summaryrefslogtreecommitdiff
path: root/src/lib/libc
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/bio/bf_buff.c15
-rw-r--r--src/lib/libcrypto/bio/bio.h9
-rw-r--r--src/lib/libcrypto/bn/bn_blind.c37
-rw-r--r--src/lib/libcrypto/ec/ec2_smpl.c2
-rw-r--r--src/lib/libcrypto/opensslv.h6
-rw-r--r--src/lib/libcrypto/rand/rand_unix.c108
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c80
-rw-r--r--src/lib/libcrypto/util/mkerr.pl2
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c2
-rw-r--r--src/lib/libcrypto/x509v3/v3_addr.c125
10 files changed, 256 insertions, 130 deletions
diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c
index c1fd75aaad..4b5a132d8a 100644
--- a/src/lib/libcrypto/bio/bf_buff.c
+++ b/src/lib/libcrypto/bio/bf_buff.c
@@ -209,7 +209,7 @@ start:
209 /* add to buffer and return */ 209 /* add to buffer and return */
210 if (i >= inl) 210 if (i >= inl)
211 { 211 {
212 memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl); 212 memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl);
213 ctx->obuf_len+=inl; 213 ctx->obuf_len+=inl;
214 return(num+inl); 214 return(num+inl);
215 } 215 }
@@ -219,7 +219,7 @@ start:
219 { 219 {
220 if (i > 0) /* lets fill it up if we can */ 220 if (i > 0) /* lets fill it up if we can */
221 { 221 {
222 memcpy(&(ctx->obuf[ctx->obuf_len]),in,i); 222 memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i);
223 in+=i; 223 in+=i;
224 inl-=i; 224 inl-=i;
225 num+=i; 225 num+=i;
@@ -294,9 +294,9 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
294 case BIO_C_GET_BUFF_NUM_LINES: 294 case BIO_C_GET_BUFF_NUM_LINES:
295 ret=0; 295 ret=0;
296 p1=ctx->ibuf; 296 p1=ctx->ibuf;
297 for (i=ctx->ibuf_off; i<ctx->ibuf_len; i++) 297 for (i=0; i<ctx->ibuf_len; i++)
298 { 298 {
299 if (p1[i] == '\n') ret++; 299 if (p1[ctx->ibuf_off + i] == '\n') ret++;
300 } 300 }
301 break; 301 break;
302 case BIO_CTRL_WPENDING: 302 case BIO_CTRL_WPENDING:
@@ -399,17 +399,18 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
399 for (;;) 399 for (;;)
400 { 400 {
401 BIO_clear_retry_flags(b); 401 BIO_clear_retry_flags(b);
402 if (ctx->obuf_len > ctx->obuf_off) 402 if (ctx->obuf_len > 0)
403 { 403 {
404 r=BIO_write(b->next_bio, 404 r=BIO_write(b->next_bio,
405 &(ctx->obuf[ctx->obuf_off]), 405 &(ctx->obuf[ctx->obuf_off]),
406 ctx->obuf_len-ctx->obuf_off); 406 ctx->obuf_len);
407#if 0 407#if 0
408fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r); 408fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r);
409#endif 409#endif
410 BIO_copy_next_retry(b); 410 BIO_copy_next_retry(b);
411 if (r <= 0) return((long)r); 411 if (r <= 0) return((long)r);
412 ctx->obuf_off+=r; 412 ctx->obuf_off+=r;
413 ctx->obuf_len-=r;
413 } 414 }
414 else 415 else
415 { 416 {
diff --git a/src/lib/libcrypto/bio/bio.h b/src/lib/libcrypto/bio/bio.h
index 152802fbdf..ab47abcf14 100644
--- a/src/lib/libcrypto/bio/bio.h
+++ b/src/lib/libcrypto/bio/bio.h
@@ -306,6 +306,15 @@ DECLARE_STACK_OF(BIO)
306 306
307typedef struct bio_f_buffer_ctx_struct 307typedef struct bio_f_buffer_ctx_struct
308 { 308 {
309 /* Buffers are setup like this:
310 *
311 * <---------------------- size ----------------------->
312 * +---------------------------------------------------+
313 * | consumed | remaining | free space |
314 * +---------------------------------------------------+
315 * <-- off --><------- len ------->
316 */
317
309 /* BIO *bio; */ /* this is now in the BIO struct */ 318 /* BIO *bio; */ /* this is now in the BIO struct */
310 int ibuf_size; /* how big is the input buffer */ 319 int ibuf_size; /* how big is the input buffer */
311 int obuf_size; /* how big is the output buffer */ 320 int obuf_size; /* how big is the output buffer */
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index e060592fdc..9ed8bc2b40 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -126,7 +126,7 @@ struct bn_blinding_st
126 * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ 126 * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
127#endif 127#endif
128 CRYPTO_THREADID tid; 128 CRYPTO_THREADID tid;
129 unsigned int counter; 129 int counter;
130 unsigned long flags; 130 unsigned long flags;
131 BN_MONT_CTX *m_ctx; 131 BN_MONT_CTX *m_ctx;
132 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 132 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -160,7 +160,10 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
160 if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) 160 if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
