vendor/openssl/1.1.1c

author: Jung-uk Kim <jkim@FreeBSD.org> 2019-05-28 20:08:17 +0000
committer: Jung-uk Kim <jkim@FreeBSD.org> 2019-05-28 20:08:17 +0000
commit: 375b8e6770f750fb915859470f6f1fe43f35cc48 (patch)
tree: 5db6744924edfc112439ad2366f52f246baa21d1 /crypto/evp
parent: 851f7386fd78b9787f4f6669ad271886a2a003f1 (diff)
6 files changed, 40 insertions, 14 deletions
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index f78dab7678654..6693f270b6943 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -150,6 +150,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
 {
+    if (count == 0)
+        return 1;
+
     return ctx->update(ctx, data, count);
 }
 
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 39eb4f379a99a..68322e1982b88 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2216,9 +2216,6 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (!cctx->aes.ccm.iv_set)
         return -1;
 
-    if (!enc && !cctx->aes.ccm.tag_set)
-        return -1;
-
     if (out == NULL) {
         /* Update(): Pass message length. */
         if (in == NULL) {
@@ -2237,6 +2234,10 @@ static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         return len;
     }
 
+    /* The tag must be set before actually decrypting data */
+    if (!enc && !cctx->aes.ccm.tag_set)
+        return -1;
+
     /* Update(): Process message. */
 
     if (!cctx->aes.ccm.len_set) {
@@ -3643,8 +3644,6 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (!cctx->iv_set)
         return -1;
 
-    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
-        return -1;
     if (!out) {
         if (!in) {
             if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
@@ -3659,6 +3658,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         CRYPTO_ccm128_aad(ccm, in, len);
         return len;
     }
+
+    /* The tag must be set before actually decrypting data */
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+        return -1;
+
     /* If not set length yet do it */
     if (!cctx->len_set) {
         if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index 81c8a7eaf1d33..100573f5fc7fc 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -486,6 +486,16 @@ static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     return 0;
 }
 
+static int aria_gcm_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx);
+
+    if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(ctx))
+        OPENSSL_free(gctx->iv);
+
+    return 1;
+}
+
 static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv, int enc)
 {
@@ -727,6 +737,8 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     }
 }
 
+#define aria_ccm_cleanup    NULL
+
 #define ARIA_AUTH_FLAGS  (EVP_CIPH_FLAG_DEFAULT_ASN1 \
                           | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
                           | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
@@ -739,7 +751,7 @@ static const EVP_CIPHER aria_##keylen##_##mode = { \
         ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE,    \
         aria_##mode##_init_key,                    \
         aria_##mode##_cipher,                      \
-        NULL,                                      \
+        aria_##mode##_cleanup,                     \
         sizeof(EVP_ARIA_##MODE##_CTX),             \
         NULL,NULL,aria_##mode##_ctrl,NULL };       \
 const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
index c1917bb86a6b8..600365d2f077d 100644
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -30,6 +30,8 @@ typedef struct {
 
 #define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
 
+#define CHACHA20_POLY1305_MAX_IVLEN     12
+
 static int chacha_init_key(EVP_CIPHER_CTX *ctx,
                            const unsigned char user_key[CHACHA_KEY_SIZE],
                            const unsigned char iv[CHACHA_CTR_SIZE], int enc)
@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
         return 1;
 
     case EVP_CTRL_AEAD_SET_IVLEN:
-        if (arg <= 0 || arg > CHACHA_CTR_SIZE)
+        if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
             return 0;
         actx->nonce_len = arg;
         return 1;
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 148df90f84b13..3cd7ca8d54ca9 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -394,6 +394,11 @@ int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
     pkey->pmeth_engine = e;
     return 1;
 }
+
+ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey)
+{
+    return pkey->engine;
+}
 #endif
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
 {
diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c
index f2976f8a994ae..1ce87454bdec8 100644
--- a/crypto/evp/p_open.c
+++ b/crypto/evp/p_open.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,7 +40,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
     }
 
     size = EVP_PKEY_size(priv);
-    key = OPENSSL_malloc(size + 2);
+    key = OPENSSL_malloc(size);
     if (key == NULL) {
         /* ERROR */
         EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
author	Jung-uk Kim <jkim@FreeBSD.org>	2019-05-28 20:08:17 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2019-05-28 20:08:17 +0000
commit	375b8e6770f750fb915859470f6f1fe43f35cc48 (patch)
tree	5db6744924edfc112439ad2366f52f246baa21d1 /crypto/evp
parent	851f7386fd78b9787f4f6669ad271886a2a003f1 (diff)