diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES index f2fc31a25c54b1..cc142508b9a485 100644 --- a/deps/openssl/openssl/CHANGES +++ b/deps/openssl/openssl/CHANGES @@ -7,6 +7,21 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.0.2n and 1.0.2o [27 Mar 2018] + + *) Constructed ASN.1 types with a recursive definition could exceed the stack + + Constructed ASN.1 types with a recursive definition (such as can be found + in PKCS7) could eventually exceed the stack given malicious input with + excessive recursion. This could result in a Denial Of Service attack. There + are no such structures used within SSL/TLS that come from untrusted sources + so this is considered safe. + + This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz + project. + (CVE-2018-0739) + [Matt Caswell] + Changes between 1.0.2m and 1.0.2n [7 Dec 2017] *) Read/write after SSL object in error state @@ -2012,8 +2027,11 @@ to work with OPENSSL_NO_SSL_INTERN defined. [Steve Henson] - *) Add SRP support. - [Tom Wu and Ben Laurie] + *) A long standing patch to add support for SRP from EdelWeb (Peter + Sylvester and Christophe Renou) was integrated. + [Christophe Renou , Peter Sylvester + , Tom Wu , and + Ben Laurie] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] diff --git a/deps/openssl/openssl/Configure b/deps/openssl/openssl/Configure index 60386d39598758..744b493b96f648 100755 --- a/deps/openssl/openssl/Configure +++ b/deps/openssl/openssl/Configure @@ -354,7 +354,7 @@ my %table=( "hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### HP MPE/iX http://jazz.external.hp.com/src/openssl/ -"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", +"MPE/iX-gcc", "gcc:-DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", # DEC Alpha OSF/1/Tru64 targets. # @@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } else { $lflags=$prelflags; undef $prelflags; } -if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) +if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) { $cflags =~ s/\-mno\-cygwin\s*//; $shared_ldflag =~ s/\-mno\-cygwin\s*//; @@ -1661,18 +1661,25 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) $shlib_minor=$2; } -my $ecc = $cc; -$ecc = "clang" if `$cc --version 2>&1` =~ /clang/; +my %predefined; + +# collect compiler pre-defines from gcc or gcc-alike... +open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |"); +while () { + m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last; + $predefined{$1} = defined($2) ? $2 : ""; +} +close(PIPE); if ($strict_warnings) { my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__}); foreach $wopt (split /\s+/, $gcc_devteam_warn) { $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } - if ($ecc eq "clang") + if (defined($predefined{__clang__})) { foreach $wopt (split /\s+/, $clang_devteam_warn) { @@ -1723,15 +1730,14 @@ while () s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3; } else { s/^CC=.*$/CC= $cc/; s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; s/^RC=.*/RC= $windres/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang"; + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; diff --git a/deps/openssl/openssl/LICENSE b/deps/openssl/openssl/LICENSE index bdfd985a691b07..b1fa6f9fdb4dc0 100644 --- a/deps/openssl/openssl/LICENSE +++ b/deps/openssl/openssl/LICENSE @@ -12,7 +12,7 @@ --------------- /* ==================================================================== - * Copyright (c) 1998-2017 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/deps/openssl/openssl/MacOS/Randomizer.cpp b/deps/openssl/openssl/MacOS/Randomizer.cpp index cceb6bde44fb74..52dc8842e802d2 100644 --- a/deps/openssl/openssl/MacOS/Randomizer.cpp +++ b/deps/openssl/openssl/MacOS/Randomizer.cpp @@ -266,7 +266,7 @@ void CRandomizer::AddCurrentMouse (void) if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 && labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2) - AddBytes (&mouseLoc, sizeof (mouseLoc), + AddBytes (&mouseLoc, sizeof(mouseLoc), kMousePositionEntropy); if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v) @@ -286,7 +286,7 @@ void CRandomizer::AddCurrentMouse (void) (kTypicalMouseIdleTicks/(double)lastCheck); if (entropy < 0.0) entropy = 0.0; - AddBytes (&mMouseStill, sizeof (mMouseStill), entropy); + AddBytes (&mMouseStill, sizeof(mMouseStill), entropy); mMouseStill = 0; } mLastMouse = mouseLoc; @@ -299,7 +299,7 @@ void CRandomizer::AddAbsoluteSystemStartupTime (void) GetDateTime (&now); now -= TickCount() / 60; // Time in ticks since machine // startup - AddBytes (&now, sizeof (now), kSysStartupEntropy); + AddBytes (&now, sizeof(now), kSysStartupEntropy); } void CRandomizer::AddTimeSinceMachineStartup (void) @@ -314,7 +314,7 @@ void CRandomizer::AddAppRunningTime (void) ProcessSerialNumber PSN; ProcessInfoRec ProcessInfo; - ProcessInfo.processInfoLength = sizeof (ProcessInfoRec); + ProcessInfo.processInfoLength = sizeof(ProcessInfoRec); ProcessInfo.processName = nil; ProcessInfo.processAppSpec = nil; @@ -324,7 +324,7 @@ void CRandomizer::AddAppRunningTime (void) // Now add the amount of time in ticks that the current process // has been active - AddBytes (&ProcessInfo, sizeof (ProcessInfoRec), + AddBytes (&ProcessInfo, sizeof(ProcessInfoRec), kApplicationUpTimeEntropy); } @@ -353,7 +353,7 @@ void CRandomizer::AddStartupVolumeInfo (void) // unpredictable, so might as well toss the whole block in. See // comments for entropy estimate justifications. - AddBytes (&pb, sizeof (pb), + AddBytes (&pb, sizeof(pb), kVolumeBytesEntropy + log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi) * 4294967296.0D + @@ -419,7 +419,7 @@ void CRandomizer::AddBytes (void *data, long size, double entropy) void CRandomizer::AddNow (double millisecondUncertainty) { long time = SysTimer(); - AddBytes (&time, sizeof (time), log2l (millisecondUncertainty * + AddBytes (&time, sizeof(time), log2l (millisecondUncertainty * mTimebaseTicksPerMillisec)); } diff --git a/deps/openssl/openssl/Makefile b/deps/openssl/openssl/Makefile index 9212c288527852..d28f6fac188f8b 100644 --- a/deps/openssl/openssl/Makefile +++ b/deps/openssl/openssl/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2n +VERSION=1.0.2o MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 @@ -73,7 +73,7 @@ NM= nm PERL= /usr/bin/perl TAR= tar TARFLAGS= --no-recursion -MAKEDEPPROG=makedepend +MAKEDEPPROG= cc LIBDIR=lib # We let the C compiler driver to take care of .s files. This is done in diff --git a/deps/openssl/openssl/Makefile.bak b/deps/openssl/openssl/Makefile.bak index e766d35764ffb7..1920c3c6bde879 100644 --- a/deps/openssl/openssl/Makefile.bak +++ b/deps/openssl/openssl/Makefile.bak @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.2n +VERSION=1.0.2o MAJOR=1 MINOR=0.2 SHLIB_VERSION_NUMBER=1.0.0 diff --git a/deps/openssl/openssl/NEWS b/deps/openssl/openssl/NEWS index 6f0c5c47b654bc..5080f79a6cbf3e 100644 --- a/deps/openssl/openssl/NEWS +++ b/deps/openssl/openssl/NEWS @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018] + + o Constructed ASN.1 types with a recursive definition could exceed the + stack (CVE-2018-0739) + Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017] o Read/write after SSL object in error state (CVE-2017-3737) diff --git a/deps/openssl/openssl/README b/deps/openssl/openssl/README index 80de6886a766b0..a0fce3f5f974e9 100644 --- a/deps/openssl/openssl/README +++ b/deps/openssl/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2n 7 Dec 2017 + OpenSSL 1.0.2o 27 Mar 2018 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/deps/openssl/openssl/apps/app_rand.c b/deps/openssl/openssl/apps/app_rand.c index b6fe294a682711..00e0538dd33818 100644 --- a/deps/openssl/openssl/apps/app_rand.c +++ b/deps/openssl/openssl/apps/app_rand.c @@ -137,7 +137,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn) #endif if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); + file = RAND_file_name(buffer, sizeof(buffer)); else if (RAND_egd(file) > 0) { /* * we try if the given filename is an EGD socket. if it is, we don't @@ -212,7 +212,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e) return 0; if (file == NULL) - file = RAND_file_name(buffer, sizeof buffer); + file = RAND_file_name(buffer, sizeof(buffer)); if (file == NULL || !RAND_write_file(file)) { BIO_printf(bio_e, "unable to write 'random state'\n"); return 0; diff --git a/deps/openssl/openssl/apps/apps.c b/deps/openssl/openssl/apps/apps.c index 29de1b75dd600b..c5a5152295569e 100644 --- a/deps/openssl/openssl/apps/apps.c +++ b/deps/openssl/openssl/apps/apps.c @@ -1738,9 +1738,9 @@ int save_serial(char *serialfile, char *suffix, BIGNUM *serial, BUF_strlcpy(buf[0], serialfile, BSIZE); else { #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix); #endif } #ifdef RL_DEBUG @@ -1789,14 +1789,14 @@ int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix) goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", @@ -1877,9 +1877,9 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) goto err; #ifndef OPENSSL_SYS_VMS - BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); + BIO_snprintf(buf[0], sizeof(buf[0]), "%s.attr", dbfile); #else - BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); + BIO_snprintf(buf[0], sizeof(buf[0]), "%s-attr", dbfile); #endif dbattr_conf = NCONF_new(NULL); if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { @@ -1967,19 +1967,19 @@ int save_index(const char *dbfile, const char *suffix, CA_DB *db) goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile); #else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]); @@ -2028,29 +2028,29 @@ int rotate_index(const char *dbfile, const char *new_suffix, goto err; } #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile); + j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile); #else - j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile); + j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix); #else - j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix); #else - j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix); + j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix); #else - j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix); #endif #ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix); + j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix); #else - j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix); + j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix); #endif #ifdef RL_DEBUG BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", dbfile, buf[1]); @@ -2604,7 +2604,7 @@ static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx) JPAKE_STEP3A_init(&s3a); JPAKE_STEP3A_generate(&s3a, ctx); - BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); + BIO_write(bconn, s3a.hhk, sizeof(s3a.hhk)); (void)BIO_flush(bconn); JPAKE_STEP3A_release(&s3a); } @@ -2615,7 +2615,7 @@ static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx) JPAKE_STEP3B_init(&s3b); JPAKE_STEP3B_generate(&s3b, ctx); - BIO_write(bconn, s3b.hk, sizeof s3b.hk); + BIO_write(bconn, s3b.hk, sizeof(s3b.hk)); (void)BIO_flush(bconn); JPAKE_STEP3B_release(&s3b); } @@ -2625,7 +2625,7 @@ static void readbn(BIGNUM **bn, BIO *bconn) char buf[10240]; int l; - l = BIO_gets(bconn, buf, sizeof buf); + l = BIO_gets(bconn, buf, sizeof(buf)); assert(l > 0); assert(buf[l - 1] == '\n'); buf[l - 1] = '\0'; @@ -2672,8 +2672,8 @@ static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn) int l; JPAKE_STEP3A_init(&s3a); - l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); - assert(l == sizeof s3a.hhk); + l = BIO_read(bconn, s3a.hhk, sizeof(s3a.hhk)); + assert(l == sizeof(s3a.hhk)); if (!JPAKE_STEP3A_process(ctx, &s3a)) { ERR_print_errors(bio_err); exit(1); @@ -2687,8 +2687,8 @@ static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn) int l; JPAKE_STEP3B_init(&s3b); - l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); - assert(l == sizeof s3b.hk); + l = BIO_read(bconn, s3b.hk, sizeof(s3b.hk)); + assert(l == sizeof(s3b.hk)); if (!JPAKE_STEP3B_process(ctx, &s3b)) { ERR_print_errors(bio_err); exit(1); diff --git a/deps/openssl/openssl/apps/ca.c b/deps/openssl/openssl/apps/ca.c index 9a839969a204bb..4f9de5492148a1 100644 --- a/deps/openssl/openssl/apps/ca.c +++ b/deps/openssl/openssl/apps/ca.c @@ -1628,8 +1628,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, CONF *lconf, unsigned long certopt, unsigned long nameopt, int default_op, int ext_copy, int selfsign) { - X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = - NULL; + X509_NAME *name = NULL, *CAname = NULL, *subject = NULL; ASN1_UTCTIME *tm, *tmptm; ASN1_STRING *str, *str2; ASN1_OBJECT *obj; @@ -1817,8 +1816,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, if (push != NULL) { if (!X509_NAME_add_entry(subject, push, -1, 0)) { - if (push != NULL) - X509_NAME_ENTRY_free(push); BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } @@ -1836,104 +1833,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto err; } - if (verbose) - BIO_printf(bio_err, - "The subject name appears to be ok, checking data base for clashes\n"); - - /* Build the correct Subject if no e-mail is wanted in the subject */ - /* - * and add it later on because of the method extensions are added - * (altName) - */ - - if (email_dn) - dn_subject = subject; - else { - X509_NAME_ENTRY *tmpne; - /* - * Its best to dup the subject DN and then delete any email addresses - * because this retains its structure. - */ - if (!(dn_subject = X509_NAME_dup(subject))) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto err; - } - while ((i = X509_NAME_get_index_by_NID(dn_subject, - NID_pkcs9_emailAddress, - -1)) >= 0) { - tmpne = X509_NAME_get_entry(dn_subject, i); - X509_NAME_delete_entry(dn_subject, i); - X509_NAME_ENTRY_free(tmpne); - } - } - - if (BN_is_zero(serial)) - row[DB_serial] = BUF_strdup("00"); - else - row[DB_serial] = BN_bn2hex(serial); - if (row[DB_serial] == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto err; - } - - if (db->attributes.unique_subject) { - OPENSSL_STRING *crow = row; - - rrow = TXT_DB_get_by_index(db->db, DB_name, crow); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:There is already a certificate for %s\n", - row[DB_name]); - } - } - if (rrow == NULL) { - rrow = TXT_DB_get_by_index(db->db, DB_serial, row); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:Serial number %s has already been issued,\n", - row[DB_serial]); - BIO_printf(bio_err, - " check the database/serial_file for corruption\n"); - } - } - - if (rrow != NULL) { - BIO_printf(bio_err, "The matching entry has the following details\n"); - if (rrow[DB_type][0] == 'E') - p = "Expired"; - else if (rrow[DB_type][0] == 'R') - p = "Revoked"; - else if (rrow[DB_type][0] == 'V') - p = "Valid"; - else - p = "\ninvalid type, Data base error\n"; - BIO_printf(bio_err, "Type :%s\n", p);; - if (rrow[DB_type][0] == 'R') { - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Was revoked on:%s\n", p); - } - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Expires on :%s\n", p); - p = rrow[DB_serial]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Serial Number :%s\n", p); - p = rrow[DB_file]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "File name :%s\n", p); - p = rrow[DB_name]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Subject Name :%s\n", p); - ok = -1; /* This is now a 'bad' error. */ - goto err; - } - /* We are now totally happy, lets make and sign the certificate */ if (verbose) BIO_printf(bio_err, @@ -2056,10 +1955,124 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, goto err; } - /* Set the right value for the noemailDN option */ - if (email_dn == 0) { - if (!X509_set_subject_name(ret, dn_subject)) + if (verbose) + BIO_printf(bio_err, + "The subject name appears to be ok, checking data base for clashes\n"); + + /* Build the correct Subject if no e-mail is wanted in the subject */ + + if (!email_dn) { + X509_NAME_ENTRY *tmpne; + X509_NAME *dn_subject; + + /* + * Its best to dup the subject DN and then delete any email addresses + * because this retains its structure. + */ + if (!(dn_subject = X509_NAME_dup(subject))) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + while ((i = X509_NAME_get_index_by_NID(dn_subject, + NID_pkcs9_emailAddress, + -1)) >= 0) { + tmpne = X509_NAME_get_entry(dn_subject, i); + X509_NAME_delete_entry(dn_subject, i); + X509_NAME_ENTRY_free(tmpne); + } + + if (!X509_set_subject_name(ret, dn_subject)) { + X509_NAME_free(dn_subject); + goto err; + } + X509_NAME_free(dn_subject); + } + + row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); + if (row[DB_name] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + + if (BN_is_zero(serial)) + row[DB_serial] = BUF_strdup("00"); + else + row[DB_serial] = BN_bn2hex(serial); + if (row[DB_serial] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); + goto err; + } + + if (row[DB_name][0] == '\0') { + /* + * An empty subject! We'll use the serial number instead. If + * unique_subject is in use then we don't want different entries with + * empty subjects matching each other. + */ + OPENSSL_free(row[DB_name]); + row[DB_name] = OPENSSL_strdup(row[DB_serial]); + if (row[DB_name] == NULL) { + BIO_printf(bio_err, "Memory allocation failure\n"); goto err; + } + } + + if (db->attributes.unique_subject) { + OPENSSL_STRING *crow = row; + + rrow = TXT_DB_get_by_index(db->db, DB_name, crow); + if (rrow != NULL) { + BIO_printf(bio_err, + "ERROR:There is already a certificate for %s\n", + row[DB_name]); + } + } + if (rrow == NULL) { + rrow = TXT_DB_get_by_index(db->db, DB_serial, row); + if (rrow != NULL) { + BIO_printf(bio_err, + "ERROR:Serial number %s has already been issued,\n", + row[DB_serial]); + BIO_printf(bio_err, + " check the database/serial_file for corruption\n"); + } + } + + if (rrow != NULL) { + BIO_printf(bio_err, "The matching entry has the following details\n"); + if (rrow[DB_type][0] == 'E') + p = "Expired"; + else if (rrow[DB_type][0] == 'R') + p = "Revoked"; + else if (rrow[DB_type][0] == 'V') + p = "Valid"; + else + p = "\ninvalid type, Data base error\n"; + BIO_printf(bio_err, "Type :%s\n", p);; + if (rrow[DB_type][0] == 'R') { + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Was revoked on:%s\n", p); + } + p = rrow[DB_exp_date]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Expires on :%s\n", p); + p = rrow[DB_serial]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Serial Number :%s\n", p); + p = rrow[DB_file]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "File name :%s\n", p); + p = rrow[DB_name]; + if (p == NULL) + p = "undef"; + BIO_printf(bio_err, "Subject Name :%s\n", p); + ok = -1; /* This is now a 'bad' error. */ + goto err; } if (!default_op) { @@ -2110,10 +2123,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, row[DB_exp_date] = OPENSSL_malloc(tm->length + 1); row[DB_rev_date] = OPENSSL_malloc(1); row[DB_file] = OPENSSL_malloc(8); - row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) || (row[DB_rev_date] == NULL) || - (row[DB_file] == NULL) || (row[DB_name] == NULL)) { + (row[DB_file] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; } @@ -2143,18 +2155,16 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, irow = NULL; ok = 1; err: - if (irow != NULL) { + if (ok != 1) { for (i = 0; i < DB_NUMBER; i++) OPENSSL_free(row[i]); - OPENSSL_free(irow); } + OPENSSL_free(irow); if (CAname != NULL) X509_NAME_free(CAname); if (subject != NULL) X509_NAME_free(subject); - if ((dn_subject != NULL) && !email_dn) - X509_NAME_free(dn_subject); if (tmptm != NULL) ASN1_UTCTIME_free(tmptm); if (ok <= 0) { @@ -2357,6 +2367,11 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) else row[DB_serial] = BN_bn2hex(bn); BN_free(bn); + if (row[DB_name] != NULL && row[DB_name][0] == '\0') { + /* Entries with empty Subjects actually use the serial number instead */ + OPENSSL_free(row[DB_name]); + row[DB_name] = OPENSSL_strdup(row[DB_serial]); + } if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { BIO_printf(bio_err, "Memory allocation failure\n"); goto err; diff --git a/deps/openssl/openssl/apps/ciphers.c b/deps/openssl/openssl/apps/ciphers.c index 66636d2dfd18e2..4856141f6f2b5f 100644 --- a/deps/openssl/openssl/apps/ciphers.c +++ b/deps/openssl/openssl/apps/ciphers.c @@ -217,7 +217,7 @@ int MAIN(int argc, char **argv) BIO_printf(STDout, "%s - ", nm); } #endif - BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof buf)); + BIO_puts(STDout, SSL_CIPHER_description(c, buf, sizeof(buf))); } } diff --git a/deps/openssl/openssl/apps/cms.c b/deps/openssl/openssl/apps/cms.c index f9a63bc0d0968e..de4ba136e8fa2f 100644 --- a/deps/openssl/openssl/apps/cms.c +++ b/deps/openssl/openssl/apps/cms.c @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -977,12 +977,16 @@ int MAIN(int argc, char **argv) signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL, e, "signer certificate"); - if (!signer) + if (!signer) { + ret = 2; goto end; + } key = load_key(bio_err, keyfile, keyform, 0, passin, e, "signing key file"); - if (!key) + if (!key) { + ret = 2; goto end; + } for (kparam = key_first; kparam; kparam = kparam->next) { if (kparam->idx == i) { tflags |= CMS_KEY_PARAM; diff --git a/deps/openssl/openssl/apps/dgst.c b/deps/openssl/openssl/apps/dgst.c index bc2601e452efa3..686fe344fbf571 100644 --- a/deps/openssl/openssl/apps/dgst.c +++ b/deps/openssl/openssl/apps/dgst.c @@ -145,7 +145,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0], pname, sizeof pname); + program_name(argv[0], pname, sizeof(pname)); md = EVP_get_digestbyname(pname); diff --git a/deps/openssl/openssl/apps/dsaparam.c b/deps/openssl/openssl/apps/dsaparam.c index f2cf553db3ff75..3a4a123846c4d3 100644 --- a/deps/openssl/openssl/apps/dsaparam.c +++ b/deps/openssl/openssl/apps/dsaparam.c @@ -382,6 +382,9 @@ int MAIN(int argc, char **argv) printf("\treturn(dsa);\n\t}\n"); } + if (outformat == FORMAT_ASN1 && genkey) + noout = 1; + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_DSAparams_bio(out, dsa); diff --git a/deps/openssl/openssl/apps/ecparam.c b/deps/openssl/openssl/apps/ecparam.c index a9bf489cdd4c7a..8d5b7044489c22 100644 --- a/deps/openssl/openssl/apps/ecparam.c +++ b/deps/openssl/openssl/apps/ecparam.c @@ -3,7 +3,7 @@ * Written by Nils Larsch for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -546,6 +546,9 @@ int MAIN(int argc, char **argv) BIO_printf(out, "\treturn(group);\n\t}\n"); } + if (outformat == FORMAT_ASN1 && genkey) + noout = 1; + if (!noout) { if (outformat == FORMAT_ASN1) i = i2d_ECPKParameters_bio(out, group); @@ -582,6 +585,9 @@ int MAIN(int argc, char **argv) if (EC_KEY_set_group(eckey, group) == 0) goto end; + if (new_form) + EC_KEY_set_conv_form(eckey, form); + if (!EC_KEY_generate_key(eckey)) { EC_KEY_free(eckey); goto end; diff --git a/deps/openssl/openssl/apps/enc.c b/deps/openssl/openssl/apps/enc.c index 66145b3be770e7..3b7e1eea3d834c 100644 --- a/deps/openssl/openssl/apps/enc.c +++ b/deps/openssl/openssl/apps/enc.c @@ -114,7 +114,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { static const char magic[] = "Salted__"; - char mbuf[sizeof magic - 1]; + char mbuf[sizeof(magic) - 1]; char *strbuf = NULL; unsigned char *buff = NULL, *bufsize = NULL; int bsize = BSIZE, verbose = 0; @@ -154,7 +154,7 @@ int MAIN(int argc, char **argv) goto end; /* first check the program name */ - program_name(argv[0], pname, sizeof pname); + program_name(argv[0], pname, sizeof(pname)); if (strcmp(pname, "base64") == 0) base64 = 1; #ifdef ZLIB @@ -247,7 +247,7 @@ int MAIN(int argc, char **argv) goto bad; } buf[0] = '\0'; - if (!fgets(buf, sizeof buf, infile)) { + if (!fgets(buf, sizeof(buf), infile)) { BIO_printf(bio_err, "unable to read key from '%s'\n", file); goto bad; } @@ -432,7 +432,7 @@ int MAIN(int argc, char **argv) for (;;) { char buf[200]; - BIO_snprintf(buf, sizeof buf, "enter %s %s password:", + BIO_snprintf(buf, sizeof(buf), "enter %s %s password:", OBJ_nid2ln(EVP_CIPHER_nid(cipher)), (enc) ? "encryption" : "decryption"); strbuf[0] = '\0'; @@ -517,31 +517,31 @@ int MAIN(int argc, char **argv) else { if (enc) { if (hsalt) { - if (!set_hex(hsalt, salt, sizeof salt)) { + if (!set_hex(hsalt, salt, sizeof(salt))) { BIO_printf(bio_err, "invalid hex salt value\n"); goto end; } - } else if (RAND_bytes(salt, sizeof salt) <= 0) + } else if (RAND_bytes(salt, sizeof(salt)) <= 0) goto end; /* * If -P option then don't bother writing */ if ((printkey != 2) && (BIO_write(wbio, magic, - sizeof magic - 1) != sizeof magic - 1 + sizeof(magic) - 1) != sizeof(magic) - 1 || BIO_write(wbio, (char *)salt, - sizeof salt) != sizeof salt)) { + sizeof(salt)) != sizeof(salt))) { BIO_printf(bio_err, "error writing output file\n"); goto end; } - } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf + } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf) || BIO_read(rbio, (unsigned char *)salt, - sizeof salt) != sizeof salt) { + sizeof(salt)) != sizeof(salt)) { BIO_printf(bio_err, "error reading input file\n"); goto end; - } else if (memcmp(mbuf, magic, sizeof magic - 1)) { + } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) { BIO_printf(bio_err, "bad magic number\n"); goto end; } @@ -564,7 +564,7 @@ int MAIN(int argc, char **argv) int siz = EVP_CIPHER_iv_length(cipher); if (siz == 0) { BIO_printf(bio_err, "warning: iv not use by this cipher\n"); - } else if (!set_hex(hiv, iv, sizeof iv)) { + } else if (!set_hex(hiv, iv, sizeof(iv))) { BIO_printf(bio_err, "invalid hex iv value\n"); goto end; } diff --git a/deps/openssl/openssl/apps/errstr.c b/deps/openssl/openssl/apps/errstr.c index c2d4fdec35ad02..c3fef610fc2de3 100644 --- a/deps/openssl/openssl/apps/errstr.c +++ b/deps/openssl/openssl/apps/errstr.c @@ -108,7 +108,7 @@ int MAIN(int argc, char **argv) for (i = 1; i < argc; i++) { if (sscanf(argv[i], "%lx", &l)) { - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); printf("%s\n", buf); } else { printf("%s: bad error code\n", argv[i]); diff --git a/deps/openssl/openssl/apps/ocsp.c b/deps/openssl/openssl/apps/ocsp.c index 5da51df5148c8c..654eebcbfc1512 100644 --- a/deps/openssl/openssl/apps/ocsp.c +++ b/deps/openssl/openssl/apps/ocsp.c @@ -1195,7 +1195,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *pcbio = cbio; for (;;) { - len = BIO_gets(cbio, inbuf, sizeof inbuf); + len = BIO_gets(cbio, inbuf, sizeof(inbuf)); if (len <= 0) return 1; /* Look for "POST" signalling start of query */ diff --git a/deps/openssl/openssl/apps/openssl.c b/deps/openssl/openssl/apps/openssl.c index 687314522319bd..c3da5d6cd0e94d 100644 --- a/deps/openssl/openssl/apps/openssl.c +++ b/deps/openssl/openssl/apps/openssl.c @@ -351,7 +351,7 @@ int main(int Argc, char *ARGV[]) prog = prog_init(); /* first check the program name */ - program_name(Argv[0], pname, sizeof pname); + program_name(Argv[0], pname, sizeof(pname)); f.name = pname; fp = lh_FUNCTION_retrieve(prog, &f); @@ -379,7 +379,7 @@ int main(int Argc, char *ARGV[]) for (;;) { ret = 0; p = buf; - n = sizeof buf; + n = sizeof(buf); i = 0; for (;;) { p[0] = '\0'; @@ -685,7 +685,7 @@ static LHASH_OF(FUNCTION) *prog_init(void) /* Purely so it looks nice when the user hits ? */ for (i = 0, f = functions; f->name != NULL; ++f, ++i) ; - qsort(functions, i, sizeof *functions, SortFnByName); + qsort(functions, i, sizeof(*functions), SortFnByName); if ((ret = lh_FUNCTION_new()) == NULL) return (NULL); diff --git a/deps/openssl/openssl/apps/passwd.c b/deps/openssl/openssl/apps/passwd.c index 798a6d593616fa..56e10ad3d8f15d 100644 --- a/deps/openssl/openssl/apps/passwd.c +++ b/deps/openssl/openssl/apps/passwd.c @@ -252,7 +252,7 @@ int MAIN(int argc, char **argv) /* ignore rest of line */ char trash[BUFSIZ]; do - r = BIO_gets(in, trash, sizeof trash); + r = BIO_gets(in, trash, sizeof(trash)); while ((r > 0) && (!strchr(trash, '\n'))); } @@ -329,8 +329,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); - for (i = passwd_len; i > sizeof buf; i -= sizeof buf) - EVP_DigestUpdate(&md, buf, sizeof buf); + for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) + EVP_DigestUpdate(&md, buf, sizeof(buf)); EVP_DigestUpdate(&md, buf, i); n = passwd_len; @@ -343,13 +343,13 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) for (i = 0; i < 1000; i++) { EVP_DigestInit_ex(&md2, EVP_md5(), NULL); EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf, - (i & 1) ? passwd_len : sizeof buf); + (i & 1) ? passwd_len : sizeof(buf)); if (i % 3) EVP_DigestUpdate(&md2, salt_out, salt_len); if (i % 7) EVP_DigestUpdate(&md2, passwd, passwd_len); EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd, - (i & 1) ? sizeof buf : passwd_len); + (i & 1) ? sizeof(buf) : passwd_len); EVP_DigestFinal_ex(&md2, buf, NULL); } EVP_MD_CTX_cleanup(&md2); @@ -357,7 +357,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) { /* transform buf into output string */ - unsigned char buf_perm[sizeof buf]; + unsigned char buf_perm[sizeof(buf)]; int dest, source; char *output; @@ -369,7 +369,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) buf_perm[15] = buf[11]; # ifndef PEDANTIC /* Unfortunately, this generates a "no * effect" warning */ - assert(16 == sizeof buf_perm); + assert(16 == sizeof(buf_perm)); # endif output = salt_out + salt_len; diff --git a/deps/openssl/openssl/apps/pkcs12.c b/deps/openssl/openssl/apps/pkcs12.c index d0bd97af0eee30..0ba4c9a8076ac8 100644 --- a/deps/openssl/openssl/apps/pkcs12.c +++ b/deps/openssl/openssl/apps/pkcs12.c @@ -481,7 +481,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("read MAC password"); # endif if (EVP_read_pw_string - (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { + (macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; } @@ -629,13 +629,13 @@ int MAIN(int argc, char **argv) # endif if (!noprompt && - EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", + EVP_read_pw_string(pass, sizeof(pass), "Enter Export Password:", 1)) { BIO_printf(bio_err, "Can't read Password\n"); goto export_end; } if (!twopass) - BUF_strlcpy(macpass, pass, sizeof macpass); + BUF_strlcpy(macpass, pass, sizeof(macpass)); # ifdef CRYPTO_MDEBUG CRYPTO_pop_info(); @@ -698,7 +698,7 @@ int MAIN(int argc, char **argv) CRYPTO_push_info("read import password"); # endif if (!noprompt - && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", + && EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:", 0)) { BIO_printf(bio_err, "Can't read Password\n"); goto end; @@ -708,7 +708,7 @@ int MAIN(int argc, char **argv) # endif if (!twopass) - BUF_strlcpy(macpass, pass, sizeof macpass); + BUF_strlcpy(macpass, pass, sizeof(macpass)); if ((options & INFO) && p12->mac) BIO_printf(bio_err, "MAC Iteration %ld\n", diff --git a/deps/openssl/openssl/apps/pkcs8.c b/deps/openssl/openssl/apps/pkcs8.c index 71e31689df0892..d7f0720ca12839 100644 --- a/deps/openssl/openssl/apps/pkcs8.c +++ b/deps/openssl/openssl/apps/pkcs8.c @@ -277,7 +277,7 @@ int MAIN(int argc, char **argv) else { p8pass = pass; if (EVP_read_pw_string - (pass, sizeof pass, "Enter Encryption Password:", 1)) + (pass, sizeof(pass), "Enter Encryption Password:", 1)) goto end; } app_RAND_load_file(NULL, bio_err, 0); @@ -331,7 +331,7 @@ int MAIN(int argc, char **argv) p8pass = passin; else { p8pass = pass; - EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); + EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0); } p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); } diff --git a/deps/openssl/openssl/apps/rand.c b/deps/openssl/openssl/apps/rand.c index 96dcb7273a4dfe..eddb8af8d70a10 100644 --- a/deps/openssl/openssl/apps/rand.c +++ b/deps/openssl/openssl/apps/rand.c @@ -198,7 +198,7 @@ int MAIN(int argc, char **argv) chunk = num; if (chunk > (int)sizeof(buf)) - chunk = sizeof buf; + chunk = sizeof(buf); r = RAND_bytes(buf, chunk); if (r <= 0) goto err; diff --git a/deps/openssl/openssl/apps/req.c b/deps/openssl/openssl/apps/req.c index ede1d32cae62cc..7fcab18cd1c93b 100644 --- a/deps/openssl/openssl/apps/req.c +++ b/deps/openssl/openssl/apps/req.c @@ -1193,7 +1193,7 @@ static int prompt_info(X509_REQ *req, /* If OBJ not recognised ignore it */ if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start; - if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name) + if (BIO_snprintf(buf, sizeof(buf), "%s_default", v->name) >= (int)sizeof(buf)) { BIO_printf(bio_err, "Name '%s' too long\n", v->name); return 0; @@ -1204,19 +1204,19 @@ static int prompt_info(X509_REQ *req, def = ""; } - BIO_snprintf(buf, sizeof buf, "%s_value", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_value", v->name); if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { ERR_clear_error(); value = NULL; } - BIO_snprintf(buf, sizeof buf, "%s_min", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_min", v->name); if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; } - BIO_snprintf(buf, sizeof buf, "%s_max", v->name); + BIO_snprintf(buf, sizeof(buf), "%s_max", v->name); if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; @@ -1252,7 +1252,7 @@ static int prompt_info(X509_REQ *req, if ((nid = OBJ_txt2nid(type)) == NID_undef) goto start2; - if (BIO_snprintf(buf, sizeof buf, "%s_default", type) + if (BIO_snprintf(buf, sizeof(buf), "%s_default", type) >= (int)sizeof(buf)) { BIO_printf(bio_err, "Name '%s' too long\n", v->name); return 0; @@ -1264,20 +1264,20 @@ static int prompt_info(X509_REQ *req, def = ""; } - BIO_snprintf(buf, sizeof buf, "%s_value", type); + BIO_snprintf(buf, sizeof(buf), "%s_value", type); if ((value = NCONF_get_string(req_conf, attr_sect, buf)) == NULL) { ERR_clear_error(); value = NULL; } - BIO_snprintf(buf, sizeof buf, "%s_min", type); + BIO_snprintf(buf, sizeof(buf), "%s_min", type); if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) { ERR_clear_error(); n_min = -1; } - BIO_snprintf(buf, sizeof buf, "%s_max", type); + BIO_snprintf(buf, sizeof(buf), "%s_max", type); if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) { ERR_clear_error(); n_max = -1; @@ -1372,13 +1372,13 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, BIO_printf(bio_err, "%s [%s]:", text, def); (void)BIO_flush(bio_err); if (value != NULL) { - BUF_strlcpy(buf, value, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, value, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; if (!batch) { - if (!fgets(buf, sizeof buf, stdin)) + if (!fgets(buf, sizeof(buf), stdin)) return 0; } else { buf[0] = '\n'; @@ -1391,8 +1391,8 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) return (1); - BUF_strlcpy(buf, def, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, def, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); } else if ((buf[0] == '.') && (buf[1] == '\n')) return (1); @@ -1431,13 +1431,13 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, BIO_printf(bio_err, "%s [%s]:", text, def); (void)BIO_flush(bio_err); if (value != NULL) { - BUF_strlcpy(buf, value, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, value, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); BIO_printf(bio_err, "%s\n", value); } else { buf[0] = '\0'; if (!batch) { - if (!fgets(buf, sizeof buf, stdin)) + if (!fgets(buf, sizeof(buf), stdin)) return 0; } else { buf[0] = '\n'; @@ -1450,8 +1450,8 @@ static int add_attribute_object(X509_REQ *req, char *text, const char *def, else if (buf[0] == '\n') { if ((def == NULL) || (def[0] == '\0')) return (1); - BUF_strlcpy(buf, def, sizeof buf); - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcpy(buf, def, sizeof(buf)); + BUF_strlcat(buf, "\n", sizeof(buf)); } else if ((buf[0] == '.') && (buf[1] == '\n')) return (1); diff --git a/deps/openssl/openssl/apps/s_client.c b/deps/openssl/openssl/apps/s_client.c index 8f33a8d884614e..1ef59dc3464a43 100644 --- a/deps/openssl/openssl/apps/s_client.c +++ b/deps/openssl/openssl/apps/s_client.c @@ -2181,10 +2181,10 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio, "---\nCertificate chain\n"); for (i = 0; i < sk_X509_num(sk); i++) { X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)), - buf, sizeof buf); + buf, sizeof(buf)); BIO_printf(bio, "%2d s:%s\n", i, buf); X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)), - buf, sizeof buf); + buf, sizeof(buf)); BIO_printf(bio, " i:%s\n", buf); if (c_showcerts) PEM_write_bio_X509(bio, sk_X509_value(sk, i)); @@ -2199,9 +2199,9 @@ static void print_stuff(BIO *bio, SSL *s, int full) /* Redundant if we showed the whole chain */ if (!(c_showcerts && got_a_chain)) PEM_write_bio_X509(bio, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf)); BIO_printf(bio, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf)); BIO_printf(bio, "issuer=%s\n", buf); } else BIO_printf(bio, "no peer certificate available\n"); @@ -2218,7 +2218,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } else { BIO_printf(bio, "---\nNo client certificate CA names sent\n"); } - p = SSL_get_shared_ciphers(s, buf, sizeof buf); + p = SSL_get_shared_ciphers(s, buf, sizeof(buf)); if (p != NULL) { /* * This works only for SSL 2. In later protocol versions, the diff --git a/deps/openssl/openssl/apps/s_server.c b/deps/openssl/openssl/apps/s_server.c index 98ffc09314a302..83918fb6d39a3d 100644 --- a/deps/openssl/openssl/apps/s_server.c +++ b/deps/openssl/openssl/apps/s_server.c @@ -2008,7 +2008,7 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context, - sizeof s_server_session_id_context); + sizeof(s_server_session_id_context)); /* Set DTLS cookie generation and verification callbacks */ SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); @@ -2019,7 +2019,7 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); SSL_CTX_set_session_id_context(ctx2, (void *)&s_server_session_id_context, - sizeof s_server_session_id_context); + sizeof(s_server_session_id_context)); tlsextcbp.biodebug = bio_s_out; SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); @@ -2666,14 +2666,14 @@ static int init_ssl_connection(SSL *con) if (peer != NULL) { BIO_printf(bio_s_out, "Client certificate\n"); PEM_write_bio_X509(bio_s_out, peer); - X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf)); BIO_printf(bio_s_out, "subject=%s\n", buf); - X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf); + X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf)); BIO_printf(bio_s_out, "issuer=%s\n", buf); X509_free(peer); } - if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL) + if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL) BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); ssl_print_sigalgs(bio_s_out, con); diff --git a/deps/openssl/openssl/apps/s_socket.c b/deps/openssl/openssl/apps/s_socket.c index 77a7688f8d0c81..83624ca84f1524 100644 --- a/deps/openssl/openssl/apps/s_socket.c +++ b/deps/openssl/openssl/apps/s_socket.c @@ -235,7 +235,7 @@ int init_client(int *sock, char *host, int port, int type) { unsigned char ip[4]; - memset(ip, '\0', sizeof ip); + memset(ip, '\0', sizeof(ip)); if (!host_ip(host, &(ip[0]))) return 0; return init_client_ip(sock, ip, port, type); @@ -360,7 +360,7 @@ static int init_server_long(int *sock, int port, char *ip, int type) # if defined SOL_SOCKET && defined SO_REUSEADDR { int j = 1; - setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); + setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j)); } # endif if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { @@ -595,7 +595,7 @@ static struct hostent *GetHostByName(char *name) if (ret == NULL) return (NULL); /* else add to cache */ - if (strlen(name) < sizeof ghbn_cache[0].name) { + if (strlen(name) < sizeof(ghbn_cache[0].name)) { strcpy(ghbn_cache[lowi].name, name); memcpy((char *)&(ghbn_cache[lowi].ent), ret, sizeof(struct hostent)); diff --git a/deps/openssl/openssl/apps/s_time.c b/deps/openssl/openssl/apps/s_time.c index 38788f7130c7cc..0bb2f8cc2aa16f 100644 --- a/deps/openssl/openssl/apps/s_time.c +++ b/deps/openssl/openssl/apps/s_time.c @@ -422,7 +422,7 @@ int MAIN(int argc, char **argv) goto end; if (s_www_path != NULL) { - BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", + BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path); SSL_write(scon, buf, strlen(buf)); while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) @@ -481,7 +481,7 @@ int MAIN(int argc, char **argv) } if (s_www_path != NULL) { - BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path); + BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path); SSL_write(scon, buf, strlen(buf)); while (SSL_read(scon, buf, sizeof(buf)) > 0) ; } @@ -517,7 +517,7 @@ int MAIN(int argc, char **argv) goto end; if (s_www_path) { - BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", + BIO_snprintf(buf, sizeof(buf), "GET %s HTTP/1.0\r\n\r\n", s_www_path); SSL_write(scon, buf, strlen(buf)); while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) diff --git a/deps/openssl/openssl/apps/speed.c b/deps/openssl/openssl/apps/speed.c index 5383678b98644f..aaa982ee1f74c2 100644 --- a/deps/openssl/openssl/apps/speed.c +++ b/deps/openssl/openssl/apps/speed.c @@ -2091,7 +2091,7 @@ int MAIN(int argc, char **argv) RAND_pseudo_bytes(buf, 20); # ifndef OPENSSL_NO_DSA if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); rnd_fake = 1; } for (j = 0; j < DSA_NUM; j++) { @@ -2170,7 +2170,7 @@ int MAIN(int argc, char **argv) # ifndef OPENSSL_NO_ECDSA if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); rnd_fake = 1; } for (j = 0; j < EC_NUM; j++) { @@ -2265,7 +2265,7 @@ int MAIN(int argc, char **argv) # ifndef OPENSSL_NO_ECDH if (RAND_status() != 1) { - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); rnd_fake = 1; } for (j = 0; j < EC_NUM; j++) { @@ -2588,7 +2588,7 @@ static char *sstrsep(char **string, const char *delim) if (**string == 0) return NULL; - memset(isdelim, 0, sizeof isdelim); + memset(isdelim, 0, sizeof(isdelim)); isdelim[0] = 1; while (*delim) { @@ -2615,7 +2615,7 @@ static int do_multi(int multi) int *fds; static char sep[] = ":"; - fds = malloc(multi * sizeof *fds); + fds = malloc(multi * sizeof(*fds)); if (fds == NULL) { fprintf(stderr, "Out of memory in speed (do_multi)\n"); exit(1); @@ -2653,7 +2653,7 @@ static int do_multi(int multi) char *p; f = fdopen(fds[n], "r"); - while (fgets(buf, sizeof buf, f)) { + while (fgets(buf, sizeof(buf), f)) { p = strchr(buf, '\n'); if (p) *p = '\0'; diff --git a/deps/openssl/openssl/apps/vms_term_sock.c b/deps/openssl/openssl/apps/vms_term_sock.c index a7d87ff3618c6e..bc0c173ef4e0c7 100755 --- a/deps/openssl/openssl/apps/vms_term_sock.c +++ b/deps/openssl/openssl/apps/vms_term_sock.c @@ -143,7 +143,7 @@ int main (int argc, char *argv[], char *envp[]) ** Process the terminal input */ LogMessage ("Waiting on terminal I/O ...\n"); - len = recv (TermSock, TermBuff, sizeof (TermBuff), 0) ; + len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ; TermBuff[len] = '\0'; LogMessage ("Received terminal I/O [%s]", TermBuff); @@ -209,7 +209,7 @@ int TerminalSocket (int FunctionCode, int *ReturnSocket) TerminalDeviceAst, 0, TerminalDeviceBuff, - sizeof (TerminalDeviceBuff) - 2, + sizeof(TerminalDeviceBuff) - 2, 0, 0, 0, 0); if (! (status & 1)) { LogMessage ("TerminalSocket: SYS$QIO () - %08X", status); @@ -317,7 +317,7 @@ static int CreateSocketPair (int SocketFamily, /* ** Initialize the socket information */ - slen = sizeof (sin); + slen = sizeof(sin); memset ((char *) &sin, 0, slen); sin.sin_family = SocketFamily; sin.sin_addr.s_addr = inet_addr (LocalHostAddr); @@ -434,12 +434,12 @@ static int CreateSocketPair (int SocketFamily, /* ** Now issue the connect */ - memset ((char *) &sin, 0, sizeof (sin)) ; + memset ((char *) &sin, 0, sizeof(sin)) ; sin.sin_family = SocketFamily; sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ; sin.sin_port = LocalHostPort ; - status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof (sin)); + status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin)); if (status < 0 ) { LogMessage ("CreateSocketPair: connect () - %d", errno); sys$cantim (&sptb, 0); @@ -528,7 +528,7 @@ static int TerminalDeviceAst (int astparm) TerminalDeviceAst, 0, TerminalDeviceBuff, - sizeof (TerminalDeviceBuff) - 1, + sizeof(TerminalDeviceBuff) - 1, 0, 0, 0, 0); /* diff --git a/deps/openssl/openssl/apps/winrand.c b/deps/openssl/openssl/apps/winrand.c index 44f57a38ba8a32..fd5cf3b13b99e1 100644 --- a/deps/openssl/openssl/apps/winrand.c +++ b/deps/openssl/openssl/apps/winrand.c @@ -77,7 +77,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, char buffer[200]; if (cmdline[0] == '\0') - filename = RAND_file_name(buffer, sizeof buffer); + filename = RAND_file_name(buffer, sizeof(buffer)); else filename = cmdline; diff --git a/deps/openssl/openssl/apps/x509.c b/deps/openssl/openssl/apps/x509.c index ad9fc98edfb9c2..add74d556d68c2 100644 --- a/deps/openssl/openssl/apps/x509.c +++ b/deps/openssl/openssl/apps/x509.c @@ -817,10 +817,10 @@ int MAIN(int argc, char **argv) char *m; int y, z; - X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf)); BIO_printf(STDout, "/* subject:%s */\n", buf); m = X509_NAME_oneline(X509_get_issuer_name(x), buf, - sizeof buf); + sizeof(buf)); BIO_printf(STDout, "/* issuer :%s */\n", buf); z = i2d_X509(x, NULL); diff --git a/deps/openssl/openssl/crypto/asn1/a_gentm.c b/deps/openssl/openssl/crypto/asn1/a_gentm.c index 85118137859f91..cb4481597064e1 100644 --- a/deps/openssl/openssl/crypto/asn1/a_gentm.c +++ b/deps/openssl/openssl/crypto/asn1/a_gentm.c @@ -78,7 +78,7 @@ int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) ASN1_STRING tmpstr = *(ASN1_STRING *)a; len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); + ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len); tmpstr.data = tmp; a = (ASN1_GENERALIZEDTIME *)&tmpstr; diff --git a/deps/openssl/openssl/crypto/asn1/a_mbstr.c b/deps/openssl/openssl/crypto/asn1/a_mbstr.c index 6935efe09fb508..5b8028aaa3a519 100644 --- a/deps/openssl/openssl/crypto/asn1/a_mbstr.c +++ b/deps/openssl/openssl/crypto/asn1/a_mbstr.c @@ -149,14 +149,14 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, if ((minsize > 0) && (nchar < minsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); - BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); + BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize); ERR_add_error_data(2, "minsize=", strbuf); return -1; } if ((maxsize > 0) && (nchar > maxsize)) { ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); - BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); + BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize); ERR_add_error_data(2, "maxsize=", strbuf); return -1; } diff --git a/deps/openssl/openssl/crypto/asn1/a_object.c b/deps/openssl/openssl/crypto/asn1/a_object.c index 229a40ffa34447..ad6b12a5366727 100644 --- a/deps/openssl/openssl/crypto/asn1/a_object.c +++ b/deps/openssl/openssl/crypto/asn1/a_object.c @@ -89,7 +89,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) { int i, first, len = 0, c, use_bn; char ftmp[24], *tmp = ftmp; - int tmpsize = sizeof ftmp; + int tmpsize = sizeof(ftmp); const char *p; unsigned long l; BIGNUM *bl = NULL; @@ -226,7 +226,7 @@ int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) if ((a == NULL) || (a->data == NULL)) return (BIO_write(bp, "NULL", 4)); - i = i2t_ASN1_OBJECT(buf, sizeof buf, a); + i = i2t_ASN1_OBJECT(buf, sizeof(buf), a); if (i > (int)(sizeof(buf) - 1)) { p = OPENSSL_malloc(i + 1); if (!p) diff --git a/deps/openssl/openssl/crypto/asn1/a_strex.c b/deps/openssl/openssl/crypto/asn1/a_strex.c index 2d562f93452f1d..95f04162073583 100644 --- a/deps/openssl/openssl/crypto/asn1/a_strex.c +++ b/deps/openssl/openssl/crypto/asn1/a_strex.c @@ -130,13 +130,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, if (c > 0xffffffffL) return -1; if (c > 0xffff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); + BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c); if (!io_ch(arg, tmphex, 10)) return -1; return 10; } if (c > 0xff) { - BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); + BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c); if (!io_ch(arg, tmphex, 6)) return -1; return 6; @@ -236,7 +236,7 @@ static int do_buf(unsigned char *buf, int buflen, if (type & BUF_TYPE_CONVUTF8) { unsigned char utfbuf[6]; int utflen; - utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); + utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); for (i = 0; i < utflen; i++) { /* * We don't need to worry about setting orflags correctly @@ -533,7 +533,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, if (fn_opt != XN_FLAG_FN_NONE) { int objlen, fld_len; if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { - OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); + OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1); fld_len = 0; /* XXX: what should this be? */ objbuf = objtmp; } else { diff --git a/deps/openssl/openssl/crypto/asn1/a_time.c b/deps/openssl/openssl/crypto/asn1/a_time.c index 0eeb79cd428ce0..28831d6b843c6b 100644 --- a/deps/openssl/openssl/crypto/asn1/a_time.c +++ b/deps/openssl/openssl/crypto/asn1/a_time.c @@ -86,7 +86,7 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) tmpstr = *(ASN1_STRING *)a; len = tmpstr.length; ebcdic2ascii(tmp, tmpstr.data, - (len >= sizeof tmp) ? sizeof