Commit graph

8842 commits

Author SHA1 Message Date
Rob Percival
08e588b7d5 Convert C++ comments to C-style comments
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
5e08606619 Cast time_t to uint64_t before converting to milliseconds in ct_policy.c
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
c22aa33e29 By default, allow SCT timestamps to be up to 5 minutes in the future
As requested in
https://github.com/openssl/openssl/pull/1554#issuecomment-246371575.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
f0f535e92b Don't check for time() failing in CT_POLICY_EVAL_CTX_new
See https://github.com/openssl/openssl/pull/1554#issuecomment-246354677.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
e25233d99c Default CT_POLICY_EVAL_CTX.epoch_time_in_ms to time()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
1871a5aa8a Reword documentation for {SCT_CTX/CT_POLICY_EVAL_CTX}_set_time
Do not call the time "current", as a different time can be provided.
For example, a time slightly in the future, to provide tolerance for
CT logs with a clock that is running fast.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
1fa9ffd934 Check that SCT timestamps are not in the future
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Dr. Stephen Henson
54c68d35c6 Simplify PKCS#12 PBE algorithm.
Simplify PKCS#12 PBE algorithm by working out Ij + B + 1 directly
instead of using BIGNUMs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-15 01:23:25 +00:00
Richard Levitte
8aa9cf7e65 Add a warning stipulating how things should be coded in ossl_init_base
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
2016-11-15 01:27:26 +01:00
Richard Levitte
b7a7f39afe Stop init loops
Under certain circumstances, the libcrypto init code would loop,
causing a deadlock.  This would typically happen if something in
ossl_init_base() caused an OpenSSL error, and the error stack routines
would recurse into the init code before the flag that ossl_init_base()
had been run was checked.

This change makes sure ossl_init_base isn't run once more of the base
is initiated.

Thanks to Dmitry Kostjuchenko for the idea.

Fixes Github issue #1899

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
2016-11-15 01:27:26 +01:00
Sebastian Andrzej Siewior
af54741265 dsa/dsa_gen: add error message for seed_len < 0
prio openssl 1.1.0 seed_len < q was accepted and the seed argument was
then ignored. Now DSA_generate_parameters_ex() returns an error in such
a case but no error string.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1657)
2016-11-14 08:56:09 -05:00
Matt Caswell
1fda5bc435 Revert "Fixed deadlock in CRYPTO_THREAD_run_once for Windows"
This reverts commit 349d1cfddc.

The proposed fix is incorrect. It marks the "run_once" code as having
finished before it has. The intended semantics of run_once is that no
threads should proceed until the code has run exactly once. With this
change the "second" thread will think the run_once code has already been
run and will continue, even though it is still in progress. This could
result in a crash or other incorrect behaviour.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-14 11:55:13 +00:00
DK
349d1cfddc Fixed deadlock in CRYPTO_THREAD_run_once for Windows
Fixed deadlock in CRYPTO_THREAD_run_once() if call to init() is causing
a recursive call to CRYPTO_THREAD_run_once() again that is causing a hot
deadloop inside do { } while (result == ONCE_ININIT); section.

CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1913)
2016-11-13 15:43:05 -05:00
Kurt Roeckx
e80f3b6af2 Cast to an unsigned type before negating
llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in
type 'int64_t' (aka 'long'); cast to an unsigned type to negate this
value to itself

Found using libfuzzer

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1908
2016-11-12 14:07:31 +01:00
Andy Polyakov
866e505e0d sha/asm/sha512-armv8.pl: add NEON version of SHA256.
This provides up to 30% better performance on some of recent processors.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-11 13:48:16 +01:00
Andy Polyakov
79dfc3ddfd sha/keccak1600.c: add some optimized implementations.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-11 13:32:35 +01:00
Andy Polyakov
d89773d659 chacha/asm/chacha-x86.pl: improve [backward] portability.
In order to minimize dependency on assembler version a number of
post-SSE2 instructions are encoded manually. But in order to simplify
the procedure only register operands are considered. Non-register
operands are passed down to assembler. Module in question uses pshufb
with memory operands, and old [GNU] assembler can't handle it.
Fortunately in this case it's possible skip just the problematic
segment without skipping SSSE3 support altogether.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-11 13:27:53 +01:00
Andy Polyakov
cebb186989 PPC assembler pack: add some PPC970/G5 performance data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-11 13:24:52 +01:00
Richard Levitte
6e290a25c2 Fix the effect of no-dso in crypto/init.c
When configured no-dso, there are no DSO_{whatever} macros defined.
Therefore, before checking those, you have to check if OPENSSL_NO_DSO
is defined.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1902)
2016-11-11 10:23:26 +01:00
Richard Levitte
10b0b5ecd9 Revert "Move algorithm specific ppccap code from crypto/ppccap.c"
Now that we can link specifically with static libraries, the immediate
need to split ppccap.c (and eventually other *cap.c files) is no more.

This reverts commit e3fb4d3d52.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 16:24:02 +01:00
Dr. Stephen Henson
f962541d0b Don't set choice selector on parse failure.
Don't set choice selector on parse failure: this can pass unexpected
values to the choice callback. Instead free up partial structure
directly.

CVE-2016-7053

Thanks to Tyler Nighswander of ForAllSecure for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-10 13:04:11 +00:00
Richard Levitte
bf52165bda chacha20/poly1305: make sure to clear the buffer at correct position
The offset to the memory to clear was incorrect, causing a heap buffer
overflow.

CVE-2016-7054

Thanks to Robert Święcki for reporting this

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 13:04:11 +00:00
Andy Polyakov
a54aba5313 aes/asm/aesp8-ppc.pl: improve [backward] portability.
Some of stone-age assembler can't cope with r0 in address. It's actually
sensible thing to do, because r0 is shunted to 0 in address arithmetic
and by refusing r0 assembler effectively makes you understand that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 12:58:35 +00:00
Andy Polyakov
2fac86d9ab bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity).
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-10 10:33:21 +00:00
Matt Caswell
ddd2c38917 Following the changes to HKDF to accept a mode, add some tests for this
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 10:36:54 +00:00
Matt Caswell
d2139cf8df Update HKDF to support separte Extract and Expand steps
At the moment you can only do an HKDF Extract and Expand in one go. For
TLS1.3 we need to be able to do an Extract first, and the subsequently do
a number of Expand steps on the same PRK.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 10:36:54 +00:00
FdaSilvaYY
234b8af4b7 Simplify and clean X509_VERIFY_PARAM new/free code.
Split x509_verify_param_zero code to the right place

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-09 09:19:19 +00:00
Richard Levitte
e3fb4d3d52 Move algorithm specific ppccap code from crypto/ppccap.c
Having that code in one central object file turned out to cause
trouble when building test/modes_internal_test.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1883)
2016-11-09 02:40:36 +01:00
FdaSilvaYY
318447bceb Missing BN_RECP_CTX field init.
BN_RECP_CTX_new direclty use bn_init to avoid twice memset calls

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1879)
2016-11-08 17:44:32 -05:00
Rich Salz
e5e71f2857 Zero stack variable with DSA nonce
Thanks to Falko Strenzke for bringing this to our attention.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1882)
2016-11-08 17:20:13 -05:00
Matt Caswell
513d76f495 Fix zlib BIO_METHOD for latest BIO_METHOD structure changes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-08 13:58:10 +00:00
FdaSilvaYY
7cb1ecec59 Allow null in X509_CRL_METHOD_free
and fix documentation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1634)
2016-11-07 15:32:29 -05:00
David Benjamin
608a026494 Implement RSASSA-PKCS1-v1_5 as specified.
RFC 3447, section 8.2.2, steps 3 and 4 states that verifiers must encode
the DigestInfo struct and then compare the result against the public key
operation result. This implies that one and only one encoding is legal.

