diff options
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/evp')
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/digest.c | 4 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c | 3 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c | 16 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/e_camellia.c | 2 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/e_des.c | 11 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/e_des3.c | 15 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/e_old.c | 2 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/e_seed.c | 2 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/encode.c | 210 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 2 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/evp_key.c | 8 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 36 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 16 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/p_lib.c | 2 | ||||
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c | 9 |
15 files changed, 203 insertions, 135 deletions
diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c index f2643f32..5b642b23 100644 --- a/Cryptlib/OpenSSL/crypto/evp/digest.c +++ b/Cryptlib/OpenSSL/crypto/evp/digest.c @@ -212,8 +212,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } #endif if (ctx->digest != type) { - if (ctx->digest && ctx->digest->ctx_size) + if (ctx->digest && ctx->digest->ctx_size) { OPENSSL_free(ctx->md_data); + ctx->md_data = NULL; + } ctx->digest = type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update; diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c index 8330964e..6dfd590a 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -60,6 +60,7 @@ # include <openssl/sha.h> # include <openssl/rand.h> # include "modes_lcl.h" +# include "constant_time_locl.h" # ifndef EVP_CIPH_FLAG_AEAD_CIPHER # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 @@ -578,6 +579,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; + ret &= constant_time_ge(maxpad, pad); + inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); inp_len &= mask; diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c index b1c586e6..46c9d033 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -60,6 +60,7 @@ # include <openssl/sha.h> # include <openssl/rand.h> # include "modes_lcl.h" +# include "constant_time_locl.h" # ifndef EVP_CIPH_FLAG_AEAD_CIPHER # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 @@ -498,7 +499,18 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, iv = AES_BLOCK_SIZE; # if defined(STITCHED_CALL) + /* + * Assembly stitch handles AVX-capable processors, but its + * performance is not optimal on AMD Jaguar, ~40% worse, for + * unknown reasons. Incidentally processor in question supports + * AVX, but not AMD-specific XOP extension, which can be used + * to identify it and avoid stitch invocation. So that after we + * establish that current CPU supports AVX, we even see if it's + * either even XOP-capable Bulldozer-based or GenuineIntel one. + */ if (OPENSSL_ia32cap_P[1] & (1 << (60 - 32)) && /* AVX? */ + ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ + | (OPENSSL_ia32cap_P[0] & (1<<30))) && /* "Intel CPU"? */ plen > (sha_off + iv) && (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { SHA256_Update(&key->md, in + iv, sha_off); @@ -578,6 +590,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; + ret &= constant_time_ge(maxpad, pad); + inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); inp_len &= mask; @@ -816,8 +830,6 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, if (arg != EVP_AEAD_TLS1_AAD_LEN) return -1; - len = p[arg - 2] << 8 | p[arg - 1]; - if (ctx->encrypt) { key->payload_length = len; if ((key->aux.tls_ver = diff --git a/Cryptlib/OpenSSL/crypto/evp/e_camellia.c b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c index f9c84013..f273f9c9 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_camellia.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c @@ -1,4 +1,4 @@ -/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/evp/e_camellia.c */ /* ==================================================================== * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c index aae13a67..8ca65cd0 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_des.