fails, and an
320 * assertion failure on externally supplied data is seriously uncool,
321 * so we just arbitrarily declare that if given invalid inputs this
322 * function returns -1. If this messes up your preferred sort order
323 * for garbage input, tough noogies.
318 */ 324 */
319static int IPAddressOrRange_cmp(const IPAddressOrRange *a, 325static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
320 const IPAddressOrRange *b, 326 const IPAddressOrRange *b,
@@ -326,22 +332,26 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
326 332
327 switch (a->type) { 333 switch (a->type) {
328 case IPAddressOrRange_addressPrefix: 334 case IPAddressOrRange_addressPrefix:
329 addr_expand(addr_a, a->u.addressPrefix, length, 0x00); 335 if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
336 return -1;
330 prefixlen_a = addr_prefixlen(a->u.addressPrefix); 337 prefixlen_a = addr_prefixlen(a->u.addressPrefix);
331 break; 338 break;
332 case IPAddressOrRange_addressRange: 339 case IPAddressOrRange_addressRange:
333 addr_expand(addr_a, a->u.addressRange->min, length, 0x00); 340 if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
341 return -1;
334 prefixlen_a = length * 8; 342 prefixlen_a = length * 8;
335 break; 343 break;
336 } 344 }
337 345
338 switch (b->type) { 346 switch (b->type) {
339 case IPAddressOrRange_addressPrefix: 347 case IPAddressOrRange_addressPrefix:
340 addr_expand(addr_b, b->u.addressPrefix, length, 0x00); 348 if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
349 return -1;
341 prefixlen_b = addr_prefixlen(b->u.addressPrefix); 350 prefixlen_b = addr_prefixlen(b->u.addressPrefix);
342 break; 351 break;
343 case IPAddressOrRange_addressRange: 352 case IPAddressOrRange_addressRange:
344 addr_expand(addr_b, b->u.addressRange->min, length, 0x00); 353 if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
354 return -1;
345 prefixlen_b = length * 8; 355 prefixlen_b = length * 8;
346 break; 356 break;
347 } 357 }
@@ -383,6 +393,7 @@ static int range_should_be_prefix(const unsigned char *min,
383 unsigned char mask; 393 unsigned char mask;
384 int i, j; 394 int i, j;
385 395
396 OPENSSL_assert(memcmp(min, max, length) <= 0);
386 for (i = 0; i < length && min[i] == max[i]; i++) 397 for (i = 0; i < length && min[i] == max[i]; i++)
387 ; 398 ;
388 for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) 399 for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
@@ -601,10 +612,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
601 return NULL; 612 return NULL;
602 switch (afi) { 613 switch (afi) {
603 case IANA_AFI_IPV4: 614 case IANA_AFI_IPV4:
604 sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); 615 (void) sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
605 break; 616 break;
606 case IANA_AFI_IPV6: 617 case IANA_AFI_IPV6:
607 sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); 618 (void) sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
608 break; 619 break;
609 } 620 }
610 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; 621 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
@@ -656,22 +667,22 @@ int v3_addr_add_range(IPAddrBlocks *addr,
656/* 667/*
657 * Extract min and max values from an IPAddressOrRange. 668 * Extract min and max values from an IPAddressOrRange.
658 */ 669 */
659static void extract_min_max(IPAddressOrRange *aor, 670static int extract_min_max(IPAddressOrRange *aor,
660 unsigned char *min, 671 unsigned char *min,
661 unsigned char *max, 672 unsigned char *max,
662 int length) 673 int length)
663{ 674{
664 OPENSSL_assert(aor != NULL && min != NULL && max != NULL); 675 if (aor == NULL || min == NULL || max == NULL)
676 return 0;
665 switch (aor->type) { 677 switch (aor->type) {
666 case IPAddressOrRange_addressPrefix: 678 case IPAddressOrRange_addressPrefix:
667 addr_expand(min, aor->u.addressPrefix, length, 0x00); 679 return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
668 addr_expand(max, aor->u.addressPrefix, length, 0xFF); 680 addr_expand(max, aor->u.addressPrefix, length, 0xFF));
669 return;
670 case IPAddressOrRange_addressRange: 681 case IPAddressOrRange_addressRange:
671 addr_expand(min, aor->u.addressRange->min, length, 0x00); 682 return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
672 addr_expand(max, aor->u.addressRange->max, length, 0xFF); 683 addr_expand(max, aor->u.addressRange->max, length, 0xFF));
673 return;
674 } 684 }
685 return 0;
675} 686}
676 687
677/* 688/*
@@ -687,9 +698,10 @@ int v3_addr_get_range(IPAddressOrRange *aor,
687 if (aor == NULL || min == NULL || max == NULL || 698 if (aor == NULL || min == NULL || max == NULL ||
688 afi_length == 0 || length < afi_length || 699 afi_length == 0 || length < afi_length ||
689 (aor->type != IPAddressOrRange_addressPrefix && 700 (aor->type != IPAddressOrRange_addressPrefix &&
690 aor->type != IPAddressOrRange_addressRange)) 701 aor->type != IPAddressOrRange_addressRange) ||
702 !extract_min_max(aor, min, max, afi_length))
691 return 0; 703 return 0;
692 extract_min_max(aor, min, max, afi_length); 704
693 return afi_length; 705 return afi_length;
694} 706}
695 707
@@ -771,8 +783,9 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
771 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); 783 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
772 IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); 784 IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
773 785
774 extract_min_max(a, a_min, a_max, length); 786 if (!extract_min_max(a, a_min, a_max, length) ||
775 extract_min_max(b, b_min, b_max, length); 787 !extract_min_max(b, b_min, b_max, length))
788 return 0;
776 789
777 /* 790 /*
778 * Punt misordered list, overlapping start, or inverted range. 791 * Punt misordered list, overlapping start, or inverted range.
