src - FreeBSD source tree

diff options


context:
space:
mode:

author	Jung-uk Kim <jkim@FreeBSD.org>	2017-12-07 17:37:15 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2017-12-07 17:37:15 +0000
commit	4f94f84d8491a2455678402b5c7c92e692a272bc (patch)
tree	a4aa27b5b96b57155a4e7c22defb8f25e93cb846 /crypto
parent	b6a9311a3edd056eaacbcbae2fcb723df5d99057 (diff)
download	src-4f94f84d8491a2455678402b5c7c92e692a272bc.tar.gz src-4f94f84d8491a2455678402b5c7c92e692a272bc.zip

Import OpenSSL 1.0.2n.vendor/openssl/1.0.2n

Notes

Notes: svn path=/vendor-crypto/openssl/dist/; revision=326660 svn path=/vendor-crypto/openssl/1.0.2n/; revision=326661; tag=vendor/openssl/1.0.2n

Diffstat (limited to 'crypto')

-rwxr-xr-x

crypto/aes/asm/aes-armv4.pl

-rwxr-xr-x

crypto/aes/asm/bsaes-armv7.pl

-rw-r--r--

crypto/asn1/a_i2d_fp.c

-rw-r--r--

crypto/bio/b_print.c

-rwxr-xr-x

crypto/bn/asm/rsaz-avx2.pl

-rw-r--r--

crypto/bn/bn_exp.c

-rw-r--r--

crypto/dsa/dsa_ameth.c

-rw-r--r--

crypto/engine/eng_fat.c

-rw-r--r--

crypto/lhash/lhash.c

-rw-r--r--

crypto/opensslv.h

-rw-r--r--

crypto/rsa/rsa_gen.c

-rwxr-xr-x

crypto/sha/asm/sha256-armv4.pl

-rw-r--r--

crypto/symhacks.h

-rw-r--r--

crypto/x509v3/v3_lib.c

-rw-r--r--

crypto/x509v3/v3_scts.c

15 files changed, 63 insertions, 47 deletions

diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
index 4f8917089f6c..c1b5e352d76f 100755
--- a/crypto/aes/asm/aes-armv4.pl
+++ b/crypto/aes/asm/aes-armv4.pl

@@ -184,7 +184,7 @@ AES_encrypt:

#if __ARM_ARCH__<7

sub r3,pc,#8 @ AES_encrypt

#else

- adr r3,AES_encrypt

+ adr r3,.

#endif

stmdb sp!,{r1,r4-r12,lr}

mov $rounds,r0 @ inp

@@ -430,7 +430,7 @@ _armv4_AES_set_encrypt_key:

#if __ARM_ARCH__<7

sub r3,pc,#8 @ AES_set_encrypt_key

#else

- adr r3,private_AES_set_encrypt_key

+ adr r3,.

#endif

teq r0,#0

#if __ARM_ARCH__>=7

@@ -952,7 +952,7 @@ AES_decrypt:

#if __ARM_ARCH__<7

sub r3,pc,#8 @ AES_decrypt

#else

- adr r3,AES_decrypt

+ adr r3,.

#endif

stmdb sp!,{r1,r4-r12,lr}

mov $rounds,r0 @ inp

diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
index 70b3f9656f4f..ec66b0502a64 100755
--- a/crypto/aes/asm/bsaes-armv7.pl
+++ b/crypto/aes/asm/bsaes-armv7.pl

@@ -724,7 +724,7 @@ $code.=<<___;

.type _bsaes_decrypt8,%function

.align 4

_bsaes_decrypt8:

- adr $const,_bsaes_decrypt8

+ adr $const,.

vldmia $key!, {@XMM[9]} @ round 0 key

add $const,$const,#.LM0ISR-_bsaes_decrypt8

@@ -819,7 +819,7 @@ _bsaes_const:

.type _bsaes_encrypt8,%function

.align 4

_bsaes_encrypt8:

- adr $const,_bsaes_encrypt8

+ adr $const,.

vldmia $key!, {@XMM[9]} @ round 0 key

sub $const,$const,#_bsaes_encrypt8-.LM0SR

@@ -923,7 +923,7 @@ $code.=<<___;

.type _bsaes_key_convert,%function

.align 4

_bsaes_key_convert:

- adr $const,_bsaes_key_convert

+ adr $const,.

vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key

sub $const,$const,#_bsaes_key_convert-.LM0

vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key

diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c
index 0f56cd4e0745..2e85e041e4cf 100644
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c

@@ -87,6 +87,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)

int i, j = 0, n, ret = 1;

n = i2d(x, NULL);

+ if (n <= 0)

+ return 0;

b = (char *)OPENSSL_malloc(n);

if (b == NULL) {

ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);

diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index eb3ab759349c..1c82f53d5a07 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c

@@ -385,7 +385,7 @@ _dopr(char **sbuffer,

if (cflags == DP_C_SHORT) {

short int *num;

num = va_arg(args, short int *);

- *num = currlen;

+ *num = (short int)currlen;

