summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/asn1/a_d2i_fp.c51
-rw-r--r--src/lib/libcrypto/asn1/a_type.c4
-rw-r--r--src/lib/libcrypto/asn1/tasn_dec.c4
-rw-r--r--src/lib/libcrypto/asn1/tasn_enc.c4
-rw-r--r--src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c5
-rw-r--r--src/lib/libcrypto/evp/encode.c13
-rw-r--r--src/lib/libcrypto/evp/evp_enc.c4
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_d2i_fp.c51
-rw-r--r--src/lib/libssl/src/crypto/asn1/a_type.c4
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_dec.c4
-rw-r--r--src/lib/libssl/src/crypto/asn1/tasn_enc.c4
-rw-r--r--src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c5
-rw-r--r--src/lib/libssl/src/crypto/evp/encode.c13
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_enc.c4
14 files changed, 60 insertions, 110 deletions
diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c
index d12890ec15..d85be56568 100644
--- a/src/lib/libcrypto/asn1/a_d2i_fp.c
+++ b/src/lib/libcrypto/asn1/a_d2i_fp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: a_d2i_fp.c,v 1.12 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: a_d2i_fp.c,v 1.13 2016/05/04 14:53:29 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -144,7 +144,6 @@ ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
144} 144}
145 145
146#define HEADER_SIZE 8 146#define HEADER_SIZE 8
147#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
148static int 147static int
149asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) 148asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
150{ 149{
@@ -168,22 +167,18 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
168 if (want >= (len - off)) { 167 if (want >= (len - off)) {
169 want -= (len - off); 168 want -= (len - off);
170 169
171 if (len + want < len || 170 if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
172 !BUF_MEM_grow_clean(b, len + want)) { 171 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
173 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
174 ERR_R_MALLOC_FAILURE);
175 goto err; 172 goto err;
176 } 173 }
177 i = BIO_read(in, &(b->data[len]), want); 174 i = BIO_read(in, &(b->data[len]), want);
178 if ((i < 0) && ((len - off) == 0)) { 175 if ((i < 0) && ((len - off) == 0)) {
179 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 176 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
180 ASN1_R_NOT_ENOUGH_DATA);
181 goto err; 177 goto err;
182 } 178 }
183 if (i > 0) { 179 if (i > 0) {
184 if (len + i < len) { 180 if (len + i < len) {
185 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 181 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
186 ASN1_R_TOO_LONG);
187 goto err; 182 goto err;
188 } 183 }
189 len += i; 184 len += i;
@@ -211,8 +206,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
211 /* no data body so go round again */ 206 /* no data body so go round again */
212 eos++; 207 eos++;
213 if (eos < 0) { 208 if (eos < 0) {
214 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 209 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
215 ASN1_R_HEADER_TOO_LONG);
216 goto err; 210 goto err;
217 } 211 }
218 want = HEADER_SIZE; 212 want = HEADER_SIZE;
@@ -227,45 +221,28 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
227 /* suck in c.slen bytes of data */ 221 /* suck in c.slen bytes of data */
228 want = c.slen; 222 want = c.slen;
229 if (want > (len - off)) { 223 if (want > (len - off)) {
230 size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
231
232 want -= (len - off); 224 want -= (len - off);
233 if (want > INT_MAX /* BIO_read takes an int length */ || 225 if (want > INT_MAX /* BIO_read takes an int length */ ||
234 len+want < len) { 226 len+want < len) {
235 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 227 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
236 ASN1_R_TOO_LONG);
237 goto err; 228 goto err;
238 } 229 }
239 /* 230 if (!BUF_MEM_grow_clean(b, len + want)) {
240 * Read content in chunks of increasing size 231 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
241 * so we can return an error for EOF without
242 * having to allocate the entire content length
243 * in one go.
244 */
245 size_t chunk = want > chunk_max ? chunk_max : want;
246
247 if (!BUF_MEM_grow_clean(b, len + chunk)) {
248 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
249 ERR_R_MALLOC_FAILURE);
250 goto err; 232 goto err;
251 } 233 }
252 want -= chunk; 234 while (want > 0) {
253 while (chunk > 0) { 235 i = BIO_read(in, &(b->data[len]), want);
254 i = BIO_read(in, &(b->data[len]), chunk);
255 if (i <= 0) { 236 if (i <= 0) {
256 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 237 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
257 ASN1_R_NOT_ENOUGH_DATA); 238 ASN1_R_NOT_ENOUGH_DATA);
258 goto err; 239 goto err;
259 } 240 }
260 /* 241 /* This can't overflow because
261 * This can't overflow because |len+want| 242 * |len+want| didn't overflow. */
262 * didn't overflow.
