Browse Source

deps: upgrade openssl sources to 1.0.2i

This replaces all sources of openssl-1.0.2i.tar.gz into
deps/openssl/openssl

PR-URL: https://github.com/nodejs/node/pull/8714
Reviewed-By: Fedor Indutny <fedor@indutny.com>
v6
Shigeki Ohtsu 8 years ago
parent
commit
d1039709a4
  1. 160
      deps/openssl/openssl/CHANGES
  2. 95
      deps/openssl/openssl/CONTRIBUTING
  3. 19
      deps/openssl/openssl/Configure
  4. 22
      deps/openssl/openssl/INSTALL.W32
  5. 5
      deps/openssl/openssl/Makefile
  6. 7
      deps/openssl/openssl/Makefile.bak
  7. 3
      deps/openssl/openssl/Makefile.org
  8. 2
      deps/openssl/openssl/Makefile.shared
  9. 14
      deps/openssl/openssl/NEWS
  10. 2
      deps/openssl/openssl/README
  11. 2
      deps/openssl/openssl/apps/CA.pl
  12. 3
      deps/openssl/openssl/apps/CA.pl.in
  13. 9
      deps/openssl/openssl/apps/app_rand.c
  14. 46
      deps/openssl/openssl/apps/apps.c
  15. 2
      deps/openssl/openssl/apps/apps.h
  16. 23
      deps/openssl/openssl/apps/ca.c
  17. 5
      deps/openssl/openssl/apps/dgst.c
  18. 2
      deps/openssl/openssl/apps/enc.c
  19. 2
      deps/openssl/openssl/apps/makeapps.com
  20. 4
      deps/openssl/openssl/apps/passwd.c
  21. 81
      deps/openssl/openssl/apps/pkcs12.c
  22. 14
      deps/openssl/openssl/apps/req.c
  23. 3
      deps/openssl/openssl/apps/s_apps.h
  24. 9
      deps/openssl/openssl/apps/s_cb.c
  25. 121
      deps/openssl/openssl/apps/s_client.c
  26. 74
      deps/openssl/openssl/apps/s_server.c
  27. 4
      deps/openssl/openssl/apps/speed.c
  28. 2
      deps/openssl/openssl/apps/srp.c
  29. 21
      deps/openssl/openssl/apps/verify.c
  30. 590
      deps/openssl/openssl/apps/vms_term_sock.c
  31. 30
      deps/openssl/openssl/apps/vms_term_sock.h
  32. 6
      deps/openssl/openssl/apps/x509.c
  33. 3
      deps/openssl/openssl/crypto/LPdir_nyi.c
  34. 4
      deps/openssl/openssl/crypto/LPdir_unix.c
  35. 4
      deps/openssl/openssl/crypto/LPdir_win32.c
  36. 4
      deps/openssl/openssl/crypto/LPdir_wince.c
  37. 24
      deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl
  38. 58
      deps/openssl/openssl/crypto/asn1/a_bytes.c
  39. 10
      deps/openssl/openssl/crypto/asn1/a_object.c
  40. 9
      deps/openssl/openssl/crypto/asn1/a_set.c
  41. 2
      deps/openssl/openssl/crypto/asn1/a_strex.c
  42. 1
      deps/openssl/openssl/crypto/asn1/a_strnid.c
  43. 2
      deps/openssl/openssl/crypto/asn1/ameth_lib.c
  44. 26
      deps/openssl/openssl/crypto/asn1/asn1_lib.c
  45. 4
      deps/openssl/openssl/crypto/asn1/asn_mime.c
  46. 6
      deps/openssl/openssl/crypto/asn1/bio_asn1.c
  47. 1
      deps/openssl/openssl/crypto/asn1/bio_ndef.c
  48. 12
      deps/openssl/openssl/crypto/asn1/charmap.pl
  49. 8
      deps/openssl/openssl/crypto/asn1/d2i_pr.c
  50. 4
      deps/openssl/openssl/crypto/asn1/f_enum.c
  51. 4
      deps/openssl/openssl/crypto/asn1/f_int.c
  52. 4
      deps/openssl/openssl/crypto/asn1/f_string.c
  53. 7
      deps/openssl/openssl/crypto/asn1/i2d_pr.c
  54. 2
      deps/openssl/openssl/crypto/asn1/p5_pbe.c
  55. 4
      deps/openssl/openssl/crypto/asn1/p5_pbev2.c
  56. 1
      deps/openssl/openssl/crypto/asn1/t_req.c
  57. 8
      deps/openssl/openssl/crypto/asn1/tasn_dec.c
  58. 24
      deps/openssl/openssl/crypto/asn1/tasn_enc.c
  59. 14
      deps/openssl/openssl/crypto/asn1/tasn_prn.c
  60. 2
      deps/openssl/openssl/crypto/asn1/tasn_utl.c
  61. 15
      deps/openssl/openssl/crypto/asn1/x_bignum.c
  62. 6
      deps/openssl/openssl/crypto/asn1/x_name.c
  63. 54
      deps/openssl/openssl/crypto/asn1/x_x509.c
  64. 6
      deps/openssl/openssl/crypto/bio/b_print.c
  65. 4
      deps/openssl/openssl/crypto/bio/bf_nbio.c
  66. 6
      deps/openssl/openssl/crypto/bio/bio.h
  67. 19
      deps/openssl/openssl/crypto/bio/bss_bio.c
  68. 6
      deps/openssl/openssl/crypto/bio/bss_file.c
  69. 2
      deps/openssl/openssl/crypto/bio/bss_rtcp.c
  70. 41
      deps/openssl/openssl/crypto/bn/asm/x86-mont.pl
  71. 2
      deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c
  72. 185
      deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl
  73. 227
      deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl
  74. 2
      deps/openssl/openssl/crypto/bn/bn.h
  75. 4
      deps/openssl/openssl/crypto/bn/bn_div.c
  76. 2
      deps/openssl/openssl/crypto/bn/bn_lib.c
  77. 33
      deps/openssl/openssl/crypto/bn/bn_print.c
  78. 19
      deps/openssl/openssl/crypto/bn/bn_rand.c
  79. 22
      deps/openssl/openssl/crypto/bn/bn_word.c
  80. 8
      deps/openssl/openssl/crypto/bn/bntest.c
  81. 12
      deps/openssl/openssl/crypto/cms/cms_enc.c
  82. 3
      deps/openssl/openssl/crypto/cms/cms_ess.c
  83. 4
      deps/openssl/openssl/crypto/cms/cms_lib.c
  84. 4
      deps/openssl/openssl/crypto/cms/cms_pwri.c
  85. 4
      deps/openssl/openssl/crypto/comp/comp.h
  86. 4
      deps/openssl/openssl/crypto/conf/conf_mod.c
  87. 14
      deps/openssl/openssl/crypto/conf/keysets.pl
  88. 2
      deps/openssl/openssl/crypto/crypto-lib.com
  89. 8
      deps/openssl/openssl/crypto/des/asm/dest4-sparcv9.pl
  90. 2
      deps/openssl/openssl/crypto/des/des.c
  91. 2
      deps/openssl/openssl/crypto/des/enc_writ.c
  92. 2
      deps/openssl/openssl/crypto/dh/dh_ameth.c
  93. 2
      deps/openssl/openssl/crypto/dsa/dsa_ameth.c
  94. 7
      deps/openssl/openssl/crypto/dsa/dsa_gen.c
  95. 5
      deps/openssl/openssl/crypto/dsa/dsa_ossl.c
  96. 2
      deps/openssl/openssl/crypto/ec/Makefile
  97. 139
      deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
  98. 32
      deps/openssl/openssl/crypto/ec/ec_ameth.c
  99. 9
      deps/openssl/openssl/crypto/ec/ec_key.c
  100. 107
      deps/openssl/openssl/crypto/ec/ecp_nistz256.c

160
deps/openssl/openssl/CHANGES

@ -2,6 +2,166 @@
OpenSSL CHANGES
_______________
Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
*) OCSP Status Request extension unbounded memory growth
A malicious client can send an excessively large OCSP Status Request
extension. If that client continually requests renegotiation, sending a
large OCSP Status Request extension each time, then there will be unbounded
memory growth on the server. This will eventually lead to a Denial Of
Service attack through memory exhaustion. Servers with a default
configuration are vulnerable even if they do not support OCSP. Builds using
the "no-ocsp" build time option are not affected.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6304)
[Matt Caswell]
*) In order to mitigate the SWEET32 attack, the DES ciphers were moved from
HIGH to MEDIUM.
This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
Leurent (INRIA)
(CVE-2016-2183)
[Rich Salz]
*) OOB write in MDC2_Update()
An overflow can occur in MDC2_Update() either if called directly or
through the EVP_DigestUpdate() function using MDC2. If an attacker
is able to supply very large amounts of input data after a previous
call to EVP_EncryptUpdate() with a partial block then a length check
can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical
on most platforms.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6303)
[Stephen Henson]
*) Malformed SHA512 ticket DoS
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a
DoS attack where a malformed ticket will result in an OOB read which will
ultimately crash.
The use of SHA512 in TLS session tickets is comparatively rare as it requires
a custom server callback and ticket lookup mechanism.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6302)
[Stephen Henson]
*) OOB write in BN_bn2dec()
The function BN_bn2dec() does not check the return value of BN_div_word().
This can cause an OOB write if an application uses this function with an
overly large BIGNUM. This could be a problem if an overly large certificate
or CRL is printed out from an untrusted source. TLS is not affected because
record limits will reject an oversized certificate before it is parsed.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-2182)
[Stephen Henson]
*) OOB read in TS_OBJ_print_bio()
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is
the total length the OID text representation would use and not the amount
of data written. This will result in OOB reads when large OIDs are
presented.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-2180)
[Stephen Henson]
*) Pointer arithmetic undefined behaviour
Avoid some undefined pointer arithmetic
A common idiom in the codebase is to check limits in the following manner:
"p + len > limit"
Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS
message).
The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.
For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit.
This issue was reported to OpenSSL by Guido Vranken
(CVE-2016-2177)
[Matt Caswell]
*) Constant time flag not preserved in DSA signing
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.
This issue was reported by César Pereida (Aalto University), Billy Brumley
(Tampere University of Technology), and Yuval Yarom (The University of
Adelaide and NICTA).
(CVE-2016-2178)
[César Pereida]
*) DTLS buffered message DoS
In a DTLS connection where handshake messages are delivered out-of-order
those messages that OpenSSL is not yet ready to process will be buffered
for later use. Under certain circumstances, a flaw in the logic means that
those messages do not get removed from the buffer even though the handshake
has been completed. An attacker could force up to approx. 15 messages to
remain in the buffer when they are no longer required. These messages will
be cleared when the DTLS connection is closed. The default maximum size for
a message is 100k. Therefore the attacker could force an additional 1500k
to be consumed per connection. By opening many simulataneous connections an
attacker could cause a DoS attack through memory exhaustion.
This issue was reported to OpenSSL by Quan Luo.
(CVE-2016-2179)
[Matt Caswell]
*) DTLS replay protection DoS
A flaw in the DTLS replay attack protection mechanism means that records
that arrive for future epochs update the replay protection "window" before
the MAC for the record has been validated. This could be exploited by an
attacker by sending a record for the next epoch (which does not have to
decrypt or have a valid MAC), with a very large sequence number. This means
that all subsequent legitimate packets are dropped causing a denial of
service for a specific DTLS connection.
This issue was reported to OpenSSL by the OCAP audit team.
(CVE-2016-2181)
[Matt Caswell]
*) Certificate message OOB reads
In OpenSSL 1.0.2 and earlier some missing message length checks can result
in OOB reads of up to 2 bytes beyond an allocated buffer. There is a
theoretical DoS risk but this has not been observed in practice on common
platforms.
The messages affected are client certificate, client certificate request
and server certificate. As a result the attack can only be performed
against a client or a server which enables client authentication.
This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
(CVE-2016-6306)
[Stephen Henson]
Changes between 1.0.2g and 1.0.2h [3 May 2016]
*) Prevent padding oracle in AES-NI CBC MAC check

95
deps/openssl/openssl/CONTRIBUTING

@ -1,38 +1,75 @@
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
HOW TO CONTRIBUTE TO PATCHES OpenSSL
------------------------------------
Development is coordinated on the openssl-dev mailing list (see
http://www.openssl.org for information on subscribing). If you
would like to submit a patch, send it to rt@openssl.org with
the string "[PATCH]" in the subject. Please be sure to include a
textual explanation of what your patch does.
You can also make GitHub pull requests. If you do this, please also send
mail to rt@openssl.org with a brief description and a link to the PR so
that we can more easily keep track of it.
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is coordinated on the openssl-dev mailing list (see the
above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
OpenSSL community please discuss it on the openssl-dev mailing list first.
Someone may be already working on the same thing or there may be a good
reason as to why that feature isn't implemented.
Patches should be as up to date as possible, preferably relative to the
current Git or the last snapshot. They should follow our coding style
(see https://www.openssl.org/policies/codingstyle.html) and compile without
warnings using the --strict-warnings flag. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
may be a good reason as to why that feature isn't implemented.
Our preferred format for patch files is "git format-patch" output. For example
to provide a patch file containing the last commit in your local git repository
use the following command:
The best way to submit a patch is to make a pull request on GitHub.
(It is not necessary to send mail to rt@openssl.org to open a ticket!)
If you think the patch could use feedback from the community, please
start a thread on openssl-dev.
# git format-patch --stdout HEAD^ >mydiffs.patch
You can also submit patches by sending it as mail to rt@openssl.org.
Please include the word "PATCH" and an explanation of what the patch
does in the subject line. If you do this, our preferred format is "git
format-patch" output. For example to provide a patch file containing the
last commit in your local git repository use the following command:
% git format-patch --stdout HEAD^ >mydiffs.patch
Another method of creating an acceptable patch file without using git is as
follows:
# cd openssl-work
# [your changes]
# ./Configure dist; make clean
# cd ..
# diff -ur openssl-orig openssl-work > mydiffs.patch
% cd openssl-work
...make your changes...
% ./Configure dist; make clean
% cd ..
% diff -ur openssl-orig openssl-work >mydiffs.patch
Note that pull requests are generally easier for the team, and community, to
work with. Pull requests benefit from all of the standard GitHub features,
including code review tools, simpler integration, and CI build support.
No matter how a patch is submitted, the following items will help make
the acceptance and review process faster:
1. Anything other than trivial contributions will require a contributor
licensing agreement, giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
year(s) updated):
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
3. Patches should be as current as possible. When using GitHub, please
expect to have to rebase and update often. Note that we do not accept merge
commits. You will be asked to remove them before a patch is considered
acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
warnings. Where gcc or clang is availble you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
5. When at all possible, patches should include tests. These can either be
added to an existing test, or completely new. Please see test/README
for information on the test framework.
6. New features or changed functionality must include documentation. Please
look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
our style.

19
deps/openssl/openssl/Configure

@ -799,7 +799,7 @@ my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
@ -1082,11 +1082,6 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
$disabled{"tls1"} = "forced";
}
if (defined($disabled{"tls1"}))
{
$disabled{"tlsext"} = "forced";
}
if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
|| defined($disabled{"dh"}))
{
@ -1254,6 +1249,7 @@ my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
my $ar = $ENV{'AR'} || "ar";
my $arflags = $fields[$idx_arflags];
my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
my $multilib = $fields[$idx_multilib];
# if $prefix/lib$multilib is not an existing directory, then
@ -1562,8 +1558,15 @@ $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/);
$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
if ($rc4_obj =~ /\.o$/)
{
$cflags.=" -DRC4_ASM";
}
else
{
$rc4_obj=$rc4_enc;
}
if ($sha1_obj =~ /\.o$/)
{
# $sha1_obj=$sha1_enc;
@ -1717,12 +1720,14 @@ while (<IN>)
s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
}

22
deps/openssl/openssl/INSTALL.W32

@ -300,17 +300,17 @@
If you link with static OpenSSL libraries [those built with ms/nt.mak],
then you're expected to additionally link your application with
WS2_32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
non-interactive service applications might feel concerned about linking
with the latter two, as they are justly associated with interactive
desktop, which is not available to service processes. The toolkit is
designed to detect in which context it's currently executed, GUI,
console app or service, and act accordingly, namely whether or not to
actually make GUI calls. Additionally those who wish to
/DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and actually keep them
off service process should consider implementing and exporting from
.exe image in question own _OPENSSL_isservice not relying on USER32.DLL.
E.g., on Windows Vista and later you could:
WS2_32.LIB, GDI32.LIB, ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those
developing non-interactive service applications might feel concerned about
linking with GDI32.LIB and USER32.LIB, as they are justly associated with
interactive desktop, which is not available to service processes. The toolkit
is designed to detect in which context it's currently executed, GUI, console
app or service, and act accordingly, namely whether or not to actually make
GUI calls. Additionally those who wish to /DELAYLOAD:GDI32.DLL and
/DELAYLOAD:USER32.DLL and actually keep them off service process should
consider implementing and exporting from .exe image in question own
_OPENSSL_isservice not relying on USER32.DLL. E.g., on Windows Vista and
later you could:
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{ DWORD sess;

5
deps/openssl/openssl/Makefile

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=1.0.2h
VERSION=1.0.2i
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@ -68,6 +68,7 @@ EXE_EXT=
ARFLAGS=
AR= ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
RC= windres
NM= nm
PERL= /usr/bin/perl
TAR= tar
@ -210,6 +211,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
@ -368,6 +370,7 @@ libcrypto.pc: Makefile
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \

7
deps/openssl/openssl/Makefile.bak

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=1.0.2h
VERSION=1.0.2i
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@ -60,7 +60,7 @@ OPENSSLDIR=/usr/local/ssl
# PKCS1_CHECK - pkcs1 tests.
CC= gcc
CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS
PEX_LIBS=
EX_LIBS= -ldl
@ -68,6 +68,7 @@ EXE_EXT=
ARFLAGS=
AR= ar $(ARFLAGS) r
RANLIB= /usr/bin/ranlib
RC= windres
NM= nm
PERL= /usr/bin/perl
TAR= tar
@ -210,6 +211,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
@ -368,6 +370,7 @@ libcrypto.pc: Makefile
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \

3
deps/openssl/openssl/Makefile.org

@ -66,6 +66,7 @@ EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
RANLIB= ranlib
RC= windres
NM= nm
PERL= perl
TAR= tar
@ -208,6 +209,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
@ -366,6 +368,7 @@ libcrypto.pc: Makefile
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
echo 'enginesdir=$${libdir}/engines'; \
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \

2
deps/openssl/openssl/Makefile.shared

@ -293,7 +293,7 @@ link_a.cygwin:
fi; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
$(PERL) util/mkrc.pl $$dll_name | \
$(CROSS_COMPILE)windres -o rc.o; \
$(RC) -o rc.o; \
extras="$$extras rc.o"; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \

14
deps/openssl/openssl/NEWS

@ -5,6 +5,20 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
o SWEET32 Mitigation (CVE-2016-2183)
o OOB write in MDC2_Update() (CVE-2016-6303)
o Malformed SHA512 ticket DoS (CVE-2016-6302)
o OOB write in BN_bn2dec() (CVE-2016-2182)
o OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
o Pointer arithmetic undefined behaviour (CVE-2016-2177)
o Constant time flag not preserved in DSA signing (CVE-2016-2178)
o DTLS buffered message DoS (CVE-2016-2179)
o DTLS replay protection DoS (CVE-2016-2181)
o Certificate message OOB reads (CVE-2016-6306)
Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)