} else if (cflags == DP_C_LONG) { /* XXX */

long int *num;

num = va_arg(args, long int *);

@@ -502,7 +502,7 @@ fmtint(char **sbuffer,

if (!(flags & DP_F_UNSIGNED)) {

if (value < 0) {

signvalue = '-';

- uvalue = -(unsigned LLONG)value;

+ uvalue = 0 - (unsigned LLONG)value;

} else if (flags & DP_F_PLUS)

signvalue = '+';

else if (flags & DP_F_SPACE)

diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl
index 712a77fe8ca3..2b3f8b0e21ec 100755
--- a/crypto/bn/asm/rsaz-avx2.pl
+++ b/crypto/bn/asm/rsaz-avx2.pl

@@ -239,7 +239,7 @@ $code.=<<___;

vmovdqu 32*8-128($ap), $ACC8

lea 192(%rsp), $tp0 # 64+128=192

- vpbroadcastq .Land_mask(%rip), $AND_MASK

+ vmovdqu .Land_mask(%rip), $AND_MASK

jmp .LOOP_GRANDE_SQR_1024

.align 32

@@ -1070,10 +1070,10 @@ $code.=<<___;

vpmuludq 32*6-128($np),$Yi,$TEMP1

vpaddq $TEMP1,$ACC6,$ACC6

vpmuludq 32*7-128($np),$Yi,$TEMP2

- vpblendd \$3, $ZERO, $ACC9, $ACC9 # correct $ACC3

+ vpblendd \$3, $ZERO, $ACC9, $TEMP1 # correct $ACC3

vpaddq $TEMP2,$ACC7,$ACC7

vpmuludq 32*8-128($np),$Yi,$TEMP0

- vpaddq $ACC9, $ACC3, $ACC3 # correct $ACC3

+ vpaddq $TEMP1, $ACC3, $ACC3 # correct $ACC3

vpaddq $TEMP0,$ACC8,$ACC8

mov %rbx, %rax

@@ -1086,7 +1086,9 @@ $code.=<<___;

vmovdqu -8+32*2-128($ap),$TEMP2

mov $r1, %rax

+ vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct $ACC3

imull $n0, %eax

+ vpaddq $ACC9,$ACC4,$ACC4 # correct $ACC3

and \$0x1fffffff, %eax

imulq 16-128($ap),%rbx

@@ -1322,15 +1324,12 @@ ___

# But as we underutilize resources, it's possible to correct in

# each iteration with marginal performance loss. But then, as

# we do it in each iteration, we can correct less digits, and

-# avoid performance penalties completely. Also note that we

-# correct only three digits out of four. This works because

-# most significant digit is subjected to less additions.

+# avoid performance penalties completely.

$TEMP0 = $ACC9;

$TEMP3 = $Bi;

$TEMP4 = $Yi;

$code.=<<___;

- vpermq \$0, $AND_MASK, $AND_MASK

vpaddq (%rsp), $TEMP1, $ACC0

vpsrlq \$29, $ACC0, $TEMP1

@@ -1763,7 +1762,7 @@ $code.=<<___;

.align 64

.Land_mask:

- .quad 0x1fffffff,0x1fffffff,0x1fffffff,-1

+ .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff

.Lscatter_permd:

.long 0,2,4,6,7,7,7,7

.Lgather_permd:

diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 35facd213a25..c4b63e44ba36 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c

@@ -149,7 +149,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

|| BN_get_flags(a, BN_FLG_CONSTTIME) != 0) {

/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */

BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

- return -1;

+ return 0;

}

BN_CTX_start(ctx);

@@ -285,7 +285,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {

/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */

BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

- return -1;

+ return 0;

}

bits = BN_num_bits(p);

@@ -1228,7 +1228,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,

|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {

/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */

BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

- return -1;

+ return 0;

}

bn_check_top(p);

@@ -1361,7 +1361,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

|| BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {

/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */

BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

- return -1;

+ return 0;

}

bits = BN_num_bits(p);

diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index aac253095141..e22627f85152 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c

@@ -133,6 +133,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)

unsigned char *penc = NULL;

int penclen;

ASN1_STRING *str = NULL;

+ ASN1_OBJECT *aobj;

dsa = pkey->pkey.dsa;

if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {

@@ -159,8 +160,11 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)

goto err;

}

- if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),

- ptype, str, penc, penclen))

+ aobj = OBJ_nid2obj(EVP_PKEY_DSA);

+ if (aobj == NULL)

+ goto err;

+ if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))

return 1;

err:

diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c
index 4279dd94b135..55d3858bb1c6 100644
--- a/crypto/engine/eng_fat.c
+++ b/crypto/engine/eng_fat.c

@@ -167,6 +167,7 @@ int ENGINE_register_complete(ENGINE *e)

#endif

ENGINE_register_RAND(e);

ENGINE_register_pkey_meths(e);

+ ENGINE_register_pkey_asn1_meths(e);

return 1;

}

diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index f3798872598a..51bb258e74b8 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c