OpenSSL instead parses with crypto/asn1, then checks that the encoding
round-trips, and allows some variations for the parameter. Sufficient
laxness in this area can allow signature forgeries, as described in
https://www.imperialviolet.org/2014/09/26/pkcs1.html

Although there aren't known attacks against OpenSSL's current scheme,
this change makes OpenSSL implement the algorithm as specified. This
avoids the uncertainty and, more importantly, helps grow a healthy
ecosystem. Laxness beyond the spec, particularly in implementations
which enjoy wide use, risks harm to the ecosystem for all. A signature
producer which only tests against OpenSSL may not notice bugs and
accidentally become widely deployed. Thus implementations have a
responsibility to honor the specification as tightly as is practical.

In some cases, the damage is permanent and the spec deviation and
security risk becomes a tax all implementors must forever pay, but not
here. Both BoringSSL and Go successfully implemented and deployed
RSASSA-PKCS1-v1_5 as specified since their respective beginnings, so
this change should be compatible enough to pin down in future OpenSSL
releases.

See also https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

As a bonus, by not having to deal with sign/verify differences, this
version is also somewhat clearer. It also more consistently enforces
digest lengths in the verify_recover codepath. The NID_md5_sha1 codepath
wasn't quite doing this right.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1474
2016-11-07 21:04:54 +01:00
Matt Caswell
d0ee717c93 Fix style issues in HMAC_size()
Based on review feedback.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-04 12:09:46 +00:00
Matt Caswell
708e06c55d Ensure HMAC_size() handles errors correctly
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-04 12:09:46 +00:00
Richard Levitte
7280a5d332 Clean away remaining 'selftest' code
All of these don't compile cleanly any more, probably haven't for quite
some time

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:15:40 +01:00
Richard Levitte
97f1e97114 Convert mdc2 test print to internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
f12d6273a5 Convert x509 selftests to internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
f2ae2348ce Convert modes selftests (cts128 and gcm128) to internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
2c16617148 Convert asn1 selftests (a_strnid and ameth_lib) into internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Richard Levitte
aeac218372 Convert poly1305 selftest into internal test
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Matt Caswell
2b59d1beaa Implement GET_MODULE_HANDLE_EX_FLAG_PIN for windows
Rather than leaking a reference, just call GetModuleHandleEx and pin the
module on Windows.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
Matt Caswell
b6d5ba1a9f Link using -znodelete
Instead of deliberately leaking a reference to ourselves, use nodelete
which does this more neatly. Only for Linux at the moment.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
Matt Caswell
5836780f43 Ensure that libcrypto and libssl do not unload until the process exits
Because we use atexit() to cleanup after ourselves, this will cause a
problem if we have been dynamically loaded and then unloaded again: the
atexit() handler may no longer be there.

Most modern atexit() implementations can handle this, however there are
still difficulties if libssl gets unloaded before libcrypto, because of
the atexit() callback that libcrypto makes to libssl.

The most robust solution seems to be to ensure that libcrypto and libssl
never unload. This is done by simply deliberately leaking a dlopen()
reference to them.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
Matt Caswell
b39eda7ee6 Add a DSO_dsobyaddr() function
This works the same way as DSO_pathbyaddr() but instead returns a ptr to
the DSO that contains the provided symbol.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
Matt Caswell
cb6ea61c16 Partial revert of 3d8b2ec42 to add back DSO_pathbyaddr
Commit 3d8b2ec42 removed various unused functions. However now we need to
use one of them! This commit resurrects DSO_pathbyaddr(). We're not going to
resurrect the Windows version though because what we need to achieve can be
done a different way on Windows.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
Andy Polyakov
4b90430148 sha/keccak1600.c: add couple of soft asserts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-31 22:18:07 +01:00
Benjamin Kaduk
4e3973b457 Try to unify BIO read/write parameter names
After the recent reworking, not everything matched up, and some
comments didn't catch up to the outl-->dlen and inl-->dlen renames
that happened during the development of the recent patches.

Try to make parameter names consistent across header, implementation,
and manual pages.

Also remove some trailing whitespace that was inadvertently introduced.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1798)
2016-10-29 00:56:52 +02:00
Matt Caswell
f7970f303f Fix stdio build following BIO size_t work
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
d62bf89cbb Fix more shadowed variable warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
7bf79e33c9 Fix some feedback issues for BIO size_t-ify
Rename some parameters; add some error codes; fix a comment; etc

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
fbba62f6c9 Add some sanity checks for BIO_read* and BIO_gets
Make sure the return value isn't bigger than the buffer len

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
42c6046064 More parameter naming of BIO_read*/BIO_write* related functions
Based on feedback received.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
f42fd819d6 Tweaks based on review feedback of BIO size_t work
Rename some parameters.
Also change handling of buffer sizes >INT_MAX in length.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
bb5310bed5 Ensure that BIO_read_ex() and BIO_write_ex() only return 0 or 1
They should return 0 for a failure (retryable or not), and 1 for a success.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
7f5f01cf53 Read up to INT_MAX when calling legacy BIO_read() implementations
In converting a new style BIO_read() call into an old one, read
as much data as we can (INT_MAX), if the size of the buffer is
>INT_MAX.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
47263ace13 Fix some bogus uninit variable warnings
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
98e553d2ce Ensure all BIO functions call the new style callback
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
3befffa39d Create BIO_write_ex() which handles size_t arguments
Also extend BIO_METHOD to be able to supply an implementation for the new
BIO_write_ex function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Matt Caswell
d07aee2c7a Create BIO_read_ex() which handles size_t arguments
Also extend BIO_METHOD to be able to supply an implementation for the new
BIO_read function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-28 09:48:54 +01:00
Andy Polyakov
80d27cdb84 ppccap.c: engage new multipplication and squaring subroutines.
[And remove FPU mutiplication subroutine.]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-24 20:00:40 +02:00
Andy Polyakov
68f6d2a02c bn/asm/ppc-mont.pl: add optimized multiplication and squaring subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-24 20:00:33 +02:00
Andy Polyakov
0310becc82 bn/asm/ppc-mont.pl: prepare for extension.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-24 20:00:08 +02:00
Andy Polyakov
413b6a8259 sha/asm/sha512-armv8.pl: adapt for kernel use.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-24 14:21:07 +02:00
Andy Polyakov
ace05265d2 x86_64 assembly pack: add Goldmont performance results.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-24 13:01:13 +02:00
Andy Polyakov
c3086f4630 sha/keccak1600.c: add known answer and verify result with memcmp.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-24 12:59:42 +02:00
Andy Polyakov
b9feae1b17 crypto/sha: add Keccak1600 primitives to build SHA-3 upon.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-24 12:59:27 +02:00
jrmarino
2df7f11fad Fix support for DragonFly BSD
The __DragonFly__ macros were introduced in issue #1546 along with a
function naming fix, but it was decided they should be handled
separately.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1765)
2016-10-22 04:25:17 -04:00
Rich Salz
a8a8a917c0 GH1546: Fix old names in cryptodev code.
Add DragonFly version of BSD.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1584)
2016-10-21 04:32:47 -04:00
Mat
a1f2b0e6e0 Do not set load_crypto_strings_inited when OPENSSL_NO_ERR is defined
Only set the load_crypto_strings_inited to 1 when err_load_crypto_strings_int was called.

