7 files changed, 30 insertions, 55 deletions

diff --git a/lib/libssl/src/crypto/asn1/a_d2i_fp.c b/lib/libssl/src/crypto/asn1/a_d2i_fp.c
index d12890ec15c..d85be565685 100644
--- a/lib/libssl/src/crypto/asn1/a_d2i_fp.c
+++ b/lib/libssl/src/crypto/asn1/a_d2i_fp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_d2i_fp.c,v 1.12 2016/05/03 12:38:53 tedu Exp $ */
+/* $OpenBSD: a_d2i_fp.c,v 1.13 2016/05/04 14:53:29 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -144,7 +144,6 @@ ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
 }
 
 #define HEADER_SIZE   8
-#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
 static int
 asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 {
@@ -168,22 +167,18 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 		if (want >= (len - off)) {
 			want -= (len - off);
 
-			if (len + want < len ||
-			    !BUF_MEM_grow_clean(b, len + want)) {
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-				    ERR_R_MALLOC_FAILURE);
+			if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
+				ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
 				goto err;
 			}
 			i = BIO_read(in, &(b->data[len]), want);
 			if ((i < 0) && ((len - off) == 0)) {
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-				    ASN1_R_NOT_ENOUGH_DATA);
+				ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
 				goto err;
 			}
 			if (i > 0) {
 				if (len + i < len) {
-					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-					    ASN1_R_TOO_LONG);
+					ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
 					goto err;
 				}
 				len += i;
@@ -211,8 +206,7 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 			/* no data body so go round again */
 			eos++;
 			if (eos < 0) {
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-				    ASN1_R_HEADER_TOO_LONG);
+				ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
 				goto err;
 			}
 			want = HEADER_SIZE;
@@ -227,45 +221,28 @@ asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 			/* suck in c.slen bytes of data */
 			want = c.slen;
 			if (want > (len - off)) {
-				size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
-
 				want -= (len - off);
 				if (want > INT_MAX /* BIO_read takes an int length */ ||
 				    len+want < len) {
-					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-					    ASN1_R_TOO_LONG);
+					ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
 					goto err;
 				}
-				/*
-				 * Read content in chunks of increasing size
-				 * so we can return an error for EOF without
-				 * having to allocate the entire content length
-				 * in one go.
-				 */
-				size_t chunk = want > chunk_max ? chunk_max : want;
-
-				if (!BUF_MEM_grow_clean(b, len + chunk)) {
-					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-					    ERR_R_MALLOC_FAILURE);
+				if (!BUF_MEM_grow_clean(b, len + want)) {
+					ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
 					goto err;
 				}
-				want -= chunk;
-				while (chunk > 0) {
-					i = BIO_read(in, &(b->data[len]), chunk);
+				while (want > 0) {
+					i = BIO_read(in, &(b->data[len]), want);
 					if (i <= 0) {
 						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
 						    ASN1_R_NOT_ENOUGH_DATA);
 						goto err;
 					}
-					/*
-					 * This can't overflow because |len+want|
-					 * didn't overflow.
-					 */
+					/* This can't overflow because
+					 * |len+want| didn't overflow. */
 					len += i;
-					chunk -= i;
+					want -= i;
 				}
-				if (chunk_max < INT_MAX/2)
-					chunk_max *= 2;
 			}
 			if (off + c.slen < off) {
 				ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
diff --git a/lib/libssl/src/crypto/asn1/a_type.c b/lib/libssl/src/crypto/asn1/a_type.c
index 24f8756e73d..e105a0673e6 100644
--- a/lib/libssl/src/crypto/asn1/a_type.c
+++ b/lib/libssl/src/crypto/asn1/a_type.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: a_type.c,v 1.17 2016/05/03 12:38:53 tedu Exp $ */
+/* $OpenBSD: a_type.c,v 1.18 2016/05/04 14:53:29 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -127,7 +127,9 @@ ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
 		break;
 
 	case V_ASN1_INTEGER:
+	case V_ASN1_NEG_INTEGER:
 	case V_ASN1_ENUMERATED:
+	case V_ASN1_NEG_ENUMERATED:
 	case V_ASN1_BIT_STRING:
 	case V_ASN1_OCTET_STRING:
 	case V_ASN1_SEQUENCE:
diff --git a/lib/libssl/src/crypto/asn1/tasn_dec.c b/lib/libssl/src/crypto/asn1/tasn_dec.c
index 55809babb85..e7f908fd0fa 100644
--- a/lib/libssl/src/crypto/asn1/tasn_dec.c
+++ b/lib/libssl/src/crypto/asn1/tasn_dec.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.30 2016/05/03 12:38:53 tedu Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.31 2016/05/04 14:53:29 tedu Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -861,7 +861,9 @@ asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
 		break;
 