161 BN_set_flags(ret->mod, BN_FLG_CONSTTIME); 161 BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
162 162
163 ret->counter = BN_BLINDING_COUNTER; 163 /* Set the counter to the special value -1
164 * to indicate that this is never-used fresh blinding
165 * that does not need updating before first use. */
166 ret->counter = -1;
164 CRYPTO_THREADID_current(&ret->tid); 167 CRYPTO_THREADID_current(&ret->tid);
165 return(ret); 168 return(ret);
166err: 169err:
@@ -190,7 +193,10 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
190 goto err; 193 goto err;
191 } 194 }
192 195
193 if (--(b->counter) == 0 && b->e != NULL && 196 if (b->counter == -1)
197 b->counter = 0;
198
199 if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
194 !(b->flags & BN_BLINDING_NO_RECREATE)) 200 !(b->flags & BN_BLINDING_NO_RECREATE))
195 { 201 {
196 /* re-create blinding parameters */ 202 /* re-create blinding parameters */
@@ -205,8 +211,8 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
205 211
206 ret=1; 212 ret=1;
207err: 213err:
208 if (b->counter == 0) 214 if (b->counter == BN_BLINDING_COUNTER)
209 b->counter = BN_BLINDING_COUNTER; 215 b->counter = 0;
210 return(ret); 216 return(ret);
211 } 217 }
212 218
@@ -227,6 +233,12 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
227 return(0); 233 return(0);
228 } 234 }
229 235
236 if (b->counter == -1)
237 /* Fresh blinding, doesn't need updating. */
238 b->counter = 0;
239 else if (!BN_BLINDING_update(b,ctx))
240 return(0);
241
230 if (r != NULL) 242 if (r != NULL)
231 { 243 {
232 if (!BN_copy(r, b->Ai)) ret=0; 244 if (!BN_copy(r, b->Ai)) ret=0;
@@ -247,22 +259,19 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct
247 int ret; 259 int ret;
248 260
249 bn_check_top(n); 261 bn_check_top(n);
250 if ((b->A == NULL) || (b->Ai == NULL))
251 {
252 BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
253 return(0);
254 }
255 262
256 if (r != NULL) 263 if (r != NULL)
257 ret = BN_mod_mul(n, n, r, b->mod, ctx); 264 ret = BN_mod_mul(n, n, r, b->mod, ctx);
258 else 265 else
259 ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
260
261 if (ret >= 0)
262 { 266 {
263 if (!BN_BLINDING_update(b,ctx)) 267 if (b->Ai == NULL)
268 {
269 BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
264 return(0); 270 return(0);
271 }
272 ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
265 } 273 }
274
266 bn_check_top(n); 275 bn_check_top(n);
267 return(ret); 276 return(ret);
268 } 277 }
diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c
index af94458ca7..03deae6674 100644
--- a/src/lib/libcrypto/ec/ec2_smpl.c
+++ b/src/lib/libcrypto/ec/ec2_smpl.c
@@ -887,7 +887,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_
887 field_sqr = group->meth->field_sqr; 887 field_sqr = group->meth->field_sqr;
888 888
889 /* only support affine coordinates */ 889 /* only support affine coordinates */
890 if (!point->Z_is_one) goto err; 890 if (!point->Z_is_one) return -1;
891 891
892 if (ctx == NULL) 892 if (ctx == NULL)
893 { 893 {
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index 310a3387be..d6d61a0c7d 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,11 +25,11 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x1000005fL 28#define OPENSSL_VERSION_NUMBER 0x1000006fL
29#ifdef OPENSSL_FIPS 29#ifdef OPENSSL_FIPS
30#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e-fips 6 Sep 2011" 30#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0f-fips 4 Jan 2012"
31#else 31#else
32#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0e 6 Sep 2011" 32#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0f 4 Jan 2012"
33#endif 33#endif
34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
35 35
diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c
index 4bb9666e49..3316388443 100644
--- a/src/lib/libcrypto/rand/rand_unix.c
+++ b/src/lib/libcrypto/rand/rand_unix.c
@@ -133,47 +133,87 @@
133# define FD_SETSIZE (8*sizeof(fd_set)) 133# define FD_SETSIZE (8*sizeof(fd_set))
134#endif 134#endif
135 135
136#ifdef __VOS__ 136#if defined(OPENSSL_SYS_VOS)
137
138/* The following algorithm repeatedly samples the real-time clock
139 (RTC) to generate a sequence of unpredictable data. The algorithm
140 relies upon the uneven execution speed of the code (due to factors
141 such as cache misses, interrupts, bus activity, and scheduling) and
142 upon the rather large relative difference between the speed of the
143 clock and the rate at which it can be read.
