Merge pull request #8960 from akien-mga/openssl-1.0.2l

OpenSSL: Cleanup and document update process from upstream sources + 1.0.2l
author: Rémi Verschelde <rverschelde@gmail.com> 2017-05-27 19:51:04 +0200
committer: GitHub <noreply@github.com> 2017-05-27 19:51:04 +0200
commit: 1525071c28535816b98784f2ad62f9d5ef333654 (patch)
tree: 3502be2b2ae57c73fa21bd7b4a20dc02aab3aa06 /thirdparty/openssl/crypto/srp
parent: ce8bf1592abfb0e9382d437fc453d0ffd500e076 (diff)
parent: 67305d1b0a6dbcdb032d5a5a0e92122cf8f10b8d (diff)
2 files changed, 51 insertions, 23 deletions
diff --git a/thirdparty/openssl/crypto/srp/srp_lib.c b/thirdparty/openssl/crypto/srp/srp_lib.c
index e9a2e058f6..6df3b1cee7 100644
--- a/thirdparty/openssl/crypto/srp/srp_lib.c
+++ b/thirdparty/openssl/crypto/srp/srp_lib.c
@@ -159,8 +159,7 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
     if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
         return NULL;
 
-    if ((bn_ctx = BN_CTX_new()) == NULL ||
-        (tmp = BN_new()) == NULL || (S = BN_new()) == NULL)
+    if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL)
         goto err;
 
     /* S = (A*v**u) ** b */
@@ -169,8 +168,12 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
         goto err;
     if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
         goto err;
-    if (!BN_mod_exp(S, tmp, b, N, bn_ctx))
-        goto err;
+
+    S = BN_new();
+    if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) {
+        BN_free(S);
+        S = NULL;
+    }
  err:
     BN_CTX_free(bn_ctx);
     BN_clear_free(tmp);
@@ -267,7 +270,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
 
     if ((tmp = BN_new()) == NULL ||
         (tmp2 = BN_new()) == NULL ||
-        (tmp3 = BN_new()) == NULL || (K = BN_new()) == NULL)
+        (tmp3 = BN_new()) == NULL)
         goto err;
 
     if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
@@ -279,12 +282,15 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
     if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
         goto err;
 
-    if (!BN_mod_mul(tmp3, u, x, N, bn_ctx))
+    if (!BN_mul(tmp3, u, x, bn_ctx))
         goto err;
-    if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
-        goto err;
-    if (!BN_mod_exp(K, tmp, tmp2, N, bn_ctx))
+    if (!BN_add(tmp2, a, tmp3))
         goto err;
+    K = BN_new();
+    if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) {
+        BN_free(K);
+        K = NULL;
+    }
 
  err:
     BN_CTX_free(bn_ctx);
diff --git a/thirdparty/openssl/crypto/srp/srp_vfy.c b/thirdparty/openssl/crypto/srp/srp_vfy.c
index 26ad3e07b4..c8bc7a94b2 100644
--- a/thirdparty/openssl/crypto/srp/srp_vfy.c
+++ b/thirdparty/openssl/crypto/srp/srp_vfy.c
@@ -80,15 +80,21 @@ static char b64table[] =
 /*
  * Convert a base64 string into raw byte array representation.
  */
-static int t_fromb64(unsigned char *a, const char *src)
+static int t_fromb64(unsigned char *a, size_t alen, const char *src)
 {
     char *loc;
     int i, j;
     int size;
 
+    if (alen == 0 || alen > INT_MAX)
+        return -1;
+
     while (*src && (*src == ' ' || *src == '\t' || *src == '\n'))
         ++src;
     size = strlen(src);
+    if (size < 0 || size >= (int)alen)
+        return -1;
+
     i = 0;
     while (i < size) {
         loc = strchr(b64table, src[i]);
@@ -124,7 +130,7 @@ static int t_fromb64(unsigned char *a, const char *src)
         if (--i < 0)
             break;
     }
-    while (a[j] == 0 && j <= size)
+    while (j <= size && a[j] == 0)
         ++j;
     i = 0;
     while (j <= size)
@@ -231,13 +237,25 @@ static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
     unsigned char tmp[MAX_LEN];
     int len;
 
-    if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN)
+    vinfo->v = NULL;
+    vinfo->s = NULL;
+
+    len = t_fromb64(tmp, sizeof(tmp), v);
+    if (len < 0)
         return 0;
-    len = t_fromb64(tmp, v);
     if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
         return 0;
-    len = t_fromb64(tmp, s);
-    return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL);
+    len = t_fromb64(tmp, sizeof(tmp), s);
+    if (len < 0)
+        goto err;
+    vinfo->s = BN_bin2bn(tmp, len, NULL);
+    if (vinfo->s == NULL)
+        goto err;
+    return 1;
+ err:
+    BN_free(vinfo->v);
+    vinfo->v = NULL;
+    return 0;
 }
 
 static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
@@ -307,10 +325,13 @@ static SRP_gN_cache *SRP_gN_new_init(const char *ch)
     if (newgN == NULL)
         return NULL;
 
+    len = t_fromb64(tmp, sizeof(tmp), ch);
+    if (len < 0)
+        goto err;
+
     if ((newgN->b64_bn = BUF_strdup(ch)) == NULL)
         goto err;
 
-    len = t_fromb64(tmp, ch);
     if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
         return newgN;
 
@@ -544,7 +565,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
     if (!SRP_user_pwd_set_ids(user, username, NULL))
         goto err;
 
-    if (RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH) < 0)
+    if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
         goto err;
     EVP_MD_CTX_init(&ctxt);
     EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
@@ -580,10 +601,10 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         goto err;
 
     if (N) {
-        if (!(len = t_fromb64(tmp, N)))
+        if (!(len = t_fromb64(tmp, sizeof(tmp), N)))
             goto err;
         N_bn = BN_bin2bn(tmp, len, NULL);
-        if (!(len = t_fromb64(tmp, g)))
+        if (!(len = t_fromb64(tmp, sizeof(tmp), g)))
             goto err;
         g_bn = BN_bin2bn(tmp, len, NULL);
         defgNid = "*";
@@ -597,12 +618,12 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
     }
 
     if (*salt == NULL) {
-        if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0)
+        if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
             goto err;
 
         s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
     } else {
-        if (!(len = t_fromb64(tmp2, *salt)))
+        if (!(len = t_fromb64(tmp2, sizeof(tmp2), *salt)))
             goto err;
         s = BN_bin2bn(tmp2, len, NULL);
     }
@@ -635,7 +656,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         BN_free(N_bn);
         BN_free(g_bn);
     }
-    OPENSSL_cleanse(vf, vfsize);
+    if (vf != NULL)
+        OPENSSL_cleanse(vf, vfsize);
     OPENSSL_free(vf);
     BN_clear_free(s);
     BN_clear_free(v);
@@ -670,7 +692,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
     srp_bn_print(g);
 
     if (*salt == NULL) {
-        if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0)
+        if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
             goto err;
 
         salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
author	Rémi Verschelde <rverschelde@gmail.com>	2017-05-27 19:51:04 +0200
committer	GitHub <noreply@github.com>	2017-05-27 19:51:04 +0200
commit	1525071c28535816b98784f2ad62f9d5ef333654 (patch)
tree	3502be2b2ae57c73fa21bd7b4a20dc02aab3aa06 /thirdparty/openssl/crypto/srp
parent	ce8bf1592abfb0e9382d437fc453d0ffd500e076 (diff)
parent	67305d1b0a6dbcdb032d5a5a0e92122cf8f10b8d (diff)