diff options
Diffstat (limited to 'Cryptlib/OpenSSL/crypto')
32 files changed, 83 insertions, 226 deletions
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c index ee26c31b..f551bdba 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c +++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c @@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) int pad=0,ret,i,neg; unsigned char *p,*n,pb=0; - if (a == NULL) return(0); + if ((a == NULL) || (a->data == NULL)) return(0); neg=a->type & V_ASN1_NEG; if (a->length == 0) ret=1; diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c index ead37ac3..264ebf23 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c @@ -567,7 +567,6 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) if(mbflag == -1) return -1; mbflag |= MBSTRING_FLAG; stmp.data = NULL; - stmp.length = 0; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; *out = stmp.data; diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c index 9b7d6881..b68ae433 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c @@ -75,7 +75,7 @@ static int table_cmp(const void *a, const void *b); * certain software (e.g. Netscape) has problems with them. */ -static unsigned long global_mask = B_ASN1_UTF8STRING; +static unsigned long global_mask = 0xFFFFFFFFL; void ASN1_STRING_set_default_mask(unsigned long mask) { diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c index 7ded69b1..da3efaaf 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c @@ -138,12 +138,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat unsigned char *buf_in=NULL; int ret= -1,i,inl; - if (!pkey) - { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - EVP_MD_CTX_init(&ctx); i=OBJ_obj2nid(a->algorithm); type=EVP_get_digestbyname(OBJ_nid2sn(i)); diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c index bc23f567..afb95d67 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c @@ -208,6 +208,11 @@ int DSA_print(BIO *bp, const DSA *x, int off) if (x->p) buf_len = (size_t)BN_num_bytes(x->p); + else + { + DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS); + goto err; + } if (x->q) if (buf_len < (i = (size_t)BN_num_bytes(x->q))) buf_len = i; diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c index bc8a7bf3..94d9f7eb 100755 --- a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c @@ -371,15 +371,12 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); if (key->pkey) { - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); EVP_PKEY_free(ret); ret = key->pkey; } else - { key->pkey = ret; - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); - } + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); return(ret); err: diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c index b66f5075..32a8fbaf 100755 --- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c @@ -824,55 +824,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, } return bn_cmp_words(a,b,cl); } - -/* - * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. - * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, - * and that no more than nwords are used by either a or b. - * a and b cannot be the same number - */ -void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) - { - BN_ULONG t; - int i; - - bn_wcheck_size(a, nwords); - bn_wcheck_size(b, nwords); - - assert(a != b); - assert((condition & (condition - 1)) == 0); - assert(sizeof(BN_ULONG) >= sizeof(int)); - - condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; - - t = (a->top^b->top) & condition; - a->top ^= t; - b->top ^= t; - -#define BN_CONSTTIME_SWAP(ind) \ - do { \ - t = (a->d[ind] ^ b->d[ind]) & condition; \ - a->d[ind] ^= t; \ - b->d[ind] ^= t; \ - } while (0) - - - switch (nwords) { - default: - for (i = 10; i < nwords; i++) - BN_CONSTTIME_SWAP(i); - /* Fallthrough */ - case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ - case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ - case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ - case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ - case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ - case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ - case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ - case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ - case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ - case 1: BN_CONSTTIME_SWAP(0); - } -#undef BN_CONSTTIME_SWAP -} diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c index 27cafb1f..4799b152 100755 --- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c @@ -701,38 +701,32 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod, BN_CTX *ctx) { + int got_write_lock = 0; BN_MONT_CTX *ret; CRYPTO_r_lock(lock); - ret = *pmont; - CRYPTO_r_unlock(lock); - if (ret) - return ret; - - /* We don't want to serialise globally while doing our lazy-init math in - * BN_MONT_CTX_set. That punishes threads that are doing independent - * things. Instead, punish the case where more than one thread tries to - * lazy-init the same 'pmont', by having each do the lazy-init math work - * independently and only use the one from the thread that wins the race - * (the losers throw away the work they've done). */ - ret = BN_MONT_CTX_new(); - if (!ret) - return NULL; - if (!BN_MONT_CTX_set(ret, mod, ctx)) + if (!