From c313c682b677792ce384047e4a44812c218e29c9 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@google.com>
Date: Mon, 29 Feb 2016 08:01:05 -0800
Subject: Fix encoding bug in i2c_ASN1_INTEGER
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(Imported from upstream's 3661bb4e7934668bd99ca777ea8b30eedfafa871.)

Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.

Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and Hanno Böck
<hanno@hboeck.de> for reporting this issue.

BUG=590615

(cherry-picked from c4eec0c16b02c97a62a95b6a08656c3a9ddb6baa)

Bug: 28175332
Change-Id: I8959e8ae01510a5924862a3f353be23130eee554
Reviewed-on: https://boringssl-review.googlesource.com/7199
Reviewed-by: David Benjamin <davidben@google.com>
---
 src/crypto/asn1/a_int.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/crypto/asn1/a_int.c b/src/crypto/asn1/a_int.c
index 2ecccc5..16b8950 100644
--- a/src/crypto/asn1/a_int.c
+++ b/src/crypto/asn1/a_int.c
@@ -125,6 +125,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 		{
 		ret=a->length;
 		i=a->data[0];
+		if (ret == 1 && i == 0)
+			neg=0;
 		if (!neg && (i > 127)) {
 			pad=1;
 			pb=0;
@@ -158,7 +160,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 		p += a->length - 1;
 		i = a->length;
 		/* Copy zeros to destination as long as source is zero */
-		while(!*n) {
+		while(!*n && i > 1) {
 			*(p--) = 0;
 			n--;
 			i--;
-- 
cgit v1.1


From 15706c2705f748c4e70fa8f9204a1e2cdf5181d0 Mon Sep 17 00:00:00 2001
From: Matt Braithwaite <mab@google.com>
Date: Wed, 29 Jul 2015 14:04:56 -0700
Subject: Fix NID of |EVP_CIPHER des3_cbc|.

(cherry picked from commit 6bfdc63114d7921037f44e7e3145c706b9ffb2e4)

Bug: 31081987
Change-Id: I0f27fa1897d2f0a148203610ccd5c6c7967f9f3d
Reviewed-on: https://boringssl-review.googlesource.com/5510
Reviewed-by: Adam Langley <agl@google.com>
---
 src/crypto/cipher/e_des.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/crypto/cipher/e_des.c b/src/crypto/cipher/e_des.c
index 74e1fce..4c09a81 100644
--- a/src/crypto/cipher/e_des.c
+++ b/src/crypto/cipher/e_des.c
@@ -127,7 +127,7 @@ static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
 }
 
 static const EVP_CIPHER des3_cbc = {
-    NID_des_cbc,         8 /* block_size */,  24 /* key_size */,
+    NID_des_ede3_cbc,    8 /* block_size */,  24 /* key_size */,
     8 /* iv_len */,      sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE,
     NULL /* app_data */, des_ede3_init_key,   des_ede3_cbc_cipher,
     NULL /* cleanup */,  NULL /* ctrl */, };
-- 
cgit v1.1


From 9f12ca8242e6de532a8c947804d9dcf047c45af8 Mon Sep 17 00:00:00 2001
From: Matt Braithwaite <mab@google.com>
Date: Tue, 11 Aug 2015 17:19:35 -0700
Subject: Re-add |EVP_des_ede_cbc|.

Note that while |DES_ede2_cbc_encrypt| exists, I didn't use it: I
think it's easier to see what's happening this way.

(I couldn't find an authoritative source of test data, including in
OpenSSL's source, so I used OpenSSL's implementation to produce the
test ciphertext.)

This benefits globalplatform.

(cherry picked from commit 8c413a2d94fa720fae6a7d9c939e33978f3ed25b)

Bug: 31081987
Change-Id: I7e17ca0b69067d7b3f4bc213b4616eb269882ae0
Reviewed-on: https://boringssl-review.googlesource.com/5724
Reviewed-by: Adam Langley <agl@google.com>
---
 src/crypto/cipher/cipher_test.cc       |  2 ++
 src/crypto/cipher/e_des.c              | 25 +++++++++++++++++++++++--
 src/crypto/cipher/test/cipher_test.txt |  8 ++++++++
 src/include/openssl/cipher.h           |  1 +
 4 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/src/crypto/cipher/cipher_test.cc b/src/crypto/cipher/cipher_test.cc
index 97a84e0..2b4f58f 100644
--- a/src/crypto/cipher/cipher_test.cc
+++ b/src/crypto/cipher/cipher_test.cc
@@ -69,6 +69,8 @@
 static const EVP_CIPHER *GetCipher(const std::string &name) {
   if (name == "DES-CBC") {
     return EVP_des_cbc();
+  } else if (name == "DES-EDE-CBC") {
+    return EVP_des_ede_cbc();
   } else if (name == "DES-EDE3-CBC") {
     return EVP_des_ede3_cbc();
   } else if (name == "RC4") {
diff --git a/src/crypto/cipher/e_des.c b/src/crypto/cipher/e_des.c
index 4c09a81..f85e764 100644
--- a/src/crypto/cipher/e_des.c
+++ b/src/crypto/cipher/e_des.c
@@ -126,10 +126,31 @@ static int des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
   return 1;
 }
 