263 */
264 len += i; 243 len += i;
265 chunk -= i; 244 want -= i;
266 } 245 }
267 if (chunk_max < INT_MAX/2)
268 chunk_max *= 2;
269 } 246 }
270 if (off + c.slen < off) { 247 if (off + c.slen < off) {
271 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); 248 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c
index 24f8756e73..e105a0673e 100644
--- a/src/lib/libcrypto/asn1/a_type.c
+++ b/src/lib/libcrypto/asn1/a_type.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: a_type.c,v 1.17 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: a_type.c,v 1.18 2016/05/04 14:53:29 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -127,7 +127,9 @@ ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
127 break; 127 break;
128 128
129 case V_ASN1_INTEGER: 129 case V_ASN1_INTEGER:
130 case V_ASN1_NEG_INTEGER:
130 case V_ASN1_ENUMERATED: 131 case V_ASN1_ENUMERATED:
132 case V_ASN1_NEG_ENUMERATED:
131 case V_ASN1_BIT_STRING: 133 case V_ASN1_BIT_STRING:
132 case V_ASN1_OCTET_STRING: 134 case V_ASN1_OCTET_STRING:
133 case V_ASN1_SEQUENCE: 135 case V_ASN1_SEQUENCE:
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index 55809babb8..e7f908fd0f 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tasn_dec.c,v 1.30 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: tasn_dec.c,v 1.31 2016/05/04 14:53:29 tedu Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -861,7 +861,9 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
861 break; 861 break;
862 862
863 case V_ASN1_INTEGER: 863 case V_ASN1_INTEGER:
864 case V_ASN1_NEG_INTEGER:
864 case V_ASN1_ENUMERATED: 865 case V_ASN1_ENUMERATED:
866 case V_ASN1_NEG_ENUMERATED:
865 tint = (ASN1_INTEGER **)pval; 867 tint = (ASN1_INTEGER **)pval;
866 if (!c2i_ASN1_INTEGER(tint, &cont, len)) 868 if (!c2i_ASN1_INTEGER(tint, &cont, len))
867 goto err; 869 goto err;
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
index f4b8b300ca..03db0b0fbd 100644
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tasn_enc.c,v 1.18 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: tasn_enc.c,v 1.19 2016/05/04 14:53:29 tedu Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -603,7 +603,9 @@ asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
603 break; 603 break;
604 604
605 case V_ASN1_INTEGER: 605 case V_ASN1_INTEGER:
606 case V_ASN1_NEG_INTEGER:
606 case V_ASN1_ENUMERATED: 607 case V_ASN1_ENUMERATED:
608 case V_ASN1_NEG_ENUMERATED:
607 /* These are all have the same content format 609 /* These are all have the same content format
608 * as ASN1_INTEGER 610 * as ASN1_INTEGER
609 */ 611 */
diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
index 8d33896e1c..42aa20701b 100644
--- a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.10 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.11 2016/05/04 14:53:29 tedu Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -60,7 +60,6 @@
60#include <openssl/aes.h> 60#include <openssl/aes.h>
61#include <openssl/sha.h> 61#include <openssl/sha.h>
62#include "evp_locl.h" 62#include "evp_locl.h"
63#include "constant_time_locl.h"
64 63
65#ifndef EVP_CIPH_FLAG_AEAD_CIPHER 64#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
66#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 65#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
@@ -283,8 +282,6 @@ aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
283 maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); 282 maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
284 maxpad &= 255; 283 maxpad &= 255;
285 284
286 ret &= constant_time_ge(maxpad, pad);
287
288 inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); 285 inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
289 mask = (0 - ((inp_len - len) >> 286 mask = (0 - ((inp_len - len) >>
290 (sizeof(inp_len) * 8 - 1))); 287 (sizeof(inp_len) * 8 - 1)));
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
index e4104173d4..637870cef6 100644
--- a/src/lib/libcrypto/evp/encode.c
+++ b/src/lib/libcrypto/evp/encode.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: encode.c,v 1.22 2016/05/03 14:05:41 bcook Exp $ */ 1/* $OpenBSD: encode.c,v 1.23 2016/05/04 14:53:29 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -125,13 +125,13 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
125 const unsigned char *in, int inl) 125 const unsigned char *in, int inl)
126{ 126{
127 int i, j; 127 int i, j;
128 size_t total = 0; 128 unsigned int total = 0;
129 129
130 *outl = 0; 130 *outl = 0;
131 if (inl == 0) 131 if (inl == 0)
132 return; 132 return;
133 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); 133 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
134 if (ctx->length - ctx->num > inl) { 134 if ((ctx->num + inl) < ctx->length) {
135 memcpy(&(ctx->enc_data[ctx->num]), in, inl); 135 memcpy(&(ctx->enc_data[ctx->num]), in, inl);
136 ctx->num += inl; 136 ctx->num += inl;
137 return; 137 return;