2
deps/openssl/openssl/README

@ -1,5 +1,5 @@
OpenSSL 1.0.2h 3 May 2016
OpenSSL 1.0.2i 22 Sep 2016
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

2
deps/openssl/openssl/apps/CA.pl

@ -64,7 +64,7 @@ $RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate

3
deps/openssl/openssl/apps/CA.pl.in

@ -64,7 +64,7 @@ $RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
@ -186,4 +186,3 @@ while (<IN>) {
}
}
}

9
deps/openssl/openssl/apps/app_rand.c

@ -124,16 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
char buffer[200];
#ifdef OPENSSL_SYS_WINDOWS
/*
* allocate 2 to dont_warn not to use RAND_screen() via
* -no_rand_screen option in s_client
*/
if (dont_warn != 2) {
BIO_printf(bio_e, "Loading 'screen' into random state -");
BIO_flush(bio_e);
RAND_screen();
BIO_printf(bio_e, " done\n");
}
#endif
if (file == NULL)

46
deps/openssl/openssl/apps/apps.c

@ -215,7 +215,8 @@ int args_from_file(char *file, int *argc, char **argv[])
if (arg != NULL)
OPENSSL_free(arg);
arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));
if (arg == NULL)
return 0;
*argv = arg;
num = 0;
p = buf;
@ -2374,6 +2375,8 @@ int args_verify(char ***pargs, int *pargc,
flags |= X509_V_FLAG_PARTIAL_CHAIN;
else if (!strcmp(arg, "-no_alt_chains"))
flags |= X509_V_FLAG_NO_ALT_CHAINS;
else if (!strcmp(arg, "-allow_proxy_certs"))
flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
else
return 0;
@ -3195,6 +3198,36 @@ int app_isdir(const char *name)
#endif
/* raw_read|write section */
#if defined(__VMS)
# include "vms_term_sock.h"
static int stdin_sock = -1;
static void close_stdin_sock(void)
{
TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
}
int fileno_stdin(void)
{
if (stdin_sock == -1) {
TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
atexit(close_stdin_sock);
}
return stdin_sock;
}
#else
int fileno_stdin(void)
{
return fileno(stdin);
}
#endif
int fileno_stdout(void)
{
return fileno(stdout);
}
#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
int raw_read_stdin(void *buf, int siz)
{
@ -3204,10 +3237,17 @@ int raw_read_stdin(void *buf, int siz)
else
return (-1);
}
#elif defined(__VMS)
#include <sys/socket.h>
int raw_read_stdin(void *buf, int siz)
{
return recv(fileno_stdin(), buf, siz, 0);
}
#else
int raw_read_stdin(void *buf, int siz)
{
return read(fileno(stdin), buf, siz);
return read(fileno_stdin(), buf, siz);
}
#endif
@ -3223,6 +3263,6 @@ int raw_write_stdout(const void *buf, int siz)
#else
int raw_write_stdout(const void *buf, int siz)
{
return write(fileno(stdout), buf, siz);
return write(fileno_stdout(), buf, siz);
}
#endif

2
deps/openssl/openssl/apps/apps.h

@ -375,6 +375,8 @@ void store_setup_crl_download(X509_STORE *st);
# define SERIAL_RAND_BITS 64
int app_isdir(const char *);
int fileno_stdin(void);
int fileno_stdout(void);
int raw_read_stdin(void *, int);
int raw_write_stdout(const void *, int);

23
deps/openssl/openssl/apps/ca.c

@ -2103,25 +2103,23 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
goto err;
/* We now just add it to the database */
row[DB_type] = (char *)OPENSSL_malloc(2);
tm = X509_get_notAfter(ret);
row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
row[DB_rev_date] = NULL;
/* row[DB_serial] done already */
row[DB_file] = (char *)OPENSSL_malloc(8);
row[DB_type] = OPENSSL_malloc(2);
row[DB_exp_date] = OPENSSL_malloc(tm->length + 1);
row[DB_rev_date] = OPENSSL_malloc(1);
row[DB_file] = OPENSSL_malloc(8);
row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
(row[DB_rev_date] == NULL) ||
(row[DB_file] == NULL) || (row[DB_name] == NULL)) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
}
BUF_strlcpy(row[DB_file], "unknown", 8);
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
row[DB_rev_date][0] = '\0';
strcpy(row[DB_file], "unknown");
row[DB_type][0] = 'V';
row[DB_type][1] = '\0';
@ -2307,6 +2305,7 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
j = NETSCAPE_SPKI_verify(spki, pktmp);
if (j <= 0) {
EVP_PKEY_free(pktmp);
BIO_printf(bio_err,
"signature verification failed on SPKAC public key\n");
goto err;

5
deps/openssl/openssl/apps/dgst.c

@ -243,6 +243,11 @@ int MAIN(int argc, char **argv)
argv++;
}
if (keyfile != NULL && argc > 1) {
BIO_printf(bio_err, "Can only sign or verify one file\n");
goto end;
}
if (do_verify && !sigfile) {
BIO_printf(bio_err,
"No signature to verify: use the -signature option\n");

2
deps/openssl/openssl/apps/enc.c

@ -509,7 +509,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
} else if (RAND_bytes(salt, sizeof salt) <= 0)
goto end;
/*
* If -P option then don't bother writing

2
deps/openssl/openssl/apps/makeapps.com

@ -186,7 +186,7 @@ $ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+-
"CIPHERS,NSEQ,PKCS12,PKCS8,PKEY,PKEYPARAM,PKEYUTL,"+ -
"SPKAC,SMIME,CMS,RAND,ENGINE,OCSP,PRIME,TS,SRP"
$!
$ LIB_OPENSSL = LIB_OPENSSL+ ",VMS_DECC_INIT"
$ LIB_OPENSSL = LIB_OPENSSL+ ",VMS_DECC_INIT,VMS_TERM_SOCK"
$!
$ TCPIP_PROGRAMS = ",,"
$ IF COMPILER .EQS. "VAXC" THEN -

4
deps/openssl/openssl/apps/passwd.c

@ -416,7 +416,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (*salt_malloc_p == NULL)
goto err;
}
if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
goto err;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
@ -437,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (*salt_malloc_p == NULL)
goto err;
}
if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
goto err;
for (i = 0; i < 8; i++)

81
deps/openssl/openssl/apps/pkcs12.c

@ -832,6 +832,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
int ret = 0;
switch (M_PKCS12_bag_type(bag)) {
case NID_keyBag:
@ -844,7 +845,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
if (!(pkey = EVP_PKCS82PKEY(p8)))
return 0;
print_attribs(out, p8->attributes, "Key Attributes");
PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
@ -864,7 +865,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
}
print_attribs(out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
@ -884,7 +885,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
if (!(x509 = PKCS12_certbag2x509(bag)))
return 0;
dump_cert_text(out, x509);
PEM_write_bio_X509(out, x509);
ret = PEM_write_bio_X509(out, x509);
X509_free(x509);
break;
@ -902,7 +903,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
return 1;
break;
}
return 1;
return ret;
}
/* Given a single certificate return a verified chain or NULL if error */
@ -931,16 +932,70 @@ static int get_cert_chain(X509 *cert, X509_STORE *store,
int alg_print(BIO *x, X509_ALGOR *alg)
{
PBEPARAM *pbe;
const unsigned char *p;
p = alg->parameter->value.sequence->data;
pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
if (!pbe)
return 1;
BIO_printf(bio_err, "%s, Iteration %ld\n",
OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
ASN1_INTEGER_get(pbe->iter));
int pbenid, aparamtype;
ASN1_OBJECT *aoid;
void *aparam;
PBEPARAM *pbe = NULL;
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
pbenid = OBJ_obj2nid(aoid);
BIO_printf(x, "%s", OBJ_nid2ln(pbenid));
/*
* If PBE algorithm is PBES2 decode algorithm parameters
* for additional details.
*/
if (pbenid == NID_pbes2) {
PBE2PARAM *pbe2 = NULL;
int encnid;
if (aparamtype == V_ASN1_SEQUENCE)
pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
if (pbe2 == NULL) {
BIO_puts(x, "<unsupported parameters>");
goto done;
}
X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
pbenid = OBJ_obj2nid(aoid);
X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
encnid = OBJ_obj2nid(aoid);
BIO_printf(x, ", %s, %s", OBJ_nid2ln(pbenid),
OBJ_nid2sn(encnid));
/* If KDF is PBKDF2 decode parameters */
if (pbenid == NID_id_pbkdf2) {
PBKDF2PARAM *kdf = NULL;
int prfnid;
if (aparamtype == V_ASN1_SEQUENCE)
kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
if (kdf == NULL) {
BIO_puts(x, "<unsupported parameters>");
goto done;
}
if (kdf->prf == NULL) {
prfnid = NID_hmacWithSHA1;
} else {
X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
prfnid = OBJ_obj2nid(aoid);
}
BIO_printf(x, ", Iteration %ld, PRF %s",
ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
PBKDF2PARAM_free(kdf);
}
PBE2PARAM_free(pbe2);
} else {
if (aparamtype == V_ASN1_SEQUENCE)
pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
if (pbe == NULL) {
BIO_puts(x, "<unsupported parameters>");
goto done;
}
BIO_printf(x, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
PBEPARAM_free(pbe);
}
done:
BIO_puts(x, "\n");
return 1;
}

14
deps/openssl/openssl/apps/req.c

@ -332,9 +332,10 @@ int MAIN(int argc, char **argv)
subject = 1;
else if (strcmp(*argv, "-text") == 0)
text = 1;
else if (strcmp(*argv, "-x509") == 0)
else if (strcmp(*argv, "-x509") == 0) {
newreq = 1;
x509 = 1;
else if (strcmp(*argv, "-asn1-kludge") == 0)
} else if (strcmp(*argv, "-asn1-kludge") == 0)
kludge = 1;
else if (strcmp(*argv, "-no-asn1-kludge") == 0)
kludge = 0;
@ -756,7 +757,7 @@ int MAIN(int argc, char **argv)
}
}
if (newreq || x509) {
if (newreq) {
if (pkey == NULL) {
BIO_printf(bio_err, "you need to specify a private key\n");
goto end;
@ -1331,12 +1332,11 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
break;
}
#ifndef CHARSET_EBCDIC
if (*p == '+')
if (*type == '+') {
#else
if (*p == os_toascii['+'])
if (*type == os_toascii['+']) {
#endif
{
p++;
type++;
mval = -1;
} else
mval = 0;

3
deps/openssl/openssl/apps/s_apps.h

@ -199,7 +199,8 @@ int load_excert(SSL_EXCERT **pexc, BIO *err);
void print_ssl_summary(BIO *bio, SSL *s);
#ifdef HEADER_SSL_H
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr);
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr,
int *no_prot_opt);
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake);
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,

9
deps/openssl/openssl/apps/s_cb.c

@ -1507,11 +1507,18 @@ void print_ssl_summary(BIO *bio, SSL *s)
}
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr,
int *no_prot_opt)
{
char *arg = **pargs, *argn = (*pargs)[1];
int rv;
if (strcmp(arg, "-no_ssl2") == 0 || strcmp(arg, "-no_ssl3") == 0
|| strcmp(arg, "-no_tls1") == 0 || strcmp(arg, "-no_tls1_1") == 0
|| strcmp(arg, "-no_tls1_2") == 0) {
*no_prot_opt = 1;
}
/* Attempt to run SSL configuration command */
rv = SSL_CONF_cmd_argv(cctx, pargc, pargs);
/* If parameter not recognised just return */

121
deps/openssl/openssl/apps/s_client.c

@ -180,13 +180,6 @@ typedef unsigned int u_int;
# include <fcntl.h>
#endif
/* Use Windows API with STD_INPUT_HANDLE when checking for input?
Don't look at OPENSSL_SYS_MSDOS for this, since it is always defined if
OPENSSL_SYS_WINDOWS is defined */
#if defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WINCE) && defined(STD_INPUT_HANDLE)
#define OPENSSL_USE_STD_INPUT_HANDLE
#endif
#undef PROG
#define PROG s_client_main
@ -236,7 +229,6 @@ static BIO *bio_c_msg = NULL;
static int c_quiet = 0;
static int c_ign_eof = 0;
static int c_brief = 0;
static int c_no_rand_screen = 0;
#ifndef OPENSSL_NO_PSK
/* Default PSK identity and key */
@ -250,9 +242,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
unsigned char *psk,
unsigned int max_psk_len)
{
unsigned int psk_len = 0;
int ret;
BIGNUM *bn = NULL;
long key_len;
unsigned char *key;
if (c_debug)
BIO_printf(bio_c_out, "psk_client_cb\n");
@ -273,32 +265,29 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
if (c_debug)
BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
ret);
ret = BN_hex2bn(&bn, psk_key);
if (!ret) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
/* convert the PSK key to binary */
key = string_to_hex(psk_key, &key_len);
if (key == NULL) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
psk_key);
if (bn)
BN_free(bn);
return 0;
}
if ((unsigned int)BN_num_bytes(bn) > max_psk_len) {
if ((unsigned long)key_len > (unsigned long)max_psk_len) {
BIO_printf(bio_err,
"psk buffer of callback is too small (%d) for key (%d)\n",
max_psk_len, BN_num_bytes(bn));
BN_free(bn);
"psk buffer of callback is too small (%d) for key (%ld)\n",
max_psk_len, key_len);
OPENSSL_free(key);
return 0;
}
psk_len = BN_bn2bin(bn, psk);
BN_free(bn);
if (psk_len == 0)
goto out_err;
memcpy(psk, key, key_len);
OPENSSL_free(key);
if (c_debug)
BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len);
return psk_len;
return key_len;
out_err:
if (c_debug)
BIO_printf(bio_err, "Error in PSK client callback\n");
@ -455,10 +444,6 @@ static void sc_usage(void)
" -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err,
" -keymatexportlen len - Export len bytes of keying material (default 20)\n");
#ifdef OPENSSL_SYS_WINDOWS
BIO_printf(bio_err,
" -no_rand_screen - Do not use RAND_screen() to initialize random state\n");
#endif
}
#ifndef OPENSSL_NO_TLSEXT
@ -759,6 +744,7 @@ int MAIN(int argc, char **argv)
int crl_format = FORMAT_PEM;
int crl_download = 0;
STACK_OF(X509_CRL) *crls = NULL;
int prot_opt = 0, no_prot_opt = 0;
meth = SSLv23_client_method();
@ -862,7 +848,8 @@ int MAIN(int argc, char **argv)
if (badarg)
goto bad;
continue;
} else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args)) {
} else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args,
&no_prot_opt)) {
if (badarg)
goto bad;
continue;
@ -954,31 +941,42 @@ int MAIN(int argc, char **argv)
}
#endif
#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv, "-ssl2") == 0)
else if (strcmp(*argv, "-ssl2") == 0) {
meth = SSLv2_client_method();
prot_opt++;
}
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv, "-ssl3") == 0)
else if (strcmp(*argv, "-ssl3") == 0) {
meth = SSLv3_client_method();
prot_opt++;
}
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv, "-tls1_2") == 0)
else if (strcmp(*argv, "-tls1_2") == 0) {
meth = TLSv1_2_client_method();
else if (strcmp(*argv, "-tls1_1") == 0)
prot_opt++;
} else if (strcmp(*argv, "-tls1_1") == 0) {
meth = TLSv1_1_client_method();
else if (strcmp(*argv, "-tls1") == 0)
prot_opt++;
} else if (strcmp(*argv, "-tls1") == 0) {
meth = TLSv1_client_method();
prot_opt++;
}
#endif
#ifndef OPENSSL_NO_DTLS1
else if (strcmp(*argv, "-dtls") == 0) {
meth = DTLS_client_method();
socket_type = SOCK_DGRAM;
prot_opt++;
} else if (strcmp(*argv, "-dtls1") == 0) {
meth = DTLSv1_client_method();
socket_type = SOCK_DGRAM;
prot_opt++;
} else if (strcmp(*argv, "-dtls1_2") == 0) {
meth = DTLSv1_2_client_method();
socket_type = SOCK_DGRAM;
prot_opt++;
} else if (strcmp(*argv, "-timeout") == 0)
enable_timeouts = 1;
else if (strcmp(*argv, "-mtu") == 0) {
@ -1138,10 +1136,6 @@ int MAIN(int argc, char **argv)
keymatexportlen = atoi(*(++argv));
if (keymatexportlen == 0)
goto bad;
#ifdef OPENSSL_SYS_WINDOWS
} else if (strcmp(*argv, "-no_rand_screen") == 0) {
c_no_rand_screen = 1;
#endif
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
@ -1165,6 +1159,17 @@ int MAIN(int argc, char **argv)
}
#endif
if (prot_opt > 1) {
BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
goto end;
}
if (prot_opt == 1 && no_prot_opt) {
BIO_printf(bio_err, "Cannot supply both a protocol flag and "
"\"-no_<prot>\"\n");
goto end;
}
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
@ -1247,7 +1252,7 @@ int MAIN(int argc, char **argv)
if (!load_excert(&exc, bio_err))
goto end;
if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status()) {
BIO_printf(bio_err,
"warning, not much extra random data, consider using the -rand option\n");
@ -1556,6 +1561,9 @@ int MAIN(int argc, char **argv)
SSL_set_connect_state(con);
/* ok, lets connect */
if (fileno_stdin() > SSL_get_fd(con))
width = fileno_stdin() + 1;
else
width = SSL_get_fd(con) + 1;
read_tty = 1;
@ -1739,9 +1747,11 @@ int MAIN(int argc, char **argv)
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5)
if (tty_on) {
if (read_tty)
openssl_fdset(fileno(stdin), &readfds);
openssl_fdset(fileno_stdin(), &readfds);
#if !defined(OPENSSL_SYS_VMS)
if (write_tty)
openssl_fdset(fileno(stdout), &writefds);
openssl_fdset(fileno_stdout(), &writefds);
#endif
}
if (read_ssl)
openssl_fdset(SSL_get_fd(con), &readfds);
@ -1780,7 +1790,10 @@ int MAIN(int argc, char **argv)
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, &tv);
#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
if (!i && (!_kbhit() || !read_tty))
continue;
# else
if (!i && (!((_kbhit())
|| (WAIT_OBJECT_0 ==
WaitForSingleObject(GetStdHandle
@ -1788,8 +1801,6 @@ int MAIN(int argc, char **argv)
0)))
|| !read_tty))
continue;
#else
if(!i && (!_kbhit() || !read_tty) ) continue;
# endif
} else
i = select(width, (void *)&readfds, (void *)&writefds,
@ -1810,14 +1821,14 @@ int MAIN(int argc, char **argv)
/* Under BeOS-R5 the situation is similar to DOS */
i = 0;
stdin_set = 0;
(void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
(void)fcntl(fileno_stdin(), F_SETFL, O_NONBLOCK);
if (!write_tty) {
if (read_tty) {
tv.tv_sec = 1;
tv.tv_usec = 0;
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, &tv);
if (read(fileno(stdin), sbuf, 0) >= 0)
if (read(fileno_stdin(), sbuf, 0) >= 0)
stdin_set = 1;
if (!i && (stdin_set != 1 || !read_tty))
continue;
@ -1825,7 +1836,7 @@ int MAIN(int argc, char **argv)
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, timeoutp);
}
(void)fcntl(fileno(stdin), F_SETFL, 0);
(void)fcntl(fileno_stdin(), F_SETFL, 0);
#else
i = select(width, (void *)&readfds, (void *)&writefds,
NULL, timeoutp);
@ -1901,11 +1912,11 @@ int MAIN(int argc, char **argv)
goto shut;
}
}
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) || defined(OPENSSL_SYS_VMS)
/* Assume Windows/DOS/BeOS can always write */
else if (!ssl_pending && write_tty)
#else
else if (!ssl_pending && FD_ISSET(fileno(stdout), &writefds))
else if (!ssl_pending && FD_ISSET(fileno_stdout(), &writefds))
#endif
{
#ifdef CHARSET_EBCDIC
@ -1991,19 +2002,19 @@ int MAIN(int argc, char **argv)
}
}
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
else if (_kbhit())
# else
else if ((_kbhit())
|| (WAIT_OBJECT_0 ==
WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
#else
else if (_kbhit())
# endif
#elif defined (OPENSSL_SYS_NETWARE)
else if (_kbhit())
#elif defined(OPENSSL_SYS_BEOS_R5)
else if (stdin_set)
#else
else if (FD_ISSET(fileno(stdin), &readfds))
else if (FD_ISSET(fileno_stdin(), &readfds))
#endif
{
if (crlf) {