-static const EVP_CIPHER des3_cbc = {
+static const EVP_CIPHER des_ede3_cbc = {
     NID_des_ede3_cbc,    8 /* block_size */,  24 /* key_size */,
     8 /* iv_len */,      sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE,
     NULL /* app_data */, des_ede3_init_key,   des_ede3_cbc_cipher,
     NULL /* cleanup */,  NULL /* ctrl */, };
 
-const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des3_cbc; }
+const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &des_ede3_cbc; }
+
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
+                             const uint8_t *iv, int enc) {
+  DES_cblock *deskey = (DES_cblock *) key;
+  DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data;
+
+  DES_set_key(&deskey[0], &dat->ks.ks[0]);
+  DES_set_key(&deskey[1], &dat->ks.ks[1]);
+  DES_set_key(&deskey[0], &dat->ks.ks[2]);
+
+  return 1;
+}
+
+static const EVP_CIPHER des_ede_cbc = {
+    NID_des_ede_cbc,     8 /* block_size */,  16 /* key_size */,
+    8 /* iv_len */,      sizeof(DES_EDE_KEY), EVP_CIPH_CBC_MODE,
+    NULL /* app_data */, des_ede_init_key ,   des_ede3_cbc_cipher,
+    NULL /* cleanup */,  NULL /* ctrl */, };
+
+const EVP_CIPHER *EVP_des_ede_cbc(void) { return &des_ede_cbc; }
diff --git a/src/crypto/cipher/test/cipher_test.txt b/src/crypto/cipher/test/cipher_test.txt
index 93cb8f3..872f20b 100644
--- a/src/crypto/cipher/test/cipher_test.txt
+++ b/src/crypto/cipher/test/cipher_test.txt
@@ -38,6 +38,14 @@ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
 Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
 
 
+# DES EDE CBC tests
+Cipher = DES-EDE-CBC
+Key = 0123456789abcdeff1e0d3c2b5a49786
+IV = fedcba9876543210
+Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+Ciphertext = 7948C0DA4FE91CD815DCA96DBC9B60A857EB954F4DEB08EB98722642AE69257B
+
+
 # AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
 Cipher = AES-128-ECB
 Key = 000102030405060708090A0B0C0D0E0F
diff --git a/src/include/openssl/cipher.h b/src/include/openssl/cipher.h
index 7f5fe04..7d2d608 100644
--- a/src/include/openssl/cipher.h
+++ b/src/include/openssl/cipher.h
@@ -75,6 +75,7 @@ extern "C" {
 OPENSSL_EXPORT const EVP_CIPHER *EVP_rc4(void);
 
 OPENSSL_EXPORT const EVP_CIPHER *EVP_des_cbc(void);
+OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede_cbc(void);
 OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ede3_cbc(void);
 
 OPENSSL_EXPORT const EVP_CIPHER *EVP_aes_128_ecb(void);
-- 
cgit v1.1


From 4177c9b4819e83225ee33b0b92cf9db6b8401850 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Tue, 26 Jan 2016 01:09:19 -0500
Subject: DO NOT MERGE: Add a few more no-op stubs for cURL compatibility.

With these stubs, cURL should not need any BoringSSL #ifdefs at all,
except for their OCSP #ifdefs (which can switch to the more generally
useful OPENSSL_NO_OCSP) and the workaround for wincrypt.h macro
collisions. That we intentionally leave to the consumer rather than add
a partial hack that makes the build sensitive to include order.

(I'll send them a patch upstream once this cycles in.)

