diff options
| author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2018-08-14 23:11:54 +0900 |
|---|---|---|
| committer | Rod Vagg <rod@vagg.org> | 2018-08-16 11:52:37 +1000 |
| commit | 6090e1f54d8e6e8c4ba18091e19faf46c0b09ece (patch) | |
| tree | a2d2fb7b4b4a5e365ac4b6515cf4d7a5c8262d23 /deps/openssl/openssl/crypto | |
| parent | 32902d09b43e9d7f19eb6178ef5db835652d97c1 (diff) | |
| download | android-node-v8-6090e1f54d8e6e8c4ba18091e19faf46c0b09ece.tar.gz android-node-v8-6090e1f54d8e6e8c4ba18091e19faf46c0b09ece.tar.bz2 android-node-v8-6090e1f54d8e6e8c4ba18091e19faf46c0b09ece.zip | |
deps: upgrade openssl sources to 1.1.0i
This updates all sources in deps/openssl/openssl with openssl-1.1.0i.
PR-URL: https://github.com/nodejs/node/pull/22318
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'deps/openssl/openssl/crypto')
167 files changed, 2745 insertions, 1492 deletions
diff --git a/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl b/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl index 2e704a2124..d6b5f561c4 100755 --- a/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl +++ b/deps/openssl/openssl/crypto/aes/asm/vpaes-armv8.pl @@ -769,7 +769,7 @@ _vpaes_schedule_core: ld1 {v0.16b}, [$inp] // vmovdqu 16(%rdi),%xmm0 # load key part 2 (unaligned) bl _vpaes_schedule_transform // input transform mov $inp, #7 // mov \$7, %esi - + .Loop_schedule_256: sub $inp, $inp, #1 // dec %esi bl _vpaes_schedule_mangle // output low result @@ -778,7 +778,7 @@ _vpaes_schedule_core: // high round bl _vpaes_schedule_round cbz $inp, .Lschedule_mangle_last - bl _vpaes_schedule_mangle + bl _vpaes_schedule_mangle // low round. swap xmm7 and xmm6 dup v0.4s, v0.s[3] // vpshufd \$0xFF, %xmm0, %xmm0 @@ -787,7 +787,7 @@ _vpaes_schedule_core: mov v7.16b, v6.16b // vmovdqa %xmm6, %xmm7 bl _vpaes_schedule_low_round mov v7.16b, v5.16b // vmovdqa %xmm5, %xmm7 - + b .Loop_schedule_256 ## @@ -814,7 +814,7 @@ _vpaes_schedule_core: .Lschedule_mangle_last_dec: ld1 {v20.2d-v21.2d}, [x11] // reload constants - sub $out, $out, #16 // add \$-16, %rdx + sub $out, $out, #16 // add \$-16, %rdx eor v0.16b, v0.16b, v16.16b // vpxor .Lk_s63(%rip), %xmm0, %xmm0 bl _vpaes_schedule_transform // output transform st1 {v0.2d}, [$out] // vmovdqu %xmm0, (%rdx) # save last key diff --git a/deps/openssl/openssl/crypto/aes/build.info b/deps/openssl/openssl/crypto/aes/build.info index 5240b9c87f..cf6cb5ec25 100644 --- a/deps/openssl/openssl/crypto/aes/build.info +++ b/deps/openssl/openssl/crypto/aes/build.info @@ -45,9 +45,6 @@ INCLUDE[aes-armv4.o]=.. GENERATE[bsaes-armv7.S]=asm/bsaes-armv7.pl $(PERLASM_SCHEME) INCLUDE[bsaes-armv7.o]=.. -GENERATE[aes-s390x.S]=asm/aes-s390x.pl $(PERLASM_SCHEME) -INCLUDE[aes-s390x.o]=.. - BEGINRAW[Makefile] ##### AES assembler implementations diff --git a/deps/openssl/openssl/crypto/arm_arch.h b/deps/openssl/openssl/crypto/arm_arch.h index 3fc9e69b1c..25419e0df1 100644 --- a/deps/openssl/openssl/crypto/arm_arch.h +++ b/deps/openssl/openssl/crypto/arm_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,7 +69,7 @@ # endif # endif -# if !__ASSEMBLER__ +# ifndef __ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; # endif diff --git a/deps/openssl/openssl/crypto/armcap.c b/deps/openssl/openssl/crypto/armcap.c index 432a06c0c1..28e97c8c4a 100644 --- a/deps/openssl/openssl/crypto/armcap.c +++ b/deps/openssl/openssl/crypto/armcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ #include <setjmp.h> #include <signal.h> #include <openssl/crypto.h> +#include <internal/cryptlib.h> #include "arm_arch.h" diff --git a/deps/openssl/openssl/crypto/armv4cpuid.pl b/deps/openssl/openssl/crypto/armv4cpuid.pl index f7d31a698a..ab007c19c3 100644 --- a/deps/openssl/openssl/crypto/armv4cpuid.pl +++ b/deps/openssl/openssl/crypto/armv4cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -125,7 +125,7 @@ CRYPTO_memcmp: ldmia sp!,{r4,r5} .Lno_data: - neg r0,ip + rsb r0,ip,#0 mov r0,r0,lsr#31 #if __ARM_ARCH__>=5 bx lr diff --git a/deps/openssl/openssl/crypto/asn1/a_object.c b/deps/openssl/openssl/crypto/asn1/a_object.c index 1ec7a7e15f..7d332ec2f6 100644 --- a/deps/openssl/openssl/crypto/asn1/a_object.c +++ b/deps/openssl/openssl/crypto/asn1/a_object.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,7 @@ int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) { - unsigned char *p; + unsigned char *p, *allocated = NULL; int objsize; if ((a == NULL) || (a->data == NULL)) @@ -29,13 +29,24 @@ int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) if (pp == NULL || objsize == -1) return objsize; - p = *pp; + if (*pp == NULL) { + if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) { + ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE); + return 0; + } + } else { + p = *pp; + } + ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); memcpy(p, a->data, a->length); - p += a->length; - *pp = p; - return (objsize); + /* + * If a new buffer was allocated, just return it back. + * If not, return the incremented buffer pointer. + */ + *pp = allocated != NULL ? allocated : p + a->length; + return objsize; } int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) diff --git a/deps/openssl/openssl/crypto/asn1/a_strex.c b/deps/openssl/openssl/crypto/asn1/a_strex.c index b91266b3c5..207190c52b 100644 --- a/deps/openssl/openssl/crypto/asn1/a_strex.c +++ b/deps/openssl/openssl/crypto/asn1/a_strex.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -139,7 +139,7 @@ static int do_buf(unsigned char *buf, int buflen, int type, unsigned short flags, char *quotes, char_io *io_ch, void *arg) { - int i, outlen, len; + int i, outlen, len, charwidth; unsigned short orflags; unsigned char *p, *q; unsigned long c; @@ -147,12 +147,32 @@ static int do_buf(unsigned char *buf, int buflen, p = buf; q = buf + buflen; outlen = 0; + charwidth = type & BUF_TYPE_WIDTH_MASK; + + switch (charwidth) { + case 4: + if (buflen & 3) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + return -1; + } + break; + case 2: + if (buflen & 1) { + ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH); + return -1; + } + break; + default: + break; + } + while (p != q) { if (p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; else orflags = 0; - switch (type & BUF_TYPE_WIDTH_MASK) { + + switch (charwidth) { case 4: c = ((unsigned long)*p++) << 24; c |= ((unsigned long)*p++) << 16; @@ -173,6 +193,7 @@ static int do_buf(unsigned char *buf, int buflen, i = UTF8_getc(p, buflen, &c); if (i < 0) return -1; /* Invalid UTF8String */ + buflen -= i; p += i; break; default: @@ -592,53 +613,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) *out = stmp.data; return stmp.length; } - -/* Return 1 if host is a valid hostname and 0 otherwise */ -int asn1_valid_host(const ASN1_STRING *host) -{ - int hostlen = host->length; - const unsigned char *hostptr = host->data; - int type = host->type; - int i; - signed char width = -1; - unsigned short chflags = 0, prevchflags; - - if (type > 0 && type < 31) - width = tag2nbyte[type]; - if (width == -1 || hostlen == 0) - return 0; - /* Treat UTF8String as width 1 as any MSB set is invalid */ - if (width == 0) - width = 1; - for (i = 0 ; i < hostlen; i+= width) { - prevchflags = chflags; - /* Value must be <= 0x7F: check upper bytes are all zeroes */ - if (width == 4) { - if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0) - return 0; - } else if (width == 2) { - if (*hostptr++ != 0) - return 0; - } - if (*hostptr > 0x7f) - return 0; - chflags = char_type[*hostptr++]; - if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) { - /* Nothing else allowed at start or end of string */ - if (i == 0 || i == hostlen - 1) - return 0; - /* Otherwise invalid if not dot or hyphen */ - if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN))) - return 0; - /* - * If previous is dot or hyphen then illegal unless both - * are hyphens: as .- -. .. are all illegal - */ - if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN) - && ((prevchflags & CHARTYPE_HOST_DOT) - || (chflags & CHARTYPE_HOST_DOT))) - return 0; - } - } - return 1; -} diff --git a/deps/openssl/openssl/crypto/asn1/ameth_lib.c b/deps/openssl/openssl/crypto/asn1/ameth_lib.c index b8ba067877..9b0a2ccb20 100644 --- a/deps/openssl/openssl/crypto/asn1/ameth_lib.c +++ b/deps/openssl/openssl/crypto/asn1/ameth_lib.c @@ -255,6 +255,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, goto err; } + /* + * One of the following must be true: + * + * pem_str == NULL AND ASN1_PKEY_ALIAS is set + * pem_str != NULL AND ASN1_PKEY_ALIAS is clear + * + * Anything else is an error and may lead to a corrupt ASN1 method table + */ + if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0) + || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0))) + goto err; + if (pem_str) { ameth->pem_str = OPENSSL_strdup(pem_str); if (!ameth->pem_str) diff --git a/deps/openssl/openssl/crypto/asn1/asn1_err.c b/deps/openssl/openssl/crypto/asn1/asn1_err.c index 8602c408d9..5d895d3009 100644 --- a/deps/openssl/openssl/crypto/asn1/asn1_err.c +++ b/deps/openssl/openssl/crypto/asn1/asn1_err.c @@ -92,8 +92,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"}, {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, + {ERR_FUNC(ASN1_F_DO_BUF), "do_buf"}, {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"}, {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, + {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"}, {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, diff --git a/deps/openssl/openssl/crypto/asn1/asn_mime.c b/deps/openssl/openssl/crypto/asn1/asn_mime.c index 84475e9470..da0085f680 100644 --- a/deps/openssl/openssl/crypto/asn1/asn_mime.c +++ b/deps/openssl/openssl/crypto/asn1/asn_mime.c @@ -969,12 +969,14 @@ static int strip_eol(char *linebuf, int *plen, int flags) p = linebuf + len - 1; for (p = linebuf + len - 1; len > 0; len--, p--) { c = *p; - if (c == '\n') + if (c == '\n') { is_eol = 1; - else if (is_eol && flags & SMIME_ASCIICRLF && c < 33) + } else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) { + /* Strip trailing space on a line; 32 == ASCII for ' ' */ continue; - else if (c != '\r') + } else if (c != '\r') { break; + } } *plen = len; return is_eol; diff --git a/deps/openssl/openssl/crypto/asn1/p5_scrypt.c b/deps/openssl/openssl/crypto/asn1/p5_scrypt.c index 4cb7837498..10a7360233 100644 --- a/deps/openssl/openssl/crypto/asn1/p5_scrypt.c +++ b/deps/openssl/openssl/crypto/asn1/p5_scrypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -91,7 +91,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, if (EVP_CIPHER_iv_length(cipher)) { if (aiv) memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); - else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) + else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0) goto err; } diff --git a/deps/openssl/openssl/crypto/asn1/tasn_enc.c b/deps/openssl/openssl/crypto/asn1/tasn_enc.c index caa48696da..3b723a1845 100644 --- a/deps/openssl/openssl/crypto/asn1/tasn_enc.c +++ b/deps/openssl/openssl/crypto/asn1/tasn_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -528,6 +528,8 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, otmp = (ASN1_OBJECT *)*pval; cont = otmp->data; len = otmp->length; + if (cont == NULL || len == 0) + return -1; break; case V_ASN1_NULL: diff --git a/deps/openssl/openssl/crypto/asn1/tasn_utl.c b/deps/openssl/openssl/crypto/asn1/tasn_utl.c index f79d7d6b44..832603b1db 100644 --- a/deps/openssl/openssl/crypto/asn1/tasn_utl.c +++ b/deps/openssl/openssl/crypto/asn1/tasn_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -76,7 +76,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) } return 1; } - if (CRYPTO_atomic_add(lck, op, &ret, *lock) < 0) + if (!CRYPTO_atomic_add(lck, op, &ret, *lock)) return -1; /* failed */ #ifdef REF_PRINT fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname); diff --git a/deps/openssl/openssl/crypto/asn1/x_int64.c b/deps/openssl/openssl/crypto/asn1/x_int64.c index cbfa787362..4433167a44 100644 --- a/deps/openssl/openssl/crypto/asn1/x_int64.c +++ b/deps/openssl/openssl/crypto/asn1/x_int64.c @@ -262,3 +262,4 @@ ASN1_ITEM_start(ZUINT64) ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, INTxx_FLAG_ZERO_DEFAULT, "ZUINT64" ASN1_ITEM_end(ZUINT64) + diff --git a/deps/openssl/openssl/crypto/async/arch/async_null.c b/deps/openssl/openssl/crypto/async/arch/async_null.c index da23c532b4..3eaf170f2e 100644 --- a/deps/openssl/openssl/crypto/async/arch/async_null.c +++ b/deps/openssl/openssl/crypto/async/arch/async_null.c @@ -20,3 +20,4 @@ void async_local_cleanup(void) { } #endif + diff --git a/deps/openssl/openssl/crypto/async/async.c b/deps/openssl/openssl/crypto/async/async.c index 9a4e6b2657..0862cca21a 100644 --- a/deps/openssl/openssl/crypto/async/async.c +++ b/deps/openssl/openssl/crypto/async/async.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,11 +30,12 @@ static CRYPTO_THREAD_LOCAL ctxkey; static CRYPTO_THREAD_LOCAL poolkey; -static void async_free_pool_internal(async_pool *pool); - static async_ctx *async_ctx_new(void) { - async_ctx *nctx = NULL; + async_ctx *nctx; + + if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) + return NULL; nctx = OPENSSL_malloc(sizeof(async_ctx)); if (nctx == NULL) { @@ -57,9 +58,6 @@ err: async_ctx *async_get_ctx(void) { - if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) - return NULL; - return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey); } @@ -169,16 +167,19 @@ void async_start_func(void) int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret, int (*func)(void *), void *args, size_t size) { - async_ctx *ctx = async_get_ctx(); + async_ctx *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) + return ASYNC_ERR; + + ctx = async_get_ctx(); if (ctx == NULL) ctx = async_ctx_new(); - if (ctx == NULL) { + if (ctx == NULL) return ASYNC_ERR; - } - if (*job) { + if (*job) ctx->currjob = *job; - } for (;;) { if (ctx->currjob != NULL) { @@ -219,9 +220,8 @@ int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret, } /* Start a new job */ - if ((ctx->currjob = async_get_pool_job()) == NULL) { + if ((ctx->currjob = async_get_pool_job()) == NULL) return ASYNC_NO_JOBS; - } if (args != NULL) { ctx->currjob->funcargs = OPENSSL_malloc(size); @@ -323,12 +323,11 @@ int ASYNC_init_thread(size_t max_size, size_t init_size) return 0; } - if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) { + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) return 0; - } - if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) { + + if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) return 0; - } pool = OPENSSL_zalloc(sizeof(*pool)); if (pool == NULL) { @@ -369,32 +368,41 @@ int ASYNC_init_thread(size_t max_size, size_t init_size) return 1; err: - async_free_pool_internal(pool); + async_empty_pool(pool); + sk_ASYNC_JOB_free(pool->jobs); + OPENSSL_free(pool); return 0; } -static void async_free_pool_internal(async_pool *pool) +void async_delete_thread_state(void) { - if (pool == NULL) - return; + async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); - async_empty_pool(pool); - sk_ASYNC_JOB_free(pool->jobs); - OPENSSL_free(pool); - CRYPTO_THREAD_set_local(&poolkey, NULL); + if (pool != NULL) { + async_empty_pool(pool); + sk_ASYNC_JOB_free(pool->jobs); + OPENSSL_free(pool); + CRYPTO_THREAD_set_local(&poolkey, NULL); + } async_local_cleanup(); async_ctx_free(); } void ASYNC_cleanup_thread(void) { - async_free_pool_internal((async_pool *)CRYPTO_THREAD_get_local(&poolkey)); + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) + return; + + async_delete_thread_state(); } ASYNC_JOB *ASYNC_get_current_job(void) { async_ctx *ctx; + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) + return NULL; + ctx = async_get_ctx(); if (ctx == NULL) return NULL; @@ -409,7 +417,12 @@ ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job) void ASYNC_block_pause(void) { - async_ctx *ctx = async_get_ctx(); + async_ctx *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) + return; + + ctx = async_get_ctx(); if (ctx == NULL || ctx->currjob == NULL) { /* * We're not in a job anyway so ignore this @@ -421,7 +434,12 @@ void ASYNC_block_pause(void) void ASYNC_unblock_pause(void) { - async_ctx *ctx = async_get_ctx(); + async_ctx *ctx; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) + return; + + ctx = async_get_ctx(); if (ctx == NULL || ctx->currjob == NULL) { /* * We're not in a job anyway so ignore this diff --git a/deps/openssl/openssl/crypto/async/async_locl.h b/deps/openssl/openssl/crypto/async/async_locl.h index 0fe302a4ce..f0ac05a3db 100644 --- a/deps/openssl/openssl/crypto/async/async_locl.h +++ b/deps/openssl/openssl/crypto/async/async_locl.h @@ -74,3 +74,4 @@ void async_start_func(void); async_ctx *async_get_ctx(void); void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx); + diff --git a/deps/openssl/openssl/crypto/bio/b_addr.c b/deps/openssl/openssl/crypto/bio/b_addr.c index aea843a7b9..6ed1652c8a 100644 --- a/deps/openssl/openssl/crypto/bio/b_addr.c +++ b/deps/openssl/openssl/crypto/bio/b_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -66,18 +66,18 @@ void BIO_ADDR_clear(BIO_ADDR *ap) int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa) { if (sa->sa_family == AF_INET) { - ap->s_in = *(const struct sockaddr_in *)sa; + memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in)); return 1; } #ifdef AF_INET6 if (sa->sa_family == AF_INET6) { - ap->s_in6 = *(const struct sockaddr_in6 *)sa; + memcpy(&(ap->s_in6), sa, sizeof(struct sockaddr_in6)); return 1; } #endif #ifdef AF_UNIX if (sa->sa_family == AF_UNIX) { - ap->s_un = *(const struct sockaddr_un *)sa; + memcpy(&(ap->s_un), sa, sizeof(struct sockaddr_un)); return 1; } #endif @@ -604,7 +604,8 @@ static int addrinfo_wrap(int family, int socktype, DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init) { - OPENSSL_init_crypto(0, NULL); + if (!OPENSSL_init_crypto(0, NULL)) + return 0; bio_lookup_lock = CRYPTO_THREAD_lock_new(); return bio_lookup_lock != NULL; } diff --git a/deps/openssl/openssl/crypto/bio/b_sock.c b/deps/openssl/openssl/crypto/bio/b_sock.c index 97dcc7005e..fac1432787 100644 --- a/deps/openssl/openssl/crypto/bio/b_sock.c +++ b/deps/openssl/openssl/crypto/bio/b_sock.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -317,7 +317,7 @@ int BIO_socket_nbio(int s, int mode) l = fcntl(s, F_GETFL, 0); if (l == -1) { - SYSerr(SYS_F_FCNTL, get_last_rtl_error()); + SYSerr(SYS_F_FCNTL, get_last_sys_error()); ret = -1; } else { # if defined(O_NONBLOCK) @@ -335,7 +335,7 @@ int BIO_socket_nbio(int s, int mode) ret = fcntl(s, F_SETFL, l); if (ret < 0) { - SYSerr(SYS_F_FCNTL, get_last_rtl_error()); + SYSerr(SYS_F_FCNTL, get_last_sys_error()); } } # else diff --git a/deps/openssl/openssl/crypto/bio/bio_lcl.h b/deps/openssl/openssl/crypto/bio/bio_lcl.h index 5f4b94f40b..39178cf50a 100644 --- a/deps/openssl/openssl/crypto/bio/bio_lcl.h +++ b/deps/openssl/openssl/crypto/bio/bio_lcl.h @@ -185,3 +185,4 @@ void bio_sock_cleanup_int(void); # endif #endif + diff --git a/deps/openssl/openssl/crypto/bio/bio_meth.c b/deps/openssl/openssl/crypto/bio/bio_meth.c index 1e785d348f..63a7cccc82 100644 --- a/deps/openssl/openssl/crypto/bio/bio_meth.c +++ b/deps/openssl/openssl/crypto/bio/bio_meth.c @@ -43,6 +43,7 @@ BIO_METHOD *BIO_meth_new(int type, const char *name) BIOerr(BIO_F_BIO_METH_NEW, ERR_R_MALLOC_FAILURE); return NULL; } + biom->type = type; return biom; } @@ -54,7 +55,7 @@ void BIO_meth_free(BIO_METHOD *biom) } } -int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int) +int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int) { return biom->bwrite; } @@ -66,7 +67,7 @@ int BIO_meth_set_write(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int) +int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int) { return biom->bread; } @@ -78,7 +79,7 @@ int BIO_meth_set_read(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *) +int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *) { return biom->bputs; } @@ -90,7 +91,7 @@ int BIO_meth_set_puts(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int) +int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int) { return biom->bgets; } @@ -102,7 +103,7 @@ int BIO_meth_set_gets(BIO_METHOD *biom, return 1; } -long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *) +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *) { return biom->ctrl; } @@ -114,7 +115,7 @@ int BIO_meth_set_ctrl(BIO_METHOD *biom, return 1; } -int (*BIO_meth_get_create(BIO_METHOD *biom)) (BIO *) +int (*BIO_meth_get_create(const BIO_METHOD *biom)) (BIO *) { return biom->create; } @@ -125,7 +126,7 @@ int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)) return 1; } -int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *) +int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *) { return biom->destroy; } @@ -136,7 +137,7 @@ int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)) return 1; } -long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *) +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *) { return biom->callback_ctrl; } diff --git a/deps/openssl/openssl/crypto/bio/bss_log.c b/deps/openssl/openssl/crypto/bio/bss_log.c index 5221acc2e3..4719a5e66a 100644 --- a/deps/openssl/openssl/crypto/bio/bss_log.c +++ b/deps/openssl/openssl/crypto/bio/bss_log.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -196,7 +196,7 @@ static int slg_write(BIO *b, const char *in, int inl) if ((buf = OPENSSL_malloc(inl + 1)) == NULL) { return (0); } - strncpy(buf, in, inl); + memcpy(buf, in, inl); buf[inl] = '\0'; i = 0; diff --git a/deps/openssl/openssl/crypto/bio/bss_mem.c b/deps/openssl/openssl/crypto/bio/bss_mem.c index ff9a3ebb41..4c0e4d7412 100644 --- a/deps/openssl/openssl/crypto/bio/bss_mem.c +++ b/deps/openssl/openssl/crypto/bio/bss_mem.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -212,6 +212,8 @@ static int mem_write(BIO *b, const char *in, int inl) goto end; } BIO_clear_retry_flags(b); + if (inl == 0) + return 0; blen = bbm->readp->length; mem_buf_sync(b); if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0) diff --git a/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl b/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl index 1d68d6d072..9632133090 100644 --- a/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/alpha-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -297,15 +297,12 @@ bn_mul_mont: mov sp,$tp mov $bp,$rp # restore rp - and sp,$hi0,$ap - bic $bp,$hi0,$bp - bis $bp,$ap,$ap # ap=borrow?tp:rp - .align 4 -.Lcopy: ldq $aj,0($ap) # copy or in-place refresh +.Lcopy: ldq $aj,0($tp) # conditional copy + ldq $nj,0($rp) lda $tp,8($tp) lda $rp,8($rp) - lda $ap,8($ap) + cmoveq $hi0,$nj,$aj stq zero,-8($tp) # zap tp cmpult $tp,$tj,AT stq $aj,-8($rp) diff --git a/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl b/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl index 0dc4fe95e4..ddee8b7fa1 100644 --- a/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -262,14 +262,15 @@ bn_mul_mont: mov $tp,sp @ "rewind" $tp sub $rp,$rp,$aj @ "rewind" $rp - and $ap,$tp,$nhi - bic $np,$rp,$nhi - orr $ap,$ap,$np @ ap=borrow?tp:rp - -.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh +.Lcopy: ldr $tj,[$tp] @ conditional copy + ldr $aj,[$rp] str sp,[$tp],#4 @ zap tp - str $tj,[$rp],#4 - cmp $tp,$num +#ifdef __thumb2__ + it cc +#endif + movcc $aj,$tj + str $aj,[$rp],#4 + teq $tp,$num @ preserve carry bne .Lcopy mov sp,$num diff --git a/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl index 5cc5c599f9..0df1fad115 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ia64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -341,19 +341,19 @@ bn_mul_mont_general: { .mmb; sub rptr=rptr,len // rewind sub tptr=tptr,len clrrrb.pr };; -{ .mmi; and aptr=tptr,topbit - andcm bptr=rptr,topbit +{ .mmi; mov aptr=rptr + mov bptr=tptr mov pr.rot=1<<16 };; -{ .mii; or nptr=aptr,bptr +{ .mii; cmp.eq p0,p6=topbit,r0 mov ar.lc=lc - mov ar.ec=3 };; + mov ar.ec=2 };; .Lcopy_ctop: -{ .mmb; (p16) ld8 n[0]=[nptr],8 - (p18) st8 [tptr]=r0,8 - (p16) nop.b 0 } -{ .mmb; (p16) nop.m 0 - (p18) st8 [rptr]=n[2],8 +{ .mmi; (p16) ld8 a[0]=[aptr],8 + (p16) ld8 t[0]=[bptr],8 + (p6) mov a[1]=t[1] };; // (p17) +{ .mmb; (p17) st8 [rptr]=a[1],8 + (p17) st8 [tptr]=r0,8 br.ctop.sptk .Lcopy_ctop };; .Lcopy_cend: diff --git a/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl b/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl index a907571bec..e141e1a925 100644 --- a/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/mips-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -384,15 +384,13 @@ $code.=<<___; $PTR_SUB $rp,$num # restore rp not $hi1,$hi0 - and $ap,$hi0,$sp - and $bp,$hi1,$rp - or $ap,$ap,$bp # ap=borrow?tp:rp - -.align 4 -.Lcopy: $LD $aj,($ap) - $PTR_ADD $ap,$BNSZ +.Lcopy: $LD $nj,($tp) # conditional move + $LD $aj,($rp) $ST $zero,($tp) $PTR_ADD $tp,$BNSZ + and $nj,$hi0 + and $aj,$hi1 + or $aj,$nj sltu $at,$tp,$tj $ST $aj,($rp) bnez $at,.Lcopy diff --git a/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl b/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl index 8aa94e8511..cd9926a25f 100644 --- a/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/parisc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -517,7 +517,6 @@ L\$sub stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp ___ $code.=<<___ if ($BN_SZ==8); ldd,ma 8($tp),$ti0 @@ -532,21 +531,19 @@ L\$sub extrd,u $ti0,31,32,$ti0 ; carry in flipped word order sub,db $ti0,%r0,$hi1 - ldo -8($tp),$tp ___ $code.=<<___; - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np - + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy - ldd $idx($np),$hi0 + ldd 0($tp),$ti0 + ldd 0($rp),$hi0 std,ma %r0,8($tp) - addib,<> 8,$idx,.-8 ; L\$copy - std,ma $hi0,8($rp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 + addib,<> 8,$idx,L\$copy + std,ma $hi0,8($rp) ___ if ($BN_SZ==4) { # PA-RISC 1.1 code-path @@ -856,17 +853,16 @@ L\$sub_pa11 stws,ma $hi1,4($rp) subb $ti0,%r0,$hi1 - ldo -4($tp),$tp - and $tp,$hi1,$ap - andcm $rp,$hi1,$bp - or $ap,$bp,$np + ldo `$LOCALS+32`($fp),$tp sub $rp,$arrsz,$rp ; rewind rp subi 0,$arrsz,$idx - ldo `$LOCALS+32`($fp),$tp L\$copy_pa11 - ldwx $idx($np),$hi0 + ldw 0($tp),$ti0 + ldw 0($rp),$hi0 stws,ma %r0,4($tp) + comiclr,= 0,$hi1,%r0 + copy $ti0,$hi0 addib,<> 4,$idx,L\$copy_pa11 stws,ma $hi0,4($rp) diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl index 5802260ca6..9d14a12156 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -301,15 +301,16 @@ Lsub: $LDX $tj,$tp,$j li $j,0 mtctr $num subfe $ovf,$j,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp .align 4 -Lcopy: ; copy or in-place refresh - $LDX $tj,$ap,$j - $STX $tj,$rp,$j +Lcopy: ; conditional copy + $LDX $tj,$tp,$j + $LDX $aj,$rp,$j + and $tj,$tj,$ovf + andc $aj,$aj,$ovf $STX $j,$tp,$j ; zap at once + or $aj,$aj,$tj + $STX $aj,$rp,$j addi $j,$j,$BNSZ bdnz Lcopy diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl index 1e19c958a1..5d9f43aa5d 100644 --- a/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1501,16 +1501,14 @@ Lsub: ldx $t0,$tp,$i li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp - addi $t7,$ap,8 mtctr $j .align 4 -Lcopy: ; copy or in-place refresh - ldx $t0,$ap,$i - ldx $t1,$t7,$i +Lcopy: ; conditional copy + ldx $t0,$tp,$i + ldx $t1,$t4,$i + ldx $t2,$rp,$i + ldx $t3,$t6,$i std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1519,6 +1517,12 @@ Lcopy: ; copy or in-place refresh std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + andc $t2,$t2,$ovf + andc $t3,$t3,$ovf + or $t0,$t0,$t2 + or $t1,$t1,$t3 stdx $t0,$rp,$i stdx $t1,$t6,$i stdx $i,$tp,$i ; zap tp at once @@ -1561,20 +1565,21 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order li $i,0 subfe $ovf,$i,$ovf ; handle upmost overflow bit - addi $tp,$sp,`$FRAME+$TRANSFER+4` + addi $ap,$sp,`$FRAME+$TRANSFER+4` subf $rp,$num,$rp ; rewind rp - and $ap,$tp,$ovf - andc $np,$rp,$ovf - or $ap,$ap,$np ; ap=borrow?tp:rp addi $tp,$sp,`$FRAME+$TRANSFER` mtctr $j .align 4 -Lcopy: ; copy or in-place refresh +Lcopy: ; conditional copy lwz $t0,4($ap) lwz $t1,8($ap) lwz $t2,12($ap) lwzu $t3,16($ap) + lwz $t4,4($rp) + lwz $t5,8($rp) + lwz $t6,12($rp) + lwz $t7,16($rp) std $i,8($nap_d) ; zap nap_d std $i,16($nap_d) std $i,24($nap_d) @@ -1583,6 +1588,18 @@ Lcopy: ; copy or in-place refresh std $i,48($nap_d) std $i,56($nap_d) stdu $i,64($nap_d) + and $t0,$t0,$ovf + and $t1,$t1,$ovf + and $t2,$t2,$ovf + and $t3,$t3,$ovf + andc $t4,$t4,$ovf + andc $t5,$t5,$ovf + andc $t6,$t6,$ovf + andc $t7,$t7,$ovf + or $t0,$t0,$t4 + or $t1,$t1,$t5 + or $t2,$t2,$t6 + or $t3,$t3,$t7 stw $t0,4($rp) stw $t1,8($rp) stw $t2,12($rp) diff --git a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl index 46d746b7d0..0466e11a25 100755 --- a/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl +++ b/deps/openssl/openssl/crypto/bn/asm/rsaz-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -104,7 +104,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=11); } -if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl b/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl index 2205bc2ca0..66780cdf80 100644 --- a/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -252,16 +252,16 @@ $code.=<<___; brct $count,.Lsub lghi $ahi,0 slbgr $AHI,$ahi # handle upmost carry - - ngr $ap,$AHI - lghi $np,-1 - xgr $np,$AHI - ngr $np,$rp - ogr $ap,$np # ap=borrow?tp:rp + lghi $NHI,-1 + xgr $NHI,$AHI la $j,0(%r0) lgr $count,$num -.Lcopy: lg $alo,0($j,$ap) # copy or in-place refresh +.