74
deps/openssl/openssl/apps/s_server.c

@ -353,9 +353,8 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len)
{
unsigned int psk_len = 0;
int ret;
BIGNUM *bn = NULL;
long key_len = 0;
unsigned char *key;
if (s_debug)
BIO_printf(bio_s_out, "psk_server_cb\n");
@ -377,32 +376,26 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
BIO_printf(bio_s_out, "PSK client identity found\n");
/* convert the PSK key to binary */
ret = BN_hex2bn(&bn, psk_key);
if (!ret) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
key = string_to_hex(psk_key, &key_len);
if (key == NULL) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
psk_key);
if (bn)
BN_free(bn);
return 0;
}
if (BN_num_bytes(bn) > (int)max_psk_len) {
if (key_len > (int)max_psk_len) {
BIO_printf(bio_err,
"psk buffer of callback is too small (%d) for key (%d)\n",
max_psk_len, BN_num_bytes(bn));
BN_free(bn);
"psk buffer of callback is too small (%d) for key (%ld)\n",
max_psk_len, key_len);
OPENSSL_free(key);
return 0;
}
ret = BN_bn2bin(bn, psk);
BN_free(bn);
if (ret < 0)
goto out_err;
psk_len = (unsigned int)ret;
memcpy(psk, key, key_len);
OPENSSL_free(key);
if (s_debug)
BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
return psk_len;
BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
return key_len;
out_err:
if (s_debug)
BIO_printf(bio_err, "Error in PSK server callback\n");
@ -1144,6 +1137,7 @@ int MAIN(int argc, char *argv[])
int crl_format = FORMAT_PEM;
int crl_download = 0;
STACK_OF(X509_CRL) *crls = NULL;
int prot_opt = 0, no_prot_opt = 0;
meth = SSLv23_server_method();
@ -1307,7 +1301,8 @@ int MAIN(int argc, char *argv[])
if (badarg)
goto bad;
continue;
} else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args)) {
} else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args,
&no_prot_opt)) {
if (badarg)
goto bad;
continue;
@ -1451,32 +1446,40 @@ int MAIN(int argc, char *argv[])
else if (strcmp(*argv, "-ssl2") == 0) {
no_ecdhe = 1;
meth = SSLv2_server_method();
prot_opt++;
}
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv, "-ssl3") == 0) {
meth = SSLv3_server_method();
prot_opt++;
}
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv, "-tls1") == 0) {
meth = TLSv1_server_method();
prot_opt++;
} else if (strcmp(*argv, "-tls1_1") == 0) {
meth = TLSv1_1_server_method();
prot_opt++;
} else if (strcmp(*argv, "-tls1_2") == 0) {
meth = TLSv1_2_server_method();
prot_opt++;
}
#endif
#ifndef OPENSSL_NO_DTLS1
else if (strcmp(*argv, "-dtls") == 0) {
meth = DTLS_server_method();
socket_type = SOCK_DGRAM;
prot_opt++;
} else if (strcmp(*argv, "-dtls1") == 0) {
meth = DTLSv1_server_method();
socket_type = SOCK_DGRAM;
prot_opt++;
} else if (strcmp(*argv, "-dtls1_2") == 0) {
meth = DTLSv1_2_server_method();
socket_type = SOCK_DGRAM;
prot_opt++;
} else if (strcmp(*argv, "-timeout") == 0)
enable_timeouts = 1;
else if (strcmp(*argv, "-mtu") == 0) {
@ -1586,6 +1589,17 @@ int MAIN(int argc, char *argv[])
}
#endif
if (prot_opt > 1) {
BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
goto end;
}
if (prot_opt == 1 && no_prot_opt) {
BIO_printf(bio_err, "Cannot supply both a protocol flag and "
"\"-no_<prot>\"\n");
goto end;
}
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
@ -2293,6 +2307,9 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
}
#endif
if (fileno_stdin() > s)
width = fileno_stdin() + 1;
else
width = s + 1;
for (;;) {
int read_from_terminal;
@ -2304,7 +2321,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
if (!read_from_sslcon) {
FD_ZERO(&readfds);
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5)
openssl_fdset(fileno(stdin), &readfds);
openssl_fdset(fileno_stdin(), &readfds);
#endif
openssl_fdset(s, &readfds);
/*
@ -2332,13 +2349,13 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
/* Under BeOS-R5 the situation is similar to DOS */
tv.tv_sec = 1;
tv.tv_usec = 0;
(void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
(void)fcntl(fileno_stdin(), F_SETFL, O_NONBLOCK);
i = select(width, (void *)&readfds, NULL, NULL, &tv);
if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0))
if ((i < 0) || (!i && read(fileno_stdin(), buf, 0) < 0))
continue;
if (read(fileno(stdin), buf, 0) >= 0)
if (read(fileno_stdin(), buf, 0) >= 0)
read_from_terminal = 1;
(void)fcntl(fileno(stdin), F_SETFL, 0);
(void)fcntl(fileno_stdin(), F_SETFL, 0);
#else
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
@ -2355,7 +2372,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
if (i <= 0)
continue;
if (FD_ISSET(fileno(stdin), &readfds))
if (FD_ISSET(fileno_stdin(), &readfds))
read_from_terminal = 1;
#endif
if (FD_ISSET(s, &readfds))
@ -2382,6 +2399,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
assert(lf_num == 0);
} else
i = raw_read_stdin(buf, bufsize);
if (!s_quiet && !s_brief) {
if ((i <= 0) || (buf[0] == 'Q')) {
BIO_printf(bio_s_out, "DONE\n");
@ -3371,7 +3389,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
{
unsigned int count = 0;
do {
if (RAND_pseudo_bytes(id, *id_len) < 0)
if (RAND_bytes(id, *id_len) <= 0)
return 0;
/*
* Prefix the session_id with the required prefix. NB: If our prefix

4
deps/openssl/openssl/apps/speed.c

@ -2614,6 +2614,10 @@ static int do_multi(int multi)
static char sep[] = ":";
fds = malloc(multi * sizeof *fds);
if (fds == NULL) {
fprintf(stderr, "Out of memory in speed (do_multi)\n");
exit(1);
}
for (n = 0; n < multi; ++n) {
if (pipe(fd) == -1) {
fprintf(stderr, "pipe failure\n");

2
deps/openssl/openssl/apps/srp.c

@ -765,4 +765,6 @@ int MAIN(int argc, char **argv)
OPENSSL_EXIT(ret);
}
#else
static void *dummy = &dummy;
#endif

21
deps/openssl/openssl/apps/verify.c

@ -115,43 +115,43 @@ int MAIN(int argc, char **argv)
if (argc >= 1) {
if (strcmp(*argv, "-CApath") == 0) {
if (argc-- < 1)
goto end;
goto usage;
CApath = *(++argv);
} else if (strcmp(*argv, "-CAfile") == 0) {
if (argc-- < 1)
goto end;
goto usage;
CAfile = *(++argv);
} else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
if (badarg)
goto end;
goto usage;
continue;
} else if (strcmp(*argv, "-untrusted") == 0) {
if (argc-- < 1)
goto end;
goto usage;
untfile = *(++argv);
} else if (strcmp(*argv, "-trusted") == 0) {
if (argc-- < 1)
goto end;
goto usage;
trustfile = *(++argv);
} else if (strcmp(*argv, "-CRLfile") == 0) {
if (argc-- < 1)
goto end;
goto usage;
crlfile = *(++argv);
} else if (strcmp(*argv, "-crl_download") == 0)
crl_download = 1;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
goto end;
goto usage;
engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-help") == 0)
goto end;
goto usage;
else if (strcmp(*argv, "-verbose") == 0)
v_verbose = 1;
else if (argv[0][0] == '-')
goto end;
goto usage;
else
break;
argc--;
@ -228,7 +228,7 @@ int MAIN(int argc, char **argv)
ret = -1;
}
end:
usage:
if (ret == 1) {
BIO_printf(bio_err,
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
@ -247,6 +247,7 @@ int MAIN(int argc, char **argv)
X509_PURPOSE_get0_name(ptmp));
}
}
end:
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (cert_ctx != NULL)

590
deps/openssl/openssl/apps/vms_term_sock.c

@ -0,0 +1,590 @@
/*
* Copyright 2016 VMS Software, Inc. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifdef __VMS
# define OPENSSL_SYS_VMS
# pragma message disable DOLLARID
# include <openssl/opensslconf.h>
# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
/*
* On VMS, you need to define this to get the declaration of fileno(). The
* value 2 is to make sure no function defined in POSIX-2 is left undefined.
*/
# define _POSIX_C_SOURCE 2
# endif
# include <stdio.h>
# undef _POSIX_C_SOURCE
# include <sys/types.h>
# include <sys/socket.h>
# include <netinet/in.h>
# include <inet.h>
# include <unistd.h>
# include <string.h>
# include <errno.h>
# include <starlet.h>
# include <iodef.h>
# ifdef __alpha
# include <iosbdef.h>
# else
typedef struct _iosb { /* Copied from IOSBDEF.H for Alpha */
# pragma __nomember_alignment
__union {
__struct {
unsigned short int iosb$w_status; /* Final I/O status */
__union {
__struct { /* 16-bit byte count variant */
unsigned short int iosb$w_bcnt; /* 16-bit byte count */
__union {
unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */
unsigned int iosb$l_pid; /* 32-bit pid */
} iosb$r_l;
} iosb$r_bcnt_16;
__struct { /* 32-bit byte count variant */
unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */
unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */
} iosb$r_bcnt_32;
} iosb$r_devdepend;
} iosb$r_io_64;
__struct {
__union {
unsigned int iosb$l_getxxi_status; /* Final GETxxI status */
unsigned int iosb$l_reg_status; /* Final $Registry status */
} iosb$r_l_status;
unsigned int iosb$l_reserved; /* Reserved field */
} iosb$r_get_64;
} iosb$r_io_get;
} IOSB;
# if !defined(__VAXC)
# define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status
# define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt
# define iosb$r_l iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l
# define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend
# define iosb$l_pid iosb$r_l.iosb$l_pid
# define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt
# define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high
# define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status
# define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status
# endif /* #if !defined(__VAXC) */
# endif /* End of IOSBDEF */
# include <efndef.h>
# include <stdlib.h>
# include <ssdef.h>
# include <time.h>
# include <stdarg.h>
# include <descrip.h>
# include "vms_term_sock.h"
# ifdef __alpha
static struct _iosb TerminalDeviceIosb;
# else
IOSB TerminalDeviceIosb;
# endif
static char TerminalDeviceBuff[255 + 2];
static int TerminalSocketPair[2] = {0, 0};
static unsigned short TerminalDeviceChan = 0;
static int CreateSocketPair (int, int, int, int *);
static void SocketPairTimeoutAst (int);
static int TerminalDeviceAst (int);
static void LogMessage (char *, ...);
/*
** Socket Pair Timeout Value (must be 0-59 seconds)
*/
# define SOCKET_PAIR_TIMEOUT_VALUE 20
/*
** Socket Pair Timeout Block which is passed to timeout AST
*/
typedef struct _SocketPairTimeoutBlock {
unsigned short SockChan1;
unsigned short SockChan2;
} SPTB;
# ifdef TERM_SOCK_TEST
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
int main (int argc, char *argv[], char *envp[])
{
char TermBuff[80];
int TermSock,
status,
len;
LogMessage ("Enter 'q' or 'Q' to quit ...");
while (strcasecmp (TermBuff, "Q")) {
/*
** Create the terminal socket
*/
status = TerminalSocket (TERM_SOCK_CREATE, &TermSock);
if (status != TERM_SOCK_SUCCESS)
exit (1);
/*
** Process the terminal input
*/
LogMessage ("Waiting on terminal I/O ...\n");
len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ;
TermBuff[len] = '\0';
LogMessage ("Received terminal I/O [%s]", TermBuff);
/*
** Delete the terminal socket
*/
status = TerminalSocket (TERM_SOCK_DELETE, &TermSock);
if (status != TERM_SOCK_SUCCESS)
exit (1);
}
return 1;
}
# endif
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
int TerminalSocket (int FunctionCode, int *ReturnSocket)
{
int status;
$DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND");
/*
** Process the requested function code
*/
switch (FunctionCode) {
case TERM_SOCK_CREATE:
/*
** Create a socket pair
*/
status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair);
if (status == -1) {
LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status);
if (TerminalSocketPair[0])
close (TerminalSocketPair[0]);
if (TerminalSocketPair[1])
close (TerminalSocketPair[1]);
return (TERM_SOCK_FAILURE);
}
/*
** Assign a channel to the terminal device
*/
status = sys$assign (&TerminalDeviceDesc,
&TerminalDeviceChan,
0, 0, 0);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status);
close (TerminalSocketPair[0]);
close (TerminalSocketPair[1]);
return (TERM_SOCK_FAILURE);
}
/*
** Queue an async IO to the terminal device
*/
status = sys$qio (EFN$C_ENF,
TerminalDeviceChan,
IO$_READVBLK,
&TerminalDeviceIosb,
TerminalDeviceAst,
0,
TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 2,
0, 0, 0, 0);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$QIO () - %08X", status);
close (TerminalSocketPair[0]);
close (TerminalSocketPair[1]);
return (TERM_SOCK_FAILURE);
}
/*
** Return the input side of the socket pair
*/
*ReturnSocket = TerminalSocketPair[1];
break;
case TERM_SOCK_DELETE:
/*
** Cancel any pending IO on the terminal channel
*/
status = sys$cancel (TerminalDeviceChan);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status);
close (TerminalSocketPair[0]);
close (TerminalSocketPair[1]);
return (TERM_SOCK_FAILURE);
}
/*
** Deassign the terminal channel
*/
status = sys$dassgn (TerminalDeviceChan);
if (! (status & 1)) {
LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status);
close (TerminalSocketPair[0]);
close (TerminalSocketPair[1]);
return (TERM_SOCK_FAILURE);
}
/*
** Close the terminal socket pair
*/
close (TerminalSocketPair[0]);
close (TerminalSocketPair[1]);
/*
** Return the initialized socket
*/
*ReturnSocket = 0;
break;
default:
/*
** Invalid function code
*/
LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode);
return (TERM_SOCK_FAILURE);
break;
}
/*
** Return success
*/
return (TERM_SOCK_SUCCESS);
}
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
static int CreateSocketPair (int SocketFamily,
int SocketType,
int SocketProtocol,
int *SocketPair)
{
struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL};
static const char* LocalHostAddr = {"127.0.0.1"};
unsigned short TcpAcceptChan = 0,
TcpDeviceChan = 0;
unsigned long BinTimeBuff[2];
struct sockaddr_in sin;
char AscTimeBuff[32];
short LocalHostPort;
int status;
unsigned int slen;
# ifdef __alpha
struct _iosb iosb;
# else
IOSB iosb;
# endif
int SockDesc1 = 0,
SockDesc2 = 0;
SPTB sptb;
$DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE");
/*
** Create a socket
*/
SockDesc1 = socket (SocketFamily, SocketType, 0);
if (SockDesc1 < 0) {
LogMessage ("CreateSocketPair: socket () - %d", errno);
return (-1);
}
/*
** Initialize the socket information
*/
slen = sizeof (sin);
memset ((char *) &sin, 0, slen);
sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr);
sin.sin_port = 0;
/*
** Bind the socket to the local IP
*/
status = bind (SockDesc1, (struct sockaddr *) &sin, slen);
if (status < 0) {
LogMessage ("CreateSocketPair: bind () - %d", errno);
close (SockDesc1);
return (-1);
}
/*
** Get the socket name so we can save the port number
*/
status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen);
if (status < 0) {
LogMessage ("CreateSocketPair: getsockname () - %d", errno);
close (SockDesc1);
return (-1);
} else
LocalHostPort = sin.sin_port;
/*
** Setup a listen for the socket
*/
listen (SockDesc1, 5);
/*
** Get the binary (64-bit) time of the specified timeout value
*/
sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
AscTimeDesc.dsc$a_pointer = AscTimeBuff;
status = sys$bintim (&AscTimeDesc, BinTimeBuff);
if (! (status & 1)) {
LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status);
close (SockDesc1);
return (-1);
}
/*
** Assign another channel to the TCP/IP device for the accept.
** This is the channel that ends up being connected to.
*/
status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0);
if (! (status & 1)) {
LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status);
close (SockDesc1);
return (-1);
}
/*
** Get the channel of the first socket for the accept
*/
TcpAcceptChan = decc$get_sdc (SockDesc1);
/*
** Perform the accept using $QIO so we can do this asynchronously
*/
status = sys$qio (EFN$C_ENF,
TcpAcceptChan,
IO$_ACCESS | IO$M_ACCEPT,
&iosb,
0, 0, 0, 0, 0,
&TcpDeviceChan,
0, 0);
if (! (status & 1)) {
LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status);
close (SockDesc1);
sys$dassgn (TcpDeviceChan);
return (-1);
}
/*
** Create the second socket to do the connect
*/
SockDesc2 = socket (SocketFamily, SocketType, 0);
if (SockDesc2 < 0) {
LogMessage ("CreateSocketPair: socket () - %d", errno);
sys$cancel (TcpAcceptChan);
close (SockDesc1);
sys$dassgn (TcpDeviceChan);
return (-1) ;
}
/*
** Setup the Socket Pair Timeout Block
*/
sptb.SockChan1 = TcpAcceptChan;
sptb.SockChan2 = decc$get_sdc (SockDesc2);
/*
** Before we block on the connect, set a timer that can cancel I/O on our
** two sockets if it never connects.
*/
status = sys$setimr (EFN$C_ENF,
BinTimeBuff,
SocketPairTimeoutAst,
&sptb,
0);
if (! (status & 1)) {
LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status);
sys$cancel (TcpAcceptChan);
close (SockDesc1);
close (SockDesc2);
sys$dassgn (TcpDeviceChan);
return (-1);
}
/*
** Now issue the connect
*/
memset ((char *) &sin, 0, sizeof (sin)) ;
sin.sin_family = SocketFamily;
sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ;
sin.sin_port = LocalHostPort ;
status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin));
if (status < 0 ) {
LogMessage ("CreateSocketPair: connect () - %d", errno);
sys$cantim (&sptb, 0);
sys$cancel (TcpAcceptChan);
close (SockDesc1);
close (SockDesc2);
sys$dassgn (TcpDeviceChan);
return (-1);
}
/*
** Wait for the asynch $QIO to finish. Note that if the I/O was aborted
** (SS$_ABORT), then we probably canceled it from the AST routine - so log
** a timeout.
*/
status = sys$synch (EFN$C_ENF, &iosb);
if (! (iosb.iosb$w_status & 1)) {
if (iosb.iosb$w_status == SS$_ABORT)
LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout");
else {
LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d",
iosb.iosb$w_status);
sys$cantim (&sptb, 0);
}
close (SockDesc1);
close (SockDesc2);
sys$dassgn (TcpDeviceChan);
return (-1);
}
/*
** Here we're successfully connected, so cancel the timer, convert the
** I/O channel to a socket fd, close the listener socket and return the
** connected pair.
*/
sys$cantim (&sptb, 0);
close (SockDesc1) ;
SocketPair[0] = SockDesc2 ;
SocketPair[1] = socket_fd (TcpDeviceChan);
return (0) ;
}
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
static void SocketPairTimeoutAst (int astparm)
{
SPTB *sptb = (SPTB *) astparm;
sys$cancel (sptb->SockChan2); /* Cancel the connect() */
sys$cancel (sptb->SockChan1); /* Cancel the accept() */
return;
}
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
static int TerminalDeviceAst (int astparm)
{
int status;
/*
** Terminate the terminal buffer
*/
TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0';
strcat (TerminalDeviceBuff, "\n");
/*
** Send the data read from the terminal device throught the socket pair
*/
send (TerminalSocketPair[0], TerminalDeviceBuff,
TerminalDeviceIosb.iosb$w_bcnt + 1, 0);
/*
** Queue another async IO to the terminal device
*/
status = sys$qio (EFN$C_ENF,
TerminalDeviceChan,
IO$_READVBLK,
&TerminalDeviceIosb,
TerminalDeviceAst,
0,
TerminalDeviceBuff,
sizeof (TerminalDeviceBuff) - 1,
0, 0, 0, 0);
/*
** Return status
*/
return status;
}
/*----------------------------------------------------------------------------*/
/* */
/*----------------------------------------------------------------------------*/
static void LogMessage (char *msg, ...)
{
char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
static unsigned int pid = 0;
va_list args;
time_t CurTime;
struct tm *LocTime;
char MsgBuff[256];
/*
** Get the process pid
*/
if (pid == 0)
pid = getpid ();
/*
** Convert the current time into local time
*/
CurTime = time (NULL);
LocTime = localtime (&CurTime);
/*
** Format the message buffer
*/
sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
LocTime->tm_mday, Month[LocTime->tm_mon],
(LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
LocTime->tm_sec, pid, msg);
/*
** Get any variable arguments and add them to the print of the message
** buffer
*/
va_start (args, msg);
vfprintf (stderr, MsgBuff, args);
va_end (args);
/*
** Flush standard error output
*/
fsync (fileno (stderr));
return;
}
#endif