@@ -800,14 +813,17 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
800 } 813 }
801 814
802 /* 815 /*
803 * Check final range to see if it should be a prefix. 816 * Check range to see if it's inverted or should be a
817 * prefix.
804 */ 818 */
805 j = sk_IPAddressOrRange_num(aors) - 1; 819 j = sk_IPAddressOrRange_num(aors) - 1;
806 { 820 {
807 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); 821 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
808 if (a->type == IPAddressOrRange_addressRange) { 822 if (a != NULL && a->type == IPAddressOrRange_addressRange) {
809 extract_min_max(a, a_min, a_max, length); 823 if (!extract_min_max(a, a_min, a_max, length))
810 if (range_should_be_prefix(a_min, a_max, length) >= 0) 824 return 0;
825 if (memcmp(a_min, a_max, length) > 0 ||
826 range_should_be_prefix(a_min, a_max, length) >= 0)
811 return 0; 827 return 0;
812 } 828 }
813 } 829 }
@@ -841,8 +857,16 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
841 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; 857 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
842 unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; 858 unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
843 859
844 extract_min_max(a, a_min, a_max, length); 860 if (!extract_min_max(a, a_min, a_max, length) ||
845 extract_min_max(b, b_min, b_max, length); 861 !extract_min_max(b, b_min, b_max, length))
862 return 0;
863
864 /*
865 * Punt inverted ranges.
866 */
867 if (memcmp(a_min, a_max, length) > 0 ||
868 memcmp(b_min, b_max, length) > 0)
869 return 0;
846 870
847 /* 871 /*
848 * Punt overlaps. 872 * Punt overlaps.
@@ -860,8 +884,8 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
860 IPAddressOrRange *merged; 884 IPAddressOrRange *merged;
861 if (!make_addressRange(&merged, a_min, b_max, length)) 885 if (!make_addressRange(&merged, a_min, b_max, length))
862 return 0; 886 return 0;
863 sk_IPAddressOrRange_set(aors, i, merged); 887 (void) sk_IPAddressOrRange_set(aors, i, merged);
864 sk_IPAddressOrRange_delete(aors, i + 1); 888 (void) sk_IPAddressOrRange_delete(aors, i + 1);
865 IPAddressOrRange_free(a); 889 IPAddressOrRange_free(a);
866 IPAddressOrRange_free(b); 890 IPAddressOrRange_free(b);
867 --i; 891 --i;
@@ -869,6 +893,20 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
869 } 893 }
870 } 894 }
871 895
896 /*
897 * Check for inverted final range.
898 */
899 j = sk_IPAddressOrRange_num(aors) - 1;
900 {
901 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
902 if (a != NULL && a->type == IPAddressOrRange_addressRange) {
903 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
904 extract_min_max(a, a_min, a_max, length);
905 if (memcmp(a_min, a_max, length) > 0)
906 return 0;
907 }
908 }
909
872 return 1; 910 return 1;
873} 911}
874 912
@@ -885,7 +923,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
885 v3_addr_get_afi(f))) 923 v3_addr_get_afi(f)))
886 return 0; 924 return 0;
887 } 925 }
888 sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); 926 (void) sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
889 sk_IPAddressFamily_sort(addr); 927 sk_IPAddressFamily_sort(addr);
890 OPENSSL_assert(v3_addr_is_canonical(addr)); 928 OPENSSL_assert(v3_addr_is_canonical(addr));
891 return 1; 929 return 1;
@@ -1017,6 +1055,11 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
1017 X509V3_conf_err(val); 1055 X509V3_conf_err(val);
1018 goto err; 1056 goto err;
1019 } 1057 }
1058 if (memcmp(min, max, length_from_afi(afi)) > 0) {
1059 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
1060 X509V3_conf_err(val);
1061 goto err;
1062 }
1020 if (!v3_addr_add_range(addr, afi, safi, min, max)) { 1063 if (!v3_addr_add_range(addr, afi, safi, min, max)) {
1021 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); 1064 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
1022 goto err; 1065 goto err;
@@ -1102,13 +1145,15 @@ static int addr_contains(IPAddressOrRanges *parent,
1102 1145
1103 p = 0; 1146 p = 0;
1104 for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { 1147 for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
1105 extract_min_max(sk_IPAddressOrRange_value(child, c), 1148 if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
1106 c_min, c_max, length); 1149 c_min, c_max, length))
1150 return -1;
1107 for (;; p++) { 1151 for (;; p++) {
1108 if (p >= sk_IPAddressOrRange_num(parent)) 1152 if (p >= sk_IPAddressOrRange_num(parent))
1109 return 0; 1153 return 0;
1110 extract_min_max(sk_IPAddressOrRange_value(parent, p), 1154 if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
1111 p_min, p_max, length); 1155 p_min, p_max, length))
1156 return 0;
1112 if (memcmp(p_max, c_max, length) < 0) 1157 if (memcmp(p_max, c_max, length) < 0)
1113 continue; 1158 continue;
1114 if (memcmp(p_min, c_min, length) > 0) 1159 if (memcmp(p_min, c_min, length) > 0)
@@ -1130,7 +1175,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
1130 return 1; 1175 return 1;
1131 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) 1176 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
1132 return 0; 1177 return 0;
1133 sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); 1178 (void) sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
1134 for (i = 0; i < sk_IPAddressFamily_num(a); i++) { 1179 for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
1135 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); 1180 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
1136 int j = sk_IPAddressFamily_find(b, fa); 1181 int j = sk_IPAddressFamily_find(b, fa);
@@ -1195,7 +1240,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1195 } 1240 }