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy + lg $alo,0($j,$rp) + ngr $ahi,$AHI + ngr $alo,$NHI + ogr $alo,$ahi _dswap $alo stg $j,$stdframe($j,$sp) # zap tp stg $alo,0($j,$rp) diff --git a/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl index 4faf66f10a..4f339b2279 100755 --- a/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/sparct4-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -888,19 +888,17 @@ $code.=<<___; sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy @@ -1136,19 +1134,17 @@ $code.=<<___; sub $tp, $num, $tp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy_g5 sub $num, 8, $cnt .align 16 -.Lcopy_g5: ! copy or in-place refresh - ldx [$ap+0], $t2 - add $ap, 8, $ap +.Lcopy_g5: ! conditional copy + ldx [$tp], $tj + ldx [$rp+0], $t2 stx %g0, [$tp] ! zap add $tp, 8, $tp + movcs %icc, $tj, $t2 stx $t2, [$rp+0] add $rp, 8, $rp brnz $cnt, .Lcopy_g5 diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl index 6807c8b6e0..074f9df14b 100644 --- a/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/sparcv9-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -265,7 +265,6 @@ $fname: .Ltail: add $np,$num,$np add $rp,$num,$rp - mov $tp,$ap sub %g0,$num,%o7 ! k=-num ba .Lsub subcc %g0,%g0,%g0 ! clear %icc.c @@ -278,15 +277,14 @@ $fname: add %o7,4,%o7 brnz %o7,.Lsub st %o1,[$i] - subc $car2,0,$car2 ! handle upmost overflow bit - and $tp,$car2,$ap - andn $rp,$car2,$np - or $ap,$np,$ap + subccc $car2,0,$car2 ! handle upmost overflow bit sub %g0,$num,%o7 .Lcopy: - ld [$ap+%o7],%o0 ! copy or in-place refresh + ld [$tp+%o7],%o1 ! conditional copy + ld [$rp+%o7],%o0 st %g0,[$tp+%o7] ! zap tp + movcs %icc,%o1,%o0 st %o0,[$rp+%o7] add %o7,4,%o7 brnz %o7,.Lcopy @@ -495,6 +493,9 @@ $code.=<<___; mulx $npj,$mul1,$acc1 add $tpj,$car1,$car1 ld [$np+$j],$npj ! np[j] + srlx $car1,32,$tmp0 + and $car1,$mask,$car1 + add $tmp0,$sbit,$sbit add $acc0,$car1,$car1 ld [$tp+8],$tpj ! tp[j] add $acc1,$car1,$car1 diff --git a/deps/openssl/openssl/crypto/bn/asm/via-mont.pl b/deps/openssl/openssl/crypto/bn/asm/via-mont.pl index 9f81bc822e..9d65a146a2 100644 --- a/deps/openssl/openssl/crypto/bn/asm/via-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/via-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -213,18 +213,15 @@ $sp=&DWP(28,"esp"); &mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit &sbb ("eax",0); - &and ("esi","eax"); - ¬ ("eax"); - &mov ("ebp","edi"); - &and ("ebp","eax"); - &or ("esi","ebp"); # tp=carry?tp:rp &mov ("ecx","edx"); # num - &xor ("edx","edx"); # i=0 + &mov ("edx",0); # i=0 &set_label("copy",8); - &mov ("eax",&DWP(0,"esi","edx",4)); - &mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp + &mov ("ebx",&DWP(0,"esi","edx",4)); + &mov ("eax",&DWP(0,"edi","edx",4)); + &mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp + &cmovc ("eax","ebx"); &mov (&DWP(0,"edi","edx",4),"eax"); &lea ("edx",&DWP(1,"edx")); # i++ &loop (&label("copy")); diff --git a/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl b/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl index 64dba4480f..ba34b36a81 100644 --- a/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/vis3-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -310,23 +310,23 @@ $code.=<<___; sub $anp, $num, $anp sub $rp, $num, $rp - subc $ovf, %g0, $ovf ! handle upmost overflow bit - and $tp, $ovf, $ap - andn $rp, $ovf, $np - or $np, $ap, $ap ! ap=borrow?tp:rp + subccc $ovf, %g0, $ovf ! handle upmost overflow bit ba .Lcopy sub $num, 8, $cnt .align 16 -.Lcopy: ! copy or in-place refresh - ld [$ap+0], $t2 - ld [$ap+4], $t3 - add $ap, 8, $ap +.Lcopy: ! conditional copy + ld [$tp+0], $t0 + ld [$tp+4], $t1 + ld [$rp+0], $t2 + ld [$rp+4], $t3 stx %g0, [$tp] ! zap add $tp, 8, $tp stx %g0, [$anp] ! zap stx %g0, [$anp+8] add $anp, 16, $anp + movcs %icc, $t0, $t2 + movcs %icc, $t1, $t3 st $t3, [$rp+0] ! flip order st $t2, [$rp+4] add $rp, 8, $rp diff --git a/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl b/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl index a8b402d59b..f1abcc5b4c 100755 --- a/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -39,7 +39,7 @@ require "x86asm.pl"; $output = pop; open STDOUT,">$output"; - + &asm_init($ARGV[0],$0); $sse2=0; @@ -604,16 +604,18 @@ $sbit=$num; &jge (&label("sub")); &sbb ("eax",0); # handle upmost overflow bit - &and ($tp,"eax"); - ¬ ("eax"); - &mov ($np,$rp); - &and ($np,"eax"); - &or ($tp,$np); # tp=carry?tp:rp - -&set_label("copy",16); # copy or in-place refresh - &mov ("eax",&DWP(0,$tp,$num,4)); - &mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i] + &mov ("edx",-1); + &xor ("edx","eax"); + &jmp (&label("copy")); + +&set_label("copy",16); # conditional copy + &mov ($tp,&DWP($frame,"esp",$num,4)); + &mov ($np,&DWP(0,$rp,$num,4)); &mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector + &and ($tp,"eax"); + &and ($np,"edx"); + &or ($np,$tp); + &mov (&DWP(0,$rp,$num,4),$np); &dec ($num); &jge (&label("copy")); diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl index df4cca5bfe..8d2fb2cebb 100755 --- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -302,30 +302,30 @@ $code.=<<___; xor $i,$i # i=0 and clear CF! mov (%rsp),%rax # tp[0] - lea (%rsp),$ap # borrow ap for tp mov $num,$j # j=num - jmp .Lsub + .align 16 .Lsub: sbb ($np,$i,8),%rax mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] - mov 8($ap,$i,8),%rax # tp[i+1] + mov 8(%rsp,$i,8),%rax # tp[i+1] lea 1($i),$i # i++ dec $j # doesnn't affect CF! jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx # not %rax xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax - mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx + mov $num,(%rsp,$i,8) # zap temporary vector + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy @@ -695,10 +695,10 @@ ___ my @ri=("%rax","%rdx",$m0,$m1); $code.=<<___; mov 16(%rsp,$num,8),$rp # restore $rp + lea -4($num),$j mov 0(%rsp),@ri[0] # tp[0] - pxor %xmm0,%xmm0 mov 8(%rsp),@ri[1] # tp[1] - shr \$2,$num # num/=4 + shr \$2,$j # j=num/4-1 lea (%rsp),$ap # borrow ap for tp xor $i,$i # i=0 and clear CF! @@ -706,9 +706,7 @@ $code.=<<___; mov 16($ap),@ri[2] # tp[2] mov 24($ap),@ri[3] # tp[3] sbb 8($np),@ri[1] - lea -1($num),$j # j=num/4-1 - jmp .Lsub4x -.align 16 + .Lsub4x: mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] @@ -735,34 +733,35 @@ $code.=<<___; sbb \$0,@ri[0] # handle upmost overflow bit mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] - xor $i,$i # i=0 - and @ri[0],$ap - not @ri[0] - mov $rp,$np - and @ri[0],$np - lea -1($num),$j - or $np,$ap # ap=borrow?tp:rp - - movdqu ($ap),%xmm1 - movdqa %xmm0,(%rsp) - movdqu %xmm1,($rp) + pxor %xmm0,%xmm0 + movq @ri[0],%xmm4 + pcmpeqd %xmm5,%xmm5 + pshufd \$0,%xmm4,%xmm4 + mov $num,$j + pxor %xmm4,%xmm5 + shr \$2,$j # j=num/4 + xor %eax,%eax # i=0 + jmp .Lcopy4x .align 16 -.Lcopy4x: # copy or in-place refresh - movdqu 16($ap,$i),%xmm2 - movdqu 32($ap,$i),%xmm1 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) - movdqa %xmm0,32(%rsp,$i) - movdqu %xmm1,32($rp,$i) - lea 32($i),$i +.Lcopy4x: # conditional copy + movdqa (%rsp,%rax),%xmm1 + movdqu ($rp,%rax),%xmm2 + pand %xmm4,%xmm1 + pand %xmm5,%xmm2 + movdqa 16(%rsp,%rax),%xmm3 + movdqa %xmm0,(%rsp,%rax) + por %xmm2,%xmm1 + movdqu 16($rp,%rax),%xmm2 + movdqu %xmm1,($rp,%rax) + pand %xmm4,%xmm3 + pand %xmm5,%xmm2 + movdqa %xmm0,16(%rsp,%rax) + por %xmm2,%xmm3 + movdqu %xmm3,16($rp,%rax) + lea 32(%rax),%rax dec $j jnz .Lcopy4x - - shl \$2,$num - movdqu 16($ap,$i),%xmm2 - movdqa %xmm0,16(%rsp,$i) - movdqu %xmm2,16($rp,$i) ___ } $code.=<<___; diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl index 5779059ea2..97d8eee700 100755 --- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl +++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont5.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -414,18 +414,19 @@ $code.=<<___; jnz .Lsub sbb \$0,%rax # handle upmost overflow bit + mov \$-1,%rbx + xor %rax,%rbx xor $i,$i - and %rax,$ap - not %rax - mov $rp,$np - and %rax,$np mov $num,$j # j=num - or $np,$ap # ap=borrow?tp:rp -.align 16 -.Lcopy: # copy or in-place refresh - mov ($ap,$i,8),%rax + +.Lcopy: # conditional copy + mov ($rp,$i,8),%rcx + mov (%rsp,$i,8),%rdx + and %rbx,%rcx + and %rax,%rdx mov $i,(%rsp,$i,8) # zap temporary vector - mov %rax,($rp,$i,8) # rp[i]=tp[i] + or %rcx,%rdx + mov %rdx,($rp,$i,8) # rp[i]=tp[i] lea 1($i),$i sub \$1,$j jnz .Lcopy diff --git a/deps/openssl/openssl/crypto/bn/bn_div.c b/deps/openssl/openssl/crypto/bn/bn_div.c index 5e620b2096..884ff29917 100644 --- a/deps/openssl/openssl/crypto/bn/bn_div.c +++ b/deps/openssl/openssl/crypto/bn/bn_div.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -240,6 +240,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, wnum.neg = 0; wnum.d = &(snum->d[loop]); wnum.top = div_n; + wnum.flags = BN_FLG_STATIC_DATA; /* * only needed when BN_ucmp messes up the values between top and max */ diff --git a/deps/openssl/openssl/crypto/bn/bn_exp.c b/deps/openssl/openssl/crypto/bn/bn_exp.c index 0d2d1eca6b..a6ad475a0b 100644 --- a/deps/openssl/openssl/crypto/bn/bn_exp.c +++ b/deps/openssl/openssl/crypto/bn/bn_exp.c @@ -188,8 +188,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { @@ -330,8 +330,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -371,17 +371,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ret = 1; goto err; } - if (!BN_to_montgomery(val[0], aa, mont, ctx)) + if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx)) goto err; /* 1 */ window = BN_window_bits_for_exponent_size(bits); if (window > 1) { - if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) + if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx)) goto err; /* 2 */ j = 1 << (window - 1); for (i = 1; i < j; i++) { if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx)) + !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx)) goto err; } } @@ -403,19 +403,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, for (i = 1; i < j; i++) r->d[i] = (~m->d[i]) & BN_MASK2; r->top = j; - /* - * Upper words will be zero if the corresponding words of 'm' were - * 0xfff[...], so decrement r->top accordingly. - */ - bn_correct_top(r); + r->flags |= BN_FLG_FIXED_TOP; } else #endif - if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx)) goto err; for (;;) { if (BN_is_bit_set(p, wstart) == 0) { if (!start) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) goto err; } if (wstart == 0) @@ -446,12 +442,12 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* add the 'bytes above' */ if (!start) for (i = 0; i < j; i++) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) goto err; } /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx)) goto err; /* move the 'window' down further */ @@ -461,6 +457,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (wstart < 0) break; } + /* + * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery + * removes padding [if any] and makes return value suitable for public + * API consumer. + */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { j = mont->N.top; /* borrow j */ @@ -587,7 +588,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, } b->top = top; - bn_correct_top(b); + b->flags |= BN_FLG_FIXED_TOP; return 1; } @@ -639,8 +640,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, */ bits = p->top * BN_BITS2; if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -757,16 +758,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, tmp.top = top; } else #endif - if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx)) goto err; /* prepare a^1 in Montgomery domain */ if (a->neg || BN_ucmp(a, m) >= 0) { if (!BN_mod(&am, a, m, ctx)) goto err; - if (!BN_to_montgomery(&am, &am, mont, ctx)) + if (!bn_to_mont_fixed_top(&am, &am, mont, ctx)) goto err; - } else if (!BN_to_montgomery(&am, a, mont, ctx)) + } else if (!bn_to_mont_fixed_top(&am, a, mont, ctx)) goto err; #if defined(SPARC_T4_MONT) @@ -1033,14 +1034,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, * performance advantage of sqr over mul). */ if (window > 1) { - if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, window)) goto err; for (i = 3; i < numPowers; i++) { /* Calculate a^i = a^(i-1) * a */ - if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, window)) @@ -1064,7 +1065,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* Scan the window, squaring the result as we go */ for (i = 0; i < window; i++, bits--) { - if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx)) goto err; wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); } @@ -1077,12 +1078,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; /* Multiply the result into the intermediate result */ - if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx)) goto err; } } - /* Convert the final result from montgomery to standard format */ + /* + * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery + * removes padding [if any] and makes return value suitable for public + * API consumer. + */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { am.d[0] = 1; /* borrow am */ @@ -1151,8 +1156,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, bits = BN_num_bits(p); if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(rr); } else { @@ -1273,9 +1278,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1 is still zero. */ - if (BN_is_one(m)) { + if (bits == 0) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ + if (BN_abs_is_word(m, 1)) { ret = 1; BN_zero(r); } else { diff --git a/deps/openssl/openssl/crypto/bn/bn_gcd.c b/deps/openssl/openssl/crypto/bn/bn_gcd.c index 067642644e..bed231c8fa 100644 --- a/deps/openssl/openssl/crypto/bn/bn_gcd.c +++ b/deps/openssl/openssl/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -140,7 +140,14 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, BIGNUM *ret = NULL; int sign; - if (pnoinv) + /* This is invalid input so we don't worry about constant time here */ + if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { + if (pnoinv != NULL) + *pnoinv = 1; + return NULL; + } + + if (pnoinv != NULL) *pnoinv = 0; if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) diff --git a/deps/openssl/openssl/crypto/bn/bn_gf2m.c b/deps/openssl/openssl/crypto/bn/bn_gf2m.c index b1987f55dd..d80f3ec940 100644 --- a/deps/openssl/openssl/crypto/bn/bn_gf2m.c +++ b/deps/openssl/openssl/crypto/bn/bn_gf2m.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,30 +32,32 @@ */ # define MAX_ITERATIONS 50 -static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, - 64, 65, 68, 69, 80, 81, 84, 85 -}; +# define SQR_nibble(w) ((((w) & 8) << 3) \ + | (((w) & 4) << 2) \ + | (((w) & 2) << 1) \ + | ((w) & 1)) + /* Platform-specific macros to accelerate squaring. */ # if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) # define SQR1(w) \ - SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ - SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ - SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ - SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] + SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \ + SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \ + SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \ + SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32) # define SQR0(w) \ - SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ - SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \ + SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \ + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # ifdef THIRTY_TWO_BIT # define SQR1(w) \ - SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ - SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] + SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \ + SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16) # define SQR0(w) \ - SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ - SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ + SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) # endif # if !defined(OPENSSL_BN_ASM_GF2m) diff --git a/deps/openssl/openssl/crypto/bn/bn_intern.c b/deps/openssl/openssl/crypto/bn/bn_intern.c index 2c970647de..7b25927f9b 100644 --- a/deps/openssl/openssl/crypto/bn/bn_intern.c +++ b/deps/openssl/openssl/crypto/bn/bn_intern.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -177,16 +177,20 @@ BN_ULONG *bn_get_words(const BIGNUM *a) return a->d; } -void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size) +void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size) { - a->d = words; + /* + * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA + * flag, which effectively means "read-only data". + */ + a->d = (BN_ULONG *)words; a->dmax = a->top = size; a->neg = 0; a->flags |= BN_FLG_STATIC_DATA; bn_correct_top(a); } -int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words) +int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words) { if (bn_wexpand(a, num_words) == NULL) { BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE); diff --git a/deps/openssl/openssl/crypto/bn/bn_lcl.h b/deps/openssl/openssl/crypto/bn/bn_lcl.h index 5fb3814554..4d9808f5b8 100644 --- a/deps/openssl/openssl/crypto/bn/bn_lcl.h +++ b/deps/openssl/openssl/crypto/bn/bn_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -145,7 +145,16 @@ extern "C" { */ # ifdef BN_DEBUG - +/* + * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with + * bn_correct_top, in other words such vectors are permitted to have zeros + * in most significant limbs. Such vectors are used internally to achieve + * execution time invariance for critical operations with private keys. + * It's BN_DEBUG-only flag, because user application is not supposed to + * observe it anyway. Moreover, optimizing compiler would actually remove + * all operations manipulating the bit in question in non-BN_DEBUG build. + */ +# define BN_FLG_FIXED_TOP 0x10000 # ifdef BN_DEBUG_RAND /* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ # ifndef RAND_bytes @@ -177,8 +186,10 @@ int RAND_bytes(unsigned char *buf, int num); do { \ const BIGNUM *_bnum2 = (a); \ if (_bnum2 != NULL) { \ - OPENSSL_assert(((_bnum2->top == 0) && !_bnum2->neg) || \ - (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \ + int _top = _bnum2->top; \ + OPENSSL_assert((_top == 0 && !_bnum2->neg) || \ + (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ + || _bnum2->d[_top - 1] != 0))); \ bn_pollute(_bnum2); \ } \ } while(0) @@ -197,6 +208,7 @@ int RAND_bytes(unsigned char *buf, int num); # else /* !BN_DEBUG */ +# define BN_FLG_FIXED_TOP 0 # define bn_pollute(a) # define bn_check_top(a) # define bn_fix_top(a) bn_correct_top(a) @@ -228,7 +240,8 @@ struct bignum_st { /* Used for montgomery multiplication */ struct bn_mont_ctx_st { int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM RR; /* used to convert to montgomery form, + possibly zero-padded */ BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only * stored for bignum algorithm) */ diff --git a/deps/openssl/openssl/crypto/bn/bn_lib.c b/deps/openssl/openssl/crypto/bn/bn_lib.c index 7058494092..25eac396e0 100644 --- a/deps/openssl/openssl/crypto/bn/bn_lib.c +++ b/deps/openssl/openssl/crypto/bn/bn_lib.c @@ -12,6 +12,7 @@ #include "internal/cryptlib.h" #include "bn_lcl.h" #include <openssl/opensslconf.h> +#include "internal/constant_time_locl.h" /* This stuff appears to be completely unused, so is deprecated */ #if OPENSSL_API_COMPAT < 0x00908000L @@ -222,8 +223,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) const BN_ULONG *B; int i; - bn_check_top(b); - if (words > (INT_MAX / (4 * BN_BITS2))) { BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG); return NULL; @@ -298,8 +297,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BIGNUM *bn_expand2(BIGNUM *b, int words) { - bn_check_top(b); - if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); if (!a) @@ -312,7 +309,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) b->dmax = words; } - bn_check_top(b); return b; } @@ -379,12 +375,19 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); #endif - a->top = b->top; a->neg = b->neg; + a->top = b->top; + a->flags |= b->flags & BN_FLG_FIXED_TOP; bn_check_top(a); return (a); } +#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \ + | BN_FLG_CONSTTIME \ + | BN_FLG_SECURE \ + | BN_FLG_FIXED_TOP)) +#define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED)) + void BN_swap(BIGNUM *a, BIGNUM *b) { int flags_old_a, flags_old_b; @@ -412,10 +415,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b) b->dmax = tmp_dmax; b->neg = tmp_neg; - a->flags = - (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); - b->flags = - (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); + a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b); + b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a); bn_check_top(a); bn_check_top(b); } @@ -425,8 +426,9 @@ void BN_clear(BIGNUM *a) bn_check_top(a); if (a->d != NULL) OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); - a->top = 0; a->neg = 0; + a->top = 0; + a->flags &= ~BN_FLG_FIXED_TOP; } BN_ULONG BN_get_word(const BIGNUM *a) @@ -447,6 +449,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w) a->neg = 0; a->d[0] = w; a->top = (w ? 1 : 0); + a->flags &= ~BN_FLG_FIXED_TOP; bn_check_top(a); return (1); } @@ -499,24 +502,29 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) /* ignore negative */ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i; + int n; + size_t i, inc, lasti, j; BN_ULONG l; - bn_check_top(a); - i = BN_num_bytes(a); + n = BN_num_bytes(a); if (tolen == -1) - tolen = i; - else if (tolen < i) + tolen = n; + else if (tolen < n) return -1; - /* Add leading zeroes if necessary */ - if (tolen > i) { - memset(to, 0, tolen - i); - to += tolen - i; + + if (n == 0) { + OPENSSL_cleanse(to, tolen); + return tolen; } - while (i--) { + + lasti = n - 1; + for (i = 0, inc = 1, j = tolen; j > 0;) { l = a->d[i / BN_BYTES]; - *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; + to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc)); + inc = (i - lasti) >> (8 * sizeof(i) - 1); + i += inc; /* stay on top limb */ } + return tolen; } @@ -683,6 +691,7 @@ int BN_set_bit(BIGNUM *a, int n) for (k = a->top; k < i + 1; k++) a->d[k] = 0; a->top = i + 1; + a->flags &= ~BN_FLG_FIXED_TOP; } a->d[i] |= (((BN_ULONG)1) << j); @@ -824,6 +833,34 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) a->top ^= t; b->top ^= t; + t = (a->neg ^ b->neg) & condition; + a->neg ^= t; + b->neg ^= t; + + /*- + * Idea behind BN_FLG_STATIC_DATA is actually to + * indicate that data may not be written to. + * Intention is actually to treat it as it's + * read-only data, and some (if not most) of it does + * reside in read-only segment. In other words + * observation of BN_FLG_STATIC_DATA in + * BN_consttime_swap should be treated as fatal + * condition. It would either cause SEGV or + * effectively cause data corruption. + * BN_FLG_MALLOCED refers to BN structure itself, + * and hence must be preserved. Remaining flags are + * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be + * preserved, because it determines how x->d was + * allocated and hence how to free it. This leaves + * BN_FLG_CONSTTIME that one can do something about. + * To summarize it's sufficient to mask and swap + * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should + * be treated as fatal. + */ + t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition; + a->flags ^= t; + b->flags ^= t; + #define BN_CONSTTIME_SWAP(ind) \ do { \ t = (a->d[ind] ^ b->d[ind]) & condition; \ @@ -887,8 +924,9 @@ int BN_security_bits(int L, int N) void BN_zero_ex(BIGNUM *a) { - a->top = 0; a->neg = 0; + a->top = 0; + a->flags &= ~BN_FLG_FIXED_TOP; } int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) @@ -1012,5 +1050,6 @@ void bn_correct_top(BIGNUM *a) } if (a->top == 0) a->neg = 0; + a->flags &= ~BN_FLG_FIXED_TOP; bn_pollute(a); } diff --git a/deps/openssl/openssl/crypto/bn/bn_mod.c b/deps/openssl/openssl/crypto/bn/bn_mod.c index 13b583f76c..2361094ee4 100644 --- a/deps/openssl/openssl/crypto/bn/bn_mod.c +++ b/deps/openssl/openssl/crypto/bn/bn_mod.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -35,18 +35,73 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, /* * BN_mod_add variant that may be used if both a and b are non-negative and - * less than m + * less than m. The original algorithm was + * + * if (!BN_uadd(r, a, b)) + * return 0; + * if (BN_ucmp(r, m) >= 0) + * return BN_usub(r, r, m); + * + * which is replaced with addition, subtracting modulus, and conditional + * move depending on whether or not subtraction borrowed. */ -int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) { - if (!BN_uadd(r, a, b)) + size_t i, ai, bi, mtop = m->top; + BN_ULONG storage[1024 / BN_BITS2]; + BN_ULONG carry, temp, mask, *rp, *tp = storage; + const BN_ULONG *ap, *bp; + + if (bn_wexpand(r, mtop) == NULL) return 0; - if (BN_ucmp(r, m) >= 0) - return BN_usub(r, r, m); + + if (mtop > sizeof(storage) / sizeof(storage[0]) + && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL) + return 0; + + ap = a->d != NULL ? a->d : tp; + bp = b->d != NULL ? b->d : tp; + + for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) { + mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); + temp = ((ap[ai] & mask) + carry) & BN_MASK2; + carry = (temp < carry); + + mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); + tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2; + carry += (tp[i] < temp); + + i++; + ai += (i - a->dmax) >> (8 * sizeof(i) - 1); + bi += (i - b->dmax) >> (8 * sizeof(i) - 1); + } + rp = r->d; + carry -= bn_sub_words(rp, tp, m->d, mtop); + for (i = 0; i < mtop; i++) { + rp[i] = (carry & tp[i]) | (~carry & rp[i]); + ((volatile BN_ULONG *)tp)[i] = 0; + } + r->top = mtop; + r->neg = 0; + + if (tp != storage) + OPENSSL_free(tp); + return 1; } +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) +{ + int ret = bn_mod_add_fixed_top(r, a, b, m); + + if (ret) + bn_correct_top(r); + + return ret; +} + int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) { diff --git a/deps/openssl/openssl/crypto/bn/bn_mont.c b/deps/openssl/openssl/crypto/bn/bn_mont.c index faef581571..3ccf8eaf37 100644 --- a/deps/openssl/openssl/crypto/bn/bn_mont.c +++ b/deps/openssl/openssl/crypto/bn/bn_mont.c @@ -20,29 +20,43 @@ #define MONT_WORD /* use the faster word-based algorithm */ #ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); +static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); #endif int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { + int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx) +{ BIGNUM *tmp; int ret = 0; -#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) int num = mont->N.top; +#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) if (num > 1 && a->top == num && b->top == num) { if (bn_wexpand(r, num) == NULL) return (0); if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { r->neg = a->neg ^ b->neg; r->top = num; - bn_correct_top(r); + r->flags |= BN_FLG_FIXED_TOP; return (1); } } #endif + if ((a->top + b->top) > 2 * num) + return 0; + BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); if (tmp == NULL) @@ -58,13 +72,12 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } /* reduce from aRR to aR */ #ifdef MONT_WORD - if (!BN_from_montgomery_word(r, tmp, mont)) + if (!bn_from_montgomery_word(r, tmp, mont)) goto err; #else if (!BN_from_montgomery(r, tmp, mont, ctx)) goto err; #endif - bn_check_top(r); ret = 1; err: BN_CTX_end(ctx); @@ -72,7 +85,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } #ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) +static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) { BIGNUM *n; BN_ULONG *ap, *np, *rp, n0, v, carry; @@ -99,6 +112,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) memset(&rp[r->top], 0, sizeof(*rp) * i); r->top = max; + r->flags |= BN_FLG_FIXED_TOP; n0 = mont->n0[0]; /* @@ -117,6 +131,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) if (bn_wexpand(ret, nl) == NULL) return (0); ret->top = nl; + ret->flags |= BN_FLG_FIXED_TOP; ret->neg = r->neg; rp = ret->d; @@ -127,20 +142,16 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) */ ap = &(r->d[nl]); + carry -= bn_sub_words(rp, ap, np, nl); /* - * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v| - * cannot be -1. That would imply the subtraction did not fit in |nl| words, - * and we know at most one subtraction is needed. + * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note + * |carry| cannot be 1. That would imply the subtraction did not fit in + * |nl| words, and we know at most one subtraction is needed. */ - v = bn_sub_words(rp, ap, np, nl) - carry; - v = 0 - v; for (i = 0; i < nl; i++) { - rp[i] = (v & ap[i]) | (~v & rp[i]); + rp[i] = (carry & ap[i]) | (~carry & rp[i]); ap[i] = 0; } - bn_correct_top(r); - bn_correct_top(ret); - bn_check_top(ret); return (1); } @@ -154,8 +165,11 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BIGNUM *t; BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) - retn = BN_from_montgomery_word(ret, t, mont); + if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) { + retn = bn_from_montgomery_word(ret, t, mont); + bn_correct_top(ret); + bn_check_top(ret); + } BN_CTX_end(ctx); #else /* !MONT_WORD */ BIGNUM *t1, *t2; @@ -193,6 +207,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, return (retn); } +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) +{ + return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx); +} + BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret; @@ -229,7 +249,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { - int ret = 0; + int i, ret = 0; BIGNUM *Ri, *R; if (BN_is_zero(mod)) @@ -278,7 +298,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if ((buf[1] = mod->top > 1 ? mod->d[1] : 0)) tmod.top = 2; - if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) + if (BN_is_one(&tmod)) + BN_zero(Ri); + else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) goto err; /* R*Ri */ @@ -311,7 +333,9 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) buf[1] = 0; tmod.top = buf[0] != 0 ? 