diff options
author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-08-20 15:53:03 +0200 |
---|---|---|
committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-09-21 10:29:39 +0200 |
commit | 18fa92c2dcc6c52e0bf27d214d80f0c25a89b47d (patch) | |
tree | a3020ac5b1f366f2f0920941b589808e435dbcee /freebsd/crypto | |
parent | Update to FreeBSD head 2017-12-01 (diff) | |
download | rtems-libbsd-18fa92c2dcc6c52e0bf27d214d80f0c25a89b47d.tar.bz2 |
Update to FreeBSD head 2018-02-01
Git mirror commit d079ae0442af8fa3cfd6d7ede190d04e64a2c0d4.
Update #3472.
Diffstat (limited to 'freebsd/crypto')
-rw-r--r-- | freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c | 3 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/bio/b_print.c | 4 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/bn/bn_exp.c | 8 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c | 8 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/engine/eng_fat.c | 1 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/lhash/lhash.c | 2 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/opensslv.h | 6 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/rsa/rsa_gen.c | 23 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/symhacks.h | 2 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/x509v3/v3_lib.c | 22 | ||||
-rw-r--r-- | freebsd/crypto/openssl/crypto/x509v3/v3_scts.c | 2 | ||||
-rw-r--r-- | freebsd/crypto/openssl/ssl/bad_dtls_test.c | 20 | ||||
-rw-r--r-- | freebsd/crypto/openssl/ssl/s23_clnt.c | 2 | ||||
-rw-r--r-- | freebsd/crypto/openssl/ssl/s3_pkt.c | 10 | ||||
-rw-r--r-- | freebsd/crypto/openssl/ssl/srtp.h | 1 | ||||
-rw-r--r-- | freebsd/crypto/openssl/ssl/ssl.h | 2 | ||||
-rw-r--r-- | freebsd/crypto/openssl/ssl/ssltest.c | 5 | ||||
-rw-r--r-- | freebsd/crypto/openssl/ssl/t1_lib.c | 2 |
18 files changed, 75 insertions, 48 deletions
diff --git a/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c b/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c index a1bc4b6e..8877481a 100644 --- a/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c +++ b/freebsd/crypto/openssl/crypto/asn1/a_i2d_fp.c @@ -89,6 +89,9 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) int i, j = 0, n, ret = 1; n = i2d(x, NULL); + if (n <= 0) + return 0; + b = (char *)OPENSSL_malloc(n); if (b == NULL) { ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); diff --git a/freebsd/crypto/openssl/crypto/bio/b_print.c b/freebsd/crypto/openssl/crypto/bio/b_print.c index 0cb09514..738904bc 100644 --- a/freebsd/crypto/openssl/crypto/bio/b_print.c +++ b/freebsd/crypto/openssl/crypto/bio/b_print.c @@ -387,7 +387,7 @@ _dopr(char **sbuffer, if (cflags == DP_C_SHORT) { short int *num; num = va_arg(args, short int *); - *num = currlen; + *num = (short int)currlen; } else if (cflags == DP_C_LONG) { /* XXX */ long int *num; num = va_arg(args, long int *); @@ -504,7 +504,7 @@ fmtint(char **sbuffer, if (!(flags & DP_F_UNSIGNED)) { if (value < 0) { signvalue = '-'; - uvalue = -(unsigned LLONG)value; + uvalue = 0 - (unsigned LLONG)value; } else if (flags & DP_F_PLUS) signvalue = '+'; else if (flags & DP_F_SPACE) diff --git a/freebsd/crypto/openssl/crypto/bn/bn_exp.c b/freebsd/crypto/openssl/crypto/bn/bn_exp.c index 7c1ea0a4..7261c8db 100644 --- a/freebsd/crypto/openssl/crypto/bn/bn_exp.c +++ b/freebsd/crypto/openssl/crypto/bn/bn_exp.c @@ -151,7 +151,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; + return 0; } BN_CTX_start(ctx); @@ -287,7 +287,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; + return 0; } bits = BN_num_bits(p); @@ -1230,7 +1230,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; + return 0; } bn_check_top(p); @@ -1363,7 +1363,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; + return 0; } bits = BN_num_bits(p); diff --git a/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c b/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c index 3da90130..5244a252 100644 --- a/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c +++ b/freebsd/crypto/openssl/crypto/dsa/dsa_ameth.c @@ -135,6 +135,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) unsigned char *penc = NULL; int penclen; ASN1_STRING *str = NULL; + ASN1_OBJECT *aobj; dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { @@ -161,8 +162,11 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) goto err; } - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), - ptype, str, penc, penclen)) + aobj = OBJ_nid2obj(EVP_PKEY_DSA); + if (aobj == NULL) + goto err; + + if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen)) return 1; err: diff --git a/freebsd/crypto/openssl/crypto/engine/eng_fat.c b/freebsd/crypto/openssl/crypto/engine/eng_fat.c index faabb9b7..16b2dacc 100644 --- a/freebsd/crypto/openssl/crypto/engine/eng_fat.c +++ b/freebsd/crypto/openssl/crypto/engine/eng_fat.c @@ -169,6 +169,7 @@ int ENGINE_register_complete(ENGINE *e) #endif ENGINE_register_RAND(e); ENGINE_register_pkey_meths(e); + ENGINE_register_pkey_asn1_meths(e); return 1; } diff --git a/freebsd/crypto/openssl/crypto/lhash/lhash.c b/freebsd/crypto/openssl/crypto/lhash/lhash.c index 1e7194e3..babc7a0d 100644 --- a/freebsd/crypto/openssl/crypto/lhash/lhash.c +++ b/freebsd/crypto/openssl/crypto/lhash/lhash.c @@ -109,7 +109,7 @@ * https://en.wikipedia.org/wiki/Linear_hashing * * Litwin, Witold (1980), "Linear hashing: A new tool for file and table - * addressing", Proc. 6th Conference on Very Large Databases: 212–223 + * addressing", Proc. 6th Conference on Very Large Databases: 212-223 * http://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf * * From the wikipedia article "Linear hashing is used in the BDB Berkeley diff --git a/freebsd/crypto/openssl/crypto/opensslv.h b/freebsd/crypto/openssl/crypto/opensslv.h index 83867763..d5835040 100644 --- a/freebsd/crypto/openssl/crypto/opensslv.h +++ b/freebsd/crypto/openssl/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100020dfL +# define OPENSSL_VERSION_NUMBER 0x100020efL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-fips 2 Nov 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-fips 7 Dec 2017" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2m-freebsd 2 Nov 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-freebsd 7 Dec 2017" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c b/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c index 759ec219..e12803a8 100644 --- a/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c +++ b/freebsd/crypto/openssl/crypto/rsa/rsa_gen.c @@ -112,6 +112,16 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; + /* + * When generating ridiculously small keys, we can get stuck + * continually regenerating the same prime values. + */ + if (bits < 16) { + ok = 0; /* we set our own err */ + RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); + goto err; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; @@ -163,21 +173,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (!BN_GENCB_call(cb, 3, 0)) goto err; for (;;) { - /* - * When generating ridiculously small keys, we can get stuck - * continually regenerating the same prime values. Check for this and - * bail if it happens 3 times. - */ - unsigned int degenerate = 0; do { if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) goto err; - } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); - if (degenerate == 3) { - ok = 0; /* we set our own err */ - RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); - goto err; - } + } while (BN_cmp(rsa->p, rsa->q) == 0); if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; if (!BN_gcd(r1, r2, rsa->e, ctx)) diff --git a/freebsd/crypto/openssl/crypto/symhacks.h b/freebsd/crypto/openssl/crypto/symhacks.h index 239fa4fb..30019579 100644 --- a/freebsd/crypto/openssl/crypto/symhacks.h +++ b/freebsd/crypto/openssl/crypto/symhacks.h @@ -280,6 +280,8 @@ # define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf # undef EVP_PKEY_meth_set_verify_recover # define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover +# undef EVP_PKEY_meth_get_verify_recover +# define EVP_PKEY_meth_get_verify_recover EVP_PKEY_meth_get_vrfy_recover /* Hack some long EC names */ # undef EC_GROUP_set_point_conversion_form diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c b/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c index 7d2e16fb..9fd34e9d 100644 --- a/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c +++ b/freebsd/crypto/openssl/crypto/x509v3/v3_lib.c @@ -288,9 +288,9 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags) { - int extidx = -1; - int errcode; - X509_EXTENSION *ext, *extmp; + int errcode, extidx = -1; + X509_EXTENSION *ext = NULL, *extmp; + STACK_OF(X509_EXTENSION) *ret = NULL; unsigned long ext_op = flags & X509V3_ADD_OP_MASK; /* @@ -349,13 +349,21 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, return 1; } - if (!*x && !(*x = sk_X509_EXTENSION_new_null())) - return -1; - if (!sk_X509_EXTENSION_push(*x, ext)) - return -1; + if ((ret = *x) == NULL + && (ret = sk_X509_EXTENSION_new_null()) == NULL) + goto m_fail; + if (!sk_X509_EXTENSION_push(ret, ext)) + goto m_fail; + *x = ret; return 1; + m_fail: + if (ret != *x) + sk_X509_EXTENSION_free(ret); + X509_EXTENSION_free(ext); + return -1; + err: if (!(flags & X509V3_ADD_SILENT)) X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); diff --git a/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c b/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c index 0503b832..afc84b95 100644 --- a/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c +++ b/freebsd/crypto/openssl/crypto/x509v3/v3_scts.c @@ -158,7 +158,7 @@ static void timestamp_print(BIO *out, SCT_TIMESTAMP timestamp) gen = ASN1_GENERALIZEDTIME_new(); ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, (int)(timestamp / 86400000), - (timestamp % 86400000) / 1000); + (int)(timestamp % 86400000) / 1000); /* * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15 * characters long with a final Z. Update it with fractional seconds. diff --git a/freebsd/crypto/openssl/ssl/bad_dtls_test.c b/freebsd/crypto/openssl/ssl/bad_dtls_test.c index ab81cf1f..0a432a4a 100644 --- a/freebsd/crypto/openssl/ssl/bad_dtls_test.c +++ b/freebsd/crypto/openssl/ssl/bad_dtls_test.c @@ -592,13 +592,13 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, unsigned char *enc; #ifdef SIXTY_FOUR_BIT_LONG - seq[0] = (seqnr >> 40) & 0xff; - seq[1] = (seqnr >> 32) & 0xff; + seq[0] = (unsigned char)(seqnr >> 40); + seq[1] = (unsigned char)(seqnr >> 32); #endif - seq[2] = (seqnr >> 24) & 0xff; - seq[3] = (seqnr >> 16) & 0xff; - seq[4] = (seqnr >> 8) & 0xff; - seq[5] = seqnr & 0xff; + seq[2] = (unsigned char)(seqnr >> 24); + seq[3] = (unsigned char)(seqnr >> 16); + seq[4] = (unsigned char)(seqnr >> 8); + seq[5] = (unsigned char)(seqnr); pad = 15 - ((len + SHA_DIGEST_LENGTH) % 16); enc = OPENSSL_malloc(len + SHA_DIGEST_LENGTH + 1 + pad); @@ -614,8 +614,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, HMAC_Update(&ctx, seq, 6); HMAC_Update(&ctx, &type, 1); HMAC_Update(&ctx, ver, 2); /* Version */ - lenbytes[0] = len >> 8; - lenbytes[1] = len & 