1196 if (!v3_addr_is_canonical(ext)) 1241 if (!v3_addr_is_canonical(ext))
1197 validation_err(X509_V_ERR_INVALID_EXTENSION); 1242 validation_err(X509_V_ERR_INVALID_EXTENSION);
1198 sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); 1243 (void) sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
1199 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { 1244 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
1200 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); 1245 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
1201 ret = 0; 1246 ret = 0;
@@ -1221,7 +1266,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1221 } 1266 }
1222 continue; 1267 continue;
1223 } 1268 }
1224 sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); 1269 (void) sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
1225 for (j = 0; j < sk_IPAddressFamily_num(child); j++) { 1270 for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
1226 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); 1271 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
1227 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); 1272 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
diff --git a/src/lib/libssl/src/apps/cms.c b/src/lib/libssl/src/apps/cms.c
index d29a884902..3f5ee1b577 100644
--- a/src/lib/libssl/src/apps/cms.c
+++ b/src/lib/libssl/src/apps/cms.c
@@ -618,7 +618,7 @@ int MAIN(int argc, char **argv)
618 BIO_printf (bio_err, "-certsout file certificate output file\n"); 618 BIO_printf (bio_err, "-certsout file certificate output file\n");
619 BIO_printf (bio_err, "-signer file signer certificate file\n"); 619 BIO_printf (bio_err, "-signer file signer certificate file\n");
620 BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n"); 620 BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
621 BIO_printf (bio_err, "-skeyid use subject key identifier\n"); 621 BIO_printf (bio_err, "-keyid use subject key identifier\n");
622 BIO_printf (bio_err, "-in file input file\n"); 622 BIO_printf (bio_err, "-in file input file\n");
623 BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n"); 623 BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
624 BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); 624 BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
diff --git a/src/lib/libssl/src/crypto/bn/asm/x86-mont.pl b/src/lib/libssl/src/crypto/bn/asm/x86-mont.pl
index 5cd3cd2ed5..e8f6b05084 100755
--- a/src/lib/libssl/src/crypto/bn/asm/x86-mont.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/x86-mont.pl
@@ -527,8 +527,10 @@ $sbit=$num;
527 &jle (&label("sqradd")); 527 &jle (&label("sqradd"));
528 528
529 &mov ($carry,"edx"); 529 &mov ($carry,"edx");
530 &lea ("edx",&DWP(0,$sbit,"edx",2)); 530 &add ("edx","edx");
531 &shr ($carry,31); 531 &shr ($carry,31);
532 &add ("edx",$sbit);
533 &adc ($carry,0);
532&set_label("sqrlast"); 534&set_label("sqrlast");
533 &mov ($word,$_n0); 535 &mov ($word,$_n0);
534 &mov ($inp,$_np); 536 &mov ($inp,$_np);
diff --git a/src/lib/libssl/src/crypto/ec/ec2_smpl.c b/src/lib/libssl/src/crypto/ec/ec2_smpl.c
index af94458ca7..03deae6674 100644
--- a/src/lib/libssl/src/crypto/ec/ec2_smpl.c
+++ b/src/lib/libssl/src/crypto/ec/ec2_smpl.c
@@ -887,7 +887,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_
887 field_sqr = group->meth->field_sqr; 887 field_sqr = group->meth->field_sqr;
888 888
889 /* only support affine coordinates */ 889 /* only support affine coordinates */
890 if (!point->Z_is_one) goto err; 890 if (!point->Z_is_one) return -1;
891 891
892 if (ctx == NULL) 892 if (ctx == NULL)
893 { 893 {
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecdsatest.c b/src/lib/libssl/src/crypto/ecdsa/ecdsatest.c
index 26a4a9ee7c..54cfb8c753 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecdsatest.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecdsatest.c
@@ -286,9 +286,12 @@ int test_builtin(BIO *out)
286 size_t crv_len = 0, n = 0; 286 size_t crv_len = 0, n = 0;
287 EC_KEY *eckey = NULL, *wrong_eckey = NULL; 287 EC_KEY *eckey = NULL, *wrong_eckey = NULL;
288 EC_GROUP *group; 288 EC_GROUP *group;
289 ECDSA_SIG *ecdsa_sig = NULL;
289 unsigned char digest[20], wrong_digest[20]; 290 unsigned char digest[20], wrong_digest[20];
290 unsigned char *signature = NULL; 291 unsigned char *signature = NULL;
291 unsigned int sig_len; 292 unsigned char *sig_ptr;
293 unsigned char *raw_buf = NULL;
294 unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
292 int nid, ret = 0; 295 int nid, ret = 0;
293 296
294 /* fill digest values with some random data */ 297 /* fill digest values with some random data */
@@ -338,7 +341,8 @@ int test_builtin(BIO *out)
338 if (EC_KEY_set_group(eckey, group) == 0) 341 if (EC_KEY_set_group(eckey, group) == 0)
339 goto builtin_err; 342 goto builtin_err;
340 EC_GROUP_free(group); 343 EC_GROUP_free(group);
341 if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160) 344 degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
345 if (degree < 160)
342 /* drop the curve */ 346 /* drop the curve */
343 { 347 {
344 EC_KEY_free(eckey); 348 EC_KEY_free(eckey);
@@ -414,26 +418,89 @@ int test_builtin(BIO *out)
414 } 418 }
415 BIO_printf(out, "."); 419 BIO_printf(out, ".");
416 (void)BIO_flush(out); 420 (void)BIO_flush(out);
417 /* modify a single byte of the signature */ 421 /* wrong length */
418 offset = signature[10] % sig_len; 422 if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
419 dirt = signature[11]; 423 eckey) == 1)
420 signature[offset] ^= dirt ? dirt : 1; 424 {
425 BIO_printf(out, " failed\n");
426 goto builtin_err;
427 }
428 BIO_printf(out, ".");
429 (void)BIO_flush(out);
430
431 /* Modify a single byte of the signature: to ensure we don't