This solves the following issue:
- openssl is built with no-err
- load_crypto_strings_inited is set to 1 during the OPENSSL_init_crypto call
- During the cleanup: OPENSSL_cleanup, err_free_strings_int is called because load_crypto_strings_inited == 1
- err_free_strings_int calls do_err_strings_init because it has never been called
- Now do_err_strings_init calls OPENSSL_init_crypto
- But since we are in the cleanup (stopped == 1) this results in an error:
  CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
- which then tries to initialize everything we are trying to clean up: ERR_get_state, ossl_init_thread_start, etc
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1654)
2016-10-19 06:59:03 -04:00
FdaSilvaYY
31dad404fd Add error checking, small nit on ouput
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1632)
2016-10-19 06:37:42 -04:00
Richard Levitte
12d2ee211b Fix config option 'no-deprecated'
crypto/asn1/asn1_item_list.c needed including dh.h and rsa.h directly.
The reason is that they are not included by x509.h when configured
'no-deprecated'

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1741)
2016-10-19 12:11:56 +02:00
Patrick Steuer
c0dba2cca4 Fix strict-warnings build
crypto/s390xcap.c: internal/cryptlib.h needs to be included for
OPENSSL_cpuid_setup function prototype is located there to avoid
build error due to -Werror=missing-prototypes.

Signed-off-by: Patrick Steuer <psteuer@mail.de>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
2016-10-18 17:09:47 +01:00
Patrick Steuer
96cce82050 Fix strict-warnings build
crypto/evp/e_aes.c: Types of inp and out parameters of
AES_xts_en/decrypt functions need to be changed from char to
unsigned char to avoid build error due to
'-Werror=incompatible-pointer-types'.

crypto/aes/asm/aes-s390x.pl: Comments need to reflect the above
change.

Signed-off-by: Patrick Steuer <psteuer@mail.de>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
2016-10-18 17:09:47 +01:00
Patrick Steuer
34657a8da2 Fix strict-warnings build
crypto/asn1/a_strex.c: Type of width variable in asn1_valid_host
function  needs to be changed from char to signed char to avoid
build error due to '-Werror=type-limits'.

Signed-off-by: Patrick Steuer <psteuer@mail.de>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
CLA: trivial
2016-10-18 17:09:47 +01:00
Dr. Stephen Henson
6215f27a83 Fix embedded string handling.
Don't rely on embedded flag to free strings correctly: it wont be
set if there is a malloc failure during initialisation.

Thanks to Guido Vranken for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1725)
2016-10-17 14:34:00 +01:00
Matt Caswell
e5c1361580 Ensure we handle len == 0 in ERR_err_string_n
If len == 0 in a call to ERR_error_string_n() then we can read beyond the
end of the buffer. Really applications should not be calling this function
with len == 0, but we shouldn't be letting it through either!

Thanks to Agostino Sarubbo for reporting this issue. Agostino's blog on
this issue is available here:
https://blogs.gentoo.org/ago/2016/10/14/openssl-libcrypto-stack-based-buffer-overflow-in-err_error_string_n-err-c/

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-15 11:30:15 +01:00
Dr. Stephen Henson
6dcba070a9 Fix X509_NAME decode for malloc failures.
The original X509_NAME decode free code was buggy: this
could result in double free or leaks if a malloc failure
occurred.

Simplify and fix the logic.

Thanks to Guido Vranken for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1691)
2016-10-11 22:09:31 +01:00
David Benjamin
0e831db0a6 Fix up bn_prime.pl formatting.
Align at 5 characters, not 4. There are 5-digit numbers in the output.
Also avoid emitting an extra blank line and trailing whitespace.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 23:36:22 +01:00
David Benjamin
609b0852e4 Remove trailing whitespace from some files.
The prevailing style seems to not have trailing whitespace, but a few
lines do. This is mostly in the perlasm files, but a few C files got
them after the reformat. This is the result of:

  find . -name '*.pl' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.c' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'
  find . -name '*.h' | xargs sed -E -i '' -e 's/( |'$'\t'')*$//'

Then bn_prime.h was excluded since this is a generated file.

Note mkerr.pl has some changes in a heredoc for some help output, but
other lines there lack trailing whitespace too.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-10 23:36:21 +01:00
Dr. Stephen Henson
8f332ac962 SRP code tidy.
Tidy up srp_Calc_k and SRP_Calc_u by making them a special case of
srp_Calc_xy which performs SHA1(PAD(x) | PAD(y)).

This addresses an OCAP Audit issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-01 13:46:54 +01:00
Dr. Stephen Henson
73a9f60dd1 Print <ABSENT> if a STACK is NULL.
If a STACK (corresponding to SEQUENCE OF or SET OF) is NULL then the
field is absent as opposed to empty (present but has zero elements).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:46 +01:00
Dr. Stephen Henson
56501ebd09 Add ASN1_ITEM lookup and enumerate functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-29 16:21:45 +01:00
Rich Salz
f3b3d7f003 Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-22 08:36:26 -04:00
Matt Caswell
a671b3e64a Add OCSP_RESPID_match()
Add a function for testing whether a given OCSP_RESPID matches with a
certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
Matt Caswell
e12c0beb5a Add the ability to set OCSP_RESPID fields
OCSP_RESPID was made opaque in 1.1.0, but no accessors were provided for
setting the name/key value for the OCSP_RESPID.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22 09:27:45 +01:00
Matt Caswell
41bff723c6 Don't leak on an OPENSSL_realloc() failure
If OPENSSL_sk_insert() calls OPENSSL_realloc() and it fails, it was leaking
the originally allocated memory.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-21 20:27:15 +01:00
Andy Polyakov
7dc0ad4d6d rand/randfile.c: treat empty string in RAND_file_name as error.
Suggested in GH#1589.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-21 21:09:11 +02:00
Andy Polyakov
ba8fa4e53a rand/randfile.c: rationalize __OpenBSD__ code path.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-21 21:09:07 +02:00
Andy Polyakov
799c1293fc rand/randfile.c: restore fallback to $HOME for non-setuid programs.
Reported in GH#1589, but solution is different from suggested.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-21 21:08:52 +02:00
Rich Salz
6fcace45bd GH1555: Don't bump size on realloc failure
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-21 10:40:27 -04:00
Rich Salz
4588cb4443 Revert "Constify code about X509_VERIFY_PARAM"
This reverts commit 81f9ce1e19.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-21 10:37:03 -04:00
Matt Caswell
1ff7425d61 Fix a missing NULL check in dsa_builtin_paramgen
We should check the last BN_CTX_get() call to ensure that it isn't NULL
before we try and use any of the allocated BIGNUMs.