144
145 If this code is ported to an environment where execution speed is
146 more constant or where the RTC ticks at a much slower rate, or the
147 clock can be read with fewer instructions, it is likely that the
148 results would be far more predictable.
149
150 As a precaution, we generate 4 times the minimum required amount of
151 seed data. */
152
137int RAND_poll(void) 153int RAND_poll(void)
138{ 154{
139 unsigned char buf[ENTROPY_NEEDED]; 155 short int code;
156 gid_t curr_gid;
140 pid_t curr_pid; 157 pid_t curr_pid;
141 uid_t curr_uid; 158 uid_t curr_uid;
142 static int first=1; 159 int i, k;
143 int i;
144 long rnd = 0;
145 struct timespec ts; 160 struct timespec ts;
146 unsigned seed; 161 unsigned char v;
147
148/* The VOS random() function starts from a static seed so its
149 initial value is predictable. If random() returns the
150 initial value, reseed it with dynamic data. The VOS
151 real-time clock has a granularity of 1 nsec so it should be
152 reasonably difficult to predict its exact value. Do not
153 gratuitously reseed the PRNG because other code in this
154 process or thread may be using it. */
155
156 if (first) {
157 first = 0;
158 rnd = random ();
159 if (rnd == 1804289383) {
160 clock_gettime (CLOCK_REALTIME, &ts);
161 curr_pid = getpid();
162 curr_uid = getuid();
163 seed = ts.tv_sec ^ ts.tv_nsec ^ curr_pid ^ curr_uid;
164 srandom (seed);
165 }
166 }
167 162
168 for (i = 0; i < sizeof(buf); i++) { 163#ifdef OPENSSL_SYS_VOS_HPPA
169 if (i % 4 == 0) 164 long duration;
170 rnd = random(); 165 extern void s$sleep (long *_duration, short int *_code);
171 buf[i] = rnd; 166#else
172 rnd >>= 8; 167#ifdef OPENSSL_SYS_VOS_IA32
173 } 168 long long duration;
174 RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); 169 extern void s$sleep2 (long long *_duration, short int *_code);
175 memset(buf, 0, sizeof(buf)); 170#else
171#error "Unsupported Platform."
172#endif /* OPENSSL_SYS_VOS_IA32 */
173#endif /* OPENSSL_SYS_VOS_HPPA */
176 174
175 /* Seed with the gid, pid, and uid, to ensure *some*
176 variation between different processes. */
177
178 curr_gid = getgid();
179 RAND_add (&curr_gid, sizeof curr_gid, 1);
180 curr_gid = 0;
181
182 curr_pid = getpid();
183 RAND_add (&curr_pid, sizeof curr_pid, 1);
184 curr_pid = 0;
185
186 curr_uid = getuid();
187 RAND_add (&curr_uid, sizeof curr_uid, 1);
188 curr_uid = 0;
189
190 for (i=0; i<(ENTROPY_NEEDED*4); i++)
191 {
192 /* burn some cpu; hope for interrupts, cache
193 collisions, bus interference, etc. */
194 for (k=0; k<99; k++)
195 ts.tv_nsec = random ();
196
197#ifdef OPENSSL_SYS_VOS_HPPA
198 /* sleep for 1/1024 of a second (976 us). */
199 duration = 1;
200 s$sleep (&duration, &code);
201#else
202#ifdef OPENSSL_SYS_VOS_IA32
203 /* sleep for 1/65536 of a second (15 us). */
204 duration = 1;
205 s$sleep2 (&duration, &code);
206#endif /* OPENSSL_SYS_VOS_IA32 */
207#endif /* OPENSSL_SYS_VOS_HPPA */
208
209 /* get wall clock time. */
210 clock_gettime (CLOCK_REALTIME, &ts);
211
212 /* take 8 bits */
213 v = (unsigned char) (ts.tv_nsec % 256);
214 RAND_add (&v, sizeof v, 1);
215 v = 0;
216 }
177 return 1; 217 return 1;
178} 218}
179#elif defined __OpenBSD__ 219#elif defined __OpenBSD__
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 7c941885f0..2e1ddd48d3 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -314,51 +314,56 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
314 return ret; 314 return ret;
315} 315}
316 316
317static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f, 317static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
318 BIGNUM *r, BN_CTX *ctx) 318 BN_CTX *ctx)
319{ 319 {
320 if (local) 320 if (unblind == NULL)
321 /* Local blinding: store the unblinding factor
322 * in BN_BLINDING. */