@@ -148,7 +148,7 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
148 *out = '\0'; 148 *out = '\0';
149 total = j + 1; 149 total = j + 1;
150 } 150 }
151 while (inl >= ctx->length && total <= INT_MAX) { 151 while (inl >= ctx->length) {
152 j = EVP_EncodeBlock(out, in, ctx->length); 152 j = EVP_EncodeBlock(out, in, ctx->length);
153 in += ctx->length; 153 in += ctx->length;
154 inl -= ctx->length; 154 inl -= ctx->length;
@@ -157,11 +157,6 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
157 *out = '\0'; 157 *out = '\0';
158 total += j + 1; 158 total += j + 1;
159 } 159 }
160 if (total > INT_MAX) {
161 /* Too much output data! */
162 *outl = 0;
163 return;
164 }
165 if (inl != 0) 160 if (inl != 0)
166 memcpy(&(ctx->enc_data[0]), in, inl); 161 memcpy(&(ctx->enc_data[0]), in, inl);
167 ctx->num = inl; 162 ctx->num = inl;
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 30941ed83d..a4e369f622 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_enc.c,v 1.28 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: evp_enc.c,v 1.29 2016/05/04 14:53:29 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -334,7 +334,7 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
334 return 0; 334 return 0;
335 } 335 }
336 if (i != 0) { 336 if (i != 0) {
337 if (bl - i > inl) { 337 if (i + inl < bl) {
338 memcpy(&(ctx->buf[i]), in, inl); 338 memcpy(&(ctx->buf[i]), in, inl);
339 ctx->buf_len += inl; 339 ctx->buf_len += inl;
340 *outl = 0; 340 *outl = 0;
diff --git a/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c b/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c
index d12890ec15..d85be56568 100644
--- a/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c
+++ b/src/lib/libssl/src/crypto/asn1/a_d2i_fp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: a_d2i_fp.c,v 1.12 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: a_d2i_fp.c,v 1.13 2016/05/04 14:53:29 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -144,7 +144,6 @@ ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
144} 144}
145 145
146#define HEADER_SIZE 8 146#define HEADER_SIZE 8
147#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
148static int 147static int
149asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) 148asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
150{ 149{
@@ -168,22 +167,18 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
168 if (want >= (len - off)) { 167 if (want >= (len - off)) {
169 want -= (len - off); 168 want -= (len - off);
170 169
171 if (len + want < len || 170 if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
172 !BUF_MEM_grow_clean(b, len + want)) { 171 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
173 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
174 ERR_R_MALLOC_FAILURE);
175 goto err; 172 goto err;
176 } 173 }
177 i = BIO_read(in, &(b->data[len]), want); 174 i = BIO_read(in, &(b->data[len]), want);
178 if ((i < 0) && ((len - off) == 0)) { 175 if ((i < 0) && ((len - off) == 0)) {
179 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 176 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
180 ASN1_R_NOT_ENOUGH_DATA);
181 goto err; 177 goto err;
182 } 178 }
183 if (i > 0) { 179 if (i > 0) {
184 if (len + i < len) { 180 if (len + i < len) {
185 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 181 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
186 ASN1_R_TOO_LONG);
187 goto err; 182 goto err;
188 } 183 }
189 len += i; 184 len += i;
@@ -211,8 +206,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
211 /* no data body so go round again */ 206 /* no data body so go round again */
212 eos++; 207 eos++;
213 if (eos < 0) { 208 if (eos < 0) {
214 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 209 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
215 ASN1_R_HEADER_TOO_LONG);
216 goto err; 210 goto err;
217 } 211 }
218 want = HEADER_SIZE; 212 want = HEADER_SIZE;
@@ -227,45 +221,28 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
227 /* suck in c.slen bytes of data */ 221 /* suck in c.slen bytes of data */
228 want = c.slen; 222 want = c.slen;
229 if (want > (len - off)) { 223 if (want > (len - off)) {
230 size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
231
232 want -= (len - off); 224 want -= (len - off);
233 if (want > INT_MAX /* BIO_read takes an int length */ || 225 if (want > INT_MAX /* BIO_read takes an int length */ ||
234 len+want < len) { 226 len+want < len) {
235 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 227 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
236 ASN1_R_TOO_LONG);
237 goto err; 228 goto err;
238 } 229 }
239 /* 230 if (!BUF_MEM_grow_clean(b, len + want)) {
240 * Read content in chunks of increasing size 231 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
241 * so we can return an error for EOF without
242 * having to allocate the entire content length
243 * in one go.