30
deps/openssl/openssl/apps/vms_term_sock.h

@ -0,0 +1,30 @@
/*
* Copyright 2016 VMS Software, Inc. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef TERM_SOCK_H
# define TERM_SOCK_H
/*
** Terminal Socket Function Codes
*/
# define TERM_SOCK_CREATE 1
# define TERM_SOCK_DELETE 2
/*
** Terminal Socket Status Codes
*/
# define TERM_SOCK_FAILURE 0
# define TERM_SOCK_SUCCESS 1
/*
** Terminal Socket Prototype
*/
int TerminalSocket (int FunctionCode, int *ReturnSocket);
#endif

6
deps/openssl/openssl/apps/x509.c

@ -1105,6 +1105,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
EVP_PKEY *upkey;
upkey = X509_get_pubkey(xca);
if (upkey == NULL) {
BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
goto end;
}
EVP_PKEY_copy_parameters(upkey, pkey);
EVP_PKEY_free(upkey);
@ -1217,6 +1221,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x);
if (pktmp == NULL)
goto err;
EVP_PKEY_copy_parameters(pktmp, pkey);
EVP_PKEY_save_parameters(pktmp, 1);
EVP_PKEY_free(pktmp);

3
deps/openssl/openssl/crypto/LPdir_nyi.c

@ -1,6 +1,3 @@
/*
* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
*/
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.

4
deps/openssl/openssl/crypto/LPdir_unix.c

@ -1,7 +1,3 @@
/*
* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
* $
*/
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.

4
deps/openssl/openssl/crypto/LPdir_win32.c

@ -1,7 +1,3 @@
/*
* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
* $
*/
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.

4
deps/openssl/openssl/crypto/LPdir_wince.c

@ -1,7 +1,3 @@
/*
* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
* $
*/
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.

24
deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl

@ -1797,8 +1797,6 @@ $code.=<<___;
b .Lxts_enc_done
.align 4
.Lxts_enc_6:
vst1.64 {@XMM[14]}, [r0,:128] @ next round tweak
veor @XMM[4], @XMM[4], @XMM[12]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@ -1834,8 +1832,6 @@ $code.=<<___;
.align 5
.Lxts_enc_5:
vst1.64 {@XMM[13]}, [r0,:128] @ next round tweak
veor @XMM[3], @XMM[3], @XMM[11]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@ -1864,8 +1860,6 @@ $code.=<<___;
b .Lxts_enc_done
.align 4
.Lxts_enc_4:
vst1.64 {@XMM[12]}, [r0,:128] @ next round tweak
veor @XMM[2], @XMM[2], @XMM[10]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@ -1891,8 +1885,6 @@ $code.=<<___;
b .Lxts_enc_done
.align 4
.Lxts_enc_3:
vst1.64 {@XMM[11]}, [r0,:128] @ next round tweak
veor @XMM[1], @XMM[1], @XMM[9]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@ -1917,8 +1909,6 @@ $code.=<<___;
b .Lxts_enc_done
.align 4
.Lxts_enc_2:
vst1.64 {@XMM[10]}, [r0,:128] @ next round tweak
veor @XMM[0], @XMM[0], @XMM[8]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@ -1941,7 +1931,7 @@ $code.=<<___;
.align 4
.Lxts_enc_1:
mov r0, sp
veor @XMM[0], @XMM[8]
veor @XMM[0], @XMM[0], @XMM[8]
mov r1, sp
vst1.8 {@XMM[0]}, [sp,:128]
mov r2, $key
@ -2251,8 +2241,6 @@ $code.=<<___;
b .Lxts_dec_done
.align 4
.Lxts_dec_5:
vst1.64 {@XMM[13]}, [r0,:128] @ next round tweak
veor @XMM[3], @XMM[3], @XMM[11]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@ -2281,8 +2269,6 @@ $code.=<<___;
b .Lxts_dec_done
.align 4
.Lxts_dec_4:
vst1.64 {@XMM[12]}, [r0,:128] @ next round tweak
veor @XMM[2], @XMM[2], @XMM[10]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@ -2308,8 +2294,6 @@ $code.=<<___;
b .Lxts_dec_done
.align 4
.Lxts_dec_3:
vst1.64 {@XMM[11]}, [r0,:128] @ next round tweak
veor @XMM[1], @XMM[1], @XMM[9]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@ -2334,8 +2318,6 @@ $code.=<<___;
b .Lxts_dec_done
.align 4
.Lxts_dec_2:
vst1.64 {@XMM[10]}, [r0,:128] @ next round tweak
veor @XMM[0], @XMM[0], @XMM[8]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@ -2358,12 +2340,12 @@ $code.=<<___;
.align 4
.Lxts_dec_1:
mov r0, sp
veor @XMM[0], @XMM[8]
veor @XMM[0], @XMM[0], @XMM[8]
mov r1, sp
vst1.8 {@XMM[0]}, [sp,:128]
mov r5, $magic @ preserve magic
mov r2, $key
mov r4, $fp @ preserve fp
mov r5, $magic @ preserve magic
bl AES_decrypt

58
deps/openssl/openssl/crypto/asn1/a_bytes.c

@ -60,7 +60,12 @@
#include "cryptlib.h"
#include <openssl/asn1.h>
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c,
int depth);
static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a,
const unsigned char **pp, long length,
int Ptag, int Pclass, int depth,
int *perr);
/*
* type is a 'bitmap' of acceptable string types.
*/
@ -99,7 +104,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
ret = (*a);
if (len != 0) {
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
s = OPENSSL_malloc((int)len + 1);
if (s == NULL) {
i = ERR_R_MALLOC_FAILURE;
goto err;
@ -154,15 +159,38 @@ int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
return (r);
}
/*
* Maximum recursion depth of d2i_ASN1_bytes(): much more than should be
* encountered in pratice.
*/
#define ASN1_BYTES_MAXDEPTH 20
ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
long length, int Ptag, int Pclass)
{
int err = 0;
ASN1_STRING *s = int_d2i_ASN1_bytes(a, pp, length, Ptag, Pclass, 0, &err);
if (err != 0)
ASN1err(ASN1_F_D2I_ASN1_BYTES, err);
return s;
}
static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a,
const unsigned char **pp, long length,
int Ptag, int Pclass,
int depth, int *perr)
{
ASN1_STRING *ret = NULL;
const unsigned char *p;
unsigned char *s;
long len;
int inf, tag, xclass;
int i = 0;
if (depth > ASN1_BYTES_MAXDEPTH) {
*perr = ASN1_R_NESTED_ASN1_STRING;
return NULL;
}
if ((a == NULL) || ((*a) == NULL)) {
if ((ret = ASN1_STRING_new()) == NULL)
@ -173,18 +201,19 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
p = *pp;
inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) {
i = ASN1_R_BAD_OBJECT_HEADER;
*perr = ASN1_R_BAD_OBJECT_HEADER;
goto err;
}
if (tag != Ptag) {
i = ASN1_R_WRONG_TAG;
*perr = ASN1_R_WRONG_TAG;
goto err;
}
if (inf & V_ASN1_CONSTRUCTED) {
ASN1_const_CTX c;
c.error = 0;
c.pp = pp;
c.p = p;
c.inf = inf;
@ -192,17 +221,18 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
c.tag = Ptag;
c.xclass = Pclass;
c.max = (length == 0) ? 0 : (p + length);
if (!asn1_collate_primitive(ret, &c))
if (!asn1_collate_primitive(ret, &c, depth)) {
*perr = c.error;
goto err;
else {
} else {
p = c.p;
}
} else {
if (len != 0) {
if ((ret->length < len) || (ret->data == NULL)) {
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
s = OPENSSL_malloc((int)len + 1);
if (s == NULL) {
i = ERR_R_MALLOC_FAILURE;
*perr = ERR_R_MALLOC_FAILURE;
goto err;
}
if (ret->data != NULL)
@ -230,7 +260,6 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
err:
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
ASN1_STRING_free(ret);
ASN1err(ASN1_F_D2I_ASN1_BYTES, i);
return (NULL);
}
@ -242,7 +271,8 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
* There have been a few bug fixes for this function from Paul Keogh
* <paul.keogh@sse.ie>, many thanks to him
*/
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c,
int depth)
{
ASN1_STRING *os = NULL;
BUF_MEM b;
@ -270,9 +300,8 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
}
c->q = c->p;
if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass)
== NULL) {
c->error = ERR_R_ASN1_LIB;
if (int_d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass,
depth + 1, &c->error) == NULL) {
goto err;
}
@ -297,7 +326,6 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
ASN1_STRING_free(os);
return (1);
err:
ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
if (os != NULL)
ASN1_STRING_free(os);
if (b.data != NULL)

10
deps/openssl/openssl/crypto/asn1/a_object.c

@ -73,7 +73,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
return (0);
objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
if (pp == NULL)
if (pp == NULL || objsize == -1)
return objsize;
p = *pp;
@ -174,8 +174,12 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
if (!tmp)
goto err;
}
while (blsize--)
tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
while (blsize--) {
BN_ULONG t = BN_div_word(bl, 0x80L);
if (t == (BN_ULONG)-1)
goto err;
tmp[i++] = (unsigned char)t;
}
} else {
for (;;) {

9
deps/openssl/openssl/crypto/asn1/a_set.c

@ -57,6 +57,7 @@
*/
#include <stdio.h>
#include <limits.h>
#include "cryptlib.h"
#include <openssl/asn1_mac.h>
@ -98,10 +99,14 @@ int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
if (a == NULL)
return (0);
for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--)
for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) {
int tmplen = i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
if (tmplen > INT_MAX - ret)
return -1;
ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL);
}
r = ASN1_object_size(1, ret, ex_tag);
if (pp == NULL)
if (pp == NULL || r == -1)
return (r);
p = *pp;

2
deps/openssl/openssl/crypto/asn1/a_strex.c

@ -337,7 +337,7 @@ static const signed char tag2nbyte[] = {
-1, -1, -1, -1, -1, /* 5-9 */
-1, -1, 0, -1, /* 10-13 */
-1, -1, -1, -1, /* 15-17 */
-1, 1, 1, /* 18-20 */
1, 1, 1, /* 18-20 */
-1, 1, 1, 1, /* 21-24 */
-1, 1, -1, /* 25-27 */
4, -1, 2 /* 28-30 */

1
deps/openssl/openssl/crypto/asn1/a_strnid.c

@ -250,6 +250,7 @@ int ASN1_STRING_TABLE_add(int nid,
}
tmp->flags = flags | STABLE_FLAGS_MALLOC;
tmp->nid = nid;
tmp->minsize = tmp->maxsize = -1;
new_nid = 1;
} else
tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;

2
deps/openssl/openssl/crypto/asn1/ameth_lib.c

@ -93,7 +93,9 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
&eckey_asn1_meth,
#endif
&hmac_asn1_meth,
#ifndef OPENSSL_NO_CMAC
&cmac_asn1_meth,
#endif
#ifndef OPENSSL_NO_DH
&dhx_asn1_meth
#endif

26
deps/openssl/openssl/crypto/asn1/asn1_lib.c

@ -256,26 +256,30 @@ static void asn1_put_length(unsigned char **pp, int length)
int ASN1_object_size(int constructed, int length, int tag)
{
int ret;
ret = length;
ret++;
int ret = 1;
if (length < 0)
return -1;
if (tag >= 31) {
while (tag > 0) {
tag >>= 7;
ret++;
}
}
if (constructed == 2)
return ret + 3;
if (constructed == 2) {
ret += 3;
} else {
ret++;
if (length > 127) {
while (length > 0) {
length >>= 8;
int tmplen = length;
while (tmplen > 0) {
tmplen >>= 8;
ret++;
}
}
return (ret);
}
if (ret >= INT_MAX - length)
return -1;
return ret + length;
}
static int _asn1_Finish(ASN1_const_CTX *c)
@ -324,7 +328,7 @@ int asn1_GetSequence(ASN1_const_CTX *c, long *length)
return (0);
}
if (c->inf == (1 | V_ASN1_CONSTRUCTED))
c->slen = *length + *(c->pp) - c->p;
c->slen = *length;
c->eos = 0;
return (1);
}
@ -366,7 +370,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
else
len = strlen(data);
}
if ((str->length < len) || (str->data == NULL)) {
if ((str->length <= len) || (str->data == NULL)) {
c = str->data;
if (c == NULL)
str->data = OPENSSL_malloc(len + 1);

4
deps/openssl/openssl/crypto/asn1/asn_mime.c

@ -289,7 +289,7 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
if ((flags & SMIME_DETACHED) && data) {
/* We want multipart/signed */
/* Generate a random boundary */
if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
if (RAND_bytes((unsigned char *)bound, 32) <= 0)
return 0;
for (i = 0; i < 32; i++) {
c = bound[i] & 0xf;
@ -623,6 +623,8 @@ static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
if (bpart)
sk_BIO_push(parts, bpart);
bpart = BIO_new(BIO_s_mem());
if (bpart == NULL)
return 1;
BIO_set_mem_eof_return(bpart, 0);
} else if (eol)
BIO_write(bpart, "\r\n", 2);

6
deps/openssl/openssl/crypto/asn1/bio_asn1.c

@ -170,10 +170,12 @@ static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
ctx->copylen = 0;
ctx->asn1_class = V_ASN1_UNIVERSAL;
ctx->asn1_tag = V_ASN1_OCTET_STRING;
ctx->ex_buf = 0;
ctx->ex_pos = 0;
ctx->ex_buf = NULL;
ctx->ex_len = 0;
ctx->ex_pos = 0;
ctx->state = ASN1_STATE_START;
ctx->prefix = ctx->prefix_free = ctx->suffix = ctx->suffix_free = NULL;
ctx->ex_arg = NULL;
return 1;
}

1
deps/openssl/openssl/crypto/asn1/bio_ndef.c

@ -136,6 +136,7 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
ndef_aux->ndef_bio = sarg.ndef_bio;
ndef_aux->boundary = sarg.boundary;
ndef_aux->out = out;
ndef_aux->derbuf = NULL;
BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);

12
deps/openssl/openssl/crypto/asn1/charmap.pl

@ -67,17 +67,19 @@ $arr[ord("?")] |= $PSTRING_CHAR;
# Now generate the C code
print <<EOF;
/* Auto generated with chartype.pl script.
* Mask of various character properties
/*
* Auto generated with chartype.pl script. Mask of various character
* properties
*/
static unsigned char char_type[] = {
static const unsigned char char_type[] = {
EOF
print " ";
for($i = 0; $i < 128; $i++) {
print("\n ") if($i && (($i % 16) == 0));
printf("%2d", $arr[$i]);
printf(" %d", $arr[$i]);
print(",") if ($i != 127);
}
print("\n};\n\n");
print("\n};\n");

8
deps/openssl/openssl/crypto/asn1/d2i_pr.c

@ -97,15 +97,17 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
if (!ret->ameth->old_priv_decode ||
!ret->ameth->old_priv_decode(ret, &p, length)) {
if (ret->ameth->priv_decode) {
EVP_PKEY *tmp;
PKCS8_PRIV_KEY_INFO *p8 = NULL;
p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
if (!p8)
goto err;
EVP_PKEY_free(ret);
ret = EVP_PKCS82PKEY(p8);
tmp = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
if (ret == NULL)
if (tmp == NULL)
goto err;
EVP_PKEY_free(ret);
ret = tmp;
} else {
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err;

4
deps/openssl/openssl/crypto/asn1/f_enum.c

@ -160,8 +160,6 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
i * 2);
if (sp == NULL) {
ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
if (s != NULL)
OPENSSL_free(s);
goto err;
}
s = sp;
@ -199,5 +197,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
err_sl:
ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
}
if (ret != 1)
OPENSSL_free(s);
return (ret);
}

4
deps/openssl/openssl/crypto/asn1/f_int.c

@ -172,8 +172,6 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
sp = OPENSSL_realloc_clean(s, slen, num + i * 2);
if (sp == NULL) {
ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
if (s != NULL)
OPENSSL_free(s);
goto err;
}
s = sp;
@ -211,5 +209,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
err_sl:
ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
}
if (ret != 1)
OPENSSL_free(s);
return (ret);
}

4
deps/openssl/openssl/crypto/asn1/f_string.c

@ -166,8 +166,6 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
i * 2);
if (sp == NULL) {
ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
if (s != NULL)
OPENSSL_free(s);
goto err;
}
s = sp;
@ -205,5 +203,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
err_sl:
ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
}
if (ret != 1)
OPENSSL_free(s);
return (ret);
}

7
deps/openssl/openssl/crypto/asn1/i2d_pr.c

@ -69,10 +69,13 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
}
if (a->ameth && a->ameth->priv_encode) {
PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
int ret = 0;
if (p8 != NULL) {
ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
PKCS8_PRIV_KEY_INFO_free(p8);
}
return ret;
}
ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
return (-1);
return -1;
}

2
deps/openssl/openssl/crypto/asn1/p5_pbe.c

@ -101,7 +101,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
sstr = ASN1_STRING_data(pbe->salt);
if (salt)
memcpy(sstr, salt, saltlen);
else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
else if (RAND_bytes(sstr, saltlen) <= 0)
goto err;
if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {

4
deps/openssl/openssl/crypto/asn1/p5_pbev2.c

@ -120,7 +120,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
if (EVP_CIPHER_iv_length(cipher)) {
if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
goto err;
}
@ -225,7 +225,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
if (salt)
memcpy(osalt->data, salt, saltlen);
else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0)
else if (RAND_bytes(osalt->data, saltlen) <= 0)
goto merr;
if (iter <= 0)

1
deps/openssl/openssl/crypto/asn1/t_req.c

@ -196,6 +196,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
if (BIO_puts(bp, ":") <= 0)
goto err;
if ((type == V_ASN1_PRINTABLESTRING) ||
(type == V_ASN1_UTF8STRING) ||
(type == V_ASN1_T61STRING) ||
(type == V_ASN1_IA5STRING)) {
if (BIO_write(bp, (char *)bs->data, bs->length)

8
deps/openssl/openssl/crypto/asn1/tasn_dec.c

@ -400,7 +400,9 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
if (tt->flags & ASN1_TFLG_ADB_MASK) {
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 1);
seqtt = asn1_do_adb(pval, tt, 0);
if (seqtt == NULL)
continue;
pseqval = asn1_get_field_ptr(pval, seqtt);
ASN1_template_free(pseqval, seqtt);
}
@ -411,7 +413,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 1);
if (!seqtt)
if (seqtt == NULL)
goto err;
pseqval = asn1_get_field_ptr(pval, seqtt);
/* Have we ran out of data? */
@ -476,7 +478,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
for (; i < it->tcount; tt++, i++) {
const ASN1_TEMPLATE *seqtt;
seqtt = asn1_do_adb(pval, tt, 1);
if (!seqtt)
if (seqtt == NULL)
goto err;
if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
ASN1_VALUE **pseqval;

24
deps/openssl/openssl/crypto/asn1/tasn_enc.c

@ -59,6 +59,7 @@
#include <stddef.h>
#include <string.h>
#include <limits.h>
#include "cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
@ -216,17 +217,19 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
int tmplen;
seqtt = asn1_do_adb(pval, tt, 1);
if (!seqtt)
return 0;
pseqval = asn1_get_field_ptr(pval, seqtt);
/* FIXME: check for errors in enhanced version */
seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
-1, aclass);
tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass);
if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
return -1;
seqcontlen += tmplen;
}
seqlen = ASN1_object_size(ndef, seqcontlen, tag);
if (!out)
if (!out || seqlen == -1)
return seqlen;
/* Output SEQUENCE header */
ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
@ -339,19 +342,24 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
/* Determine total length of items */
skcontlen = 0;
for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
int tmplen;
skitem = sk_ASN1_VALUE_value(sk, i);
skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
ASN1_ITEM_ptr(tt->item),
tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
-1, iclass);
if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
return -1;
skcontlen += tmplen;
}
sklen = ASN1_object_size(ndef, skcontlen, sktag);
if (sklen == -1)
return -1;
/* If EXPLICIT need length of surrounding tag */
if (flags & ASN1_TFLG_EXPTAG)
ret = ASN1_object_size(ndef, sklen, ttag);
else
ret = sklen;
if (!out)
if (!out || ret == -1)
return ret;
/* Now encode this lot... */
@ -380,7 +388,7 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
return 0;
/* Find length of EXPLICIT tag */
ret = ASN1_object_size(ndef, i, ttag);
if (out) {
if (out && ret != -1) {
/* Output tag and item */
ASN1_put_object(out, ndef, i, ttag, tclass);
ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);

14
deps/openssl/openssl/crypto/asn1/tasn_prn.c

@ -204,7 +204,8 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
} else
asn1_cb = 0;
if (*fld == NULL) {
if (((it->itype != ASN1_ITYPE_PRIMITIVE)
|| (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) {
if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
return 0;
@ -446,6 +447,8 @@ static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
char *s;
int ret = 1;
s = i2s_ASN1_INTEGER(NULL, str);
if (s == NULL)
return 0;
if (BIO_puts(out, s) <= 0)
ret = 0;
OPENSSL_free(s);
@ -496,11 +499,16 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
return 0;
if (pf && pf->prim_print)
return pf->prim_print(out, fld, it, indent, pctx);
if (it->itype == ASN1_ITYPE_MSTRING) {
str = (ASN1_STRING *)*fld;
if (it->itype == ASN1_ITYPE_MSTRING)
utype = str->type & ~V_ASN1_NEG;
else
} else {
utype = it->utype;
if (utype == V_ASN1_BOOLEAN)
str = NULL;
else
str = (ASN1_STRING *)*fld;
}
if (utype == V_ASN1_ANY) {
ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
utype = atype->type;

2
deps/openssl/openssl/crypto/asn1/tasn_utl.c

@ -234,7 +234,7 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
sfld = offset2ptr(*pval, adb->offset);
/* Check if NULL */
if (!sfld) {
if (*sfld == NULL) {
if (!adb->null_tt)
goto err;
return adb->null_tt;

15
deps/openssl/openssl/crypto/asn1/x_bignum.c

@ -78,6 +78,8 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
const ASN1_ITEM *it);
static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
int utype, char *free_cont, const ASN1_ITEM *it);
static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
int indent, const ASN1_PCTX *pctx);
static ASN1_PRIMITIVE_FUNCS bignum_pf = {
NULL, 0,
@ -85,7 +87,8 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = {
bn_free,
0,
bn_c2i,
bn_i2c
bn_i2c,
bn_print
};
ASN1_ITEM_start(BIGNUM)
@ -151,3 +154,13 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
}
return 1;
}
static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
int indent, const ASN1_PCTX *pctx)
{
if (!BN_print(out, *(BIGNUM **)pval))
return 0;
if (BIO_puts(out, "\n") <= 0)
return 0;
return 1;
}

6
deps/openssl/openssl/crypto/asn1/x_name.c

@ -199,10 +199,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
if (len > X509_NAME_MAX) {
ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
return 0;
}
if (len > X509_NAME_MAX)
len = X509_NAME_MAX;
q = p;
/* Get internal representation of Name */

54
deps/openssl/openssl/crypto/asn1/x_x509.c

@ -199,12 +199,26 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
return NULL;
}
int i2d_X509_AUX(X509 *a, unsigned char **pp)
/*
* Serialize trusted certificate to *pp or just return the required buffer
* length if pp == NULL. We ultimately want to avoid modifying *pp in the
* error path, but that depends on similar hygiene in lower-level functions.
* Here we avoid compounding the problem.
*/
static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
{
int length, tmplen;
unsigned char *start = pp != NULL ? *pp : NULL;
OPENSSL_assert(pp == NULL || *pp != NULL);
/*
* This might perturb *pp on error, but fixing that belongs in i2d_X509()
* not here. It should be that if a == NULL length is zero, but we check
* both just in case.
*/
length = i2d_X509(a, pp);
if (length < 0 || a == NULL)
if (length <= 0 || a == NULL)
return length;
tmplen = i2d_X509_CERT_AUX(a->aux, pp);
@ -218,6 +232,42 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
return length;
}
/*
* Serialize trusted certificate to *pp, or just return the required buffer
* length if pp == NULL.
*
* When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
* we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
* the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
* allocated buffer.
*/
int i2d_X509_AUX(X509 *a, unsigned char **pp)
{
int length;
unsigned char *tmp;
/* Buffer provided by caller */
if (pp == NULL || *pp != NULL)
return i2d_x509_aux_internal(a, pp);
/* Obtain the combined length */
if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
return length;
/* Allocate requisite combined storage */
*pp = tmp = OPENSSL_malloc(length);
if (tmp == NULL)
return -1; /* Push error onto error stack? */
/* Encode, but keep *pp at the originally malloced pointer */
length = i2d_x509_aux_internal(a, &tmp);
if (length <= 0) {
OPENSSL_free(*pp);
*pp = NULL;
}
return length;
}
int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
{
x->cert_info->enc.modified = 1;

6
deps/openssl/openssl/crypto/bio/b_print.c

@ -423,9 +423,15 @@ _dopr(char **sbuffer,
break;
}
}
/*
* We have to truncate if there is no dynamic buffer and we have filled the
* static buffer.
*/
if (buffer == NULL) {
*truncated = (currlen > *maxlen - 1);
if (*truncated)
currlen = *maxlen - 1;
}
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
return 0;
*retlen = currlen - 1;

4
deps/openssl/openssl/crypto/bio/bf_nbio.c

@ -139,7 +139,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
BIO_clear_retry_flags(b);
#if 1
if (RAND_pseudo_bytes(&n, 1) < 0)
if (RAND_bytes(&n, 1) <= 0)
return -1;
num = (n & 0x07);
@ -179,7 +179,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
num = nt->lwn;
nt->lwn = 0;
} else {
if (RAND_pseudo_bytes(&n, 1) < 0)
if (RAND_bytes(&n, 1) <= 0)
return -1;
num = (n & 7);
}

6
deps/openssl/openssl/crypto/bio/bio.h

@ -559,11 +559,11 @@ int BIO_read_filename(BIO *b, const char *name);
# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
# define BIO_set_ssl_renegotiate_bytes(b,num) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
# define BIO_get_num_renegotiates(b) \
BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
/* defined in evp.h */
/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */

19
deps/openssl/openssl/crypto/bio/bss_bio.c

@ -149,9 +149,13 @@ static int bio_new(BIO *bio)
return 0;
b->peer = NULL;
b->closed = 0;
b->len = 0;
b->offset = 0;
/* enough for one TLS record (just a default) */
b->size = 17 * 1024;
b->buf = NULL;
b->request = 0;
bio->ptr = b;
return 1;
@ -655,15 +659,14 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
break;
case BIO_CTRL_EOF:
{
BIO *other_bio = ptr;
if (other_bio) {
struct bio_bio_st *other_b = other_bio->ptr;
if (b->peer != NULL) {
struct bio_bio_st *peer_b = b->peer->ptr;
assert(other_b != NULL);
ret = other_b->len == 0 && other_b->closed;
} else
if (peer_b->len == 0 && peer_b->closed)
ret = 1;
else
ret = 0;
} else {
ret = 1;
}
break;

6
deps/openssl/openssl/crypto/bio/bss_file.c

@ -174,7 +174,11 @@ BIO *BIO_new_file(const char *filename, const char *mode)
if (file == NULL) {
SYSerr(SYS_F_FOPEN, get_last_sys_error());
ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
if (errno == ENOENT)
if (errno == ENOENT
# ifdef ENXIO
|| errno == ENXIO
# endif
)
BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
else
BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);

2
deps/openssl/openssl/crypto/bio/bss_rtcp.c

@ -170,6 +170,8 @@ static int rtcp_new(BIO *bi)
bi->num = 0;
bi->flags = 0;
bi->ptr = OPENSSL_malloc(sizeof(struct rpc_ctx));
if (bi->ptr == NULL)
return (0);
ctx = (struct rpc_ctx *)bi->ptr;
ctx->filled = 0;
ctx->pos = 0;

41
deps/openssl/openssl/crypto/bn/asm/x86-mont.pl

@ -63,27 +63,26 @@ $frame=32; # size of above frame rounded up to 16n
&lea ("esi",&wparam(0)); # put aside pointer to argument block
&lea ("edx",&wparam(1)); # load ap
&mov ("ebp","esp"); # saved stack pointer!
&add ("edi",2); # extra two words on top of tp
&neg ("edi");
&lea ("esp",&DWP(-$frame,"esp","edi",4)); # alloca($frame+4*(num+2))
&lea ("ebp",&DWP(-$frame,"esp","edi",4)); # future alloca($frame+4*(num+2))
&neg ("edi");
# minimize cache contention by arraning 2K window between stack
# pointer and ap argument [np is also position sensitive vector,
# but it's assumed to be near ap, as it's allocated at ~same
# time].
&mov ("eax","esp");
&mov ("eax","ebp");
&sub ("eax","edx");
&and ("eax",2047);
&sub ("esp","eax"); # this aligns sp and ap modulo 2048
&sub ("ebp","eax"); # this aligns sp and ap modulo 2048
&xor ("edx","esp");
&xor ("edx","ebp");
&and ("edx",2048);
&xor ("edx",2048);
&sub ("esp","edx"); # this splits them apart modulo 4096
&sub ("ebp","edx"); # this splits them apart modulo 4096
&and ("esp",-64); # align to cache line
&and ("ebp",-64); # align to cache line
# Some OSes, *cough*-dows, insist on stack being "wired" to
# physical memory in strictly sequential manner, i.e. if stack
@ -91,20 +90,28 @@ $frame=32; # size of above frame rounded up to 16n
# be punishable by SEGV. But page walking can do good even on
# other OSes, because it guarantees that villain thread hits
# the guard page before it can make damage to innocent one...
&mov ("eax","ebp");
&sub ("eax","esp");
&mov ("eax","esp");
&sub ("eax","ebp");
&and ("eax",-4096);
&set_label("page_walk");
&mov ("edx",&DWP(0,"esp","eax"));
&sub ("eax",4096);
&data_byte(0x2e);
&jnc (&label("page_walk"));
&mov ("edx","esp"); # saved stack pointer!
&lea ("esp",&DWP(0,"ebp","eax"));
&mov ("eax",&DWP(0,"esp"));
&cmp ("esp","ebp");
&ja (&label("page_walk"));
&jmp (&label("page_walk_done"));
&set_label("page_walk",16);
&lea ("esp",&DWP(-4096,"esp"));
&mov ("eax",&DWP(0,"esp"));
&cmp ("esp","ebp");
&ja (&label("page_walk"));
&set_label("page_walk_done");
################################# load argument block...
&mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
&mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
&mov ("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp
&mov ("edx",&DWP(3*4,"esi"));# const BN_ULONG *np
&mov ("ebp",&DWP(3*4,"esi"));# const BN_ULONG *np
&mov ("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0
#&mov ("edi",&DWP(5*4,"esi"));# int num
@ -112,11 +119,11 @@ $frame=32; # size of above frame rounded up to 16n
&mov ($_rp,"eax"); # ... save a copy of argument block
&mov ($_ap,"ebx");
&mov ($_bp,"ecx");
&mov ($_np,"edx");
&mov ($_np,"ebp");
&mov ($_n0,"esi");
&lea ($num,&DWP(-3,"edi")); # num=num-1 to assist modulo-scheduling
#&mov ($_num,$num); # redundant as $num is not reused
&mov ($_sp,"ebp"); # saved stack pointer!
&mov ($_sp,"edx"); # saved stack pointer!
if($sse2) {
$acc0="mm0"; # mmx register bank layout

2
deps/openssl/openssl/crypto/bn/asm/x86_64-gcc.c

@ -194,7 +194,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
BN_ULONG ret, waste;
asm("divq %4":"=a"(ret), "=d"(waste)
: "a"(l), "d"(h), "g"(d)
: "a"(l), "d"(h), "r"(d)
: "cc");
return ret;