321 return BN_BLINDING_convert_ex(f, NULL, b, ctx); 323 return BN_BLINDING_convert_ex(f, NULL, b, ctx);
322 else 324 else
323 { 325 {
324 int ret; 326 /* Shared blinding: store the unblinding factor
325 CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING); 327 * outside BN_BLINDING. */
326 ret = BN_BLINDING_convert_ex(f, r, b, ctx);
327 CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
328 return ret;
329 }
330}
331
332static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
333 BIGNUM *r, BN_CTX *ctx)
334{
335 if (local)
336 return BN_BLINDING_invert_ex(f, NULL, b, ctx);
337 else
338 {
339 int ret; 328 int ret;
340 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); 329 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
341 ret = BN_BLINDING_invert_ex(f, r, b, ctx); 330 ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
342 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); 331 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
343 return ret; 332 return ret;
344 } 333 }
345} 334 }
335
336static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
337 BN_CTX *ctx)
338 {
339 /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
340 * will use the unblinding factor stored in BN_BLINDING.
341 * If BN_BLINDING is shared between threads, unblind must be non-null:
342 * BN_BLINDING_invert_ex will then use the local unblinding factor,
343 * and will only read the modulus from BN_BLINDING.
344 * In both cases it's safe to access the blinding without a lock.
345 */
346 return BN_BLINDING_invert_ex(f, unblind, b, ctx);
347 }
346 348
347/* signing */ 349/* signing */
348static int RSA_eay_private_encrypt(int flen, const unsigned char *from, 350static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
349 unsigned char *to, RSA *rsa, int padding) 351 unsigned char *to, RSA *rsa, int padding)
350 { 352 {
351 BIGNUM *f, *ret, *br, *res; 353 BIGNUM *f, *ret, *res;
352 int i,j,k,num=0,r= -1; 354 int i,j,k,num=0,r= -1;
353 unsigned char *buf=NULL; 355 unsigned char *buf=NULL;
354 BN_CTX *ctx=NULL; 356 BN_CTX *ctx=NULL;
355 int local_blinding = 0; 357 int local_blinding = 0;
358 /* Used only if the blinding structure is shared. A non-NULL unblind
359 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
360 * the unblinding factor outside the blinding structure. */
361 BIGNUM *unblind = NULL;
356 BN_BLINDING *blinding = NULL; 362 BN_BLINDING *blinding = NULL;
357 363
358 if ((ctx=BN_CTX_new()) == NULL) goto err; 364 if ((ctx=BN_CTX_new()) == NULL) goto err;
359 BN_CTX_start(ctx); 365 BN_CTX_start(ctx);
360 f = BN_CTX_get(ctx); 366 f = BN_CTX_get(ctx);
361 br = BN_CTX_get(ctx);
362 ret = BN_CTX_get(ctx); 367 ret = BN_CTX_get(ctx);
363 num = BN_num_bytes(rsa->n); 368 num = BN_num_bytes(rsa->n);
364 buf = OPENSSL_malloc(num); 369 buf = OPENSSL_malloc(num);
@@ -406,8 +411,15 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
406 } 411 }
407 412
408 if (blinding != NULL) 413 if (blinding != NULL)
409 if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) 414 {
415 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
416 {
417 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
418 goto err;
419 }
420 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
410 goto err; 421 goto err;
422 }
411 423
412 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || 424 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
413 ((rsa->p != NULL) && 425 ((rsa->p != NULL) &&
@@ -441,7 +453,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
441 } 453 }
442 454
443 if (blinding) 455 if (blinding)
444 if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) 456 if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
445 goto err; 457 goto err;
446 458
447 if (padding == RSA_X931_PADDING) 459 if (padding == RSA_X931_PADDING)
@@ -480,18 +492,21 @@ err:
480static int RSA_eay_private_decrypt(int flen, const unsigned char *from, 492static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
481 unsigned char *to, RSA *rsa, int padding) 493 unsigned char *to, RSA *rsa, int padding)
482 { 494 {
483 BIGNUM *f, *ret, *br; 495 BIGNUM *f, *ret;
484 int j,num=0,r= -1; 496 int j,num=0,r= -1;
485 unsigned char *p; 497 unsigned char *p;
486 unsigned char *buf=NULL; 498 unsigned char *buf=NULL;
487 BN_CTX *ctx=NULL; 499 BN_CTX *ctx=NULL;
488 int local_blinding = 0; 500 int local_blinding = 0;
501 /* Used only if the blinding structure is shared. A non-NULL unblind
502 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
503 * the unblinding factor outside the blinding structure. */
504 BIGNUM *unblind = NULL;
489 BN_BLINDING *blinding = NULL; 505 BN_BLINDING *blinding = NULL;
490 506
491 if((ctx = BN_CTX_new()) == NULL) goto err; 507 if((ctx = BN_CTX_new()) == NULL) goto err;
492 BN_CTX_start(ctx); 508 BN_CTX_start(ctx);
493 f = BN_CTX_get(ctx); 509 f = BN_CTX_get(ctx);
494 br = BN_CTX_get(ctx);
495 ret = BN_CTX_get(ctx); 510 ret = BN_CTX_get(ctx);
496 num = BN_num_bytes(rsa->n); 511 num = BN_num_bytes(rsa->n);
497 buf = OPENSSL_malloc(num); 512 buf = OPENSSL_malloc(num);
@@ -529,8 +544,15 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
529 } 544 }
530 545
531 if (blinding != NULL) 546 if (blinding != NULL)
532 if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) 547 {
548 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
549 {
550 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
533 goto err; 551 goto err;
552 }
553 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
554 goto err;
555 }
534 556
535 /* do the decrypt */ 557 /* do the decrypt */
536 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || 558 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -564,7 +586,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
564 } 586 }
565 587
566 if (blinding) 588 if (blinding)
567 if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) 589 if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
568 goto err; 590 goto err;
569 591
570 p=buf; 592 p=buf;
diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl
index 2c99467d34..aec401c773 100644
--- a/src/lib/libcrypto/util/mkerr.pl
+++ b/src/lib/libcrypto/util/mkerr.pl
@@ -769,7 +769,7 @@ EOF
769 undef %err_reason_strings; 769 undef %err_reason_strings;
770} 770}
771 771
772if($debug && defined(%notrans)) { 772if($debug && %notrans) {
773 print STDERR "The following function codes were not translated:\n"; 773 print STDERR "The following function codes were not translated:\n";
774 foreach(sort keys %notrans) 774 foreach(sort keys %notrans)
775 { 775 {
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 5a0b0249b4..701ec565e9 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1732,7 +1732,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
1732 atm.length=sizeof(buff2); 1732 atm.length=sizeof(buff2);
1733 atm.data=(unsigned char *)buff2; 1733 atm.data=(unsigned char *)buff2;
1734 1734
1735 if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL) 1735 if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
1736 return 0; 1736 return 0;
1737 1737
1738 if (ctm->type == V_ASN1_UTCTIME) 1738 if (ctm->type == V_ASN1_UTCTIME)
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
index 0d70e8696d..df46a4983b 100644
--- a/src/lib/libcrypto/x509v3/v3_addr.c
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -142,12 +142,13 @@ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
142 * Expand the bitstring form of an address into a raw byte array. 142 * Expand the bitstring form of an address into a raw byte array.
143 * At the moment this is coded for simplicity, not speed. 143 * At the moment this is coded for simplicity, not speed.