432 * garble the ASN1 structure, we read the raw signature and
433 * modify a byte in one of the bignums directly. */
434 sig_ptr = signature;
435 if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
436 {
437 BIO_printf(out, " failed\n");
438 goto builtin_err;
439 }
440
441 /* Store the two BIGNUMs in raw_buf. */
442 r_len = BN_num_bytes(ecdsa_sig->r);
443 s_len = BN_num_bytes(ecdsa_sig->s);
444 bn_len = (degree + 7) / 8;
445 if ((r_len > bn_len) || (s_len > bn_len))
446 {
447 BIO_printf(out, " failed\n");
448 goto builtin_err;
449 }
450 buf_len = 2 * bn_len;
451 if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
452 goto builtin_err;
453 /* Pad the bignums with leading zeroes. */
454 memset(raw_buf, 0, buf_len);
455 BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
456 BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
457
458 /* Modify a single byte in the buffer. */
459 offset = raw_buf[10] % buf_len;
460 dirt = raw_buf[11] ? raw_buf[11] : 1;
461 raw_buf[offset] ^= dirt;
462 /* Now read the BIGNUMs back in from raw_buf. */
463 if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
464 (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
465 goto builtin_err;
466
467 sig_ptr = signature;
468 sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
421 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) 469 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
422 { 470 {
423 BIO_printf(out, " failed\n"); 471 BIO_printf(out, " failed\n");
424 goto builtin_err; 472 goto builtin_err;
425 } 473 }
474 /* Sanity check: undo the modification and verify signature. */
475 raw_buf[offset] ^= dirt;
476 if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
477 (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
478 goto builtin_err;
479
480 sig_ptr = signature;
481 sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
482 if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
483 {
484 BIO_printf(out, " failed\n");
485 goto builtin_err;
486 }
426 BIO_printf(out, "."); 487 BIO_printf(out, ".");
427 (void)BIO_flush(out); 488 (void)BIO_flush(out);
428 489
429 BIO_printf(out, " ok\n"); 490 BIO_printf(out, " ok\n");
430 /* cleanup */ 491 /* cleanup */
492 /* clean bogus errors */
493 ERR_clear_error();
431 OPENSSL_free(signature); 494 OPENSSL_free(signature);
432 signature = NULL; 495 signature = NULL;
433 EC_KEY_free(eckey); 496 EC_KEY_free(eckey);
434 eckey = NULL; 497 eckey = NULL;
435 EC_KEY_free(wrong_eckey); 498 EC_KEY_free(wrong_eckey);
436 wrong_eckey = NULL; 499 wrong_eckey = NULL;
500 ECDSA_SIG_free(ecdsa_sig);
501 ecdsa_sig = NULL;
502 OPENSSL_free(raw_buf);
503 raw_buf = NULL;
437 } 504 }
438 505
439 ret = 1; 506 ret = 1;
@@ -442,8 +509,12 @@ builtin_err:
442 EC_KEY_free(eckey); 509 EC_KEY_free(eckey);
443 if (wrong_eckey) 510 if (wrong_eckey)
444 EC_KEY_free(wrong_eckey); 511 EC_KEY_free(wrong_eckey);
512 if (ecdsa_sig)
513 ECDSA_SIG_free(ecdsa_sig);
445 if (signature) 514 if (signature)
446 OPENSSL_free(signature); 515 OPENSSL_free(signature);
516 if (raw_buf)
517 OPENSSL_free(raw_buf);
447 if (curves) 518 if (curves)
448 OPENSSL_free(curves); 519 OPENSSL_free(curves);
449 520
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_addr.c b/src/lib/libssl/src/crypto/x509v3/v3_addr.c
index 0d70e8696d..df46a4983b 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_addr.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_addr.c
@@ -142,12 +142,13 @@ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
142 * Expand the bitstring form of an address into a raw byte array. 142 * Expand the bitstring form of an address into a raw byte array.
143 * At the moment this is coded for simplicity, not speed. 143 * At the moment this is coded for simplicity, not speed.
144 */ 144 */
145static void addr_expand(unsigned char *addr, 145static int addr_expand(unsigned char *addr,
146 const ASN1_BIT_STRING *bs, 146 const ASN1_BIT_STRING *bs,
147 const int length, 147 const int length,
148 const unsigned char fill) 148 const unsigned char fill)
149{ 149{
150 OPENSSL_assert(bs->length >= 0 && bs->length <= length); 150 if (bs->length < 0 || bs->length > length)
151 return 0;
151 if (bs->length > 0) { 152 if (bs->length > 0) {
152 memcpy(addr, bs->data, bs->length); 153 memcpy(addr, bs->data, bs->length);
153 if ((bs->flags & 7) != 0) { 154 if ((bs->flags & 7) != 0) {
@@ -159,6 +160,7 @@ static void addr_expand(unsigned char *addr,
159 } 160 }
160 } 161 }
161 memset(addr + bs->length, fill, length - bs->length); 162 memset(addr + bs->length, fill, length - bs->length);
163 return 1;
162} 164}
163 165
164/* 166/*
@@ -181,15 +183,13 @@ static int i2r_address(BIO *out,
181 return 0; 183 return 0;
182 switch (afi) { 184 switch (afi) {
183 case IANA_AFI_IPV4: 185 case IANA_AFI_IPV4:
184 if (bs->length > 4) 186 if (!addr_expand(addr, bs, 4, fill))
185 return 0; 187 return 0;
186 addr_expand(addr, bs, 4, fill);
187 BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); 188 BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
188 break; 189 break;
189 case IANA_AFI_IPV6: 190 case IANA_AFI_IPV6:
190 if (bs->length > 16) 191 if (!addr_expand(addr, bs, 16, fill))
191 return 0; 192 return 0;
192 addr_expand(addr, bs, 16, fill);
193 for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) 193 for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
194 ; 194 ;
195 for (i = 0; i < n; i += 2) 195 for (i = 0; i < n; i += 2)
@@ -315,6 +315,12 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
315/* 315/*
316 * Sort comparison function for a sequence of IPAddressOrRange 316 * Sort comparison function for a sequence of IPAddressOrRange
317 * elements. 317 * elements.