1 : 0; /* Ri = R^-1 mod N */ - if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) + if (BN_is_one(&tmod)) + BN_zero(Ri); + else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) goto err; if (!BN_lshift(Ri, Ri, BN_BITS2)) goto err; /* R*Ri */ @@ -360,6 +384,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) goto err; + for (i = mont->RR.top, ret = mont->N.top; i < ret; i++) + mont->RR.d[i] = 0; + mont->RR.top = ret; + mont->RR.flags |= BN_FLG_FIXED_TOP; + ret = 1; err: BN_CTX_end(ctx); diff --git a/deps/openssl/openssl/crypto/bn/bn_prime.h b/deps/openssl/openssl/crypto/bn/bn_prime.h index 5f5cc4f580..41440fa4e1 100644 --- a/deps/openssl/openssl/crypto/bn/bn_prime.h +++ b/deps/openssl/openssl/crypto/bn/bn_prime.h @@ -15,260 +15,260 @@ typedef unsigned short prime_t; static const prime_t primes[2048] = { - 2, 3, 5, 7, 11, 13, 17, 19, - 23, 29, 31, 37, 41, 43, 47, 53, - 59, 61, 67, 71, 73, 79, 83, 89, - 97, 101, 103, 107, 109, 113, 127, 131, - 137, 139, 149, 151, 157, 163, 167, 173, - 179, 181, 191, 193, 197, 199, 211, 223, - 227, 229, 233, 239, 241, 251, 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, - 313, 317, 331, 337, 347, 349, 353, 359, - 367, 373, 379, 383, 389, 397, 401, 409, - 419, 421, 431, 433, 439, 443, 449, 457, - 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, - 571, 577, 587, 593, 599, 601, 607, 613, - 617, 619, 631, 641, 643, 647, 653, 659, - 661, 673, 677, 683, 691, 701, 709, 719, - 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, - 829, 839, 853, 857, 859, 863, 877, 881, - 883, 887, 907, 911, 919, 929, 937, 941, - 947, 953, 967, 971, 977, 983, 991, 997, - 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, - 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, - 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, - 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, - 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, - 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, - 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, - 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, - 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, - 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, - 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, - 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, - 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, - 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, - 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, - 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, - 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, - 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, - 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, - 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, - 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, - 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, - 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, - 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, - 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, - 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, - 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, - 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, - 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, - 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, - 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, - 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, - 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, - 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, - 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, - 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, - 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, - 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, - 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, - 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, - 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, - 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, - 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, - 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, - 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, - 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, - 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, - 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, - 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, - 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, - 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, - 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, - 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, - 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, - 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, - 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, - 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, - 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, - 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, - 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, - 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, - 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, - 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, - 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, - 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, - 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, - 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, - 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, - 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, - 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, - 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, - 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, - 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, - 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, - 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, - 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, - 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, - 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, - 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, - 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, - 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, - 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, - 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, - 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, - 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, - 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, - 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, - 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, - 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, - 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, - 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, - 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, - 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, - 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, - 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, - 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, - 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, - 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, - 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, - 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, - 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, - 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, - 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, - 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, - 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, - 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, - 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, - 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, - 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, - 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, - 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, - 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, - 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, - 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, - 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, - 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, - 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, - 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, - 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, - 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, - 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, - 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, - 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, - 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, - 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, - 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, - 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, - 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, - 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, - 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, - 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, - 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, - 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, - 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, - 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, - 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, - 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, - 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, - 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, - 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, - 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, - 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, - 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, - 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, - 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, - 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, - 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, - 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, - 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, - 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, - 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, - 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, - 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, - 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, - 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, - 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, - 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, - 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, - 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, - 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, - 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, - 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, - 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, - 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, - 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, - 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, - 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, - 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, - 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, - 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, - 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, - 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, - 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, - 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, - 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, - 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, - 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, - 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, - 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, - 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, - 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, - 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, - 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, - 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, - 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, - 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, - 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, - 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, - 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, - 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, - 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, - 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, - 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, - 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, - 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, - 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, - 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, - 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, - 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, - 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, - 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, - 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, - 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, - 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, - 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, - 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, - 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, - 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, - 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, - 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, - 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, - 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, - 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, - 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, - 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, - 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, - 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, - 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, - 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, - 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, - 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, - 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, - 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, - 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, - 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, - 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, - 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, - 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, - 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, - 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, - 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, - 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, - 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, - 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, - 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, + 2, 3, 5, 7, 11, 13, 17, 19, + 23, 29, 31, 37, 41, 43, 47, 53, + 59, 61, 67, 71, 73, 79, 83, 89, + 97, 101, 103, 107, 109, 113, 127, 131, + 137, 139, 149, 151, 157, 163, 167, 173, + 179, 181, 191, 193, 197, 199, 211, 223, + 227, 229, 233, 239, 241, 251, 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, + 313, 317, 331, 337, 347, 349, 353, 359, + 367, 373, 379, 383, 389, 397, 401, 409, + 419, 421, 431, 433, 439, 443, 449, 457, + 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, + 571, 577, 587, 593, 599, 601, 607, 613, + 617, 619, 631, 641, 643, 647, 653, 659, + 661, 673, 677, 683, 691, 701, 709, 719, + 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, + 829, 839, 853, 857, 859, 863, 877, 881, + 883, 887, 907, 911, 919, 929, 937, 941, + 947, 953, 967, 971, 977, 983, 991, 997, + 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, + 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, + 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, + 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, + 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, + 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, + 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, + 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, + 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, + 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, + 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, + 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, + 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, + 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, + 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, + 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, + 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, + 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, + 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, + 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, + 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, + 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, + 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, + 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, + 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, + 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, + 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, + 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, + 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, + 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, + 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, + 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, + 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, + 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, + 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, + 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, + 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, + 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, + 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, + 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, + 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, + 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, + 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, + 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, + 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, + 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, + 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, + 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, + 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, + 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, + 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, + 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, + 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, + 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, + 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, + 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, + 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, + 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, + 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, + 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, + 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, + 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, + 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, + 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, + 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, + 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, + 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, + 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, + 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, + 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, + 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, + 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, + 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, + 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, + 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, + 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, + 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, + 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, + 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, + 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, + 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, + 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, + 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, + 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, + 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, + 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, + 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, + 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, + 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, + 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, + 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, + 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, + 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, + 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, + 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, + 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, + 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, + 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, + 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, + 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, + 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, + 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, + 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, + 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, + 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, + 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, + 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, + 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, + 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, + 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, + 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, + 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, + 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, + 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, + 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, + 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, + 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, + 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, + 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, + 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, + 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, + 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, + 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, + 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, + 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, + 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, + 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, + 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, + 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, + 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, + 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, + 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, + 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, + 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, + 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, + 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, + 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, + 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, + 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, + 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, + 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, + 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, + 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, + 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, + 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, + 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, + 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, + 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, + 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, + 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, + 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, + 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, + 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, + 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, + 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, + 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, + 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, + 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, + 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, + 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, + 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, + 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, + 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, + 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, + 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, + 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, + 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, + 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, + 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, + 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, + 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, + 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, + 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, + 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, + 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, + 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, + 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, + 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, + 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, + 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, + 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, + 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, + 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, + 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, + 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, + 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, + 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, + 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, + 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, + 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, + 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, + 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, + 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, + 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, + 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, + 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, + 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, + 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, + 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, + 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, + 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, + 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, + 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, + 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, + 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, + 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, + 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, + 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, + 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, + 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, + 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, + 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, + 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, + 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, + 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, + 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, + 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, + 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, + 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, + 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, + 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, + 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, + 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, + 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, + 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, + 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, + 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, + 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, + 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, + 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, + 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, + 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, + 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, + 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, + 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, }; diff --git a/deps/openssl/openssl/crypto/bn/bn_sqr.c b/deps/openssl/openssl/crypto/bn/bn_sqr.c index 44e7332acf..1f12a14e44 100644 --- a/deps/openssl/openssl/crypto/bn/bn_sqr.c +++ b/deps/openssl/openssl/crypto/bn/bn_sqr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -82,14 +82,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) } rr->neg = 0; - /* - * If the most-significant half of the top word of 'a' is zero, then the - * square of 'a' will max-1 words. - */ - if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) - rr->top = max - 1; - else - rr->top = max; + rr->top = max; + bn_correct_top(rr); if (r != rr && BN_copy(r, rr) == NULL) goto err; diff --git a/deps/openssl/openssl/crypto/build.info b/deps/openssl/openssl/crypto/build.info index 916d24f66e..e693ebadcd 100644 --- a/deps/openssl/openssl/crypto/build.info +++ b/deps/openssl/openssl/crypto/build.info @@ -1,4 +1,3 @@ -{- use File::Spec::Functions qw/catdir catfile/; -} LIBS=../libcrypto SOURCE[../libcrypto]=\ cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ diff --git a/deps/openssl/openssl/crypto/cast/asm/cast-586.pl b/deps/openssl/openssl/crypto/cast/asm/cast-586.pl index 9024b67e32..6beb9c5f25 100644 --- a/deps/openssl/openssl/crypto/cast/asm/cast-586.pl +++ b/deps/openssl/openssl/crypto/cast/asm/cast-586.pl @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html -# This flag makes the inner loop one cycle longer, but generates +# This flag makes the inner loop one cycle longer, but generates # code that runs %30 faster on the pentium pro/II, 44% faster # of PIII, while only %7 slower on the pentium. # By default, this flag is on. diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl index c90306e45c..b5e21e4938 100755 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv4.pl @@ -15,7 +15,7 @@ # ==================================================================== # # December 2014 -# +# # ChaCha20 for ARMv4. # # Performance in cycles per byte out of large buffer. @@ -720,7 +720,7 @@ ChaCha20_neon: vadd.i32 $d2,$d1,$t0 @ counter+2 str @t[3], [sp,#4*(16+15)] mov @t[3],#10 - add @x[12],@x[12],#3 @ counter+3 + add @x[12],@x[12],#3 @ counter+3 b .Loop_neon .align 4 diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl index db3776a2fc..f7e1074714 100755 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-armv8.pl @@ -15,7 +15,7 @@ # ==================================================================== # # June 2015 -# +# # ChaCha20 for ARMv8. # # Performance in cycles per byte out of large buffer. @@ -201,7 +201,7 @@ ChaCha20_ctr32: mov $ctr,#10 subs $len,$len,#64 .Loop: - sub $ctr,$ctr,#1 + sub $ctr,$ctr,#1 ___ foreach (&ROUND(0, 4, 8,12)) { eval; } foreach (&ROUND(0, 5,10,15)) { eval; } diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl index f972ee471a..181decdad9 100755 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-ppc.pl @@ -15,7 +15,7 @@ # ==================================================================== # # October 2015 -# +# # ChaCha20 for PowerPC/AltiVec. # # Performance in cycles per byte out of large buffer. @@ -525,7 +525,7 @@ $code.