Upgrade to openssl-1.0.0c
Bug: 3249410
Change-Id: Iac938a7d2f17b73dcb82b031607dae96dbb35f34
diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S
index 27ef61b..43fcb79 100755
--- a/crypto/bn/asm/s390x.S
+++ b/crypto/bn/asm/s390x.S
@@ -131,7 +131,7 @@
brct %r4,.Loop4_mul
la %r10,1(%r10) // see if len%4 is zero ...
- brct %r10,.Loop1_madd // without touching condition code:-)
+ brct %r10,.Loop1_mul // without touching condition code:-)
.Lend_mul:
alcgr %r8,zero // collect carry bit
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index b4449b8..14bae0d 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -743,6 +743,16 @@
#if defined(_WIN32) && !defined(__CYGWIN__)
#include <tchar.h>
#include <signal.h>
+#ifdef __WATCOMC__
+#if defined(_UNICODE) || defined(__UNICODE__)
+#define _vsntprintf _vsnwprintf
+#else
+#define _vsntprintf _vsnprintf
+#endif
+#endif
+#ifdef _MSC_VER
+#define alloca _alloca
+#endif
#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
int OPENSSL_isservice(void)
@@ -773,11 +783,7 @@
if (len>512) return -1; /* paranoia */
len++,len&=~1; /* paranoia */
-#ifdef _MSC_VER
- name=(WCHAR *)_alloca(len+sizeof(WCHAR));
-#else
name=(WCHAR *)alloca(len+sizeof(WCHAR));
-#endif
if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))
return -1;
@@ -822,11 +828,7 @@
size_t len_0=strlen(fmta)+1,i;
WCHAR *fmtw;
-#ifdef _MSC_VER
- fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
-#else
- fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
-#endif
+ fmtw = (WCHAR *)alloca(len_0*sizeof(WCHAR));
if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
#ifndef OPENSSL_NO_MULTIBYTE
diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com
index a4b6635..96d9d53 100644
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -193,7 +193,7 @@
$ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
"cmll_cfb,cmll_ctr"
$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
-$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128"
+$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128,cts128"
$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
LIB_BN_ASM = "bn_asm"
@@ -1036,7 +1036,7 @@
THEN CC = "CC/DECC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
"/NOLIST/PREFIX=ALL" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+ "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
@@ -1070,7 +1070,7 @@
$ ENDIF
$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+ "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
CCEXTRAFLAGS
$ CCDEFS = """VAXC""," + CCDEFS
$!
@@ -1102,7 +1102,7 @@
$! Use GNU C...
$!
$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+ "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
CCEXTRAFLAGS
$!
$! Define The Linker Options File Name.
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index f0b7f95..7e2731f 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -137,7 +137,7 @@
sctx = 0;
if (sigret)
{
- MS_STATIC EVP_MD_CTX tmp_ctx;
+ EVP_MD_CTX tmp_ctx;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
EVP_MD_CTX_init(&tmp_ctx);
@@ -173,7 +173,7 @@
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
{
- MS_STATIC EVP_MD_CTX tmp_ctx;
+ EVP_MD_CTX tmp_ctx;
unsigned char md[EVP_MAX_MD_SIZE];
int r;
unsigned int mdlen;
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 1916c61..e26ccd0 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -411,7 +411,10 @@
static void EVP_PKEY_free_it(EVP_PKEY *x)
{
if (x->ameth && x->ameth->pkey_free)
+ {
x->ameth->pkey_free(x);
+ x->pkey.ptr = NULL;
+ }
#ifndef OPENSSL_NO_ENGINE
if (x->engine)
{
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index 8df6d48..bb893f5 100644
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -81,7 +81,7 @@
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len;
int i,ok=0,v;
- MS_STATIC EVP_MD_CTX tmp_ctx;
+ EVP_MD_CTX tmp_ctx;
*siglen=0;
EVP_MD_CTX_init(&tmp_ctx);
diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
index 8db4641..41d4b67 100644
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
@@ -68,7 +68,7 @@
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len;
int i,ok=0,v;
- MS_STATIC EVP_MD_CTX tmp_ctx;
+ EVP_MD_CTX tmp_ctx;
EVP_MD_CTX_init(&tmp_ctx);
EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
diff --git a/crypto/install.com b/crypto/install.com
index ad3e4d4..b329016 100644
--- a/crypto/install.com
+++ b/crypto/install.com
@@ -120,12 +120,7 @@
$ THEN
$ COPY 'tmp' WRK_SSLINCLUDE: /LOG
$ ELSE
-$ IF D .EQS. "_''ARCH'"
-$ THEN
-$ COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG
-$ ELSE
-$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
-$ ENDIF
+$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
$ ENDIF
$ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
$ GOTO LOOP_SDIRS
diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c
index 086d9f4..8e4b633 100644
--- a/crypto/jpake/jpake.c
+++ b/crypto/jpake/jpake.c
@@ -282,8 +282,37 @@
return 1;
}
+/* g^x is a legal value */
+static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
+ {
+ BIGNUM *t;
+ int res;
+
+ if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
+ return 0;
+
+ t = BN_new();
+ BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
+ res = BN_is_one(t);
+ BN_free(t);
+
+ return res;
+ }
+
int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
{
+ if(!is_legal(received->p1.gx, ctx))
+ {
+ JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
+ return 0;
+ }
+
+ if(!is_legal(received->p2.gx, ctx))
+ {
+ JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
+ return 0;
+ }
+
/* verify their ZKP(xc) */
if(!verify_zkp(&received->p1, ctx->p.g, ctx))
{
diff --git a/crypto/jpake/jpake.h b/crypto/jpake/jpake.h
index 693ea18..fd143b4 100644
--- a/crypto/jpake/jpake.h
+++ b/crypto/jpake/jpake.h
@@ -115,6 +115,8 @@
#define JPAKE_F_VERIFY_ZKP 100
/* Reason codes. */
+#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108
+#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109
#define JPAKE_R_G_TO_THE_X4_IS_ONE 105
#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106
#define JPAKE_R_HASH_OF_KEY_MISMATCH 107
diff --git a/crypto/jpake/jpake_err.c b/crypto/jpake/jpake_err.c
index 1b95067..a9a9dee 100644
--- a/crypto/jpake/jpake_err.c
+++ b/crypto/jpake/jpake_err.c
@@ -1,6 +1,6 @@
/* crypto/jpake/jpake_err.c */
/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -80,6 +80,8 @@
static ERR_STRING_DATA JPAKE_str_reasons[]=
{
+{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"},
{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index 6c66aee..79c679c 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x1000002f
+#define OPENSSL_VERSION_NUMBER 0x1000003f
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0b-fips 16 Nov 2010"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0c-fips 2 Dec 2010"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0b 16 Nov 2010"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0c 2 Dec 2010"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 678b0fe..f9b709e 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -310,7 +310,7 @@
* to something hopefully decent if that isn't available.
*/
- if (!ok)
+ if (!buf[0])
if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
return(NULL);
}
diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h
index da59178..a498f1b 100644
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -179,7 +179,8 @@
sk_is_sorted(CHECKED_STACK_OF(type, st))
#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \
+ (STACK_OF(type) *)d2i_ASN1_SET( \
+ (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
pp, length, \
CHECKED_D2I_OF(type, d2i_func), \
CHECKED_SK_FREE_FUNC(type, free_func), \