Issue reported by Shi Lei.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-21 13:32:30 +01:00
Matt Caswell
9205ebeb8e Convert num_alloc to a size_t in stack.c and tweak style
We were casting num_alloc to size_t in lots of places, or just using it in
a context where size_t makes more sense - so convert it. This simplifies
the code a bit.

Also tweak the style in stack.c a bit following on from the previous
commit

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-19 23:25:52 +01:00
Guido Vranken
9731a9ce7d Prevent overflows in stack API
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-19 23:24:49 +01:00
FdaSilvaYY
81f9ce1e19 Constify code about X509_VERIFY_PARAM
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1594)
2016-09-18 00:22:00 -04:00
FdaSilvaYY
76dc356384 Remove an useless definition.
APP_INFO is currently a field of MEM struct.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1583)
2016-09-17 12:32:37 -04:00
Matt Caswell
73f0df8331 Add some sanity checks around usage of t_fromb64()
The internal SRP function t_fromb64() converts from base64 to binary. It
does not validate that the size of the destination is sufficiently large -
that is up to the callers. In some places there was such a check, but not
in others.

Add an argument to t_fromb64() to provide the size of the destination
buffer and validate that we don't write too much data. Also add some sanity
checks to the callers where appropriate.

With thanks to Shi Lei for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-14 10:06:41 +01:00
Andy Polyakov
cc2cb7bf63 bn/bn_lcl.h: improve interoperability with clang and Android NDK.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 13:34:12 +02:00
Richard Levitte
278a33da3c VMS: be less picky when loading DSOs
The DSO API was picky about casing of symbol names on VMS.

There's really no reason to be that picky, it's mostly just annoying.
Therefore, we take away the possibility to flag for a choice, and will
instead first try to find a symbol with exact case, and failing that,
we try to find it in upper case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-11 23:18:03 +02:00
Tim Hudson
82f52631b2 Fix EC_KEY_print so it prints out private key information
even when the public key is not present in an EC_KEY

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-09-10 06:53:33 +10:00
Richard Levitte
e82e2186e9 If errno is ENXIO in BSS_new_file(), set BIO_R_NO_SUCH_FILE
VMS sets that errno when the device part of a file spec is malformed
or a logical name that doesn't exist.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-08 23:39:26 +02:00
Matt Caswell
135648bcd0 Fix mem leaks during auto-deinit
Certain functions are automatically called during auto-deinit in order
to deallocate resources. However, if we have never entered a function which
marks lib crypto as inited then they never get called. This can happen if
the user only ever makes use of a small sub-set of functions that don't hit
the auto-init code.

This commit ensures all such resources deallocated by these functions also
init libcrypto when they are initially allocated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-09-08 12:40:19 +01:00
Andy Polyakov
abcbf7ed7e chacha/asm/chacha-ppc.pl: add missing .text directive.
RT#4667

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-08 09:05:59 +02:00
David Woodhouse
978ecbb08b Avoid EVP_PKEY_cmp() crash on EC keys without public component
Some hardware devices don't provide the public EC_POINT data. The only
way for X509_check_private_key() to validate that the key matches a
given certificate is to actually perform a sign operation and then
verify it using the public key in the certificate.

Maybe that can come later, as discussed in issue 1532. But for now let's
at least make it fail gracefully and not crash.

GH: 1532

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1547)
(cherry picked from commit 92ed7fa575)
2016-09-07 13:57:48 -04:00
Alex Gaynor
d65c3615f6 GH1537: Avoid double-free in the EVP_PKEY API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-07 09:41:20 -04:00
Rich Salz
01c09f9fde Misc BN fixes
Never output -0; make "negative zero" an impossibility.
Do better checking on BN_rand top/bottom requirements and #bits.
Update doc.
Ignoring trailing garbage in BN_asc2bn.

Port this commit from boringSSL: https://boringssl.googlesource.com/boringssl/+/899b9b19a4cd3fe526aaf5047ab9234cdca19f7d%5E!/
        Ensure |BN_div| never gives negative zero in the no_branch code.

        Have |bn_correct_top| fix |bn->neg| if the input is zero so that we
        don't have negative zeros lying around.

        Thanks to Brian Smith for noticing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-06 10:42:01 -04:00
Andy Polyakov
6cf412c473 modes/asm/ghash-armv4.pl: improve interoperability with Android NDK.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-03 10:41:52 +02:00
Andy Polyakov
947716c187 MIPS assembly pack: adapt it for MIPS[32|64]R6.
MIPS[32|64]R6 is binary and source incompatible with previous MIPS ISA
specifications. Fortunately it's still possible to resolve differences
in source code with standard pre-processor and switching to trap-free
version of addition and subtraction instructions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-02 13:33:17 +02:00
Andy Polyakov
68b4a6e91f crypto/bn/*: x86[_64] division instruction doesn't handle constants, change constraint from 'g' to 'r'.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-31 16:45:00 +02:00
Rich Salz
bde588df8a Code cleanup UI
Remove NULL check on parameter, and use NULL not ! on buffer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-31 09:34:16 -04:00
Andy Polyakov
d8f432aa97 Add ecp_nistz256-ppc64 module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-29 23:12:32 +02:00
Andy Polyakov
b17ff188b1 perlasm/ppc-xlate.pl: recognize .type directive.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-29 23:12:28 +02:00
Andy Polyakov
fca8f5ded8 bn/asm/ppc.pl: harmonize .size directive in bn_mul_words.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-29 23:12:05 +02:00
Rich Salz
d196305aa0 Remove comment tags from structs (coding style)
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-29 09:07:38 -04:00
Rich Salz
66117ab0f6 Use uppercase name for PCT_ enum
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-29 09:06:24 -04:00
Richard Levitte
216e8d9103 Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c
The definition of STITCHED_CALL relies on OPENSSL_NO_ASM.  However,
when a configuration simply lacks the assembler implementation for RC4
(which is where we have implemented the stitched call), OPENSSL_NO_ASM
isn't implemented.  Better, then, to rely on specific macros that
indicated that RC4 (and MD5) are implemented in assembler.

For this to work properly, we must also make sure Configure adds the
definition of RC4_ASM among the C flags.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-26 12:41:07 +02:00
Andy Polyakov
fb5d9f1db5 Windows: UTF-8 opt-in for command-line arguments and console input.
User can make Windows openssl.exe to treat command-line arguments
and console input as UTF-8 By setting OPENSSL_WIN32_UTF8 environment
variable (to any value). This is likely to be required for data
interchangeability with other OSes and PKCS#12 containers generated
with Windows CryptoAPI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 11:56:28 +01:00
Andy Polyakov
0fe17491c3 Don't switch password formats using global state.
To avoid possible race conditions don't switch password format using
global state in crypto/pkcs12

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 11:42:33 +01:00
Matt Caswell
cc06906707 Fix an uninitialised read on an error path
Found by Coverity.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 10:11:35 +01:00
Viktor Dukhovni
4a7b3a7b4d Un-delete still documented X509_STORE_CTX_set_verify
It should not have been removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 20:30:45 +01:00
Andy Polyakov
d3034d31e7 ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize cmovb.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 17:13:09 +02:00
Richard Levitte
1beca67688 CRYPTO_atomic_add(): check that the object is lock free
If not, fall back to our own code, using the given mutex

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-24 14:37:48 +01:00
Richard Levitte
11fc6c7611 CRYPTO_atomic_add(): use acquire release memory order rather than relaxed
For increments, the relaxed model is fine.  For decrements, it's
recommended to use the acquire release model.  We therefore go for the
latter.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-24 14:37:40 +01:00
Richard Levitte
cb4b54c23b Check for __GNUC__ to use GNU C atomic buildins
Note: we trust any other compiler that fully implements GNU extension
to define __GNUC__

RT#4642

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-24 14:37:30 +01:00
Dr. Stephen Henson
55d83bf7c1 Avoid overflow in MDC2_Update()
Thanks to Shi Lei for reporting this issue.