=<<___; lwz @d[3],12($ctr) vadduwm @K[5],@K[4],@K[5] - vspltisw $twenty,-12 # synthesize constants + vspltisw $twenty,-12 # synthesize constants vspltisw $twelve,12 vspltisw $twenty5,-7 #vspltisw $seven,7 # synthesized in the loop diff --git a/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl b/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl index 61b328612b..932dec67e4 100755 --- a/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl +++ b/deps/openssl/openssl/crypto/chacha/asm/chacha-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -61,7 +61,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && $1>=10); # first version supporting AVX $ymm=1 if ($xmm && !$ymm && - `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && + `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $a="eax"; diff --git a/deps/openssl/openssl/crypto/chacha/build.info b/deps/openssl/openssl/crypto/chacha/build.info index ed1e01ae30..f99114c135 100644 --- a/deps/openssl/openssl/crypto/chacha/build.info +++ b/deps/openssl/openssl/crypto/chacha/build.info @@ -8,8 +8,6 @@ GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl $(PERLASM_SCHEME) INCLUDE[chacha-armv4.o]=.. GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl $(PERLASM_SCHEME) INCLUDE[chacha-armv8.o]=.. -GENERATE[chacha-s390x.S]=asm/chacha-s390x.pl $(PERLASM_SCHEME) -INCLUDE[chacha-s390x.o]=.. BEGINRAW[Makefile(unix)] ##### CHACHA assembler implementations diff --git a/deps/openssl/openssl/crypto/cms/cms_env.c b/deps/openssl/openssl/crypto/cms/cms_env.c index 8d45943530..fe5076ec02 100644 --- a/deps/openssl/openssl/crypto/cms/cms_env.c +++ b/deps/openssl/openssl/crypto/cms/cms_env.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -282,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT); return 0; } + EVP_PKEY_free(ri->d.ktri->pkey); ri->d.ktri->pkey = pkey; return 1; } diff --git a/deps/openssl/openssl/crypto/cms/cms_smime.c b/deps/openssl/openssl/crypto/cms/cms_smime.c index 7e7b6e5d4f..5dcf803f4b 100644 --- a/deps/openssl/openssl/crypto/cms/cms_smime.c +++ b/deps/openssl/openssl/crypto/cms/cms_smime.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -631,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) * all. */ else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { + EVP_PKEY_up_ref(pk); CMS_RecipientInfo_set0_pkey(ri, pk); r = CMS_RecipientInfo_decrypt(cms, ri); CMS_RecipientInfo_set0_pkey(ri, NULL); diff --git a/deps/openssl/openssl/crypto/conf/build.info b/deps/openssl/openssl/crypto/conf/build.info index 4438eb4262..ff367994ea 100644 --- a/deps/openssl/openssl/crypto/conf/build.info +++ b/deps/openssl/openssl/crypto/conf/build.info @@ -1,4 +1,4 @@ LIBS=../../libcrypto SOURCE[../../libcrypto]= \ conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \ - conf_mall.c conf_sap.c + conf_mall.c conf_sap.c conf_ssl.c diff --git a/deps/openssl/openssl/crypto/conf/conf_api.c b/deps/openssl/openssl/crypto/conf/conf_api.c index 5535416ab3..79e682a847 100644 --- a/deps/openssl/openssl/crypto/conf/conf_api.c +++ b/deps/openssl/openssl/crypto/conf/conf_api.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -205,10 +205,14 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) vv = lh_CONF_VALUE_insert(conf->data, v); OPENSSL_assert(vv == NULL); + if (lh_CONF_VALUE_error(conf->data) > 0) + goto err; return v; err: sk_CONF_VALUE_free(sk); + if (v != NULL) + OPENSSL_free(v->section); OPENSSL_free(v); return NULL; } diff --git a/deps/openssl/openssl/crypto/conf/conf_err.c b/deps/openssl/openssl/crypto/conf/conf_err.c index 0863bc4d36..19f480d5b3 100644 --- a/deps/openssl/openssl/crypto/conf/conf_err.c +++ b/deps/openssl/openssl/crypto/conf/conf_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,7 @@ static ERR_STRING_DATA CONF_str_functs[] = { {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, + {ERR_FUNC(CONF_F_SSL_MODULE_INIT), "ssl_module_init"}, {ERR_FUNC(CONF_F_STR_COPY), "str_copy"}, {0, NULL} }; @@ -57,6 +58,12 @@ static ERR_STRING_DATA CONF_str_reasons[] = { {ERR_REASON(CONF_R_NO_SECTION), "no section"}, {ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"}, {ERR_REASON(CONF_R_NO_VALUE), "no value"}, + {ERR_REASON(CONF_R_SSL_COMMAND_SECTION_EMPTY), + "ssl command section empty"}, + {ERR_REASON(CONF_R_SSL_COMMAND_SECTION_NOT_FOUND), + "ssl command section not found"}, + {ERR_REASON(CONF_R_SSL_SECTION_EMPTY), "ssl section empty"}, + {ERR_REASON(CONF_R_SSL_SECTION_NOT_FOUND), "ssl section not found"}, {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), "unable to create new section"}, {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"}, diff --git a/deps/openssl/openssl/crypto/conf/conf_lcl.h b/deps/openssl/openssl/crypto/conf/conf_lcl.h new file mode 100644 index 0000000000..6e1f7fe00d --- /dev/null +++ b/deps/openssl/openssl/crypto/conf/conf_lcl.h @@ -0,0 +1,11 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +void conf_add_ssl_module(void); + diff --git a/deps/openssl/openssl/crypto/conf/conf_mall.c b/deps/openssl/openssl/crypto/conf/conf_mall.c index 4e7a434e0e..7e86948e89 100644 --- a/deps/openssl/openssl/crypto/conf/conf_mall.c +++ b/deps/openssl/openssl/crypto/conf/conf_mall.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #include <openssl/x509.h> #include <openssl/asn1.h> #include <openssl/engine.h> +#include "conf_lcl.h" /* Load all OpenSSL builtin modules */ @@ -26,4 +27,5 @@ void OPENSSL_load_builtin_modules(void) ENGINE_add_conf_module(); #endif EVP_add_alg_module(); + conf_add_ssl_module(); } diff --git a/deps/openssl/openssl/crypto/conf/conf_ssl.c b/deps/openssl/openssl/crypto/conf/conf_ssl.c new file mode 100644 index 0000000000..015c46c6da --- /dev/null +++ b/deps/openssl/openssl/crypto/conf/conf_ssl.c @@ -0,0 +1,178 @@ +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include <string.h> +#include <openssl/conf.h> +#include <openssl/err.h> +#include "internal/sslconf.h" +#include "conf_lcl.h" + +/* + * SSL library configuration module placeholder. We load it here but defer + * all decisions about its contents to libssl. + */ + +struct ssl_conf_name_st { + /* Name of this set of commands */ + char *name; + /* List of commands */ + SSL_CONF_CMD *cmds; + /* Number of commands */ + size_t cmd_count; +}; + +struct ssl_conf_cmd_st { + /* Command */ + char *cmd; + /* Argument */ + char *arg; +}; + +static struct ssl_conf_name_st *ssl_names; +static size_t ssl_names_count; + +static void ssl_module_free(CONF_IMODULE *md) +{ + size_t i, j; + if (ssl_names == NULL) + return; + for (i = 0; i < ssl_names_count; i++) { + struct ssl_conf_name_st *tname = ssl_names + i; + + OPENSSL_free(tname->name); + for (j = 0; j < tname->cmd_count; j++) { + OPENSSL_free(tname->cmds[j].cmd); + OPENSSL_free(tname->cmds[j].arg); + } + OPENSSL_free(tname->cmds); + } + OPENSSL_free(ssl_names); + ssl_names = NULL; + ssl_names_count = 0; +} + +static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) +{ + size_t i, j, cnt; + int rv = 0; + const char *ssl_conf_section; + STACK_OF(CONF_VALUE) *cmd_lists; + + ssl_conf_section = CONF_imodule_get_value(md); + cmd_lists = NCONF_get_section(cnf, ssl_conf_section); + if (sk_CONF_VALUE_num(cmd_lists) <= 0) { + if (cmd_lists == NULL) + CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND); + else + CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY); + ERR_add_error_data(2, "section=", ssl_conf_section); + goto err; + } + cnt = sk_CONF_VALUE_num(cmd_lists); + ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); + ssl_names_count = cnt; + for (i = 0; i < ssl_names_count; i++) { + struct ssl_conf_name_st *ssl_name = ssl_names + i; + CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i); + STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value); + + if (sk_CONF_VALUE_num(cmds) <= 0) { + if (cmds == NULL) + CONFerr(CONF_F_SSL_MODULE_INIT, + CONF_R_SSL_COMMAND_SECTION_NOT_FOUND); + else + CONFerr(CONF_F_SSL_MODULE_INIT, + CONF_R_SSL_COMMAND_SECTION_EMPTY); + ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value); + goto err; + } + ssl_name->name = OPENSSL_strdup(sect->name); + if (ssl_name->name == NULL) + goto err; + cnt = sk_CONF_VALUE_num(cmds); + ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st)); + if (ssl_name->cmds == NULL) + goto err; + ssl_name->cmd_count = cnt; + for (j = 0; j < cnt; j++) { + const char *name; + CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j); + struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j; + + /* Skip any initial dot in name */ + name = strchr(cmd_conf->name, '.'); + if (name != NULL) + name++; + else + name = cmd_conf->name; + cmd->cmd = OPENSSL_strdup(name); + cmd->arg = OPENSSL_strdup(cmd_conf->value); + if (cmd->cmd == NULL || cmd->arg == NULL) + goto err; + } + + } + rv = 1; + err: + if (rv == 0) + ssl_module_free(md); + return rv; +} + +/* + * Returns the set of commands with index |idx| previously searched for via + * conf_ssl_name_find. Also stores the name of the set of commands in |*name| + * and the number of commands in the set in |*cnt|. + */ +const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt) +{ + *name = ssl_names[idx].name; + *cnt = ssl_names[idx].cmd_count; + return ssl_names[idx].cmds; +} + +/* + * Search for the named set of commands given in |name|. On success return the + * index for the command set in |*idx|. + * Returns 1 on success or 0 on failure. + */ +int conf_ssl_name_find(const char *name, size_t *idx) +{ + size_t i; + const struct ssl_conf_name_st *nm; + + if (name == NULL) + return 0; + for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) { + if (strcmp(nm->name, name) == 0) { + *idx = i; + return 1; + } + } + return 0; +} + +/* + * Given a command set |cmd|, return details on the command at index |idx| which + * must be less than the number of commands in the set (as returned by + * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the + * argument is returned in |*arg|. + */ +void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, + char **arg) +{ + *cmdstr = cmd[idx].cmd; + *arg = cmd[idx].arg; +} + +void conf_add_ssl_module(void) +{ + CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free); +} diff --git a/deps/openssl/openssl/crypto/cryptlib.c b/deps/openssl/openssl/crypto/cryptlib.c index d93bcd357b..3b878cd0c2 100644 --- a/deps/openssl/openssl/crypto/cryptlib.c +++ b/deps/openssl/openssl/crypto/cryptlib.c @@ -23,29 +23,97 @@ extern unsigned int OPENSSL_ia32cap_P[4]; # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -#include <stdio.h> + +/* + * Purpose of these minimalistic and character-type-agnostic subroutines + * is to break dependency on MSVCRT (on Windows) and locale. This makes + * OPENSSL_cpuid_setup safe to use as "constructor". "Character-type- + * agnostic" means that they work with either wide or 8-bit characters, + * exploiting the fact that first 127 characters can be simply casted + * between the sets, while the rest would be simply rejected by ossl_is* + * subroutines. + */ +# ifdef _WIN32 +typedef WCHAR variant_char; + +static variant_char *ossl_getenv(const char *name) +{ + /* + * Since we pull only one environment variable, it's simpler to + * to just ignore |name| and use equivalent wide-char L-literal. + * As well as to ignore excessively long values... + */ + static WCHAR value[48]; + DWORD len = GetEnvironmentVariableW(L"OPENSSL_ia32cap", value, 48); + + return (len > 0 && len < 48) ? value : NULL; +} +# else +typedef char variant_char; +# define ossl_getenv getenv +# endif + +static int todigit(variant_char c) +{ + if (c >= '0' && c <= '9') + return c - '0'; + else if (c >= 'A' && c <= 'F') + return c - 'A' + 10; + else if (c >= 'a' && c <= 'f') + return c - 'a' + 10; + + /* return largest base value to make caller terminate the loop */ + return 16; +} + +static uint64_t ossl_strtouint64(const variant_char *str) +{ + uint64_t ret = 0; + unsigned int digit, base = 10; + + if (*str == '0') { + base = 8, str++; + if (*str == 'x' || *str == 'X') + base = 16, str++; + } + + while((digit = todigit(*str++)) < base) + ret = ret * base + digit; + + return ret; +} + +static variant_char *ossl_strchr(const variant_char *str, char srch) +{ variant_char c; + + while((c = *str)) { + if (c == srch) + return (variant_char *)str; + str++; + } + + return NULL; +} + # define OPENSSL_CPUID_SETUP typedef uint64_t IA32CAP; + void OPENSSL_cpuid_setup(void) { static int trigger = 0; IA32CAP OPENSSL_ia32_cpuid(unsigned int *); IA32CAP vec; - char *env; + const variant_char *env; if (trigger) return; trigger = 1; - if ((env = getenv("OPENSSL_ia32cap"))) { + if ((env = ossl_getenv("OPENSSL_ia32cap")) != NULL) { int off = (env[0] == '~') ? 1 : 0; -# if defined(_WIN32) - if (!sscanf(env + off, "%I64i", &vec)) - vec = strtoul(env + off, NULL, 0); -# else - if (!sscanf(env + off, "%lli", (long long *)&vec)) - vec = strtoul(env + off, NULL, 0); -# endif + + vec = ossl_strtouint64(env + off); + if (off) { IA32CAP mask = vec; vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask; @@ -64,15 +132,17 @@ void OPENSSL_cpuid_setup(void) vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); } - if ((env = strchr(env, ':'))) { - unsigned int vecx; + if ((env = ossl_strchr(env, ':')) != NULL) { + IA32CAP vecx; + env++; off = (env[0] == '~') ? 1 : 0; - vecx = strtoul(env + off, NULL, 0); - if (off) - OPENSSL_ia32cap_P[2] &= ~vecx; - else - OPENSSL_ia32cap_P[2] = vecx; + vecx = ossl_strtouint64(env + off); + if (off) { + OPENSSL_ia32cap_P[2] &= ~(unsigned int)vecx; + } else { + OPENSSL_ia32cap_P[2] = (unsigned int)vecx; + } } else { OPENSSL_ia32cap_P[2] = 0; } @@ -128,10 +198,14 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p == NULL) { HANDLE mod = GetModuleHandle(NULL); + FARPROC f; + if (mod != NULL) - _OPENSSL_isservice.f = GetProcAddress(mod, "_OPENSSL_isservice"); - if (_OPENSSL_isservice.p == NULL) + f = GetProcAddress(mod, "_OPENSSL_isservice"); + if (f == NULL) _OPENSSL_isservice.p = (void *)-1; + else + _OPENSSL_isservice.f = f; } if (_OPENSSL_isservice.p != (void *)-1) diff --git a/deps/openssl/openssl/crypto/dh/dh_key.c b/deps/openssl/openssl/crypto/dh/dh_key.c index 58003d7087..b53a063244 100644 --- a/deps/openssl/openssl/crypto/dh/dh_key.c +++ b/deps/openssl/openssl/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/crypto/dh/dh_meth.c b/deps/openssl/openssl/crypto/dh/dh_meth.c index ce6114c133..59c4d7e967 100644 --- a/deps/openssl/openssl/crypto/dh/dh_meth.c +++ b/deps/openssl/openssl/crypto/dh/dh_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -75,7 +75,7 @@ int DH_meth_set1_name(DH_METHOD *dhm, const char *name) return 1; } -int DH_meth_get_flags(DH_METHOD *dhm) +int DH_meth_get_flags(const DH_METHOD *dhm) { return dhm->flags; } diff --git a/deps/openssl/openssl/crypto/dllmain.c b/deps/openssl/openssl/crypto/dllmain.c index 2d96787025..91904aad98 100644 --- a/deps/openssl/openssl/crypto/dllmain.c +++ b/deps/openssl/openssl/crypto/dllmain.c @@ -57,3 +57,4 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) return (TRUE); } #endif + diff --git a/deps/openssl/openssl/crypto/dsa/dsa_err.c b/deps/openssl/openssl/crypto/dsa/dsa_err.c index b8f0af4662..132008803e 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_err.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,7 @@ static ERR_STRING_DATA DSA_str_functs[] = { {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "old_dsa_priv_decode"}, {ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "pkey_dsa_ctrl"}, + {ERR_FUNC(DSA_F_PKEY_DSA_CTRL_STR), "pkey_dsa_ctrl_str"}, {ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "pkey_dsa_keygen"}, {0, NULL} }; diff --git a/deps/openssl/openssl/crypto/dsa/dsa_gen.c b/deps/openssl/openssl/crypto/dsa/dsa_gen.c index e58ad8d70d..46f4f01ee0 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_gen.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -64,9 +64,16 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, /* invalid q size */ return 0; - if (evpmd == NULL) - /* use SHA1 as default */ - evpmd = EVP_sha1(); + if (evpmd == NULL) { + if (qsize == SHA_DIGEST_LENGTH) + evpmd = EVP_sha1(); + else if (qsize == SHA224_DIGEST_LENGTH) + evpmd = EVP_sha224(); + else + evpmd = EVP_sha256(); + } else { + qsize = EVP_MD_size(evpmd); + } if (bits < 512) bits = 512; diff --git a/deps/openssl/openssl/crypto/dsa/dsa_meth.c b/deps/openssl/openssl/crypto/dsa/dsa_meth.c index f0188f2007..04203780c4 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_meth.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -83,7 +83,7 @@ int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name) return 1; } -int DSA_meth_get_flags(DSA_METHOD *dsam) +int DSA_meth_get_flags(const DSA_METHOD *dsam) { return dsam->flags; } diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c index 7f48cf2e33..4aa49f554a 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,19 +61,13 @@ const DSA_METHOD *DSA_OpenSSL(void) static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { BIGNUM *kinv = NULL; - BIGNUM *m; - BIGNUM *xr; + BIGNUM *m, *blind, *blindm, *tmp; BN_CTX *ctx = NULL; int reason = ERR_R_BN_LIB; DSA_SIG *ret = NULL; int rv = 0; - m = BN_new(); - xr = BN_new(); - if (m == NULL || xr == NULL) - goto err; - - if (!dsa->p || !dsa->q || !dsa->g) { + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { reason = DSA_R_MISSING_PARAMETERS; goto err; } @@ -89,6 +83,13 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ctx = BN_CTX_new(); if (ctx == NULL) goto err; + m = BN_CTX_get(ctx); + blind = BN_CTX_get(ctx); + blindm = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + if (tmp == NULL) + goto err; + redo: if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen)) goto err; @@ -103,17 +104,50 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) if (BN_bin2bn(dgst, dlen, m) == NULL) goto err; - /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(xr, dsa->priv_key, ret->r, dsa->q, ctx)) - goto err; /* s = xr */ - if (!BN_add(ret->s, xr, m)) - goto err; /* s = m + xr */ - if (BN_cmp(ret->s, dsa->q) > 0) - if (!BN_sub(ret->s, ret->s, dsa->q)) + /* + * The normal signature calculation is: + * + * s := k^-1 * (m + r * priv_key) mod q + * + * We will blind this to protect against side channel attacks + * + * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q + */ + + /* Generate a blinding value */ + do { + if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, BN_RAND_TOP_ANY, + BN_RAND_BOTTOM_ANY)) goto err; + } while (BN_is_zero(blind)); + BN_set_flags(blind, BN_FLG_CONSTTIME); + BN_set_flags(blindm, BN_FLG_CONSTTIME); + BN_set_flags(tmp, BN_FLG_CONSTTIME); + + /* tmp := blind * priv_key * r mod q */ + if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx)) + goto err; + if (!BN_mod_mul(tmp, tmp, ret->r, dsa->q, ctx)) + goto err; + + /* blindm := blind * m mod q */ + if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx)) + goto err; + + /* s : = (blind * priv_key * r) + (blind * m) mod q */ + if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->q)) + goto err; + + /* s := s * k^-1 mod q */ if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx)) goto err; + /* s:= s * blind^-1 mod q */ + if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL) + goto err; + if (!BN_mod_mul(ret->s, ret->s, blind, dsa->q, ctx)) + goto err; + /* * Redo if r or s is zero as required by FIPS 186-3: this is very * unlikely. @@ -130,8 +164,6 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ret = NULL; } BN_CTX_free(ctx); - BN_clear_free(m); - BN_clear_free(xr); BN_clear_free(kinv); return ret; } diff --git a/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c b/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c index 95f088a5ec..d606316954 100644 --- a/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c +++ b/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -76,13 +76,8 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; - if (dctx->md) { - if (tbslen != (size_t)EVP_MD_size(dctx->md)) - return 0; - } else { - if (tbslen != SHA_DIGEST_LENGTH) - return 0; - } + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + return 0; ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa); @@ -100,13 +95,8 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; - if (dctx->md) { - if (tbslen != (size_t)EVP_MD_size(dctx->md)) - return 0; - } else { - if (tbslen != SHA_DIGEST_LENGTH) - return 0; - } + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + return 0; ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); @@ -187,9 +177,15 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, NULL); } if (strcmp(type, "dsa_paramgen_md") == 0) { + const EVP_MD *md = EVP_get_digestbyname(value); + + if (md == NULL) { + DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE); + return 0; + } return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, - (void *)EVP_get_digestbyname(value)); + (void *)md); } return -2; } diff --git a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c index a4b0cdd95b..e01425bc75 100644 --- a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c +++ b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ # endif # include <dlfcn.h> # define HAVE_DLINFO 1 -# if defined(_AIX) || defined(__CYGWIN__) || \ +# if defined(__CYGWIN__) || \ defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ (defined(__osf__) && !defined(RTLD_NEXT)) || \ (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \ @@ -308,6 +308,76 @@ static int dladdr(void *address, Dl_info *dl) } # endif /* __sgi */ +# ifdef _AIX +/*- + * See IBM's AIX Version 7.2, Technical Reference: + * Base Operating System and Extensions, Volume 1 and 2 + * https://www.ibm.com/support/knowledgecenter/ssw_aix_72/com.ibm.aix.base/technicalreferences.htm + */ +# include <sys/ldr.h> +# include <errno.h> +/* ~ 64 * (sizeof(struct ld_info) + _XOPEN_PATH_MAX + _XOPEN_NAME_MAX) */ +# define DLFCN_LDINFO_SIZE 86976 +typedef struct Dl_info { + const char *dli_fname; +} Dl_info; +/* + * This dladdr()-implementation will also find the ptrgl (Pointer Glue) virtual + * address of a function, which is just located in the DATA segment instead of + * the TEXT segment. + */ +static int dladdr(void *ptr, Dl_info *dl) +{ + uintptr_t addr = (uintptr_t)ptr; + unsigned int found = 0; + struct ld_info *ldinfos, *next_ldi, *this_ldi; + + if ((ldinfos = (struct ld_info *)OPENSSL_malloc(DLFCN_LDINFO_SIZE)) == NULL) { + errno = ENOMEM; + dl->dli_fname = NULL; + return 0; + } + + if ((loadquery(L_GETINFO, (void *)ldinfos, DLFCN_LDINFO_SIZE)) < 0) { + /*- + * Error handling is done through errno and dlerror() reading errno: + * ENOMEM (ldinfos buffer is too small), + * EINVAL (invalid flags), + * EFAULT (invalid ldinfos ptr) + */ + OPENSSL_free((void *)ldinfos); + dl->dli_fname = NULL; + return 0; + } + next_ldi = ldinfos; + + do { + this_ldi = next_ldi; + if (((addr >= (uintptr_t)this_ldi->ldinfo_textorg) + && (addr < ((uintptr_t)this_ldi->ldinfo_textorg + + this_ldi->ldinfo_textsize))) + || ((addr >= (uintptr_t)this_ldi->ldinfo_dataorg) + && (addr < ((uintptr_t)this_ldi->ldinfo_dataorg + + this_ldi->ldinfo_datasize)))) { + found = 1; + /* + * Ignoring the possibility of a member name and just returning + * the path name. See docs: sys/ldr.h, loadquery() and + * dlopen()/RTLD_MEMBER. + */ + if ((dl->dli_fname = + OPENSSL_strdup(this_ldi->ldinfo_filename)) == NULL) + errno = ENOMEM; + } else { + next_ldi = + (struct ld_info *)((uintptr_t)this_ldi + this_ldi->ldinfo_next); + } + } while (this_ldi->ldinfo_next && !found); + OPENSSL_free((void *)ldinfos); + return (found && dl->dli_fname != NULL); +} +# endif /* _AIX */ + static int dlfcn_pathbyaddr(void *addr, char *path, int sz) { # ifdef HAVE_DLINFO @@ -326,12 +396,19 @@ static int dlfcn_pathbyaddr(void *addr, char *path, int sz) if (dladdr(addr, &dli)) { len = (int)strlen(dli.dli_fname); - if (sz <= 0) + if (sz <= 0) { +# ifdef _AIX + OPENSSL_free((void *)dli.dli_fname); +# endif return len + 1; + } if (len >= sz) len = sz - 1; memcpy(path, dli.dli_fname, len); path[len++] = 0; +# ifdef _AIX + OPENSSL_free((void *)dli.dli_fname); +# endif return len; } diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl index 2314b75244..4eb4c68977 100755 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -894,13 +894,13 @@ ecp_nistz256_scatter_w7: .Loop_scatter_w7: ldr $mask,[$inp],#4 subs $index,$index,#1 - strb $mask,[$out,#64*0-1] + strb $mask,[$out,#64*0] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*1-1] + strb $mask,[$out,#64*1] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*2-1] + strb $mask,[$out,#64*2] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*3-1] + strb $mask,[$out,#64*3] add $out,$out,#64*4 bne .Loop_scatter_w7 @@ -1633,7 +1633,7 @@ ___ $code.=<<___; .Ladd_done: add sp,sp,#32*18+16+16 @ +16 means "skip even over saved r0-r3" -#if __ARM_ARCH__>=5 || defined(__thumb__) +#if __ARM_ARCH__>=5 || !defined(__thumb__) ldmia sp!,{r4-r12,pc} #else ldmia sp!,{r4-r12,lr} diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl index d93c4fe957..2a39675bfd 100644 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -660,7 +660,7 @@ __ecp_nistz256_div_by_2: adc $ap,xzr,xzr // zap $ap tst $acc0,#1 // is a even? - csel $acc0,$acc0,$t0,eq // ret = even ? a : a+modulus + csel $acc0,$acc0,$t0,eq // ret = even ? a : a+modulus csel $acc1,$acc1,$t1,eq csel $acc2,$acc2,$t2,eq csel $acc3,$acc3,$t3,eq @@ -1477,21 +1477,21 @@ ecp_nistz256_scatter_w7: prfm pstl1strm,[$out,#4096+64*5] prfm pstl1strm,[$out,#4096+64*6] prfm pstl1strm,[$out,#4096+64*7] - strb w3,[$out,#64*0-1] + strb w3,[$out,#64*0] lsr x3,x3,#8 - strb w3,[$out,#64*1-1] + strb w3,[$out,#64*1] lsr x3,x3,#8 - strb w3,[$out,#64*2-1] + strb w3,[$out,#64*2] lsr x3,x3,#8 - strb w3,[$out,#64*3-1] + strb w3,[$out,#64*3] lsr x3,x3,#8 - strb w3,[$out,#64*4-1] + strb w3,[$out,#64*4] lsr x3,x3,#8 - strb w3,[$out,#64*5-1] + strb w3,[$out,#64*5] lsr x3,x3,#8 - strb w3,[$out,#64*6-1] + strb w3,[$out,#64*6] lsr x3,x3,#8 - strb w3,[$out,#64*7-1] + strb w3,[$out,#64*7] add $out,$out,#64*8 b.ne .Loop_scatter_w7 diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl index 3bdd2cf13f..edd7d01281 100755 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -67,7 +67,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && $addx = ($1>=12); } -if (!