 	case V_ASN1_INTEGER:
+	case V_ASN1_NEG_INTEGER:
 	case V_ASN1_ENUMERATED:
+	case V_ASN1_NEG_ENUMERATED:
 		tint = (ASN1_INTEGER **)pval;
 		if (!c2i_ASN1_INTEGER(tint, &cont, len))
 			goto err;
diff --git a/lib/libssl/src/crypto/asn1/tasn_enc.c b/lib/libssl/src/crypto/asn1/tasn_enc.c
index f4b8b300ca4..03db0b0fbdf 100644
--- a/lib/libssl/src/crypto/asn1/tasn_enc.c
+++ b/lib/libssl/src/crypto/asn1/tasn_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_enc.c,v 1.18 2016/05/03 12:38:53 tedu Exp $ */
+/* $OpenBSD: tasn_enc.c,v 1.19 2016/05/04 14:53:29 tedu Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -603,7 +603,9 @@ asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
 		break;
 
 	case V_ASN1_INTEGER:
+	case V_ASN1_NEG_INTEGER:
 	case V_ASN1_ENUMERATED:
+	case V_ASN1_NEG_ENUMERATED:
 		/* These are all have the same content format
 		 * as ASN1_INTEGER
 		 */
diff --git a/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c b/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
index 8d33896e1c5..42aa20701b9 100644
--- a/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.10 2016/05/03 12:38:53 tedu Exp $ */
+/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.11 2016/05/04 14:53:29 tedu Exp $ */
 /* ====================================================================
  * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
  *
@@ -60,7 +60,6 @@
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include "evp_locl.h"
-#include "constant_time_locl.h"
 
 #ifndef EVP_CIPH_FLAG_AEAD_CIPHER
 #define EVP_CIPH_FLAG_AEAD_CIPHER	0x200000
@@ -283,8 +282,6 @@ aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 			maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
 			maxpad &= 255;
 
-			ret &= constant_time_ge(maxpad, pad);
-
 			inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
 			mask = (0 - ((inp_len - len) >>
 			    (sizeof(inp_len) * 8 - 1)));
diff --git a/lib/libssl/src/crypto/evp/encode.c b/lib/libssl/src/crypto/evp/encode.c
index e4104173d48..637870cef6b 100644
--- a/lib/libssl/src/crypto/evp/encode.c
+++ b/lib/libssl/src/crypto/evp/encode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: encode.c,v 1.22 2016/05/03 14:05:41 bcook Exp $ */
+/* $OpenBSD: encode.c,v 1.23 2016/05/04 14:53:29 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -125,13 +125,13 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
     const unsigned char *in, int inl)
 {
 	int i, j;
-	size_t total = 0;
+	unsigned int total = 0;
 
 	*outl = 0;
 	if (inl == 0)
 		return;
 	OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-	if (ctx->length - ctx->num > inl) {
+	if ((ctx->num + inl) < ctx->length) {
 		memcpy(&(ctx->enc_data[ctx->num]), in, inl);
 		ctx->num += inl;
 		return;
@@ -148,7 +148,7 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 		*out = '\0';
 		total = j + 1;
 	}
-	while (inl >= ctx->length && total <= INT_MAX) {
+	while (inl >= ctx->length) {
 		j = EVP_EncodeBlock(out, in, ctx->length);
 		in += ctx->length;
 		inl -= ctx->length;
@@ -157,11 +157,6 @@ EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 		*out = '\0';
 		total += j + 1;
 	}
-	if (total > INT_MAX) {
-		/* Too much output data! */
-		*outl = 0;
-		return;
-	}
 	if (inl != 0)
 		memcpy(&(ctx->enc_data[0]), in, inl);
 	ctx->num = inl;
diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c
index 30941ed83d5..a4e369f6228 100644
--- a/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/lib/libssl/src/crypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.28 2016/05/03 12:38:53 tedu Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.29 2016/05/04 14:53:29 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -334,7 +334,7 @@ EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 		return 0;
 	}
 	if (i != 0) {
-		if (bl - i > inl) {
+		if (i + inl < bl) {
 			memcpy(&(ctx->buf[i]), in, inl);
 			ctx->buf_len += inl;
 			*outl = 0;