144 */ 144 */
145static void addr_expand(unsigned char *addr, 145static int addr_expand(unsigned char *addr,
146 const ASN1_BIT_STRING *bs, 146 const ASN1_BIT_STRING *bs,
147 const int length, 147 const int length,
148 const unsigned char fill) 148 const unsigned char fill)
149{ 149{
150 OPENSSL_assert(bs->length >= 0 && bs->length <= length); 150 if (bs->length < 0 || bs->length > length)
151 return 0;
151 if (bs->length > 0) { 152 if (bs->length > 0) {
152 memcpy(addr, bs->data, bs->length); 153 memcpy(addr, bs->data, bs->length);
153 if ((bs->flags & 7) != 0) { 154 if ((bs->flags & 7) != 0) {
@@ -159,6 +160,7 @@ static void addr_expand(unsigned char *addr,
159 } 160 }
160 } 161 }
161 memset(addr + bs->length, fill, length - bs->length); 162 memset(addr + bs->length, fill, length - bs->length);
163 return 1;
162} 164}
163 165
164/* 166/*
@@ -181,15 +183,13 @@ static int i2r_address(BIO *out,
181 return 0; 183 return 0;
182 switch (afi) { 184 switch (afi) {
183 case IANA_AFI_IPV4: 185 case IANA_AFI_IPV4:
184 if (bs->length > 4) 186 if (!addr_expand(addr, bs, 4, fill))
185 return 0; 187 return 0;
186 addr_expand(addr, bs, 4, fill);
187 BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); 188 BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
188 break; 189 break;
189 case IANA_AFI_IPV6: 190 case IANA_AFI_IPV6:
190 if (bs->length > 16) 191 if (!addr_expand(addr, bs, 16, fill))
191 return 0; 192 return 0;
192 addr_expand(addr, bs, 16, fill);
193 for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) 193 for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
194 ; 194 ;
195 for (i = 0; i < n; i += 2) 195 for (i = 0; i < n; i += 2)
@@ -315,6 +315,12 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
315/* 315/*
316 * Sort comparison function for a sequence of IPAddressOrRange 316 * Sort comparison function for a sequence of IPAddressOrRange
317 * elements. 317 * elements.
318 *
319 * There's no sane answer we can give if addr_expand() fails, and an
320 * assertion failure on externally supplied data is seriously uncool,
321 * so we just arbitrarily declare that if given invalid inputs this
322 * function returns -1. If this messes up your preferred sort order
323 * for garbage input, tough noogies.
318 */ 324 */
319static int IPAddressOrRange_cmp(const IPAddressOrRange *a, 325static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
320 const IPAddressOrRange *b, 326 const IPAddressOrRange *b,
@@ -326,22 +332,26 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
326 332
327 switch (a->type) { 333 switch (a->type) {
328 case IPAddressOrRange_addressPrefix: 334 case IPAddressOrRange_addressPrefix:
329 addr_expand(addr_a, a->u.addressPrefix, length, 0x00); 335 if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
336 return -1;
330 prefixlen_a = addr_prefixlen(a->u.addressPrefix); 337 prefixlen_a = addr_prefixlen(a->u.addressPrefix);
331 break; 338 break;
332 case IPAddressOrRange_addressRange: 339 case IPAddressOrRange_addressRange:
333 addr_expand(addr_a, a->u.addressRange->min, length, 0x00); 340 if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
341 return -1;
334 prefixlen_a = length * 8; 342 prefixlen_a = length * 8;
335 break; 343 break;
336 } 344 }
337 345
338 switch (b->type) { 346 switch (b->type) {
339 case IPAddressOrRange_addressPrefix: 347 case IPAddressOrRange_addressPrefix:
340 addr_expand(addr_b, b->u.addressPrefix, length, 0x00); 348 if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
349 return -1;
341 prefixlen_b = addr_prefixlen(b->u.addressPrefix); 350 prefixlen_b = addr_prefixlen(b->u.addressPrefix);
342 break; 351 break;
343 case IPAddressOrRange_addressRange: 352 case IPAddressOrRange_addressRange:
344 addr_expand(addr_b, b->u.addressRange->min, length, 0x00); 353 if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
354 return -1;
345 prefixlen_b = length * 8; 355 prefixlen_b = length * 8;
346 break; 356 break;
347 } 357 }
@@ -383,6 +393,7 @@ static int range_should_be_prefix(const unsigned char *min,
383 unsigned char mask; 393 unsigned char mask;
384 int i, j; 394 int i, j;
385 395
396 OPENSSL_assert(memcmp(min, max, length) <= 0);
386 for (i = 0; i < length && min[i] == max[i]; i++) 397 for (i = 0; i < length && min[i] == max[i]; i++)
387 ; 398 ;
388 for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) 399 for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
@@ -601,10 +612,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
601 return NULL; 612 return NULL;
602 switch (afi) { 613 switch (afi) {
603 case IANA_AFI_IPV4: 614 case IANA_AFI_IPV4:
604 sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); 615 (void) sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
605 break; 616 break;
606 case IANA_AFI_IPV6: 617 case IANA_AFI_IPV6:
607 sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); 618 (void) sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
608 break; 619 break;
609 } 620 }
610 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; 621 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
@@ -656,22 +667,22 @@ int v3_addr_add_range(IPAddrBlocks *addr,
656/* 667/*
657 * Extract min and max values from an IPAddressOrRange. 668 * Extract min and max values from an IPAddressOrRange.