$addx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) { +if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) { my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 $avx = ($ver>=3.0) + ($ver>=3.01); $addx = ($ver>=3.03); diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl index ee11069459..0c1af95b13 100755 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1531,13 +1531,13 @@ ecp_nistz256_scatter_w7: ld [$inp],%l0 add $inp,4,$inp subcc $index,1,$index - stb %l0,[$out+64*0-1] + stb %l0,[$out+64*0] srl %l0,8,%l1 - stb %l1,[$out+64*1-1] + stb %l1,[$out+64*1] srl %l0,16,%l2 - stb %l2,[$out+64*2-1] + stb %l2,[$out+64*2] srl %l0,24,%l3 - stb %l3,[$out+64*3-1] + stb %l3,[$out+64*3] bne .Loop_scatter_w7 add $out,64*4,$out @@ -1874,7 +1874,7 @@ $code.=<<___ if ($i<3); ldx [$bp+8*($i+1)],$bi ! bp[$i+1] ___ $code.=<<___; - addcc $acc1,$t0,$acc1 ! accumulate high parts of multiplication + addcc $acc1,$t0,$acc1 ! accumulate high parts of multiplication sllx $acc0,32,$t0 addxccc $acc2,$t1,$acc2 srlx $acc0,32,$t1 diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl index f637c844c4..b3bec23228 100755 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -443,7 +443,7 @@ for(1..37) { &mov (&DWP(20,"esp"),"eax"); &mov (&DWP(24,"esp"),"eax"); &mov (&DWP(28,"esp"),"eax"); - + &call ("_ecp_nistz256_sub"); &stack_pop(8); @@ -1179,7 +1179,7 @@ for ($i=0;$i<7;$i++) { &mov ("esi",&wparam(1)); &mov ("ebp",&wparam(2)); - &lea ("edi",&DWP(-1,"edi","ebp")); + &lea ("edi",&DWP(0,"edi","ebp")); &mov ("ebp",64/4); &set_label("scatter_w7_loop"); &mov ("eax",&DWP(0,"esi")); diff --git a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl index 183137e5f0..714e852a18 100755 --- a/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/deps/openssl/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -3051,8 +3051,8 @@ ___ ######################################################################## # Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 # -open TABLE,"<ecp_nistz256_table.c" or -open TABLE,"<${dir}../ecp_nistz256_table.c" or +open TABLE,"<ecp_nistz256_table.c" or +open TABLE,"<${dir}../ecp_nistz256_table.c" or die "failed to open ecp_nistz256_table.c:",$!; use integer; diff --git a/deps/openssl/openssl/crypto/ec/ec2_smpl.c b/deps/openssl/openssl/crypto/ec/ec2_smpl.c index cfeef5fc74..28b91d5102 100644 --- a/deps/openssl/openssl/crypto/ec/ec2_smpl.c +++ b/deps/openssl/openssl/crypto/ec/ec2_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -330,6 +330,7 @@ int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) if (!BN_copy(dest->Z, src->Z)) return 0; dest->Z_is_one = src->Z_is_one; + dest->curve_name = src->curve_name; return 1; } diff --git a/deps/openssl/openssl/crypto/ec/ec_ameth.c b/deps/openssl/openssl/crypto/ec/ec_ameth.c index b66adf2bbc..f8f1e2c842 100644 --- a/deps/openssl/openssl/crypto/ec/ec_ameth.c +++ b/deps/openssl/openssl/crypto/ec/ec_ameth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,19 +92,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) static EC_KEY *eckey_type2param(int ptype, const void *pval) { EC_KEY *eckey = NULL; + EC_GROUP *group = NULL; + if (ptype == V_ASN1_SEQUENCE) { const ASN1_STRING *pstr = pval; - const unsigned char *pm = NULL; - int pmlen; - pm = pstr->data; - pmlen = pstr->length; + const unsigned char *pm = pstr->data; + int pmlen = pstr->length; + if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } } else if (ptype == V_ASN1_OBJECT) { const ASN1_OBJECT *poid = pval; - EC_GROUP *group; /* * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID @@ -129,6 +129,7 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval) ecerr: EC_KEY_free(eckey); + EC_GROUP_free(group); return NULL; } diff --git a/deps/openssl/openssl/crypto/ec/ec_curve.c b/deps/openssl/openssl/crypto/ec/ec_curve.c index f8a3846fd5..b022528be2 100644 --- a/deps/openssl/openssl/crypto/ec/ec_curve.c +++ b/deps/openssl/openssl/crypto/ec/ec_curve.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -3036,6 +3036,8 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) } #endif + EC_GROUP_set_curve_name(group, curve.nid); + if ((P = EC_POINT_new(group)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -3101,8 +3103,6 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) return NULL; } - EC_GROUP_set_curve_name(ret, nid); - return ret; } diff --git a/deps/openssl/openssl/crypto/ec/ec_lcl.h b/deps/openssl/openssl/crypto/ec/ec_lcl.h index ded35a72a0..d8141704cf 100644 --- a/deps/openssl/openssl/crypto/ec/ec_lcl.h +++ b/deps/openssl/openssl/crypto/ec/ec_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -269,6 +269,8 @@ struct ec_key_st { struct ec_point_st { const EC_METHOD *meth; + /* NID for the curve if known */ + int curve_name; /* * All members except 'meth' are handled by the method functions, even if * they appear generic @@ -281,6 +283,20 @@ struct ec_point_st { * special case */ }; + +static ossl_inline int ec_point_is_compat(const EC_POINT *point, + const EC_GROUP *group) +{ + if (group->meth != point->meth + || (group->curve_name != 0 + && point->curve_name != 0 + && group->curve_name != point->curve_name)) + return 0; + + return 1; +} + + NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *); diff --git a/deps/openssl/openssl/crypto/ec/ec_lib.c b/deps/openssl/openssl/crypto/ec/ec_lib.c index 7cb4bfee28..e256e4e511 100644 --- a/deps/openssl/openssl/crypto/ec/ec_lib.c +++ b/deps/openssl/openssl/crypto/ec/ec_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -140,6 +140,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) if (dest == src) return 1; + dest->curve_name = src->curve_name; + /* Copy precomputed */ dest->pre_comp_type = src->pre_comp_type; switch (src->pre_comp_type) { @@ -202,7 +204,6 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) return 0; } - dest->curve_name = src->curve_name; dest->asn1_flag = src->asn1_flag; dest->asn1_form = src->asn1_form; @@ -563,6 +564,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) } ret->meth = group->meth; + ret->curve_name = group->curve_name; if (!ret->meth->point_init(ret)) { OPENSSL_free(ret); @@ -600,7 +602,10 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (dest->meth != src->meth) { + if (dest->meth != src->meth + || (dest->curve_name != src->curve_name + && dest->curve_name != 0 + && src->curve_name != 0)) { ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -657,7 +662,7 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -676,7 +681,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -694,7 +699,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -720,7 +725,7 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -746,7 +751,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -764,7 +769,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -780,8 +785,8 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if ((group->meth != r->meth) || (r->meth != a->meth) - || (a->meth != b->meth)) { + if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group) + || !ec_point_is_compat(b, group)) { ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -795,7 +800,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if ((group->meth != r->meth) || (r->meth != a->meth)) { + if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)) { ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -808,7 +813,7 @@ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != a->meth) { + if (!ec_point_is_compat(a, group)) { ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -822,7 +827,7 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -843,7 +848,7 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -857,7 +862,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; } - if ((group->meth != a->meth) || (a->meth != b->meth)) { + if (!ec_point_is_compat(a, group) || !ec_point_is_compat(b, group)) { ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); return -1; } @@ -870,7 +875,7 @@ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -887,7 +892,7 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, return 0; } for (i = 0; i < num; i++) { - if (group->meth != points[i]->meth) { + if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/deps/openssl/openssl/crypto/ec/ec_mult.c b/deps/openssl/openssl/crypto/ec/ec_mult.c index b39777fbf2..56c7767772 100644 --- a/deps/openssl/openssl/crypto/ec/ec_mult.c +++ b/deps/openssl/openssl/crypto/ec/ec_mult.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -105,6 +105,224 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) OPENSSL_free(pre); } +#define EC_POINT_BN_set_flags(P, flags) do { \ + BN_set_flags((P)->X, (flags)); \ + BN_set_flags((P)->Y, (flags)); \ + BN_set_flags((P)->Z, (flags)); \ +} while(0) + +/*- + * This functions computes (in constant time) a point multiplication over the + * EC group. + * + * At a high level, it is Montgomery ladder with conditional swaps. + * + * It performs either a fixed scalar point multiplication + * (scalar * generator) + * when point is NULL, or a generic scalar point multiplication + * (scalar * point) + * when point is not NULL. + * + * scalar should be in the range [0,n) otherwise all constant time bets are off. + * + * NB: This says nothing about EC_POINT_add and EC_POINT_dbl, + * which of course are not constant time themselves. + * + * The product is stored in r. + * + * Returns 1 on success, 0 otherwise. + */ +static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx) +{ + int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; + EC_POINT *s = NULL; + BIGNUM *k = NULL; + BIGNUM *lambda = NULL; + BIGNUM *cardinality = NULL; + BN_CTX *new_ctx = NULL; + int ret = 0; + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + + s = EC_POINT_new(group); + if (s == NULL) + goto err; + + if (point == NULL) { + if (!EC_POINT_copy(s, group->generator)) + goto err; + } else { + if (!EC_POINT_copy(s, point)) + goto err; + } + + EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); + + cardinality = BN_CTX_get(ctx); + lambda = BN_CTX_get(ctx); + k = BN_CTX_get(ctx); + if (k == NULL || !BN_mul(cardinality, group->order, group->cofactor, ctx)) + goto err; + + /* + * Group cardinalities are often on a word boundary. + * So when we pad the scalar, some timing diff might + * pop if it needs to be expanded due to carries. + * So expand ahead of time. + */ + cardinality_bits = BN_num_bits(cardinality); + group_top = bn_get_top(cardinality); + if ((bn_wexpand(k, group_top + 1) == NULL) + || (bn_wexpand(lambda, group_top + 1) == NULL)) + goto err; + + if (!BN_copy(k, scalar)) + goto err; + + BN_set_flags(k, BN_FLG_CONSTTIME); + + if ((BN_num_bits(k) > cardinality_bits) || (BN_is_negative(k))) { + /*- + * this is an unusual input, and we don't guarantee + * constant-timeness + */ + if (!BN_nnmod(k, k, cardinality, ctx)) + goto err; + } + + if (!BN_add(lambda, k, cardinality)) + goto err; + BN_set_flags(lambda, BN_FLG_CONSTTIME); + if (!BN_add(k, lambda, cardinality)) + goto err; + /* + * lambda := scalar + cardinality + * k := scalar + 2*cardinality + */ + kbit = BN_is_bit_set(lambda, cardinality_bits); + BN_consttime_swap(kbit, k, lambda, group_top + 1); + + group_top = bn_get_top(group->field); + if ((bn_wexpand(s->X, group_top) == NULL) + || (bn_wexpand(s->Y, group_top) == NULL) + || (bn_wexpand(s->Z, group_top) == NULL) + || (bn_wexpand(r->X, group_top) == NULL) + || (bn_wexpand(r->Y, group_top) == NULL) + || (bn_wexpand(r->Z, group_top) == NULL)) + goto err; + + /* top bit is a 1, in a fixed pos */ + if (!EC_POINT_copy(r, s)) + goto err; + + EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); + + if (!EC_POINT_dbl(group, s, s, ctx)) + goto err; + + pbit = 0; + +#define EC_POINT_CSWAP(c, a, b, w, t) do { \ + BN_consttime_swap(c, (a)->X, (b)->X, w); \ + BN_consttime_swap(c, (a)->Y, (b)->Y, w); \ + BN_consttime_swap(c, (a)->Z, (b)->Z, w); \ + t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \ + (a)->Z_is_one ^= (t); \ + (b)->Z_is_one ^= (t); \ +} while(0) + + /*- + * The ladder step, with branches, is + * + * k[i] == 0: S = add(R, S), R = dbl(R) + * k[i] == 1: R = add(S, R), S = dbl(S) + * + * Swapping R, S conditionally on k[i] leaves you with state + * + * k[i] == 0: T, U = R, S + * k[i] == 1: T, U = S, R + * + * Then perform the ECC ops. + * + * U = add(T, U) + * T = dbl(T) + * + * Which leaves you with state + * + * k[i] == 0: U = add(R, S), T = dbl(R) + * k[i] == 1: U = add(S, R), T = dbl(S) + * + * Swapping T, U conditionally on k[i] leaves you with state + * + * k[i] == 0: R, S = T, U + * k[i] == 1: R, S = U, T + * + * Which leaves you with state + * + * k[i] == 0: S = add(R, S), R = dbl(R) + * k[i] == 1: R = add(S, R), S = dbl(S) + * + * So we get the same logic, but instead of a branch it's a + * conditional swap, followed by ECC ops, then another conditional swap. + * + * Optimization: The end of iteration i and start of i-1 looks like + * + * ... + * CSWAP(k[i], R, S) + * ECC + * CSWAP(k[i], R, S) + * (next iteration) + * CSWAP(k[i-1], R, S) + * ECC + * CSWAP(k[i-1], R, S) + * ... + * + * So instead of two contiguous swaps, you can merge the condition + * bits and do a single swap. + * + * k[i] k[i-1] Outcome + * 0 0 No Swap + * 0 1 Swap + * 1 0 Swap + * 1 1 No Swap + * + * This is XOR. pbit tracks the previous bit of k. + */ + + for (i = cardinality_bits - 1; i >= 0; i--) { + kbit = BN_is_bit_set(k, i) ^ pbit; + EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); + if (!EC_POINT_add(group, s, r, s, ctx)) + goto err; + if (!EC_POINT_dbl(group, r, r, ctx)) + goto err; + /* + * pbit logic merges this cswap with that of the + * next iteration + */ + pbit ^= kbit; + } + /* one final cswap to move the right value into r */ + EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one); +#undef EC_POINT_CSWAP + + ret = 1; + + err: + EC_POINT_free(s); + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + + return ret; +} + +#undef EC_POINT_BN_set_flags + /* * TODO: table should be optimised for the wNAF-based implementation, * sometimes smaller windows will give better performance (thus the @@ -155,7 +373,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * precomputation is not available */ int ret = 0; - if (group->meth != r->meth) { + if (!ec_point_is_compat(r, group)) { ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -164,8 +382,34 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, return EC_POINT_set_to_infinity(group, r); } + /*- + * Handle the common cases where the scalar is secret, enforcing a constant + * time scalar multiplication algorithm. + */ + if ((scalar != NULL) && (num == 0)) { + /*- + * In this case we want to compute scalar * GeneratorPoint: this + * codepath is reached most prominently by (ephemeral) key generation + * of EC cryptosystems (i.e. ECDSA keygen and sign setup, ECDH + * keygen/first half), where the scalar is always secret. This is why + * we ignore if BN_FLG_CONSTTIME is actually set and we always call the + * constant time version. + */ + return ec_mul_consttime(group, r, scalar, NULL, ctx); + } + if ((scalar == NULL) && (num == 1)) { + /*- + * In this case we want to compute scalar * GenericPoint: this codepath + * is reached most prominently by the second half of ECDH, where the + * secret scalar is multiplied by the peer's public point. To protect + * the secret scalar, we ignore if BN_FLG_CONSTTIME is actually set and + * we always call the constant time version. + */ + return ec_mul_consttime(group, r, scalars[0], points[0], ctx); + } + for (i = 0; i < num; i++) { - if (group->meth != points[i]->meth) { + if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/deps/openssl/openssl/crypto/ec/ec_oct.c b/deps/openssl/openssl/crypto/ec/ec_oct.c index effc42a344..e185df6edf 100644 --- a/deps/openssl/openssl/crypto/ec/ec_oct.c +++ b/deps/openssl/openssl/crypto/ec/ec_oct.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,7 +30,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -66,7 +66,7 @@ int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); return 0; @@ -93,7 +93,7 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -123,7 +123,7 @@ int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - if (group->meth != point->meth) { + if (!ec_point_is_compat(point, group)) { ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); return 0; } diff --git a/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c b/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c index 449be0e92a..9e4a68d9ca 100644 --- a/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c +++ b/deps/openssl/openssl/crypto/ec/ecdsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,9 +10,8 @@ #include <string.h> #include <openssl/err.h> #include <openssl/obj_mac.h> -#include <openssl/bn.h> #include <openssl/rand.h> -#include <openssl/ec.h> +#include "internal/bn_int.h" #include "ec_lcl.h" int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, @@ -53,13 +52,12 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, return 0; } - if (ctx_in == NULL) { + if ((ctx = ctx_in) == NULL) { if ((ctx = BN_CTX_new()) == NULL) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); return 0; } - } else - ctx = ctx_in; + } k = BN_new(); /* this value is later returned in *kinvp */ r = BN_new(); /* this value is later returned in *rp */ @@ -73,10 +71,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, goto err; } order = EC_GROUP_get0_order(group); - if (order == NULL) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); - goto err; - } /* Preallocate space */ order_bits = BN_num_bits(order); @@ -87,23 +81,23 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, do { /* get random k */ - do + do { if (dgst != NULL) { - if (!BN_generate_dsa_nonce - (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen, - ctx)) { + if (!BN_generate_dsa_nonce(k, order, + EC_KEY_get0_private_key(eckey), + dgst, dlen, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, - EC_R_RANDOM_NUMBER_GENERATION_FAILED); + EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } else { if (!BN_rand_range(k, order)) { ECerr(EC_F_ECDSA_SIGN_SETUP, - EC_R_RANDOM_NUMBER_GENERATION_FAILED); + EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } - while (BN_is_zero(k)); + } while (BN_is_zero(k)); /* * We do not want timing information to leak the length of k, so we @@ -129,18 +123,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, } if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp - (group, tmp_point, X, NULL, ctx)) { + if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, + NULL, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } } #ifndef OPENSSL_NO_EC2M else { /* NID_X9_62_characteristic_two_field */ - - if (!EC_POINT_get_affine_coordinates_GF2m(group, - tmp_point, X, NULL, - ctx)) { + if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp_point, X, + NULL, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } @@ -150,8 +142,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } - } - while (BN_is_zero(r)); + } while (BN_is_zero(r)); /* compute the inverse of k */ if (EC_GROUP_get_mont_data(group) != NULL) { @@ -210,8 +201,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, EC_KEY *eckey) { int ok = 0, i; - BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *blind = NULL; - BIGNUM *blindm = NULL; + BIGNUM *kinv = NULL, *s, *m = NULL; const BIGNUM *order, *ckinv; BN_CTX *ctx = NULL; const EC_GROUP *group; @@ -244,27 +234,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } s = ret->s; - ctx = BN_CTX_secure_new(); - if (ctx == NULL) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); - goto err; - } - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - m = BN_CTX_get(ctx); - blind = BN_CTX_get(ctx); - blindm = BN_CTX_get(ctx); - if (blindm == NULL) { + if ((ctx = BN_CTX_new()) == NULL + || (m = BN_new()) == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); goto err; } order = EC_GROUP_get0_order(group); - if (order == NULL) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_EC_LIB); - goto err; - } i = BN_num_bits(order); /* * Need to truncate digest if it is too long: first truncate whole bytes. @@ -275,7 +251,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - /* If still too long truncate remaining bits with a shift */ + /* If still too long, truncate remaining bits with a shift */ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; @@ -296,59 +272,27 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } /* - * The normal signature calculation is: - * - * s := k^-1 * (m + r * priv_key) mod order - * - * We will blind this to protect against side channel attacks - * - * s := k^-1 * blind^-1 * (blind * m + blind * r * priv_key) mod order + * With only one multiplicant being in Montgomery domain + * multiplication yields real result without post-conversion. + * Also note that all operations but last are performed with + * zero-padded vectors. Last operation, BN_mod_mul_montgomery + * below, returns user-visible value with removed zero padding. */ - - /* Generate a blinding value */ - do { - if (!BN_rand(blind, BN_num_bits(order) - 1, BN_RAND_TOP_ANY, - BN_RAND_BOTTOM_ANY)) - goto err; - } while (BN_is_zero(blind)); - BN_set_flags(blind, BN_FLG_CONSTTIME); - BN_set_flags(blindm, BN_FLG_CONSTTIME); - BN_set_flags(tmp, BN_FLG_CONSTTIME); - - /* tmp := blind * priv_key * r mod order */ - if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - - /* blindm := blind * m mod order */ - if (!BN_mod_mul(blindm, blind, m, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - - /* s : = (blind * priv_key * r) + (blind * m) mod order */ - if (!BN_mod_add_quick(s, tmp, blindm, order)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - - /* s:= s * blind^-1 mod order */ - if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { + if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx) + || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, blind, order, ctx)) { + if (!bn_mod_add_fixed_top(s, s, m, order)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - - /* s := s * k^-1 mod order */ - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + /* + * |s| can still be larger than modulus, because |m| can be. In + * such case we count on Montgomery reduction to tie it up. + */ + if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx) + || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } @@ -362,11 +306,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES); goto err; } - } else + } else { /* s != 0 => we have a valid signature */ break; - } - while (1); + } + } while (1); ok = 1; err: @@ -374,8 +318,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECDSA_SIG_free(ret); ret = NULL; } - BN_CTX_end(ctx); BN_CTX_free(ctx); + BN_clear_free(m); BN_clear_free(kinv); return ret; } diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c index 246189833e..4dbe216927 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1110,28 +1110,12 @@ __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *gr const P256_POINT_AFFINE *in, BN_CTX *ctx) { - BIGNUM *x, *y; - BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS]; int ret = 0; - x = BN_new(); - if (x == NULL) - return 0; - y = BN_new(); - if (y == NULL) { - BN_free(x); - return 0; - } - memcpy(d_x, in->X, sizeof(d_x)); - bn_set_static_words(x, d_x, P256_LIMBS); - - memcpy(d_y, in->Y, sizeof(d_y)); - bn_set_static_words(y, d_y, P256_LIMBS); - - ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx); - - BN_free(x); - BN_free(y); + if ((ret = bn_set_words(out->X, in->X, P256_LIMBS)) + && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS)) + && (ret = bn_set_words(out->Z, ONE, P256_LIMBS))) + out->Z_is_one = 1; return ret; } @@ -1168,7 +1152,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return 0; } - if (group->meth != r->meth) { + if (!ec_point_is_compat(r, group)) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -1177,7 +1161,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return EC_POINT_set_to_infinity(group, r); for (j = 0; j < num; j++) { - if (group->meth != points[j]->meth) { + if (!ec_point_is_compat(points[j], group)) { ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -1210,9 +1194,9 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, if (pre_comp_generator == NULL) goto err; + ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1); if (!ecp_nistz256_set_from_affine(pre_comp_generator, - group, pre_comp->precomp[0], - ctx)) { + group, &p.a, ctx)) { EC_POINT_free(pre_comp_generator); goto err; } diff --git a/deps/openssl/openssl/crypto/ec/ecp_smpl.c b/deps/openssl/openssl/crypto/ec/ecp_smpl.c index abd3795046..e3b88315fd 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_smpl.c +++ b/deps/openssl/openssl/crypto/ec/ecp_smpl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -352,6 +352,7 @@ int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) if (!BN_copy(dest->Z, src->Z)) return 0; dest->Z_is_one = src->Z_is_one; + dest->curve_name = src->curve_name; return 1; } diff --git a/deps/openssl/openssl/crypto/engine/eng_lib.c b/deps/openssl/openssl/crypto/engine/eng_lib.c index cbefc7eb6c..ef8e995503 100644 --- a/deps/openssl/openssl/crypto/engine/eng_lib.c +++ b/deps/openssl/openssl/crypto/engine/eng_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,8 @@ CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE(do_engine_lock_init) { - OPENSSL_init_crypto(0, NULL); + if (!OPENSSL_init_crypto(0, NULL)) + return 0; global_engine_lock = CRYPTO_THREAD_lock_new(); return global_engine_lock != NULL; } @@ -143,8 +144,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) if (!int_cleanup_check(1)) return; item = int_cleanup_item(cb); - if (item) - sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); + if (item != NULL) { + if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) + OPENSSL_free(item); + } } /* The API function that performs all cleanup */ diff --git a/deps/openssl/openssl/crypto/engine/eng_openssl.c b/deps/openssl/openssl/crypto/engine/eng_openssl.c index 0e53c4d1fd..9208f7eafc 100644 --- a/deps/openssl/openssl/crypto/engine/eng_openssl.c +++ b/deps/openssl/openssl/crypto/engine/eng_openssl.c @@ -649,3 +649,4 @@ int openssl_destroy(ENGINE *e) #endif return 1; } + diff --git a/deps/openssl/openssl/crypto/engine/tb_asnmth.c b/deps/openssl/openssl/crypto/engine/tb_asnmth.c index 480267daab..5c7b161703 100644 --- a/deps/openssl/openssl/crypto/engine/tb_asnmth.c +++ b/deps/openssl/openssl/crypto/engine/tb_asnmth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -170,7 +170,8 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) ENGINE *e = sk_ENGINE_value(sk, i); EVP_PKEY_ASN1_METHOD *ameth; e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (((int)strlen(ameth->pem_str) == lk->len) + if (ameth != NULL + && ((int)strlen(ameth->pem_str) == lk->len) && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { lk->e = e; lk->ameth = ameth; diff --git a/deps/openssl/openssl/crypto/err/err.c b/deps/openssl/openssl/crypto/err/err.c index c4399285fe..08c27a3e83 100644 --- a/deps/openssl/openssl/crypto/err/err.c +++ b/deps/openssl/openssl/crypto/err/err.