tmp : len); + (len >= sizeof(tmp)) ? sizeof(tmp) : len); tmpstr.data = tmp; a = (ASN1_GENERALIZEDTIME *)&tmpstr; } diff --git a/deps/openssl/openssl/crypto/asn1/a_utctm.c b/deps/openssl/openssl/crypto/asn1/a_utctm.c index 0344482cc247f2..9cbad7c5ee1a9e 100644 --- a/deps/openssl/openssl/crypto/asn1/a_utctm.c +++ b/deps/openssl/openssl/crypto/asn1/a_utctm.c @@ -76,7 +76,7 @@ int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) ASN1_STRING x = *(ASN1_STRING *)a; len = x.length; - ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); + ebcdic2ascii(tmp, x.data, (len >= sizeof(tmp)) ? sizeof(tmp) : len); x.data = tmp; return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); # endif @@ -317,7 +317,7 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) struct tm tm; int offset; - memset(&tm, '\0', sizeof tm); + memset(&tm, '\0', sizeof(tm)); # define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') tm.tm_year = g2(s->data); diff --git a/deps/openssl/openssl/crypto/asn1/asn1.h b/deps/openssl/openssl/crypto/asn1/asn1.h index 68e791fcdbe8e5..35a2b2aa023811 100644 --- a/deps/openssl/openssl/crypto/asn1/asn1.h +++ b/deps/openssl/openssl/crypto/asn1/asn1.h @@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 219 # define ASN1_R_NON_HEX_CHARACTERS 141 # define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ENOUGH_DATA 142 diff --git a/deps/openssl/openssl/crypto/asn1/asn1_err.c b/deps/openssl/openssl/crypto/asn1/asn1_err.c index fd4ac8d9db80e7..cfc1512f9d0747 100644 --- a/deps/openssl/openssl/crypto/asn1/asn1_err.c +++ b/deps/openssl/openssl/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, + {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"}, {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, diff --git a/deps/openssl/openssl/crypto/asn1/asn1_lib.c b/deps/openssl/openssl/crypto/asn1/asn1_lib.c index e63e82a8b47626..b52c3e1264c732 100644 --- a/deps/openssl/openssl/crypto/asn1/asn1_lib.c +++ b/deps/openssl/openssl/crypto/asn1/asn1_lib.c @@ -456,8 +456,8 @@ void asn1_add_error(const unsigned char *address, int offset) { char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1]; - BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address); - BIO_snprintf(buf2, sizeof buf2, "%d", offset); + BIO_snprintf(buf1, sizeof(buf1), "%lu", (unsigned long)address); + BIO_snprintf(buf2, sizeof(buf2), "%d", offset); ERR_add_error_data(4, "address=", buf1, " offset=", buf2); } diff --git a/deps/openssl/openssl/crypto/asn1/asn1_par.c b/deps/openssl/openssl/crypto/asn1/asn1_par.c index e85e3398b6bb82..0b1a689d6831be 100644 --- a/deps/openssl/openssl/crypto/asn1/asn1_par.c +++ b/deps/openssl/openssl/crypto/asn1/asn1_par.c @@ -87,13 +87,13 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, p = str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) - BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag); + BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag); else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) - BIO_snprintf(str, sizeof str, "cont [ %d ]", tag); + BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag); else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) - BIO_snprintf(str, sizeof str, "appl [ %d ]", tag); + BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag); else if (tag > 30) - BIO_snprintf(str, sizeof str, "", tag); + BIO_snprintf(str, sizeof(str), "", tag); else p = ASN1_tag2str(tag); diff --git a/deps/openssl/openssl/crypto/asn1/asn_mime.c b/deps/openssl/openssl/crypto/asn1/asn_mime.c index 5170906c62da50..02b7c9b7efc6ca 100644 --- a/deps/openssl/openssl/crypto/asn1/asn_mime.c +++ b/deps/openssl/openssl/crypto/asn1/asn_mime.c @@ -4,7 +4,7 @@ * project. */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -473,6 +473,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); + sk_BIO_pop_free(parts, BIO_vfree); return NULL; } diff --git a/deps/openssl/openssl/crypto/asn1/t_x509a.c b/deps/openssl/openssl/crypto/asn1/t_x509a.c index f4b8f94cb35a33..d1b897a469fd6f 100644 --- a/deps/openssl/openssl/crypto/asn1/t_x509a.c +++ b/deps/openssl/openssl/crypto/asn1/t_x509a.c @@ -81,7 +81,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, sizeof oidstr, + OBJ_obj2txt(oidstr, sizeof(oidstr), sk_ASN1_OBJECT_value(aux->trust, i), 0); BIO_puts(out, oidstr); } @@ -96,7 +96,7 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) BIO_puts(out, ", "); else first = 0; - OBJ_obj2txt(oidstr, sizeof oidstr, + OBJ_obj2txt(oidstr, sizeof(oidstr), sk_ASN1_OBJECT_value(aux->reject, i), 0); BIO_puts(out, oidstr); } diff --git a/deps/openssl/openssl/crypto/asn1/tasn_dec.c b/deps/openssl/openssl/crypto/asn1/tasn_dec.c index d49a5d5792a430..e657c36d8ab6d2 100644 --- a/deps/openssl/openssl/crypto/asn1/tasn_dec.c +++ b/deps/openssl/openssl/crypto/asn1/tasn_dec.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -65,6 +65,14 @@ #include #include +/* + * Constructed types with a recursive definition (such as can be found in PKCS7) + * could eventually exceed the stack given malicious input with excessive + * recursion. Therefore we limit the stack depth. This is the maximum number of + * recursive invocations of asn1_item_embed_d2i(). + */ +#define ASN1_MAX_CONSTRUCTED_NEST 30 + static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); @@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx); + ASN1_TLC *ctx, int depth); static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx); + ASN1_TLC *ctx, int depth); static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, @@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval, { ASN1_TLC c; asn1_tlc_clear_nc(&c); - return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); + return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0); } /* * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and * tag mismatch return -1 to handle OPTIONAL */ - -int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) +static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it, int tag, int aclass, + char opt, ASN1_TLC *ctx, int depth) { const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_COMPAT_FUNCS *cf; @@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, else asn1_cb = 0; + if (++depth > ASN1_MAX_CONSTRUCTED_NEST) { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP); + goto err; + } + switch (it->itype) { case ASN1_ITYPE_PRIMITIVE: if (it->templates) { @@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, goto err; } return asn1_template_ex_d2i(pval, in, len, - it->templates, opt, ctx); + it->templates, opt, ctx, depth); } return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); @@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, /* * We mark field as OPTIONAL so its absence can be recognised. */ - ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); + ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth); /* If field not present, try the next one */ if (ret == -1) continue; @@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, * attempt to read in field, allowing each to be OPTIONAL */ - ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); + ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx, + depth); if (!ret) { errtt = seqtt; goto err; @@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, return 0; } +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0); +} + /* * Templates are handled with two separate functions. One handles any * EXPLICIT tag and the other handles the rest. @@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, static int asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx) + ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; @@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, return 0; } /* We've found the field so it can't be OPTIONAL now */ - ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); + ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; @@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, } } } else - return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); + return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth); *in = p; return 1; @@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx) + ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; @@ -665,8 +685,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, break; } skfield = NULL; - if (!ASN1_item_ex_d2i(&skfield, &p, len, - ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { + if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), + -1, 0, 0, ctx, depth)) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -684,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } } else if (flags & ASN1_TFLG_IMPTAG) { /* IMPLICIT tagging */ - ret = ASN1_item_ex_d2i(val, &p, len, - ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, - ctx); + ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, + aclass, opt, ctx, depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; @@ -694,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, return -1; } else { /* Nothing special */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); + ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx, + depth); if (!ret) { ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; diff --git a/deps/openssl/openssl/crypto/asn1/tasn_prn.c b/deps/openssl/openssl/crypto/asn1/tasn_prn.c index f628caddbd05fd..e93fd11f4740d0 100644 --- a/deps/openssl/openssl/crypto/asn1/tasn_prn.c +++ b/deps/openssl/openssl/crypto/asn1/tasn_prn.c @@ -463,7 +463,7 @@ static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, ln = OBJ_nid2ln(OBJ_obj2nid(oid)); if (!ln) ln = ""; - OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1); + OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1); if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) return 0; return 1; diff --git a/deps/openssl/openssl/crypto/bf/bftest.c b/deps/openssl/openssl/crypto/bf/bftest.c index 0b008f091cbfc4..bd20a8e2112e91 100644 --- a/deps/openssl/openssl/crypto/bf/bftest.c +++ b/deps/openssl/openssl/crypto/bf/bftest.c @@ -462,9 +462,9 @@ static int test(void) len = strlen(cbc_data) + 1; BF_set_key(&key, 16, cbc_key); - memset(cbc_in, 0, sizeof cbc_in); - memset(cbc_out, 0, sizeof cbc_out); - memcpy(iv, cbc_iv, sizeof iv); + memset(cbc_in, 0, sizeof(cbc_in)); + memset(cbc_out, 0, sizeof(cbc_out)); + memcpy(iv, cbc_iv, sizeof(iv)); BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len, &key, iv, BF_ENCRYPT); if (memcmp(cbc_out, cbc_ok, 32) != 0) { diff --git a/deps/openssl/openssl/crypto/bio/b_dump.c b/deps/openssl/openssl/crypto/bio/b_dump.c index ccf0e287c4e828..fcfd6995953d84 100644 --- a/deps/openssl/openssl/crypto/bio/b_dump.c +++ b/deps/openssl/openssl/crypto/bio/b_dump.c @@ -64,7 +64,6 @@ #include "cryptlib.h" #include "bio_lcl.h" -#define TRUNCATE #define DUMP_WIDTH 16 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) @@ -79,17 +78,10 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), { int ret = 0; char buf[288 + 1], tmp[20], str[128 + 1]; - int i, j, rows, trc; + int i, j, rows; unsigned char ch; int dump_width; - trc = 0; - -#ifdef TRUNCATE - for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--) - trc++; -#endif - if (indent < 0) indent = 0; if (indent) { @@ -104,50 +96,43 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), if ((rows * dump_width) < len) rows++; for (i = 0; i < rows; i++) { - BUF_strlcpy(buf, str, sizeof buf); - BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); - BUF_strlcat(buf, tmp, sizeof buf); + BUF_strlcpy(buf, str, sizeof(buf)); + BIO_snprintf(tmp, sizeof(tmp), "%04x - ", i * dump_width); + BUF_strlcat(buf, tmp, sizeof(buf)); for (j = 0; j < dump_width; j++) { if (((i * dump_width) + j) >= len) { - BUF_strlcat(buf, " ", sizeof buf); + BUF_strlcat(buf, " ", sizeof(buf)); } else { ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; - BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch, + BIO_snprintf(tmp, sizeof(tmp), "%02x%c", ch, j == 7 ? '-' : ' '); - BUF_strlcat(buf, tmp, sizeof buf); + BUF_strlcat(buf, tmp, sizeof(buf)); } } - BUF_strlcat(buf, " ", sizeof buf); + BUF_strlcat(buf, " ", sizeof(buf)); for (j = 0; j < dump_width; j++) { if (((i * dump_width) + j) >= len) break; ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; #ifndef CHARSET_EBCDIC - BIO_snprintf(tmp, sizeof tmp, "%c", + BIO_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.'); #else - BIO_snprintf(tmp, sizeof tmp, "%c", + BIO_snprintf(tmp, sizeof(tmp), "%c", ((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) ? os_toebcdic[ch] : '.'); #endif - BUF_strlcat(buf, tmp, sizeof buf); + BUF_strlcat(buf, tmp, sizeof(buf)); } - BUF_strlcat(buf, "\n", sizeof buf); + BUF_strlcat(buf, "\n", sizeof(buf)); /* * if this is the last call then update the ddt_dump thing so that we * will move the selection point in the debug window */ ret += cb((void *)buf, strlen(buf), u); } -#ifdef TRUNCATE - if (trc > 0) { - BIO_snprintf(buf, sizeof buf, "%s%04x - \n", str, - len + trc); - ret += cb((void *)buf, strlen(buf), u); - } -#endif - return (ret); + return ret; } #ifndef OPENSSL_NO_FP_API diff --git a/deps/openssl/openssl/crypto/bio/b_print.c b/deps/openssl/openssl/crypto/bio/b_print.c index 1c82f53d5a074d..47654f85b0b09a 100644 --- a/deps/openssl/openssl/crypto/bio/b_print.c +++ b/deps/openssl/openssl/crypto/bio/b_print.c @@ -663,7 +663,7 @@ fmtfp(char **sbuffer, iconvert[iplace++] = "0123456789"[intpart % 10]; intpart = (intpart / 10); } while (intpart && (iplace < (int)sizeof(iconvert))); - if (iplace == sizeof iconvert) + if (iplace == sizeof(iconvert)) iplace--; iconvert[iplace] = 0; @@ -672,7 +672,7 @@ fmtfp(char **sbuffer, fconvert[fplace++] = "0123456789"[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); - if (fplace == sizeof fconvert) + if (fplace == sizeof(fconvert)) fplace--; fconvert[fplace] = 0; diff --git a/deps/openssl/openssl/crypto/bio/bio_cb.c b/deps/openssl/openssl/crypto/bio/bio_cb.c index f96294bb430475..2ff52636d2c3a9 100644 --- a/deps/openssl/openssl/crypto/bio/bio_cb.c +++ b/deps/openssl/openssl/crypto/bio/bio_cb.c @@ -76,7 +76,7 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, if (BIO_CB_RETURN & cmd) r = ret; - len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + len = BIO_snprintf(buf,sizeof(buf),"BIO[%p]: ",(void *)bio); /* Ignore errors and continue printing the other information. */ if (len < 0) diff --git a/deps/openssl/openssl/crypto/bio/bss_bio.c b/deps/openssl/openssl/crypto/bio/bss_bio.c index 3dd818772942c2..096ea4156cd4aa 100644 --- a/deps/openssl/openssl/crypto/bio/bss_bio.c +++ b/deps/openssl/openssl/crypto/bio/bss_bio.c @@ -144,7 +144,7 @@ static int bio_new(BIO *bio) { struct bio_bio_st *b; - b = OPENSSL_malloc(sizeof *b); + b = OPENSSL_malloc(sizeof(*b)); if (b == NULL) return 0; diff --git a/deps/openssl/openssl/crypto/bio/bss_conn.c b/deps/openssl/openssl/crypto/bio/bss_conn.c index 7d15ad29dcd70e..bbc6d5ab48bc5e 100644 --- a/deps/openssl/openssl/crypto/bio/bss_conn.c +++ b/deps/openssl/openssl/crypto/bio/bss_conn.c @@ -481,7 +481,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) char buf[16]; unsigned char *p = ptr; - BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d", + BIO_snprintf(buf, sizeof(buf), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); if (data->param_hostname != NULL) OPENSSL_free(data->param_hostname); @@ -490,7 +490,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) } else if (num == 3) { char buf[DECIMAL_SIZE(int) + 1]; - BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr); + BIO_snprintf(buf, sizeof(buf), "%d", *(int *)ptr); if (data->param_port != NULL) OPENSSL_free(data->param_port); data->param_port = BUF_strdup(buf); diff --git a/deps/openssl/openssl/crypto/bio/bss_file.c b/deps/openssl/openssl/crypto/bio/bss_file.c index 0cf67e5b770b0c..bbf906fabba0a4 100644 --- a/deps/openssl/openssl/crypto/bio/bss_file.c +++ b/deps/openssl/openssl/crypto/bio/bss_file.c @@ -375,15 +375,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) b->shutdown = (int)num & BIO_CLOSE; if (num & BIO_FP_APPEND) { if (num & BIO_FP_READ) - BUF_strlcpy(p, "a+", sizeof p); + BUF_strlcpy(p, "a+", sizeof(p)); else - BUF_strlcpy(p, "a", sizeof p); + BUF_strlcpy(p, "a", sizeof(p)); } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) - BUF_strlcpy(p, "r+", sizeof p); + BUF_strlcpy(p, "r+", sizeof(p)); else if (num & BIO_FP_WRITE) - BUF_strlcpy(p, "w", sizeof p); + BUF_strlcpy(p, "w", sizeof(p)); else if (num & BIO_FP_READ) - BUF_strlcpy(p, "r", sizeof p); + BUF_strlcpy(p, "r", sizeof(p)); else { BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE); ret = 0; diff --git a/deps/openssl/openssl/crypto/bn/bn_exp.c b/deps/openssl/openssl/crypto/bn/bn_exp.c index c4b63e44ba369a..40115fc72052f0 100644 --- a/deps/openssl/openssl/crypto/bn/bn_exp.c +++ b/deps/openssl/openssl/crypto/bn/bn_exp.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -727,7 +727,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, top = m->top; - bits = BN_num_bits(p); + /* + * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak + * whether the top bits are zero. + */ + bits = p->top * BN_BITS2; if (bits == 0) { /* x**0 mod 1 is still zero. */ if (BN_is_one(m)) { diff --git a/deps/openssl/openssl/crypto/bn/bn_lib.c b/deps/openssl/openssl/crypto/bn/bn_lib.c index f9c65f9f948a91..27b9bdbc3c287f 100644 --- a/deps/openssl/openssl/crypto/bn/bn_lib.c +++ b/deps/openssl/openssl/crypto/bn/bn_lib.c @@ -144,74 +144,47 @@ const BIGNUM *BN_value_one(void) int BN_num_bits_word(BN_ULONG l) { - static const unsigned char bits[256] = { - 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, - 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, - }; - -#if defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffffffff00000000L) { - if (l & 0xffff000000000000L) { - if (l & 0xff00000000000000L) { - return (bits[(int)(l >> 56)] + 56); - } else - return (bits[(int)(l >> 48)] + 48); - } else { - if (l & 0x0000ff0000000000L) { - return (bits[(int)(l >> 40)] + 40); - } else - return (bits[(int)(l >> 32)] + 32); - } - } else -#else -# ifdef SIXTY_FOUR_BIT - if (l & 0xffffffff00000000LL) { - if (l & 0xffff000000000000LL) { - if (l & 0xff00000000000000LL) { - return (bits[(int)(l >> 56)] + 56); - } else - return (bits[(int)(l >> 48)] + 48); - } else { - if (l & 0x0000ff0000000000LL) { - return (bits[(int)(l >> 40)] + 40); - } else - return (bits[(int)(l >> 32)] + 32); - } - } else -# endif -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffff0000L) { - if (l & 0xff000000L) - return (bits[(int)(l >> 24L)] + 24); - else - return (bits[(int)(l >> 16L)] + 16); - } else -#endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xff00L) - return (bits[(int)(l >> 8)] + 8); - else + BN_ULONG x, mask; + int bits = (l != 0); + +#if BN_BITS2 > 32 + x = l >> 32; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 32 & mask; + l ^= (x ^ l) & mask; #endif - return (bits[(int)(l)]); - } - } + + x = l >> 16; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 16 & mask; + l ^= (x ^ l) & mask; + + x = l >> 8; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 8 & mask; + l ^= (x ^ l) & mask; + + x = l >> 4; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 4 & mask; + l ^= (x ^ l) & mask; + + x = l >> 2; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 2 & mask; + l ^= (x ^ l) & mask; + + x = l >> 1; + mask = (0 - x) & BN_MASK2; + mask = (0 - (mask >> (BN_BITS2 - 1))); + bits += 1 & mask; + + return bits; } int BN_num_bits(const BIGNUM *a) @@ -524,9 +497,6 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); #endif - if (BN_get_flags(b, BN_FLG_CONSTTIME) != 0) - BN_set_flags(a, BN_FLG_CONSTTIME); - a->top = b->top; a->neg = b->neg; bn_check_top(a); diff --git a/deps/openssl/openssl/crypto/bn/bn_mont.c b/deps/openssl/openssl/crypto/bn/bn_mont.c index 3af9db870bcbe6..c1703650ef1e7a 100644 --- a/deps/openssl/openssl/crypto/bn/bn_mont.c +++ b/deps/openssl/openssl/crypto/bn/bn_mont.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -207,26 +207,13 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) r->top = max; n0 = mont->n0[0]; -# ifdef BN_COUNT - fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl); -# endif + /* + * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On + * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r| + * includes |carry| which is stored separately. + */ for (carry = 0, i = 0; i < nl; i++, rp++) { -# ifdef __TANDEM - { - long long t1; - long long t2; - long long t3; - t1 = rp[0] * (n0 & 0177777); - t2 = 037777600000l; - t2 = n0 & t2; - t3 = rp[0] & 0177777; - t2 = (t3 * t2) & BN_MASK2; - t1 = t1 + t2; - v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1); - } -# else v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); -# endif v = (v + carry + rp[nl]) & BN_MASK2; carry |= (v != rp[nl]); carry &= (v <= rp[nl]); @@ -239,46 +226,24 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) ret->neg = r->neg; rp = ret->d; - ap = &(r->d[nl]); -# define BRANCH_FREE 1 -# if BRANCH_FREE - { - BN_ULONG *nrp; - size_t m; + /* + * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap| + * includes |carry| which is stored separately. + */ + ap = &(r->d[nl]); - v = bn_sub_words(rp, ap, np, nl) - carry; - /* - * if subtraction result is real, then trick unconditional memcpy - * below to perform in-place "refresh" instead of actual copy. - */ - m = (0 - (size_t)v); - nrp = - (BN_ULONG *)(((PTR_SIZE_INT) rp & ~m) | ((PTR_SIZE_INT) ap & m)); - - for (i = 0, nl -= 4; i < nl; i += 4) { - BN_ULONG t1, t2, t3, t4; - - t1 = nrp[i + 0]; - t2 = nrp[i + 1]; - t3 = nrp[i + 2]; - ap[i + 0] = 0; - t4 = nrp[i + 3]; - ap[i + 1] = 0; - rp[i + 0] = t1; - ap[i + 2] = 0; - rp[i + 1] = t2; - ap[i + 3] = 0; - rp[i + 2] = t3; - rp[i + 3] = t4; - } - for (nl += 4; i < nl; i++) - rp[i] = nrp[i], ap[i] = 0; + /* + * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v| + * cannot be -1. That would imply the subtraction did not fit in |nl| words, + * and we know at most one subtraction is needed. + */ + v = bn_sub_words(rp, ap, np, nl) - carry; + v = 0 - v; + for (i = 0; i < nl; i++) { + rp[i] = (v & ap[i]) | (~v & rp[i]); + ap[i] = 0; } -# else - if (bn_sub_words(rp, ap, np, nl) - carry) - memcpy(rp, ap, nl * sizeof(BN_ULONG)); -# endif bn_correct_top(r); bn_correct_top(ret); bn_check_top(ret); @@ -382,6 +347,8 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) R = &(mont->RR); /* grab RR as a temp */ if (!BN_copy(&(mont->N), mod)) goto err; /* Set N */ + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(&(mont->N), BN_FLG_CONSTTIME); mont->N.neg = 0; #ifdef MONT_WORD diff --git a/deps/openssl/openssl/crypto/bn/bn_print.c b/deps/openssl/openssl/crypto/bn/bn_print.c index f85a6550a54ee5..c0b029dad6cd5d 100644 --- a/deps/openssl/openssl/crypto/bn/bn_print.c +++ b/deps/openssl/openssl/crypto/bn/bn_print.c @@ -391,10 +391,10 @@ char *BN_options(void) if (!init) { init++; #ifdef BN_LLONG - BIO_snprintf(data, sizeof data, "bn(%d,%d)", + BIO_snprintf(data, sizeof(data), "bn(%d,%d)", (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); #else - BIO_snprintf(data, sizeof data, "bn(%d,%d)", + BIO_snprintf(data, sizeof(data), "bn(%d,%d)", (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); #endif } diff --git a/deps/openssl/openssl/crypto/bn/bntest.c b/deps/openssl/openssl/crypto/bn/bntest.c index a327b1a647b2e9..abe5dbe0b01ae4 100644 --- a/deps/openssl/openssl/crypto/bn/bntest.c +++ b/deps/openssl/openssl/crypto/bn/bntest.c @@ -148,7 +148,7 @@ int main(int argc, char *argv[]) results = 0; - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ argc--; argv++; diff --git a/deps/openssl/openssl/crypto/bn/expspeed.c b/deps/openssl/openssl/crypto/bn/expspeed.c index 513a568a481fa6..8ea980cdd201f2 100644 --- a/deps/openssl/openssl/crypto/bn/expspeed.c +++ b/deps/openssl/openssl/crypto/bn/expspeed.c @@ -198,7 +198,7 @@ static int mul_c[NUM_SIZES] = * static int sizes[NUM_SIZES]={59,179,299,419,539}; */ -#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); } +#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof(str)); } void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx); diff --git a/deps/openssl/openssl/crypto/bn/exptest.c b/deps/openssl/openssl/crypto/bn/exptest.c index ac611c2e261449..779ee902036c1d 100644 --- a/deps/openssl/openssl/crypto/bn/exptest.c +++ b/deps/openssl/openssl/crypto/bn/exptest.c @@ -183,9 +183,11 @@ int main(int argc, char *argv[]) unsigned char c; BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m; - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we - * don't even check its return - * value (which we should) */ + /* + * Seed or BN_rand may fail, and we don't even check its return + * value (which we should) + */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); ERR_load_BN_strings(); diff --git a/deps/openssl/openssl/crypto/conf/conf_def.c b/deps/openssl/openssl/crypto/conf/conf_def.c index 75e309aaca8184..6237f6a1b6a9bc 100644 --- a/deps/openssl/openssl/crypto/conf/conf_def.c +++ b/deps/openssl/openssl/crypto/conf/conf_def.c @@ -423,7 +423,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) OPENSSL_free(section); if (line != NULL) *line = eline; - BIO_snprintf(btmp, sizeof btmp, "%ld", eline); + BIO_snprintf(btmp, sizeof(btmp), "%ld", eline); ERR_add_error_data(2, "line ", btmp); if ((h != conf->data) && (conf->data != NULL)) { CONF_free(conf->data); diff --git a/deps/openssl/openssl/crypto/conf/conf_mod.c b/deps/openssl/openssl/crypto/conf/conf_mod.c index e0c9a67ff68fb2..e2a9a81678ed97 100644 --- a/deps/openssl/openssl/crypto/conf/conf_mod.c +++ b/deps/openssl/openssl/crypto/conf/conf_mod.c @@ -221,7 +221,7 @@ static int module_run(const CONF *cnf, char *name, char *value, if (!