318 *
319 * There's no sane answer we can give if addr_expand() fails, and an
320 * assertion failure on externally supplied data is seriously uncool,
321 * so we just arbitrarily declare that if given invalid inputs this
322 * function returns -1. If this messes up your preferred sort order
323 * for garbage input, tough noogies.
318 */ 324 */
319static int IPAddressOrRange_cmp(const IPAddressOrRange *a, 325static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
320 const IPAddressOrRange *b, 326 const IPAddressOrRange *b,
@@ -326,22 +332,26 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
326 332
327 switch (a->type) { 333 switch (a->type) {
328 case IPAddressOrRange_addressPrefix: 334 case IPAddressOrRange_addressPrefix:
329 addr_expand(addr_a, a->u.addressPrefix, length, 0x00); 335 if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
336 return -1;
330 prefixlen_a = addr_prefixlen(a->u.addressPrefix); 337 prefixlen_a = addr_prefixlen(a->u.addressPrefix);
331 break; 338 break;
332 case IPAddressOrRange_addressRange: 339 case IPAddressOrRange_addressRange:
333 addr_expand(addr_a, a->u.addressRange->min, length, 0x00); 340 if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
341 return -1;
334 prefixlen_a = length * 8; 342 prefixlen_a = length * 8;
335 break; 343 break;
336 } 344 }
337 345
338 switch (b->type) { 346 switch (b->type) {
339 case IPAddressOrRange_addressPrefix: 347 case IPAddressOrRange_addressPrefix:
340 addr_expand(addr_b, b->u.addressPrefix, length, 0x00); 348 if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
349 return -1;
341 prefixlen_b = addr_prefixlen(b->u.addressPrefix); 350 prefixlen_b = addr_prefixlen(b->u.addressPrefix);
342 break; 351 break;
343 case IPAddressOrRange_addressRange: 352 case IPAddressOrRange_addressRange:
344 addr_expand(addr_b, b->u.addressRange->min, length, 0x00); 353 if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
354 return -1;
345 prefixlen_b = length * 8; 355 prefixlen_b = length * 8;
346 break; 356 break;
347 } 357 }
@@ -383,6 +393,7 @@ static int range_should_be_prefix(const unsigned char *min,
383 unsigned char mask; 393 unsigned char mask;
384 int i, j; 394 int i, j;
385 395
396 OPENSSL_assert(memcmp(min, max, length) <= 0);
386 for (i = 0; i < length && min[i] == max[i]; i++) 397 for (i = 0; i < length && min[i] == max[i]; i++)
387 ; 398 ;
388 for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) 399 for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
@@ -601,10 +612,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
601 return NULL; 612 return NULL;
602 switch (afi) { 613 switch (afi) {
603 case IANA_AFI_IPV4: 614 case IANA_AFI_IPV4:
604 sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); 615 (void) sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
605 break; 616 break;
606 case IANA_AFI_IPV6: 617 case IANA_AFI_IPV6:
607 sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); 618 (void) sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
608 break; 619 break;
609 } 620 }
610 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; 621 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
@@ -656,22 +667,22 @@ int v3_addr_add_range(IPAddrBlocks *addr,
656/* 667/*
657 * Extract min and max values from an IPAddressOrRange. 668 * Extract min and max values from an IPAddressOrRange.
658 */ 669 */
659static void extract_min_max(IPAddressOrRange *aor, 670static int extract_min_max(IPAddressOrRange *aor,
660 unsigned char *min, 671 unsigned char *min,
661 unsigned char *max, 672 unsigned char *max,
662 int length) 673 int length)
663{ 674{
664 OPENSSL_assert(aor != NULL && min != NULL && max != NULL); 675 if (aor == NULL || min == NULL || max == NULL)
676 return 0;
665 switch (aor->type) { 677 switch (aor->type) {
666 case IPAddressOrRange_addressPrefix: 678 case IPAddressOrRange_addressPrefix:
667 addr_expand(min, aor->u.addressPrefix, length, 0x00); 679 return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
668 addr_expand(max, aor->u.addressPrefix, length, 0xFF); 680 addr_expand(max, aor->u.addressPrefix, length, 0xFF));
669 return;
670 case IPAddressOrRange_addressRange: 681 case IPAddressOrRange_addressRange:
671 addr_expand(min, aor->u.addressRange->min, length, 0x00); 682 return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
672 addr_expand(max, aor->u.addressRange->max, length, 0xFF); 683 addr_expand(max, aor->u.addressRange->max, length, 0xFF));
673 return;
674 } 684 }
685 return 0;
675} 686}
676 687
677/* 688/*
@@ -687,9 +698,10 @@ int v3_addr_get_range(IPAddressOrRange *aor,
687 if (aor == NULL || min == NULL || max == NULL || 698 if (aor == NULL || min == NULL || max == NULL ||
688 afi_length == 0 || length < afi_length || 699 afi_length == 0 || length < afi_length ||
689 (aor->type != IPAddressOrRange_addressPrefix && 700 (aor->type != IPAddressOrRange_addressPrefix &&
690 aor->type != IPAddressOrRange_addressRange)) 701 aor->type != IPAddressOrRange_addressRange) ||
702 !extract_min_max(aor, min, max, afi_length))
691 return 0; 703 return 0;
692 extract_min_max(aor, min, max, afi_length); 704
693 return afi_length; 705 return afi_length;
694} 706}
695 707
@@ -771,8 +783,9 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
771 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); 783 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
772 IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); 784 IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
773 785
774 extract_min_max(a, a_min, a_max, length); 786 if (!extract_min_max(a, a_min, a_max, length) ||
775 extract_min_max(b, b_min, b_max, length); 787 !extract_min_max(b, b_min, b_max, length))
788 return 0;
776 789
777 /* 790 /*
778 * Punt misordered list, overlapping start, or inverted range. 791 * Punt misordered list, overlapping start, or inverted range.
