diff options
| author | Matthew Garrett <mjg@redhat.com> | 2012-07-02 12:33:42 -0400 |
|---|---|---|
| committer | Matthew Garrett <mjg@redhat.com> | 2012-07-02 12:33:42 -0400 |
| commit | d259b1406044b430fe5786cd57e272bb9c57166d (patch) | |
| tree | 308e31c8b7338e11843ac324ce20b89d765c3f45 /Cryptlib/OpenSSL/crypto/evp | |
| parent | 20094cb55d476c5d053cc73cec6e0d3f2a1c8d9a (diff) | |
| download | efi-boot-shim-d259b1406044b430fe5786cd57e272bb9c57166d.tar.gz efi-boot-shim-d259b1406044b430fe5786cd57e272bb9c57166d.zip | |
Update OpenSSL
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/evp')
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 77 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/c_allc.c | 2 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/c_alld.c | 3 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/digest.c | 24 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/enc_min.c | 1 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/encode.c | 3 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 6 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 49 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/names.c | 2 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/p_sign.c | 2 | ||||
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/evp/p_verify.c | 2 |
11 files changed, 129 insertions, 42 deletions
diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c index fa5cbc7e..72a2a672 100755 --- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c @@ -64,7 +64,7 @@ static int b64_write(BIO *h, const char *buf, int num); static int b64_read(BIO *h, char *buf, int size); -/*static int b64_puts(BIO *h, const char *str); */ +static int b64_puts(BIO *h, const char *str); /*static int b64_gets(BIO *h, char *str, int size); */ static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int b64_new(BIO *h); @@ -96,7 +96,7 @@ static BIO_METHOD methods_b64= BIO_TYPE_BASE64,"base64 encoding", b64_write, b64_read, - NULL, /* b64_puts, */ + b64_puts, NULL, /* b64_gets, */ b64_ctrl, b64_new, @@ -127,6 +127,7 @@ static int b64_new(BIO *bi) bi->init=1; bi->ptr=(char *)ctx; bi->flags=0; + bi->num = 0; return(1); } @@ -151,6 +152,8 @@ static int b64_read(BIO *b, char *out, int outl) if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + BIO_clear_retry_flags(b); + if (ctx->encode != B64_DECODE) { ctx->encode=B64_DECODE; @@ -163,6 +166,7 @@ static int b64_read(BIO *b, char *out, int outl) /* First check if there are bytes decoded/encoded */ if (ctx->buf_len > 0) { + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); i=ctx->buf_len-ctx->buf_off; if (i > outl) i=outl; OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); @@ -184,7 +188,6 @@ static int b64_read(BIO *b, char *out, int outl) ret_code=0; while (outl > 0) { - if (ctx->cont <= 0) break; @@ -195,7 +198,7 @@ static int b64_read(BIO *b, char *out, int outl) { ret_code=i; - /* Should be continue next time we are called? */ + /* Should we continue next time we are called? */ if (!BIO_should_retry(b->next_bio)) { ctx->cont=i; @@ -285,19 +288,27 @@ static int b64_read(BIO *b, char *out, int outl) continue; } else + { ctx->tmp_len=0; } - /* If buffer isn't full and we can retry then - * restart to read in more data. - */ + } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) + { + /* If buffer isn't full and we can retry then + * restart to read in more data. + */ continue; + } if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { int z,jj; +#if 0 jj=(i>>2)<<2; +#else + jj = i & ~3; /* process per 4 */ +#endif z=EVP_DecodeBlock((unsigned char *)ctx->buf, (unsigned char *)ctx->tmp,jj); if (jj > 2) @@ -313,18 +324,15 @@ static int b64_read(BIO *b, char *out, int outl) * number consumed */ if (jj != i) { - memcpy((unsigned char *)ctx->tmp, - (unsigned char *)&(ctx->tmp[jj]),i-jj); + memmove(ctx->tmp, &ctx->tmp[jj], i-jj); ctx->tmp_len=i-jj; } ctx->buf_len=0; if (z > 0) { ctx->buf_len=z; - i=1; } - else - i=z; + i=z; } else { @@ -357,14 +365,16 @@ static int b64_read(BIO *b, char *out, int outl) outl-=i; out+=i; } - BIO_clear_retry_flags(b); + /* BIO_clear_retry_flags(b); */ BIO_copy_next_retry(b); return((ret == 0)?ret_code:ret); } static int b64_write(BIO *b, const char *in, int inl) { - int ret=inl,n,i; + int ret=0; + int n; + int i; BIO_B64_CTX *ctx; ctx=(BIO_B64_CTX *)b->ptr; @@ -379,6 +389,9 @@ static int b64_write(BIO *b, const char *in, int inl) EVP_EncodeInit(&(ctx->base64)); } + OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); n=ctx->buf_len-ctx->buf_off; while (n > 0) { @@ -388,7 +401,10 @@ static int b64_write(BIO *b, const char *in, int inl) BIO_copy_next_retry(b); return(i); } + OPENSSL_assert(i <= n); ctx->buf_off+=i; + OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); n-=i; } /* at this point all pending data has been written */ @@ -405,18 +421,19 @@ static int b64_write(BIO *b, const char *in, int inl) { if (ctx->tmp_len > 0) { + OPENSSL_assert(ctx->tmp_len <= 3); n=3-ctx->tmp_len; - /* There's a teoretical possibility for this */ + /* There's a theoretical possibility for this */ if (n > inl) n=inl; memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); ctx->tmp_len+=n; + ret += n; if (ctx->tmp_len < 3) break; - ctx->buf_len=EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, - ctx->tmp_len); + ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); /* Since we're now done using the temporary buffer, the length should be 0'd */ ctx->tmp_len=0; @@ -425,14 +442,16 @@ static int b64_write(BIO *b, const char *in, int inl) { if (n < 3) { - memcpy(&(ctx->tmp[0]),in,n); + memcpy(ctx->tmp,in,n); ctx->tmp_len=n; + ret += n; break; } n-=n%3; - ctx->buf_len=EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)in,n); + ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; } } else @@ -440,6 +459,9 @@ static int b64_write(BIO *b, const char *in, int inl) EVP_EncodeUpdate(&(ctx->base64), (unsigned char *)ctx->buf,&ctx->buf_len, (unsigned char *)in,n); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; } inl-=n; in+=n; @@ -454,8 +476,11 @@ static int b64_write(BIO *b, const char *in, int inl) BIO_copy_next_retry(b); return((ret == 0)?i:ret); } + OPENSSL_assert(i <= n); n-=i; ctx->buf_off+=i; + OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); } ctx->buf_len=0; ctx->buf_off=0; @@ -486,6 +511,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; case BIO_CTRL_WPENDING: /* More to write in buffer */ + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret=ctx->buf_len-ctx->buf_off; if ((ret == 0) && (ctx->encode != B64_NONE) && (ctx->base64.num != 0)) @@ -494,6 +520,7 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); break; case BIO_CTRL_PENDING: /* More to read in buffer */ + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ret=ctx->buf_len-ctx->buf_off; if (ret <= 0) ret=BIO_ctrl(b->next_bio,cmd,num,ptr); @@ -565,3 +592,7 @@ static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) return(ret); } +static int b64_puts(BIO *b, const char *str) + { + return b64_write(b,str,strlen(str)); + } diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c index 7054d812..e45cee8a 100755 --- a/Cryptlib/OpenSSL/crypto/evp/c_allc.c +++ b/Cryptlib/OpenSSL/crypto/evp/c_allc.c @@ -71,6 +71,8 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_des_cfb8()); EVP_add_cipher(EVP_des_ede_cfb()); EVP_add_cipher(EVP_des_ede3_cfb()); + EVP_add_cipher(EVP_des_ede3_cfb1()); + EVP_add_cipher(EVP_des_ede3_cfb8()); EVP_add_cipher(EVP_des_ofb()); EVP_add_cipher(EVP_des_ede_ofb()); diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c index d270b0ee..e0841d12 100755 --- a/Cryptlib/OpenSSL/crypto/evp/c_alld.c +++ b/Cryptlib/OpenSSL/crypto/evp/c_alld.c @@ -64,9 +64,6 @@ void OpenSSL_add_all_digests(void) { -#ifndef OPENSSL_NO_MD2 - EVP_add_digest(EVP_md2()); -#endif #ifndef OPENSSL_NO_MD4 EVP_add_digest(EVP_md4()); #endif diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c index 3bc2d129..10a36071 100755 --- a/Cryptlib/OpenSSL/crypto/evp/digest.c +++ b/Cryptlib/OpenSSL/crypto/evp/digest.c @@ -127,7 +127,8 @@ EVP_MD_CTX *EVP_MD_CTX_create(void) { EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); - EVP_MD_CTX_init(ctx); + if (ctx) + EVP_MD_CTX_init(ctx); return ctx; } @@ -234,6 +235,7 @@ static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) { /* Same comment from evp_enc.c */ EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); + ENGINE_finish(impl); return 0; } /* We'll use the ENGINE's private digest definition */ @@ -299,7 +301,14 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) OPENSSL_free(ctx->md_data); ctx->digest=type; if (type->ctx_size) + { ctx->md_data=OPENSSL_malloc(type->ctx_size); + if (!ctx->md_data) + { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); + return 0; + } + } } #ifndef OPENSSL_NO_ENGINE skip_to_init: @@ -380,8 +389,17 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) if (out->digest->ctx_size) { - if (tmp_buf) out->md_data = tmp_buf; - else out->md_data=OPENSSL_malloc(out->digest->ctx_size); + if (tmp_buf) + out->md_data = tmp_buf; + else + { + out->md_data=OPENSSL_malloc(out->digest->ctx_size); + if (!out->md_data) + { + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE); + return 0; + } + } memcpy(out->md_data,in->md_data,out->digest->ctx_size); } diff --git a/Cryptlib/OpenSSL/crypto/evp/enc_min.c b/Cryptlib/OpenSSL/crypto/evp/enc_min.c index 7fba38ee..a8c176fb 100755 --- a/Cryptlib/OpenSSL/crypto/evp/enc_min.c +++ b/Cryptlib/OpenSSL/crypto/evp/enc_min.c @@ -279,6 +279,7 @@ skip_to_init: case EVP_CIPH_OFB_MODE: ctx->num = 0; + /* fall-through */ case EVP_CIPH_CBC_MODE: diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c index 5921f0d7..e8a52181 100755 --- a/Cryptlib/OpenSSL/crypto/evp/encode.c +++ b/Cryptlib/OpenSSL/crypto/evp/encode.c @@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; + int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; unsigned char *d; n=ctx->num; @@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, * lines. We process the line and then need to * accept the '\n' */ if ((v != B64_EOF) && (n >= 64)) exp_nl=1; - tmp2=v; if (n > 0) { v=EVP_DecodeBlock(out,d,n); diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c index 174cf6c5..9c200617 100755 --- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c @@ -163,6 +163,12 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) return NID_des_cfb64; + case NID_des_ede3_cfb64: + case NID_des_ede3_cfb8: + case NID_des_ede3_cfb1: + + return NID_des_cfb64; + default: /* Check it has an OID and it is valid */ otmp = OBJ_nid2obj(nid); diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c index 5e830be6..766ea42b 100755 --- a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c @@ -116,17 +116,50 @@ static int pbe_cmp(const char * const *a, const char * const *b) int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen) { - EVP_PBE_CTL *pbe_tmp; - if (!pbe_algs) pbe_algs = sk_new(pbe_cmp); - if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) { - EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } - pbe_tmp->pbe_nid = nid; + EVP_PBE_CTL *pbe_tmp = NULL, pbelu; + int i; + if (!pbe_algs) + { + pbe_algs = sk_new(pbe_cmp); + if (!pbe_algs) + { + EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + } + else + { + /* Check if already present */ + pbelu.pbe_nid = nid; + i = sk_find(pbe_algs, (char *)&pbelu); + if (i >= 0) + { + pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i); + /* If everything identical leave alone */ + if (pbe_tmp->cipher == cipher + && pbe_tmp->md == md + && pbe_tmp->keygen == keygen) + return 1; + } + } + + if (!pbe_tmp) + { + pbe_tmp = OPENSSL_malloc (sizeof(EVP_PBE_CTL)); + if (!pbe_tmp) + { + EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); + return 0; + } + /* If adding a new PBE, set nid, append and sort */ + pbe_tmp->pbe_nid = nid; + sk_push (pbe_algs, (char *)pbe_tmp); + sk_sort(pbe_algs); + } + pbe_tmp->cipher = cipher; pbe_tmp->md = md; pbe_tmp->keygen = keygen; - sk_push (pbe_algs, (char *)pbe_tmp); return 1; } diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c index e2e04c35..945879dc 100755 --- a/Cryptlib/OpenSSL/crypto/evp/names.c +++ b/Cryptlib/OpenSSL/crypto/evp/names.c @@ -90,7 +90,7 @@ int EVP_add_digest(const EVP_MD *md) r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); - if (md->type != md->pkey_type) + if (md->pkey_type && md->type != md->pkey_type) { r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c index bf41a0db..782d1405 100755 --- a/Cryptlib/OpenSSL/crypto/evp/p_sign.c +++ b/Cryptlib/OpenSSL/crypto/evp/p_sign.c @@ -81,7 +81,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; *siglen=0; for (i=0; i<4; i++) diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c index 2d46dffe..072c1279 100755 --- a/Cryptlib/OpenSSL/crypto/evp/p_verify.c +++ b/Cryptlib/OpenSSL/crypto/evp/p_verify.c @@ -68,7 +68,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + EVP_MD_CTX tmp_ctx; for (i=0; i<4; i++) { |