(flags & CONF_MFLAGS_SILENT)) { char rcode[DECIMAL_SIZE(ret) + 1]; CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); - BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); + BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret); ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); } diff --git a/deps/openssl/openssl/crypto/des/destest.c b/deps/openssl/openssl/crypto/des/destest.c index c6be34203853bb..f2041c1e1118e3 100644 --- a/deps/openssl/openssl/crypto/des/destest.c +++ b/deps/openssl/openssl/crypto/des/destest.c @@ -398,7 +398,7 @@ int main(int argc, char *argv[]) i = strlen((char *)cbc_data) + 1; /* i=((i+7)/8)*8; */ memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - memset(iv2, '\0', sizeof iv2); + memset(iv2, '\0', sizeof(iv2)); DES_ede3_cbcm_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, &iv2, DES_ENCRYPT); @@ -412,7 +412,7 @@ int main(int argc, char *argv[]) } */ memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - memset(iv2, '\0', sizeof iv2); + memset(iv2, '\0', sizeof(iv2)); DES_ede3_cbcm_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, &iv2, DES_DECRYPT); if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { diff --git a/deps/openssl/openssl/crypto/des/ecb_enc.c b/deps/openssl/openssl/crypto/des/ecb_enc.c index f97fd971dc2089..60470d6db748cf 100644 --- a/deps/openssl/openssl/crypto/des/ecb_enc.c +++ b/deps/openssl/openssl/crypto/des/ecb_enc.c @@ -96,7 +96,7 @@ const char *DES_options(void) size = "int"; else size = "long"; - BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll, + BIO_snprintf(buf, sizeof(buf), "des(%s,%s,%s,%s)", ptr, risc, unroll, size); init = 0; } diff --git a/deps/openssl/openssl/crypto/des/fcrypt.c b/deps/openssl/openssl/crypto/des/fcrypt.c index 111f1e4617ff5d..09f5792b1eb6f0 100644 --- a/deps/openssl/openssl/crypto/des/fcrypt.c +++ b/deps/openssl/openssl/crypto/des/fcrypt.c @@ -80,10 +80,10 @@ char *DES_crypt(const char *buf, const char *salt) e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0'; /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ - ebcdic2ascii(e_salt, e_salt, sizeof e_salt); + ebcdic2ascii(e_salt, e_salt, sizeof(e_salt)); /* Convert the cleartext password to ASCII */ - ebcdic2ascii(e_buf, e_buf, sizeof e_buf); + ebcdic2ascii(e_buf, e_buf, sizeof(e_buf)); /* Encrypt it (from/to ASCII) */ ret = DES_fcrypt(e_buf, e_salt, buff); diff --git a/deps/openssl/openssl/crypto/des/read_pwd.c b/deps/openssl/openssl/crypto/des/read_pwd.c index 514a7063b4bf3d..080d3e8dfc4c5c 100644 --- a/deps/openssl/openssl/crypto/des/read_pwd.c +++ b/deps/openssl/openssl/crypto/des/read_pwd.c @@ -434,7 +434,7 @@ static void pushsig(void) # ifdef SIGACTION struct sigaction sa; - memset(&sa, 0, sizeof sa); + memset(&sa, 0, sizeof(sa)); sa.sa_handler = recsig; # endif diff --git a/deps/openssl/openssl/crypto/des/set_key.c b/deps/openssl/openssl/crypto/des/set_key.c index d9c5e7fcb3bbfb..0a9ddb4baa7f7a 100644 --- a/deps/openssl/openssl/crypto/des/set_key.c +++ b/deps/openssl/openssl/crypto/des/set_key.c @@ -377,7 +377,7 @@ void private_DES_set_key_unchecked(const_DES_cblock *key, register int i; #ifdef OPENBSD_DEV_CRYPTO - memcpy(schedule->key, key, sizeof schedule->key); + memcpy(schedule->key, key, sizeof(schedule->key)); schedule->session = NULL; #endif k = &schedule->ks->deslong[0]; diff --git a/deps/openssl/openssl/crypto/dh/dhtest.c b/deps/openssl/openssl/crypto/dh/dhtest.c index c5d3d87ea549e0..cb83109c40513b 100644 --- a/deps/openssl/openssl/crypto/dh/dhtest.c +++ b/deps/openssl/openssl/crypto/dh/dhtest.c @@ -116,7 +116,7 @@ int main(int argc, char *argv[]) CRYPTO_malloc_init(); # endif - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); out = BIO_new(BIO_s_file()); if (out == NULL) diff --git a/deps/openssl/openssl/crypto/dsa/dsatest.c b/deps/openssl/openssl/crypto/dsa/dsatest.c index 8a224a8876c3fb..bee95431dffa60 100644 --- a/deps/openssl/openssl/crypto/dsa/dsatest.c +++ b/deps/openssl/openssl/crypto/dsa/dsatest.c @@ -157,7 +157,7 @@ int main(int argc, char **argv) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); BIO_printf(bio_err, "test generation of DSA parameters\n"); diff --git a/deps/openssl/openssl/crypto/ec/ec_lib.c b/deps/openssl/openssl/crypto/ec/ec_lib.c index 3ffa112cc3063e..3241aa51d9f47a 100644 --- a/deps/openssl/openssl/crypto/ec/ec_lib.c +++ b/deps/openssl/openssl/crypto/ec/ec_lib.c @@ -85,7 +85,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) return NULL; } - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -164,7 +164,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) OPENSSL_free(group->seed); } - OPENSSL_cleanse(group, sizeof *group); + OPENSSL_cleanse(group, sizeof(*group)); OPENSSL_free(group); } @@ -575,7 +575,7 @@ int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, /* no explicit entry needed */ return 1; - d = OPENSSL_malloc(sizeof *d); + d = OPENSSL_malloc(sizeof(*d)); if (d == NULL) return 0; @@ -712,7 +712,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) return NULL; } - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -747,7 +747,7 @@ void EC_POINT_clear_free(EC_POINT *point) point->meth->point_clear_finish(point); else if (point->meth->point_finish != 0) point->meth->point_finish(point); - OPENSSL_cleanse(point, sizeof *point); + OPENSSL_cleanse(point, sizeof(*point)); OPENSSL_free(point); } diff --git a/deps/openssl/openssl/crypto/ec/ec_mult.c b/deps/openssl/openssl/crypto/ec/ec_mult.c index 24ca67a6ef1e71..2231f9957ef67f 100644 --- a/deps/openssl/openssl/crypto/ec/ec_mult.c +++ b/deps/openssl/openssl/crypto/ec/ec_mult.c @@ -169,11 +169,11 @@ static void ec_pre_comp_clear_free(void *pre_) for (p = pre->points; *p != NULL; p++) { EC_POINT_clear_free(*p); - OPENSSL_cleanse(p, sizeof *p); + OPENSSL_cleanse(p, sizeof(*p)); } OPENSSL_free(pre->points); } - OPENSSL_cleanse(pre, sizeof *pre); + OPENSSL_cleanse(pre, sizeof(*pre)); OPENSSL_free(pre); } @@ -430,11 +430,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, totalnum = num + numblocks; - wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); - wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); - wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space - * for pivot */ - val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); + wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0])); + wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0])); + /* include space for pivot */ + wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0])); + val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0])); /* Ensure wNAF is initialised in case we end up going to err */ if (wNAF) @@ -580,7 +580,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a * subarray of 'pre_comp->points' if we already have precomputation. */ - val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); + val = OPENSSL_malloc((num_val + 1) * sizeof(val[0])); if (val == NULL) { ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); goto err; diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp224.c b/deps/openssl/openssl/crypto/ec/ecp_nistp224.c index fcd754e448816d..121f587b58b644 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nistp224.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nistp224.c @@ -48,7 +48,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit typedef uint8_t u8; typedef uint64_t u64; -typedef int64_t s64; /******************************************************************************/ /*- @@ -351,9 +350,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) unsigned num_bytes; /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof b_out); + memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof b_out) { + if (num_bytes > sizeof(b_out)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -372,8 +371,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { felem_bytearray b_in, b_out; felem_to_bin28(b_in, in); - flip_endian(b_out, b_in, sizeof b_out); - return BN_bin2bn(b_out, sizeof b_out, out); + flip_endian(b_out, b_in, sizeof(b_out)); + return BN_bin2bn(b_out, sizeof(b_out), out); } /******************************************************************************/ @@ -1234,7 +1233,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, static NISTP224_PRE_COMP *nistp224_pre_comp_new() { NISTP224_PRE_COMP *ret = NULL; - ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof *ret); + ret = (NISTP224_PRE_COMP *) OPENSSL_malloc(sizeof(*ret)); if (!ret) { ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; @@ -1281,7 +1280,7 @@ static void nistp224_pre_comp_clear_free(void *pre_) if (i > 0) return; - OPENSSL_cleanse(pre, sizeof *pre); + OPENSSL_cleanse(pre, sizeof(*pre)); OPENSSL_free(pre); } @@ -1568,7 +1567,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, /* the scalar for the generator */ if ((scalar != NULL) && (have_pre_comp)) { - memset(g_secret, 0, sizeof g_secret); + memset(g_secret, 0, sizeof(g_secret)); /* reduce scalar to 0 <= scalar < 2^224 */ if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) { /* diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp256.c b/deps/openssl/openssl/crypto/ec/ecp_nistp256.c index 1272966fff84ca..378f0bae0857d8 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nistp256.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nistp256.c @@ -51,7 +51,6 @@ typedef __int128_t int128_t; typedef uint8_t u8; typedef uint32_t u32; typedef uint64_t u64; -typedef int64_t s64; /* * The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We @@ -161,9 +160,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) unsigned num_bytes; /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof b_out); + memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof b_out) { + if (num_bytes > sizeof(b_out)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -182,8 +181,8 @@ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) { felem_bytearray b_in, b_out; smallfelem_to_bin32(b_in, in); - flip_endian(b_out, b_in, sizeof b_out); - return BN_bin2bn(b_out, sizeof b_out, out); + flip_endian(b_out, b_in, sizeof(b_out)); + return BN_bin2bn(b_out, sizeof(b_out), out); } /*- @@ -392,7 +391,7 @@ static void felem_shrink(smallfelem out, const felem in) { felem tmp; u64 a, b, mask; - s64 high, low; + u64 high, low; static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */ /* Carry 2->3 */ @@ -433,29 +432,31 @@ static void felem_shrink(smallfelem out, const felem in) * In order to make space in tmp[3] for the carry from 2 -> 3, we * conditionally subtract kPrime if tmp[3] is large enough. */ - high = tmp[3] >> 64; + high = (u64)(tmp[3] >> 64); /* As tmp[3] < 2^65, high is either 1 or 0 */ - high <<= 63; - high >>= 63; + high = 0 - high; /*- * high is: * all ones if the high word of tmp[3] is 1 - * all zeros if the high word of tmp[3] if 0 */ - low = tmp[3]; - mask = low >> 63; + * all zeros if the high word of tmp[3] if 0 + */ + low = (u64)tmp[3]; + mask = 0 - (low >> 63); /*- * mask is: * all ones if the MSB of low is 1 - * all zeros if the MSB of low if 0 */ + * all zeros if the MSB of low if 0 + */ low &= bottom63bits; low -= kPrime3Test; /* if low was greater than kPrime3Test then the MSB is zero */ low = ~low; - low >>= 63; + low = 0 - (low >> 63); /*- * low is: * all ones if low was > kPrime3Test - * all zeros if low was <= kPrime3Test */ + * all zeros if low was <= kPrime3Test + */ mask = (mask & low) | high; tmp[0] -= mask & kPrime[0]; tmp[1] -= mask & kPrime[1]; @@ -889,7 +890,7 @@ static void felem_contract(smallfelem out, const felem in) equal &= equal << 4; equal &= equal << 2; equal &= equal << 1; - equal = ((s64) equal) >> 63; + equal = 0 - (equal >> 63); all_equal_so_far &= equal; } @@ -956,7 +957,7 @@ static limb smallfelem_is_zero(const smallfelem small) is_zero &= is_zero << 4; is_zero &= is_zero << 2; is_zero &= is_zero << 1; - is_zero = ((s64) is_zero) >> 63; + is_zero = 0 - (is_zero >> 63); is_p = (small[0] ^ kPrime[0]) | (small[1] ^ kPrime[1]) | @@ -968,7 +969,7 @@ static limb smallfelem_is_zero(const smallfelem small) is_p &= is_p << 4; is_p &= is_p << 2; is_p &= is_p << 1; - is_p = ((s64) is_p) >> 63; + is_p = 0 - (is_p >> 63); is_zero |= is_p; @@ -1820,7 +1821,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void) static NISTP256_PRE_COMP *nistp256_pre_comp_new() { NISTP256_PRE_COMP *ret = NULL; - ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof *ret); + ret = (NISTP256_PRE_COMP *) OPENSSL_malloc(sizeof(*ret)); if (!ret) { ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; @@ -1867,7 +1868,7 @@ static void nistp256_pre_comp_clear_free(void *pre_) if (i > 0) return; - OPENSSL_cleanse(pre, sizeof *pre); + OPENSSL_cleanse(pre, sizeof(*pre)); OPENSSL_free(pre); } diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistp521.c b/deps/openssl/openssl/crypto/ec/ecp_nistp521.c index a1dc9946fd17c8..90989c5a0769da 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nistp521.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nistp521.c @@ -49,7 +49,6 @@ typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit typedef uint8_t u8; typedef uint64_t u64; -typedef int64_t s64; /* * The underlying field. P521 operates over GF(2^521-1). We can serialise an @@ -185,9 +184,9 @@ static int BN_to_felem(felem out, const BIGNUM *bn) unsigned num_bytes; /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof b_out); + memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); - if (num_bytes > sizeof b_out) { + if (num_bytes > sizeof(b_out)) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); return 0; } @@ -206,8 +205,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) { felem_bytearray b_in, b_out; felem_to_bin66(b_in, in); - flip_endian(b_out, b_in, sizeof b_out); - return BN_bin2bn(b_out, sizeof b_out, out); + flip_endian(b_out, b_in, sizeof(b_out)); + return BN_bin2bn(b_out, sizeof(b_out), out); } /*- @@ -852,7 +851,7 @@ static limb felem_is_zero(const felem in) * We know that ftmp[i] < 2^63, therefore the only way that the top bit * can be set is if is_zero was 0 before the decrement. */ - is_zero = ((s64) is_zero) >> 63; + is_zero = 0 - (is_zero >> 63); is_p = ftmp[0] ^ kPrime[0]; is_p |= ftmp[1] ^ kPrime[1]; @@ -865,7 +864,7 @@ static limb felem_is_zero(const felem in) is_p |= ftmp[8] ^ kPrime[8]; is_p--; - is_p = ((s64) is_p) >> 63; + is_p = 0 - (is_p >> 63); is_zero |= is_p; return is_zero; @@ -936,7 +935,7 @@ static void felem_contract(felem out, const felem in) is_p &= is_p << 4; is_p &= is_p << 2; is_p &= is_p << 1; - is_p = ((s64) is_p) >> 63; + is_p = 0 - (is_p >> 63); is_p = ~is_p; /* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */ @@ -962,7 +961,7 @@ static void felem_contract(felem out, const felem in) is_greater |= is_greater << 4; is_greater |= is_greater << 2; is_greater |= is_greater << 1; - is_greater = ((s64) is_greater) >> 63; + is_greater = 0 - (is_greater >> 63); out[0] -= kPrime[0] & is_greater; out[1] -= kPrime[1] & is_greater; diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c index 99b8d613c8337e..9a53a39a25b915 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c @@ -1504,7 +1504,7 @@ static void ecp_nistz256_pre_comp_clear_free(void *pre_) 32 * sizeof(unsigned char) * (1 << pre->w) * 2 * 37); OPENSSL_free(pre->precomp_storage); } - OPENSSL_cleanse(pre, sizeof *pre); + OPENSSL_cleanse(pre, sizeof(*pre)); OPENSSL_free(pre); } diff --git a/deps/openssl/openssl/crypto/ec/ecp_smpl.c b/deps/openssl/openssl/crypto/ec/ecp_smpl.c index 2b848216d78c19..e94a7d49368d7e 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_smpl.c +++ b/deps/openssl/openssl/crypto/ec/ecp_smpl.c @@ -1270,7 +1270,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, if (tmp == NULL || tmp_Z == NULL) goto err; - prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); + prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0])); if (prod_Z == NULL) goto err; for (i = 0; i < num; i++) { diff --git a/deps/openssl/openssl/crypto/ec/ectest.c b/deps/openssl/openssl/crypto/ec/ectest.c index 40a1f003259faf..5e1ef50933839b 100644 --- a/deps/openssl/openssl/crypto/ec/ectest.c +++ b/deps/openssl/openssl/crypto/ec/ectest.c @@ -469,7 +469,7 @@ static void prime_field_tests(void) len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -482,7 +482,7 @@ static void prime_field_tests(void) len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -494,7 +494,7 @@ static void prime_field_tests(void) fprintf(stdout, "%02X", buf[i]); len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, + EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), ctx); if (len == 0) ABORT; @@ -1206,7 +1206,7 @@ static void char2_field_tests(void) # ifdef OPENSSL_EC_BIN_PT_COMP len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -1220,7 +1220,7 @@ static void char2_field_tests(void) len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, - sizeof buf, ctx); + sizeof(buf), ctx); if (len == 0) ABORT; if (!EC_POINT_oct2point(group, P, buf, len, ctx)) @@ -1234,7 +1234,7 @@ static void char2_field_tests(void) /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP len = - EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, + EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf), ctx); if (len == 0) ABORT; @@ -1844,7 +1844,7 @@ int main(int argc, char *argv[]) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or BN_generate_prime may fail */ prime_field_tests(); puts(""); diff --git a/deps/openssl/openssl/crypto/ecdh/ecdhtest.c b/deps/openssl/openssl/crypto/ecdh/ecdhtest.c index 2fe2c66443d0af..3febf10188bad2 100644 --- a/deps/openssl/openssl/crypto/ecdh/ecdhtest.c +++ b/deps/openssl/openssl/crypto/ecdh/ecdhtest.c @@ -490,7 +490,7 @@ int main(int argc, char *argv[]) CRYPTO_malloc_init(); # endif - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); out = BIO_new(BIO_s_file()); if (out == NULL) diff --git a/deps/openssl/openssl/crypto/engine/eng_cryptodev.c b/deps/openssl/openssl/crypto/engine/eng_cryptodev.c index af59471c4771cf..d8cac4bdfd3182 100644 --- a/deps/openssl/openssl/crypto/engine/eng_cryptodev.c +++ b/deps/openssl/openssl/crypto/engine/eng_cryptodev.c @@ -1057,7 +1057,7 @@ static int crparam2bn(struct crparam *crp, BIGNUM *a) return (-1); for (i = 0; i < bytes; i++) - pd[i] = crp->crp_p[bytes - i - 1]; + pd[i] = ((char *)crp->crp_p)[bytes - i - 1]; BN_bin2bn(pd, bytes, a); free(pd); @@ -1133,7 +1133,7 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return (ret); } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_MOD_EXP; /* inputs: a^p % m */ @@ -1184,7 +1184,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) return (0); } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_MOD_EXP_CRT; /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ if (bn2crparam(rsa->p, &kop.crk_param[0])) @@ -1287,7 +1287,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, goto err; } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DSA_SIGN; /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ @@ -1330,7 +1330,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, struct crypt_kop kop; int dsaret = 1; - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DSA_VERIFY; /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ @@ -1403,7 +1403,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) keylen = BN_num_bits(dh->p); - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DH_COMPUTE_KEY; /* inputs: dh->priv_key pub_key dh->p key */ diff --git a/deps/openssl/openssl/crypto/engine/eng_table.c b/deps/openssl/openssl/crypto/engine/eng_table.c index 27d31f70c85544..709393fae57d7f 100644 --- a/deps/openssl/openssl/crypto/engine/eng_table.c +++ b/deps/openssl/openssl/crypto/engine/eng_table.