@@ -800,14 +813,17 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
800 } 813 }
801 814
802 /* 815 /*
803 * Check final range to see if it should be a prefix. 816 * Check range to see if it's inverted or should be a
817 * prefix.
804 */ 818 */
805 j = sk_IPAddressOrRange_num(aors) - 1; 819 j = sk_IPAddressOrRange_num(aors) - 1;
806 { 820 {
807 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); 821 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
808 if (a->type == IPAddressOrRange_addressRange) { 822 if (a != NULL && a->type == IPAddressOrRange_addressRange) {
809 extract_min_max(a, a_min, a_max, length); 823 if (!extract_min_max(a, a_min, a_max, length))
810 if (range_should_be_prefix(a_min, a_max, length) >= 0) 824 return 0;
825 if (memcmp(a_min, a_max, length) > 0 ||
826 range_should_be_prefix(a_min, a_max, length) >= 0)
811 return 0; 827 return 0;
812 } 828 }
813 } 829 }
@@ -841,8 +857,16 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
841 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; 857 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
842 unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; 858 unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
843 859
844 extract_min_max(a, a_min, a_max, length); 860 if (!extract_min_max(a, a_min, a_max, length) ||
845 extract_min_max(b, b_min, b_max, length); 861 !extract_min_max(b, b_min, b_max, length))
862 return 0;
863
864 /*
865 * Punt inverted ranges.
866 */
867 if (memcmp(a_min, a_max, length) > 0 ||
868 memcmp(b_min, b_max, length) > 0)
869 return 0;
846 870
847 /* 871 /*
848 * Punt overlaps. 872 * Punt overlaps.
@@ -860,8 +884,8 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
860 IPAddressOrRange *merged; 884 IPAddressOrRange *merged;
861 if (!make_addressRange(&merged, a_min, b_max, length)) 885 if (!make_addressRange(&merged, a_min, b_max, length))
862 return 0; 886 return 0;
863 sk_IPAddressOrRange_set(aors, i, merged); 887 (void) sk_IPAddressOrRange_set(aors, i, merged);
864 sk_IPAddressOrRange_delete(aors, i + 1); 888 (void) sk_IPAddressOrRange_delete(aors, i + 1);
865 IPAddressOrRange_free(a); 889 IPAddressOrRange_free(a);
866 IPAddressOrRange_free(b); 890 IPAddressOrRange_free(b);
867 --i; 891 --i;
@@ -869,6 +893,20 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
869 } 893 }
870 } 894 }
871 895
896 /*
897 * Check for inverted final range.
898 */
899 j = sk_IPAddressOrRange_num(aors) - 1;
900 {
901 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
902 if (a != NULL && a->type == IPAddressOrRange_addressRange) {
903 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
904 extract_min_max(a, a_min, a_max, length);
905 if (memcmp(a_min, a_max, length) > 0)
906 return 0;
907 }
908 }
909
872 return 1; 910 return 1;
873} 911}
874 912
@@ -885,7 +923,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
885 v3_addr_get_afi(f))) 923 v3_addr_get_afi(f)))
886 return 0; 924 return 0;
887 } 925 }
888 sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); 926 (void) sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
889 sk_IPAddressFamily_sort(addr); 927 sk_IPAddressFamily_sort(addr);
890 OPENSSL_assert(v3_addr_is_canonical(addr)); 928 OPENSSL_assert(v3_addr_is_canonical(addr));
891 return 1; 929 return 1;
@@ -1017,6 +1055,11 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
1017 X509V3_conf_err(val); 1055 X509V3_conf_err(val);
1018 goto err; 1056 goto err;
1019 } 1057 }
1058 if (memcmp(min, max, length_from_afi(afi)) > 0) {
1059 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
1060 X509V3_conf_err(val);
1061 goto err;
1062 }
1020 if (!v3_addr_add_range(addr, afi, safi, min, max)) { 1063 if (!v3_addr_add_range(addr, afi, safi, min, max)) {
1021 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); 1064 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
1022 goto err; 1065 goto err;
@@ -1102,13 +1145,15 @@ static int addr_contains(IPAddressOrRanges *parent,
1102 1145
1103 p = 0; 1146 p = 0;
1104 for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { 1147 for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
1105 extract_min_max(sk_IPAddressOrRange_value(child, c), 1148 if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
1106 c_min, c_max, length); 1149 c_min, c_max, length))
1150 return -1;
1107 for (;; p++) { 1151 for (;; p++) {
1108 if (p >= sk_IPAddressOrRange_num(parent)) 1152 if (p >= sk_IPAddressOrRange_num(parent))
1109 return 0; 1153 return 0;
1110 extract_min_max(sk_IPAddressOrRange_value(parent, p), 1154 if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
1111 p_min, p_max, length); 1155 p_min, p_max, length))
1156 return 0;
1112 if (memcmp(p_max, c_max, length) < 0) 1157 if (memcmp(p_max, c_max, length) < 0)
1113 continue; 1158 continue;
1114 if (memcmp(p_min, c_min, length) > 0) 1159 if (memcmp(p_min, c_min, length) > 0)
@@ -1130,7 +1175,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
1130 return 1; 1175 return 1;
1131 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) 1176 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
1132 return 0; 1177 return 0;
1133 sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); 1178 (void) sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
1134 for (i = 0; i < sk_IPAddressFamily_num(a); i++) { 1179 for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
1135 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); 1180 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