CVE-2016-6303

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 14:12:51 +01:00
Matt Caswell
fe81a1b051 Remove useless assignment
The variable assignment c1 is never read before it is overwritten.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-24 11:25:23 +01:00
Andy Polyakov
c74aea8d6c ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
RT#4625

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:55:11 +01:00
Andy Polyakov
e3057a57ca ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
RT#4625

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:55:02 +01:00
Andy Polyakov
dfde4219fd ec/asm/ecp_nistz256-*.pl: addition to perform stricter reduction.
Addition was not preserving inputs' property of being fully reduced.

Thanks to Brian Smith for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:44:56 +01:00
Andy Polyakov
b62b2454fa ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.
Addition was not preserving inputs' property of being fully reduced.

Thanks to Brian Smith for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:44:48 +01:00
Andy Polyakov
9e421962e1 evp/bio_enc.c: stop using pointer arithmetic for error detection.
Thanks to David Benjamin for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-24 10:34:27 +01:00
Matt Caswell
44cb4f5b5f Fix no-sock
The declaration of bio_type_lock is independent of no-sock so should not be
inside OPENSSL_NO_SOCK guards.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-24 09:25:53 +01:00
David Benjamin
2338ad8885 Fix math in BN_bn2dec comment.
The bound on log(2)/3 on the second line is incorrect and has an extra
zero compared to the divisions in the third line. log(2)/3 = 0.10034...
which is bounded by 0.101 and not 0.1001. The divisions actually
correspond to 0.101 which is fine. The third line also dropped a factor
of three.

The actual code appears to be fine. Just the comments are wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:37:58 +01:00
Rob Percival
fa515410aa SCT_set_source resets validation_status
This makes it consistent with all of the other SCT setters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:31:03 +01:00
Rob Percival
eb96e8b5fd Document that o2i_SCT_signature can leave the SCT in an inconsistent state
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:23:28 +01:00
Rob Percival
63e27d4d0f Removes {i2o,o2i}_SCT_signature from the CT public API
They may return if an SCT_signature struct is added in the future that
allows them to be refactored to conform to the i2d/d2i function signature
conventions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:23:28 +01:00
Rob Percival
986dbbbeff Prevent double-free of CTLOG public key
Previously, if ct_v1_log_id_from_pkey failed, public_key would be freed by
CTLOG_free at the end of the function, and then again by the caller (who
would assume ownership was not transferred when CTLOG_new returned NULL).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:17:14 +01:00
Rob Percival
cdb2a60347 Internalizes SCT_verify and removes SCT_verify_v1
SCT_verify is impossible to call through the public API (SCT_CTX_new() is
not part of the public API), so rename it to SCT_CTX_verify and move it
out of the public API.

SCT_verify_v1 is redundant, since SCT_validate does the same verification
(by calling SCT_verify) and more. The API is less confusing with a single
verification function (SCT_validate).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:12:25 +01:00
FdaSilvaYY
0fe9123687 Constify a bit X509_NAME_get_entry
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
9f5466b9b8 Constify some X509_NAME, ASN1 printing code
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
bf9d5e483d Constify some input parameters.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
a026fbf977 Constify some inputs buffers
remove useless cast to call ASN1_STRING_set

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
35da893f86 Constify ASN1_PCTX_*
... add a static keyword.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
Matt Caswell
8b7c51a0e4 Add some sanity checks when checking CRL scores
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Matt Caswell
c6231e9c7b Remove some dead code
The assignment to ret is dead, because ret is assigned again later.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Matt Caswell
a36c5eabf5 Sanity check an ASN1_object_size result
If it's negative don't try and malloc it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Matt Caswell
b197257d71 Check for error return from ASN1_object_size
Otherwise we try to malloc a -1 size.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Matt Caswell
4d94bd362d Check for malloc error in bn_x931p.c
Ensure BN_CTX_get() has been successful

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Matt Caswell
4162c7d378 Fix mem leak on error path
The mem pointed to by cAB can be leaked on an error path.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Matt Caswell
85d6b09dda Fix mem leak on error path
The mem pointed to by cAB can be leaked on an error path.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Matt Caswell
c72b8e069d Fix mem leak on error path
The mem pointed to by tmp can be leaked on an error path.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Matt Caswell
030648cea9 Ensure the mime_hdr_free function can handle NULLs
Sometimes it is called with a NULL pointer

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Matt Caswell
2b201c5c9d Ensure CT_POLICY_EVAL_CTX_free behaves properly with a NULL arg
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-23 00:19:15 +01:00
Rich Salz
464d59a5bb RT2676: Reject RSA eponent if even or 1
Also, re-organize RSA check to use goto err.
Add a test case.
Try all checks, not just stopping at first (via Richard Levitte)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-22 11:25:12 -04:00
Kazuki Yamaguchi
0110a47036 Fix a memory leak in EC_GROUP_get_ecparameters()
The variable 'buffer', allocated by EC_POINT_point2buf(), isn't
free'd on the success path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 15:10:03 +01:00
Andy Polyakov
3ba1ef829c bn/asm/x86[_64]-mont*.pl: implement slightly alternative page-walking.
Original strategy for page-walking was adjust stack pointer and then
touch pages in order. This kind of asks for double-fault, because
if touch fails, then signal will be delivered to frame above adjusted
stack pointer. But touching pages prior adjusting stack pointer would
upset valgrind. As compromise let's adjust stack pointer in pages,
touching top of the stack. This still asks for double-fault, but at
least prevents corruption of neighbour stack if allocation is to
overstep the guard page.

Also omit predict-non-taken hints as they reportedly trigger illegal
instructions in some VM setups.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 14:58:32 +02:00
Kazuki Yamaguchi
099e2968ed Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46f33
("Check for errors in BN_bn2dec()").

