Commit graph

12256 commits

Author SHA1 Message Date
Matt Caswell
1bb0918c3d Ensure HMAC key gets cleansed after use
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 0def528bc5)
2016-06-24 13:28:29 +01:00
Matt Caswell
bd598cc405 Fix ASN1_STRING_to_UTF8 could not convert NumericString
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte

Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d6079a87db)
2016-06-23 20:51:28 +01:00
Andy Polyakov
ecb044db58 doc/crypto/OPENSSL_ia32cap.pod: harmonize with actual declaration.
[Note that in master declaration is different.]

RT#4568

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-22 20:18:17 +02:00
John Foley
a43cfd7bb1 RT3752: Add FIPS callback for thread id
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-06-21 16:49:26 -04:00
Richard Levitte
482449624c Fix missing opening braces
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 21:26:31 +02:00
Dr. Matthias St. Pierre
398260af10 RT3925: Remove trailing semi from #define's.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-20 15:12:16 -04:00
Richard Levitte
141f8da7b6 apps/req.c: Increment the right variable when parsing '+'
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 14d3c0dd2c)
2016-06-20 20:15:44 +02:00
Andy Polyakov
c3bc7f4988 aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4973a60cb9)
2016-06-20 12:31:39 +02:00
Andy Polyakov
b62e9bf5cb aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure.
RT#4578

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3d32bab8f1)
2016-06-20 12:31:27 +02:00
Rich Salz
d0a2bb1f94 RT4545: Backport 2877 to 1.0.2
Sender verified that the fix works.  This is a backport/cherry-pick
of just the bugfix part of 0f91e1dff4

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 14:39:56 -04:00
Matt Caswell
c144b4edda Revert "RT4526: Call TerminateProcess, not ExitProcess"
This reverts commit 75f90688fb.

TerminateProcess is asynchronous, so the code as written in the above
commit is not correct (and doesn't even compile at the moment). It is
also probably not needed in the speed case. Reverting in order to figure
out the correct solution.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-16 16:21:05 +01:00
Pauli
d9e6d77164 RT4573: Synopsis for RAND_add is wrong
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-16 07:28:49 -04:00
Rich Salz
75f90688fb RT4526: Call TerminateProcess, not ExitProcess
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 9c1a9ccf65)
2016-06-15 13:42:17 -04:00
Richard Levitte
5e102f96eb Change (!seqtt) to (seqtt == NULL)
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit fdcb499cc2)
2016-06-15 01:42:40 +02:00
Richard Levitte
a9b2346524 Always check that the value returned by asn1_do_adb() is non-NULL
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit bace847eae)
2016-06-15 01:42:40 +02:00
Rich Salz
95fb422ace RT4546: Backport doc fix
Reviewed-by: Matt Caswell <matt@openssl.org>
Manual cherry-pick of 538860a3ce.
2016-06-14 15:04:33 -04:00
Dr. Stephen Henson
c421067331 Fix omitted selector handling.
The selector field could be omitted because it has a DEFAULT value.
In this case *sfld == NULL (sfld can never be NULL). This was not
noticed because this was never used in existing ASN.1 modules.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 7c46746bf2)
2016-06-14 19:16:19 +01:00
Andy Polyakov
32957936b5 crypto/sparccpuid.S: limit symbol visibility.
Couple of never-used symbols were clasing with FIPS module, "weakening"
them allows to resolve linking errors.

RT#3699

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 19:44:56 +02:00
Rich Salz
dd8a1f2016 RT4562: Backport doc fix.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-14 12:44:27 -04:00
Rich Salz
beb4c4518c RT4560: Initialize variable to NULL
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-13 09:33:17 -04:00
Dr. Stephen Henson
ccd582c2f1 Fix link error.
Use string_to_hex, OPENSSL_hexstr2buf() doesn't exist in OpenSSL 1.0.2

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-12 21:28:12 -04:00
Andy Polyakov
6397ac585d crypto/mem.c: drop reference to cleanse_ctr and fix no-asm builds.
crypto/mem_clr.c was harmonized with master branch and doesn't use
cleanse_ctr kludge anymore.

RT#4563

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-12 23:59:24 +02:00
Dr. Stephen Henson
80e07cc7f0 Don't skip leading zeroes in PSK keys.
Don't use BN_hex2bn() for PSK key conversion as the conversion to
BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead.