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -254,7 +254,8 @@ static void ERR_STATE_free(ERR_STATE *s) DEFINE_RUN_ONCE_STATIC(do_err_strings_init) { - OPENSSL_init_crypto(0, NULL); + if (!OPENSSL_init_crypto(0, NULL)) + return 0; err_string_lock = CRYPTO_THREAD_lock_new(); return err_string_lock != NULL; } @@ -653,29 +654,31 @@ DEFINE_RUN_ONCE_STATIC(err_do_init) ERR_STATE *ERR_get_state(void) { - ERR_STATE *state = NULL; + ERR_STATE *state; - if (!RUN_ONCE(&err_init, err_do_init)) + if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) return NULL; - /* - * If base OPENSSL_init_crypto() hasn't been called yet, be sure to call - * it now to avoid state to be doubly allocated and thereby leak memory. - * Needed on any platform that doesn't define OPENSSL_USE_NODELETE. - */ - if (!OPENSSL_init_crypto(0, NULL)) + if (!RUN_ONCE(&err_init, err_do_init)) return NULL; state = CRYPTO_THREAD_get_local(&err_thread_local); + if (state == (ERR_STATE*)-1) + return NULL; if (state == NULL) { - state = OPENSSL_zalloc(sizeof(*state)); - if (state == NULL) + if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) return NULL; + if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) { + CRYPTO_THREAD_set_local(&err_thread_local, NULL); + return NULL; + } + if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE) - || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { + || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { ERR_STATE_free(state); + CRYPTO_THREAD_set_local(&err_thread_local, NULL); return NULL; } @@ -686,13 +689,41 @@ ERR_STATE *ERR_get_state(void) return state; } +/* + * err_shelve_state returns the current thread local error state + * and freezes the error module until err_unshelve_state is called. + */ +int err_shelve_state(void **state) +{ + if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) + return 0; + + if (!RUN_ONCE(&err_init, err_do_init)) + return 0; + + *state = CRYPTO_THREAD_get_local(&err_thread_local); + if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) + return 0; + + return 1; +} + +/* + * err_unshelve_state restores the error state that was returned + * by err_shelve_state previously. + */ +void err_unshelve_state(void* state) +{ + if (state != (void*)-1) + CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)state); +} + int ERR_get_next_error_library(void) { int ret; - if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { + if (!RUN_ONCE(&err_string_init, do_err_strings_init)) return 0; - } CRYPTO_THREAD_write_lock(err_string_lock); ret = int_err_library_number++; diff --git a/deps/openssl/openssl/crypto/evp/cmeth_lib.c b/deps/openssl/openssl/crypto/evp/cmeth_lib.c index 5769e0a554..e2295c4dc5 100644 --- a/deps/openssl/openssl/crypto/evp/cmeth_lib.c +++ b/deps/openssl/openssl/crypto/evp/cmeth_lib.c @@ -148,3 +148,4 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, { return cipher->ctrl; } + diff --git a/deps/openssl/openssl/crypto/evp/evp_err.c b/deps/openssl/openssl/crypto/evp/evp_err.c index c4b163f0ba..3543d44cb4 100644 --- a/deps/openssl/openssl/crypto/evp/evp_err.c +++ b/deps/openssl/openssl/crypto/evp/evp_err.c @@ -70,6 +70,8 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"}, {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"}, {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"}, + {ERR_FUNC(EVP_F_EVP_PKEY_METH_ADD0), "EVP_PKEY_meth_add0"}, + {ERR_FUNC(EVP_F_EVP_PKEY_METH_NEW), "EVP_PKEY_meth_new"}, {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"}, {ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"}, @@ -143,6 +145,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, + {ERR_REASON(EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, {ERR_REASON(EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED), "pkey application asn1 method already registered"}, {ERR_REASON(EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED), diff --git a/deps/openssl/openssl/crypto/evp/pmeth_lib.c b/deps/openssl/openssl/crypto/evp/pmeth_lib.c index 5e650a9db3..f623db3483 100644 --- a/deps/openssl/openssl/crypto/evp/pmeth_lib.c +++ b/deps/openssl/openssl/crypto/evp/pmeth_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -151,8 +151,10 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) EVP_PKEY_METHOD *pmeth; pmeth = OPENSSL_zalloc(sizeof(*pmeth)); - if (pmeth == NULL) + if (pmeth == NULL) { + EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } pmeth->pkey_id = id; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; @@ -238,8 +240,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) } #endif rctx = OPENSSL_malloc(sizeof(*rctx)); - if (rctx == NULL) + if (rctx == NULL) { + EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE); return NULL; + } rctx->pmeth = pctx->pmeth; #ifndef OPENSSL_NO_ENGINE @@ -273,11 +277,15 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) { if (app_pkey_methods == NULL) { app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); - if (app_pkey_methods == NULL) + if (app_pkey_methods == NULL) { + EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE); return 0; + } } - if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) + if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) { + EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE); return 0; + } sk_EVP_PKEY_METHOD_sort(app_pkey_methods); return 1; } @@ -557,26 +565,26 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, pmeth->ctrl_str = ctrl_str; } -void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)) { *pinit = pmeth->init; } -void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, int (**pcopy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)) { *pcopy = pmeth->copy; } -void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, void (**pcleanup) (EVP_PKEY_CTX *ctx)) { *pcleanup = pmeth->cleanup; } -void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, int (**pparamgen_init) (EVP_PKEY_CTX *ctx), int (**pparamgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) @@ -587,7 +595,7 @@ void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, *pparamgen = pmeth->paramgen; } -void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, int (**pkeygen_init) (EVP_PKEY_CTX *ctx), int (**pkeygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) @@ -598,7 +606,7 @@ void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, *pkeygen = pmeth->keygen; } -void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, int (**psign_init) (EVP_PKEY_CTX *ctx), int (**psign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, @@ -611,7 +619,7 @@ void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, *psign = pmeth->sign; } -void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, int (**pverify_init) (EVP_PKEY_CTX *ctx), int (**pverify) (EVP_PKEY_CTX *ctx, const unsigned char *sig, @@ -625,7 +633,7 @@ void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, *pverify = pmeth->verify; } -void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, int (**pverify_recover_init) (EVP_PKEY_CTX *ctx), int (**pverify_recover) (EVP_PKEY_CTX @@ -643,7 +651,7 @@ void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, *pverify_recover = pmeth->verify_recover; } -void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, int (**psignctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**psignctx) (EVP_PKEY_CTX *ctx, @@ -657,7 +665,7 @@ void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, *psignctx = pmeth->signctx; } -void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), int (**pverifyctx) (EVP_PKEY_CTX *ctx, @@ -671,7 +679,7 @@ void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, *pverifyctx = pmeth->verifyctx; } -void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, int (**pencrypt_init) (EVP_PKEY_CTX *ctx), int (**pencryptfn) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -685,7 +693,7 @@ void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, *pencryptfn = pmeth->encrypt; } -void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), int (**pdecrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, @@ -699,7 +707,7 @@ void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, *pdecrypt = pmeth->decrypt; } -void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, int (**pderive_init) (EVP_PKEY_CTX *ctx), int (**pderive) (EVP_PKEY_CTX *ctx, unsigned char *key, @@ -711,7 +719,7 @@ void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, *pderive = pmeth->derive; } -void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, +void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2), int (**pctrl_str) (EVP_PKEY_CTX *ctx, diff --git a/deps/openssl/openssl/crypto/evp/scrypt.c b/deps/openssl/openssl/crypto/evp/scrypt.c index 101bb1edbd..3543df5403 100644 --- a/deps/openssl/openssl/crypto/evp/scrypt.c +++ b/deps/openssl/openssl/crypto/evp/scrypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -171,8 +171,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) return 0; /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ - if (p > SCRYPT_PR_MAX / r) + if (p > SCRYPT_PR_MAX / r) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } /* * Need to check N: if 2^(128 * r / 8) overflows limit this is @@ -180,8 +182,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, */ if (16 * r <= LOG2_UINT64_MAX) { - if (N >= (((uint64_t)1) << (16 * r))) + if (N >= (((uint64_t)1) << (16 * r))) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } } /* Memory checks: check total allocated buffer size fits in uint64_t */ @@ -199,13 +203,17 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, * This is combined size V, X and T (section 4) */ i = UINT64_MAX / (32 * sizeof(uint32_t)); - if (N + 2 > i / r) + if (N + 2 > i / r) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } Vlen = 32 * r * (N + 2) * sizeof(uint32_t); /* check total allocated size fits in uint64_t */ - if (Blen > UINT64_MAX - Vlen) + if (Blen > UINT64_MAX - Vlen) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } /* check total allocated size fits in size_t */ if (Blen > SIZE_MAX - Vlen) return 0; @@ -225,8 +233,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, return 1; B = OPENSSL_malloc(allocsize); - if (B == NULL) + if (B == NULL) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE); return 0; + } X = (uint32_t *)(B + Blen); T = X + 32 * r; V = T + 32 * r; @@ -242,6 +252,9 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, goto err; rv = 1; err: + if (rv == 0) + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR); + OPENSSL_clear_free(B, allocsize); return rv; } diff --git a/deps/openssl/openssl/crypto/ex_data.c b/deps/openssl/openssl/crypto/ex_data.c index 22c4d3d9b9..6e3072f2a9 100644 --- a/deps/openssl/openssl/crypto/ex_data.c +++ b/deps/openssl/openssl/crypto/ex_data.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,8 @@ static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT; DEFINE_RUN_ONCE_STATIC(do_ex_data_init) { - OPENSSL_init_crypto(0, NULL); + if (!OPENSSL_init_crypto(0, NULL)) + return 0; ex_data_lock = CRYPTO_THREAD_lock_new(); return ex_data_lock != NULL; } diff --git a/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H new file mode 100644 index 0000000000..5f63860808 --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_EPILOGUE.H @@ -0,0 +1,16 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is only used by HP C on VMS, and is included automatically + * after each header file from this directory + */ + +/* restore state. Must correspond to the save in __decc_include_prologue.h */ +#pragma names restore diff --git a/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H new file mode 100644 index 0000000000..78b2a87d88 --- /dev/null +++ b/deps/openssl/openssl/crypto/include/internal/__DECC_INCLUDE_PROLOGUE.H @@ -0,0 +1,20 @@ +/* + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This file is only used by HP C on VMS, and is included automatically + * after each header file from this directory + */ + +/* save state */ +#pragma names save +/* have the compiler shorten symbols larger than 31 chars to 23 chars + * followed by a 8 hex char CRC + */ +#pragma names as_is,shortened diff --git a/deps/openssl/openssl/crypto/include/internal/asn1_int.h b/deps/openssl/openssl/crypto/include/internal/asn1_int.h index f70e3b47ba..ba9c062702 100644 --- a/deps/openssl/openssl/crypto/include/internal/asn1_int.h +++ b/deps/openssl/openssl/crypto/include/internal/asn1_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -90,5 +90,3 @@ struct asn1_pctx_st { unsigned long oid_flags; unsigned long str_flags; } /* ASN1_PCTX */ ; - -int asn1_valid_host(const ASN1_STRING *host); diff --git a/deps/openssl/openssl/crypto/include/internal/async.h b/deps/openssl/openssl/crypto/include/internal/async.h index 16a12a6371..dc8e937b0c 100644 --- a/deps/openssl/openssl/crypto/include/internal/async.h +++ b/deps/openssl/openssl/crypto/include/internal/async.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,3 +11,5 @@ int async_init(void); void async_deinit(void); +void async_delete_thread_state(void); + diff --git a/deps/openssl/openssl/crypto/include/internal/bn_conf.h b/deps/openssl/openssl/crypto/include/internal/bn_conf.h deleted file mode 100644 index 79400c6472..0000000000 --- a/deps/openssl/openssl/crypto/include/internal/bn_conf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/bn_conf.h" diff --git a/deps/openssl/openssl/crypto/include/internal/bn_int.h b/deps/openssl/openssl/crypto/include/internal/bn_int.h index 9c984ba781..2fcdd0d13e 100644 --- a/deps/openssl/openssl/crypto/include/internal/bn_int.h +++ b/deps/openssl/openssl/crypto/include/internal/bn_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -53,7 +53,7 @@ BN_ULONG *bn_get_words(const BIGNUM *a); * Set the internal data words in a to point to words which contains size * elements. The BN_FLG_STATIC_DATA flag is set */ -void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); +void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size); /* * Copy words into the BIGNUM |a|, reallocating space as necessary. @@ -64,7 +64,7 @@ void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); * |num_words| is int because bn_expand2 takes an int. This is an internal * function so we simply trust callers not to pass negative values. */ -int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words); +int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); size_t bn_sizeof_BIGNUM(void); @@ -74,6 +74,19 @@ size_t bn_sizeof_BIGNUM(void); */ BIGNUM *bn_array_el(BIGNUM *base, int el); +/* + * Some BIGNUM functions assume most significant limb to be non-zero, which + * is customarily arranged by bn_correct_top. Output from below functions + * is not processed with bn_correct_top, and for this reason it may not be + * returned out of public API. It may only be passed internally into other + * functions known to support non-minimal or zero-padded BIGNUMs. + */ +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); #ifdef __cplusplus } diff --git a/deps/openssl/openssl/crypto/include/internal/cryptlib.h b/deps/openssl/openssl/crypto/include/internal/cryptlib.h index f3ec9b67b8..627fd8caf4 100644 --- a/deps/openssl/openssl/crypto/include/internal/cryptlib.h +++ b/deps/openssl/openssl/crypto/include/internal/cryptlib.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -74,6 +74,8 @@ FILE *openssl_fopen(const char *filename, const char *mode); void *openssl_fopen(const char *filename, const char *mode); # endif +unsigned long OPENSSL_rdtsc(void); + #ifdef __cplusplus } #endif diff --git a/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h b/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h index ab86e1e53d..ceeb63ddd0 100644 --- a/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h +++ b/deps/openssl/openssl/crypto/include/internal/cryptlib_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,9 @@ int ossl_init_thread_start(uint64_t opts); * use". */ # define OPENSSL_INIT_ZLIB 0x00010000L +# define OPENSSL_INIT_BASE_ONLY 0x00040000L /* OPENSSL_INIT_THREAD flags */ # define OPENSSL_INIT_THREAD_ASYNC 0x01 # define OPENSSL_INIT_THREAD_ERR_STATE 0x02 + diff --git a/deps/openssl/openssl/crypto/include/internal/dso_conf.h b/deps/openssl/openssl/crypto/include/internal/dso_conf.h deleted file mode 100644 index e7f2afa987..0000000000 --- a/deps/openssl/openssl/crypto/include/internal/dso_conf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/dso_conf.h" diff --git a/deps/openssl/openssl/crypto/include/internal/err_int.h b/deps/openssl/openssl/crypto/include/internal/err_int.h index 7fec3ed767..44ac944627 100644 --- a/deps/openssl/openssl/crypto/include/internal/err_int.h +++ b/deps/openssl/openssl/crypto/include/internal/err_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,5 +13,7 @@ int err_load_crypto_strings_int(void); void err_cleanup(void); void err_delete_thread_state(void); +int err_shelve_state(void **); +void err_unshelve_state(void *); #endif diff --git a/deps/openssl/openssl/crypto/include/internal/x509_int.h b/deps/openssl/openssl/crypto/include/internal/x509_int.h index 2845026dd8..eb43997704 100644 --- a/deps/openssl/openssl/crypto/include/internal/x509_int.h +++ b/deps/openssl/openssl/crypto/include/internal/x509_int.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -166,6 +166,7 @@ struct x509_st { unsigned char sha1_hash[SHA_DIGEST_LENGTH]; X509_CERT_AUX *aux; CRYPTO_RWLOCK *lock; + volatile int ex_cached; } /* X509 */ ; /* diff --git a/deps/openssl/openssl/crypto/init.c b/deps/openssl/openssl/crypto/init.c index 2d16c41bc6..00a91792d8 100644 --- a/deps/openssl/openssl/crypto/init.c +++ b/deps/openssl/openssl/crypto/init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,11 +27,25 @@ static int stopped = 0; -static void ossl_init_thread_stop(struct thread_local_inits_st *locals); +/* + * Since per-thread-specific-data destructors are not universally + * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key + * is assumed to have destructor associated. And then an effort is made + * to call this single destructor on non-pthread platform[s]. + * + * Initial value is "impossible". It is used as guard value to shortcut + * destructor for threads terminating before libcrypto is initialized or + * after it's de-initialized. Access to the key doesn't have to be + * serialized for the said threads, because they didn't use libcrypto + * and it doesn't matter if they pick "impossible" or derefernce real + * key value and pull NULL past initialization in the first thread that + * intends to use libcrypto. + */ +static CRYPTO_THREAD_LOCAL destructor_key = (CRYPTO_THREAD_LOCAL)-1; -static CRYPTO_THREAD_LOCAL threadstopkey; +static void ossl_init_thread_stop(struct thread_local_inits_st *locals); -static void ossl_init_thread_stop_wrap(void *local) +static void ossl_init_thread_destructor(void *local) { ossl_init_thread_stop((struct thread_local_inits_st *)local); } @@ -39,17 +53,17 @@ static void ossl_init_thread_stop_wrap(void *local) static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc) { struct thread_local_inits_st *local = - CRYPTO_THREAD_get_local(&threadstopkey); + CRYPTO_THREAD_get_local(&destructor_key); - if (local == NULL && alloc) { - local = OPENSSL_zalloc(sizeof(*local)); - if (local != NULL && !CRYPTO_THREAD_set_local(&threadstopkey, local)) { + if (alloc) { + if (local == NULL + && (local = OPENSSL_zalloc(sizeof(*local))) != NULL + && !CRYPTO_THREAD_set_local(&destructor_key, local)) { OPENSSL_free(local); return NULL; } - } - if (!alloc) { - CRYPTO_THREAD_set_local(&threadstopkey, NULL); + } else { + CRYPTO_THREAD_set_local(&destructor_key, NULL); } return local; @@ -68,29 +82,42 @@ static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; static int base_inited = 0; DEFINE_RUN_ONCE_STATIC(ossl_init_base) { + CRYPTO_THREAD_LOCAL key; + #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); #endif - /* - * We use a dummy thread local key here. We use the destructor to detect - * when the thread is going to stop (where that feature is available) - */ - CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap); + if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor)) + return 0; + if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) + goto err; #ifndef OPENSSL_SYS_UEFI - atexit(OPENSSL_cleanup); + if (atexit(OPENSSL_cleanup) != 0) + goto err; #endif - if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) - return 0; OPENSSL_cpuid_setup(); - /* - * BIG FAT WARNING! - * Everything needed to be initialized in this function before threads - * come along MUST happen before base_inited is set to 1, or we will - * see race conditions. - */ + destructor_key = key; base_inited = 1; + return 1; + +err: +#ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n"); +#endif + CRYPTO_THREAD_lock_free(init_lock); + init_lock = NULL; + + CRYPTO_THREAD_cleanup_local(&key); + return 0; +} +static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT; +DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) +{ +#ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n"); +#endif #if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE) # ifdef DSO_WIN32 { @@ -102,6 +129,10 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) | GET_MODULE_HANDLE_EX_FLAG_PIN, (void *)&base_inited, &handle); +# ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n", + (ret == TRUE ? "No!" : "Yes.")); +# endif return (ret == TRUE) ? 1 : 0; } # else @@ -110,12 +141,24 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) * to remain loaded until the atexit() handler is run at process exit. */ { - DSO *dso = NULL; + DSO *dso; + void *err; + + if (!err_shelve_state(&err)) + return 0; - ERR_set_mark(); dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE); +# ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n", + (dso == NULL ? "No!" : "Yes.")); + /* + * In case of No!, it is uncertain our exit()-handlers can still be + * called. After dlclose() the whole library might have been unloaded + * already. + */ +# endif DSO_free(dso); - ERR_pop_to_mark(); + err_unshelve_state(err); } # endif #endif @@ -145,7 +188,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) # endif ret = err_load_crypto_strings_int(); load_crypto_strings_inited = 1; -#endif +#endif return ret; } @@ -335,9 +378,9 @@ static void ossl_init_thread_stop(struct thread_local_inits_st *locals) if (locals->async) { #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " - "ASYNC_cleanup_thread()\n"); + "async_delete_thread_state()\n"); #endif - ASYNC_cleanup_thread(); + async_delete_thread_state(); } if (locals->err_state) { @@ -353,8 +396,8 @@ static void ossl_init_thread_stop(struct thread_local_inits_st *locals) void OPENSSL_thread_stop(void) { - ossl_init_thread_stop( - (struct thread_local_inits_st *)ossl_init_get_thread_local(0)); + if (destructor_key != (CRYPTO_THREAD_LOCAL)-1) + ossl_init_thread_stop(ossl_init_get_thread_local(0)); } int ossl_init_thread_start(uint64_t opts) @@ -391,6 +434,7 @@ int ossl_init_thread_start(uint64_t opts) void OPENSSL_cleanup(void) { OPENSSL_INIT_STOP *currhandler, *lasthandler; + CRYPTO_THREAD_LOCAL key; /* If we've not been inited then no need to deinit */ if (!base_inited) @@ -449,7 +493,9 @@ void OPENSSL_cleanup(void) err_free_strings_int(); } - CRYPTO_THREAD_cleanup_local(&threadstopkey); + key = destructor_key; + destructor_key = (CRYPTO_THREAD_LOCAL)-1; + CRYPTO_THREAD_cleanup_local(&key); #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " @@ -505,22 +551,18 @@ void OPENSSL_cleanup(void) */ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { - static int stoperrset = 0; - if (stopped) { - if (!stoperrset) { - /* - * We only ever set this once to avoid getting into an infinite - * loop where the error system keeps trying to init and fails so - * sets an error etc - */ - stoperrset = 1; + if (!(opts & OPENSSL_INIT_BASE_ONLY)) CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL); - } return 0; } - if (!base_inited && !RUN_ONCE(&base, ossl_init_base)) + if (!RUN_ONCE(&base, ossl_init_base)) + return 0; + + if (!(opts & OPENSSL_INIT_BASE_ONLY) + && !RUN_ONCE(&load_crypto_nodelete, + ossl_init_load_crypto_nodelete)) return 0; if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) @@ -657,6 +699,12 @@ int OPENSSL_atexit(void (*handler)(void)) ERR_set_mark(); dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); +# ifdef OPENSSL_INIT_DEBUG + fprintf(stderr, + "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n", + (dso == NULL ? "No!" : "Yes.")); + /* See same code above in ossl_init_base() for an explanation. */ +# endif DSO_free(dso); ERR_pop_to_mark(); } diff --git a/deps/openssl/openssl/crypto/lhash/lhash.c b/deps/openssl/openssl/crypto/lhash/lhash.c index 7777935182..f48541171c 100644 --- a/deps/openssl/openssl/crypto/lhash/lhash.c +++ b/deps/openssl/openssl/crypto/lhash/lhash.c @@ -49,7 +49,7 @@ OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c) return NULL; if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL) goto err; - if ((ret->retrieve_stats_lock = CRYPTO_THREAD_lock_new()) == NULL) + if ((ret->retrieve_stats_lock = CRYPTO_THREAD_lock_new()) == NULL) goto err; ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c); ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h); diff --git a/deps/openssl/openssl/crypto/lhash/lhash_lcl.h b/deps/openssl/openssl/crypto/lhash/lhash_lcl.h index 64d3134fc1..01d463fb36 100644 --- a/deps/openssl/openssl/crypto/lhash/lhash_lcl.h +++ b/deps/openssl/openssl/crypto/lhash/lhash_lcl.h @@ -21,7 +21,7 @@ struct lhash_st { /* * some stats are updated on lookup, which callers aren't expecting to have * to take an exclusive lock around. This lock protects them on platforms - * without atomics, and their types are int rather than unsigned long below + * without atomics, and their types are int rather than unsigned long below * so they can be adjusted with CRYPTO_atomic_add. */ CRYPTO_RWLOCK *retrieve_stats_lock; diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl index 7d880c94a7..1cf14a6c9f 100644 --- a/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -145,6 +145,8 @@ $code=<<___; .text #if defined(__thumb2__) || defined(__clang__) .syntax unified +#define ldrplb ldrbpl +#define ldrneb ldrbne #endif #if defined(__thumb2__) .thumb @@ -152,11 +154,6 @@ $code=<<___; .code 32 #endif -#ifdef __clang__ -#define ldrplb ldrbpl -#define ldrneb ldrbne -#endif - .type rem_4bit,%object .align 5 rem_4bit: diff --git a/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl b/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl index dcd5f595d2..e13c709019 100644 --- a/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl +++ b/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -64,6 +64,7 @@ my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14)); $code=<<___; #include "arm_arch.h" +#if __ARM_MAX_ARCH__>=7 .text ___ $code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); @@ -351,6 +352,7 @@ ___ $code.=<<___; .asciz "GHASH for ARMv8, CRYPTOGAMS by <appro\@openssl.org>" .align 2 +#endif ___ if ($flavour =~ /64/) { ######## 64-bit code diff --git a/deps/openssl/openssl/crypto/modes/build.info b/deps/openssl/openssl/crypto/modes/build.info index b794c5041a..38195c44a5 100644 --- a/deps/openssl/openssl/crypto/modes/build.info +++ b/deps/openssl/openssl/crypto/modes/build.info @@ -19,8 +19,6 @@ GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl $(PERLASM_SCHEME) INCLUDE[ghash-armv4.o]=.. GENERATE[ghashv8-armx.S]=asm/ghashv8-armx.pl $(PERLASM_SCHEME) INCLUDE[ghashv8-armx.o]=.. -GENERATE[ghash-s390x.S]=asm/ghash-s390x.pl $(PERLASM_SCHEME) -INCLUDE[ghash-s390x.o]=.. BEGINRAW[Makefile] # GNU make "catch all" diff --git a/deps/openssl/openssl/crypto/modes/modes_lcl.h b/deps/openssl/openssl/crypto/modes/modes_lcl.h index 7a1603bf90..4fc32e190f 100644 --- a/deps/openssl/openssl/crypto/modes/modes_lcl.h +++ b/deps/openssl/openssl/crypto/modes/modes_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -174,12 +174,13 @@ struct ocb128_context { OCB_BLOCK l_dollar; OCB_BLOCK *l; /* Must be reset for each session */ - u64 blocks_hashed; - u64 blocks_processed; - OCB_BLOCK tag; - OCB_BLOCK offset_aad; - OCB_BLOCK sum; - OCB_BLOCK offset; - OCB_BLOCK checksum; + struct { + u64 blocks_hashed; + u64 blocks_processed; + OCB_BLOCK offset_aad; + OCB_BLOCK sum; + OCB_BLOCK offset; + OCB_BLOCK checksum; + } sess; }; #endif /* OPENSSL_NO_OCB */ diff --git a/deps/openssl/openssl/crypto/modes/ocb128.c b/deps/openssl/openssl/crypto/modes/ocb128.c index db794d0854..fc92b246bd 100644 --- a/deps/openssl/openssl/crypto/modes/ocb128.c +++ b/deps/openssl/openssl/crypto/modes/ocb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -236,6 +236,9 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, return -1; } + /* Reset nonce-dependent variables */ + memset(&ctx->sess, 0, sizeof(ctx->sess)); + /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */ nonce[0] = ((taglen * 8) % 128) << 1; memset(nonce + 1, 0, 15); @@ -256,10 +259,10 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, /* Offset_0 = Stretch[1+bottom..128+bottom] */ shift = bottom % 8; - ocb_block_lshift(stretch + (bottom / 8), shift, ctx->offset.c); + ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c); mask = 0xff; mask <<= 8 - shift; - ctx->offset.c[15] |= + ctx->sess.offset.c[15] |= (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift); return 1; @@ -278,25 +281,25 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, /* Calculate the number of blocks of AAD provided now, and so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_hashed; + all_num_blocks = num_blocks + ctx->sess.blocks_hashed; /* Loop through all full blocks of AAD */ - for (i = ctx->blocks_hashed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_hashed + 1; i <= all_num_blocks; i++) { OCB_BLOCK *lookup; /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset_aad, lookup, &ctx->offset_aad); + ocb_block16_xor(&ctx->sess.offset_aad, lookup, &ctx->sess.offset_aad); memcpy(tmp.c, aad, 16); aad += 16; /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ - ocb_block16_xor(&ctx->offset_aad, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp); ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sum, &ctx->sum); + ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum); } /* @@ -307,20 +310,21 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, if (last_len > 0) { /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset_aad, &ctx->l_star, &ctx->offset_aad); + ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star, + &ctx->sess.offset_aad); /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ memset(tmp.c, 0, 16); memcpy(tmp.c, aad, last_len); tmp.c[last_len] = 0x80; - ocb_block16_xor(&ctx->offset_aad, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp); /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sum, &ctx->sum); + ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum); } - ctx->blocks_hashed = all_num_blocks; + ctx->sess.blocks_hashed = all_num_blocks; return 1; } @@ -341,7 +345,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, * so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_processed; + all_num_blocks = num_blocks + ctx->sess.blocks_processed; if (num_blocks && all_num_blocks == (size_t)all_num_blocks && ctx->stream != NULL) { @@ -357,11 +361,11 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, return 0; ctx->stream(in, out, num_blocks, ctx->keyenc, - (size_t)ctx->blocks_processed + 1, ctx->offset.c, - (const unsigned char (*)[16])ctx->l, ctx->checksum.c); + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); } else { /* Loop through all full blocks to be encrypted */ - for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { OCB_BLOCK *lookup; OCB_BLOCK tmp; @@ -369,18 +373,18 