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_des.c @@ -71,12 +71,13 @@ typedef struct { DES_key_schedule ks; } ks; union { - void (*cbc) (const void *, void *, size_t, const void *, void *); + void (*cbc) (const void *, void *, size_t, + const DES_key_schedule *, unsigned char *); } stream; } EVP_DES_KEY; # if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) -/* ---------^^^ this is not a typo, just a way to detect that +/* ----------^^^ this is not a typo, just a way to detect that * assembler support was in general requested... */ # include "sparc_arch.h" @@ -86,9 +87,9 @@ extern unsigned int OPENSSL_sparcv9cap_P[]; void des_t4_key_expand(const void *key, DES_key_schedule *ks); void des_t4_cbc_encrypt(const void *inp, void *out, size_t len, - DES_key_schedule *ks, unsigned char iv[8]); + const DES_key_schedule *ks, unsigned char iv[8]); void des_t4_cbc_decrypt(const void *inp, void *out, size_t len, - DES_key_schedule *ks, unsigned char iv[8]); + const DES_key_schedule *ks, unsigned char iv[8]); # endif static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -130,7 +131,7 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; - if (dat->stream.cbc) { + if (dat->stream.cbc != NULL) { (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv); return 1; } diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c index 96f272eb..0e910d6d 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_des3.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_des3.c @@ -75,7 +75,8 @@ typedef struct { DES_key_schedule ks[3]; } ks; union { - void (*cbc) (const void *, void *, size_t, const void *, void *); + void (*cbc) (const void *, void *, size_t, + const DES_key_schedule *, unsigned char *); } stream; } DES_EDE_KEY; # define ks1 ks.ks[0] @@ -93,9 +94,9 @@ extern unsigned int OPENSSL_sparcv9cap_P[]; void des_t4_key_expand(const void *key, DES_key_schedule *ks); void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len, - DES_key_schedule *ks, unsigned char iv[8]); + const DES_key_schedule ks[3], unsigned char iv[8]); void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len, - DES_key_schedule *ks, unsigned char iv[8]); + const DES_key_schedule ks[3], unsigned char iv[8]); # endif static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -162,7 +163,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } # endif /* KSSL_DEBUG */ if (dat->stream.cbc) { - (*dat->stream.cbc) (in, out, inl, &dat->ks, ctx->iv); + (*dat->stream.cbc) (in, out, inl, dat->ks.ks, ctx->iv); return 1; } @@ -289,7 +290,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, # endif # ifdef EVP_CHECK_DES_KEY if (DES_set_key_checked(&deskey[0], &dat->ks1) - ! !DES_set_key_checked(&deskey[1], &dat->ks2)) + || DES_set_key_checked(&deskey[1], &dat->ks2)) return 0; # else DES_set_key_unchecked(&deskey[0], &dat->ks1); @@ -395,7 +396,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, int rv = -1; if (inl < 24) return -1; - if (!out) + if (out == NULL) return inl - 16; memcpy(ctx->iv, wrap_iv, 8); /* Decrypt first block which will end up as icv */ @@ -438,7 +439,7 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - if (!out) + if (out == NULL) return inl + 16; /* Copy input to output buffer + 8 so we have space for IV */ memmove(out + 8, in, inl); diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c index c93f5a54..a23d143b 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_old.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_old.c @@ -1,4 +1,4 @@ -/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/evp/e_old.c */ /* * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project * 2004. diff --git a/Cryptlib/OpenSSL/crypto/evp/e_seed.c b/Cryptlib/OpenSSL/crypto/evp/e_seed.c index c948a8f3..7249d1b1 100644 --- a/Cryptlib/OpenSSL/crypto/evp/e_seed.c +++ b/Cryptlib/OpenSSL/crypto/evp/e_seed.c @@ -1,4 +1,4 @@ -/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */ +/* crypto/evp/e_seed.c */ /* ==================================================================== * Copyright (c) 2007 The OpenSSL Project. All rights reserved. * diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c