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-22 13:38:48 +01:00
Andy Polyakov
1194ea8dc3 crypto/pkcs12: facilitate accessing data with non-interoperable password.
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:59 +02:00
Andy Polyakov
b799aef863 crypto/pkcs12: default to UTF-8.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:52:55 +02:00
Andy Polyakov
9e6b2f54e4 crypto/pkcs12: add UTF8 support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-22 13:50:04 +02:00
Matt Caswell
5dfd03812c Fix enable-zlib
The enable-zlib option was broken by the recent "const" changes.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-22 09:43:13 +01:00
Andy Polyakov
c1a7dcbe16 evp/bio_enc.c: refine non-overlapping logic.
RT#4628

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-21 23:34:12 +02:00
Andy Polyakov
2e929e538c ecp_nistz256.c: get is_one on 32-bit platforms right.
Thanks to Brian Smith for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-21 22:16:48 +02:00
Rich Salz
5a7ad1f08b Move BIO index lock creation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-21 14:18:09 -04:00
Dr. Stephen Henson
0b7347effe Add X509_getm_notBefore, X509_getm_notAfter
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.

Rename X509_SIG_get0_mutable to X509_SIG_getm.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-08-21 18:25:23 +01:00
Kurt Roeckx
a73be798ce Fix off by 1 in ASN1_STRING_set()
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #3176
2016-08-20 18:53:56 +02:00
Rich Salz
8b8d963db5 Add BIO_get_new_index()
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-08-19 21:04:41 -04:00
Dr. Stephen Henson
568ce3a583 Constify certificate and CRL time routines.
Update certificate and CRL time routines to match new standard.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19 18:40:55 +01:00
Dr. Stephen Henson
3a60d6fa2f Avoid duplicated code.
The certificate and CRL time setting functions used similar code,
combine into a single utility function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-19 16:52:58 +01:00
Matt Caswell
28da14555f Convert PKCS12* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-19 15:46:19 +01:00
Dr. Stephen Henson
68c12bfc66 Add X509_get0_serialNumber() and constify OCSP_cert_to_id()
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 12:47:31 +01:00
Dr. Stephen Henson
11222483d7 constify X509_REQ_get0_signature()
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 12:47:31 +01:00
Dr. Stephen Henson
60c2587369 constify i2o_ECPublicKey
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 12:44:18 +01:00
Dr. Stephen Henson
095d2f0f8a Constify i2a*
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-18 17:20:36 +01:00
Matt Caswell
604f6eff31 Convert X509_REVOKED* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-18 11:59:39 +01:00
Richard Levitte
8d00e30f96 Don't try to init dasync internally
Since dasync isn't installed, and is only ever used as a dynamic
engine, there's no reason to consider it for initialization when
building static engines.

Reviewed-by: Ben Laurie <ben@openssl.org>
2016-08-17 21:34:42 +02:00
Dr. Stephen Henson
59b4da05b4 Constify X509_SIG.
Constify X509_SIG_get0() and order arguments to mactch new standard.

Add X509_SIG_get0_mutable() to support modification or initialisation
of an X509_SIG structure.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-17 17:48:43 +01:00
Dr. Stephen Henson
5ebd2fcbc7 Constify X509_certificate_type()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 14:59:54 +01:00
Dr. Stephen Henson
8adc1cb851 Constify X509_get0_signature()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 14:12:55 +01:00
Dr. Stephen Henson
8900f3e398 Convert X509* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 13:59:04 +01:00
Matt Caswell
5e6089f0eb Convert X509_CRL* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 13:38:03 +01:00
Matt Caswell
6eabcc839f Make X509_NAME_get0_der() conform to OpenSSL style
Put the main object first in the params list.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 13:03:04 +01:00
Matt Caswell
79613ea844 Convert OCSP* functions to use const getters
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-17 12:29:03 +01:00
Dr. Stephen Henson
245c6bc33b Constify private key decode.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
ac4e257747 constify X509_ALGOR_get0()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Dr. Stephen Henson
0c8006480f Constify ASN1_item_unpack().
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-17 12:01:29 +01:00
Matt Caswell
b2e57e094d Convert PKCS8* functions to use const getters
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:27 +01:00
Matt Caswell
bb2f62baba Convert TS_STATUS_INFO* functions to use const getters
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-16 23:36:27 +01:00
Gergely Nagy
1bb7310bf8 Fix compilation when using MASM on x86
The generated asm code from x86cpuid.pl contains CMOVE instructions
which are only available on i686 and later CPUs.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1459)
2016-08-16 14:46:55 -04:00
Dr. Stephen Henson
17ebf85abd Add ASN1_STRING_get0_data(), deprecate ASN1_STRING_data().
Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 16:05:35 +01:00
Andy Polyakov
05ef4d1980 ARMv8 assembly pack: add Samsung Mongoose results.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-16 12:47:49 +02:00
Dr. Stephen Henson
66bcba1457 Limit reads in do_b2i_bio()
Apply a limit to the maximum blob length which can be read in do_d2i_bio()
to avoid excessive allocation.

Thanks to Shi Lei for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 00:27:10 +01:00
Dr. Stephen Henson
8b9afbc0fc Check for errors in a2d_ASN1_OBJECT()
Check for error return in BN_div_word().

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-16 00:19:19 +01:00
Dr. Stephen Henson
07bed46f33 Check for errors in BN_bn2dec()
If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.

Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.

Thanks to Shi Lei for reporting this bug.

CVE-2016-2182

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-16 00:19:19 +01:00
Rob Percival
11c68ceaa6 Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions
They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15 12:56:47 -04:00
Rob Percival
a1bb7708ce Improves CTLOG_STORE setters
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15 12:56:47 -04:00
Jakub Zelenka
0818dbadf3 Never return -1 from BN_exp
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1455)
2016-08-14 20:52:13 +01:00
Dr. Stephen Henson
bc7bfb83b7 Remove old EC based X25519 code.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
3bca6c2731 Add encoded points to other EC curves too.
Add encoded point ctrl support for other curves: this makes it possible
to handle X25519 and other EC curve point encoding in a similar way
for TLS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
5d6aaf8a9d Add point ctrls to X25519
Add ctrl operations to set or retrieve encoded point in
EVP_PKEY structures containing X25519 keys.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:05 +01:00
Dr. Stephen Henson
262bd85fde Add X25519 methods to internal tables
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
873feeb9cf add to build.info
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
59bf0f031f make errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
756b198d24 X25519 public key methods
Add X25519 methods to match current key format defined in
draft-ietf-curdle-pkix-02

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
a4cb54d257 Fix type of ptr field.
Since "ptr" is used to handle arbitrary other types it should be
void *.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Dr. Stephen Henson
4950f8885c Use OIDs from draft-ietf-curdle-pkix-02
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-13 14:11:04 +01:00
Andy Polyakov
d40a13af5d crypto/sparcv9cap.c: add missing declaration.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-12 10:26:20 +02:00
Andy Polyakov
6ebce6803e crypto/ui/ui_openssl.c: let new-line through after query in Windows path.
Originally new-line was suppressed, because double new-line was
observed under wine. But it appears rather to be a wine bug,
because on real Windows new-line is much needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-11 14:36:54 +02:00
Andy Polyakov
a5a95f8d65 crypto/sparcv9cap.c: fix overstep in getisax.
Problem was introduced in 299ccadcdb
as future extension, i.e. at this point it wasn't an actual problem,
because uninitialized capability bit was not actually used.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-11 13:46:06 +02:00
Andy Polyakov
7123aa81e9 sha/asm/sha1-x86_64.pl: fix crash in SHAEXT code on Windows.
RT#4530

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-11 13:39:57 +02:00
jamercee
b4c1d72e9f Adapt BIO_new_accept() to call BIO_set_accept_name()
Commit 417be66 broken BIO_new_accept() by changing the definition of the
macro BIO_set_accept_port() which stopped acpt_ctrl() from calling
BIO_parse_hostserv(). This commit completes the series of changes
initiated in 417be66.