*pmont) { - BN_MONT_CTX_free(ret); - return NULL; - } + CRYPTO_r_unlock(lock); + CRYPTO_w_lock(lock); + got_write_lock = 1; - /* The locked compare-and-set, after the local work is done. */ - CRYPTO_w_lock(lock); - if (*pmont) - { - BN_MONT_CTX_free(ret); - ret = *pmont; + if (!*pmont) + { + ret = BN_MONT_CTX_new(); + if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) + BN_MONT_CTX_free(ret); + else + *pmont = ret; + } } + + ret = *pmont; + + if (got_write_lock) + CRYPTO_w_unlock(lock); else - *pmont = ret; - CRYPTO_w_unlock(lock); + CRYPTO_r_unlock(lock); + return ret; } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c index de83a15b..ee7b87c4 100755 --- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c @@ -144,17 +144,26 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) a->neg=!(a->neg); return(i); } - for (i=0;w!=0 && i<a->top;i++) + /* Only expand (and risk failing) if it's possibly necessary */ + if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && + (bn_wexpand(a,a->top+1) == NULL)) + return(0); + i=0; + for (;;) { - a->d[i] = l = (a->d[i]+w)&BN_MASK2; - w = (w>l)?1:0; + if (i >= a->top) + l=w; + else + l=(a->d[i]+w)&BN_MASK2; + a->d[i]=l; + if (w > l) + w=1; + else + break; + i++; } - if (w && i==a->top) - { - if (bn_wexpand(a,a->top+1) == NULL) return 0; + if (i >= a->top) a->top++; - a->d[i]=w; - } bn_check_top(a); return(1); } diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c index f6082fbc..3c58936d 100644 --- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c +++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c @@ -186,13 +186,11 @@ static int def_load(CONF *conf, const char *name, long *line) int ret; BIO *in=NULL; -#ifndef OPENSSL_NO_STDIO #ifdef OPENSSL_SYS_VMS in=BIO_new_file(name, "r"); #else in=BIO_new_file(name, "rb"); #endif -#endif if (in == NULL) { if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c index 7f54d3d8..2a3399d2 100644 --- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c @@ -92,13 +92,11 @@ LHASH *CONF_load(LHASH *conf, const char *file, long *eline) LHASH *ltmp; BIO *in=NULL; -#ifndef OPENSSL_NO_STDIO #ifdef OPENSSL_SYS_VMS in=BIO_new_file(file, "r"); #else in=BIO_new_file(file, "rb"); #endif -#endif if (in == NULL) { CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c index 35f4a272..760dc263 100644 --- a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c +++ b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c @@ -93,14 +93,12 @@ void OPENSSL_config(const char *config_name) { BIO *bio_err; ERR_load_crypto_strings(); -#ifndef OPENSSL_NO_STDIO if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) { BIO_printf(bio_err,"Auto configuration failed\n"); ERR_print_errors(bio_err); BIO_free(bio_err); } -#endif exit(1); } diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c index dec3286f..dd74ea88 100755 --- a/Cryptlib/OpenSSL/crypto/cryptlib.c +++ b/Cryptlib/OpenSSL/crypto/cryptlib.c @@ -542,19 +542,3 @@ void OpenSSLDie(const char *file,int line,const char *assertion) } void *OPENSSL_stderr(void) { return stderr; } - -#ifndef OPENSSL_FIPS - -int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) - { - size_t i; - const unsigned char *a = in_a; - const unsigned char *b = in_b; - unsigned char x = 0; - - for (i = 0; i < len; i++) - x |= a[i] ^ b[i]; - - return x; - } -#endif diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c index 6b570a3f..7dca5e4b 100755 --- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c @@ -208,12 +208,9 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses a modified algorithm 2P of + * Uses algorithm 2P of * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation". - * - * To protect against side-channel attack the function uses constant time - * swap avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -247,11 +244,6 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, x2 = &r->X; z2 = &r->Y; - bn_wexpand(x1, group->field.top); - bn_wexpand(z1, group->field.top); - bn_wexpand(x2, group->field.top); - bn_wexpand(z2, group->field.top); - if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -274,12 +266,16 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, { for (; j >= 0; j--) { - BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); - BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); - BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); + if (scalar->d[i] & mask) + { + if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; + if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; + } + else + { + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + } mask >>= 1; } j = BN_BITS2 - 1; diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c index 6c933d22..522802c0 100755 --- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec_key.c @@ -435,27 +435,18 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) void *EC_KEY_get_key_method_data(EC_KEY *key, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { - void *ret; - - CRYPTO_r_lock(CRYPTO_LOCK_EC); - ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); - CRYPTO_r_unlock(CRYPTO_LOCK_EC); - - return ret; + return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); } -void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, +void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) { EC_EXTRA_DATA *ex_data; - CRYPTO_w_lock(CRYPTO_LOCK_EC); ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); if (ex_data == NULL) EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); CRYPTO_w_unlock(CRYPTO_LOCK_EC); - - return ex_data; } void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c index bbf2799b..5af84376 100755 --- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c @@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != EC_METHOD_get_field_type(EC_GROUP_method_of(b))) return 1; - /* compare the curve name (if present in both) */ + /* compare the curve name (if present) */ if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && - EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) - return 1; + EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b)) + return 0; if (!ctx) ctx_new = ctx = BN_CTX_new(); @@ -1061,12 +1061,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN if (group->meth->point_cmp == 0) { ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; + return 0; } if ((group->meth != a->meth) || (a->meth != b->meth)) { ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); - return -1; + return 0; } return group->meth->point_cmp(group, a, b, ctx); } diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c index f9ba5fb5..bf222347 100755 --- a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c @@ -205,15 +205,8 @@ ECDH_DATA *ecdh_check(EC_KEY *key) ecdh_data = (ECDH_DATA *)ecdh_data_new(); if (ecdh_data == NULL) return NULL; - data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, - ecdh_data_dup, ecdh_data_free, ecdh_data_free); - if (data != NULL) - { - /* Another thread raced us to install the key_method - * data and won. */ - ecdh_data_free(ecdh_data); - ecdh_data = (ECDH_DATA *)data; - } + EC_KEY_insert_key_method_data(key, (void *)ecdh_data, + ecdh_data_dup, ecdh_data_free, ecdh_data_free); } else ecdh_data = (ECDH_DATA *)data; diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c index 81082c97..2ebae3aa 100755 --- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c @@ -188,15 +188,8 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key) ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); if (ecdsa_data == NULL) return NULL; - data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, - ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); - if (data != NULL) - { - /* Another thread raced us to install the key_method - * data and won. */ - ecdsa_data_free(ecdsa_data); - ecdsa_data = (ECDSA_DATA *)data; - } + EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, + ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); } else ecdsa_data = (ECDSA_DATA *)data; diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c index 8a1b9c7c..f29c167c 100755 --- a/Cryptlib/OpenSSL/crypto/engine/eng_all.c +++ b/Cryptlib/OpenSSL/crypto/engine/eng_all.c @@ -102,14 +102,14 @@ void ENGINE_load_builtin_engines(void) #if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) ENGINE_load_gmp(); #endif -#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) - ENGINE_load_capi(); -#endif #endif #ifndef OPENSSL_NO_HW #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) ENGINE_load_cryptodev(); #endif +#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) + ENGINE_load_capi(); +#endif #endif } diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c index f1307039..7c139ae2 100644 --- a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c +++ b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c @@ -374,15 +374,11 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, BIO *in; EVP_PKEY *key; fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id); -#ifndef OPENSSL_NO_STDIO in = BIO_new_file(key_id, "r"); if (!in) return NULL; key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); BIO_free(in); -#else - return NULL; -#endif return key; } #endif diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c index 0429389f..39796f7c 100755 --- a/Cryptlib/OpenSSL/crypto/err/err_all.c +++ b/Cryptlib/OpenSSL/crypto/err/err_all.c @@ -104,9 +104,7 @@ #ifndef OPENSSL_NO_JPAKE #include <openssl/jpake.h> #endif -#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> -#endif void ERR_load_crypto_strings(void) { diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c index 16863fe2..72a2a672 100755 --- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c @@ -226,7 +226,6 @@ static int b64_read(BIO *b, char *out, int outl) else if (ctx->start) { q=p=(unsigned char *)ctx->tmp; - num = 0; for (j=0; j<i; j++) { if (*(q++) != '\n') continue; @@ -265,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl) } /* we fell off the end without starting */ - if ((j == i) && (num == 0)) + if (j == i) { /* Is this is one long chunk?, if so, keep on * reading until a new line. */ diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c index 69f7ccad..e8a52181 100755 --- a/Cryptlib/OpenSSL/crypto/evp/encode.c +++ b/Cryptlib/OpenSSL/crypto/evp/encode.c @@ -324,7 +324,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, v=EVP_DecodeBlock(out,d,n); n=0; if (v < 0) { rv=0; goto end; } - if (eof > v) { rv=-1; goto