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -159,6 +159,11 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, } fnd->funct = NULL; (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd); + if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) { + sk_ENGINE_free(fnd->sk); + OPENSSL_free(fnd); + goto end; + } } /* A registration shouldn't add duplciate entries */ (void)sk_ENGINE_delete_ptr(fnd->sk, e); diff --git a/deps/openssl/openssl/crypto/err/err.c b/deps/openssl/openssl/crypto/err/err.c index cfe0e8083f39ba..e9ef2156e11f37 100644 --- a/deps/openssl/openssl/crypto/err/err.c +++ b/deps/openssl/openssl/crypto/err/err.c @@ -602,8 +602,8 @@ static void build_SYS_str_reasons(void) char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); char *src = strerror(i); if (src != NULL) { - strncpy(*dest, src, sizeof *dest); - (*dest)[sizeof *dest - 1] = '\0'; + strncpy(*dest, src, sizeof(*dest)); + (*dest)[sizeof(*dest) - 1] = '\0'; str->string = *dest; } } diff --git a/deps/openssl/openssl/crypto/err/err_prn.c b/deps/openssl/openssl/crypto/err/err_prn.c index 6e352effe31d61..25c808eab73b06 100644 --- a/deps/openssl/openssl/crypto/err/err_prn.c +++ b/deps/openssl/openssl/crypto/err/err_prn.c @@ -77,7 +77,7 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), CRYPTO_THREADID_current(&cur); es = CRYPTO_THREADID_hash(&cur); while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, file, line, (flags & ERR_TXT_STRING) ? data : ""); if (cb(buf2, strlen(buf2), u) <= 0) diff --git a/deps/openssl/openssl/crypto/evp/bio_b64.c b/deps/openssl/openssl/crypto/evp/bio_b64.c index 538b5202643a7e..5ad5a950352b5c 100644 --- a/deps/openssl/openssl/crypto/evp/bio_b64.c +++ b/deps/openssl/openssl/crypto/evp/bio_b64.c @@ -330,6 +330,14 @@ static int b64_read(BIO *b, char *out, int outl) (unsigned char *)ctx->tmp, i); ctx->tmp_len = 0; } + /* + * If eof or an error was signalled, then the condition + * 'ctx->cont <= 0' will prevent b64_read() from reading + * more data on subsequent calls. This assignment was + * deleted accidentally in commit 5562cfaca4f3. + */ + ctx->cont = i; + ctx->buf_off = 0; if (i < 0) { ret_code = 0; diff --git a/deps/openssl/openssl/crypto/evp/digest.c b/deps/openssl/openssl/crypto/evp/digest.c index 4db179629d0404..d4274c5729b728 100644 --- a/deps/openssl/openssl/crypto/evp/digest.c +++ b/deps/openssl/openssl/crypto/evp/digest.c @@ -124,12 +124,12 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); } EVP_MD_CTX *EVP_MD_CTX_create(void) { - EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx) EVP_MD_CTX_init(ctx); @@ -316,7 +316,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) } else tmp_buf = NULL; EVP_MD_CTX_cleanup(out); - memcpy(out, in, sizeof *out); + memcpy(out, in, sizeof(*out)); if (in->md_data && out->digest->ctx_size) { if (tmp_buf) @@ -402,7 +402,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) #ifdef OPENSSL_FIPS FIPS_md_ctx_cleanup(ctx); #endif - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); return 1; } diff --git a/deps/openssl/openssl/crypto/evp/e_aes.c b/deps/openssl/openssl/crypto/evp/e_aes.c index b45b364466acb8..ccc626f1d81c23 100644 --- a/deps/openssl/openssl/crypto/evp/e_aes.c +++ b/deps/openssl/openssl/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1089,6 +1089,8 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, ctx->iv, &ctx->num, ctx->encrypt, dat->block); len -= MAXBITCHUNK; + out += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, diff --git a/deps/openssl/openssl/crypto/evp/e_camellia.c b/deps/openssl/openssl/crypto/evp/e_camellia.c index f273f9c9475a9b..996aed2a676b48 100644 --- a/deps/openssl/openssl/crypto/evp/e_camellia.c +++ b/deps/openssl/openssl/crypto/evp/e_camellia.c @@ -1,6 +1,6 @@ /* crypto/evp/e_camellia.c */ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -356,6 +356,8 @@ static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, ctx->iv, &ctx->num, ctx->encrypt, dat->block); len -= MAXBITCHUNK; + out += MAXBITCHUNK; + in += MAXBITCHUNK; } if (len) CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, diff --git a/deps/openssl/openssl/crypto/evp/evp_enc.c b/deps/openssl/openssl/crypto/evp/evp_enc.c index be577bac767fe9..0c740d1679024a 100644 --- a/deps/openssl/openssl/crypto/evp/evp_enc.c +++ b/deps/openssl/openssl/crypto/evp/evp_enc.c @@ -85,7 +85,7 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { - EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx) EVP_CIPHER_CTX_init(ctx); return ctx; @@ -402,7 +402,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) } b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->buf); + OPENSSL_assert(b <= sizeof(ctx->buf)); if (b == 1) { *outl = 0; return 1; @@ -454,7 +454,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, return EVP_EncryptUpdate(ctx, out, outl, in, inl); b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof ctx->final); + OPENSSL_assert(b <= sizeof(ctx->final)); if (ctx->final_used) { memcpy(out, ctx->final, b); @@ -520,7 +520,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); return (0); } - OPENSSL_assert(b <= sizeof ctx->final); + OPENSSL_assert(b <= sizeof(ctx->final)); /* * The following assumes that the ciphertext has been authenticated. @@ -651,7 +651,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) #endif EVP_CIPHER_CTX_cleanup(out); - memcpy(out, in, sizeof *out); + memcpy(out, in, sizeof(*out)); if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); diff --git a/deps/openssl/openssl/crypto/evp/evp_locl.h b/deps/openssl/openssl/crypto/evp/evp_locl.h index 2bb709a065d5b5..bee7f6d16504bc 100644 --- a/deps/openssl/openssl/crypto/evp/evp_locl.h +++ b/deps/openssl/openssl/crypto/evp/evp_locl.h @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -116,7 +116,7 @@ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, if (inl=chunk)\ {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?chunk*8:chunk), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ inl-=chunk;\ in +=chunk;\ out+=chunk;\ diff --git a/deps/openssl/openssl/crypto/evp/evp_pbe.c b/deps/openssl/openssl/crypto/evp/evp_pbe.c index 7934c95fad0c50..5d2f04bf9edab3 100644 --- a/deps/openssl/openssl/crypto/evp/evp_pbe.c +++ b/deps/openssl/openssl/crypto/evp/evp_pbe.c @@ -161,9 +161,9 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); if (!pbe_obj) - BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); + BUF_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp)); else - i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); + i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; } diff --git a/deps/openssl/openssl/crypto/evp/evp_test.c b/deps/openssl/openssl/crypto/evp/evp_test.c index 98796427bf49d3..97a208302785d3 100755 --- a/deps/openssl/openssl/crypto/evp/evp_test.c +++ b/deps/openssl/openssl/crypto/evp/evp_test.c @@ -506,7 +506,7 @@ int main(int argc, char **argv) int an = 0; int tn = 0; - if (!fgets((char *)line, sizeof line, f)) + if (!fgets((char *)line, sizeof(line), f)) break; if (line[0] == '#' || line[0] == '\n') continue; diff --git a/deps/openssl/openssl/crypto/evp/openbsd_hw.c b/deps/openssl/openssl/crypto/evp/openbsd_hw.c index 07decf26743376..24a358e543061b 100644 --- a/deps/openssl/openssl/crypto/evp/openbsd_hw.c +++ b/deps/openssl/openssl/crypto/evp/openbsd_hw.c @@ -111,7 +111,7 @@ static int dev_crypto_init(session_op *ses) close(cryptodev_fd); } assert(ses); - memset(ses, '\0', sizeof *ses); + memset(ses, '\0', sizeof(*ses)); return 1; } @@ -164,7 +164,7 @@ static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, assert(CDATA(ctx)); assert(!dev_failed); - memset(&cryp, '\0', sizeof cryp); + memset(&cryp, '\0', sizeof(cryp)); cryp.ses = CDATA(ctx)->ses; cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; cryp.flags = 0; @@ -329,7 +329,7 @@ static int do_digest(int ses, unsigned char *md, const void *data, int len) return 1; } - memset(&cryp, '\0', sizeof cryp); + memset(&cryp, '\0', sizeof(cryp)); cryp.ses = ses; cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check * it */ diff --git a/deps/openssl/openssl/crypto/evp/p5_crpt2.c b/deps/openssl/openssl/crypto/evp/p5_crpt2.c index f2ae1e5790d065..46fefa9ad58467 100644 --- a/deps/openssl/openssl/crypto/evp/p5_crpt2.c +++ b/deps/openssl/openssl/crypto/evp/p5_crpt2.c @@ -262,7 +262,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, goto err; } keylen = EVP_CIPHER_CTX_key_length(ctx); - OPENSSL_assert(keylen <= sizeof key); + OPENSSL_assert(keylen <= sizeof(key)); /* Decode parameter */ diff --git a/deps/openssl/openssl/crypto/hmac/hmac.c b/deps/openssl/openssl/crypto/hmac/hmac.c index 213504e85fee58..023ec456f94ca5 100644 --- a/deps/openssl/openssl/crypto/hmac/hmac.c +++ b/deps/openssl/openssl/crypto/hmac/hmac.c @@ -234,7 +234,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx) EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); - OPENSSL_cleanse(ctx, sizeof *ctx); + OPENSSL_cleanse(ctx, sizeof(*ctx)); } unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, diff --git a/deps/openssl/openssl/crypto/jpake/jpake.c b/deps/openssl/openssl/crypto/jpake/jpake.c index 2ba75f0172c1cf..daf27228352a93 100644 --- a/deps/openssl/openssl/crypto/jpake/jpake.c +++ b/deps/openssl/openssl/crypto/jpake/jpake.c @@ -108,14 +108,14 @@ static void JPAKE_CTX_release(JPAKE_CTX *ctx) OPENSSL_free(ctx->p.peer_name); OPENSSL_free(ctx->p.name); - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); } JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, const BIGNUM *secret) { - JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + JPAKE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx == NULL) return NULL; @@ -460,7 +460,7 @@ void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a) int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx) { quickhashbn(send->hhk, ctx->key); - SHA1(send->hhk, sizeof send->hhk, send->hhk); + SHA1(send->hhk, sizeof(send->hhk), send->hhk); return 1; } @@ -470,8 +470,8 @@ int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received) unsigned char hhk[SHA_DIGEST_LENGTH]; quickhashbn(hhk, ctx->key); - SHA1(hhk, sizeof hhk, hhk); - if (memcmp(hhk, received->hhk, sizeof hhk)) { + SHA1(hhk, sizeof(hhk), hhk); + if (memcmp(hhk, received->hhk, sizeof(hhk))) { JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH); return 0; @@ -499,7 +499,7 @@ int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received) unsigned char hk[SHA_DIGEST_LENGTH]; quickhashbn(hk, ctx->key); - if (memcmp(hk, received->hk, sizeof hk)) { + if (memcmp(hk, received->hk, sizeof(hk))) { JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH); return 0; } diff --git a/deps/openssl/openssl/crypto/md2/md2_dgst.c b/deps/openssl/openssl/crypto/md2/md2_dgst.c index 7f5d9ba69ba234..44193e282b438b 100644 --- a/deps/openssl/openssl/crypto/md2/md2_dgst.c +++ b/deps/openssl/openssl/crypto/md2/md2_dgst.c @@ -122,9 +122,9 @@ const char *MD2_options(void) fips_md_init(MD2) { c->num = 0; - memset(c->state, 0, sizeof c->state); - memset(c->cksm, 0, sizeof c->cksm); - memset(c->data, 0, sizeof c->data); + memset(c->state, 0, sizeof(c->state)); + memset(c->cksm, 0, sizeof(c->cksm)); + memset(c->data, 0, sizeof(c->data)); return 1; } diff --git a/deps/openssl/openssl/crypto/md4/md4.c b/deps/openssl/openssl/crypto/md4/md4.c index c9fab6669aff98..a79997f8ffccc3 100644 --- a/deps/openssl/openssl/crypto/md4/md4.c +++ b/deps/openssl/openssl/crypto/md4/md4.c @@ -102,7 +102,7 @@ void do_fp(FILE *f) fd = fileno(f); MD4_Init(&c); for (;;) { - i = read(fd, buf, sizeof buf); + i = read(fd, buf, sizeof(buf)); if (i <= 0) break; MD4_Update(&c, buf, (unsigned long)i); diff --git a/deps/openssl/openssl/crypto/mem_dbg.c b/deps/openssl/openssl/crypto/mem_dbg.c index 8525ded78c7983..9e1be508951e71 100644 --- a/deps/openssl/openssl/crypto/mem_dbg.c +++ b/deps/openssl/openssl/crypto/mem_dbg.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -633,16 +633,22 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) APP_INFO *amip; int ami_cnt; struct tm *lcl = NULL; + struct tm result = {0}; CRYPTO_THREADID ti; -#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) +#define BUF_REMAIN (sizeof(buf) - (size_t)(bufp - buf)) if (m->addr == (char *)l->bio) return; if (options & V_CRYPTO_MDEBUG_TIME) { +# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \ + !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \ + (!defined(OPENSSL_SYS_VMS) || defined(localtime_r)) + lcl = localtime_r(&m->time, &result); +# else lcl = localtime(&m->time); - +# endif BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", lcl->tm_hour, lcl->tm_min, lcl->tm_sec); bufp += strlen(bufp); @@ -679,7 +685,7 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) ami_cnt++; memset(buf, '>', ami_cnt); - BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, + BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt, " thread=%lu, file=%s, line=%d, info=\"", CRYPTO_THREADID_hash(&amip->threadid), amip->file, amip->line); @@ -689,10 +695,10 @@ static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); buf_len = 128 - 3; } else { - BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); + BUF_strlcpy(buf + buf_len, amip->info, sizeof(buf) - buf_len); buf_len = strlen(buf); } - BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); + BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n"); BIO_puts(l->bio, buf); diff --git a/deps/openssl/openssl/crypto/o_init.c b/deps/openssl/openssl/crypto/o_init.c index 185841ea048c59..18bb85894d36a5 100644 --- a/deps/openssl/openssl/crypto/o_init.c +++ b/deps/openssl/openssl/crypto/o_init.c @@ -58,6 +58,11 @@ #ifdef OPENSSL_FIPS # include # include + +# ifndef OPENSSL_NO_DEPRECATED +/* the prototype is missing in */ +void FIPS_crypto_set_id_callback(unsigned long (*func)(void)); +# endif #endif /* diff --git a/deps/openssl/openssl/crypto/o_time.c b/deps/openssl/openssl/crypto/o_time.c index 04d805d9a96d04..61927439eaf518 100755 --- a/deps/openssl/openssl/crypto/o_time.c +++ b/deps/openssl/openssl/crypto/o_time.c @@ -8,7 +8,7 @@ * 2008. */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -105,7 +105,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) { struct tm *ts = NULL; -#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) +#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_SUNOS) if (gmtime_r(timer, result) == NULL) return NULL; ts = result; @@ -141,14 +141,14 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) pitem->ileb_64$w_mbo = 1; pitem->ileb_64$w_code = LNM$_STRING; pitem->ileb_64$l_mbmo = -1; - pitem->ileb_64$q_length = sizeof (logvalue); + pitem->ileb_64$q_length = sizeof(logvalue); pitem->ileb_64$pq_bufaddr = logvalue; pitem->ileb_64$pq_retlen_addr = (unsigned __int64 *) &reslen; pitem++; /* Last item of the item list is null terminated */ pitem->ileb_64$q_length = pitem->ileb_64$w_code = 0; # else - pitem->ile3$w_length = sizeof (logvalue); + pitem->ile3$w_length = sizeof(logvalue); pitem->ile3$w_code = LNM$_STRING; pitem->ile3$ps_bufaddr = logvalue; pitem->ile3$ps_retlen_addr = (unsigned short int *) &reslen; diff --git a/deps/openssl/openssl/crypto/objects/o_names.c b/deps/openssl/openssl/crypto/objects/o_names.c index f106905ffa77f4..b8bdc5c5202e1e 100644 --- a/deps/openssl/openssl/crypto/objects/o_names.c +++ b/deps/openssl/openssl/crypto/objects/o_names.c @@ -312,13 +312,13 @@ void OBJ_NAME_do_all_sorted(int type, d.type = type; d.names = - OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); + OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof(*d.names)); /* Really should return an error if !d.names...but its a void function! */ if (d.names) { d.n = 0; OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); + qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp); for (n = 0; n < d.n; ++n) fn(d.names[n], arg); diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.c b/deps/openssl/openssl/crypto/objects/obj_dat.c index aca382a6e9f3c9..315afa9dbed3e6 100644 --- a/deps/openssl/openssl/crypto/objects/obj_dat.c +++ b/deps/openssl/openssl/crypto/objects/obj_dat.c @@ -305,9 +305,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj) for (i = ADDED_DATA; i <= ADDED_NID; i++) if (ao[i] != NULL) OPENSSL_free(ao[i]); - if (o != NULL) - OPENSSL_free(o); - return (NID_undef); + ASN1_OBJECT_free(o); + return NID_undef; } ASN1_OBJECT *OBJ_nid2obj(int n) @@ -591,7 +590,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) n += i; OPENSSL_free(bndec); } else { - BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l); + BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l); i = strlen(tbuf); if (buf && (buf_len > 0)) { BUF_strlcpy(buf, tbuf, buf_len); @@ -725,6 +724,10 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, return (p); } +/* + * Parse a BIO sink to create some extra oid's objects. + * Line format: + */ int OBJ_create_objects(BIO *in) { MS_STATIC char buf[512]; @@ -746,9 +749,9 @@ int OBJ_create_objects(BIO *in) *(s++) = '\0'; while (isspace((unsigned char)*s)) s++; - if (*s == '\0') + if (*s == '\0') { s = NULL; - else { + } else { l = s; while ((*l != '\0') && !isspace((unsigned char)*l)) l++; @@ -756,15 +759,18 @@ int OBJ_create_objects(BIO *in) *(l++) = '\0'; while (isspace((unsigned char)*l)) l++; - if (*l == '\0') + if (*l == '\0') { l = NULL; - } else + } + } else { l = NULL; + } } - } else + } else { s = NULL; - if ((o == NULL) || (*o == '\0')) - return (num); + } + if (*o == '\0') + return num; if (!OBJ_create(o, s, l)) return (num); num++; diff --git a/deps/openssl/openssl/crypto/opensslv.h b/deps/openssl/openssl/crypto/opensslv.h index baee2d0865fd1d..77f124e2cb3c4b 100644 --- a/deps/openssl/openssl/crypto/opensslv.h +++ b/deps/openssl/openssl/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100020efL +# define OPENSSL_VERSION_NUMBER 0x100020ffL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-fips 7 Dec 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n 7 Dec 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o 27 Mar 2018" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/deps/openssl/openssl/crypto/pem/pem_info.c b/deps/openssl/openssl/crypto/pem/pem_info.c index 4d736a1d07e585..0994020d2eacca 100644 --- a/deps/openssl/openssl/crypto/pem/pem_info.c +++ b/deps/openssl/openssl/crypto/pem/pem_info.c @@ -354,7 +354,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, /* create the right magic header stuff */ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= - sizeof buf); + sizeof(buf)); buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); diff --git a/deps/openssl/openssl/crypto/pem/pem_lib.c b/deps/openssl/openssl/crypto/pem/pem_lib.c index 865976bf8cce9a..4d5f053e46802f 100644 --- a/deps/openssl/openssl/crypto/pem/pem_lib.c +++ b/deps/openssl/openssl/crypto/pem/pem_lib.c @@ -406,7 +406,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, OPENSSL_cleanse(buf, PEM_BUFSIZE); OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= - sizeof buf); + sizeof(buf)); buf[0] = '\0'; PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c b/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c index 6cf8253bc23857..6a463680d7ecc0 100644 --- a/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c +++ b/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c @@ -375,16 +375,18 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) } if (bio == NULL) { - if (PKCS7_is_detached(p7)) + if (PKCS7_is_detached(p7)) { bio = BIO_new(BIO_s_null()); - else if (os && os->length > 0) + } else if (os && os->length > 0) { bio = BIO_new_mem_buf(os->data, os->length); - if (bio == NULL) { + } else { bio = BIO_new(BIO_s_mem()); if (bio == NULL) goto err; BIO_set_mem_eof_return(bio, 0); } + if (bio == NULL) + goto err; } if (out) BIO_push(out, bio); diff --git a/deps/openssl/openssl/crypto/rand/md_rand.c b/deps/openssl/openssl/crypto/rand/md_rand.c index 29e465b07524b1..a7af9f9d8671ba 100644 --- a/deps/openssl/openssl/crypto/rand/md_rand.c +++ b/deps/openssl/openssl/crypto/rand/md_rand.c @@ -238,7 +238,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) md_c[0] = md_count[0]; md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); + memcpy(local_md, md, sizeof(md)); /* state_index <= state_num <= STATE_SIZE */ state_index += num; @@ -454,7 +454,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) st_num = state_num; md_c[0] = md_count[0]; md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); + memcpy(local_md, md, sizeof(md)); state_index += num_ceil; if (state_index > state_num) @@ -480,7 +480,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) goto err; #ifndef GETPID_IS_MEANINGLESS if (curr_pid) { /* just in the first iteration to save time */ - if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid)) + if (!MD_Update(&m, (unsigned char *)&curr_pid, sizeof(curr_pid))) goto err; curr_pid = 0; } diff --git a/deps/openssl/openssl/crypto/rand/rand_egd.c b/deps/openssl/openssl/crypto/rand/rand_egd.c index 737aebfa22fe4a..66fb14c87efdf7 100644 --- a/deps/openssl/openssl/crypto/rand/rand_egd.c +++ b/deps/openssl/openssl/crypto/rand/rand_egd.c @@ -148,7 +148,7 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) addr.sun_family = AF_UNIX; if (strlen(path) >= sizeof(addr.sun_path)) return (-1); - BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path); + BUF_strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); len = offsetof(struct sockaddr_un, sun_path) + strlen(path); fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) diff --git a/deps/openssl/openssl/crypto/rand/rand_unix.c b/deps/openssl/openssl/crypto/rand/rand_unix.c index 6c5b65da0070ee..097e4099181ad1 100644 --- a/deps/openssl/openssl/crypto/rand/rand_unix.c +++ b/deps/openssl/openssl/crypto/rand/rand_unix.c @@ -181,15 +181,15 @@ int RAND_poll(void) */ curr_gid = getgid(); - RAND_add(&curr_gid, sizeof curr_gid, 1); + RAND_add(&curr_gid, sizeof(curr_gid), 1); curr_gid = 0; curr_pid = getpid(); - RAND_add(&curr_pid, sizeof curr_pid, 1); + RAND_add(&curr_pid, sizeof(curr_pid), 1); curr_pid = 0; curr_uid = getuid(); - RAND_add(&curr_uid, sizeof curr_uid, 1); + RAND_add(&curr_uid, sizeof(curr_uid), 1); curr_uid = 0; for (i = 0; i < (ENTROPY_NEEDED * 4); i++) { @@ -217,7 +217,7 @@ int RAND_poll(void) /* take 8 bits */ v = (unsigned char)(ts.tv_nsec % 256); - RAND_add(&v, sizeof v, 1); + RAND_add(&v, sizeof(v), 1); v = 0; } return 1; @@ -402,7 +402,7 @@ int RAND_poll(void) # if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) if (n > 0) { - RAND_add(tmpbuf, sizeof tmpbuf, (double)n); + RAND_add(tmpbuf, sizeof(tmpbuf), (double)n); OPENSSL_cleanse(tmpbuf, n); } # endif diff --git a/deps/openssl/openssl/crypto/rsa/rsa_crpt.c b/deps/openssl/openssl/crypto/rsa/rsa_crpt.c index 5c416b53fab0e6..68f2981cc54d36 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_crpt.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_crpt.c @@ -219,7 +219,7 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) * if PRNG is not properly seeded, resort to secret exponent as * unpredictable seed */ - RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); + RAND_add(rsa->d->d, rsa->d->dmax * sizeof(rsa->d->d[0]), 0.0); } if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { diff --git a/deps/openssl/openssl/crypto/rsa/rsa_gen.c b/deps/openssl/openssl/crypto/rsa/rsa_gen.c index a85493d6097b8e..9ca5dfefb70736 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_gen.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_gen.c @@ -109,6 +109,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BIGNUM *pr0, *d, *p; int bitsp, bitsq, ok = -1, n = 0; BN_CTX *ctx = NULL; + unsigned long error = 0; /* * When generating ridiculously small keys, we can get stuck @@ -155,16 +156,26 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (BN_copy(rsa->e, e_value) == NULL) goto err; + BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) { if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } if (!BN_GENCB_call(cb, 2, n++)) goto err; } @@ -177,10 +188,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, } while (BN_cmp(rsa->p, rsa->q) == 0); if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ break; + } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } if (!BN_GENCB_call(cb, 2, n++)) goto err; } diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pss.c b/deps/openssl/openssl/crypto/rsa/rsa_pss.c index 2c3fd73b0996a9..3c9250ba5eb39a 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_pss.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_pss.c @@ -157,7 +157,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, goto err; } if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(&ctx, zeroes, sizeof(zeroes)) || !EVP_DigestUpdate(&ctx, mHash, hLen)) goto err; if (maskedDBLen - i) { @@ -252,7 +252,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, H = EM + maskedDBLen; EVP_MD_CTX_init(&ctx); if (!EVP_DigestInit_ex(&ctx, Hash, NULL) - || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) + || !EVP_DigestUpdate(&ctx, zeroes, sizeof(zeroes)) || !EVP_DigestUpdate(&ctx, mHash, hLen)) goto err; if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) diff --git a/deps/openssl/openssl/crypto/rsa/rsa_test.c b/deps/openssl/openssl/crypto/rsa/rsa_test.c index 85c7440b8c6805..ed78f01081b1a8 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_test.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_test.c @@ -226,7 +226,7 @@ int main(int argc, char *argv[]) CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ + RAND_seed(rnd_seed, sizeof(rnd_seed)); /* or OAEP may fail */ plen = sizeof(ptext_ex) - 1; diff --git a/deps/openssl/openssl/crypto/srp/srp_grps.h b/deps/openssl/openssl/crypto/srp/srp_grps.h index 31312de15c81b7..f76652cb8b9abe 100644 --- a/deps/openssl/openssl/crypto/srp/srp_grps.h +++ b/deps/openssl/openssl/crypto/srp/srp_grps.h @@ -21,8 +21,8 @@ static BN_ULONG bn_group_1024_value[] = { static BIGNUM bn_group_1024 = { bn_group_1024_value, - (sizeof bn_group_1024_value) / sizeof(BN_ULONG), - (sizeof bn_group_1024_value) / sizeof(BN_ULONG), + (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_1024_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -56,8 +56,8 @@ static BN_ULONG bn_group_1536_value[] = { static BIGNUM bn_group_1536 = { bn_group_1536_value, - (sizeof bn_group_1536_value) / sizeof(BN_ULONG), - (sizeof bn_group_1536_value) / sizeof(BN_ULONG), + (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_1536_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -99,8 +99,8 @@ static BN_ULONG bn_group_2048_value[] = { static BIGNUM bn_group_2048 = { bn_group_2048_value, - (sizeof bn_group_2048_value) / sizeof(BN_ULONG), - (sizeof bn_group_2048_value) / sizeof(BN_ULONG), + (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_2048_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -158,8 +158,8 @@ static BN_ULONG bn_group_3072_value[] = { static BIGNUM bn_group_3072 = { bn_group_3072_value, - (sizeof bn_group_3072_value) / sizeof(BN_ULONG), - (sizeof bn_group_3072_value) / sizeof(BN_ULONG), + (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_3072_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -233,8 +233,8 @@ static BN_ULONG bn_group_4096_value[] = { static BIGNUM bn_group_4096 = { bn_group_4096_value, - (sizeof bn_group_4096_value) / sizeof(BN_ULONG), - (sizeof bn_group_4096_value) / sizeof(BN_ULONG), + (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_4096_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -340,8 +340,8 @@ static BN_ULONG bn_group_6144_value[] = { static BIGNUM bn_group_6144 = { bn_group_6144_value, - (sizeof bn_group_6144_value) / sizeof(BN_ULONG), - (sizeof bn_group_6144_value) / sizeof(BN_ULONG), + (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_6144_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; @@ -479,8 +479,8 @@ static BN_ULONG bn_group_8192_value[] = { static BIGNUM bn_group_8192 = { bn_group_8192_value, - (sizeof bn_group_8192_value) / sizeof(BN_ULONG), - (sizeof bn_group_8192_value) / sizeof(BN_ULONG), + (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG), + (sizeof(bn_group_8192_value)) / sizeof(BN_ULONG), 0, BN_FLG_STATIC_DATA }; diff --git a/deps/openssl/openssl/crypto/threads/mttest.c b/deps/openssl/openssl/crypto/threads/mttest.c index dbff4a69f3a412..b26ed28aa9f6aa 100644 --- a/deps/openssl/openssl/crypto/threads/mttest.c +++ b/deps/openssl/openssl/crypto/threads/mttest.c @@ -190,7 +190,7 @@ int main(int argc, char *argv[]) char *ccert = TEST_CLIENT_CERT; const SSL_METHOD *ssl_method = SSLv23_method(); - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); if (bio_err == NULL) bio_err = BIO_new_fd(2, BIO_NOCLOSE); diff --git a/deps/openssl/openssl/crypto/ts/Makefile b/deps/openssl/openssl/crypto/ts/Makefile index cf991efe464199..4a3c0f0017e821 100644 --- a/deps/openssl/openssl/crypto/ts/Makefile +++ b/deps/openssl/openssl/crypto/ts/Makefile @@ -217,7 +217,8 @@ ts_rsp_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ts_rsp_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_rsp_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ts_rsp_sign.