Reviewed-on: https://boringssl-review.googlesource.com/6980
Reviewed-by: Adam Langley <agl@google.com>

(cherry picked from upstream commit e5aa791a1cbd70c64a5cadaae71eda8f6d5aa992)

Change-Id: I65812be5cb37acd63d755b313162b7a03d130d98
---
 src/crypto/conf/conf.c       |  7 +++++++
 src/crypto/crypto.c          |  2 ++
 src/crypto/rand/rand.c       |  2 ++
 src/include/openssl/conf.h   | 22 ++++++++++++++++++++++
 src/include/openssl/crypto.h |  3 +++
 src/include/openssl/rand.h   |  3 +++
 6 files changed, 39 insertions(+)

diff --git a/src/crypto/conf/conf.c b/src/crypto/conf/conf.c
index e098a2c..7512dd0 100644
--- a/src/crypto/conf/conf.c
+++ b/src/crypto/conf/conf.c
@@ -776,3 +776,10 @@ int CONF_parse_list(const char *list, char sep, int remove_whitespace,
     lstart = p + 1;
   }
 }
+
+int CONF_modules_load_file(CONF_MUST_BE_NULL *filename, const char *appname,
+                           unsigned long flags) {
+  return 1;
+}
+
+void CONF_modules_free(void) {}
diff --git a/src/crypto/crypto.c b/src/crypto/crypto.c
index ace1c82..da8807d 100644
--- a/src/crypto/crypto.c
+++ b/src/crypto/crypto.c
@@ -138,3 +138,5 @@ int CRYPTO_malloc_init(void) {
 }
 
 void ENGINE_load_builtin_engines(void) {}
+
+void OPENSSL_load_builtin_modules(void) {}
diff --git a/src/crypto/rand/rand.c b/src/crypto/rand/rand.c
index 892b4ba..82087ba 100644
--- a/src/crypto/rand/rand.c
+++ b/src/crypto/rand/rand.c
@@ -209,6 +209,8 @@ int RAND_load_file(const char *path, long num) {
   }
 }
 
+const char *RAND_file_name(char *buf, size_t num) { return NULL; }
+
 void RAND_add(const void *buf, int num, double entropy) {}
 
 int RAND_egd(const char *path) {
diff --git a/src/include/openssl/conf.h b/src/include/openssl/conf.h
index a2741a8..0d2b61d 100644
--- a/src/include/openssl/conf.h
+++ b/src/include/openssl/conf.h
@@ -131,6 +131,28 @@ int CONF_parse_list(const char *list, char sep, int remove_whitespace,
                     int (*list_cb)(const char *elem, int len, void *usr),
                     void *arg);
 
+
+/* Deprecated functions */
+
+/* These defines do nothing but are provided to make old code easier to
+ * compile. */
+#define CONF_MFLAGS_DEFAULT_SECTION 0
+#define CONF_MFLAGS_IGNORE_MISSING_FILE 0
+
+typedef struct conf_must_be_null_st CONF_MUST_BE_NULL;
+
+/* CONF_modules_load_file returns one. |filename| was originally a string, with
+ * NULL indicating the default. BoringSSL does not support configuration files,
+ * so this stub emulates the "default" no-op file but intentionally breaks
+ * compilation of consumers actively attempting to use this subsystem. */
+OPENSSL_EXPORT int CONF_modules_load_file(CONF_MUST_BE_NULL *filename,
+                                          const char *appname,
+                                          unsigned long flags);
+
+/* CONF_modules_free does nothing. */
+OPENSSL_EXPORT void CONF_modules_free(void);
+
+
 #if defined(__cplusplus)
 }  /* extern C */
 #endif
diff --git a/src/include/openssl/crypto.h b/src/include/openssl/crypto.h
index b421884..193c8c3 100644
--- a/src/include/openssl/crypto.h
+++ b/src/include/openssl/crypto.h
@@ -60,6 +60,9 @@ OPENSSL_EXPORT int CRYPTO_malloc_init(void);
 /* ENGINE_load_builtin_engines does nothing. */
 OPENSSL_EXPORT void ENGINE_load_builtin_engines(void);
 
+/* OPENSSL_load_builtin_modules does nothing. */
+OPENSSL_EXPORT void OPENSSL_load_builtin_modules(void);
+
 
 #if defined(__cplusplus)
 }  /* extern C */
diff --git a/src/include/openssl/rand.h b/src/include/openssl/rand.h
index 3a8e357..2c9c969 100644
--- a/src/include/openssl/rand.h
+++ b/src/include/openssl/rand.h
@@ -75,6 +75,9 @@ OPENSSL_EXPORT void RAND_seed(const void *buf, int num);
 /* RAND_load_file returns a nonnegative number. */
 OPENSSL_EXPORT int RAND_load_file(const char *path, long num);
 
+/* RAND_file_name returns NULL. */
+OPENSSL_EXPORT const char *RAND_file_name(char *buf, size_t num);
+
 /* RAND_add does nothing. */
 OPENSSL_EXPORT void RAND_add(const void *buf, int num, double entropy);
 
-- 
cgit v1.1