185
deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl

@ -97,6 +97,8 @@ $code=<<___;
.type bn_mul_mont,\@function,6
.align 16
bn_mul_mont:
mov ${num}d,${num}d
mov %rsp,%rax
test \$3,${num}d
jnz .Lmul_enter
cmp \$8,${num}d
@ -121,29 +123,36 @@ $code.=<<___;
push %r14
push %r15
mov ${num}d,${num}d
lea 2($num),%r10
neg $num
mov %rsp,%r11
neg %r10
lea (%rsp,%r10,8),%rsp # tp=alloca(8*(num+2))
and \$-1024,%rsp # minimize TLB usage
lea -16(%rsp,$num,8),%r10 # future alloca(8*(num+2))
neg $num # restore $num
and \$-1024,%r10 # minimize TLB usage
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul_body:
# Some OSes, *cough*-dows, insist on stack being "wired" to
# physical memory in strictly sequential manner, i.e. if stack
# allocation spans two pages, then reference to farmost one can
# be punishable by SEGV. But page walking can do good even on
# other OSes, because it guarantees that villain thread hits
# the guard page before it can make damage to innocent one...
sub %rsp,%r11
sub %r10,%r11
and \$-4096,%r11
lea (%r10,%r11),%rsp
mov (%rsp),%r11
cmp %r10,%rsp
ja .Lmul_page_walk
jmp .Lmul_page_walk_done
.align 16
.Lmul_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x66,0x2e # predict non-taken
jnc .Lmul_page_walk
lea -4096(%rsp),%rsp
mov (%rsp),%r11
cmp %r10,%rsp
ja .Lmul_page_walk
.Lmul_page_walk_done:
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul_body:
mov $bp,%r12 # reassign $bp
___
$bp="%r12";
@ -314,13 +323,13 @@ $code.=<<___;
mov 8(%rsp,$num,8),%rsi # restore %rsp
mov \$1,%rax
mov (%rsi),%r15
mov 8(%rsi),%r14
mov 16(%rsi),%r13
mov 24(%rsi),%r12
mov 32(%rsi),%rbp
mov 40(%rsi),%rbx
lea 48(%rsi),%rsp
mov -48(%rsi),%r15
mov -40(%rsi),%r14
mov -32(%rsi),%r13
mov -24(%rsi),%r12
mov -16(%rsi),%rbp
mov -8(%rsi),%rbx
lea (%rsi),%rsp
.Lmul_epilogue:
ret
.size bn_mul_mont,.-bn_mul_mont
@ -332,6 +341,8 @@ $code.=<<___;
.type bn_mul4x_mont,\@function,6
.align 16
bn_mul4x_mont:
mov ${num}d,${num}d
mov %rsp,%rax
.Lmul4x_enter:
___
$code.=<<___ if ($addx);
@ -347,23 +358,29 @@ $code.=<<___;
push %r14
push %r15
mov ${num}d,${num}d
lea 4($num),%r10
neg $num
mov %rsp,%r11
neg %r10
lea (%rsp,%r10,8),%rsp # tp=alloca(8*(num+4))
and \$-1024,%rsp # minimize TLB usage
lea -32(%rsp,$num,8),%r10 # future alloca(8*(num+4))
neg $num # restore
and \$-1024,%r10 # minimize TLB usage
mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul4x_body:
sub %rsp,%r11
sub %r10,%r11
and \$-4096,%r11
lea (%r10,%r11),%rsp
mov (%rsp),%r11
cmp %r10,%rsp
ja .Lmul4x_page_walk
jmp .Lmul4x_page_walk_done
.Lmul4x_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x2e # predict non-taken
jnc .Lmul4x_page_walk
lea -4096(%rsp),%rsp
mov (%rsp),%r11
cmp %r10,%rsp
ja .Lmul4x_page_walk
.Lmul4x_page_walk_done:
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul4x_body:
mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
mov %rdx,%r12 # reassign $bp
___
@ -742,13 +759,13 @@ ___
$code.=<<___;
mov 8(%rsp,$num,8),%rsi # restore %rsp
mov \$1,%rax
mov (%rsi),%r15
mov 8(%rsi),%r14
mov 16(%rsi),%r13
mov 24(%rsi),%r12
mov 32(%rsi),%rbp
mov 40(%rsi),%rbx
lea 48(%rsi),%rsp
mov -48(%rsi),%r15
mov -40(%rsi),%r14
mov -32(%rsi),%r13
mov -24(%rsi),%r12
mov -16(%rsi),%rbp
mov -8(%rsi),%rbx
lea (%rsi),%rsp
.Lmul4x_epilogue:
ret
.size bn_mul4x_mont,.-bn_mul4x_mont
@ -778,14 +795,15 @@ $code.=<<___;
.type bn_sqr8x_mont,\@function,6
.align 32
bn_sqr8x_mont:
.Lsqr8x_enter:
mov %rsp,%rax
.Lsqr8x_enter:
push %rbx
push %rbp
push %r12
push %r13
push %r14
push %r15
.Lsqr8x_prologue:
mov ${num}d,%r10d
shl \$3,${num}d # convert $num to bytes
@ -798,33 +816,42 @@ bn_sqr8x_mont:
# do its job.
#
lea -64(%rsp,$num,2),%r11
mov %rsp,%rbp
mov ($n0),$n0 # *n0
sub $aptr,%r11
and \$4095,%r11
cmp %r11,%r10
jb .Lsqr8x_sp_alt
sub %r11,%rsp # align with $aptr
lea -64(%rsp,$num,2),%rsp # alloca(frame+2*$num)
sub %r11,%rbp # align with $aptr
lea -64(%rbp,$num,2),%rbp # future alloca(frame+2*$num)
jmp .Lsqr8x_sp_done
.align 32
.Lsqr8x_sp_alt:
lea 4096-64(,$num,2),%r10 # 4096-frame-2*$num
lea -64(%rsp,$num,2),%rsp # alloca(frame+2*$num)
lea -64(%rbp,$num,2),%rbp # future alloca(frame+2*$num)
sub %r10,%r11
mov \$0,%r10
cmovc %r10,%r11
sub %r11,%rsp
sub %r11,%rbp
.Lsqr8x_sp_done:
and \$-64,%rsp
mov %rax,%r11
sub %rsp,%r11
and \$-64,%rbp
mov %rsp,%r11
sub %rbp,%r11
and \$-4096,%r11
lea (%rbp,%r11),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lsqr8x_page_walk
jmp .Lsqr8x_page_walk_done
.align 16
.Lsqr8x_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x2e # predict non-taken
jnc .Lsqr8x_page_walk
lea -4096(%rsp),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lsqr8x_page_walk
.Lsqr8x_page_walk_done:
mov $num,%r10
neg $num
@ -948,30 +975,38 @@ $code.=<<___;
.type bn_mulx4x_mont,\@function,6
.align 32
bn_mulx4x_mont:
.Lmulx4x_enter:
mov %rsp,%rax
.Lmulx4x_enter:
push %rbx
push %rbp
push %r12
push %r13
push %r14
push %r15
.Lmulx4x_prologue:
shl \$3,${num}d # convert $num to bytes
.byte 0x67
xor %r10,%r10
sub $num,%r10 # -$num
mov ($n0),$n0 # *n0
lea -72(%rsp,%r10),%rsp # alloca(frame+$num+8)
and \$-128,%rsp
mov %rax,%r11
sub %rsp,%r11
lea -72(%rsp,%r10),%rbp # future alloca(frame+$num+8)
and \$-128,%rbp
mov %rsp,%r11
sub %rbp,%r11
and \$-4096,%r11
lea (%rbp,%r11),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lmulx4x_page_walk
jmp .Lmulx4x_page_walk_done
.align 16
.Lmulx4x_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x66,0x2e # predict non-taken
jnc .Lmulx4x_page_walk
lea -4096(%rsp),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lmulx4x_page_walk
.Lmulx4x_page_walk_done:
lea ($bp,$num),%r10
##############################################################
@ -1332,22 +1367,8 @@ mul_handler:
mov 192($context),%r10 # pull $num
mov 8(%rax,%r10,8),%rax # pull saved stack pointer
lea 48(%rax),%rax
mov -8(%rax),%rbx
mov -16(%rax),%rbp
mov -24(%rax),%r12
mov -32(%rax),%r13
mov -40(%rax),%r14
mov -48(%rax),%r15
mov %rbx,144($context) # restore context->Rbx
mov %rbp,160($context) # restore context->Rbp
mov %r12,216($context) # restore context->R12
mov %r13,224($context) # restore context->R13
mov %r14,232($context) # restore context->R14
mov %r15,240($context) # restore context->R15
jmp .Lcommon_seh_tail
jmp .Lcommon_pop_regs
.size mul_handler,.-mul_handler
.type sqr_handler,\@abi-omnipotent
@ -1375,15 +1396,21 @@ sqr_handler:
cmp %r10,%rbx # context->Rip<.Lsqr_body
jb .Lcommon_seh_tail
mov 4(%r11),%r10d # HandlerData[1]
lea (%rsi,%r10),%r10 # body label
cmp %r10,%rbx # context->Rip>=.Lsqr_epilogue
jb .Lcommon_pop_regs
mov 152($context),%rax # pull context->Rsp
mov 4(%r11),%r10d # HandlerData[1]
mov 8(%r11),%r10d # HandlerData[2]
lea (%rsi,%r10),%r10 # epilogue label
cmp %r10,%rbx # context->Rip>=.Lsqr_epilogue
jae .Lcommon_seh_tail
mov 40(%rax),%rax # pull saved stack pointer
.Lcommon_pop_regs:
mov -8(%rax),%rbx
mov -16(%rax),%rbp
mov -24(%rax),%r12
@ -1470,13 +1497,15 @@ $code.=<<___;
.LSEH_info_bn_sqr8x_mont:
.byte 9,0,0,0
.rva sqr_handler
.rva .Lsqr8x_body,.Lsqr8x_epilogue # HandlerData[]
.rva .Lsqr8x_prologue,.Lsqr8x_body,.Lsqr8x_epilogue # HandlerData[]
.align 8
___
$code.=<<___ if ($addx);
.LSEH_info_bn_mulx4x_mont:
.byte 9,0,0,0
.rva sqr_handler
.rva .Lmulx4x_body,.Lmulx4x_epilogue # HandlerData[]
.rva .Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue # HandlerData[]
.align 8
___
}

227
deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl

@ -86,6 +86,8 @@ $code=<<___;
.type bn_mul_mont_gather5,\@function,6
.align 64
bn_mul_mont_gather5:
mov ${num}d,${num}d
mov %rsp,%rax
test \$7,${num}d
jnz .Lmul_enter
___
@ -97,10 +99,7 @@ $code.=<<___;
.align 16
.Lmul_enter:
mov ${num}d,${num}d
mov %rsp,%rax
movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument
lea .Linc(%rip),%r10
push %rbx
push %rbp
push %r12
@ -108,26 +107,36 @@ $code.=<<___;
push %r14
push %r15
lea 2($num),%r11
neg %r11
lea -264(%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)+256+8)
and \$-1024,%rsp # minimize TLB usage
neg $num
mov %rsp,%r11
lea -280(%rsp,$num,8),%r10 # future alloca(8*(num+2)+256+8)
neg $num # restore $num
and \$-1024,%r10 # minimize TLB usage
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul_body:
# Some OSes, *cough*-dows, insist on stack being "wired" to
# physical memory in strictly sequential manner, i.e. if stack
# allocation spans two pages, then reference to farmost one can
# be punishable by SEGV. But page walking can do good even on
# other OSes, because it guarantees that villain thread hits
# the guard page before it can make damage to innocent one...
sub %rsp,%rax
and \$-4096,%rax
sub %r10,%r11
and \$-4096,%r11
lea (%r10,%r11),%rsp
mov (%rsp),%r11
cmp %r10,%rsp
ja .Lmul_page_walk
jmp .Lmul_page_walk_done
.Lmul_page_walk:
mov (%rsp,%rax),%r11
sub \$4096,%rax
.byte 0x2e # predict non-taken
jnc .Lmul_page_walk
lea -4096(%rsp),%rsp
mov (%rsp),%r11
cmp %r10,%rsp
ja .Lmul_page_walk
.Lmul_page_walk_done:
lea .Linc(%rip),%r10
mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
.Lmul_body:
lea 128($bp),%r12 # reassign $bp (+size optimization)
___
@ -433,6 +442,8 @@ $code.=<<___;
.type bn_mul4x_mont_gather5,\@function,6
.align 32
bn_mul4x_mont_gather5:
.byte 0x67
mov %rsp,%rax
.Lmul4x_enter:
___
$code.=<<___ if ($addx);
@ -441,14 +452,13 @@ $code.=<<___ if ($addx);
je .Lmulx4x_enter
___
$code.=<<___;
.byte 0x67
mov %rsp,%rax
push %rbx
push %rbp
push %r12
push %r13
push %r14
push %r15
.Lmul4x_prologue:
.byte 0x67
shl \$3,${num}d # convert $num to bytes
@ -465,32 +475,40 @@ $code.=<<___;
# calculated from 7th argument, the index.]
#
lea -320(%rsp,$num,2),%r11
mov %rsp,%rbp
sub $rp,%r11
and \$4095,%r11
cmp %r11,%r10
jb .Lmul4xsp_alt
sub %r11,%rsp # align with $rp
lea -320(%rsp,$num,2),%rsp # alloca(frame+2*num*8+256)
sub %r11,%rbp # align with $rp
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*num*8+256)
jmp .Lmul4xsp_done
.align 32
.Lmul4xsp_alt:
lea 4096-320(,$num,2),%r10
lea -320(%rsp,$num,2),%rsp # alloca(frame+2*num*8+256)
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*num*8+256)
sub %r10,%r11
mov \$0,%r10
cmovc %r10,%r11
sub %r11,%rsp
sub %r11,%rbp
.Lmul4xsp_done:
and \$-64,%rsp
mov %rax,%r11
sub %rsp,%r11
and \$-64,%rbp
mov %rsp,%r11
sub %rbp,%r11
and \$-4096,%r11
lea (%rbp,%r11),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lmul4x_page_walk
jmp .Lmul4x_page_walk_done
.Lmul4x_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x2e # predict non-taken
jnc .Lmul4x_page_walk
lea -4096(%rsp),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lmul4x_page_walk
.Lmul4x_page_walk_done:
neg $num
@ -1034,6 +1052,7 @@ $code.=<<___;
.type bn_power5,\@function,6
.align 32
bn_power5:
mov %rsp,%rax
___
$code.=<<___ if ($addx);
mov OPENSSL_ia32cap_P+8(%rip),%r11d
@ -1042,13 +1061,13 @@ $code.=<<___ if ($addx);
je .Lpowerx5_enter
___
$code.=<<___;
mov %rsp,%rax
push %rbx
push %rbp
push %r12
push %r13
push %r14
push %r15
.Lpower5_prologue:
shl \$3,${num}d # convert $num to bytes
lea ($num,$num,2),%r10d # 3*$num
@ -1063,32 +1082,40 @@ $code.=<<___;
# calculated from 7th argument, the index.]
#
lea -320(%rsp,$num,2),%r11
mov %rsp,%rbp
sub $rptr,%r11
and \$4095,%r11
cmp %r11,%r10
jb .Lpwr_sp_alt
sub %r11,%rsp # align with $aptr
lea -320(%rsp,$num,2),%rsp # alloca(frame+2*num*8+256)
sub %r11,%rbp # align with $aptr
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*num*8+256)
jmp .Lpwr_sp_done
.align 32
.Lpwr_sp_alt:
lea 4096-320(,$num,2),%r10
lea -320(%rsp,$num,2),%rsp # alloca(frame+2*num*8+256)
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*num*8+256)
sub %r10,%r11
mov \$0,%r10
cmovc %r10,%r11
sub %r11,%rsp
sub %r11,%rbp
.Lpwr_sp_done:
and \$-64,%rsp
mov %rax,%r11
sub %rsp,%r11
and \$-64,%rbp
mov %rsp,%r11
sub %rbp,%r11
and \$-4096,%r11
lea (%rbp,%r11),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lpwr_page_walk
jmp .Lpwr_page_walk_done
.Lpwr_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x2e # predict non-taken
jnc .Lpwr_page_walk
lea -4096(%rsp),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lpwr_page_walk
.Lpwr_page_walk_done:
mov $num,%r10
neg $num
@ -2028,6 +2055,7 @@ bn_from_mont8x:
push %r13
push %r14
push %r15
.Lfrom_prologue:
shl \$3,${num}d # convert $num to bytes
lea ($num,$num,2),%r10 # 3*$num in bytes
@ -2042,32 +2070,40 @@ bn_from_mont8x:
# last operation, we use the opportunity to cleanse it.
#
lea -320(%rsp,$num,2),%r11
mov %rsp,%rbp
sub $rptr,%r11
and \$4095,%r11
cmp %r11,%r10
jb .Lfrom_sp_alt
sub %r11,%rsp # align with $aptr
lea -320(%rsp,$num,2),%rsp # alloca(frame+2*$num*8+256)
sub %r11,%rbp # align with $aptr
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256)
jmp .Lfrom_sp_done
.align 32
.Lfrom_sp_alt:
lea 4096-320(,$num,2),%r10
lea -320(%rsp,$num,2),%rsp # alloca(frame+2*$num*8+256)
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256)
sub %r10,%r11
mov \$0,%r10
cmovc %r10,%r11
sub %r11,%rsp
sub %r11,%rbp
.Lfrom_sp_done:
and \$-64,%rsp
mov %rax,%r11
sub %rsp,%r11
and \$-64,%rbp
mov %rsp,%r11
sub %rbp,%r11
and \$-4096,%r11
lea (%rbp,%r11),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lfrom_page_walk
jmp .Lfrom_page_walk_done
.Lfrom_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x2e # predict non-taken
jnc .Lfrom_page_walk
lea -4096(%rsp),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lfrom_page_walk
.Lfrom_page_walk_done:
mov $num,%r10
neg $num
@ -2173,14 +2209,15 @@ $code.=<<___;
.type bn_mulx4x_mont_gather5,\@function,6
.align 32
bn_mulx4x_mont_gather5:
.Lmulx4x_enter:
mov %rsp,%rax
.Lmulx4x_enter:
push %rbx
push %rbp
push %r12
push %r13
push %r14
push %r15
.Lmulx4x_prologue:
shl \$3,${num}d # convert $num to bytes
lea ($num,$num,2),%r10 # 3*$num in bytes
@ -2197,31 +2234,39 @@ bn_mulx4x_mont_gather5:
# calculated from 7th argument, the index.]
#
lea -320(%rsp,$num,2),%r11
mov %rsp,%rbp
sub $rp,%r11
and \$4095,%r11
cmp %r11,%r10
jb .Lmulx4xsp_alt
sub %r11,%rsp # align with $aptr
lea -320(%rsp,$num,2),%rsp # alloca(frame+2*$num*8+256)
sub %r11,%rbp # align with $aptr
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256)
jmp .Lmulx4xsp_done
.Lmulx4xsp_alt:
lea 4096-320(,$num,2),%r10
lea -320(%rsp,$num,2),%rsp # alloca(frame+2*$num*8+256)
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256)
sub %r10,%r11
mov \$0,%r10
cmovc %r10,%r11
sub %r11,%rsp
sub %r11,%rbp
.Lmulx4xsp_done:
and \$-64,%rsp # ensure alignment
mov %rax,%r11
sub %rsp,%r11
and \$-64,%rbp # ensure alignment
mov %rsp,%r11
sub %rbp,%r11
and \$-4096,%r11
lea (%rbp,%r11),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lmulx4x_page_walk
jmp .Lmulx4x_page_walk_done
.Lmulx4x_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x2e # predict non-taken
jnc .Lmulx4x_page_walk
lea -4096(%rsp),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lmulx4x_page_walk
.Lmulx4x_page_walk_done:
##############################################################
# Stack layout
@ -2629,14 +2674,15 @@ $code.=<<___;
.type bn_powerx5,\@function,6
.align 32
bn_powerx5:
.Lpowerx5_enter:
mov %rsp,%rax
.Lpowerx5_enter:
push %rbx
push %rbp
push %r12
push %r13
push %r14
push %r15
.Lpowerx5_prologue:
shl \$3,${num}d # convert $num to bytes
lea ($num,$num,2),%r10 # 3*$num in bytes
@ -2651,32 +2697,40 @@ bn_powerx5:
# calculated from 7th argument, the index.]
#
lea -320(%rsp,$num,2),%r11
mov %rsp,%rbp
sub $rptr,%r11
and \$4095,%r11
cmp %r11,%r10
jb .Lpwrx_sp_alt
sub %r11,%rsp # align with $aptr
lea -320(%rsp,$num,2),%rsp # alloca(frame+2*$num*8+256)
sub %r11,%rbp # align with $aptr
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256)
jmp .Lpwrx_sp_done
.align 32
.Lpwrx_sp_alt:
lea 4096-320(,$num,2),%r10
lea -320(%rsp,$num,2),%rsp # alloca(frame+2*$num*8+256)
lea -320(%rbp,$num,2),%rbp # alloca(frame+2*$num*8+256)
sub %r10,%r11
mov \$0,%r10
cmovc %r10,%r11
sub %r11,%rsp
sub %r11,%rbp
.Lpwrx_sp_done:
and \$-64,%rsp
mov %rax,%r11
sub %rsp,%r11
and \$-64,%rbp
mov %rsp,%r11
sub %rbp,%r11
and \$-4096,%r11
lea (%rbp,%r11),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lpwrx_page_walk
jmp .Lpwrx_page_walk_done
.Lpwrx_page_walk:
mov (%rsp,%r11),%r10
sub \$4096,%r11
.byte 0x2e # predict non-taken
jnc .Lpwrx_page_walk
lea -4096(%rsp),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lpwrx_page_walk
.Lpwrx_page_walk_done:
mov $num,%r10
neg $num
@ -3607,9 +3661,14 @@ mul_handler:
cmp %r10,%rbx # context->Rip<end of prologue label
jb .Lcommon_seh_tail
mov 4(%r11),%r10d # HandlerData[1]
lea (%rsi,%r10),%r10 # epilogue label
cmp %r10,%rbx # context->Rip>=epilogue label
jb .Lcommon_pop_regs
mov 152($context),%rax # pull context->Rsp
mov 4(%r11),%r10d # HandlerData[1]
mov 8(%r11),%r10d # HandlerData[2]
lea (%rsi,%r10),%r10 # epilogue label
cmp %r10,%rbx # context->Rip>=epilogue label
jae .Lcommon_seh_tail
@ -3621,11 +3680,11 @@ mul_handler:
mov 192($context),%r10 # pull $num
mov 8(%rax,%r10,8),%rax # pull saved stack pointer
jmp .Lbody_proceed
jmp .Lcommon_pop_regs
.Lbody_40:
mov 40(%rax),%rax # pull saved stack pointer
.Lbody_proceed:
.Lcommon_pop_regs:
mov -8(%rax),%rbx
mov -16(%rax),%rbp
mov -24(%rax),%r12
@ -3716,34 +3775,34 @@ $code.=<<___;
.LSEH_info_bn_mul_mont_gather5:
.byte 9,0,0,0
.rva mul_handler
.rva .Lmul_body,.Lmul_epilogue # HandlerData[]
.rva .Lmul_body,.Lmul_body,.Lmul_epilogue # HandlerData[]
.align 8
.LSEH_info_bn_mul4x_mont_gather5:
.byte 9,0,0,0
.rva mul_handler
.rva .Lmul4x_body,.Lmul4x_epilogue # HandlerData[]
.rva .Lmul4x_prologue,.Lmul4x_body,.Lmul4x_epilogue # HandlerData[]
.align 8
.LSEH_info_bn_power5:
.byte 9,0,0,0
.rva mul_handler
.rva .Lpower5_body,.Lpower5_epilogue # HandlerData[]
.rva .Lpower5_prologue,.Lpower5_body,.Lpower5_epilogue # HandlerData[]
.align 8
.LSEH_info_bn_from_mont8x:
.byte 9,0,0,0
.rva mul_handler
.rva .Lfrom_body,.Lfrom_epilogue # HandlerData[]
.rva .Lfrom_prologue,.Lfrom_body,.Lfrom_epilogue # HandlerData[]
___
$code.=<<___ if ($addx);
.align 8
.LSEH_info_bn_mulx4x_mont_gather5:
.byte 9,0,0,0
.rva mul_handler
.rva .Lmulx4x_body,.Lmulx4x_epilogue # HandlerData[]
.rva .Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue # HandlerData[]
.align 8
.LSEH_info_bn_powerx5:
.byte 9,0,0,0
.rva mul_handler
.rva .Lpowerx5_body,.Lpowerx5_epilogue # HandlerData[]
.rva .Lpowerx5_prologue,.Lpowerx5_body,.Lpowerx5_epilogue # HandlerData[]
___
$code.=<<___;
.align 8