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_sign.c +ts_rsp_sign.o: ../../include/openssl/x509v3.h ../cryptlib.h ../o_time.h +ts_rsp_sign.o: ts_rsp_sign.c ts_rsp_utils.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h diff --git a/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c b/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c index db6ce3241f73d0..d55e903e836ae3 100644 --- a/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c +++ b/deps/openssl/openssl/crypto/ts/ts_rsp_sign.c @@ -4,7 +4,7 @@ * 2002. */ /* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -58,6 +58,7 @@ */ #include "cryptlib.h" +#include "o_time.h" #if defined(OPENSSL_SYS_UNIX) # include @@ -948,6 +949,7 @@ static ASN1_GENERALIZEDTIME { time_t time_sec = (time_t)sec; struct tm *tm = NULL; + struct tm result = {0}; char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; char *p = genTime_str; char *p_end = genTime_str + sizeof(genTime_str); @@ -955,7 +957,7 @@ static ASN1_GENERALIZEDTIME if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) goto err; - if (!(tm = gmtime(&time_sec))) + if (!(tm = OPENSSL_gmtime(&time_sec, &result))) goto err; /* diff --git a/deps/openssl/openssl/crypto/ui/ui_openssl.c b/deps/openssl/openssl/crypto/ui/ui_openssl.c index 17d14f58427afa..8a43590319fa98 100644 --- a/deps/openssl/openssl/crypto/ui/ui_openssl.c +++ b/deps/openssl/openssl/crypto/ui/ui_openssl.c @@ -614,7 +614,7 @@ static void pushsig(void) # ifdef SIGACTION struct sigaction sa; - memset(&sa, 0, sizeof sa); + memset(&sa, 0, sizeof(sa)); sa.sa_handler = recsig; # endif diff --git a/deps/openssl/openssl/crypto/x509/x509_txt.c b/deps/openssl/openssl/crypto/x509/x509_txt.c index 35db095591331a..594031e7722df3 100644 --- a/deps/openssl/openssl/crypto/x509/x509_txt.c +++ b/deps/openssl/openssl/crypto/x509/x509_txt.c @@ -212,7 +212,7 @@ const char *X509_verify_cert_error_string(long n) return ("proxy subject name violation"); default: - BIO_snprintf(buf, sizeof buf, "error number %ld", n); + BIO_snprintf(buf, sizeof(buf), "error number %ld", n); return (buf); } } diff --git a/deps/openssl/openssl/crypto/x509/x509_v3.c b/deps/openssl/openssl/crypto/x509/x509_v3.c index 4a03445a64d24d..9a3517e02af13b 100644 --- a/deps/openssl/openssl/crypto/x509/x509_v3.c +++ b/deps/openssl/openssl/crypto/x509/x509_v3.c @@ -177,7 +177,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, err2: if (new_ex != NULL) X509_EXTENSION_free(new_ex); - if (sk != NULL) + if (x != NULL && *x == NULL && sk != NULL) sk_X509_EXTENSION_free(sk); return (NULL); } diff --git a/deps/openssl/openssl/crypto/x509/x509_vpm.c b/deps/openssl/openssl/crypto/x509/x509_vpm.c index 1ac15a881a1059..7d68a4abbc9404 100644 --- a/deps/openssl/openssl/crypto/x509/x509_vpm.c +++ b/deps/openssl/openssl/crypto/x509/x509_vpm.c @@ -173,7 +173,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) X509_VERIFY_PARAM *param; X509_VERIFY_PARAM_ID *paramid; - param = OPENSSL_malloc(sizeof *param); + param = OPENSSL_malloc(sizeof(*param)); if (!param) return NULL; memset(param, 0, sizeof(*param)); diff --git a/deps/openssl/openssl/crypto/x509v3/v3_alt.c b/deps/openssl/openssl/crypto/x509v3/v3_alt.c index a0351faf11192f..d4d024c561c892 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_alt.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_alt.c @@ -157,12 +157,12 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, case GEN_IPADD: p = gen->d.ip->data; if (gen->d.ip->length == 4) - BIO_snprintf(oline, sizeof oline, + BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); else if (gen->d.ip->length == 16) { oline[0] = 0; for (i = 0; i < 8; i++) { - BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]); + BIO_snprintf(htmp, sizeof(htmp), "%X", p[0] << 8 | p[1]); p += 2; strcat(oline, htmp); if (i != 7) diff --git a/deps/openssl/openssl/crypto/x509v3/v3_conf.c b/deps/openssl/openssl/crypto/x509v3/v3_conf.c index c1b4c1a89f74f3..a38848cc1df710 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_conf.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_conf.c @@ -4,7 +4,7 @@ * 1999. */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -340,8 +340,12 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, val = sk_CONF_VALUE_value(nval, i); if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) return 0; - if (sk) - X509v3_add_ext(sk, ext, -1); + if (sk != NULL) { + if (X509v3_add_ext(sk, ext, -1) == NULL) { + X509_EXTENSION_free(ext); + return 0; + } + } X509_EXTENSION_free(ext); } return 1; diff --git a/deps/openssl/openssl/crypto/x509v3/v3_info.c b/deps/openssl/openssl/crypto/x509v3/v3_info.c index 7064c725d98dba..0c64b0adfcc98c 100644 --- a/deps/openssl/openssl/crypto/x509v3/v3_info.c +++ b/deps/openssl/openssl/crypto/x509v3/v3_info.c @@ -126,7 +126,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( goto err; tret = tmp; vtmp = sk_CONF_VALUE_value(tret, i); - i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); + i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ntmp = OPENSSL_malloc(nlen); if (ntmp == NULL) diff --git a/deps/openssl/openssl/demos/easy_tls/easy-tls.c b/deps/openssl/openssl/demos/easy_tls/easy-tls.c index 45063a4896a2a4..717b81aac13c99 100644 --- a/deps/openssl/openssl/demos/easy_tls/easy-tls.c +++ b/deps/openssl/openssl/demos/easy_tls/easy-tls.c @@ -295,9 +295,9 @@ static void tls_errflush(void *apparg) if (errbuf_i == 0) return; - assert(errbuf_i < sizeof errbuf); + assert(errbuf_i < sizeof(errbuf)); assert(errbuf[errbuf_i] == 0); - if (errbuf_i == sizeof errbuf - 1) { + if (errbuf_i == sizeof(errbuf) - 1) { /* make sure we have a newline, even if string has been truncated */ errbuf[errbuf_i - 1] = '\n'; } @@ -316,11 +316,11 @@ static void tls_errprintf(int flush, void *apparg, const char *fmt, ...) va_list args; int r; - if (errbuf_i < sizeof errbuf - 1) { + if (errbuf_i < sizeof(errbuf) - 1) { size_t n; va_start(args, fmt); - n = (sizeof errbuf) - errbuf_i; + n = (sizeof(errbuf)) - errbuf_i; r = vsnprintf(errbuf + errbuf_i, n, fmt, args); va_end(args); if (r >= n) @@ -328,10 +328,10 @@ static void tls_errprintf(int flush, void *apparg, const char *fmt, ...) if (r >= 0) { errbuf_i += r; } else { - errbuf_i = sizeof errbuf - 1; + errbuf_i = sizeof(errbuf) - 1; errbuf[errbuf_i] = '\0'; } - assert(errbuf_i < sizeof errbuf); + assert(errbuf_i < sizeof(errbuf)); assert(errbuf[errbuf_i] == 0); } #ifndef TLS_CUMULATE_ERRORS @@ -369,11 +369,11 @@ static char *tls_openssl_errors(const char *app_prefix_1, default_text = "?" "?" "?"; while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { - if (reasons_i < sizeof reasons) { + if (reasons_i < sizeof(reasons)) { size_t n; int r; - n = (sizeof reasons) - reasons_i; + n = (sizeof(reasons)) - reasons_i; r = snprintf(reasons + reasons_i, n, "%s%s", (reasons_i > 0 ? ", " : ""), ERR_reason_error_string(err)); @@ -382,9 +382,9 @@ static char *tls_openssl_errors(const char *app_prefix_1, if (r >= 0) { reasons_i += r; } else { - reasons_i = sizeof reasons; + reasons_i = sizeof(reasons); } - assert(reasons_i <= sizeof reasons); + assert(reasons_i <= sizeof(reasons)); } errstring = ERR_error_string(err, NULL); @@ -397,7 +397,7 @@ static char *tls_openssl_errors(const char *app_prefix_1, if (!printed_something) { assert(reasons_i == 0); - snprintf(reasons, sizeof reasons, "%s", default_text); + snprintf(reasons, sizeof(reasons), "%s", default_text); tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1, app_prefix_2, default_text); } @@ -442,7 +442,7 @@ static void tls_rand_seed_uniquely(void) data.time = time(NULL); data.stack = (void *)&data; - RAND_seed((const void *)&data, sizeof data); + RAND_seed((const void *)&data, sizeof(data)); } void tls_rand_seed(void) @@ -465,7 +465,7 @@ void tls_rand_seed(void) data.gid = getgid(); data.egid = getegid(); - RAND_seed((const void *)&data, sizeof data); + RAND_seed((const void *)&data, sizeof(data)); tls_rand_seed_uniquely(); } @@ -543,7 +543,7 @@ tls_get_x509_subject_name_oneline(X509 *cert, name = X509_get_subject_name(cert); /* does not increment any reference * counter */ - assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */ + assert(sizeof(namestring->str) >= 4); /* "?" or "...", plus 0 */ if (name == NULL) { namestring->str[0] = '?'; @@ -551,12 +551,12 @@ tls_get_x509_subject_name_oneline(X509 *cert, } else { size_t len; - X509_NAME_oneline(name, namestring->str, sizeof namestring->str); + X509_NAME_oneline(name, namestring->str, sizeof(namestring->str)); len = strlen(namestring->str); assert(namestring->str[len] == 0); - assert(len < sizeof namestring->str); + assert(len < sizeof(namestring->str)); - if (len + 1 == sizeof namestring->str) { + if (len + 1 == sizeof(namestring->str)) { /* * (Probably something was cut off.) Does not really work -- * X509_NAME_oneline truncates after name components, we cannot @@ -617,7 +617,7 @@ void tls_set_dhe1024(int i, void *apparg) tls_init(apparg); if (i >= 0) { - i %= sizeof seed / sizeof seed[0]; + i %= sizeof(seed) / sizeof(seed[0]); assert(strlen(seed[i]) == 20); memcpy(seedbuf, seed[i], 20); dsaparams = @@ -711,7 +711,7 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) if ((a.ca_file != NULL) || (a.verify_depth > 0)) { context_num++; r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num, - (unsigned int)sizeof context_num); + (unsigned int)sizeof(context_num)); if (!r) goto err; @@ -762,7 +762,7 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) if (tls_dhe1024 == NULL) { int i; - if (RAND_bytes((unsigned char *)&i, sizeof i) <= 0) + if (RAND_bytes((unsigned char *)&i, sizeof(i)) <= 0) goto err_return; /* * make sure that i is non-negative -- pick one of the provided @@ -955,11 +955,11 @@ static void write_info(SSL *ssl, int *info_fd) /* should not happen, but make sure */ *strchr(peer.str, '\n') = '\0'; } - r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok, + r = snprintf(infobuf, sizeof(infobuf), "%c:%s\n%s\n", v_ok, X509_verify_cert_error_string(v), peer.str); DEBUG_MSG2("snprintf", r); - if (r == -1 || r >= sizeof infobuf) - r = sizeof infobuf - 1; + if (r == -1 || r >= sizeof(infobuf)) + r = sizeof(infobuf) - 1; write(*info_fd, infobuf, r); close(*info_fd); *info_fd = -1; @@ -1082,7 +1082,7 @@ tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p) if (!closed) { if (clear_to_tls.offset + clear_to_tls.len < - sizeof clear_to_tls.buf) { + sizeof(clear_to_tls.buf)) { r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select, &closed, &progress); if (r != 0) @@ -1096,7 +1096,7 @@ tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p) if (!closed && !in_handshake) { if (tls_to_clear.offset + tls_to_clear.len < - sizeof tls_to_clear.buf) { + sizeof(tls_to_clear.buf)) { r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1); @@ -1231,13 +1231,13 @@ tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, DEBUG_MSG("tls_read_attempt"); total = buf->offset + buf->len; - assert(total < sizeof buf->buf); - n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total); + assert(total < sizeof(buf->buf)); + n = SSL_read(ssl, buf->buf + total, sizeof(buf->buf) - total); DEBUG_MSG2("SSL_read", n); r = tls_get_error(ssl, n, write_select, read_select, closed, progress); if (n > 0) { buf->len += n; - assert(buf->offset + buf->len <= sizeof buf->buf); + assert(buf->offset + buf->len <= sizeof(buf->buf)); } if (r == -1) *err_pref = " during SSL_read"; @@ -1297,13 +1297,13 @@ read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, DEBUG_MSG("read_attempt"); total = buf->offset + buf->len; - assert(total < sizeof buf->buf); - n = read(fd, buf->buf + total, (sizeof buf->buf) - total); + assert(total < sizeof(buf->buf)); + n = read(fd, buf->buf + total, sizeof(buf->buf) - total); DEBUG_MSG2("read", n); r = get_error(n, select, closed, progress); if (n > 0) { buf->len += n; - assert(buf->offset + buf->len <= sizeof buf->buf); + assert(buf->offset + buf->len <= sizeof(buf->buf)); } if (r == -1) tls_errprintf(1, tls_child_apparg, "read error: %s\n", diff --git a/deps/openssl/openssl/demos/easy_tls/test.c b/deps/openssl/openssl/demos/easy_tls/test.c index d1dd53d0c5b193..3877370f5e51d2 100644 --- a/deps/openssl/openssl/demos/easy_tls/test.c +++ b/deps/openssl/openssl/demos/easy_tls/test.c @@ -78,7 +78,7 @@ int main(int argc, char *argv[]) if (client_p) { struct sockaddr_in addr; - size_t addr_len = sizeof addr; + size_t addr_len = sizeof(addr); addr.sin_family = AF_INET; assert(argc > 1); @@ -101,7 +101,7 @@ int main(int argc, char *argv[]) { int i = 1; - r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&i, sizeof i); + r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&i, sizeof(i)); if (r == -1) { perror("setsockopt"); exit(1); @@ -110,7 +110,7 @@ int main(int argc, char *argv[]) { struct sockaddr_in addr; - size_t addr_len = sizeof addr; + size_t addr_len = sizeof(addr); if (argc > 1) sscanf(argv[1], "%d", &port); @@ -158,7 +158,7 @@ int main(int argc, char *argv[]) setvbuf(conn_in, NULL, _IOLBF, 256); setvbuf(conn_out, NULL, _IOLBF, 256); - while (fgets(buf, sizeof buf, stdin) != NULL) { + while (fgets(buf, sizeof(buf), stdin) != NULL) { if (buf[0] == 'W') { fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1), buf + 1); @@ -174,7 +174,7 @@ int main(int argc, char *argv[]) sscanf(buf + 1, "%d", &lines); do { - if (fgets(buf, sizeof buf, conn_in) == NULL) { + if (fgets(buf, sizeof(buf), conn_in) == NULL) { if (ferror(conn_in)) { fprintf(stderr, "ERROR\n"); exit(1); @@ -225,7 +225,7 @@ int main(int argc, char *argv[]) exit(1); } - r = read(infofd, infobuf, sizeof infobuf - 1); + r = read(infofd, infobuf, sizeof(infobuf) - 1); if (r > 0) { const char *info = infobuf; const char *eol; diff --git a/deps/openssl/openssl/demos/engines/zencod/hw_zencod.c b/deps/openssl/openssl/demos/engines/zencod/hw_zencod.c index daf0aef1efe236..dfbe7d15bb3872 100644 --- a/deps/openssl/openssl/demos/engines/zencod/hw_zencod.c +++ b/deps/openssl/openssl/demos/engines/zencod/hw_zencod.c @@ -1289,10 +1289,10 @@ static const EVP_MD engine_sha1_md = { engine_md_cleanup, /* dev_crypto_sha_cleanup */ EVP_PKEY_RSA_method, SHA_CBLOCK, - /* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */ + /* sizeof(EVP_MD *) + sizeof(SHA_CTX) */ sizeof(ZEN_MD_DATA) /* - * sizeof ( MD_CTX_DATA ) The message digest data structure ... + * sizeof(MD_CTX_DATA) The message digest data structure ... */ }; @@ -1315,10 +1315,10 @@ static const EVP_MD engine_md5_md = { engine_md_cleanup, /* dev_crypto_md5_cleanup */ EVP_PKEY_RSA_method, MD5_CBLOCK, - /* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */ + /* sizeof(EVP_MD *) + sizeof(MD5_CTX) */ sizeof(ZEN_MD_DATA) /* - * sizeof ( MD_CTX_DATA ) The message digest data structure ... + * sizeof(MD_CTX_DATA) The message digest data structure ... */ }; diff --git a/deps/openssl/openssl/demos/spkigen.c b/deps/openssl/openssl/demos/spkigen.c index c272a8c223eab7..9ccb34a1fab39b 100644 --- a/deps/openssl/openssl/demos/spkigen.c +++ b/deps/openssl/openssl/demos/spkigen.c @@ -73,7 +73,7 @@ char *argv[]; fprintf(stderr, "please enter challenge string:"); fflush(stderr); buf[0] = '\0'; - fgets(buf, sizeof buf, stdin); + fgets(buf, sizeof(buf), stdin); i = strlen(buf); if (i > 0) buf[--i] = '\0'; diff --git a/deps/openssl/openssl/demos/ssl/serv.cpp b/deps/openssl/openssl/demos/ssl/serv.cpp index b142c758d2c26c..bccce2bd012c8b 100644 --- a/deps/openssl/openssl/demos/ssl/serv.cpp +++ b/deps/openssl/openssl/demos/ssl/serv.cpp @@ -87,7 +87,7 @@ void main () sa_serv.sin_port = htons (1111); /* Server Port number */ err = bind(listen_sd, (struct sockaddr*) &sa_serv, - sizeof (sa_serv)); CHK_ERR(err, "bind"); + sizeof(sa_serv)); CHK_ERR(err, "bind"); /* Receive a TCP connection. */ diff --git a/deps/openssl/openssl/demos/state_machine/state_machine.c b/deps/openssl/openssl/demos/state_machine/state_machine.c index 2ec196afffde42..aca9cd83a5136a 100644 --- a/deps/openssl/openssl/demos/state_machine/state_machine.c +++ b/deps/openssl/openssl/demos/state_machine/state_machine.c @@ -106,7 +106,7 @@ void SSLStateMachine_print_error(SSLStateMachine * pMachine, while ((l = ERR_get_error())) { char buf[1024]; - ERR_error_string_n(l, buf, sizeof buf); + ERR_error_string_n(l, buf, sizeof(buf)); fprintf(stderr, "Error %lx: %s\n", l, buf); } } @@ -114,7 +114,7 @@ void SSLStateMachine_print_error(SSLStateMachine * pMachine, SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile, const char *szKeyFile) { - SSLStateMachine *pMachine = malloc(sizeof *pMachine); + SSLStateMachine *pMachine = malloc(sizeof(*pMachine)); int n; die_unless(pMachine); @@ -252,15 +252,15 @@ int OpenSocket(int nPort) } if (setsockopt - (nSocket, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof one) < 0) { + (nSocket, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof(one)) < 0) { perror("setsockopt"); exit(2); } - memset(&saServer, 0, sizeof saServer); + memset(&saServer, 0, sizeof(saServer)); saServer.sin_family = AF_INET; saServer.sin_port = htons(nPort); - nSize = sizeof saServer; + nSize = sizeof(saServer); if (bind(nSocket, (struct sockaddr *)&saServer, nSize) < 0) { perror("bind"); exit(3); @@ -271,7 +271,7 @@ int OpenSocket(int nPort) exit(4); } - nLen = sizeof saClient; + nLen = sizeof(saClient); nFD = accept(nSocket, (struct sockaddr *)&saClient, &nLen); if (nFD < 0) { perror("accept"); @@ -343,7 +343,7 @@ int main(int argc, char **argv) /* Socket is ready for input */ if (FD_ISSET(nFD, &rfds)) { - n = read(nFD, buf, sizeof buf); + n = read(nFD, buf, sizeof(buf)); if (n == 0) { fprintf(stderr, "Got EOF on socket\n"); exit(0); @@ -360,7 +360,7 @@ int main(int argc, char **argv) nrbuf = 0; n = SSLStateMachine_read_extract(pMachine, buf + 1, - sizeof buf - 1); + sizeof(buf) - 1); if (n < 0) { SSLStateMachine_print_error(pMachine, "read extract failed"); break; @@ -382,7 +382,7 @@ int main(int argc, char **argv) if (FD_ISSET(nFD, &wfds)) { int w; - n = SSLStateMachine_write_extract(pMachine, buf, sizeof buf); + n = SSLStateMachine_write_extract(pMachine, buf, sizeof(buf)); assert(n > 0); w = write(nFD, buf, n); @@ -392,7 +392,7 @@ int main(int argc, char **argv) /* Stdin is ready for input */ if (FD_ISSET(0, &rfds)) { - n = read(0, buf, sizeof buf); + n = read(0, buf, sizeof(buf)); if (n == 0) { fprintf(stderr, "Got EOF on stdin\n"); exit(0); diff --git a/deps/openssl/openssl/doc/apps/ca.pod b/deps/openssl/openssl/doc/apps/ca.pod index cc26bf48a3a74f..8d94ecb4613e6e 100644 --- a/deps/openssl/openssl/doc/apps/ca.pod +++ b/deps/openssl/openssl/doc/apps/ca.pod @@ -424,6 +424,10 @@ versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value B, especially if combined with the B<-selfsign> command line option. +Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate. + =item B a text file containing the next serial number to use in hex. Mandatory. diff --git a/deps/openssl/openssl/doc/apps/ecparam.pod b/deps/openssl/openssl/doc/apps/ecparam.pod index ba2f3b9ae274f5..9482095266dcb1 100644 --- a/deps/openssl/openssl/doc/apps/ecparam.pod +++ b/deps/openssl/openssl/doc/apps/ecparam.pod @@ -86,8 +86,8 @@ currently implemented EC parameters names and exit. =item B<-conv_form> This specifies how the points on the elliptic curve are converted -into octet strings. Possible values are: B (the default -value), B and B. For more information regarding +into octet strings. Possible values are: B, B (the +default value) and B. For more information regarding the point conversion forms please read the X9.62 standard. B Due to patent issues the B option is disabled by default for binary curves and can be enabled by defining diff --git a/deps/openssl/openssl/doc/apps/s_client.pod b/deps/openssl/openssl/doc/apps/s_client.pod index d9413a0cf211e5..d2cad29d218b30 100644 --- a/deps/openssl/openssl/doc/apps/s_client.pod +++ b/deps/openssl/openssl/doc/apps/s_client.pod @@ -250,7 +250,7 @@ use the server's cipher preferences; only used for SSLV2. send the protocol-specific message(s) to switch to TLS for communication. B is a keyword for the intended protocol. Currently, the only -supported keywords are "smtp", "pop3", "imap", and "ftp". +supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp". =item B<-tlsextdebug> diff --git a/deps/openssl/openssl/doc/apps/verify.pod b/deps/openssl/openssl/doc/apps/verify.pod index 321d5ac7e126f4..2516718979f29c 100644 --- a/deps/openssl/openssl/doc/apps/verify.pod +++ b/deps/openssl/openssl/doc/apps/verify.pod @@ -15,7 +15,7 @@ B B [B<-ignore_critical>] [B<-attime timestamp>] [B<-check_ss_sig>] -[B<-crlfile file>] +[B<-CRLfile file>] [B<-crl_download>] [B<-crl_check>] [B<-crl_check_all>] @@ -69,7 +69,7 @@ current system time. B is the number of seconds since Verify the signature on the self-signed root CA. This is disabled by default because it doesn't add any security. -=item B<-crlfile file> +=item B<-CRLfile file> File containing one or more CRL's (in PEM format) to load. diff --git a/deps/openssl/openssl/doc/apps/x509.pod b/deps/openssl/openssl/doc/apps/x509.pod index d50625862ac3a0..408a5c6b8532fe 100644 --- a/deps/openssl/openssl/doc/apps/x509.pod +++ b/deps/openssl/openssl/doc/apps/x509.pod @@ -225,8 +225,11 @@ non-zero if yes it will expire or zero if not. =item B<-fingerprint> -prints out the digest of the DER encoded version of the whole certificate -(see digest options). +Calculates and outputs the digest of the DER encoded version of the entire +certificate (see digest options). +This is commonly called a "fingerprint". Because of the nature of message +digests, the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same. =item B<-C> @@ -674,10 +677,6 @@ supporting UTF8: openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb -Display the certificate MD5 fingerprint: - - openssl x509 -in cert.pem -noout -fingerprint - Display the certificate SHA1 fingerprint: openssl x509 -sha1 -in cert.pem -noout -fingerprint @@ -731,13 +730,6 @@ T61Strings use the ISO8859-1 character set. This is wrong but Netscape and MSIE do this as do many certificates. So although this is incorrect it is more likely to display the majority of certificates correctly. -The B<-fingerprint> option takes the digest of the DER encoded certificate. -This is commonly called a "fingerprint". Because of the nature of message -digests the fingerprint of a certificate is unique to that certificate and -two certificates with the same fingerprint can be considered to be the same. - -The Netscape fingerprint uses MD5 whereas MSIE uses SHA1. - The B<-email> option searches the subject name and the subject alternative name extension. Only unique email addresses will be printed out: it will not print the same address more than once. diff --git a/deps/openssl/openssl/doc/crypto/ASN1_STRING_length.pod b/deps/openssl/openssl/doc/crypto/ASN1_STRING_length.pod index f651e4f2aee031..4ea6e8c226c07d 100644 --- a/deps/openssl/openssl/doc/crypto/ASN1_STRING_length.pod +++ b/deps/openssl/openssl/doc/crypto/ASN1_STRING_length.pod @@ -66,8 +66,8 @@ utility functions should be used instead. In general it cannot be assumed that the data returned by ASN1_STRING_data() is null terminated or does not contain embedded nulls. The actual format of the data will depend on the actual string type itself: for example -for and IA5String the data will be ASCII, for a BMPString two bytes per -character in big endian format, UTF8String will be in UTF8 format. +for an IA5String the data will be ASCII, for a BMPString two bytes per +character in big endian format, and for an UTF8String it will be in UTF8 format. Similar care should be take to ensure the data is in the correct format when calling ASN1_STRING_set(). diff --git a/deps/openssl/openssl/doc/crypto/BIO_s_mem.pod b/deps/openssl/openssl/doc/crypto/BIO_s_mem.pod index 9f239648d7525b..7663d8bf5ffd8d 100644 --- a/deps/openssl/openssl/doc/crypto/BIO_s_mem.pod +++ b/deps/openssl/openssl/doc/crypto/BIO_s_mem.pod @@ -50,14 +50,14 @@ zero then it will return B when it is empty and it will set the read retry flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal positive return value B should be set to a negative value, typically -1. -BIO_get_mem_data() sets B to a pointer to the start of the memory BIOs data +BIO_get_mem_data() sets *B to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro. BIO_set_mem_buf() sets the internal BUF_MEM structure to B and sets the close flag to B, that is B should be either BIO_CLOSE or BIO_NOCLOSE. It is a macro. -BIO_get_mem_ptr() places the underlying BUF_MEM structure in B. It is +BIO_get_mem_ptr() places the underlying BUF_MEM structure in *B. It is a macro. BIO_new_mem_buf() creates a memory BIO using B bytes of data at B, diff --git a/deps/openssl/openssl/doc/crypto/BN_zero.pod b/deps/openssl/openssl/doc/crypto/BN_zero.pod index b555ec39885999..8aa9c142b725d5 100644 --- a/deps/openssl/openssl/doc/crypto/BN_zero.pod +++ b/deps/openssl/openssl/doc/crypto/BN_zero.pod @@ -14,34 +14,37 @@ operations const BIGNUM *BN_value_one(void); - int BN_set_word(BIGNUM *a, unsigned long w); - unsigned long BN_get_word(BIGNUM *a); + int BN_set_word(BIGNUM *a, BN_ULONG w); + BN_ULONG BN_get_word(BIGNUM *a); =head1 DESCRIPTION +B is a macro that will be an unsigned integral type optimied +for the most efficient implementation on the local platform. + BN_zero(), BN_one() and BN_set_word() set B to the values 0, 1 and B respectively. BN_zero() and BN_one() are macros. BN_value_one() returns a B constant of value 1. This constant is useful for use in comparisons and assignment. -BN_get_word() returns B, if it can be represented as an unsigned -long. +BN_get_word() returns B, if it can be represented as a B. =head1 RETURN VALUES -BN_get_word() returns the value B, and 0xffffffffL if B cannot -be represented as an unsigned long. +BN_get_word() returns the value B, or all-bits-set if B cannot +be represented as a B. BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise. BN_value_one() returns the constant. =head1 BUGS -Someone might change the constant. +If a B is equal to the value of all-bits-set, it will collide +with the error condition returned by BN_get_word() which uses that +as an error value. -If a B is equal to 0xffffffffL it can be represented as an -unsigned long but this value is also returned on error. +B should probably be a typedef. =head1 SEE ALSO diff --git a/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod b/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod index 4cd24d7e0169f6..4973f0a23ba329 100644 --- a/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod +++ b/deps/openssl/openssl/doc/crypto/EVP_EncryptInit.pod @@ -38,38 +38,38 @@ EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); + ENGINE *impl, const unsigned char *key, const unsigned char *iv); int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); + ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); + int *outl, const unsigned char *in, int inl); int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); + const unsigned char *key, const unsigned char *iv); int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv, int enc); + const unsigned char *key, const unsigned char *iv, int enc); int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); diff --git a/deps/openssl/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/deps/openssl/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 44792f91a11d9e..10399ecbafd095 100644 --- a/deps/openssl/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/deps/openssl/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -203,6 +203,27 @@ chain found is not trusted, then OpenSSL will continue to check to see if an alternative chain can be found that is trusted. With this flag set the behaviour will match that of OpenSSL versions prior to 1.0.2b. +The B flag causes chain construction to look for +issuers in the trust store before looking at the untrusted certificates +provided as part of the the peer chain. +Though it is not on by default in OpenSSL 1.0.2, applications should generally +set this flag. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important When some certificates in the trust store have +explicit trust settings (see "TRUST SETTINGS" in L). + +The B flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root CA certificates. +This makes it possible to trust certificates issued by an intermediate CA +without having to trust its ancestor root CA. +With OpenSSL 1.0.2, chain construction continues as long as there are +additional trusted issuers in the trust store, and the last trusted issuer +becomes the trust-anchor. +Thus, even when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may still be anchored by a root CA. + =head1 NOTES The above functions should be used to manipulate verification parameters @@ -235,7 +256,8 @@ connections associated with an B structure B: L, L, L, -L +L, +L =head1 HISTORY diff --git a/deps/openssl/openssl/doc/crypto/threads.pod b/deps/openssl/openssl/doc/crypto/threads.pod index dc0e9391dc206a..30c19b815fd89a 100644 --- a/deps/openssl/openssl/doc/crypto/threads.pod +++ b/deps/openssl/openssl/doc/crypto/threads.pod @@ -63,9 +63,13 @@ CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support =head1 DESCRIPTION -OpenSSL can safely be used in multi-threaded applications provided -that at least two callback functions are set, locking_function and +OpenSSL can generally be used safely in multi-threaded applications provided +that at least two callback functions are set, the locking_function and threadid_func. +Note that OpenSSL is not completely thread-safe, and unfortunately not all +global resources have the necessary locks. +Further, the thread-safety does not extend to things like multiple threads +using the same B object at the same time. locking_function(int mode, int n, const char *file, int line) is needed to perform locking on shared data structures. diff --git a/deps/openssl/openssl/engines/ccgost/README.gost b/deps/openssl/openssl/engines/ccgost/README.gost index c96cccc7b40a6e..80f7900d0987b5 100644 --- a/deps/openssl/openssl/engines/ccgost/README.gost +++ b/deps/openssl/openssl/engines/ccgost/README.gost @@ -193,7 +193,7 @@ Russian clients and RSA/DSA ciphersuites for foreign clients. openssl dgst -mac gost-mac -macopt key:<32 bytes of key> datafile - Note absense of an option that specifies digest algorithm. gost-mac + Note absence of an option that specifies digest algorithm. gost-mac algorithm supports only one digest (which is actually part of implementation of this mac) and OpenSSL is clever enough to find out this. @@ -216,8 +216,8 @@ openssl pksc12 -export -inkey gost.pem -in gost_cert.pem -keypbe gost89\ 7. Testing speed of symmetric ciphers. To test performance of GOST symmetric ciphers you should use -evp switch -of the openssl speed command. Engine-provided ciphers couldn't be -accessed by cipher-specific functions, only via generic evp interface +of the openssl speed command. Engine-provided ciphers can be accessed only via +generic evp interface and not by cipher-specific functions. openssl speed -evp gost89 openssl speed -evp gost89-cnt @@ -225,7 +225,7 @@ accessed by cipher-specific functions, only via generic evp interface PROGRAMMING INTERFACES DETAILS -Applications never should access engine directly. They only use provided +Applications should never access engine directly. They should only use provided EVP_PKEY API. But there are some details, which should be taken into account. @@ -281,12 +281,11 @@ If UKM is not set by this control command, encrypt operation would generate random UKM. -This sources include implementation of GOST 28147-89 and GOST R 34.11-94 -which are completely indepentent from OpenSSL and can be used separately -(files gost89.c, gost89.h, gosthash.c, gosthash.h) Utility gostsum (file -gostsum.c) is provided as example of such separate usage. This is -program, simular to md5sum and sha1sum utilities, but calculates GOST R -34.11-94 hash. +These sources include implementation of GOST 28147-89 and GOST R 34.11-94 +which are completely independent from OpenSSL and can be used separately +(files gost89.c, gost89.h, gosthash.c, gosthash.h). Utility gostsum (file +gostsum.c) is provided as an example of such separate usage. This program is +similar to md5sum and sha1sum utilities, but calculates GOST R 34.11-94 hash. Makefile doesn't include rule for compiling gostsum. Use command diff --git a/deps/openssl/openssl/engines/ccgost/gost_eng.c b/deps/openssl/openssl/engines/ccgost/gost_eng.c index 5924791b7735d3..ea52c4dbe9db00 100644 --- a/deps/openssl/openssl/engines/ccgost/gost_eng.c +++ b/deps/openssl/openssl/engines/ccgost/gost_eng.c @@ -157,10 +157,6 @@ static int bind_gost(ENGINE *e, const char *id) return ret; } -#ifndef OPENSSL_NO_DYNAMIC_ENGINE -IMPLEMENT_DYNAMIC_BIND_FN(bind_gost) - IMPLEMENT_DYNAMIC_CHECK_FN() -#endif /* ndef OPENSSL_NO_DYNAMIC_ENGINE */ static int gost_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) { @@ -278,4 +274,7 @@ void ENGINE_load_gost(void) ENGINE_free(toadd); ERR_clear_error(); } +#else +IMPLEMENT_DYNAMIC_BIND_FN(bind_gost) +IMPLEMENT_DYNAMIC_CHECK_FN() #endif diff --git a/deps/openssl/openssl/engines/e_atalla.c b/deps/openssl/openssl/engines/e_atalla.c index 6a324e6766b063..7d136fff073632 100644 --- a/deps/openssl/openssl/engines/e_atalla.c +++ b/deps/openssl/openssl/engines/e_atalla.c @@ -494,7 +494,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; } /* Prepare the key-data */ - memset(&keydata, 0, sizeof keydata); + memset(&keydata, 0, sizeof(keydata)); numbytes = BN_num_bytes(m); memset(exponent->d, 0, numbytes); memset(modulus->d, 0, numbytes); diff --git a/deps/openssl/openssl/include/openssl/asn1.h b/deps/openssl/openssl/include/openssl/asn1.h index 68e791fcdbe8e5..35a2b2aa023811 100644 --- a/deps/openssl/openssl/include/openssl/asn1.h +++ b/deps/openssl/openssl/include/openssl/asn1.h @@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_MSTRING_NOT_UNIVERSAL 139 # define ASN1_R_MSTRING_WRONG_TAG 140 # define ASN1_R_NESTED_ASN1_STRING 197 +# define ASN1_R_NESTED_TOO_DEEP 219 # define ASN1_R_NON_HEX_CHARACTERS 141 # define ASN1_R_NOT_ASCII_FORMAT 190 # define ASN1_R_NOT_ENOUGH_DATA 142 diff --git a/deps/openssl/openssl/include/openssl/opensslv.h b/deps/openssl/openssl/include/openssl/opensslv.h index baee2d0865fd1d..77f124e2cb3c4b 100644 --- a/deps/openssl/openssl/include/openssl/opensslv.h +++ b/deps/openssl/openssl/include/openssl/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100020efL +# define OPENSSL_VERSION_NUMBER 0x100020ffL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n-fips 7 Dec 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2n 7 Dec 2017" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o 27 Mar 2018" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/deps/openssl/openssl/openssl.spec b/deps/openssl/openssl/openssl.spec index b5cb87ecec40c8..7130564c4bd569 100644 --- a/deps/openssl/openssl/openssl.spec +++ b/deps/openssl/openssl/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2n +Version: 1.0.2o Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/deps/openssl/openssl/ssl/Makefile b/deps/openssl/openssl/ssl/Makefile index 7866a3ccd77bab..b0a4ee8577c85d 100644 --- a/deps/openssl/openssl/ssl/Makefile +++ b/deps/openssl/openssl/ssl/Makefile @@ -269,7 +269,7 @@ d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c d1_srvr.o: ssl_locl.h -kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h +kssl.o: ../crypto/o_time.h ../include/openssl/asn1.h ../include/openssl/bio.h kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h kssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h kssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h diff --git a/deps/openssl/openssl/ssl/bad_dtls_test.c b/deps/openssl/openssl/ssl/bad_dtls_test.c index 34af37d9a9f409..ff754e1e497b50 100644 --- a/deps/openssl/openssl/ssl/bad_dtls_test.c +++ b/deps/openssl/openssl/ssl/bad_dtls_test.c @@ -19,7 +19,7 @@ * Note that unlike other SSL tests, we don't test against our own SSL * server method. Firstly because we don't have one; we *only* support * DTLS1_BAD_VER as a client. And secondly because even if that were - * fixed up it's the wrong thing to test against — because if changes + * fixed up it's the wrong thing to test against - because if changes * are made in generic DTLS code which don't take DTLS1_BAD_VER into * account, there's plenty of scope for making those changes such that * they break *both* the client and the server in the same way. diff --git a/deps/openssl/openssl/ssl/d1_lib.c b/deps/openssl/openssl/ssl/d1_lib.c index debd4fd5dcca40..95b5033d3d333c 100644 --- a/deps/openssl/openssl/ssl/d1_lib.c +++ b/deps/openssl/openssl/ssl/d1_lib.c @@ -126,9 +126,9 @@ int dtls1_new(SSL *s) if (!ssl3_new(s)) return (0); - if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) + if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL) return (0); - memset(d1, 0, sizeof *d1); + memset(d1, 0, sizeof(*d1)); /* d1->handshake_epoch=0; */ diff --git a/deps/openssl/openssl/ssl/d1_pkt.c b/deps/openssl/openssl/ssl/d1_pkt.c index 10586fee5408ea..f5deddf7706ac3 100644 --- a/deps/openssl/openssl/ssl/d1_pkt.c +++ b/deps/openssl/openssl/ssl/d1_pkt.c @@ -4,7 +4,7 @@ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. */ /* ==================================================================== - * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -706,8 +706,11 @@ int dtls1_get_record(SSL *s) n2s(p, rr->length); - /* Lets check version */ - if (!s->first_packet) { + /* + * Lets check the version. We tolerate alerts that don't have the exact + * version number (e.g. because of protocol version errors) + */ + if (!s->first_packet && rr->type != SSL3_RT_ALERT) { if (version != s->version) { /* unexpected version, silently discard */ rr->length = 0; @@ -1061,7 +1064,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) unsigned int *dest_len = NULL; if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof s->d1->handshake_fragment; + dest_maxlen = sizeof(s->d1->handshake_fragment); dest = s->d1->handshake_fragment; dest_len = &s->d1->handshake_fragment_len; } else if (rr->type == SSL3_RT_ALERT) { @@ -1202,6 +1205,24 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) goto start; } + /* + * If we are a server and get a client hello when renegotiation isn't + * allowed send back a no renegotiation alert and carry on. + */ + if (s->server + && SSL_is_init_finished(s) + && !s->s3->send_connection_binding + && s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH + && s->d1->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO + && s->s3->previous_client_finished_len != 0 + && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) { + s->d1->handshake_fragment_len = 0; + rr->length = 0; + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); + goto start; + } + + if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { int alert_level = s->d1->alert_fragment[0]; int alert_descr = s->d1->alert_fragment[1]; @@ -1286,7 +1307,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->s3->fatal_alert = alert_descr; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); + BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); diff --git a/deps/openssl/openssl/ssl/fatalerrtest.c b/deps/openssl/openssl/ssl/fatalerrtest.c index 0288c33fa2eb9c..f9d66e27b30ceb 100644 --- a/deps/openssl/openssl/ssl/fatalerrtest.c +++ b/deps/openssl/openssl/ssl/fatalerrtest.c @@ -13,8 +13,8 @@ int main(int argc, char *argv[]) { - SSL_CTX *sctx, *cctx; - SSL *sssl, *cssl; + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *sssl = NULL, *cssl = NULL; const char *msg = "Dummy"; BIO *err = NULL, *wbio = NULL; int ret = 1, len; @@ -76,7 +76,7 @@ int main(int argc, char *argv[]) } /* SSL_read()/SSL_write should fail because of a previous fatal error */ - if ((len = SSL_read(sssl, buf, sizeof(buf - 1))) > 0) { + if ((len = SSL_read(sssl, buf, sizeof(buf) - 1)) > 0) { buf[len] = '\0'; printf("Unexpected success reading data: %s\n", buf); goto err; diff --git a/deps/openssl/openssl/ssl/kssl.c b/deps/openssl/openssl/ssl/kssl.c index f2839bdcd7f53f..18e5f1dcc2b0aa 100644 --- a/deps/openssl/openssl/ssl/kssl.c +++ b/deps/openssl/openssl/ssl/kssl.c @@ -4,7 +4,7 @@ * 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -78,6 +78,7 @@ #include #include #include +#include "o_time.h" #include "kssl_lcl.h" #ifndef OPENSSL_NO_KRB5 @@ -2026,6 +2027,8 @@ krb5_error_code kssl_check_authent( int outl, unencbufsize; struct tm tm_time, *tm_l, *tm_g; time_t now, tl, tg, tr, tz_offset; + struct tm gmt_result = {0}; + struct tm lt_result = {0}; EVP_CIPHER_CTX_init(&ciph_ctx); *atimep = 0; @@ -2082,7 +2085,7 @@ krb5_error_code kssl_check_authent( } # endif enc = kssl_map_enc(enctype); - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ if (enc == NULL) { /* @@ -2140,9 +2143,17 @@ krb5_error_code kssl_check_authent( if (k_gmtime(auth->ctime, &tm_time) && ((tr = mktime(&tm_time)) != (time_t)(-1))) { now = time(&now); + tm_g = OPENSSL_gmtime(&now, &gmt_result); + +# if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && \ + !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_SUNOS) && \ + (!defined(OPENSSL_SYS_VMS) || defined(localtime_r)) + tm_l = localtime_r(&now, <_result); +# else tm_l = localtime(&now); +# endif + tl = mktime(tm_l); - tm_g = gmtime(&now); tg = mktime(tm_g); tz_offset = tg - tl; diff --git a/deps/openssl/openssl/ssl/s23_srvr.c b/deps/openssl/openssl/ssl/s23_srvr.c index d3f6db15cceee7..d2017e7cf08625 100644 --- a/deps/openssl/openssl/ssl/s23_srvr.c +++ b/deps/openssl/openssl/ssl/s23_srvr.c @@ -268,8 +268,8 @@ int ssl23_get_client_hello(SSL *s) if (!ssl3_setup_buffers(s)) goto err; - n = ssl23_read_bytes(s, sizeof buf_space); - if (n != sizeof buf_space) + n = ssl23_read_bytes(s, sizeof(buf_space)); + if (n != sizeof(buf_space)) return (n); /* n == -1 || n == 0 */ p = s->packet; diff --git a/deps/openssl/openssl/ssl/s2_clnt.c b/deps/openssl/openssl/ssl/s2_clnt.c index 20de1a82178f95..3a8345ba2f8180 100644 --- a/deps/openssl/openssl/ssl/s2_clnt.c +++ b/deps/openssl/openssl/ssl/s2_clnt.c @@ -523,7 +523,7 @@ static int get_server_hello(SSL *s) } s->s2->conn_id_length = s->s2->tmp.conn_id_length; - if (s->s2->conn_id_length > sizeof s->s2->conn_id) { + if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG); return -1; @@ -708,7 +708,7 @@ static int client_finished(SSL *s) if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) { p = (unsigned char *)s->init_buf->data; *(p++) = SSL2_MT_CLIENT_FINISHED; - if (s->s2->conn_id_length > sizeof s->s2->conn_id) { + if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) { SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); return -1; } @@ -981,7 +981,7 @@ static int get_server_finished(SSL *s) } else { if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) { if ((s->session->session_id_length > - sizeof s->session->session_id) + sizeof(s->session->session_id)) || (0 != memcmp(buf + 1, s->session->session_id, (unsigned int)s->session->session_id_length))) { diff --git a/deps/openssl/openssl/ssl/s2_enc.c b/deps/openssl/openssl/ssl/s2_enc.c index 23eef72aa43b6e..0115d2069ce20c 100644 --- a/deps/openssl/openssl/ssl/s2_enc.c +++ b/deps/openssl/openssl/ssl/s2_enc.c @@ -99,7 +99,7 @@ int ssl2_enc_init(SSL *s, int client) num = c->key_len; s->s2->key_material_length = num * 2; - OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material); + OPENSSL_assert(s->s2->key_material_length <= sizeof(s->s2->key_material)); if (ssl2_generate_key_material(s) <= 0) return 0; diff --git a/deps/openssl/openssl/ssl/s2_lib.c b/deps/openssl/openssl/ssl/s2_lib.c index cc1360307b9468..f03fe69f1e7842 100644 --- a/deps/openssl/openssl/ssl/s2_lib.c +++ b/deps/openssl/openssl/ssl/s2_lib.c @@ -326,9 +326,9 @@ int ssl2_new(SSL *s) { SSL2_STATE *s2; - if ((s2 = OPENSSL_malloc(sizeof *s2)) == NULL) + if ((s2 = OPENSSL_malloc(sizeof(*s2))) == NULL) goto err; - memset(s2, 0, sizeof *s2); + memset(s2, 0, sizeof(*s2)); # if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2 # error "assertion failed" @@ -371,7 +371,7 @@ void ssl2_free(SSL *s) OPENSSL_free(s2->rbuf); if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf); - OPENSSL_cleanse(s2, sizeof *s2); + OPENSSL_cleanse(s2, sizeof(*s2)); OPENSSL_free(s2); s->s2 = NULL; } @@ -386,7 +386,7 @@ void ssl2_clear(SSL *s) rbuf = s2->rbuf; wbuf = s2->wbuf; - memset(s2, 0, sizeof *s2); + memset(s2, 0, sizeof(*s2)); s2->rbuf = rbuf; s2->wbuf = wbuf; diff --git a/deps/openssl/openssl/ssl/s2_srvr.c b/deps/openssl/openssl/ssl/s2_srvr.c index d3b243c27e02d5..c30161109c446d 100644 --- a/deps/openssl/openssl/ssl/s2_srvr.c +++ b/deps/openssl/openssl/ssl/s2_srvr.c @@ -724,7 +724,7 @@ static int get_client_hello(SSL *s) p += s->s2->tmp.session_id_length; /* challenge */ - if (s->s2->challenge_length > sizeof s->s2->challenge) { + if (s->s2->challenge_length > sizeof(s->s2->challenge)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); return -1; @@ -872,7 +872,7 @@ static int get_client_finished(SSL *s) } /* SSL2_ST_GET_CLIENT_FINISHED_B */ - if (s->s2->conn_id_length > sizeof s->s2->conn_id) { + if (s->s2->conn_id_length > sizeof(s->s2->conn_id)) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR); return -1; @@ -903,7 +903,7 @@ static int server_verify(SSL *s) if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) { p = (unsigned char *)s->init_buf->data; *(p++) = SSL2_MT_SERVER_VERIFY; - if (s->s2->challenge_length > sizeof s->s2->challenge) { + if (s->s2->challenge_length > sizeof(s->s2->challenge)) { SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR); return -1; } @@ -925,7 +925,7 @@ static int server_finish(SSL *s) p = (unsigned char *)s->init_buf->data; *(p++) = SSL2_MT_SERVER_FINISHED; - if (s->session->session_id_length > sizeof s->session->session_id) { + if (s->session->session_id_length > sizeof(s->session->session_id)) { SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR); return -1; } diff --git a/deps/openssl/openssl/ssl/s3_clnt.c b/deps/openssl/openssl/ssl/s3_clnt.c index 5b8b2da59f544f..bd0929d0e50e4d 100644 --- a/deps/openssl/openssl/ssl/s3_clnt.c +++ b/deps/openssl/openssl/ssl/s3_clnt.c @@ -984,7 +984,7 @@ int ssl3_get_server_hello(SSL *s) /* get the session-id */ j = *(p++); - if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { + if ((j > sizeof(s->session->session_id)) || (j > SSL3_SESSION_ID_SIZE)) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; @@ -2561,16 +2561,16 @@ int ssl3_send_client_key_exchange(SSL *s) tmp_buf[0] = s->client_version >> 8; tmp_buf[1] = s->client_version & 0xff; - if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) + if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0) goto err; - s->session->master_key_length = sizeof tmp_buf; + s->session->master_key_length = sizeof(tmp_buf); q = p; /* Fix buf for TLS and beyond */ if (s->version > SSL3_VERSION) p += 2; - n = RSA_public_encrypt(sizeof tmp_buf, + n = RSA_public_encrypt(sizeof(tmp_buf), tmp_buf, p, rsa, RSA_PKCS1_PADDING); # ifdef PKCS1_CHECK if (s->options & SSL_OP_PKCS1_CHECK_1) @@ -2595,8 +2595,8 @@ int ssl3_send_client_key_exchange(SSL *s) s-> session->master_key, tmp_buf, - sizeof tmp_buf); - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); + sizeof(tmp_buf)); + OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf)); } #endif #ifndef OPENSSL_NO_KRB5 @@ -2688,7 +2688,7 @@ int ssl3_send_client_key_exchange(SSL *s) tmp_buf[0] = s->client_version >> 8; tmp_buf[1] = s->client_version & 0xff; - if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0) + if (RAND_bytes(&(tmp_buf[2]), sizeof(tmp_buf) - 2) <= 0) goto err; /*- @@ -2699,13 +2699,13 @@ int ssl3_send_client_key_exchange(SSL *s) * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); */ - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf, - sizeof tmp_buf); + sizeof(tmp_buf)); EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); outl += padl; - if (outl > (int)sizeof epms) { + if (outl > (int)sizeof(epms)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; @@ -2723,9 +2723,9 @@ int ssl3_send_client_key_exchange(SSL *s) s-> session->master_key, tmp_buf, - sizeof tmp_buf); + sizeof(tmp_buf)); - OPENSSL_cleanse(tmp_buf, sizeof tmp_buf); + OPENSSL_cleanse(tmp_buf, sizeof(tmp_buf)); OPENSSL_cleanse(epms, outl); } #endif diff --git a/deps/openssl/openssl/ssl/s3_lib.c b/deps/openssl/openssl/ssl/s3_lib.c index 1014a3fce16f75..7e27dae35b0c25 100644 --- a/deps/openssl/openssl/ssl/s3_lib.c +++ b/deps/openssl/openssl/ssl/s3_lib.c @@ -3018,9 +3018,9 @@ int ssl3_new(SSL *s) { SSL3_STATE *s3; - if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) + if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL) goto err; - memset(s3, 0, sizeof *s3); + memset(s3, 0, sizeof(*s3)); memset(s3->rrec.seq_num, 0, sizeof(s3->rrec.seq_num)); memset(s3->wrec.seq_num, 0, sizeof(s3->wrec.seq_num)); @@ -3078,7 +3078,7 @@ void ssl3_free(SSL *s) #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); #endif - OPENSSL_cleanse(s->s3, sizeof *s->s3); + OPENSSL_cleanse(s->s3, sizeof(*s->s3)); OPENSSL_free(s->s3); s->s3 = NULL; } @@ -3142,7 +3142,7 @@ void ssl3_clear(SSL *s) s->s3->alpn_selected = NULL; } #endif - memset(s->s3, 0, sizeof *s->s3); + memset(s->s3, 0, sizeof(*s->s3)); s->s3->rbuf.buf = rp; s->s3->wbuf.buf = wp; s->s3->rbuf.len = rlen; diff --git a/deps/openssl/openssl/ssl/s3_pkt.c b/deps/openssl/openssl/ssl/s3_pkt.c index b9145684304176..6527df8ce228bd 100644 --- a/deps/openssl/openssl/ssl/s3_pkt.c +++ b/deps/openssl/openssl/ssl/s3_pkt.