1136 int j = sk_IPAddressFamily_find(b, fa); 1181 int j = sk_IPAddressFamily_find(b, fa);
@@ -1195,7 +1240,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1195 } 1240 }
1196 if (!v3_addr_is_canonical(ext)) 1241 if (!v3_addr_is_canonical(ext))
1197 validation_err(X509_V_ERR_INVALID_EXTENSION); 1242 validation_err(X509_V_ERR_INVALID_EXTENSION);
1198 sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); 1243 (void) sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
1199 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { 1244 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
1200 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); 1245 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
1201 ret = 0; 1246 ret = 0;
@@ -1221,7 +1266,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1221 } 1266 }
1222 continue; 1267 continue;
1223 } 1268 }
1224 sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); 1269 (void) sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
1225 for (j = 0; j < sk_IPAddressFamily_num(child); j++) { 1270 for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
1226 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); 1271 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
1227 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); 1272 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
diff --git a/src/lib/libssl/src/engines/ccgost/gost2001_keyx.c b/src/lib/libssl/src/engines/ccgost/gost2001_keyx.c
index 00759bcab0..c748102857 100644
--- a/src/lib/libssl/src/engines/ccgost/gost2001_keyx.c
+++ b/src/lib/libssl/src/engines/ccgost/gost2001_keyx.c
@@ -280,6 +280,10 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t * key_l
280 } 280 }
281 281
282 param = get_encryption_params(gkt->key_agreement_info->cipher); 282 param = get_encryption_params(gkt->key_agreement_info->cipher);
283 if(!param){
284 goto err;
285 }
286
283 gost_init(&ctx,param->sblock); 287 gost_init(&ctx,param->sblock);
284 OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); 288 OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
285 memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); 289 memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
diff --git a/src/lib/libssl/src/engines/ccgost/gost94_keyx.c b/src/lib/libssl/src/engines/ccgost/gost94_keyx.c
index 624be586a5..0d7d3ffe6a 100644
--- a/src/lib/libssl/src/engines/ccgost/gost94_keyx.c
+++ b/src/lib/libssl/src/engines/ccgost/gost94_keyx.c
@@ -261,6 +261,10 @@ int pkey_GOST94cp_decrypt(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *key_len
261 } 261 }
262 262
263 param = get_encryption_params(gkt->key_agreement_info->cipher); 263 param = get_encryption_params(gkt->key_agreement_info->cipher);
264 if(!param){
265 goto err;
266 }
267
264 gost_init(&cctx,param->sblock); 268 gost_init(&cctx,param->sblock);
265 OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8); 269 OPENSSL_assert(gkt->key_agreement_info->eph_iv->length==8);
266 memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8); 270 memcpy(wrappedKey,gkt->key_agreement_info->eph_iv->data,8);
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index 2180c6d4da..9f898d6997 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -158,7 +158,6 @@ static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1
158/* XDTLS: figure out the right values */ 158/* XDTLS: figure out the right values */
159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; 159static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
160 160
161static unsigned int dtls1_min_mtu(void);
162static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); 161static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
163static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 162static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
164 unsigned long frag_len); 163 unsigned long frag_len);
@@ -264,11 +263,10 @@ int dtls1_do_write(SSL *s, int type)
264 return ret; 263 return ret;
265 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH); 264 mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
266 } 265 }
267
268 OPENSSL_assert(mtu > 0); /* should have something reasonable now */
269
270#endif 266#endif
271 267
268 OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */
269
272 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE) 270 if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
273 OPENSSL_assert(s->init_num == 271 OPENSSL_assert(s->init_num ==
274 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); 272 (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
@@ -795,7 +793,13 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
795 *ok = 0; 793 *ok = 0;
796 return i; 794 return i;
797 } 795 }
798 OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH); 796 /* Handshake fails if message header is incomplete */
797 if (i != DTLS1_HM_HEADER_LENGTH)
798 {
799 al=SSL_AD_UNEXPECTED_MESSAGE;
800 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
801 goto f_err;
802 }
799 803
800 /* parse the message fragment header */ 804 /* parse the message fragment header */
801 dtls1_get_message_header(wire, &msg_hdr); 805 dtls1_get_message_header(wire, &msg_hdr);
@@ -867,7 +871,12 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
867 871
868 /* XDTLS: an incorrectly formatted fragment should cause the 872 /* XDTLS: an incorrectly formatted fragment should cause the
869 * handshake to fail */ 873 * handshake to fail */