2
deps/openssl/openssl/crypto/bn/bn.h

@ -842,6 +842,8 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
if (*(ftl--)) break; \
(a)->top = tmp_top; \
} \
if ((a)->top == 0) \
(a)->neg = 0; \
bn_pollute(a); \
}

4
deps/openssl/openssl/crypto/bn/bn_div.c

@ -155,7 +155,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
({ asm volatile ( \
"divl %4" \
: "=a"(q), "=d"(rem) \
: "a"(n1), "d"(n0), "g"(d0) \
: "a"(n1), "d"(n0), "r"(d0) \
: "cc"); \
q; \
})
@ -170,7 +170,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
({ asm volatile ( \
"divq %4" \
: "=a"(q), "=d"(rem) \
: "a"(n1), "d"(n0), "g"(d0) \
: "a"(n1), "d"(n0), "r"(d0) \
: "cc"); \
q; \
})

2
deps/openssl/openssl/crypto/bn/bn_lib.c

@ -569,7 +569,7 @@ void BN_clear(BIGNUM *a)
{
bn_check_top(a);
if (a->d != NULL)
memset(a->d, 0, a->dmax * sizeof(a->d[0]));
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
a->top = 0;
a->neg = 0;
}

33
deps/openssl/openssl/crypto/bn/bn_print.c

@ -72,12 +72,9 @@ char *BN_bn2hex(const BIGNUM *a)
char *buf;
char *p;
if (a->neg && BN_is_zero(a)) {
/* "-0" == 3 bytes including NULL terminator */
buf = OPENSSL_malloc(3);
} else {
if (BN_is_zero(a))
return OPENSSL_strdup("0");
buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
}
if (buf == NULL) {
BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
goto err;
@ -111,6 +108,7 @@ char *BN_bn2dec(const BIGNUM *a)
char *p;
BIGNUM *t = NULL;
BN_ULONG *bn_data = NULL, *lp;
int bn_data_num;
/*-
* get an upper bound for the length of the decimal integer
@ -120,9 +118,9 @@ char *BN_bn2dec(const BIGNUM *a)
*/
i = BN_num_bits(a) * 3;
num = (i / 10 + i / 1000 + 1) + 1;
bn_data =
(BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
buf = (char *)OPENSSL_malloc(num + 3);
bn_data_num = num / BN_DEC_NUM + 1;
bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
buf = OPENSSL_malloc(num + 3);
if ((buf == NULL) || (bn_data == NULL)) {
BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
goto err;
@ -140,9 +138,12 @@ char *BN_bn2dec(const BIGNUM *a)
if (BN_is_negative(t))
*p++ = '-';
i = 0;
while (!BN_is_zero(t)) {
if (lp - bn_data >= bn_data_num)
goto err;
*lp = BN_div_word(t, BN_DEC_CONV);
if (*lp == (BN_ULONG)-1)
goto err;
lp++;
}
lp--;
@ -240,10 +241,12 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
}
ret->top = h;
bn_correct_top(ret);
ret->neg = neg;
*bn = ret;
bn_check_top(ret);
/* Don't set the negative flag if it's zero. */
if (ret->top != 0)
ret->neg = neg;
return (num);
err:
if (*bn == NULL)
@ -295,7 +298,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
if (j == BN_DEC_NUM)
j = 0;
l = 0;
while (*a) {
while (--i >= 0) {
l *= 10;
l += *a - '0';
a++;
@ -306,11 +309,13 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
j = 0;
}
}
ret->neg = neg;
bn_correct_top(ret);
*bn = ret;
bn_check_top(ret);
/* Don't set the negative flag if it's zero. */
if (ret->top != 0)
ret->neg = neg;
return (num);
err:
if (*bn == NULL)
@ -321,6 +326,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
int BN_asc2bn(BIGNUM **bn, const char *a)
{
const char *p = a;
if (*p == '-')
p++;
@ -331,7 +337,8 @@ int BN_asc2bn(BIGNUM **bn, const char *a)
if (!BN_dec2bn(bn, p))
return 0;
}
if (*a == '-')
/* Don't set the negative flag if it's zero. */
if (*a == '-' && (*bn)->top != 0)
(*bn)->neg = 1;
return 1;
}

19
deps/openssl/openssl/crypto/bn/bn_rand.c

@ -121,15 +121,14 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
int ret = 0, bit, bytes, mask;
time_t tim;
if (bits < 0 || (bits == 1 && top > 0)) {
BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
return 0;
}
if (bits == 0) {
if (top != -1 || bottom != 0)
goto toosmall;
BN_zero(rnd);
return 1;
}
if (bits < 0 || (bits == 1 && top > 0))
goto toosmall;
bytes = (bits + 7) / 8;
bit = (bits - 1) % 8;
@ -145,13 +144,9 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
time(&tim);
RAND_add(&tim, sizeof(tim), 0.0);
if (pseudorand) {
if (RAND_pseudo_bytes(buf, bytes) == -1)
goto err;
} else {
/* We ignore the value of pseudorand and always call RAND_bytes */
if (RAND_bytes(buf, bytes) <= 0)
goto err;
}
#if 1
if (pseudorand == 2) {
@ -199,6 +194,10 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
}
bn_check_top(rnd);
return (ret);
toosmall:
BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
return 0;
}
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)

22
deps/openssl/openssl/crypto/bn/bn_word.c

@ -72,10 +72,32 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
if (w == 0)
return (BN_ULONG)-1;
#ifndef BN_LLONG
/*
* If |w| is too long and we don't have BN_ULLONG then we need to fall
* back to using BN_div_word
*/
if (w > ((BN_ULONG)1 << BN_BITS4)) {
BIGNUM *tmp = BN_dup(a);
if (tmp == NULL)
return (BN_ULONG)-1;
ret = BN_div_word(tmp, w);
BN_free(tmp);
return ret;
}
#endif
bn_check_top(a);
w &= BN_MASK2;
for (i = a->top - 1; i >= 0; i--) {
#ifndef BN_LLONG
/*
* We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so
* | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are
* safe and will not overflow
*/
ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
#else

8
deps/openssl/openssl/crypto/bn/bntest.c

@ -514,7 +514,7 @@ static void print_word(BIO *bp, BN_ULONG w)
int test_div_word(BIO *bp)
{
BIGNUM a, b;
BN_ULONG r, s;
BN_ULONG r, rmod, s;
int i;
BN_init(&a);
@ -528,8 +528,14 @@ int test_div_word(BIO *bp)
s = b.d[0];
BN_copy(&b, &a);
rmod = BN_mod_word(&b, s);
r = BN_div_word(&b, s);
if (rmod != r) {
fprintf(stderr, "Mod (word) test failed!\n");
return 0;
}
if (bp != NULL) {
if (!results) {
BN_print(bp, &a);

12
deps/openssl/openssl/crypto/cms/cms_enc.c

@ -119,7 +119,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
if (RAND_pseudo_bytes(iv, ivlen) <= 0)
if (RAND_bytes(iv, ivlen) <= 0)
goto err;
piv = iv;
}
@ -179,10 +179,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_INITIALISATION_ERROR);
goto err;
}
if (piv) {
if (enc) {
calg->parameter = ASN1_TYPE_new();
if (!calg->parameter) {
if (calg->parameter == NULL) {
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
@ -191,6 +190,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
/* If parameter type not set omit parameter */
if (calg->parameter->type == V_ASN1_UNDEF) {
ASN1_TYPE_free(calg->parameter);
calg->parameter = NULL;
}
}
ok = 1;

3
deps/openssl/openssl/crypto/cms/cms_ess.c

@ -107,8 +107,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
else {
if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
goto merr;
if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
<= 0)
if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0)
goto err;
}

4
deps/openssl/openssl/crypto/cms/cms_lib.c

@ -413,6 +413,8 @@ static STACK_OF(CMS_CertificateChoices)
return &cms->d.signedData->certificates;
case NID_pkcs7_enveloped:
if (cms->d.envelopedData->originatorInfo == NULL)
return NULL;
return &cms->d.envelopedData->originatorInfo->certificates;
default:
@ -488,6 +490,8 @@ static STACK_OF(CMS_RevocationInfoChoice)
return &cms->d.signedData->crls;
case NID_pkcs7_enveloped:
if (cms->d.envelopedData->originatorInfo == NULL)
return NULL;
return &cms->d.envelopedData->originatorInfo->crls;
default:

4
deps/openssl/openssl/crypto/cms/cms_pwri.c

@ -134,7 +134,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
if (ivlen > 0) {
if (RAND_pseudo_bytes(iv, ivlen) <= 0)
if (RAND_bytes(iv, ivlen) <= 0)
goto err;
if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
@ -301,7 +301,7 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
memcpy(out + 4, in, inlen);
/* Add random padding to end */
if (olen > inlen + 4
&& RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0)
&& RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
return 0;
/* Encrypt twice */
EVP_EncryptUpdate(ctx, out, &dummy, out, olen);

4
deps/openssl/openssl/crypto/comp/comp.h

@ -14,7 +14,7 @@ extern "C" {
typedef struct comp_ctx_st COMP_CTX;
typedef struct comp_method_st {
struct comp_method_st {
int type; /* NID for compression library */
const char *name; /* A text string to identify the library */
int (*init) (COMP_CTX *ctx);
@ -30,7 +30,7 @@ typedef struct comp_method_st {
*/
long (*ctrl) (void);
long (*callback_ctrl) (void);
} COMP_METHOD;
};
struct comp_ctx_st {
COMP_METHOD *meth;

4
deps/openssl/openssl/crypto/conf/conf_mod.c

@ -288,6 +288,10 @@ static CONF_MODULE *module_add(DSO *dso, const char *name,
tmod->dso = dso;
tmod->name = BUF_strdup(name);
if (tmod->name == NULL) {
OPENSSL_free(tmod);
return NULL;
}
tmod->init = ifunc;
tmod->finish = ffunc;
tmod->links = 0;

14
deps/openssl/openssl/crypto/conf/keysets.pl

@ -110,8 +110,10 @@ print <<"EOF";
* [including the GNU Public Licence.]
*/
/* THIS FILE WAS AUTOMAGICALLY GENERATED!
Please modify and use keysets.pl to regenerate it. */
/*
* THIS FILE WAS AUTOMAGICALLY GENERATED! Please modify and use keysets.pl to
* regenerate it.
*/
#define CONF_NUMBER $NUMBER
#define CONF_UPPER $UPPER
@ -168,18 +170,18 @@ print "static unsigned short CONF_type_default[256]={";
for ($i=0; $i<256; $i++)
{
print "\n\t" if ($i % 8) == 0;
print "\n " if ($i % 8) == 0;
printf " 0x%04X,",$V_def[$i];
}
print "\n\t};\n\n";
print "\n};\n\n";
print "static unsigned short CONF_type_win32[256] = {";
for ($i=0; $i<256; $i++)
{
print "\n\t" if ($i % 8) == 0;
print "\n " if ($i % 8) == 0;
printf " 0x%04X,",$V_w32[$i];
}
print "\n\t};\n\n";
print "\n};\n";

2
deps/openssl/openssl/crypto/crypto-lib.com

@ -1222,7 +1222,7 @@ $ CC = "CC"
$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
THEN CC = "CC/DECC"
$ CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
"''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
"''POINTER_SIZE' /NOLIST /PREFIX=ALL /EXTERN_MODEL=STRICT_REFDEF" + -
" /INCLUDE=(''CC_INCLUDES')"+ -
CCEXTRAFLAGS
$!

8
deps/openssl/openssl/crypto/des/asm/dest4-sparcv9.pl

@ -96,7 +96,7 @@ $code.=<<___;
des_t4_cbc_encrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
nop
srln $len, 0, $len ! needed on v8+, "nop" on v9
ld [$ivec + 0], %f0 ! load ivec
ld [$ivec + 4], %f1
@ -197,7 +197,7 @@ des_t4_cbc_encrypt:
des_t4_cbc_decrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
nop
srln $len, 0, $len ! needed on v8+, "nop" on v9
ld [$ivec + 0], %f2 ! load ivec
ld [$ivec + 4], %f3
@ -305,7 +305,7 @@ $code.=<<___;
des_t4_ede3_cbc_encrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
nop
srln $len, 0, $len ! needed on v8+, "nop" on v9
ld [$ivec + 0], %f0 ! load ivec
ld [$ivec + 4], %f1
@ -457,7 +457,7 @@ des_t4_ede3_cbc_encrypt:
des_t4_ede3_cbc_decrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
nop
srln $len, 0, $len ! needed on v8+, "nop" on v9
ld [$ivec + 0], %f2 ! load ivec
ld [$ivec + 4], %f3

2
deps/openssl/openssl/crypto/des/des.c

@ -456,7 +456,7 @@ void doencryption(void)
len = l - rem;
if (feof(DES_IN)) {
for (i = 7 - rem; i > 0; i--) {
if (RAND_pseudo_bytes(buf + l++, 1) < 0)
if (RAND_bytes(buf + l++, 1) <= 0)
goto problems;
}
buf[l++] = rem;

2
deps/openssl/openssl/crypto/des/enc_writ.c

@ -135,7 +135,7 @@ int DES_enc_write(int fd, const void *_buf, int len,
if (len < 8) {
cp = shortbuf;
memcpy(shortbuf, buf, len);
if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) {
if (RAND_bytes(shortbuf + len, 8 - len) <= 0) {
return -1;
}
rnum = 8;

2
deps/openssl/openssl/crypto/dh/dh_ameth.c

@ -519,7 +519,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
static int dh_missing_parameters(const EVP_PKEY *a)
{
if (!a->pkey.dh->p || !a->pkey.dh->g)
if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
return 1;
return 0;
}

2
deps/openssl/openssl/crypto/dsa/dsa_ameth.c

@ -350,7 +350,7 @@ static int dsa_missing_parameters(const EVP_PKEY *pkey)
{
DSA *dsa;
dsa = pkey->pkey.dsa;
if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
return 1;
return 0;
}

7
deps/openssl/openssl/crypto/dsa/dsa_gen.c

@ -185,6 +185,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
p = BN_CTX_get(ctx);
test = BN_CTX_get(ctx);
if (test == NULL)
goto err;
if (!BN_lshift(test, BN_value_one(), bits - 1))
goto err;
@ -197,7 +200,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
goto err;
if (!seed_len || !seed_in) {
if (RAND_pseudo_bytes(seed, qsize) < 0)
if (RAND_bytes(seed, qsize) <= 0)
goto err;
seed_is_random = 1;
} else {
@ -491,7 +494,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
goto err;
if (!seed_in) {
if (RAND_pseudo_bytes(seed, seed_len) < 0)
if (RAND_bytes(seed, seed_len) <= 0)
goto err;
}
/* step 2 */

5
deps/openssl/openssl/crypto/dsa/dsa_ossl.c

@ -248,10 +248,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
if (!BN_rand_range(&k, dsa->q))
goto err;
while (BN_is_zero(&k));
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
BN_set_flags(&k, BN_FLG_CONSTTIME);
}
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
CRYPTO_LOCK_DSA, dsa->p, ctx))
@ -264,6 +266,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
if (!BN_copy(&kq, &k))
goto err;
BN_set_flags(&kq, BN_FLG_CONSTTIME);
/*
* We do not want timing information to leak the length of k, so we
* compute g^k using an equivalent exponent of fixed length. (This
@ -282,6 +286,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
} else {
K = &k;
}
DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
dsa->method_mont_p);
if (!BN_mod(r, r, dsa->q, ctx))

2
deps/openssl/openssl/crypto/ec/Makefile

@ -131,7 +131,7 @@ ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ec_ameth.o: ../../include/openssl/x509_vfy.h ../asn1/asn1_locl.h ../cryptlib.h
ec_ameth.o: ec_ameth.c
ec_ameth.o: ec_ameth.c ec_lcl.h
ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