Updated pods to reflect new definition introduced by 417be66.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1386)
2016-08-10 11:07:42 -04:00
Rich Salz
2301d91dd5 Change callers to use the new constants.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1429)
2016-08-10 10:07:37 -04:00
Kurt Roeckx
5898b8eb87 Fix spelling of error code
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1421)
2016-08-10 09:58:57 -04:00
Rich Salz
3663990760 Add some const casts
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1397)
2016-08-10 09:53:58 -04:00
Tomas Mraz
ca1cb0d434 Fix irregularities in GENERAL_NAME_print().
Add colon when printing Registered ID.
Remove extra space when printing DirName.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1401)
2016-08-05 21:36:42 -04:00
Rob Percival
a6f5d614c5 Mkae CT_log_new_from_base64 always return 0 on failure
In one failure case, it used to return -1. That failure case
(CTLOG_new() returning NULL) was not usefully distinct from all of the
other failure cases.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1407)
2016-08-05 21:34:59 -04:00
klemens
6025001707 spelling fixes, just comments and readme.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
2016-08-05 19:07:30 -04:00
Rob Percival
1ccbe6b32c Removes CTLOG_new_null from the CT public API
This is an entirely useless function, given that CTLOG is publicly
immutable.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1406)
2016-08-05 18:49:58 -04:00
Dr. Stephen Henson
39a4328031 Sanity check input length in OPENSSL_uni2asc().
Thanks to Hanno Böck for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 18:58:56 +01:00
Dr. Stephen Henson
3dc87806ce Free buffer in a2i_ASN1_INTEGER() on error path.
Thank to Shi Lei for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 16:36:17 +01:00
Rich Salz
219116d866 Remove get_hash completely
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1389)
2016-08-04 14:23:08 -04:00
Rich Salz
412c8507ee Remove "lockit" from internal error-hash function
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1389)
2016-08-04 14:23:08 -04:00
Dr. Stephen Henson
20fc103f78 Limit status message sisze in ts_get_status_check
Thanks to Shi Lei for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-04 17:34:28 +01:00
FdaSilvaYY
c47ba4e96c Constify some ASN1_OBJECT *obj input parameters
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
cfc5e0aa73 Constify inputs of two X509_LOOKUP_METHOD methods
... get_by_fingerprint() and get_by_alias()

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
924212a670 Constify input buffer
of X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_ENTRY_create_by_NID

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
69b017f66b Constify two internal methods
- append_ia5
- old_entry_print

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
FdaSilvaYY
f48ebf9f4c Constify ASN1_INTEGER_get, ASN1_ENUMERATED_get
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-04 17:02:48 +02:00
Richard Levitte
5fc2c6896d VSI submission: make the VMS version of RAND_poll() faster and more secure
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-04 16:51:39 +02:00
Richard Levitte
fda2767347 VSI submisson: make better use of item lists in o_time.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-04 16:51:39 +02:00
Richard Levitte
790555d675 Don't check any revocation info on proxy certificates
Because proxy certificates typically come without any CRL information,
trying to check revocation on them will fail.  Better not to try
checking such information for them at all.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-03 16:05:28 +02:00
Dr. Stephen Henson
56f9953c84 Check for overlows and error return from ASN1_object_size()
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-02 13:40:32 +01:00
Dr. Stephen Henson
e9f17097e9 Check for overflows in ASN1_object_size().
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-02 13:40:32 +01:00
FdaSilvaYY
700b814549 Fix some style issues...
extra spacing and 80 cols

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1366)
2016-08-02 09:59:23 +02:00
Dr. Stephen Henson
b26ab17f3d Constify some X509_CRL, X509_REQ functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 19:53:43 +01:00
Dr. Stephen Henson
67302ade22 Constify some X509_CRL functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 19:53:43 +01:00
Dr. Stephen Henson
5d8d9a8efa Add DSA_bits() function.
RT#4637

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 19:37:42 +01:00
Richard Levitte
ef8938c3e8 Forgotten make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 16:14:41 +02:00
Richard J. Moore
3c8537765c Const the ex data stuff too to fix warnings
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 16:13:27 +02:00
Richard J. Moore
4a9a0d9bcb Const EC_KEY_dup
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 16:13:27 +02:00
Wim Lewis
505aee296d Additional CMS content types from RFC 4073, RFC 5083, and RFC 5084.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1355)
2016-08-01 09:33:12 -04:00
Matt Caswell
febb096c4c Fix bad result in i2b_PVK()
The function i2b_PVK() was returning a bad pointer causing subsequent
crashes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 12:11:21 +01:00
Matt Caswell
1e7c159d0d Fix param order in RSA_get0_key
Some calls to RSA_get0_key had the parameters in the wrong order causing a
failure.

GitHub Issue #1368

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 12:10:11 +01:00
Ben Laurie
620c6ad312 Fix various no-*s.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 11:30:33 +01:00
Andy Polyakov
087d3e8993 crypto/ui/ui_openssl.c: UTF-y Windows code path.
Windows never composes UTF-8 strings as result of user interaction
such as input query. The only way to compose one is programmatic
conversion from WCHAR string, which in turn can be picked up with
ReadConsoleW.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-01 10:10:28 +02:00
Andy Polyakov
abdb460d8a evp/bio_enc.c: perform enc_read operation without using overlapping buffers.
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-31 17:03:21 +02:00
Andy Polyakov
83151b73a4 evp/evp_enc.c: make assert error message more readable
and add EVPerr(PARTIALLY_OVERLAPPED)

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-07-31 17:03:11 +02:00
Richard J. Moore
22293ea1cc Ignore the serial number for now and just do the rest.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-30 15:19:24 -04:00
Richard J. Moore
1421aeadd7 Make some more X509 functions const.
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1367)
2016-07-30 15:19:24 -04:00
Dr. Stephen Henson
e032117db2 Fix CRL time comparison.
Thanks to David Benjamin <davidben@google.com> for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-29 18:47:57 +01:00
Dr. Stephen Henson
976ef6adcc Note cipher BIO write errors too.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 22:42:31 +01:00
David Benjamin
e125c12f57 Use sk_CONF_VALUE_pop_free in do_ext_nconf error path.
8605abf135 fixed the nval leak, but it
used free instead of pop_free. nval owns its contents, so it should be
freed with pop_free. See the pop_free call a few lines down.

This is a no-op as, in this codepath, we must have nval == NULL or
sk_CONF_VALUE_num(nval) == 0. In those cases, free and pop_free are
identical. However, variables should be freed consistently.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1351)
2016-07-26 16:03:42 -04:00
Dr. Stephen Henson
ee6ce5cc36 Set error if EVP_CipherUpdate fails.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 16:51:49 +01:00
Dr. Stephen Henson
ba1a1c3783 Deprecate X509_LU_FAIL, X509_LU_RETRY
Instead of X509_LU_FAIL, X509_LU_RETRY use 0/1 for return values.