244 */
245 size_t chunk = want > chunk_max ? chunk_max : want;
246
247 if (!BUF_MEM_grow_clean(b, len + chunk)) {
248 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
249 ERR_R_MALLOC_FAILURE);
250 goto err; 232 goto err;
251 } 233 }
252 want -= chunk; 234 while (want > 0) {
253 while (chunk > 0) { 235 i = BIO_read(in, &(b->data[len]), want);
254 i = BIO_read(in, &(b->data[len]), chunk);
255 if (i <= 0) { 236 if (i <= 0) {
256 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, 237 ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
257 ASN1_R_NOT_ENOUGH_DATA); 238 ASN1_R_NOT_ENOUGH_DATA);
258 goto err; 239 goto err;
259 } 240 }
260 /* 241 /* This can't overflow because
261 * This can't overflow because |len+want| 242 * |len+want| didn't overflow. */
262 * didn't overflow.
263 */
264 len += i; 243 len += i;
265 chunk -= i; 244 want -= i;
266 } 245 }
267 if (chunk_max < INT_MAX/2)
268 chunk_max *= 2;
269 } 246 }
270 if (off + c.slen < off) { 247 if (off + c.slen < off) {
271 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); 248 ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
diff --git a/src/lib/libssl/src/crypto/asn1/a_type.c b/src/lib/libssl/src/crypto/asn1/a_type.c
index 24f8756e73..e105a0673e 100644
--- a/src/lib/libssl/src/crypto/asn1/a_type.c
+++ b/src/lib/libssl/src/crypto/asn1/a_type.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: a_type.c,v 1.17 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: a_type.c,v 1.18 2016/05/04 14:53:29 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -127,7 +127,9 @@ ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
127 break; 127 break;
128 128
129 case V_ASN1_INTEGER: 129 case V_ASN1_INTEGER:
130 case V_ASN1_NEG_INTEGER:
130 case V_ASN1_ENUMERATED: 131 case V_ASN1_ENUMERATED:
132 case V_ASN1_NEG_ENUMERATED:
131 case V_ASN1_BIT_STRING: 133 case V_ASN1_BIT_STRING:
132 case V_ASN1_OCTET_STRING: 134 case V_ASN1_OCTET_STRING:
133 case V_ASN1_SEQUENCE: 135 case V_ASN1_SEQUENCE:
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_dec.c b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
index 55809babb8..e7f908fd0f 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tasn_dec.c,v 1.30 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: tasn_dec.c,v 1.31 2016/05/04 14:53:29 tedu Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -861,7 +861,9 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
861 break; 861 break;
862 862
863 case V_ASN1_INTEGER: 863 case V_ASN1_INTEGER:
864 case V_ASN1_NEG_INTEGER:
864 case V_ASN1_ENUMERATED: 865 case V_ASN1_ENUMERATED:
866 case V_ASN1_NEG_ENUMERATED:
865 tint = (ASN1_INTEGER **)pval; 867 tint = (ASN1_INTEGER **)pval;
866 if (!c2i_ASN1_INTEGER(tint, &cont, len)) 868 if (!c2i_ASN1_INTEGER(tint, &cont, len))
867 goto err; 869 goto err;
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_enc.c b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
index f4b8b300ca..03db0b0fbd 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_enc.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tasn_enc.c,v 1.18 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: tasn_enc.c,v 1.19 2016/05/04 14:53:29 tedu Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -603,7 +603,9 @@ asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
603 break; 603 break;
604 604
605 case V_ASN1_INTEGER: 605 case V_ASN1_INTEGER:
606 case V_ASN1_NEG_INTEGER:
606 case V_ASN1_ENUMERATED: 607 case V_ASN1_ENUMERATED:
608 case V_ASN1_NEG_ENUMERATED:
607 /* These are all have the same content format 609 /* These are all have the same content format
608 * as ASN1_INTEGER 610 * as ASN1_INTEGER
609 */ 611 */
diff --git a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
index 8d33896e1c..42aa20701b 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.10 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.11 2016/05/04 14:53:29 tedu Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -60,7 +60,6 @@