index c361d1f0..c6c775e0 100644 --- a/Cryptlib/OpenSSL/crypto/evp/encode.c +++ b/Cryptlib/OpenSSL/crypto/evp/encode.c @@ -57,12 +57,13 @@ */ #include <stdio.h> +#include <limits.h> #include "cryptlib.h" #include <openssl/evp.h> +static unsigned char conv_ascii2bin(unsigned char a); #ifndef CHARSET_EBCDIC # define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -# define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) #else /* * We assume that PEM encoded files are EBCDIC files (i.e., printable text @@ -71,7 +72,6 @@ * as the underlying textstring data_bin2ascii[] is already EBCDIC) */ # define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -# define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) #endif /*- @@ -103,6 +103,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/"; #define B64_WS 0xE0 #define B64_ERROR 0xFF #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) +#define B64_BASE64(a) !B64_NOT_BASE64(a) static const unsigned char data_ascii2bin[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -123,6 +124,23 @@ static const unsigned char data_ascii2bin[128] = { 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }; +#ifndef CHARSET_EBCDIC +static unsigned char conv_ascii2bin(unsigned char a) +{ + if (a & 0x80) + return B64_ERROR; + return data_ascii2bin[a]; +} +#else +static unsigned char conv_ascii2bin(unsigned char a) +{ + a = os_toascii[a]; + if (a & 0x80) + return B64_ERROR; + return data_ascii2bin[a]; +} +#endif + void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { ctx->length = 48; @@ -134,13 +152,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { int i, j; - unsigned int total = 0; + size_t total = 0; *outl = 0; if (inl <= 0) return; OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); - if ((ctx->num + inl) < ctx->length) { + if (ctx->length - ctx->num > inl) { memcpy(&(ctx->enc_data[ctx->num]), in, inl); ctx->num += inl; return; @@ -157,7 +175,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *out = '\0'; total = j + 1; } - while (inl >= ctx->length) { + while (inl >= ctx->length && total <= INT_MAX) { j = EVP_EncodeBlock(out, in, ctx->length); in += ctx->length; inl -= ctx->length; @@ -166,6 +184,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, *out = '\0'; total += j + 1; } + if (total > INT_MAX) { + /* Too much output data! */ + *outl = 0; + return; + } if (inl != 0) memcpy(&(ctx->enc_data[0]), in, inl); ctx->num = inl; @@ -218,8 +241,9 @@ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) { - ctx->length = 30; + /* Only ctx->num is used during decoding. */ ctx->num = 0; + ctx->length = 0; ctx->line_num = 0; ctx->expect_nl = 0; } @@ -228,139 +252,123 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) * -1 for error * 0 for last line * 1 for full line + * + * Note: even though EVP_DecodeUpdate attempts to detect and report end of + * content, the context doesn't currently remember it and will accept more data + * in the next call. Therefore, the caller is responsible for checking and + * rejecting a 0 return value in the middle of content. + * + * Note: even though EVP_DecodeUpdate has historically tried to detect end of + * content based on line length, this has never worked properly. Therefore, + * we now return 0 when one of the following is true: + * - Padding or B64_EOF was detected and the last block is complete. + * - Input has zero-length. + * -1 is returned if: + * - Invalid characters are detected. + * - There is extra trailing padding, or data after padding. + * - B64_EOF is detected after an incomplete base64 block. */ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl; + int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len; unsigned char *d; n = ctx->num; d = ctx->enc_data; - ln = ctx->line_num; - exp_nl = ctx->expect_nl; - /* last line of input. */ - if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) { + if (n > 0 && d[n - 1] == '=') { + eof++; + if (n > 1 && d[n - 2] == '=') + eof++; + } + + /* Legacy behaviour: an empty input chunk signals end of input. */ + if (inl == 0) { rv = 0; goto end; } - /* We parse the input data */ for (i = 0; i < inl; i++) { - /* If the current line is > 80 characters, scream a