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset); memcpy(tmp.c, in, 16); in += 16; /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor(&tmp, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum); /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); memcpy(out, tmp.c, 16); out += 16; @@ -397,10 +401,10 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, OCB_BLOCK pad; /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset); /* Pad = ENCIPHER(K, Offset_*) */ - ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); + ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc); /* C_* = P_* xor Pad[1..bitlen(P_*)] */ ocb_block_xor(in, pad.c, last_len, out); @@ -409,10 +413,10 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, memset(pad.c, 0, 16); /* borrow pad */ memcpy(pad.c, in, last_len); pad.c[last_len] = 0x80; - ocb_block16_xor(&pad, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); } - ctx->blocks_processed = all_num_blocks; + ctx->sess.blocks_processed = all_num_blocks; return 1; } @@ -433,7 +437,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, * so far */ num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->blocks_processed; + all_num_blocks = num_blocks + ctx->sess.blocks_processed; if (num_blocks && all_num_blocks == (size_t)all_num_blocks && ctx->stream != NULL) { @@ -449,30 +453,30 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, return 0; ctx->stream(in, out, num_blocks, ctx->keydec, - (size_t)ctx->blocks_processed + 1, ctx->offset.c, - (const unsigned char (*)[16])ctx->l, ctx->checksum.c); + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); } else { OCB_BLOCK tmp; /* Loop through all full blocks to be decrypted */ - for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { + for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i)); if (lookup == NULL) return 0; - ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset); memcpy(tmp.c, in, 16); in += 16; /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); ctx->decrypt(tmp.c, tmp.c, ctx->keydec); - ocb_block16_xor(&ctx->offset, &tmp, &tmp); + ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor(&tmp, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum); memcpy(out, tmp.c, 16); out += 16; @@ -489,10 +493,10 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, OCB_BLOCK pad; /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); + ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset); /* Pad = ENCIPHER(K, Offset_*) */ - ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); + ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc); /* P_* = C_* xor Pad[1..bitlen(C_*)] */ ocb_block_xor(in, pad.c, last_len, out); @@ -501,39 +505,46 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, memset(pad.c, 0, 16); /* borrow pad */ memcpy(pad.c, out, last_len); pad.c[last_len] = 0x80; - ocb_block16_xor(&pad, &ctx->checksum, &ctx->checksum); + ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); } - ctx->blocks_processed = all_num_blocks; + ctx->sess.blocks_processed = all_num_blocks; return 1; } -/* - * Calculate the tag and verify it against the supplied tag - */ -int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, - size_t len) +static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len, + int write) { OCB_BLOCK tmp; + if (len > 16 || len < 1) { + return -1; + } + /* * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */ - ocb_block16_xor(&ctx->checksum, &ctx->offset, &tmp); + ocb_block16_xor(&ctx->sess.checksum, &ctx->sess.offset, &tmp); ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp); ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sum, &ctx->tag); + ocb_block16_xor(&tmp, &ctx->sess.sum, &tmp); - if (len > 16 || len < 1) { - return -1; + if (write) { + memcpy(tag, &tmp, len); + return 1; + } else { + return CRYPTO_memcmp(&tmp, tag, len); } +} - /* Compare the tag if we've been given one */ - if (tag) - return CRYPTO_memcmp(&ctx->tag, tag, len); - else - return -1; +/* + * Calculate the tag and verify it against the supplied tag + */ +int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, + size_t len) +{ + return ocb_finish(ctx, (unsigned char*)tag, len, 0); } /* @@ -541,17 +552,7 @@ int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, */ int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len) { - if (len > 16 || len < 1) { - return -1; - } - - /* Calculate the tag */ - CRYPTO_ocb128_finish(ctx, NULL, 0); - - /* Copy the tag into the supplied buffer */ - memcpy(tag, ctx->tag.c, len); - - return 1; + return ocb_finish(ctx, tag, len, 1); } /* diff --git a/deps/openssl/openssl/crypto/o_fopen.c b/deps/openssl/openssl/crypto/o_fopen.c index a3a006574d..bfd5af1151 100644 --- a/deps/openssl/openssl/crypto/o_fopen.c +++ b/deps/openssl/openssl/crypto/o_fopen.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,24 @@ * https://www.openssl.org/source/license.html */ +# if defined(__linux) || defined(__sun) || defined(__hpux) +/* + * Following definition aliases fopen to fopen64 on above mentioned + * platforms. This makes it possible to open and sequentially access files + * larger than 2GB from 32-bit application. It does not allow to traverse + * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit + * platform permits that, not with fseek/ftell. Not to mention that breaking + * 2GB limit for seeking would require surgery to *our* API. But sequential + * access suffices for practical cases when you can run into large files, + * such as fingerprinting, so we can let API alone. For reference, the list + * of 32-bit platforms which allow for sequential access of large files + * without extra "magic" comprise *BSD, Darwin, IRIX... + */ +# ifndef _FILE_OFFSET_BITS +# define _FILE_OFFSET_BITS 64 +# endif +# endif + #include "internal/cryptlib.h" #if !defined(OPENSSL_NO_STDIO) diff --git a/deps/openssl/openssl/crypto/o_time.c b/deps/openssl/openssl/crypto/o_time.c index b2fb38a541..6d764f55e2 100644 --- a/deps/openssl/openssl/crypto/o_time.c +++ b/deps/openssl/openssl/crypto/o_time.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,6 +41,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; +#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 + if (gmtime_s(result, timer)) + return NULL; + ts = result; #else ts = gmtime(timer); if (ts == NULL) diff --git a/deps/openssl/openssl/crypto/objects/o_names.c b/deps/openssl/openssl/crypto/objects/o_names.c index e06d5439f2..15fe653d09 100644 --- a/deps/openssl/openssl/crypto/objects/o_names.c +++ b/deps/openssl/openssl/crypto/objects/o_names.c @@ -202,7 +202,7 @@ const char *OBJ_NAME_get(const char *name, int type) } } - CRYPTO_THREAD_unlock(lock); + CRYPTO_THREAD_unlock(lock); return value; } @@ -212,7 +212,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) int alias, ok = 0; if (!OBJ_NAME_init()) - return 0; + return 0; CRYPTO_THREAD_write_lock(lock); diff --git a/deps/openssl/openssl/crypto/objects/objects.txt b/deps/openssl/openssl/crypto/objects/objects.txt index f1da8071ad..fc0781d1c9 100644 --- a/deps/openssl/openssl/crypto/objects/objects.txt +++ b/deps/openssl/openssl/crypto/objects/objects.txt @@ -1482,3 +1482,4 @@ id-pkinit 5 : pkInitKDC : Signing KDC Response : AuthGOST12 : auth-gost12 : AuthSRP : auth-srp : AuthNULL : auth-null + diff --git a/deps/openssl/openssl/crypto/pem/pem_lib.c b/deps/openssl/openssl/crypto/pem/pem_lib.c index e9202f44ae..6f06c5291f 100644 --- a/deps/openssl/openssl/crypto/pem/pem_lib.c +++ b/deps/openssl/openssl/crypto/pem/pem_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,23 +28,23 @@ static int load_iv(char **fromp, unsigned char *to, int num); static int check_pem(const char *nm, const char *name); int pem_check_suffix(const char *pem_str, const char *suffix); -int PEM_def_callback(char *buf, int num, int w, void *key) +int PEM_def_callback(char *buf, int num, int rwflag, void *userdata) { -#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI) int i; -#else - int i, j; +#ifndef OPENSSL_NO_UI + int min_len; const char *prompt; #endif - if (key) { - i = strlen(key); + /* We assume that the user passes a default password as userdata */ + if (userdata) { + i = strlen(userdata); i = (i > num) ? num : i; - memcpy(buf, key, i); + memcpy(buf, userdata, i); return i; } -#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI) +#ifdef OPENSSL_NO_UI PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; #else @@ -52,28 +52,22 @@ int PEM_def_callback(char *buf, int num, int w, void *key) if (prompt == NULL) prompt = "Enter PEM pass phrase:"; - for (;;) { - /* - * We assume that w == 0 means decryption, - * while w == 1 means encryption - */ - int min_len = w ? MIN_LENGTH : 0; + /* + * rwflag == 0 means decryption + * rwflag == 1 means encryption + * + * We assume that for encryption, we want a minimum length, while for + * decryption, we cannot know any minimum length, so we assume zero. + */ + min_len = rwflag ? MIN_LENGTH : 0; - i = EVP_read_pw_string_min(buf, min_len, num, prompt, w); - if (i != 0) { - PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); - memset(buf, 0, (unsigned int)num); - return -1; - } - j = strlen(buf); - if (min_len && j < min_len) { - fprintf(stderr, - "phrase is too short, needs to be at least %d chars\n", - min_len); - } else - break; + i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag); + if (i != 0) { + PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); + memset(buf, 0, (unsigned int)num); + return -1; } - return j; + return strlen(buf); #endif } @@ -414,7 +408,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else keylen = callback(buf, PEM_BUFSIZE, 0, u); - if (keylen <= 0) { + if (keylen < 0) { PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); return 0; } @@ -472,6 +466,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) char *dekinfostart, c; cipher->cipher = NULL; + memset(cipher->iv, 0, sizeof(cipher->iv)); if ((header == NULL) || (*header == '\0') || (*header == '\n')) return 1; diff --git a/deps/openssl/openssl/crypto/pem/pem_pk8.c b/deps/openssl/openssl/crypto/pem/pem_pk8.c index 5caad9faab..a8363b39b9 100644 --- a/deps/openssl/openssl/crypto/pem/pem_pk8.c +++ b/deps/openssl/openssl/crypto/pem/pem_pk8.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -124,7 +124,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); return NULL; diff --git a/deps/openssl/openssl/crypto/pem/pem_pkey.c b/deps/openssl/openssl/crypto/pem/pem_pkey.c index 671b374f36..7dadc1391c 100644 --- a/deps/openssl/openssl/crypto/pem/pem_pkey.c +++ b/deps/openssl/openssl/crypto/pem/pem_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -59,7 +59,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, klen = cb(psbuf, PEM_BUFSIZE, 0, u); else klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen <= 0) { + if (klen < 0) { PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); goto err; diff --git a/deps/openssl/openssl/crypto/pem/pvkfmt.c b/deps/openssl/openssl/crypto/pem/pvkfmt.c index d0a423957c..63ce925963 100644 --- a/deps/openssl/openssl/crypto/pem/pvkfmt.c +++ b/deps/openssl/openssl/crypto/pem/pvkfmt.c @@ -685,7 +685,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, inlen = cb(psbuf, PEM_BUFSIZE, 0, u); else inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (inlen <= 0) { + if (inlen < 0) { PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ); goto err; } diff --git a/deps/openssl/openssl/crypto/perlasm/README b/deps/openssl/openssl/crypto/perlasm/README index 15f139d354..e90bd8e014 100644 --- a/deps/openssl/openssl/crypto/perlasm/README +++ b/deps/openssl/openssl/crypto/perlasm/README @@ -61,7 +61,7 @@ So a very simple version of this function could be coded as push(@INC,"perlasm","../../perlasm"); require "x86asm.pl"; - + &asm_init($ARGV[0],"cacl.pl"); &external_label("other"); @@ -121,3 +121,4 @@ void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length, &cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1); &cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5); + diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_asn.c b/deps/openssl/openssl/crypto/pkcs12/p12_asn.c index f2bfe32ebd..422dfc398f 100644 --- a/deps/openssl/openssl/crypto/pkcs12/p12_asn.c +++ b/deps/openssl/openssl/crypto/pkcs12/p12_asn.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -51,7 +51,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ ASN1_ADB(PKCS12_SAFEBAG) = { ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), - ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), + ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv4.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv4.pl index fc899ced86..5cdb6be059 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv4.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -186,6 +186,7 @@ $code.=<<___; .type poly1305_blocks,%function .align 5 poly1305_blocks: +.Lpoly1305_blocks: stmdb sp!,{r3-r11,lr} ands $len,$len,#-16 @@ -677,7 +678,7 @@ poly1305_blocks_neon: cmp $len,#64 bhs .Lenter_neon tst ip,ip @ is_base2_26? - beq poly1305_blocks + beq .Lpoly1305_blocks .Lenter_neon: stmdb sp!,{r4-r7} diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl index 024696a599..d2b3e90d93 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-mips.pl @@ -422,3 +422,4 @@ ___ $output=pop and open STDOUT,">$output"; print $code; close STDOUT; + diff --git a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl index ab24dfcfad..93179e37d5 100755 --- a/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl +++ b/deps/openssl/openssl/crypto/poly1305/asm/poly1305-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ if ($sse2) { $avx = ($1>=2.09) + ($1>=2.10); } - if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { + if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } } diff --git a/deps/openssl/openssl/crypto/poly1305/build.info b/deps/openssl/openssl/crypto/poly1305/build.info index f90ce2b950..d575f5a63e 100644 --- a/deps/openssl/openssl/crypto/poly1305/build.info +++ b/deps/openssl/openssl/crypto/poly1305/build.info @@ -13,8 +13,6 @@ INCLUDE[poly1305-armv4.o]=.. GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl $(PERLASM_SCHEME) INCLUDE[poly1305-armv8.o]=.. GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl $(PERLASM_SCHEME) -GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl $(PERLASM_SCHEME) -INCLUDE[poly1305-s390x.o]=.. BEGINRAW[Makefile(unix)] {- $builddir -}/poly1305-%.S: {- $sourcedir -}/asm/poly1305-%.pl diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl index 1354d18214..184922c128 100644 --- a/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl +++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-c64xplus.pl @@ -89,7 +89,7 @@ _RC4: || NOP 5 STB $XX,*${KEYA}[-2] ; key->x || SUB4 $YY,$TX,$YY -|| BNOP B3 +|| BNOP B3 STB $YY,*${KEYB}[-1] ; key->y || NOP 5 .endasmfunc diff --git a/deps/openssl/openssl/crypto/rc4/build.info b/deps/openssl/openssl/crypto/rc4/build.info index 000fd6bc0d..8659526d71 100644 --- a/deps/openssl/openssl/crypto/rc4/build.info +++ b/deps/openssl/openssl/crypto/rc4/build.info @@ -10,8 +10,6 @@ GENERATE[rc4-md5-x86_64.s]=asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME) GENERATE[rc4-parisc.s]=asm/rc4-parisc.pl $(PERLASM_SCHEME) -GENERATE[rc4-s390x.s]=asm/rc4-s390x.pl $(PERLASM_SCHEME) - BEGINRAW[makefile(windows)] {- $builddir -}\rc4-ia64.asm: {- $sourcedir -}\asm\rc4-ia64.pl $(PERL) {- $sourcedir -}\asm\rc4-ia64.pl $@.S diff --git a/deps/openssl/openssl/crypto/rsa/rsa_gen.c b/deps/openssl/openssl/crypto/rsa/rsa_gen.c index 9af43e0586..79f77e3eaf 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_gen.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_gen.c @@ -89,6 +89,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (BN_copy(rsa->e, e_value) == NULL) goto err; + BN_set_flags(rsa->p, BN_FLG_CONSTTIME); + BN_set_flags(rsa->q, BN_FLG_CONSTTIME); BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { diff --git a/deps/openssl/openssl/crypto/rsa/rsa_meth.c b/deps/openssl/openssl/crypto/rsa/rsa_meth.c index be84923b34..83de5540d0 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_meth.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -75,7 +75,7 @@ int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) return 1; } -int RSA_meth_get_flags(RSA_METHOD *meth) +int RSA_meth_get_flags(const RSA_METHOD *meth) { return meth->flags; } @@ -270,3 +270,4 @@ int RSA_meth_set_keygen(RSA_METHOD *meth, meth->rsa_keygen = keygen; return 1; } + diff --git a/deps/openssl/openssl/crypto/rsa/rsa_oaep.c b/deps/openssl/openssl/crypto/rsa/rsa_oaep.c index 4878d495fe..f3135198a3 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_oaep.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_oaep.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -155,32 +155,40 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, dblen = num - mdlen - 1; db = OPENSSL_malloc(dblen); - em = OPENSSL_malloc(num); - if (db == NULL || em == NULL) { + if (db == NULL) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE); goto cleanup; } - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel - * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. - */ - memset(em, 0, num); - memcpy(em + num - flen, from, flen); + if (flen != num) { + em = OPENSSL_zalloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, + ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad, but if it doesn't, we do this zero-padding copy + * to avoid leaking that information. The copy still leaks some + * side-channel information, but it's impossible to have a fixed + * memory access pattern since we can't read out of the bounds of + * |from|. + */ + memcpy(em + num - flen, from, flen); + from = em; + } /* * The first byte must be zero, however we must not leak if this is * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). */ - good = constant_time_is_zero(em[0]); + good = constant_time_is_zero(from[0]); - maskedseed = em + 1; - maskeddb = em + 1 + mdlen; + maskedseed = from + 1; + maskeddb = from + 1 + mdlen; if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) goto cleanup; diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ossl.c b/deps/openssl/openssl/crypto/rsa/rsa_ossl.c index 62a88959fa..36c4e42a0f 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_ossl.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_ossl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -62,7 +62,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret; - int i, j, k, num = 0, r = -1; + int i, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -136,15 +136,10 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, goto err; /* - * put in leading 0 bytes if the number is less than the length of the - * modulus + * BN_bn2binpad puts in leading 0 bytes if the number is less than + * the length of the modulus. */ - j = BN_num_bytes(ret); - i = BN_bn2bin(ret, &(to[num - j])); - for (k = 0; k < (num - i); k++) - to[k] = 0; - - r = num; + r = BN_bn2binpad(ret, to, num); err: if (ctx != NULL) BN_CTX_end(ctx); @@ -233,7 +228,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret, *res; - int i, j, k, num = 0, r = -1; + int i, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; @@ -337,7 +332,8 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, goto err; if (padding == RSA_X931_PADDING) { - BN_sub(f, rsa->n, ret); + if (!BN_sub(f, rsa->n, ret)) + goto err; if (BN_cmp(ret, f) > 0) res = f; else @@ -346,15 +342,10 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, res = ret; /* - * put in leading 0 bytes if the number is less than the length of the - * modulus + * BN_bn2binpad puts in leading 0 bytes if the number is less than + * the length of the modulus. */ - j = BN_num_bytes(res); - i = BN_bn2bin(res, &(to[num - j])); - for (k = 0; k < (num - i); k++) - to[k] = 0; - - r = num; + r = BN_bn2binpad(res, to, num); err: if (ctx != NULL) BN_CTX_end(ctx); @@ -368,7 +359,6 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, { BIGNUM *f, *ret; int j, num = 0, r = -1; - unsigned char *p; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; @@ -463,8 +453,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) goto err; - p = buf; - j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ + j = BN_bn2binpad(ret, buf, num); switch (padding) { case RSA_PKCS1_PADDING: @@ -477,7 +466,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, r = RSA_padding_check_SSLv23(to, num, buf, j, num); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, buf, j, num); + memcpy(to, buf, (r = j)); break; default: RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); @@ -500,7 +489,6 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, { BIGNUM *f, *ret; int i, num = 0, r = -1; - unsigned char *p; unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -565,8 +553,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, if (!BN_sub(ret, rsa->n, ret)) goto err; - p = buf; - i = BN_bn2bin(ret, p); + i = BN_bn2binpad(ret, buf, num); switch (padding) { case RSA_PKCS1_PADDING: @@ -576,7 +563,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, r = RSA_padding_check_X931(to, num, buf, i, num); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, buf, i, num); + memcpy(to, buf, (r = i)); break; default: RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pk1.c b/deps/openssl/openssl/crypto/rsa/rsa_pk1.c index aeeb32c2dc..63d6c3a3b8 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_pk1.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_pk1.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -175,27 +175,30 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, if (num < 11) goto err; - em = OPENSSL_zalloc(num); - if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); - return -1; + if (flen != num) { + em = OPENSSL_zalloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; + } + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad, but if it doesn't, we do this zero-padding copy + * to avoid leaking that information. The copy still leaks some + * side-channel information, but it's impossible to have a fixed + * memory access pattern since we can't read out of the bounds of + * |from|. + */ + memcpy(em + num - flen, from, flen); + from = em; } - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel - * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. - */ - memcpy(em + num - flen, from, flen); - good = constant_time_is_zero(em[0]); - good &= constant_time_eq(em[1], 2); + good = constant_time_is_zero(from[0]); + good &= constant_time_eq(from[1], 2); found_zero_byte = 0; for (i = 2; i < num; i++) { - unsigned int equals0 = constant_time_is_zero(em[i]); + unsigned int equals0 = constant_time_is_zero(from[i]); zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index); @@ -203,7 +206,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, } /* - * PS must be at least 8 bytes long, and it starts two bytes into |em|. + * PS must be at least 8 bytes long, and it starts two bytes into |from|. * If we never found a 0-byte, then |zero_index| is 0 and the check * also fails. */ @@ -232,7 +235,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, goto err; } - memcpy(to, em + msg_index, mlen); + memcpy(to, from + msg_index, mlen); err: OPENSSL_clear_free(em, num); diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ssl.c b/deps/openssl/openssl/crypto/rsa/rsa_ssl.c index 9ef6b80ea8..77b28b46f2 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_ssl.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_ssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,6 +63,14 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return (-1); } + /* Accept even zero-padded input */ + if (flen == num) { + if (*(p++) != 0) { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); + return -1; + } + flen--; + } if ((num != (flen + 1)) || (*(p++) != 02)) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); return (-1); diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl index 5adca23404..cf34b2c293 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -141,7 +141,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && `ml 2>&1` =~ /Version ([0-9]+)\./ && $1>=10); # first version supporting AVX -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ && +$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0); # first version supporting AVX $shaext=$xmm; ### set to zero if compiling for 1.0.1 diff --git a/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl index 6af1d84beb..72ee0c7b83 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -93,7 +93,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" && $avx = ($1>=10) + ($1>=11); } -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) { +if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) { $avx = ($2>=3.0) + ($2>3.0); } diff --git a/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl b/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl index 55d30cba3a..edcfc31278 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -254,7 +254,7 @@ for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } $code.=".Lrounds_16_xx:\n"; for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } $code.=<<___; -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ ite eq @ Thumb2 thing, sanity check in ARM #endif ldreq $t3,[sp,#16*4] @ pull ctx diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-armv4.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-armv4.pl index 22b5a9d0b1..0b4c5674d9 100644 --- a/deps/openssl/openssl/crypto/sha/asm/sha512-armv4.pl +++ b/deps/openssl/openssl/crypto/sha/asm/sha512-armv4.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -157,7 +157,7 @@ $code.=<<___; teq $t0,#$magic ldr $t3,[sp,#$Coff+0] @ c.lo -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ it eq @ Thumb2 thing, sanity check in ARM #endif orreq $Ktbl,$Ktbl,#1 @@ -411,7 +411,7 @@ $code.=<<___; ___ &BODY_00_15(0x17); $code.=<<___; -#if __ARM_ARCH__>=7 +#ifdef __thumb2__ ittt eq @ Thumb2 thing, sanity check in ARM #endif ldreq $t0,[sp,#`$Xoff+8*(16-1)`+0] diff --git a/deps/openssl/openssl/crypto/sha/build.info b/deps/openssl/openssl/crypto/sha/build.info index 2a00988786..5843e50894 100644 --- a/deps/openssl/openssl/crypto/sha/build.info +++ b/deps/openssl/openssl/crypto/sha/build.info @@ -56,13 +56,6 @@ INCLUDE[sha256-armv8.o]=.. GENERATE[sha512-armv8.S]=asm/sha512-armv8.pl $(PERLASM_SCHEME) INCLUDE[sha512-armv8.o]=.. -GENERATE[sha1-s390x.S]=asm/sha1-s390x.pl $(PERLASM_SCHEME) -INCLUDE[sha1-s390x.o]=.. -GENERATE[sha256-s390x.S]=asm/sha512-s390x.pl $(PERLASM_SCHEME) -INCLUDE[sha256-s390x.o]=.. -GENERATE[sha512-s390x.S]=asm/sha512-s390x.pl $(PERLASM_SCHEME) -INCLUDE[sha512-s390x.o]=.. - BEGINRAW[Makefile(unix)] ##### SHA assembler implementations diff --git a/deps/openssl/openssl/crypto/threads_win.c b/deps/openssl/openssl/crypto/threads_win.c index 4e0de908ee..27334e13f3 100644 --- a/deps/openssl/openssl/crypto/threads_win.c +++ b/deps/openssl/openssl/crypto/threads_win.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,7 +98,26 @@ int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) { - return TlsGetValue(*key); + DWORD last_error; + void *ret; + + /* + * TlsGetValue clears the last error even on success, so that callers may + * distinguish it successfully returning NULL or failing. It is documented + * to never fail if the argument is a valid index from TlsAlloc, so we do + * not need to handle this. + * + * However, this error-mangling behavior interferes with the caller's use of + * GetLastError. In particular SSL_get_error queries the error queue to + * determine whether the caller should look at the OS's errors. To avoid + * destroying state, save and restore the Windows error. + * + * https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx + */ + last_error = GetLastError(); + ret = TlsGetValue(*key); + SetLastError(last_error); + return ret; } int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) diff --git a/deps/openssl/openssl/crypto/ts/ts_lib.c b/deps/openssl/openssl/crypto/ts/ts_lib.c index de36e0e084..ce2e12c593 100644 --- a/deps/openssl/openssl/crypto/ts/ts_lib.c +++ b/deps/openssl/openssl/crypto/ts/ts_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,10 +22,9 @@ int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) int result = 0; char *hex; - num_bn = BN_new(); + num_bn = ASN1_INTEGER_to_BN(num, NULL); if (num_bn == NULL) return -1; - ASN1_INTEGER_to_BN(num, num_bn); if ((hex = BN_bn2hex(num_bn))) { result = BIO_write(bio, "0x", 2) > 0; result = result && BIO_write(bio, hex, strlen(hex)) > 0; diff --git a/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c b/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c index aea7b922a3..0d714a71b7 100644 --- a/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c +++ b/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include <openssl/objects.h> #include <openssl/ts.h> #include <openssl/pkcs7.h> +#include <openssl/crypto.h> #include "ts_lcl.h" static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); @@ -840,7 +841,7 @@ static ASN1_GENERALIZEDTIME long sec, long usec, unsigned precision) { time_t time_sec = (time_t)sec; - struct tm *tm = NULL; + struct tm *tm = NULL, tm_result; char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; char *p = genTime_str; char *p_end = genTime_str + sizeof(genTime_str); @@ -848,7 +849,7 @@ static ASN1_GENERALIZEDTIME if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) goto err; - if ((tm = gmtime(&time_sec)) == NULL) + if ((tm = OPENSSL_gmtime(&time_sec, &tm_result)) == NULL) goto err; /* diff --git a/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c b/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c index 66f5be6f69..2755dd0ef3 100644 --- a/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c +++ b/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c @@ -480,7 +480,7 @@ static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) return result; } -static int ts_check_policy(const ASN1_OBJECT *req_oid, +static int ts_check_policy(const ASN1_OBJECT *req_oid, const TS_TST_INFO *tst_info) { const ASN1_OBJECT *resp_oid = tst_info->policy_id; diff --git a/deps/openssl/openssl/crypto/ui/ui_openssl.c b/deps/openssl/openssl/crypto/ui/ui_openssl.c index 8fa8deca66..bfe93a57f1 100644 --- a/deps/openssl/openssl/crypto/ui/ui_openssl.c +++ b/deps/openssl/openssl/crypto/ui/ui_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -524,17 +524,13 @@ static int echo_console(UI *ui) { #if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); - tty_new.TTY_FLAGS |= ECHO; -#endif - -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) return 0; #endif #ifdef OPENSSL_SYS_VMS if (is_a_tty) { tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] & ~TT$M_NOECHO; + tty_new[1] = tty_orig[1]; tty_new[2] = tty_orig[2]; status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0, 0); @@ -555,7 +551,6 @@ static int echo_console(UI *ui) #if defined(_WIN32) && !defined(_WIN32_WCE) if (is_a_tty) { tty_new = tty_orig; - tty_new |= ENABLE_ECHO_INPUT; SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); } #endif diff --git a/deps/openssl/openssl/crypto/x509/build.info b/deps/openssl/openssl/crypto/x509/build.info index 7fc4b45048..afd0b6134e 100644 --- a/deps/openssl/openssl/crypto/x509/build.info +++ b/deps/openssl/openssl/crypto/x509/build.info @@ -4,7 +4,7 @@ SOURCE[../../libcrypto]=\ x509_obj.c x509_req.c x509spki.c x509_vfy.c \ x509_set.c x509cset.c x509rset.c x509_err.c \ x509name.c x509_v3.c x509_ext.c x509_att.c \ - x509type.c x509_lu.c x_all.c x509_txt.c \ + x509type.c x509_meth.c x509_lu.c x_all.c x509_txt.c \ x509_trs.c by_file.c by_dir.c x509_vpm.c \ x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \ x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c diff --git a/deps/openssl/openssl/crypto/x509/by_dir.c b/deps/openssl/openssl/crypto/x509/by_dir.c index 21672a7ef5..a690455729 100644 --- a/deps/openssl/openssl/crypto/x509/by_dir.c +++ b/deps/openssl/openssl/crypto/x509/by_dir.