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -1096,10 +1096,9 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, int i; SSL3_BUFFER *wb = &(s->s3->wbuf); -/* XXXX */ if ((s->s3->wpend_tot > (int)len) - || ((s->s3->wpend_buf != buf) && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) + || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) + && (s->s3->wpend_buf != buf)) || (s->s3->wpend_type != type)) { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); return (-1); @@ -1314,11 +1313,11 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) unsigned int *dest_len = NULL; if (rr->type == SSL3_RT_HANDSHAKE) { - dest_maxlen = sizeof s->s3->handshake_fragment; + dest_maxlen = sizeof(s->s3->handshake_fragment); dest = s->s3->handshake_fragment; dest_len = &s->s3->handshake_fragment_len; } else if (rr->type == SSL3_RT_ALERT) { - dest_maxlen = sizeof s->s3->alert_fragment; + dest_maxlen = sizeof(s->s3->alert_fragment); dest = s->s3->alert_fragment; dest_len = &s->s3->alert_fragment_len; } @@ -1421,26 +1420,25 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) */ goto start; } + /* * If we are a server and get a client hello when renegotiation isn't - * allowed send back a no renegotiation alert and carry on. WARNING: - * experimental code, needs reviewing (steve) + * allowed send back a no renegotiation alert and carry on. */ - if (s->server && - SSL_is_init_finished(s) && - !s->s3->send_connection_binding && - (s->version > SSL3_VERSION) && - (s->s3->handshake_fragment_len >= 4) && - (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL) && - !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { - /* - * s->s3->handshake_fragment_len = 0; - */ + if (s->server + && SSL_is_init_finished(s) + && !s->s3->send_connection_binding + && s->version > SSL3_VERSION + && s->s3->handshake_fragment_len >= SSL3_HM_HEADER_LENGTH + && s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO + && s->s3->previous_client_finished_len != 0 + && (s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0) { + s->s3->handshake_fragment_len = 0; rr->length = 0; ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); goto start; } + if (s->s3->alert_fragment_len >= 2) { int alert_level = s->s3->alert_fragment[0]; int alert_descr = s->s3->alert_fragment[1]; @@ -1498,7 +1496,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) s->rwstate = SSL_NOTHING; s->s3->fatal_alert = alert_descr; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr); + BIO_snprintf(tmp, sizeof(tmp), "%d", alert_descr); ERR_add_error_data(2, "SSL alert number ", tmp); s->shutdown |= SSL_RECEIVED_SHUTDOWN; SSL_CTX_remove_session(s->session_ctx, s->session); diff --git a/deps/openssl/openssl/ssl/s3_srvr.c b/deps/openssl/openssl/ssl/s3_srvr.c index 0fb4845d44fa3a..96d973cd02bb46 100644 --- a/deps/openssl/openssl/ssl/s3_srvr.c +++ b/deps/openssl/openssl/ssl/s3_srvr.c @@ -2510,7 +2510,7 @@ int ssl3_get_client_key_exchange(SSL *s) /* * Note that the length is checked again below, ** after decryption */ - if (enc_pms.length > sizeof pms) { + if (enc_pms.length > sizeof(pms)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); goto err; @@ -2563,7 +2563,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (enc == NULL) goto err; - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, diff --git a/deps/openssl/openssl/ssl/ssl_cert.c b/deps/openssl/openssl/ssl/ssl_cert.c index 155728d03772b1..363d2b2d604484 100644 --- a/deps/openssl/openssl/ssl/ssl_cert.c +++ b/deps/openssl/openssl/ssl/ssl_cert.c @@ -636,13 +636,13 @@ SESS_CERT *ssl_sess_cert_new(void) { SESS_CERT *ret; - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof *ret); + memset(ret, 0, sizeof(*ret)); ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; @@ -1018,15 +1018,15 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, char buf[1024]; int r; - if (strlen(dir) + strlen(filename) + 2 > sizeof buf) { + if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) { SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, SSL_R_PATH_TOO_LONG); goto err; } #ifdef OPENSSL_SYS_VMS - r = BIO_snprintf(buf, sizeof buf, "%s%s", dir, filename); + r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename); #else - r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename); + r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename); #endif if (r <= 0 || r >= (int)sizeof(buf)) goto err; diff --git a/deps/openssl/openssl/ssl/ssl_lib.c b/deps/openssl/openssl/ssl/ssl_lib.c index 3539f4b8d20a36..3a6c1b14d4a57a 100644 --- a/deps/openssl/openssl/ssl/ssl_lib.c +++ b/deps/openssl/openssl/ssl/ssl_lib.c @@ -343,7 +343,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_depth = ctx->verify_depth; #endif s->sid_ctx_length = ctx->sid_ctx_length; - OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); + OPENSSL_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)); memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx)); s->verify_callback = ctx->default_verify_callback; s->generate_session_id = ctx->generate_session_id; @@ -437,7 +437,7 @@ SSL *SSL_new(SSL_CTX *ctx) int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if (sid_ctx_len > sizeof ctx->sid_ctx) { + if (sid_ctx_len > sizeof(ctx->sid_ctx)) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; @@ -490,7 +490,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, */ SSL_SESSION r, *p; - if (id_len > sizeof r.session_id) + if (id_len > sizeof(r.session_id)) return 0; r.ssl_version = ssl->version; diff --git a/deps/openssl/openssl/ssl/ssl_sess.c b/deps/openssl/openssl/ssl/ssl_sess.c index 23dd3e7a01c33c..6a5ad5374bec3c 100644 --- a/deps/openssl/openssl/ssl/ssl_sess.c +++ b/deps/openssl/openssl/ssl/ssl_sess.c @@ -529,7 +529,7 @@ int ssl_get_new_session(SSL *s, int session) ss->session_id_length = 0; } - if (s->sid_ctx_length > sizeof ss->sid_ctx) { + if (s->sid_ctx_length > sizeof(ss->sid_ctx)) { SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR); SSL_SESSION_free(ss); return 0; @@ -870,9 +870,9 @@ void SSL_SESSION_free(SSL_SESSION *ss) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); - OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg); - OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); - OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); + OPENSSL_cleanse(ss->key_arg, sizeof(ss->key_arg)); + OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key)); + OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id)); if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); if (ss->peer != NULL) diff --git a/deps/openssl/openssl/ssl/ssltest.c b/deps/openssl/openssl/ssl/ssltest.c index f6a8f195eeb716..b861e4956937b8 100644 --- a/deps/openssl/openssl/ssl/ssltest.c +++ b/deps/openssl/openssl/ssl/ssltest.c @@ -1102,7 +1102,7 @@ int main(int argc, char *argv[]) } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_seed(rnd_seed, sizeof rnd_seed); + RAND_seed(rnd_seed, sizeof(rnd_seed)); bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); @@ -1673,9 +1673,9 @@ int main(int argc, char *argv[]) { int session_id_context = 0; SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, - sizeof session_id_context); + sizeof(session_id_context)); SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context, - sizeof session_id_context); + sizeof(session_id_context)); } /* Use PSK only if PSK key is given */ @@ -1861,9 +1861,9 @@ int main(int argc, char *argv[]) if (c_ssl && c_ssl->kssl_ctx) { char localhost[MAXHOSTNAMELEN + 2]; - if (gethostname(localhost, sizeof localhost - 1) == 0) { - localhost[sizeof localhost - 1] = '\0'; - if (strlen(localhost) == sizeof localhost - 1) { + if (gethostname(localhost, sizeof(localhost) - 1) == 0) { + localhost[sizeof(localhost) - 1] = '\0'; + if (strlen(localhost) == sizeof(localhost) - 1) { BIO_printf(bio_err, "localhost name too long\n"); goto end; } @@ -2041,8 +2041,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (cw_num > 0) { /* Write to server. */ - if (cw_num > (long)sizeof cbuf) - i = sizeof cbuf; + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); else i = (int)cw_num; r = BIO_write(c_ssl_bio, cbuf, i); @@ -2118,8 +2118,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (sw_num > 0) { /* Write to client. */ - if (sw_num > (long)sizeof sbuf) - i = sizeof sbuf; + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); else i = (int)sw_num; r = BIO_write(s_ssl_bio, sbuf, i); @@ -2630,7 +2630,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) char *s, buf[256]; s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, - sizeof buf); + sizeof(buf)); if (s != NULL) { if (ok) fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf); diff --git a/deps/openssl/openssl/ssl/t1_enc.c b/deps/openssl/openssl/ssl/t1_enc.c index b6d1ee95a5212b..50491ff62ff432 100644 --- a/deps/openssl/openssl/ssl/t1_enc.c +++ b/deps/openssl/openssl/ssl/t1_enc.c @@ -972,7 +972,7 @@ int tls1_final_finish_mac(SSL *s, int hashsize = EVP_MD_size(md); EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; if (!hdgst || hashsize < 0 - || hashsize > (int)(sizeof buf - (size_t)(q - buf))) { + || hashsize > (int)(sizeof(buf) - (size_t)(q - buf))) { /* * internal error: 'buf' is too small for this cipersuite! */ @@ -990,7 +990,7 @@ int tls1_final_finish_mac(SSL *s, if (!tls1_PRF(ssl_get_algorithm2(s), str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0, s->session->master_key, s->session->master_key_length, - out, buf2, sizeof buf2)) + out, buf2, sizeof(buf2))) err = 1; EVP_MD_CTX_cleanup(&ctx); @@ -999,7 +999,7 @@ int tls1_final_finish_mac(SSL *s, if (err) return 0; else - return sizeof buf2; + return sizeof(buf2); } int tls1_mac(SSL *ssl, unsigned char *md, int send) @@ -1165,8 +1165,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s->s3->client_random, SSL3_RANDOM_SIZE, co, col, s->s3->server_random, SSL3_RANDOM_SIZE, - so, sol, p, len, s->session->master_key, buff, sizeof buff); - OPENSSL_cleanse(buff, sizeof buff); + so, sol, p, len, s->session->master_key, buff, sizeof(buff)); + OPENSSL_cleanse(buff, sizeof(buff)); #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); BIO_dump_fp(stderr, (char *)p, len); diff --git a/deps/openssl/openssl/ssl/t1_lib.c b/deps/openssl/openssl/ssl/t1_lib.c index 1a4387b78eb93f..75c2f4154dfe64 100644 --- a/deps/openssl/openssl/ssl/t1_lib.c +++ b/deps/openssl/openssl/ssl/t1_lib.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -2284,8 +2284,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; - int ecpointformatlist_length = *(sdata++); + int ecpointformatlist_length; + if (size == 0) + goto err; + + ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1 || ecpointformatlist_length < 1) goto err; @@ -2711,8 +2715,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, # ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; - int ecpointformatlist_length = *(sdata++); + int ecpointformatlist_length; + + if (size == 0) { + *al = TLS1_AD_DECODE_ERROR; + return 0; + } + ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1) { *al = TLS1_AD_DECODE_ERROR; return 0; @@ -3505,6 +3515,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, EVP_CIPHER_CTX ctx; SSL_CTX *tctx = s->initial_ctx; + /* Need at least keyname + iv */ + if (eticklen < 16 + EVP_MAX_IV_LENGTH) + return 2; + /* Initialize session ticket encryption and HMAC contexts */ HMAC_CTX_init(&hctx); EVP_CIPHER_CTX_init(&ctx); @@ -3513,9 +3527,12 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16, &ctx, &hctx, 0); if (rv < 0) - return -1; - if (rv == 0) + goto err; + if (rv == 0) { + HMAC_CTX_cleanup(&hctx); + EVP_CIPHER_CTX_cleanup(&ctx); return 2; + } if (rv == 2) renew_ticket = 1; } else { diff --git a/deps/openssl/openssl/ssl/t1_trce.c b/deps/openssl/openssl/ssl/t1_trce.c index c5e21df77a6b9d..dc62df8f94cf8c 100644 --- a/deps/openssl/openssl/ssl/t1_trce.c +++ b/deps/openssl/openssl/ssl/t1_trce.c @@ -1247,13 +1247,15 @@ void SSL_trace(int write_p, int version, int content_type, break; case SSL3_RT_ALERT: - if (msglen != 2) + if (msglen != 2) { BIO_puts(bio, " Illegal Alert Length\n"); - else { + } else { BIO_printf(bio, " Level=%s(%d), description=%s(%d)\n", SSL_alert_type_string_long(msg[0] << 8), msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); } + break; + case TLS1_RT_HEARTBEAT: ssl_print_heartbeat(bio, 4, msg, msglen); break; diff --git a/deps/openssl/openssl/test/igetest.c b/deps/openssl/openssl/test/igetest.c index 08f361a0a85c4d..748685d1440bf9 100644 --- a/deps/openssl/openssl/test/igetest.c +++ b/deps/openssl/openssl/test/igetest.c @@ -200,16 +200,16 @@ static int run_test_vectors(void) assert(v->length <= MAX_VECTOR_SIZE); if (v->encrypt == AES_ENCRYPT) - AES_set_encrypt_key(v->key, 8 * sizeof v->key, &key); + AES_set_encrypt_key(v->key, 8 * sizeof(v->key), &key); else - AES_set_decrypt_key(v->key, 8 * sizeof v->key, &key); - memcpy(iv, v->iv, sizeof iv); + AES_set_decrypt_key(v->key, 8 * sizeof(v->key), &key); + memcpy(iv, v->iv, sizeof(iv)); AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt); if (memcmp(v->out, buf, v->length)) { printf("IGE test vector %d failed\n", n); - hexdump(stdout, "key", v->key, sizeof v->key); - hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "key", v->key, sizeof(v->key)); + hexdump(stdout, "iv", v->iv, sizeof(v->iv)); hexdump(stdout, "in", v->in, v->length); hexdump(stdout, "expected", v->out, v->length); hexdump(stdout, "got", buf, v->length); @@ -218,14 +218,14 @@ static int run_test_vectors(void) } /* try with in == out */ - memcpy(iv, v->iv, sizeof iv); + memcpy(iv, v->iv, sizeof(iv)); memcpy(buf, v->in, v->length); AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); if (memcmp(v->out, buf, v->length)) { printf("IGE test vector %d failed (with in == out)\n", n); - hexdump(stdout, "key", v->key, sizeof v->key); - hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "key", v->key, sizeof(v->key)); + hexdump(stdout, "iv", v->iv, sizeof(v->iv)); hexdump(stdout, "in", v->in, v->length); hexdump(stdout, "expected", v->out, v->length); hexdump(stdout, "got", buf, v->length); @@ -257,9 +257,9 @@ static int run_test_vectors(void) if (memcmp(v->out, buf, v->length)) { printf("Bidirectional IGE test vector %d failed\n", n); - hexdump(stdout, "key 1", v->key1, sizeof v->key1); - hexdump(stdout, "key 2", v->key2, sizeof v->key2); - hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "key 1", v->key1, sizeof(v->key1)); + hexdump(stdout, "key 2", v->key2, sizeof(v->key2)); + hexdump(stdout, "iv", v->iv, sizeof(v->iv)); hexdump(stdout, "in", v->in, v->length); hexdump(stdout, "expected", v->out, v->length); hexdump(stdout, "got", buf, v->length); @@ -288,19 +288,19 @@ int main(int argc, char **argv) assert(BIG_TEST_SIZE >= TEST_SIZE); - RAND_pseudo_bytes(rkey, sizeof rkey); - RAND_pseudo_bytes(plaintext, sizeof plaintext); - RAND_pseudo_bytes(iv, sizeof iv); - memcpy(saved_iv, iv, sizeof saved_iv); + RAND_pseudo_bytes(rkey, sizeof(rkey)); + RAND_pseudo_bytes(plaintext, sizeof(plaintext)); + RAND_pseudo_bytes(iv, sizeof(iv)); + memcpy(saved_iv, iv, sizeof(saved_iv)); /* Forward IGE only... */ /* Straight encrypt/decrypt */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT); - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT); if (memcmp(checktext, plaintext, TEST_SIZE)) { @@ -311,16 +311,16 @@ int main(int argc, char **argv) } /* Now check encrypt chaining works */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv, AES_ENCRYPT); AES_ige_encrypt(plaintext + TEST_SIZE / 2, ciphertext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv, AES_ENCRYPT); - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT); if (memcmp(checktext, plaintext, TEST_SIZE)) { @@ -331,16 +331,16 @@ int main(int argc, char **argv) } /* And check decrypt chaining */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv, AES_ENCRYPT); AES_ige_encrypt(plaintext + TEST_SIZE / 2, ciphertext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv, AES_ENCRYPT); - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv, AES_DECRYPT); AES_ige_encrypt(ciphertext + TEST_SIZE / 2, @@ -355,29 +355,29 @@ int main(int argc, char **argv) } /* make sure garble extends forwards only */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); - AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, AES_ENCRYPT); /* corrupt halfway through */ - ++ciphertext[sizeof ciphertext / 2]; - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - memcpy(iv, saved_iv, sizeof iv); - AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + ++ciphertext[sizeof(ciphertext) / 2]; + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + memcpy(iv, saved_iv, sizeof(iv)); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, AES_DECRYPT); matches = 0; - for (n = 0; n < sizeof checktext; ++n) + for (n = 0; n < sizeof(checktext); ++n) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof checktext / 2 + sizeof checktext / 100) { + if (matches > sizeof(checktext) / 2 + sizeof(checktext) / 100) { printf("More than 51%% matches after garbling\n"); ++err; } - if (matches < sizeof checktext / 2) { + if (matches < sizeof(checktext) / 2) { printf("Garble extends backwards!\n"); ++err; } @@ -389,16 +389,16 @@ int main(int argc, char **argv) */ /* possible with biIGE, so the IV is not updated. */ - RAND_pseudo_bytes(rkey2, sizeof rkey2); + RAND_pseudo_bytes(rkey2, sizeof(rkey2)); /* Straight encrypt/decrypt */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2); + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv, AES_ENCRYPT); - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2); + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv, AES_DECRYPT); @@ -410,70 +410,70 @@ int main(int argc, char **argv) } /* make sure garble extends both ways */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, AES_ENCRYPT); /* corrupt halfway through */ - ++ciphertext[sizeof ciphertext / 2]; - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + ++ciphertext[sizeof(ciphertext) / 2]; + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, AES_DECRYPT); matches = 0; - for (n = 0; n < sizeof checktext; ++n) + for (n = 0; n < sizeof(checktext); ++n) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof checktext / 100) { + if (matches > sizeof(checktext) / 100) { printf("More than 1%% matches after bidirectional garbling\n"); ++err; } /* make sure garble extends both ways (2) */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, AES_ENCRYPT); /* corrupt right at the end */ - ++ciphertext[sizeof ciphertext - 1]; - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + ++ciphertext[sizeof(ciphertext) - 1]; + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, AES_DECRYPT); matches = 0; - for (n = 0; n < sizeof checktext; ++n) + for (n = 0; n < sizeof(checktext); ++n) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof checktext / 100) { + if (matches > sizeof(checktext) / 100) { printf("More than 1%% matches after bidirectional garbling (2)\n"); ++err; } /* make sure garble extends both ways (3) */ - AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv, + AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv, AES_ENCRYPT); /* corrupt right at the start */ ++ciphertext[0]; - AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key); - AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2); - AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv, + AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key); + AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2); + AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv, AES_DECRYPT); matches = 0; - for (n = 0; n < sizeof checktext; ++n) + for (n = 0; n < sizeof(checktext); ++n) if (checktext[n] == plaintext[n]) ++matches; - if (matches > sizeof checktext / 100) { + if (matches > sizeof(checktext) / 100) { printf("More than 1%% matches after bidirectional garbling (3)\n"); ++err; } diff --git a/deps/openssl/openssl/test/maketests.com b/deps/openssl/openssl/test/maketests.com index 6223659fb0d292..f4e418b86cb7fa 100644 --- a/deps/openssl/openssl/test/maketests.com +++ b/deps/openssl/openssl/test/maketests.com @@ -150,8 +150,8 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "EVP_TEST,EVP_EXTRA_TEST,IGETEST,JPAKETEST,SRPTEST,"+ - "ASN1TEST,V3NAMETEST,HEARTBEAT_TEST,"+ - "CONSTANT_TIME_TEST,VERIFY_EXTRA_TEST,"+ - - "CLIENTHELLOTEST,SSLV2CONFTEST,DTLSTEST" -$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? + "CLIENTHELLOTEST,SSLV2CONFTEST,DTLSTEST,"+ - + "BAD_DTLS_TEST,FATALERRTEST" $! $! Additional directory information. $ T_D_BNTEST := [-.crypto.bn] @@ -194,10 +194,13 @@ $ T_D_HEARTBEAT_TEST := [-.ssl] $ T_D_CONSTANT_TIME_TEST := [-.crypto] $ T_D_VERIFY_EXTRA_TEST := [-.crypto.x509] $ T_D_CLIENTHELLOTEST := [-.ssl] +$ T_D_BAD_DTLS_TEST := [-.ssl] $ T_D_SSLV2CONFTEST := [-.ssl] $ T_D_DTLSTEST := [-.ssl] +$ T_D_FATALERRTEST := [-.ssl] $ $ EXOBJ_DTLSTEST := SSLTESTLIB +$ EXOBJ_FATALERRTEST := SSLTESTLIB $! $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - diff --git a/deps/openssl/openssl/test/ssltest_old b/deps/openssl/openssl/test/ssltest_old deleted file mode 100755 index 3e3a27d41d7daf..00000000000000 Binary files a/deps/openssl/openssl/test/ssltest_old and /dev/null differ diff --git a/deps/openssl/openssl/test/tests.com b/deps/openssl/openssl/test/tests.com index 59745e14c702cb..27b01b66cf6bd4 100644 --- a/deps/openssl/openssl/test/tests.com +++ b/deps/openssl/openssl/test/tests.com @@ -57,7 +57,8 @@ $ tests := - test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- test_ss,test_ca,test_engine,test_evp,test_evp_extra,test_ssl,test_tsa,test_ige,- test_jpake,test_srp,test_cms,test_ocsp,test_v3name,test_heartbeat,- - test_constant_time,test_verify_extra,test_clienthello,test_sslv2conftest,test_dtls + test_constant_time,test_verify_extra,test_clienthello,test_sslv2conftest,- + test_dtls,test_bad_dtls,test_fatalerr $ endif $ tests = f$edit(tests,"COLLAPSE") $ @@ -102,8 +103,10 @@ $ HEARTBEATTEST := heartbeat_test $ CONSTTIMETEST := constant_time_test $ VERIFYEXTRATEST := verify_extra_test $ CLIENTHELLOTEST := clienthellotest +$ BADDTLSTEST := bad_dtls_test $ SSLV2CONFTEST := sslv2conftest $ DTLSTEST := dtlstest +$ FATALERRTEST := fatalerrtest $! $ tests_i = 0 $ loop_tests: @@ -402,6 +405,16 @@ $ test_clienthello: $ write sys$output "''START' test_clienthello" $ mcr 'texe_dir''clienthellotest' $ return +$ test_bad_dtls: +$ write sys$output "''START' test_bad_dtls" +$ mcr 'texe_dir''baddtlstest' +$ return +$ +$ test_fatalerr: +$ write sys$output "''START' test_fatalerrtest" +$ mcr 'texe_dir''fatalerrtest' 'ROOT'.APPS]server.pem 'ROOT'.APPS]server.pem +$ return +$ $ test_sslv2conftest: $ write sys$output "''START' test_sslv2conftest" $ mcr 'texe_dir''sslv2conftest' diff --git a/deps/openssl/openssl/test/v3ext b/deps/openssl/openssl/test/v3ext deleted file mode 100755 index 09a0c3aa326f4b..00000000000000 Binary files a/deps/openssl/openssl/test/v3ext and /dev/null differ diff --git a/deps/openssl/openssl/test/x509aux b/deps/openssl/openssl/test/x509aux deleted file mode 100755 index 35378a8ff9aee5..00000000000000 Binary files a/deps/openssl/openssl/test/x509aux and /dev/null differ