139
deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl

@ -128,6 +128,7 @@ ecp_nistz256_mul_by_2:
push %r13
mov 8*0($a_ptr), $a0
xor $t4,$t4
mov 8*1($a_ptr), $a1
add $a0, $a0 # a0:a3+a0:a3
mov 8*2($a_ptr), $a2
@ -138,7 +139,7 @@ ecp_nistz256_mul_by_2:
adc $a2, $a2
adc $a3, $a3
mov $a1, $t1
sbb $t4, $t4
adc \$0, $t4
sub 8*0($a_ptr), $a0
mov $a2, $t2
@ -146,14 +147,14 @@ ecp_nistz256_mul_by_2:
sbb 8*2($a_ptr), $a2
mov $a3, $t3
sbb 8*3($a_ptr), $a3
test $t4, $t4
sbb \$0, $t4
cmovz $t0, $a0
cmovz $t1, $a1
cmovc $t0, $a0
cmovc $t1, $a1
mov $a0, 8*0($r_ptr)
cmovz $t2, $a2
cmovc $t2, $a2
mov $a1, 8*1($r_ptr)
cmovz $t3, $a3
cmovc $t3, $a3
mov $a2, 8*2($r_ptr)
mov $a3, 8*3($r_ptr)
@ -250,12 +251,12 @@ ecp_nistz256_mul_by_3:
sbb \$0, $a2
mov $a3, $t3
sbb .Lpoly+8*3(%rip), $a3
test $t4, $t4
sbb \$0, $t4
cmovz $t0, $a0
cmovz $t1, $a1
cmovz $t2, $a2
cmovz $t3, $a3
cmovc $t0, $a0
cmovc $t1, $a1
cmovc $t2, $a2
cmovc $t3, $a3
xor $t4, $t4
add 8*0($a_ptr), $a0 # a0:a3+=a_ptr[0:3]
@ -272,14 +273,14 @@ ecp_nistz256_mul_by_3:
sbb \$0, $a2
mov $a3, $t3
sbb .Lpoly+8*3(%rip), $a3
test $t4, $t4
sbb \$0, $t4
cmovz $t0, $a0
cmovz $t1, $a1
cmovc $t0, $a0
cmovc $t1, $a1
mov $a0, 8*0($r_ptr)
cmovz $t2, $a2
cmovc $t2, $a2
mov $a1, 8*1($r_ptr)
cmovz $t3, $a3
cmovc $t3, $a3
mov $a2, 8*2($r_ptr)
mov $a3, 8*3($r_ptr)
@ -318,14 +319,14 @@ ecp_nistz256_add:
sbb 8*2($a_ptr), $a2
mov $a3, $t3
sbb 8*3($a_ptr), $a3
test $t4, $t4
sbb \$0, $t4
cmovz $t0, $a0
cmovz $t1, $a1
cmovc $t0, $a0
cmovc $t1, $a1
mov $a0, 8*0($r_ptr)
cmovz $t2, $a2
cmovc $t2, $a2
mov $a1, 8*1($r_ptr)
cmovz $t3, $a3
cmovc $t3, $a3
mov $a2, 8*2($r_ptr)
mov $a3, 8*3($r_ptr)
@ -1840,13 +1841,14 @@ $code.=<<___;
.type __ecp_nistz256_add_toq,\@abi-omnipotent
.align 32
__ecp_nistz256_add_toq:
xor $t4,$t4
add 8*0($b_ptr), $a0
adc 8*1($b_ptr), $a1
mov $a0, $t0
adc 8*2($b_ptr), $a2
adc 8*3($b_ptr), $a3
mov $a1, $t1
sbb $t4, $t4
adc \$0, $t4
sub \$-1, $a0
mov $a2, $t2
@ -1854,14 +1856,14 @@ __ecp_nistz256_add_toq:
sbb \$0, $a2
mov $a3, $t3
sbb $poly3, $a3
test $t4, $t4
sbb \$0, $t4
cmovz $t0, $a0
cmovz $t1, $a1
cmovc $t0, $a0
cmovc $t1, $a1
mov $a0, 8*0($r_ptr)
cmovz $t2, $a2
cmovc $t2, $a2
mov $a1, 8*1($r_ptr)
cmovz $t3, $a3
cmovc $t3, $a3
mov $a2, 8*2($r_ptr)
mov $a3, 8*3($r_ptr)
@ -1929,13 +1931,14 @@ __ecp_nistz256_subq:
.type __ecp_nistz256_mul_by_2q,\@abi-omnipotent
.align 32
__ecp_nistz256_mul_by_2q:
xor $t4, $t4
add $a0, $a0 # a0:a3+a0:a3
adc $a1, $a1
mov $a0, $t0
adc $a2, $a2
adc $a3, $a3
mov $a1, $t1
sbb $t4, $t4
adc \$0, $t4
sub \$-1, $a0
mov $a2, $t2
@ -1943,14 +1946,14 @@ __ecp_nistz256_mul_by_2q:
sbb \$0, $a2
mov $a3, $t3
sbb $poly3, $a3
test $t4, $t4
sbb \$0, $t4
cmovz $t0, $a0
cmovz $t1, $a1
cmovc $t0, $a0
cmovc $t1, $a1
mov $a0, 8*0($r_ptr)
cmovz $t2, $a2
cmovc $t2, $a2
mov $a1, 8*1($r_ptr)
cmovz $t3, $a3
cmovc $t3, $a3
mov $a2, 8*2($r_ptr)
mov $a3, 8*3($r_ptr)
@ -2241,16 +2244,14 @@ $code.=<<___;
mov $b_org, $a_ptr # reassign
movdqa %xmm0, $in1_x(%rsp)
movdqa %xmm1, $in1_x+0x10(%rsp)
por %xmm0, %xmm1
movdqa %xmm2, $in1_y(%rsp)
movdqa %xmm3, $in1_y+0x10(%rsp)
por %xmm2, %xmm3
movdqa %xmm4, $in1_z(%rsp)
movdqa %xmm5, $in1_z+0x10(%rsp)
por %xmm1, %xmm3
por %xmm4, %xmm5
movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$b_ptr
pshufd \$0xb1, %xmm3, %xmm5
pshufd \$0xb1, %xmm5, %xmm3
movdqu 0x10($a_ptr), %xmm1
movdqu 0x20($a_ptr), %xmm2
por %xmm3, %xmm5
@ -2262,14 +2263,14 @@ $code.=<<___;
movdqa %xmm0, $in2_x(%rsp)
pshufd \$0x1e, %xmm5, %xmm4
movdqa %xmm1, $in2_x+0x10(%rsp)
por %xmm0, %xmm1
movq $r_ptr, %xmm0 # save $r_ptr
movdqu 0x40($a_ptr),%xmm0 # in2_z again
movdqu 0x50($a_ptr),%xmm1
movdqa %xmm2, $in2_y(%rsp)
movdqa %xmm3, $in2_y+0x10(%rsp)
por %xmm2, %xmm3
por %xmm4, %xmm5
pxor %xmm4, %xmm4
por %xmm1, %xmm3
por %xmm0, %xmm1
movq $r_ptr, %xmm0 # save $r_ptr
lea 0x40-$bias($a_ptr), $a_ptr # $a_ptr is still valid
mov $src0, $in2_z+8*0(%rsp) # make in2_z copy
@ -2280,8 +2281,8 @@ $code.=<<___;
call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Z2sqr, in2_z);
pcmpeqd %xmm4, %xmm5
pshufd \$0xb1, %xmm3, %xmm4
por %xmm3, %xmm4
pshufd \$0xb1, %xmm1, %xmm4
por %xmm1, %xmm4
pshufd \$0, %xmm5, %xmm5 # in1infty
pshufd \$0x1e, %xmm4, %xmm3
por %xmm3, %xmm4
@ -2405,6 +2406,7 @@ $code.=<<___;
#lea $Hsqr(%rsp), $r_ptr # 2*U1*H^2
#call __ecp_nistz256_mul_by_2 # ecp_nistz256_mul_by_2(Hsqr, U2);
xor $t4, $t4
add $acc0, $acc0 # a0:a3+a0:a3
lea $Rsqr(%rsp), $a_ptr
adc $acc1, $acc1
@ -2412,7 +2414,7 @@ $code.=<<___;
adc $acc2, $acc2
adc $acc3, $acc3
mov $acc1, $t1
sbb $t4, $t4
adc \$0, $t4
sub \$-1, $acc0
mov $acc2, $t2
@ -2420,15 +2422,15 @@ $code.=<<___;
sbb \$0, $acc2
mov $acc3, $t3
sbb $poly3, $acc3
test $t4, $t4
sbb \$0, $t4
cmovz $t0, $acc0
cmovc $t0, $acc0
mov 8*0($a_ptr), $t0
cmovz $t1, $acc1
cmovc $t1, $acc1
mov 8*1($a_ptr), $t1
cmovz $t2, $acc2
cmovc $t2, $acc2
mov 8*2($a_ptr), $t2
cmovz $t3, $acc3
cmovc $t3, $acc3
mov 8*3($a_ptr), $t3
call __ecp_nistz256_sub$x # p256_sub(res_x, Rsqr, Hsqr);
@ -2612,16 +2614,14 @@ $code.=<<___;
mov 0x40+8*3($a_ptr), $acc0
movdqa %xmm0, $in1_x(%rsp)
movdqa %xmm1, $in1_x+0x10(%rsp)
por %xmm0, %xmm1
movdqa %xmm2, $in1_y(%rsp)
movdqa %xmm3, $in1_y+0x10(%rsp)
por %xmm2, %xmm3
movdqa %xmm4, $in1_z(%rsp)
movdqa %xmm5, $in1_z+0x10(%rsp)
por %xmm1, %xmm3
por %xmm4, %xmm5
movdqu 0x00($b_ptr), %xmm0 # copy *(P256_POINT_AFFINE *)$b_ptr
pshufd \$0xb1, %xmm3, %xmm5
pshufd \$0xb1, %xmm5, %xmm3
movdqu 0x10($b_ptr), %xmm1
movdqu 0x20($b_ptr), %xmm2
por %xmm3, %xmm5
@ -2710,6 +2710,7 @@ $code.=<<___;
#lea $Hsqr(%rsp), $r_ptr # 2*U1*H^2
#call __ecp_nistz256_mul_by_2 # ecp_nistz256_mul_by_2(Hsqr, U2);
xor $t4, $t4
add $acc0, $acc0 # a0:a3+a0:a3
lea $Rsqr(%rsp), $a_ptr
adc $acc1, $acc1
@ -2717,7 +2718,7 @@ $code.=<<___;
adc $acc2, $acc2
adc $acc3, $acc3
mov $acc1, $t1
sbb $t4, $t4
adc \$0, $t4
sub \$-1, $acc0
mov $acc2, $t2
@ -2725,15 +2726,15 @@ $code.=<<___;
sbb \$0, $acc2
mov $acc3, $t3
sbb $poly3, $acc3
test $t4, $t4
sbb \$0, $t4
cmovz $t0, $acc0
cmovc $t0, $acc0
mov 8*0($a_ptr), $t0
cmovz $t1, $acc1
cmovc $t1, $acc1
mov 8*1($a_ptr), $t1
cmovz $t2, $acc2
cmovc $t2, $acc2
mov 8*2($a_ptr), $t2
cmovz $t3, $acc3
cmovc $t3, $acc3
mov 8*3($a_ptr), $t3
call __ecp_nistz256_sub$x # p256_sub(res_x, Rsqr, Hsqr);
@ -2885,14 +2886,14 @@ __ecp_nistz256_add_tox:
sbb \$0, $a2
mov $a3, $t3
sbb $poly3, $a3
sbb \$0, $t4
bt \$0, $t4
cmovnc $t0, $a0
cmovnc $t1, $a1
cmovc $t0, $a0
cmovc $t1, $a1
mov $a0, 8*0($r_ptr)
cmovnc $t2, $a2
cmovc $t2, $a2
mov $a1, 8*1($r_ptr)
cmovnc $t3, $a3
cmovc $t3, $a3
mov $a2, 8*2($r_ptr)
mov $a3, 8*3($r_ptr)
@ -2980,14 +2981,14 @@ __ecp_nistz256_mul_by_2x:
sbb \$0, $a2
mov $a3, $t3
sbb $poly3, $a3
sbb \$0, $t4
bt \$0, $t4
cmovnc $t0, $a0
cmovnc $t1, $a1
cmovc $t0, $a0
cmovc $t1, $a1
mov $a0, 8*0($r_ptr)
cmovnc $t2, $a2
cmovc $t2, $a2
mov $a1, 8*1($r_ptr)
cmovnc $t3, $a3
cmovc $t3, $a3
mov $a2, 8*2($r_ptr)
mov $a3, 8*3($r_ptr)

32
deps/openssl/openssl/crypto/ec/ec_ameth.c

@ -66,9 +66,12 @@
#endif
#include <openssl/asn1t.h>
#include "asn1_locl.h"
#include "ec_lcl.h"
#ifndef OPENSSL_NO_CMS
static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
#endif
static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
{
@ -221,6 +224,8 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
*pb = EC_KEY_get0_public_key(b->pkey.ec);
if (group == NULL || pa == NULL || pb == NULL)
return -2;
r = EC_POINT_cmp(group, pa, pb, NULL);
if (r == 0)
return 1;
@ -299,15 +304,13 @@ static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
EC_KEY *ec_key;
EC_KEY ec_key = *(pkey->pkey.ec);
unsigned char *ep, *p;
int eplen, ptype;
void *pval;
unsigned int tmp_flags, old_flags;
ec_key = pkey->pkey.ec;
unsigned int old_flags;
if (!eckey_param2type(&ptype, &pval, ec_key)) {
if (!eckey_param2type(&ptype, &pval, &ec_key)) {
ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
return 0;
}
@ -318,30 +321,25 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
* do not include the parameters in the SEC1 private key see PKCS#11
* 12.11
*/
old_flags = EC_KEY_get_enc_flags(ec_key);
tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
EC_KEY_set_enc_flags(ec_key, tmp_flags);
eplen = i2d_ECPrivateKey(ec_key, NULL);
old_flags = EC_KEY_get_enc_flags(&ec_key);
EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS);
eplen = i2d_ECPrivateKey(&ec_key, NULL);
if (!eplen) {
EC_KEY_set_enc_flags(ec_key, old_flags);
ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
return 0;
}
ep = (unsigned char *)OPENSSL_malloc(eplen);
if (!ep) {
EC_KEY_set_enc_flags(ec_key, old_flags);
ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
return 0;
}
p = ep;
if (!i2d_ECPrivateKey(ec_key, &p)) {
EC_KEY_set_enc_flags(ec_key, old_flags);
if (!i2d_ECPrivateKey(&ec_key, &p)) {
OPENSSL_free(ep);
ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
return 0;
}
/* restore old encoding flags */
EC_KEY_set_enc_flags(ec_key, old_flags);
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
ptype, pval, ep, eplen))
@ -378,7 +376,7 @@ static int ec_bits(const EVP_PKEY *pkey)
static int ec_missing_parameters(const EVP_PKEY *pkey)
{
if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
return 1;
return 0;
}
@ -398,6 +396,8 @@ static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
{
const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
*group_b = EC_KEY_get0_group(b->pkey.ec);
if (group_a == NULL || group_b == NULL)
return -2;
if (EC_GROUP_cmp(group_a, group_b, NULL))
return 0;
else

9
deps/openssl/openssl/crypto/ec/ec_key.c

@ -377,9 +377,9 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
return 0;
}
ctx = BN_CTX_new();
if (!ctx)
goto err;
if (ctx == NULL)
return 0;
BN_CTX_start(ctx);
point = EC_POINT_new(key->group);
if (!point)
@ -432,9 +432,8 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
ok = 1;
err:
if (ctx)
BN_CTX_end(ctx);
BN_CTX_free(ctx);
if (point)
EC_POINT_free(point);
return ok;

107
deps/openssl/openssl/crypto/ec/ecp_nistz256.c

@ -82,19 +82,36 @@ typedef struct ec_pre_comp_st {
} EC_PRE_COMP;
/* Functions implemented in assembly */
/*
* Most of below mentioned functions *preserve* the property of inputs
* being fully reduced, i.e. being in [0, modulus) range. Simply put if
* inputs are fully reduced, then output is too. Note that reverse is
* not true, in sense that given partially reduced inputs output can be
* either, not unlikely reduced. And "most" in first sentence refers to
* the fact that given the calculations flow one can tolerate that
* addition, 1st function below, produces partially reduced result *if*
* multiplications by 2 and 3, which customarily use addition, fully
* reduce it. This effectively gives two options: a) addition produces
* fully reduced result [as long as inputs are, just like remaining
* functions]; b) addition is allowed to produce partially reduced
* result, but multiplications by 2 and 3 perform additional reduction
* step. Choice between the two can be platform-specific, but it was a)
* in all cases so far...
*/
/* Modular add: res = a+b mod P */
void ecp_nistz256_add(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS],
const BN_ULONG b[P256_LIMBS]);
/* Modular mul by 2: res = 2*a mod P */
void ecp_nistz256_mul_by_2(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS]);
/* Modular div by 2: res = a/2 mod P */
void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS]);
/* Modular mul by 3: res = 3*a mod P */
void ecp_nistz256_mul_by_3(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS]);
/* Modular add: res = a+b mod P */
void ecp_nistz256_add(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS],
const BN_ULONG b[P256_LIMBS]);
/* Modular div by 2: res = a/2 mod P */
void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS]);
/* Modular sub: res = a-b mod P */
void ecp_nistz256_sub(BN_ULONG res[P256_LIMBS],
const BN_ULONG a[P256_LIMBS],
@ -205,10 +222,12 @@ static BN_ULONG is_equal(const BN_ULONG a[P256_LIMBS],
return is_zero(res);
}
static BN_ULONG is_one(const BN_ULONG a[P256_LIMBS])
static BN_ULONG is_one(const BIGNUM *z)
{
BN_ULONG res;
BN_ULONG res = 0;
BN_ULONG *a = z->d;
if (z->top == (P256_LIMBS - P256_LIMBS / 8)) {
res = a[0] ^ ONE[0];
res |= a[1] ^ ONE[1];
res |= a[2] ^ ONE[2];
@ -217,9 +236,15 @@ static BN_ULONG is_one(const BN_ULONG a[P256_LIMBS])
res |= a[4] ^ ONE[4];
res |= a[5] ^ ONE[5];
res |= a[6] ^ ONE[6];
/*
* no check for a[7] (being zero) on 32-bit platforms,
* because value of "one" takes only 7 limbs.
*/
}
res = is_zero(res);
}
return is_zero(res);
return res;
}
static int ecp_nistz256_set_words(BIGNUM *a, BN_ULONG words[P256_LIMBS])
@ -315,19 +340,16 @@ static void ecp_nistz256_point_add(P256_POINT *r,
const BN_ULONG *in2_y = b->Y;
const BN_ULONG *in2_z = b->Z;
/* We encode infinity as (0,0), which is not on the curve,
* so it is OK. */
in1infty = (in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] |
in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]);
/*
* Infinity in encoded as (,,0)
*/
in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]);
if (P256_LIMBS == 8)
in1infty |= (in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] |
in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]);
in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]);
in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] |
in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]);
in2infty = (in2_z[0] | in2_z[1] | in2_z[2] | in2_z[3]);
if (P256_LIMBS == 8)
in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] |
in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]);
in2infty |= (in2_z[4] | in2_z[5] | in2_z[6] | in2_z[7]);
in1infty = is_zero(in1infty);
in2infty = is_zero(in2infty);
@ -416,15 +438,16 @@ static void ecp_nistz256_point_add_affine(P256_POINT *r,
const BN_ULONG *in2_y = b->Y;
/*
* In affine representation we encode infty as (0,0), which is not on the
* curve, so it is OK
* Infinity in encoded as (,,0)
*/
in1infty = (in1_x[0] | in1_x[1] | in1_x[2] | in1_x[3] |
in1_y[0] | in1_y[1] | in1_y[2] | in1_y[3]);
in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]);
if (P256_LIMBS == 8)
in1infty |= (in1_x[4] | in1_x[5] | in1_x[6] | in1_x[7] |
in1_y[4] | in1_y[5] | in1_y[6] | in1_y[7]);
in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]);
/*
* In affine representation we encode infinity as (0,0), which is
* not on the curve, so it is OK
*/
in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] |
in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]);
if (P256_LIMBS == 8)
@ -741,9 +764,8 @@ static int ecp_nistz256_is_affine_G(const EC_POINT *generator)
{
return (generator->X.top == P256_LIMBS) &&
(generator->Y.top == P256_LIMBS) &&
(generator->Z.top == (P256_LIMBS - P256_LIMBS / 8)) &&
is_equal(generator->X.d, def_xG) &&
is_equal(generator->Y.d, def_yG) && is_one(generator->Z.d);
is_equal(generator->Y.d, def_yG) && is_one(&generator->Z);
}
static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
@ -1249,6 +1271,8 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
} else
#endif
{
BN_ULONG infty;
/* First window */
wvalue = (p_str[0] << 1) & mask;
index += window_size;
@ -1260,7 +1284,30 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
ecp_nistz256_neg(p.p.Z, p.p.Y);
copy_conditional(p.p.Y, p.p.Z, wvalue & 1);
memcpy(p.p.Z, ONE, sizeof(ONE));
/*
* Since affine infinity is encoded as (0,0) and
* Jacobian ias (,,0), we need to harmonize them
* by assigning "one" or zero to Z.
*/
infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] |
p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
if (P256_LIMBS == 8)
infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
infty = 0 - is_zero(infty);
infty = ~infty;
p.p.Z[0] = ONE[0] & infty;
p.p.Z[1] = ONE[1] & infty;
p.p.Z[2] = ONE[2] & infty;
p.p.Z[3] = ONE[3] & infty;
if (P256_LIMBS == 8) {
p.p.Z[4] = ONE[4] & infty;
p.p.Z[5] = ONE[5] & infty;
p.p.Z[6] = ONE[6] & infty;
p.p.Z[7] = ONE[7] & infty;
}
for (i = 1; i < 37; i++) {
unsigned int off = (index - 1) / 8;
@ -1331,7 +1378,7 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
!ecp_nistz256_set_words(&r->Z, p.p.Z)) {
goto err;
}
r->Z_is_one = is_one(p.p.Z) & 1;
r->Z_is_one = is_one(&r->Z) & 1;
ret = 1;

Some files were not shown because too many files changed in this diff

Loading…
Cancel
Save