end; } ret+=(v-eof); } else diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c index c89fda58..d767a90a 100755 --- a/Cryptlib/OpenSSL/crypto/o_init.c +++ b/Cryptlib/OpenSSL/crypto/o_init.c @@ -93,18 +93,4 @@ void OPENSSL_init(void) #endif } -#ifdef OPENSSL_FIPS - -int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) - { - size_t i; - const unsigned char *a = in_a; - const unsigned char *b = in_b; - unsigned char x = 0; - for (i = 0; i < len; i++) - x |= a[i] ^ b[i]; - - return x; - } -#endif diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c index f24080fa..4a0c3870 100755 --- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c @@ -91,12 +91,9 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, { EVP_PKEY *skey; skey = X509_get_pubkey(signer); - if (skey) - { - ret = OCSP_BASICRESP_verify(bs, skey, 0); - EVP_PKEY_free(skey); - } - if(!skey || ret <= 0) + ret = OCSP_BASICRESP_verify(bs, skey, 0); + EVP_PKEY_free(skey); + if(ret <= 0) { OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); goto end; @@ -111,7 +108,6 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); if(!init_res) { - ret = -1; OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); goto end; } diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c index 3ef3be1c..9522342f 100755 --- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c @@ -100,11 +100,7 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; else #endif -#ifdef OPENSSL_NO_RC2 - nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -#else nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; -#endif } if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; @@ -294,11 +290,7 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, free_safes = 0; if (nid_safe == 0) -#ifdef OPENSSL_NO_RC2 - nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -#else nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; -#endif if (nid_safe == -1) p7 = PKCS12_pack_p7data(bags); diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c index bdbbbecf..5c4c6ec9 100755 --- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c @@ -261,7 +261,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, int len, r; unsigned char *data; len = ASN1_STRING_to_UTF8(&data, fname); - if(len >= 0) { + if(len > 0) { r = X509_alias_set1(x509, data, len); OPENSSL_free(data); if (!r) diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c index 49b450da..b0ff89aa 100755 --- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c @@ -290,8 +290,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, bufsiz = 4096; buf = OPENSSL_malloc (bufsiz); - if (buf == NULL) { - goto err; + if (buf == NULL) { + goto err; } /* We now have to 'read' from p7bio to calculate digests etc. */ diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c index b8e3edc0..546ae5fc 100755 --- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c @@ -143,7 +143,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); - if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) goto decoding_err; else { diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c index dc2e7df8..b3acd80f 100755 --- a/Cryptlib/OpenSSL/crypto/x509/by_dir.c +++ b/Cryptlib/OpenSSL/crypto/x509/by_dir.c @@ -92,10 +92,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, static int new_dir(X509_LOOKUP *lu); static void free_dir(X509_LOOKUP *lu); static int add_cert_dir(BY_DIR *ctx,const char *dir,int type); -#ifndef OPENSSL_NO_STDIO static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name, X509_OBJECT *ret); -#endif X509_LOOKUP_METHOD x509_dir_lookup= { "Load certs from files in a directory", @@ -104,11 +102,7 @@ X509_LOOKUP_METHOD x509_dir_lookup= NULL, /* init */ NULL, /* shutdown */ dir_ctrl, /* ctrl */ -#ifdef OPENSSL_NO_STDIO - NULL, /* get_by_subject */ -#else get_cert_by_subject, /* get_by_subject */ -#endif NULL, /* get_by_issuer_serial */ NULL, /* get_by_fingerprint */ NULL, /* get_by_alias */ @@ -248,7 +242,6 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) return(1); } -#ifndef OPENSSL_NO_STDIO static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, X509_OBJECT *ret) { @@ -390,4 +383,3 @@ finish: if (b != NULL) BUF_MEM_free(b); return(ok); } -#endif diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c index b87617ac..af12520f 100755 --- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c @@ -386,7 +386,11 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) static int check_chain_extensions(X509_STORE_CTX *ctx) { -#ifdef OPENSSL_NO_CHAIN_VERIFY +#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI) + /* + NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting + in Authenticode Signing Certificates. + */ return 1; #else int i, ok=0, must_be_ca, plen = 0; diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c index b6f5a612..823e9afc 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c @@ -157,7 +157,6 @@ static int process_pci_value(CONF_VALUE *val, } OPENSSL_free(tmp_data2); } -#ifndef OPENSSL_NO_STDIO else if (strncmp(val->value, "file:", 5) == 0) { unsigned char buf[2048]; @@ -195,7 +194,6 @@ static int process_pci_value(CONF_VALUE *val, goto err; } } -#endif else if (strncmp(val->value, "text:", 5) == 0) { val_len = strlen(val->value + 5); |