658 */ 669 */
659static void extract_min_max(IPAddressOrRange *aor, 670static int extract_min_max(IPAddressOrRange *aor,
660 unsigned char *min, 671 unsigned char *min,
661 unsigned char *max, 672 unsigned char *max,
662 int length) 673 int length)
663{ 674{
664 OPENSSL_assert(aor != NULL && min != NULL && max != NULL); 675 if (aor == NULL || min == NULL || max == NULL)
676 return 0;
665 switch (aor->type) { 677 switch (aor->type) {
666 case IPAddressOrRange_addressPrefix: 678 case IPAddressOrRange_addressPrefix:
667 addr_expand(min, aor->u.addressPrefix, length, 0x00); 679 return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
668 addr_expand(max, aor->u.addressPrefix, length, 0xFF); 680 addr_expand(max, aor->u.addressPrefix, length, 0xFF));
669 return;
670 case IPAddressOrRange_addressRange: 681 case IPAddressOrRange_addressRange:
671 addr_expand(min, aor->u.addressRange->min, length, 0x00); 682 return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
672 addr_expand(max, aor->u.addressRange->max, length, 0xFF); 683 addr_expand(max, aor->u.addressRange->max, length, 0xFF));
673 return;
674 } 684 }
685 return 0;
675} 686}
676 687
677/* 688/*
@@ -687,9 +698,10 @@ int v3_addr_get_range(IPAddressOrRange *aor,
687 if (aor == NULL || min == NULL || max == NULL || 698 if (aor == NULL || min == NULL || max == NULL ||
688 afi_length == 0 || length < afi_length || 699 afi_length == 0 || length < afi_length ||
689 (aor->type != IPAddressOrRange_addressPrefix && 700 (aor->type != IPAddressOrRange_addressPrefix &&
690 aor->type != IPAddressOrRange_addressRange)) 701 aor->type != IPAddressOrRange_addressRange) ||
702 !extract_min_max(aor, min, max, afi_length))
691 return 0; 703 return 0;
692 extract_min_max(aor, min, max, afi_length); 704
693 return afi_length; 705 return afi_length;
694} 706}
695 707
@@ -771,8 +783,9 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
771 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); 783 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
772 IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); 784 IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
773 785
774 extract_min_max(a, a_min, a_max, length); 786 if (!extract_min_max(a, a_min, a_max, length) ||
775 extract_min_max(b, b_min, b_max, length); 787 !extract_min_max(b, b_min, b_max, length))
788 return 0;
776 789
777 /* 790 /*
778 * Punt misordered list, overlapping start, or inverted range. 791 * Punt misordered list, overlapping start, or inverted range.
@@ -800,14 +813,17 @@ int v3_addr_is_canonical(IPAddrBlocks *addr)
800 } 813 }
801 814
802 /* 815 /*
803 * Check final range to see if it should be a prefix. 816 * Check range to see if it's inverted or should be a
817 * prefix.
804 */ 818 */
805 j = sk_IPAddressOrRange_num(aors) - 1; 819 j = sk_IPAddressOrRange_num(aors) - 1;
806 { 820 {
807 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); 821 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
808 if (a->type == IPAddressOrRange_addressRange) { 822 if (a != NULL && a->type == IPAddressOrRange_addressRange) {
809 extract_min_max(a, a_min, a_max, length); 823 if (!extract_min_max(a, a_min, a_max, length))
810 if (range_should_be_prefix(a_min, a_max, length) >= 0) 824 return 0;
825 if (memcmp(a_min, a_max, length) > 0 ||
826 range_should_be_prefix(a_min, a_max, length) >= 0)
811 return 0; 827 return 0;
812 } 828 }
813 } 829 }
@@ -841,8 +857,16 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
841 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; 857 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
842 unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; 858 unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
843 859
844 extract_min_max(a, a_min, a_max, length); 860 if (!extract_min_max(a, a_min, a_max, length) ||
845 extract_min_max(b, b_min, b_max, length); 861 !extract_min_max(b, b_min, b_max, length))
862 return 0;
863
864 /*
865 * Punt inverted ranges.
866 */
867 if (memcmp(a_min, a_max, length) > 0 ||
868 memcmp(b_min, b_max, length) > 0)
869 return 0;
846 870
847 /* 871 /*
848 * Punt overlaps. 872 * Punt overlaps.