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -111,7 +111,7 @@ static int new_dir(X509_LOOKUP *lu) OPENSSL_free(a); return 0; } - lu->method_data = (char *)a; + lu->method_data = a; return 1; } diff --git a/deps/openssl/openssl/crypto/x509/x509_cmp.c b/deps/openssl/openssl/crypto/x509/x509_cmp.c index 01056356c5..49b0368dfc 100644 --- a/deps/openssl/openssl/crypto/x509/x509_cmp.c +++ b/deps/openssl/openssl/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -174,7 +174,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) ret = a->canon_enclen - b->canon_enclen; - if (ret) + if (ret != 0 || a->canon_enclen == 0) return ret; return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); diff --git a/deps/openssl/openssl/crypto/x509/x509_err.c b/deps/openssl/openssl/crypto/x509/x509_err.c index 3f4b8ef0bc..9f91188a76 100644 --- a/deps/openssl/openssl/crypto/x509/x509_err.c +++ b/deps/openssl/openssl/crypto/x509/x509_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -51,6 +51,7 @@ static ERR_STRING_DATA X509_str_functs[] = { {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, + {ERR_FUNC(X509_F_X509_LOOKUP_METH_NEW), "X509_LOOKUP_meth_new"}, {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, diff --git a/deps/openssl/openssl/crypto/x509/x509_lcl.h b/deps/openssl/openssl/crypto/x509/x509_lcl.h index 40bd102f70..8a47da4fef 100644 --- a/deps/openssl/openssl/crypto/x509/x509_lcl.h +++ b/deps/openssl/openssl/crypto/x509/x509_lcl.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,7 +67,7 @@ struct x509_crl_method_st { }; struct x509_lookup_method_st { - const char *name; + char *name; int (*new_item) (X509_LOOKUP *ctx); void (*free) (X509_LOOKUP *ctx); int (*init) (X509_LOOKUP *ctx); @@ -91,7 +91,7 @@ struct x509_lookup_st { int init; /* have we been started */ int skip; /* don't use us. */ X509_LOOKUP_METHOD *method; /* the functions */ - char *method_data; /* method data */ + void *method_data; /* method data */ X509_STORE *store_ctx; /* who owns us */ }; diff --git a/deps/openssl/openssl/crypto/x509/x509_lu.c b/deps/openssl/openssl/crypto/x509/x509_lu.c index 90f23520f4..e5bea5b276 100644 --- a/deps/openssl/openssl/crypto/x509/x509_lu.c +++ b/deps/openssl/openssl/crypto/x509/x509_lu.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -117,6 +117,23 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, return ctx->method->get_by_alias(ctx, type, str, len, ret); } +int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data) +{ + ctx->method_data = data; + return 1; +} + +void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx) +{ + return ctx->method_data; +} + +X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx) +{ + return ctx->store_ctx; +} + + static int x509_object_cmp(const X509_OBJECT *const *a, const X509_OBJECT *const *b) { @@ -265,6 +282,9 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, X509_OBJECT stmp, *tmp; int i, j; + if (ctx == NULL) + return 0; + CRYPTO_THREAD_write_lock(ctx->lock); tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); CRYPTO_THREAD_unlock(ctx->lock); @@ -290,26 +310,30 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, return 1; } -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) +static int x509_store_add(X509_STORE *ctx, void *x, int crl) { X509_OBJECT *obj; - int ret = 1, added = 1; + int ret = 0, added = 0; if (x == NULL) return 0; obj = X509_OBJECT_new(); if (obj == NULL) return 0; - obj->type = X509_LU_X509; - obj->data.x509 = x; + + if (crl) { + obj->type = X509_LU_CRL; + obj->data.crl = (X509_CRL *)x; + } else { + obj->type = X509_LU_X509; + obj->data.x509 = (X509 *)x; + } X509_OBJECT_up_ref_count(obj); CRYPTO_THREAD_write_lock(ctx->lock); if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { - X509err(X509_F_X509_STORE_ADD_CERT, - X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret = 0; + ret = 1; } else { added = sk_X509_OBJECT_push(ctx->objs, obj); ret = added != 0; @@ -317,46 +341,28 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) CRYPTO_THREAD_unlock(ctx->lock); - if (!ret) /* obj not pushed */ + if (added == 0) /* obj not pushed */ X509_OBJECT_free(obj); - if (!added) /* on push failure */ - X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); return ret; } -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) { - X509_OBJECT *obj; - int ret = 1, added = 1; - - if (x == NULL) - return 0; - obj = X509_OBJECT_new(); - if (obj == NULL) + if (!x509_store_add(ctx, x, 0)) { + X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); return 0; - obj->type = X509_LU_CRL; - obj->data.crl = x; - X509_OBJECT_up_ref_count(obj); - - CRYPTO_THREAD_write_lock(ctx->lock); - - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { - X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret = 0; - } else { - added = sk_X509_OBJECT_push(ctx->objs, obj); - ret = added != 0; } + return 1; +} - CRYPTO_THREAD_unlock(ctx->lock); - - if (!ret) /* obj not pushed */ - X509_OBJECT_free(obj); - if (!added) /* on push failure */ +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) +{ + if (!x509_store_add(ctx, x, 1)) { X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); - - return ret; + return 0; + } + return 1; } int X509_OBJECT_up_ref_count(X509_OBJECT *a) @@ -403,8 +409,7 @@ X509_OBJECT *X509_OBJECT_new() return ret; } - -void X509_OBJECT_free(X509_OBJECT *a) +static void x509_object_free_internal(X509_OBJECT *a) { if (a == NULL) return; @@ -418,6 +423,33 @@ void X509_OBJECT_free(X509_OBJECT *a) X509_CRL_free(a->data.crl); break; } +} + +int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj) +{ + if (a == NULL || !X509_up_ref(obj)) + return 0; + + x509_object_free_internal(a); + a->type = X509_LU_X509; + a->data.x509 = obj; + return 1; +} + +int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj) +{ + if (a == NULL || !X509_CRL_up_ref(obj)) + return 0; + + x509_object_free_internal(a); + a->type = X509_LU_CRL; + a->data.crl = obj; + return 1; +} + +void X509_OBJECT_free(X509_OBJECT *a) +{ + x509_object_free_internal(a); OPENSSL_free(a); } @@ -489,6 +521,9 @@ STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) X509 *x; X509_OBJECT *obj; + if (ctx->ctx == NULL) + return NULL; + CRYPTO_THREAD_write_lock(ctx->ctx->lock); idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { @@ -538,8 +573,10 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) X509_OBJECT *obj, *xobj = X509_OBJECT_new(); /* Always do lookup to possibly add new CRLs to cache */ - if (sk == NULL || xobj == NULL || - !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { + if (sk == NULL + || xobj == NULL + || ctx->ctx == NULL + || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { X509_OBJECT_free(xobj); sk_X509_CRL_free(sk); return NULL; @@ -633,6 +670,9 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) } X509_OBJECT_free(obj); + if (ctx->ctx == NULL) + return 0; + /* Else find index of first cert accepted by 'check_issued' */ ret = 0; CRYPTO_THREAD_write_lock(ctx->ctx->lock); diff --git a/deps/openssl/openssl/crypto/x509/x509_meth.c b/deps/openssl/openssl/crypto/x509/x509_meth.c new file mode 100644 index 0000000000..05ed4bf863 --- /dev/null +++ b/deps/openssl/openssl/crypto/x509/x509_meth.c @@ -0,0 +1,166 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include <time.h> +#include <errno.h> + +#include "internal/cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/x509.h> +#include <openssl/ossl_typ.h> +#include "x509_lcl.h" + +X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name) +{ + X509_LOOKUP_METHOD *method = OPENSSL_zalloc(sizeof(X509_LOOKUP_METHOD)); + + if (method != NULL) { + method->name = OPENSSL_strdup(name); + if (method->name == NULL) { + X509err(X509_F_X509_LOOKUP_METH_NEW, ERR_R_MALLOC_FAILURE); + goto err; + } + } + + return method; + +err: + OPENSSL_free(method); + return NULL; +} + +void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method) +{ + if (method != NULL) + OPENSSL_free(method->name); + OPENSSL_free(method); +} + +int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, + int (*new_item) (X509_LOOKUP *ctx)) +{ + method->new_item = new_item; + return 1; +} + +int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->new_item; +} + +int X509_LOOKUP_meth_set_free( + X509_LOOKUP_METHOD *method, + void (*free) (X509_LOOKUP *ctx)) +{ + method->free = free; + return 1; +} + +void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->free; +} + +int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, + int (*init) (X509_LOOKUP *ctx)) +{ + method->init = init; + return 1; +} + +int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->init; +} + +int X509_LOOKUP_meth_set_shutdown( + X509_LOOKUP_METHOD *method, + int (*shutdown) (X509_LOOKUP *ctx)) +{ + method->shutdown = shutdown; + return 1; +} + +int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) + (X509_LOOKUP *ctx) +{ + return method->shutdown; +} + +int X509_LOOKUP_meth_set_ctrl( + X509_LOOKUP_METHOD *method, + X509_LOOKUP_ctrl_fn ctrl) +{ + method->ctrl = ctrl; + return 1; +} + +X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method) +{ + return method->ctrl; +} + +int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_subject_fn get_by_subject) +{ + method->get_by_subject = get_by_subject; + return 1; +} + +X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_subject; +} + + +int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_issuer_serial_fn get_by_issuer_serial) +{ + method->get_by_issuer_serial = get_by_issuer_serial; + return 1; +} + +X509_LOOKUP_get_by_issuer_serial_fn + X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method) +{ + return method->get_by_issuer_serial; +} + + +int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_fingerprint_fn get_by_fingerprint) +{ + method->get_by_fingerprint = get_by_fingerprint; + return 1; +} + +X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_fingerprint; +} + +int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, + X509_LOOKUP_get_by_alias_fn get_by_alias) +{ + method->get_by_alias = get_by_alias; + return 1; +} + +X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( + const X509_LOOKUP_METHOD *method) +{ + return method->get_by_alias; +} + diff --git a/deps/openssl/openssl/crypto/x509/x509_vfy.c b/deps/openssl/openssl/crypto/x509/x509_vfy.c index 3018c69ae4..f86871f6d2 100644 --- a/deps/openssl/openssl/crypto/x509/x509_vfy.c +++ b/deps/openssl/openssl/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include <ctype.h> #include <stdio.h> #include <time.h> #include <errno.h> @@ -557,6 +558,27 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) return 1; } +static int has_san_id(X509 *x, int gtype) +{ + int i; + int ret = 0; + GENERAL_NAMES *gs = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + + if (gs == NULL) + return 0; + + for (i = 0; i < sk_GENERAL_NAME_num(gs); i++) { + GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i); + + if (g->type == gtype) { + ret = 1; + break; + } + } + GENERAL_NAMES_free(gs); + return ret; +} + static int check_name_constraints(X509_STORE_CTX *ctx) { int i; @@ -655,7 +677,12 @@ static int check_name_constraints(X509_STORE_CTX *ctx) int rv = NAME_CONSTRAINTS_check(x, nc); /* If EE certificate check commonName too */ - if (rv == X509_V_OK && i == 0) + if (rv == X509_V_OK && i == 0 + && (ctx->param->hostflags + & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) == 0 + && ((ctx->param->hostflags + & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) != 0 + || !has_san_id(x, GEN_DNS))) rv = NAME_CONSTRAINTS_check_CN(x, nc); switch (rv) { @@ -1756,119 +1783,67 @@ int X509_cmp_current_time(const ASN1_TIME *ctm) int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) { - char *str; - ASN1_TIME atm; - long offset; - char buff1[24], buff2[24], *p; - int i, j, remaining; + static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1; + static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1; + ASN1_TIME *asn1_cmp_time = NULL; + int i, day, sec, ret = 0; - p = buff1; - remaining = ctm->length; - str = (char *)ctm->data; /* - * Note that the following (historical) code allows much more slack in the - * time format than RFC5280. In RFC5280, the representation is fixed: + * Note that ASN.1 allows much more slack in the time format than RFC5280. + * In RFC5280, the representation is fixed: * UTCTime: YYMMDDHHMMSSZ * GeneralizedTime: YYYYMMDDHHMMSSZ + * + * We do NOT currently enforce the following RFC 5280 requirement: + * "CAs conforming to this profile MUST always encode certificate + * validity dates through the year 2049 as UTCTime; certificate validity + * dates in 2050 or later MUST be encoded as GeneralizedTime." */ - if (ctm->type == V_ASN1_UTCTIME) { - /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ - int min_length = sizeof("YYMMDDHHMMZ") - 1; - int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; - if (remaining < min_length || remaining > max_length) + switch (ctm->type) { + case V_ASN1_UTCTIME: + if (ctm->length != (int)(utctime_length)) return 0; - memcpy(p, str, 10); - p += 10; - str += 10; - remaining -= 10; - } else { - /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ - int min_length = sizeof("YYYYMMDDHHMMZ") - 1; - int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; - if (remaining < min_length || remaining > max_length) + break; + case V_ASN1_GENERALIZEDTIME: + if (ctm->length != (int)(generalizedtime_length)) return 0; - memcpy(p, str, 12); - p += 12; - str += 12; - remaining -= 12; + break; + default: + return 0; } - if ((*str == 'Z') || (*str == '-') || (*str == '+')) { - *(p++) = '0'; - *(p++) = '0'; - } else { - /* SS (seconds) */ - if (remaining < 2) + /** + * Verify the format: the ASN.1 functions we use below allow a more + * flexible format than what's mandated by RFC 5280. + * Digit and date ranges will be verified in the conversion methods. + */ + for (i = 0; i < ctm->length - 1; i++) { + if (!isdigit(ctm->data[i])) return 0; - *(p++) = *(str++); - *(p++) = *(str++); - remaining -= 2; - /* - * Skip any (up to three) fractional seconds... - * TODO(emilia): in RFC5280, fractional seconds are forbidden. - * Can we just kill them altogether? - */ - if (remaining && *str == '.') { - str++; - remaining--; - for (i = 0; i < 3 && remaining; i++, str++, remaining--) { - if (*str < '0' || *str > '9') - break; - } - } - } - *(p++) = 'Z'; - *(p++) = '\0'; - - /* We now need either a terminating 'Z' or an offset. */ - if (!remaining) + if (ctm->data[ctm->length - 1] != 'Z') return 0; - if (*str == 'Z') { - if (remaining != 1) - return 0; - offset = 0; - } else { - /* (+-)HHMM */ - if ((*str != '+') && (*str != '-')) - return 0; - /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ - if (remaining != 5) - return 0; - if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || - str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') - return 0; - offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; - offset += (str[3] - '0') * 10 + (str[4] - '0'); - if (*str == '-') - offset = -offset; - } - atm.type = ctm->type; - atm.flags = 0; - atm.length = sizeof(buff2); - atm.data = (unsigned char *)buff2; - if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) - return 0; + /* + * There is ASN1_UTCTIME_cmp_time_t but no + * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t, + * so we go through ASN.1 + */ + asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time); + if (asn1_cmp_time == NULL) + goto err; + if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time)) + goto err; - if (ctm->type == V_ASN1_UTCTIME) { - i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); - if (i < 50) - i += 100; /* cf. RFC 2459 */ - j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); - if (j < 50) - j += 100; - - if (i < j) - return -1; - if (i > j) - return 1; - } - i = strcmp(buff1, buff2); - if (i == 0) /* wait a second then return younger :-) */ - return -1; - else - return i; + /* + * X509_cmp_time comparison is <=. + * The return value 0 is reserved for errors. + */ + ret = (day >= 0 && sec >= 0) ? -1 : 1; + + err: + ASN1_TIME_free(asn1_cmp_time); + return ret; } ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) @@ -3264,6 +3239,10 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) if (level > NUM_AUTH_LEVELS) level = NUM_AUTH_LEVELS; + /* We are not able to look up the CA MD for RSA PSS in this version */ + if (nid == NID_rsassaPss) + return 1; + /* Lookup signature algorithm digest */ if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) { const EVP_MD *md; diff --git a/deps/openssl/openssl/crypto/x509/x509_vpm.c b/deps/openssl/openssl/crypto/x509/x509_vpm.c index b5067220ad..9bc4c61101 100644 --- a/deps/openssl/openssl/crypto/x509/x509_vpm.c +++ b/deps/openssl/openssl/crypto/x509/x509_vpm.c @@ -1,5 +1,5 @@ /* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -412,6 +412,11 @@ void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, param->hostflags = flags; } +unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param) +{ + return param->hostflags; +} + char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) { return param->peername; diff --git a/deps/openssl/openssl/crypto/x509/x509name.c b/deps/openssl/openssl/crypto/x509/x509name.c index f87dc7db99..81dce376f8 100644 --- a/deps/openssl/openssl/crypto/x509/x509name.c +++ b/deps/openssl/openssl/crypto/x509/x509name.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -191,7 +191,7 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, loc = n; else if (loc < 0) loc = n; - + inc = (set == 0); name->modified = 1; if (set == -1) { @@ -200,7 +200,6 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, inc = 1; } else { set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; - inc = 0; } } else { /* if (set >= 0) */ @@ -211,12 +210,11 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, set = 0; } else set = sk_X509_NAME_ENTRY_value(sk, loc)->set; - inc = (set == 0) ? 1 : 0; } /* * X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily - * const'ified; harmless cast as dup() don't modify its input. + * const'ified; harmless cast since dup() don't modify its input. */ if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL) goto err; @@ -228,7 +226,7 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, if (inc) { n = sk_X509_NAME_ENTRY_num(sk); for (i = loc + 1; i < n; i++) - sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1; + sk_X509_NAME_ENTRY_value(sk, i)->set += 1; } return (1); err: diff --git a/deps/openssl/openssl/crypto/x509/x_name.c b/deps/openssl/openssl/crypto/x509/x_name.c index 0af5df5cfc..1a33dc1daa 100644 --- a/deps/openssl/openssl/crypto/x509/x_name.c +++ b/deps/openssl/openssl/crypto/x509/x_name.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -472,6 +472,8 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { + if (*xn == name) + return *xn != NULL; if ((name = X509_NAME_dup(name)) == NULL) return 0; X509_NAME_free(*xn); diff --git a/deps/openssl/openssl/crypto/x509v3/v3_enum.c b/deps/openssl/openssl/crypto/x509v3/v3_enum.c index 3b0f197444..f39cb5ac2a 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_enum.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_enum.c @@ -38,7 +38,7 @@ const X509V3_EXT_METHOD v3_crl_reason = { crl_reasons }; -char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *e) { ENUMERATED_NAMES *enam; diff --git a/deps/openssl/openssl/crypto/x509v3/v3_ncons.c b/deps/openssl/openssl/crypto/x509v3/v3_ncons.c index 2eec405a36..bd7301e455 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_ncons.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_ncons.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -297,47 +297,140 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) } +static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen) +{ + int utf8_length; + unsigned char *utf8_value; + int i; + int isdnsname = 0; + + /* Don't leave outputs uninitialized */ + *dnsid = NULL; + *idlen = 0; + + /*- + * Per RFC 6125, DNS-IDs representing internationalized domain names appear + * in certificates in A-label encoded form: + * + * https://tools.ietf.org/html/rfc6125#section-6.4.2 + * + * The same applies to CNs which are intended to represent DNS names. + * However, while in the SAN DNS-IDs are IA5Strings, as CNs they may be + * needlessly encoded in 16-bit Unicode. We perform a conversion to UTF-8 + * to ensure that we get an ASCII representation of any CNs that are + * representable as ASCII, but just not encoded as ASCII. The UTF-8 form + * may contain some non-ASCII octets, and that's fine, such CNs are not + * valid legacy DNS names. + * + * Note, 'int' is the return type of ASN1_STRING_to_UTF8() so that's what + * we must use for 'utf8_length'. + */ + if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, cn)) < 0) + return X509_V_ERR_OUT_OF_MEM; + + /* + * Some certificates have had names that include a *trailing* NUL byte. + * Remove these harmless NUL characters. They would otherwise yield false + * alarms with the following embedded NUL check. + */ + while (utf8_length > 0 && utf8_value[utf8_length - 1] == '\0') + --utf8_length; + + /* Reject *embedded* NULs */ + if ((size_t)utf8_length != strlen((char *)utf8_value)) { + OPENSSL_free(utf8_value); + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + } + + /* + * XXX: Deviation from strict DNS name syntax, also check names with '_' + * Check DNS name syntax, any '-' or '.' must be internal, + * and on either side of each '.' we can't have a '-' or '.'. + * + * If the name has just one label, we don't consider it a DNS name. This + * means that "CN=sometld" cannot be precluded by DNS name constraints, but + * that is not a problem. + */ + for (i = 0; i < utf8_length; ++i) { + unsigned char c = utf8_value[i]; + + if ((c >= 'a' && c <= 'z') + || (c >= 'A' && c <= 'Z') + || (c >= '0' && c <= '9') + || c == '_') + continue; + + /* Dot and hyphen cannot be first or last. */ + if (i > 0 && i < utf8_length - 1) { + if (c == '-') + continue; + /* + * Next to a dot the preceding and following characters must not be + * another dot or a hyphen. Otherwise, record that the name is + * plausible, since it has two or more labels. + */ + if (c == '.' + && utf8_value[i + 1] != '.' + && utf8_value[i - 1] != '-' + && utf8_value[i + 1] != '-') { + isdnsname = 1; + continue; + } + } + isdnsname = 0; + break; + } + + if (isdnsname) { + *dnsid = utf8_value; + *idlen = (size_t)utf8_length; + return X509_V_OK; + } + OPENSSL_free(utf8_value); + return X509_V_OK; +} + +/* + * Check CN against DNS-ID name constraints. + */ int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) { int r, i; - X509_NAME *nm; - + X509_NAME *nm = X509_get_subject_name(x); ASN1_STRING stmp; GENERAL_NAME gntmp; + stmp.flags = 0; stmp.type = V_ASN1_IA5STRING; gntmp.type = GEN_DNS; gntmp.d.dNSName = &stmp; - nm = X509_get_subject_name(x); - /* Process any commonName attributes in subject name */ for (i = -1;;) { X509_NAME_ENTRY *ne; - ASN1_STRING *hn; + ASN1_STRING *cn; + unsigned char *idval; + size_t idlen; + i = X509_NAME_get_index_by_NID(nm, NID_commonName, i); if (i == -1) break; ne = X509_NAME_get_entry(nm, i); - hn = X509_NAME_ENTRY_get_data(ne); - /* Only process attributes that look like host names */ - if (asn1_valid_host(hn)) { - unsigned char *h; - int hlen = ASN1_STRING_to_UTF8(&h, hn); - if (hlen <= 0) - return X509_V_ERR_OUT_OF_MEM; + cn = X509_NAME_ENTRY_get_data(ne); - stmp.length = hlen; - stmp.data = h; - - r = nc_match(&gntmp, nc); - - OPENSSL_free(h); + /* Only process attributes that look like host names */ + if ((r = cn2dnsid(cn, &idval, &idlen)) != X509_V_OK) + return r; + if (idlen == 0) + continue; - if (r != X509_V_OK) - return r; - } + stmp.length = idlen; + stmp.data = idval; + r = nc_match(&gntmp, nc); + OPENSSL_free(idval); + if (r != X509_V_OK) + return r; } return X509_V_OK; } diff --git a/deps/openssl/openssl/crypto/x509v3/v3_purp.c b/deps/openssl/openssl/crypto/x509v3/v3_purp.c index 6d2f354d70..7ac067229f 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_purp.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_purp.c @@ -78,11 +78,9 @@ int X509_check_purpose(X509 *x, int id, int ca) { int idx; const X509_PURPOSE *pt; - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); - x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); - } + + x509v3_cache_extensions(x); + /* Return if side-effect only call */ if (id == -1) return 1; @@ -352,10 +350,18 @@ static void x509v3_cache_extensions(X509 *x) ASN1_BIT_STRING *ns; EXTENDED_KEY_USAGE *extusage; X509_EXTENSION *ex; - int i; - if (x->ex_flags & EXFLAG_SET) + + /* fast lock-free check, see end of the function for details. */ + if (x->ex_cached) + return; + + CRYPTO_THREAD_write_lock(x->lock); + if (x->ex_flags & EXFLAG_SET) { + CRYPTO_THREAD_unlock(x->lock); return; + } + X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); /* V1 should mean no extensions ... */ if (!X509_get_version(x)) @@ -489,6 +495,13 @@ static void x509v3_cache_extensions(X509 *x) } } x->ex_flags |= EXFLAG_SET; + CRYPTO_THREAD_unlock(x->lock); + /* + * It has to be placed after memory barrier, which is implied by unlock. + * Worst thing that can happen is that another thread proceeds to lock + * and checks x->ex_flags & EXFLAGS_SET. See beginning of the function. + */ + x->ex_cached = 1; } /*- @@ -541,11 +554,7 @@ void X509_set_proxy_pathlen(X509 *x, long l) int X509_check_ca(X509 *x) { - if (!(x->ex_flags & EXFLAG_SET)) { - CRYPTO_THREAD_write_lock(x->lock); - x509v3_cache_extensions(x); - CRYPTO_THREAD_unlock(x->lock); - } + x509v3_cache_extensions(x); return check_ca(x); } @@ -759,6 +768,7 @@ int X509_check_issued(X509 *issuer, X509 *subject) if (X509_NAME_cmp(X509_get_subject_name(issuer), X509_get_issuer_name(subject))) return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; + x509v3_cache_extensions(issuer); x509v3_cache_extensions(subject); diff --git a/deps/openssl/openssl/crypto/x509v3/v3_skey.c b/deps/openssl/openssl/crypto/x509v3/v3_skey.c index 749f51b2f0..39597dc41d 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_skey.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_skey.c @@ -24,7 +24,7 @@ const X509V3_EXT_METHOD v3_skey_id = { NULL }; -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *oct) { return OPENSSL_buf2hexstr(oct->data, oct->length); diff --git a/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c b/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c index fec67243f8..d93781e1b7 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_tlsf.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -121,13 +121,12 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, } } - ai = ASN1_INTEGER_new(); - if (ai == NULL) { + if ((ai = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(ai, tlsextid) + || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) { X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); goto err; } - ASN1_INTEGER_set(ai, tlsextid); - sk_ASN1_INTEGER_push(tlsf, ai); } return tlsf; |