60#include <openssl/aes.h> 60#include <openssl/aes.h>
61#include <openssl/sha.h> 61#include <openssl/sha.h>
62#include "evp_locl.h" 62#include "evp_locl.h"
63#include "constant_time_locl.h"
64 63
65#ifndef EVP_CIPH_FLAG_AEAD_CIPHER 64#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
66#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 65#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
@@ -283,8 +282,6 @@ aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
283 maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); 282 maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
284 maxpad &= 255; 283 maxpad &= 255;
285 284
286 ret &= constant_time_ge(maxpad, pad);
287
288 inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); 285 inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
289 mask = (0 - ((inp_len - len) >> 286 mask = (0 - ((inp_len - len) >>
290 (sizeof(inp_len) * 8 - 1))); 287 (sizeof(inp_len) * 8 - 1)));
diff --git a/src/lib/libssl/src/crypto/evp/encode.c b/src/lib/libssl/src/crypto/evp/encode.c
index e4104173d4..637870cef6 100644
--- a/src/lib/libssl/src/crypto/evp/encode.c
+++ b/src/lib/libssl/src/crypto/evp/encode.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: encode.c,v 1.22 2016/05/03 14:05:41 bcook Exp $ */ 1/* $OpenBSD: encode.c,v 1.23 2016/05/04 14:53:29 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -125,13 +125,13 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
125 const unsigned char *in, int inl) 125 const unsigned char *in, int inl)
126{ 126{
127 int i, j; 127 int i, j;
128 size_t total = 0; 128 unsigned int total = 0;
129 129
130 *outl = 0; 130 *outl = 0;
131 if (inl == 0) 131 if (inl == 0)
132 return; 132 return;
133 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); 133 OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
134 if (ctx->length - ctx->num > inl) { 134 if ((ctx->num + inl) < ctx->length) {
135 memcpy(&(ctx->enc_data[ctx->num]), in, inl); 135 memcpy(&(ctx->enc_data[ctx->num]), in, inl);
136 ctx->num += inl; 136 ctx->num += inl;
137 return; 137 return;
@@ -148,7 +148,7 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
148 *out = '\0'; 148 *out = '\0';
149 total = j + 1; 149 total = j + 1;
150 } 150 }
151 while (inl >= ctx->length && total <= INT_MAX) { 151 while (inl >= ctx->length) {
152 j = EVP_EncodeBlock(out, in, ctx->length); 152 j = EVP_EncodeBlock(out, in, ctx->length);
153 in += ctx->length; 153 in += ctx->length;
154 inl -= ctx->length; 154 inl -= ctx->length;
@@ -157,11 +157,6 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
157 *out = '\0'; 157 *out = '\0';
158 total += j + 1; 158 total += j + 1;
159 } 159 }
160 if (total > INT_MAX) {
161 /* Too much output data! */
162 *outl = 0;
163 return;
164 }
165 if (inl != 0) 160 if (inl != 0)
166 memcpy(&(ctx->enc_data[0]), in, inl); 161 memcpy(&(ctx->enc_data[0]), in, inl);
167 ctx->num = inl; 162 ctx->num = inl;
diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c
index 30941ed83d..a4e369f622 100644
--- a/src/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/src/lib/libssl/src/crypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: evp_enc.c,v 1.28 2016/05/03 12:38:53 tedu Exp $ */ 1/* $OpenBSD: evp_enc.c,v 1.29 2016/05/04 14:53:29 tedu Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -334,7 +334,7 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
334 return 0; 334 return 0;
335 } 335 }
336 if (i != 0) { 336 if (i != 0) {
337 if (bl - i > inl) { 337 if (i + inl < bl) {
338 memcpy(&(ctx->buf[i]), in, inl); 338 memcpy(&(ctx->buf[i]), in, inl);
339 ctx->buf_len += inl; 339 ctx->buf_len += inl;
340 *outl = 0; 340 *outl = 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 22:02:05 +0000