870 OPENSSL_assert(i == (int)frag_len); 874 if (i != (int)frag_len)
875 {
876 al=SSL3_AD_ILLEGAL_PARAMETER;
877 SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
878 goto f_err;
879 }
871 880
872 *ok = 1; 881 *ok = 1;
873 882
@@ -1367,7 +1376,7 @@ dtls1_write_message_header(SSL *s, unsigned char *p)
1367 return p; 1376 return p;
1368 } 1377 }
1369 1378
1370static unsigned int 1379unsigned int
1371dtls1_min_mtu(void) 1380dtls1_min_mtu(void)
1372 { 1381 {
1373 return (g_probable_mtu[(sizeof(g_probable_mtu) / 1382 return (g_probable_mtu[(sizeof(g_probable_mtu) /
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c
index 48e8b6ffbb..c3b77c889b 100644
--- a/src/lib/libssl/src/ssl/d1_lib.c
+++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -204,7 +204,8 @@ void dtls1_clear(SSL *s)
204 pqueue buffered_messages; 204 pqueue buffered_messages;
205 pqueue sent_messages; 205 pqueue sent_messages;
206 pqueue buffered_app_data; 206 pqueue buffered_app_data;
207 207 unsigned int mtu;
208
208 if (s->d1) 209 if (s->d1)
209 { 210 {
210 unprocessed_rcds = s->d1->unprocessed_rcds.q; 211 unprocessed_rcds = s->d1->unprocessed_rcds.q;
@@ -212,6 +213,7 @@ void dtls1_clear(SSL *s)
212 buffered_messages = s->d1->buffered_messages; 213 buffered_messages = s->d1->buffered_messages;
213 sent_messages = s->d1->sent_messages; 214 sent_messages = s->d1->sent_messages;
214 buffered_app_data = s->d1->buffered_app_data.q; 215 buffered_app_data = s->d1->buffered_app_data.q;
216 mtu = s->d1->mtu;
215 217
216 dtls1_clear_queues(s); 218 dtls1_clear_queues(s);
217 219
@@ -222,6 +224,11 @@ void dtls1_clear(SSL *s)
222 s->d1->cookie_len = sizeof(s->d1->cookie); 224 s->d1->cookie_len = sizeof(s->d1->cookie);
223 } 225 }
224 226
227 if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
228 {
229 s->d1->mtu = mtu;
230 }
231
225 s->d1->unprocessed_rcds.q = unprocessed_rcds; 232 s->d1->unprocessed_rcds.q = unprocessed_rcds;
226 s->d1->processed_rcds.q = processed_rcds; 233 s->d1->processed_rcds.q = processed_rcds;
227 s->d1->buffered_messages = buffered_messages; 234 s->d1->buffered_messages = buffered_messages;
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index 39aac73e10..e0c0f0cc9a 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -375,6 +375,7 @@ dtls1_process_record(SSL *s)
375 SSL3_RECORD *rr; 375 SSL3_RECORD *rr;
376 unsigned int mac_size; 376 unsigned int mac_size;
377 unsigned char md[EVP_MAX_MD_SIZE]; 377 unsigned char md[EVP_MAX_MD_SIZE];
378 int decryption_failed_or_bad_record_mac = 0;
378 379
379 380
380 rr= &(s->s3->rrec); 381 rr= &(s->s3->rrec);
@@ -409,13 +410,10 @@ dtls1_process_record(SSL *s)
409 enc_err = s->method->ssl3_enc->enc(s,0); 410 enc_err = s->method->ssl3_enc->enc(s,0);
410 if (enc_err <= 0) 411 if (enc_err <= 0)
411 { 412 {
412 /* decryption failed, silently discard message */ 413 /* To minimize information leaked via timing, we will always
413 if (enc_err < 0) 414 * perform all computations before discarding the message.
414 { 415 */
415 rr->length = 0; 416 decryption_failed_or_bad_record_mac = 1;
416 s->packet_length = 0;
417 }
418 goto err;
419 } 417 }
420 418
421#ifdef TLS_DEBUG 419#ifdef TLS_DEBUG
@@ -445,7 +443,7 @@ printf("\n");
445 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); 443 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
446 goto f_err; 444 goto f_err;
447#else 445#else
448 goto err; 446 decryption_failed_or_bad_record_mac = 1;
449#endif 447#endif
450 } 448 }
451 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ 449 /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
@@ -456,17 +454,25 @@ printf("\n");
456 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); 454 SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
457 goto f_err; 455 goto f_err;
458#else 456#else
459 goto err; 457 decryption_failed_or_bad_record_mac = 1;
460#endif 458#endif
461 } 459 }
462 rr->length-=mac_size; 460 rr->length-=mac_size;
463 i=s->method->ssl3_enc->mac(s,md,0); 461 i=s->method->ssl3_enc->mac(s,md,0);
464 if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) 462 if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
465 { 463 {
466 goto err; 464 decryption_failed_or_bad_record_mac = 1;
467 } 465 }
468 } 466 }
469 467
468 if (decryption_failed_or_bad_record_mac)
469 {
470 /* decryption failed, silently discard message */
471 rr->length = 0;
472 s->packet_length = 0;
473 goto err;
474 }
475
470 /* r->length is now just compressed */ 476 /* r->length is now just compressed */
471 if (s->expand != NULL) 477 if (s->expand != NULL)
472 { 478 {
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index a6a4c87ea6..149983be30 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -1271,7 +1271,7 @@ int dtls1_send_server_key_exchange(SSL *s)
1271 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL); 1271 EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
1272 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1272 EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1273 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); 1273 EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1274 EVP_SignUpdate(&md_ctx,&(d[4]),n); 1274 EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
1275 if (!EVP_SignFinal(&md_ctx,&(p[2]), 1275 if (!EVP_SignFinal(&md_ctx,&(p[2]),
1276 (unsigned int *)&i,pkey)) 1276 (unsigned int *)&i,pkey))
1277 { 1277 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 04:10:20 +0000