RT#4577

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 16:23:02 +01:00
Dr. Stephen Henson
0946a19886 Use X509_LOOKUP_TYPE for lookup type consistently.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 16:23:02 +01:00
Dr. Stephen Henson
fc9d1ef39c Remove current_method from X509_STORE_CTX
Remove current_method: it was intended as a means of retrying
lookups bit it was never used. Now that X509_verify_cert() is
a "one shot" operation it can never work as intended.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-26 16:23:02 +01:00
FdaSilvaYY
9d7bfb14dd Discard BIO_set(BIO* bio) method
Simplify BIO init using OPENSSL_zalloc().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1261)
2016-07-25 13:48:32 -04:00
Richard Levitte
fe0169b097 Make it possible for external code to set the certiciate proxy path length
This adds the functions X509_set_proxy_pathlen(), which sets the
internal pc path length cache for a given X509 structure, along with
X509_get_proxy_pathlen(), which retrieves it.

Along with the previously added X509_set_proxy_flag(), this provides
the tools needed to manipulate all the information cached on proxy
certificates, allowing external code to do what's necessary to have
them verified correctly by the libcrypto code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:36:39 +02:00
Richard Levitte
3067095e8a Add X509_STORE lock and unlock functions
Since there are a number of function pointers in X509_STORE that might
lead to user code, it makes sense for them to be able to lock the
store while they do their work.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:33:41 +02:00
Richard Levitte
0a5fe2eb94 Add setter and getter for X509_STORE's check_policy
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:20:58 +02:00
Richard Levitte
1060a50b6d Add getters / setters for the X509_STORE_CTX and X509_STORE functions
We only add setters for X509_STORE function pointers except for the
verify callback function.  The thought is that the function pointers
in X509_STORE_CTX are a cache for the X509_STORE functions.
Therefore, it's preferable if the user makes the changes in X509_STORE
before X509_STORE_CTX_init is called, and otherwise use the verify
callback to override any results from OpenSSL's internal
calculations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 17:20:58 +02:00
FdaSilvaYY
1e4c66f953 explicit init
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)
2016-07-25 08:35:39 -04:00
FdaSilvaYY
ceab33e2cf Typo and comment fix
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1301)
2016-07-25 08:35:39 -04:00
FdaSilvaYY
c7d13c138c Constify X509|X509_CRL|X509_REVOKED_get_ext
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
7569362ebb Constify ... X509|X509_CRL|X509_REVOKED|_get_ext*()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
fdaf7beec5 Constify ...
X509_REVOKED_get0_extensions
X509_check_private_key

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
84de54b91e Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
a6a283b394 Constify i2s_ASN1_INTEGER, X509V3_get_d2i
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
333ed02c8a Constify input parameters of methods :
- X509_NAME_entry_count, X509_ATTRIBUTE_count
 - X509_NAME_add_entry_by_OBJ, X509_NAME_ENTRY_create_by_OBJ, X509_NAME_ENTRY_set_object

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
d3d5dc607a Enforce and explicit some const casting
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
e83f154f6c Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
dbf89a9b94 Constify ASN1_buf_print
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
08275a29c1 Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ASN1_TYPE_get_octetstring & co...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
0aa25a68c0 Constify SXNET_add_id_*
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
25d57dc71b Constify EC_KEY_*_oct2priv() input buffer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
c17dd597ac Constify CMS_decrypt_set1_key input buffer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
FdaSilvaYY
b4bb825fff Constify engine/eng_cnf.c internal method.
simplify and reindent some related code.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1300)
2016-07-25 08:20:00 -04:00
Jakub Zelenka
c1054bb4d2 Add EVP_ENCODE_CTX_copy
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1344)
2016-07-24 19:23:00 +01:00
Richard Levitte
f46c2597ab Properly initialise the internal proxy certificate path length cache
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-23 11:35:30 +02:00
Richard Levitte
9961cb7768 Make it possible for external code to flag a certificate as a proxy one.
This adds the function X509_set_proxy_flag(), which sets the internal flag
EXFLAG_PROXY on a given X509 structure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-23 11:35:23 +02:00
Dr. Stephen Henson
626aa24849 Use newest CRL.
If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.

RT#4615

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-22 16:13:56 +01:00
Dr. Stephen Henson
0ed26acce3 Fix OOB read in TS_OBJ_print_bio().
TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-22 15:15:17 +01:00
Kurt Roeckx
1618679ac4 Cast to an unsigned type before negating
llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in type
'long'; cast to an unsigned type to negate this value to itself

Found using afl

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1325
2016-07-20 19:25:16 +02:00
Kurt Roeckx
69588edbaa Check for errors allocating the error strings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
2016-07-20 19:20:53 +02:00
Dr. Stephen Henson
8cc44d970c Don't allocate r/s in DSA_SIG and ECDSA_SIG
To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().

RT#4590

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-20 14:02:54 +01:00
Dr. Stephen Henson
23dd0c9f8d fix crypto-mdebug build
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-20 12:41:31 +01:00
FdaSilvaYY
e8aa8b6c8f Fix a few if(, for(, while( inside code.
Fix some indentation at the same time

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1292)
2016-07-20 07:21:53 -04:00
FdaSilvaYY
1c72f70df4 Use more X509_REQ_get0_pubkey & X509_get0_pubkey
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1284)
2016-07-20 01:35:38 -04:00
Todd Short
415e7c488e OCSP_request_add0_id() inconsistent error return
There are two failure cases for OCSP_request_add_id():
1. OCSP_ONEREQ_new() failure, where |cid| is not freed
2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed

This changes makes the error behavior consistent, such that |cid| is
not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
ownership of |cid| when the function succeeds.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1289)
2016-07-20 01:24:57 -04:00
Richard Levitte
963f043d04 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-19 23:49:54 +02:00
Richard Levitte
c2e4e5d248 Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
That way, we have a way to check if the init function was successful
or not.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-19 23:49:54 +02:00
Rich Salz
aebb9aac48 RT4593: Add space after comma (doc nits)
Update find-doc-nits to find errors in SYNOPSIS (the most common
place where they were missing).

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-19 09:29:53 -04:00
mrpre
02f730b347 Cleanup after sk_push fail
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1281)
2016-07-19 07:27:47 -04:00
Dr. Stephen Henson
ad72d9fdf7 Check and print out boolean type properly.
If underlying type is boolean don't check field is NULL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 02:33:05 +01:00
Dr. Stephen Henson
3cea73a7fc Fix print of ASN.1 BIGNUM type.
The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-18 17:53:05 +01:00
Matt Caswell
3c49b2e0cd Fix mingw build
Mingw builds on Travis were failing because INT_MAX was undeclared.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-18 10:47:07 +01:00
Andy Polyakov
9515accaf9 aes/asm/aesfx-sparcv9.pl: switch to fshiftorx to improve single-block
and short-input performance.

[Fix bug in misaligned output handling.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-16 23:38:44 +02:00
Andy Polyakov
8604a6e0e5 SPARC assembly pack: enforce V8+ ABI constraints.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-16 23:37:37 +02:00
Andy Polyakov
365f95ad53 evp/e_aes.c: wire new CBC and CTR subroutines from aesfx-sparcv9.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-16 23:37:31 +02:00