0xff; + lenbytes[0] = (unsigned char)(len >> 8); + lenbytes[1] = (unsigned char)(len); HMAC_Update(&ctx, lenbytes, 2); /* Length */ HMAC_Update(&ctx, enc, len); /* Finally the data itself */ HMAC_Final(&ctx, enc + len, NULL); @@ -639,8 +639,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, BIO_write(rbio, ver, 2); BIO_write(rbio, epoch, 2); BIO_write(rbio, seq, 6); - lenbytes[0] = (len + sizeof(iv)) >> 8; - lenbytes[1] = (len + sizeof(iv)) & 0xff; + lenbytes[0] = (unsigned char)((len + sizeof(iv)) >> 8); + lenbytes[1] = (unsigned char)(len + sizeof(iv)); BIO_write(rbio, lenbytes, 2); BIO_write(rbio, iv, sizeof(iv)); diff --git a/freebsd/crypto/openssl/ssl/s23_clnt.c b/freebsd/crypto/openssl/ssl/s23_clnt.c index 197ae215..840c0ddb 100644 --- a/freebsd/crypto/openssl/ssl/s23_clnt.c +++ b/freebsd/crypto/openssl/ssl/s23_clnt.c @@ -759,10 +759,12 @@ static int ssl23_get_server_hello(SSL *s) s->version = TLS1_VERSION; s->method = TLSv1_client_method(); break; +#ifndef OPENSSL_NO_SSL3 case SSL3_VERSION: s->version = SSL3_VERSION; s->method = SSLv3_client_method(); break; +#endif } SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_PROTOCOL_VERSION); diff --git a/freebsd/crypto/openssl/ssl/s3_pkt.c b/freebsd/crypto/openssl/ssl/s3_pkt.c index 679517f2..c2194d18 100644 --- a/freebsd/crypto/openssl/ssl/s3_pkt.c +++ b/freebsd/crypto/openssl/ssl/s3_pkt.c @@ -1326,10 +1326,16 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } #ifndef OPENSSL_NO_HEARTBEATS else if (rr->type == TLS1_RT_HEARTBEAT) { - tls1_process_heartbeat(s); + i = tls1_process_heartbeat(s); + + if (i < 0) + return i; - /* Exit and notify application to read again */ rr->length = 0; + if (s->mode & SSL_MODE_AUTO_RETRY) + goto start; + + /* Exit and notify application to read again */ s->rwstate = SSL_READING; BIO_clear_retry_flags(SSL_get_rbio(s)); BIO_set_retry_read(SSL_get_rbio(s)); diff --git a/freebsd/crypto/openssl/ssl/srtp.h b/freebsd/crypto/openssl/ssl/srtp.h index 512edabc..2279c32b 100644 --- a/freebsd/crypto/openssl/ssl/srtp.h +++ b/freebsd/crypto/openssl/ssl/srtp.h @@ -136,6 +136,7 @@ int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); # endif diff --git a/freebsd/crypto/openssl/ssl/ssl.h b/freebsd/crypto/openssl/ssl/ssl.h index 90aeb0ce..3cf96a23 100644 --- a/freebsd/crypto/openssl/ssl/ssl.h +++ b/freebsd/crypto/openssl/ssl/ssl.h @@ -1727,7 +1727,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 +# define SSL_ST_ERR (0x05|SSL_ST_INIT) # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 diff --git a/freebsd/crypto/openssl/ssl/ssltest.c b/freebsd/crypto/openssl/ssl/ssltest.c index 5eafe9e3..f6da7d32 100644 --- a/freebsd/crypto/openssl/ssl/ssltest.c +++ b/freebsd/crypto/openssl/ssl/ssltest.c @@ -425,13 +425,13 @@ static unsigned char *next_protos_parse(unsigned short *outlen, OPENSSL_free(out); return NULL; } - out[start] = i - start; + out[start] = (unsigned char)(i - start); start = i + 1; } else out[i + 1] = in[i]; } - *outlen = len + 1; + *outlen = (unsigned char)(len + 1); return out; } @@ -556,6 +556,7 @@ static int cb_ticket2(SSL* s, unsigned char* key_name, unsigned char *iv, EVP_CI { fprintf(stderr, "ticket callback for SNI context should never be called\n"); EXIT(1); + return 0; } #endif diff --git a/freebsd/crypto/openssl/ssl/t1_lib.c b/freebsd/crypto/openssl/ssl/t1_lib.c index 984c9c88..5e86a780 100644 --- a/freebsd/crypto/openssl/ssl/t1_lib.c +++ b/freebsd/crypto/openssl/ssl/t1_lib.c @@ -1918,7 +1918,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, s2n(TLSEXT_TYPE_application_layer_protocol_negotiation, ret); s2n(3 + len, ret); s2n(1 + len, ret); - *ret++ = len; + *ret++ = (unsigned char)len; memcpy(ret, selected, len); ret += len; } |