lot */ - if (ln >= 80) { - rv = -1; - goto end; - } - - /* Get char and put it into the buffer */ tmp = *(in++); v = conv_ascii2bin(tmp); - /* only save the good data :-) */ - if (!B64_NOT_BASE64(v)) { - OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); - d[n++] = tmp; - ln++; - } else if (v == B64_ERROR) { + if (v == B64_ERROR) { rv = -1; goto end; } - /* - * have we seen a '=' which is 'definitly' the last input line. seof - * will point to the character that holds it. and eof will hold how - * many characters to chop off. - */ if (tmp == '=') { - if (seof == -1) - seof = n; eof++; + } else if (eof > 0 && B64_BASE64(v)) { + /* More data after padding. */ + rv = -1; + goto end; } - if (v == B64_CR) { - ln = 0; - if (exp_nl) - continue; + if (eof > 2) { + rv = -1; + goto end; } - /* eoln */ - if (v == B64_EOLN) { - ln = 0; - if (exp_nl) { - exp_nl = 0; - continue; - } - } - exp_nl = 0; - - /* - * If we are at the end of input and it looks like a line, process - * it. - */ - if (((i + 1) == inl) && (((n & 3) == 0) || eof)) { - v = B64_EOF; - /* - * In case things were given us in really small records (so two - * '=' were given in separate updates), eof may contain the - * incorrect number of ending bytes to skip, so let's redo the - * count - */ - eof = 0; - if (d[n - 1] == '=') - eof++; - if (d[n - 2] == '=') - eof++; - /* There will never be more than two '=' */ + if (v == B64_EOF) { + seof = 1; + goto tail; } - if ((v == B64_EOF && (n & 3) == 0) || (n >= 64)) { - /* - * This is needed to work correctly on 64 byte input lines. We - * process the line and then need to accept the '\n' - */ - if ((v != B64_EOF) && (n >= 64)) - exp_nl = 1; - if (n > 0) { - v = EVP_DecodeBlock(out, d, n); - n = 0; - if (v < 0) { - rv = 0; - goto end; - } - if (eof > v) { - rv = -1; - goto end; - } - ret += (v - eof); - } else { - eof = 1; - v = 0; + /* Only save valid base64 characters. */ + if (B64_BASE64(v)) { + if (n >= 64) { + /* + * We increment n once per loop, and empty the buffer as soon as + * we reach 64 characters, so this can only happen if someone's + * manually messed with the ctx. Refuse to write any more data. + */ + rv = -1; + goto end; } + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); + d[n++] = tmp; + } - /* - * This is the case where we have had a short but valid input - * line - */ - if ((v < ctx->length) && eof) { - rv = 0; + if (n == 64) { + decoded_len = EVP_DecodeBlock(out, d, n); + n = 0; + if (decoded_len < 0 || eof > decoded_len) { + rv = -1; goto end; - } else - ctx->length = v; + } + ret += decoded_len - eof; + out += decoded_len - eof; + } + } - if (seof >= 0) { - rv = 0; + /* + * Legacy behaviour: if the current line is a full base64-block (i.e., has + * 0 mod 4 base64 characters), it is processed immediately. We keep this + * behaviour as applications may not be calling EVP_DecodeFinal properly. + */ +tail: + if (n > 0) { + if ((n & 3) == 0) { + decoded_len = EVP_DecodeBlock(out, d, n); + n = 0; + if (decoded_len < 0 || eof > decoded_len) { + rv = -1; goto end; } - out += v; + ret += (decoded_len - eof); + } else if (seof) { + /* EOF in the middle of a base64 block. */ + rv = -1; + goto end; } } - rv = 1; - end: + + rv = seof || (n == 0 && eof) ? 0 : 1; +end: + /* Legacy behaviour. This should probably rather be zeroed on error. */ *outl = ret; ctx->num = n; - ctx->line_num = ln; - ctx->expect_nl = exp_nl; return (rv); } diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c index 65f0e024..7d7be245 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c @@ -347,7 +347,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, bl = ctx->cipher->block_size; OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); if (i != 0) { - if (i + inl < bl) { + if (bl - i > inl) { memcpy(&(ctx->buf[i]), in, inl); ctx->buf_len += inl; *outl = 0; diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c index 71fa627b..63c8866e 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_key.