@@ -107,7 +107,7 @@

* https://en.wikipedia.org/wiki/Linear_hashing

* Litwin, Witold (1980), "Linear hashing: A new tool for file and table

- * addressing", Proc. 6th Conference on Very Large Databases: 212–223

+ * addressing", Proc. 6th Conference on Very Large Databases: 212-223

* http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf

* From the wikipedia article "Linear hashing is used in the BDB Berkeley

diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index c944d562dae0..baee2d0865fd 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h

@@ -30,11 +30,11 @@ extern "C" {

* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for

* major minor fix final patch/beta)

-# define OPENSSL_VERSION_NUMBER 0x100020dfL

+# define OPENSSL_VERSION_NUMBER 0x100020efL

# ifdef OPENSSL_FIPS

-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-fips 2 Nov 2017"

+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-fips 7 Dec 2017"

# else

-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m 2 Nov 2017"

+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n 7 Dec 2017"

# endif

# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 082c8da2efc2..a85493d6097b 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c

@@ -110,6 +110,16 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,

int bitsp, bitsq, ok = -1, n = 0;

BN_CTX *ctx = NULL;

+ /*

+ * When generating ridiculously small keys, we can get stuck

+ * continually regenerating the same prime values.

+ */

+ if (bits < 16) {

+ ok = 0; /* we set our own err */

+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);

+ goto err;

+ }

ctx = BN_CTX_new();

if (ctx == NULL)

goto err;

@@ -161,21 +171,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,

if (!BN_GENCB_call(cb, 3, 0))

goto err;

for (;;) {

- /*

- * When generating ridiculously small keys, we can get stuck

- * continually regenerating the same prime values. Check for this and

- * bail if it happens 3 times.

- */

- unsigned int degenerate = 0;

do {

if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))

goto err;

- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));

- if (degenerate == 3) {

- ok = 0; /* we set our own err */

- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);

- goto err;

- }

+ } while (BN_cmp(rsa->p, rsa->q) == 0);

if (!BN_sub(r2, rsa->q, BN_value_one()))

goto err;

if (!BN_gcd(r1, r2, rsa->e, ctx))

diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl
index 4fee74d832d1..750216eb4267 100755
--- a/crypto/sha/asm/sha256-armv4.pl
+++ b/crypto/sha/asm/sha256-armv4.pl

@@ -205,7 +205,7 @@ sha256_block_data_order:

#if __ARM_ARCH__<7

sub r3,pc,#8 @ sha256_block_data_order

#else

- adr r3,sha256_block_data_order

+ adr r3,.

#endif

#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)

ldr r12,.LOPENSSL_armcap

diff --git a/crypto/symhacks.h b/crypto/symhacks.h
index 239fa4fb1b77..3001957988f7 100644
--- a/crypto/symhacks.h
+++ b/crypto/symhacks.h

@@ -280,6 +280,8 @@

# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf

# undef EVP_PKEY_meth_set_verify_recover

# define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover

+# undef EVP_PKEY_meth_get_verify_recover

+# define EVP_PKEY_meth_get_verify_recover EVP_PKEY_meth_get_vrfy_recover

/* Hack some long EC names */

# undef EC_GROUP_set_point_conversion_form

diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index 8350429aafbe..1112802483a1 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c

@@ -286,9 +286,9 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,

int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,

int crit, unsigned long flags)

{

- int extidx = -1;

- int errcode;

- X509_EXTENSION *ext, *extmp;

+ int errcode, extidx = -1;

+ X509_EXTENSION *ext = NULL, *extmp;

+ STACK_OF(X509_EXTENSION) *ret = NULL;

unsigned long ext_op = flags & X509V3_ADD_OP_MASK;

@@ -347,13 +347,21 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,

return 1;

}

- if (!*x && !(*x = sk_X509_EXTENSION_new_null()))

- return -1;

- if (!sk_X509_EXTENSION_push(*x, ext))

- return -1;

+ if ((ret = *x) == NULL

+ && (ret = sk_X509_EXTENSION_new_null()) == NULL)

+ goto m_fail;

+ if (!sk_X509_EXTENSION_push(ret, ext))

+ goto m_fail;

+ *x = ret;

return 1;

+ m_fail:

+ if (ret != *x)

+ sk_X509_EXTENSION_free(ret);

+ X509_EXTENSION_free(ext);

+ return -1;

err:

if (!(flags & X509V3_ADD_SILENT))

X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);

diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c
index 0b7c68180e78..87a6ae1da982 100644
--- a/crypto/x509v3/v3_scts.c
+++ b/crypto/x509v3/v3_scts.c

@@ -156,7 +156,7 @@ static void timestamp_print(BIO *out, SCT_TIMESTAMP timestamp)

gen = ASN1_GENERALIZEDTIME_new();

ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,

(int)(timestamp / 86400000),

- (timestamp % 86400000) / 1000);

+ (int)(timestamp % 86400000) / 1000);

* Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15

* characters long with a final Z. Update it with fractional seconds.