@@ -860,8 +884,8 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
860 IPAddressOrRange *merged; 884 IPAddressOrRange *merged;
861 if (!make_addressRange(&merged, a_min, b_max, length)) 885 if (!make_addressRange(&merged, a_min, b_max, length))
862 return 0; 886 return 0;
863 sk_IPAddressOrRange_set(aors, i, merged); 887 (void) sk_IPAddressOrRange_set(aors, i, merged);
864 sk_IPAddressOrRange_delete(aors, i + 1); 888 (void) sk_IPAddressOrRange_delete(aors, i + 1);
865 IPAddressOrRange_free(a); 889 IPAddressOrRange_free(a);
866 IPAddressOrRange_free(b); 890 IPAddressOrRange_free(b);
867 --i; 891 --i;
@@ -869,6 +893,20 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
869 } 893 }
870 } 894 }
871 895
896 /*
897 * Check for inverted final range.
898 */
899 j = sk_IPAddressOrRange_num(aors) - 1;
900 {
901 IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
902 if (a != NULL && a->type == IPAddressOrRange_addressRange) {
903 unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
904 extract_min_max(a, a_min, a_max, length);
905 if (memcmp(a_min, a_max, length) > 0)
906 return 0;
907 }
908 }
909
872 return 1; 910 return 1;
873} 911}
874 912
@@ -885,7 +923,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
885 v3_addr_get_afi(f))) 923 v3_addr_get_afi(f)))
886 return 0; 924 return 0;
887 } 925 }
888 sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); 926 (void) sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
889 sk_IPAddressFamily_sort(addr); 927 sk_IPAddressFamily_sort(addr);
890 OPENSSL_assert(v3_addr_is_canonical(addr)); 928 OPENSSL_assert(v3_addr_is_canonical(addr));
891 return 1; 929 return 1;
@@ -1017,6 +1055,11 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
1017 X509V3_conf_err(val); 1055 X509V3_conf_err(val);
1018 goto err; 1056 goto err;
1019 } 1057 }
1058 if (memcmp(min, max, length_from_afi(afi)) > 0) {
1059 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
1060 X509V3_conf_err(val);
1061 goto err;
1062 }
1020 if (!v3_addr_add_range(addr, afi, safi, min, max)) { 1063 if (!v3_addr_add_range(addr, afi, safi, min, max)) {
1021 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); 1064 X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
1022 goto err; 1065 goto err;
@@ -1102,13 +1145,15 @@ static int addr_contains(IPAddressOrRanges *parent,
1102 1145
1103 p = 0; 1146 p = 0;
1104 for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { 1147 for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
1105 extract_min_max(sk_IPAddressOrRange_value(child, c), 1148 if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
1106 c_min, c_max, length); 1149 c_min, c_max, length))
1150 return -1;
1107 for (;; p++) { 1151 for (;; p++) {
1108 if (p >= sk_IPAddressOrRange_num(parent)) 1152 if (p >= sk_IPAddressOrRange_num(parent))
1109 return 0; 1153 return 0;
1110 extract_min_max(sk_IPAddressOrRange_value(parent, p), 1154 if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
1111 p_min, p_max, length); 1155 p_min, p_max, length))
1156 return 0;
1112 if (memcmp(p_max, c_max, length) < 0) 1157 if (memcmp(p_max, c_max, length) < 0)
1113 continue; 1158 continue;
1114 if (memcmp(p_min, c_min, length) > 0) 1159 if (memcmp(p_min, c_min, length) > 0)
@@ -1130,7 +1175,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
1130 return 1; 1175 return 1;
1131 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) 1176 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
1132 return 0; 1177 return 0;
1133 sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); 1178 (void) sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
1134 for (i = 0; i < sk_IPAddressFamily_num(a); i++) { 1179 for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
1135 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); 1180 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
1136 int j = sk_IPAddressFamily_find(b, fa); 1181 int j = sk_IPAddressFamily_find(b, fa);
@@ -1195,7 +1240,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1195 } 1240 }
1196 if (!v3_addr_is_canonical(ext)) 1241 if (!v3_addr_is_canonical(ext))
1197 validation_err(X509_V_ERR_INVALID_EXTENSION); 1242 validation_err(X509_V_ERR_INVALID_EXTENSION);
1198 sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); 1243 (void) sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
1199 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { 1244 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
1200 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); 1245 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
1201 ret = 0; 1246 ret = 0;
@@ -1221,7 +1266,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1221 } 1266 }
1222 continue; 1267 continue;
1223 } 1268 }
1224 sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); 1269 (void) sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
1225 for (j = 0; j < sk_IPAddressFamily_num(child); j++) { 1270 for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
1226 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); 1271 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
1227 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); 1272 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-27 18:33:13 +0000