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_key.c @@ -63,6 +63,7 @@ #include <openssl/evp.h> #include <openssl/ui.h> +#ifndef OPENSSL_NO_UI /* should be init to zeros. */ static char prompt_string[80]; @@ -104,6 +105,8 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt = prompt_string; ui = UI_new(); + if (ui == NULL) + return -1; UI_add_input_string(ui, prompt, 0, buf, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len); if (verify) @@ -115,6 +118,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, OPENSSL_cleanse(buff, BUFSIZ); return ret; } +#endif /* OPENSSL_NO_UI */ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, const unsigned char *salt, const unsigned char *data, @@ -137,7 +141,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, EVP_MD_CTX_init(&c); for (;;) { if (!EVP_DigestInit_ex(&c, md, NULL)) - return 0; + goto err; if (addmd++) if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) goto err; @@ -188,6 +192,6 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, rv = type->key_len; err: EVP_MD_CTX_cleanup(&c); - OPENSSL_cleanse(&(md_buf[0]), EVP_MAX_MD_SIZE); + OPENSSL_cleanse(md_buf, sizeof(md_buf)); return rv; } diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c index a53a27ca..7e0bab90 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c @@ -72,11 +72,22 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret = c->cipher->set_asn1_parameters(c, type); else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { - if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) { - ASN1_TYPE_set(type, V_ASN1_NULL, NULL); + switch (EVP_CIPHER_CTX_mode(c)) { + case EVP_CIPH_WRAP_MODE: + if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap) + ASN1_TYPE_set(type, V_ASN1_NULL, NULL); ret = 1; - } else + break; + + case EVP_CIPH_GCM_MODE: + case EVP_CIPH_CCM_MODE: + case EVP_CIPH_XTS_MODE: + ret = -1; + break; + + default: ret = EVP_CIPHER_set_asn1_iv(c, type); + } } else ret = -1; return (ret); @@ -89,9 +100,22 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret = c->cipher->get_asn1_parameters(c, type); else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) { - if (EVP_CIPHER_CTX_mode(c) == EVP_CIPH_WRAP_MODE) - return 1; - ret = EVP_CIPHER_get_asn1_iv(c, type); + switch (EVP_CIPHER_CTX_mode(c)) { + + case EVP_CIPH_WRAP_MODE: + ret = 1; + break; + + case EVP_CIPH_GCM_MODE: + case EVP_CIPH_CCM_MODE: + case EVP_CIPH_XTS_MODE: + ret = -1; + break; + + default: + ret = EVP_CIPHER_get_asn1_iv(c, type); + break; + } } else ret = -1; return (ret); diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c index e3fa95db..7934c95f 100644 --- a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +++ b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c @@ -228,12 +228,16 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, EVP_PBE_KEYGEN *keygen) { EVP_PBE_CTL *pbe_tmp; - if (!pbe_algs) + + if (pbe_algs == NULL) { pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); - if (!(pbe_tmp = (EVP_PBE_CTL *)OPENSSL_malloc(sizeof(EVP_PBE_CTL)))) { - EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); - return 0; + if (pbe_algs == NULL) + goto err; } + + if ((pbe_tmp = OPENSSL_malloc(sizeof(*pbe_tmp))) == NULL) + goto err; + pbe_tmp->pbe_type = pbe_type; pbe_tmp->pbe_nid = pbe_nid; pbe_tmp->cipher_nid = cipher_nid; @@ -242,6 +246,10 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp); return 1; + + err: + EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); + return 0; } int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c index 1171d308..c0171244 100644 --- a/Cryptlib/OpenSSL/crypto/evp/p_lib.c +++ b/Cryptlib/OpenSSL/crypto/evp/p_lib.c @@ -253,7 +253,7 @@ int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) { - if (!EVP_PKEY_set_type(pkey, type)) + if (pkey == NULL || !EVP_PKEY_set_type(pkey, type)) return 0; pkey->pkey.ptr = key; return (key != NULL); diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c index 59f81342..6435f1b6 100644 --- a/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c +++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c @@ -96,12 +96,17 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) return -1; } - if (!ppkey) + if (ppkey == NULL) return -1; - if (!*ppkey) + if (*ppkey == NULL) *ppkey = EVP_PKEY_new(); + if (*ppkey == NULL) { + EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE); + return -1; + } + ret = ctx->pmeth->paramgen(ctx, *ppkey); if (ret <= 0) { EVP_PKEY_free(*ppkey); |