From 393a9b68cf76392fa3d5ab4efca89eca7b902cb7 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 5 Jul 2001 13:56:50 +0000 Subject: Merge from 0.9.6-stable branch. No conflicts. --- CHANGES | 26 +++ TABLE | 22 +++ apps/enc.c | 8 + crypto/asn1/t_x509.c | 2 + crypto/bn/asm/mips3.s | 430 ++++++++++++++++++++++++++++--------------------- crypto/cryptlib.c | 1 - crypto/dsa/dsa_ossl.c | 11 ++ crypto/rand/md_rand.c | 3 +- crypto/rsa/rsa_oaep.c | 29 ++-- crypto/x509/x509_obj.c | 2 + doc/apps/enc.pod | 10 +- ssl/s3_enc.c | 17 +- ssl/t1_enc.c | 16 +- 13 files changed, 371 insertions(+), 206 deletions(-) diff --git a/CHANGES b/CHANGES index db225ce569..0a4d18cbea 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,32 @@ Changes between 0.9.6a and 0.9.6b [XX xxx XXXX] + *) Fix crypto/bn/asm/mips3.s. + [Andy Polyakov] + + *) When only the key is given to "enc", the IV is undefined. Print out + an error message in this case. + [Lutz Jaenicke] + + *) Handle special case when X509_NAME is empty in X509 printing routines. + [Steve Henson] + + *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are + positive and less than q. + [Bodo Moeller] + + *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is + used: it isn't thread safe and the add_lock_callback should handle + that itself. + [Paul Rose ] + + *) Verify that incoming data obeys the block size in + ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c). + [Bodo Moeller] + + *) Fix OAEP check. + [Ulf Möller, Bodo Möller] + *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentily removed in s3_srvr.c in OpenSSL 0.9.5 when fixing the server behaviour for backwards-compatible 'client diff --git a/TABLE b/TABLE index e226de4b9b..2d5af18259 100644 --- a/TABLE +++ b/TABLE @@ -2464,6 +2464,28 @@ $shared_cflag = -fPIC $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) $ranlib = +*** solaris-x86-cc +$cc = cc +$cflags = -fast -O -Xa +$unistd = +$thread_cflag = -D_REENTRANT +$lflags = -lsocket -lnsl -ldl +$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR +$bn_obj = +$des_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= solaris-shared +$shared_cflag = -KPIC +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = + *** solaris-x86-gcc $cc = gcc $cflags = -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM diff --git a/apps/enc.c b/apps/enc.c index b9190ef53f..fcb2581b66 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -542,6 +542,14 @@ bad: BIO_printf(bio_err,"invalid hex iv value\n"); goto end; } + if ((hiv == NULL) && (str == NULL)) + { + /* No IV was explicitly set and no IV was generated + * during EVP_BytesToKey. Hence the IV is undefined, + * making correct decryption impossible. */ + BIO_printf(bio_err, "iv undefined\n"); + goto end; + } if ((hkey != NULL) && !set_hex(hkey,key,24)) { BIO_printf(bio_err,"invalid hex key value\n"); diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 314bdfb1c7..89ae73a6de 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -349,6 +349,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) ll=80-2-obase; s=X509_NAME_oneline(name,buf,256); + if (!*s) + return 1; s++; /* skip the first slash */ l=ll; diff --git a/crypto/bn/asm/mips3.s b/crypto/bn/asm/mips3.s index 45786c00a5..dca4105c7d 100644 --- a/crypto/bn/asm/mips3.s +++ b/crypto/bn/asm/mips3.s @@ -1,5 +1,5 @@ .rdata -.asciiz "mips3.s, Version 1.0" +.asciiz "mips3.s, Version 1.1" .asciiz "MIPS III/IV ISA artwork by Andy Polyakov " /* @@ -849,6 +849,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -856,7 +857,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -884,6 +886,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -891,7 +894,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -928,6 +932,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -935,7 +940,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -981,6 +987,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -988,7 +995,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1043,6 +1051,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1050,7 +1059,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1114,6 +1124,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1121,7 +1132,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1176,6 +1188,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1183,7 +1196,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1229,6 +1243,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1236,7 +1251,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1273,6 +1289,7 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1280,7 +1297,8 @@ LEAF(bn_mul_comba8) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1308,6 +1326,7 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1315,7 +1334,8 @@ LEAF(bn_mul_comba8) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1334,6 +1354,7 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1341,7 +1362,8 @@ LEAF(bn_mul_comba8) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT sd c_2,104(a0) /* r[13]=c2; */ dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -1430,6 +1452,7 @@ LEAF(bn_mul_comba4) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 + sltu c_3,c_2,t_2 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1437,7 +1460,8 @@ LEAF(bn_mul_comba4) sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1465,6 +1489,7 @@ LEAF(bn_mul_comba4) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 + sltu c_1,c_3,t_2 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1472,7 +1497,8 @@ LEAF(bn_mul_comba4) sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1491,6 +1517,7 @@ LEAF(bn_mul_comba4) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 + sltu c_2,c_1,t_2 dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1498,7 +1525,8 @@ LEAF(bn_mul_comba4) sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT sd c_3,40(a0) dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ @@ -1543,28 +1571,30 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu c_3,t_2,AT - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 sd c_2,8(a0) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1579,24 +1609,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1608,24 +1640,26 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1646,24 +1680,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1673,12 +1709,12 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1690,24 +1726,26 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1717,12 +1755,12 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1743,24 +1781,26 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1770,12 +1810,12 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1785,12 +1825,12 @@ LEAF(bn_sqr_comba8) dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1802,24 +1842,26 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1829,12 +1871,12 @@ LEAF(bn_sqr_comba8) dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1855,24 +1897,26 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1882,12 +1926,12 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -1899,24 +1943,26 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 - sltu AT,c_3,a2 + slt AT,t_2,zero daddu c_1,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT @@ -1937,24 +1983,26 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 - sltu AT,c_1,a2 + slt AT,t_2,zero daddu c_2,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT @@ -1966,15 +2014,17 @@ LEAF(bn_sqr_comba8) dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1989,15 +2039,17 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT sd c_2,104(a0) dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -2028,28 +2080,30 @@ LEAF(bn_sqr_comba4) dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu c_3,t_2,AT - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 sd c_2,8(a0) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -2064,24 +2118,26 @@ LEAF(bn_sqr_comba4) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 + slt c_3,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT daddu c_2,t_2 - sltu c_3,c_2,t_2 + sltu AT,c_2,t_2 + daddu c_3,AT dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu a2,t_2,AT - daddu c_2,a2 - sltu AT,c_2,a2 + slt AT,t_2,zero daddu c_3,AT + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 daddu t_2,AT @@ -2093,15 +2149,17 @@ LEAF(bn_sqr_comba4) dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu a2,t_2,AT - daddu c_3,a2 + slt c_1,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 daddu t_2,AT daddu c_3,t_2 - sltu c_1,c_3,t_2 + sltu AT,c_3,t_2 + daddu c_1,AT dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -2116,15 +2174,17 @@ LEAF(bn_sqr_comba4) dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu a2,t_2,AT - daddu c_1,a2 + slt c_2,t_2,zero + dsll t_2,1 + slt a2,t_1,zero + daddu t_2,a2 + dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 daddu t_2,AT daddu c_1,t_2 - sltu c_2,c_1,t_2 + sltu AT,c_1,t_2 + daddu c_2,AT sd c_3,40(a0) dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 48ce8c28ab..a7a9262133 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -430,7 +430,6 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, CRYPTO_get_lock_name(type), file,line); #endif - *pointer=ret; } else { diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 0ee172dd07..f9d8b5f72e 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -241,6 +241,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, BN_init(&u2); BN_init(&t1); + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) + { + ret = 0; + goto err; + } + if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) + { + ret = 0; + goto err; + } + /* Calculate W = inv(S) mod Q * save W in u2 */ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 2d049e227b..534899bbce 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -493,11 +493,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) { int ret; + unsigned long err; ret = RAND_bytes(buf, num); if (ret == 0) { - long err = ERR_peek_error(); + err = ERR_peek_error(); if (ERR_GET_LIB(err) == ERR_LIB_RAND && ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) (void)ERR_get_error(); diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index fd0b7f361f..1849e55cd5 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -77,14 +77,16 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, int i, dblen, mlen = -1; unsigned char *maskeddb; int lzero; - unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; if (--num < 2 * SHA_DIGEST_LENGTH + 1) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); - return (-1); - } + goto decoding_err; + lzero = num - flen; + if (lzero < 0) + goto decoding_err; + maskeddb = from - lzero + SHA_DIGEST_LENGTH; + dblen = num - SHA_DIGEST_LENGTH; db = OPENSSL_malloc(dblen); if (db == NULL) @@ -93,9 +95,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, return (-1); } - lzero = num - flen; - maskeddb = from - lzero + SHA_DIGEST_LENGTH; - MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); for (i = lzero; i < SHA_DIGEST_LENGTH; i++) seed[i] ^= from[i - lzero]; @@ -107,21 +106,20 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, SHA1(param, plen, phash); if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + goto decoding_err; else { for (i = SHA_DIGEST_LENGTH; i < dblen; i++) if (db[i] != 0x00) break; if (db[i] != 0x01 || i++ >= dblen) - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, - RSA_R_OAEP_DECODING_ERROR); + goto decoding_err; else { mlen = dblen - i; if (tlen < mlen) { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); mlen = -1; } else @@ -130,6 +128,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, } OPENSSL_free(db); return (mlen); + +decoding_err: + /* to avoid chosen ciphertext attacks, the error message should not reveal + * which kind of decoding error happened */ + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + if (db != NULL) OPENSSL_free(db); + return -1; } int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index 6a3ba8eb15..f0271fdfa1 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -214,6 +214,8 @@ int i; } else p=buf; + if (i == 0) + *p = '\0'; return(p); err: X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod index e436ccc37e..a68ddca139 100644 --- a/doc/apps/enc.pod +++ b/doc/apps/enc.pod @@ -96,12 +96,18 @@ of hex digits. =item B<-K key> the actual key to use: this must be represented as a string comprised only -of hex digits. +of hex digits. If only the key is specified, the IV must additionally specified +using the B<-iv> option. When both a key and a password are specified, the +key given with the B<-K> option will be used and the IV generated from the +password will be taken. It probably does not make much sense to specify +both key and password. =item B<-iv IV> the actual IV to use: this must be represented as a string comprised only -of hex digits. +of hex digits. When only the key is specified using the B<-K> option, the +IV must explicitly be defined. When a password is being specified using +one of the other options, the IV is generated from this password. =item B<-p> diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 9f52c39ca9..8709da9175 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -356,7 +356,7 @@ int ssl3_enc(SSL *s, int send) if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { - memcpy(rec->data,rec->input,rec->length); + memmove(rec->data,rec->input,rec->length); rec->input=rec->data; } else @@ -366,7 +366,6 @@ int ssl3_enc(SSL *s, int send) /* COMPRESS */ - /* This should be using (bs-1) and bs instead of 7 and 8 */ if ((bs != 1) && send) { i=bs-((int)l%bs); @@ -376,12 +375,24 @@ int ssl3_enc(SSL *s, int send) rec->length+=i; rec->input[l-1]=(i-1); } - + + if (!send) + { + if (l == 0 || l%bs != 0) + { + SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); + return(0); + } + } + EVP_Cipher(ds,rec->data,rec->input,l); if ((bs != 1) && !send) { i=rec->data[l-1]+1; + /* SSL 3.0 bounds the number of padding bytes by the block size; + * padding bytes (except that last) are arbitrary */ if (i > bs) { SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index d10a23af8e..a0758e9261 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -420,7 +420,7 @@ int tls1_enc(SSL *s, int send) if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { - memcpy(rec->data,rec->input,rec->length); + memmove(rec->data,rec->input,rec->length); rec->input=rec->data; } else @@ -447,11 +447,21 @@ int tls1_enc(SSL *s, int send) rec->length+=i; } + if (!send) + { + if (l == 0 || l%bs != 0) + { + SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR); + return(0); + } + } + EVP_Cipher(ds,rec->data,rec->input,l); if ((bs != 1) && !send) { - ii=i=rec->data[l-1]; + ii=i=rec->data[l-1]; /* padding_length */ i++; if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) { @@ -462,6 +472,8 @@ int tls1_enc(SSL *s, int send) if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) i--; } + /* TLS 1.0 does not bound the number of padding bytes by the block size. + * All of them must have value 'padding_length'. */ if (i > (int)rec->length) { SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); -- cgit v1.2.3