RT#4554

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 6ec6d52071)

Conflicts:
	apps/s_client.c
	apps/s_server.c
2016-06-12 20:10:51 +01:00
Phillip Hellewell
63b2499b67 RT3053: Check for NULL before dereferencing
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6b3602882e)
2016-06-12 07:54:31 -04:00
Andy Polyakov
5bbdc26cad crypto/mem_clr.c: switch to OPENSSL_cleanse implementation from master.
It's probably worth reminding that this is a fall-back implementation
for platforms that don't have assembly OPENSSL_cleanse.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-12 13:47:57 +02:00
Andy Polyakov
4f0b6e6775 hmac/hmac.c: switch to OPENSSL_cleanse.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-12 13:47:32 +02:00
Matt Caswell
e6f65f769d Fix an error path leak in int X509_ATTRIBUTE_set1_data()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5000a6d121)
2016-06-10 16:45:04 +01:00
Matt Caswell
4457017587 Fix an error path leak in do_ext_nconf()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 8605abf135)
2016-06-10 16:44:06 +01:00
Matt Caswell
f6186cfba6 Fix seg fault in TS_RESP_verify_response()
The TS_RESP_verify_response() function is used for verifying the response
from a TSA. You can set the provided TS_VERIFY_CTX with different flags
depending on what aspects of the response you wish to verify.

A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME
flags without also specifying TS_VFY_SIGNATURE.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-10 14:36:21 +01:00
Matt Caswell
e4c4b2766b Add a BN_mod_word test()
The previous commit fixed a bug with BN_mod_word() which would have been
caught if we had a test for it. This commit adds one.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-07 21:58:55 +01:00
Matt Caswell
e82fd1b457 Fix BN_mod_word bug
On systems where we do not have BN_ULLONG (e.g. typically 64 bit systems)
then BN_mod_word() can return incorrect results if the supplied modulus is
too big.

RT#4501

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 37258dadaa)
2016-06-07 21:58:46 +01:00
Matt Caswell
b7d0f2834e More fix DSA, preserve BN_FLG_CONSTTIME
The previous "fix" still left "k" exposed to constant time problems in
the later BN_mod_inverse() call. Ensure both k and kq have the
BN_FLG_CONSTTIME flag set at the earliest opportunity after creation.

CVE-2016-2178

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-07 09:14:32 +01:00
Cesar Pereida
621eaf49a2 Fix DSA, preserve BN_FLG_CONSTTIME
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.

CVE-2016-2178

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-06 11:27:55 +01:00
Matt Caswell
46bad91986 Fix documentation error in x509 app certopt flag
According to the x509 man page in the section discussing -certopt it says
that the ca_default option is the same as that used by the ca utility and
(amongst other things) has the effect of suppressing printing of the
signature - but in fact it doesn't. This error seems to have been present
since the documentation was written back in 2001. It never had this effect.

The default config file sets the certopt value to ca_default. The ca utility
takes that and THEN adds additional options to suppress printing of the
signature. So the ca utility DOES suppress printing of the signature - but
it is not as a result of using the ca_default option.

GitHub Issue #247

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 39a470088a)
2016-06-03 23:22:22 +01:00
Matt Caswell
96f1de5bf4 BIO_printf() can fail to print the last character
If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 20:31:24 +01:00
Jonas Maebe
f3cab0b11f cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors
zapparams modification based on tip from Matt Caswell

RT#3198

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-03 20:31:24 +01:00
Dirk Feytons
782a2be2ed Fix build with no-cmac
Add missing ifdefs. Same change is already present in master, see
b4a3aeebd9

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1155)
2016-06-03 13:03:29 -04:00
Matt Caswell
733f72f182 Update CONTRIBUTING
Fix typos and clarify a few things in the CONTRIBUTING file.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 17:12:08 +01:00
Matt Caswell
a004e72b95 Avoid some undefined pointer arithmetic
A common idiom in the codebase is:

if (p + len > limit)
{
    return; /* Too long */
}

Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS
message).

The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.

For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit!

Issue reported by Guido Vranken.

CVE-2016-2177

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-01 14:22:40 +01:00
FdaSilvaYY
f792c66304 Fix some missing inits
Backport of 8e89e85f55
From PR #1019 / #997

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1019)
2016-05-31 16:58:22 -04:00
Dr. Stephen Henson
fd785ca892 Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.

If key type is not initialised return missing parameters

RT#4149

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f72f00d495)
2016-05-31 13:26:54 +01:00
Matt Caswell
8e0a94a58a Check for malloc failure in EVP_PKEY_keygen()
After a call to EVP_PKEY_new() we should check for malloc failure.

RT#4180

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-26 16:13:08 +01:00
Matt Caswell
ada5de7ca1 The ssl3_digest_cached_records() function does not handle errors properly
The ssl3_digest_cached_records() function was failing to handle errors
that might be returned from EVP_DigestSignInit() and
EVP_DigestSignUpdate().

RT#4180

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-26 16:13:08 +01:00
Matt Caswell
649af484c8 Fix a mem leak on an error path in OBJ_NAME_add()
If lh_OBJ_NAME_insert() fails then the allocated |onp| value is leaked.

RT#2238

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 0a618df059)
2016-05-24 00:12:04 +01:00
Matt Caswell
e117522e75 Fix error return value in SRP functions
The functions SRP_Calc_client_key() and SRP_Calc_server_key() were
incorrectly returning a valid pointer in the event of error.

Issue reported by Yuan Jochen Kang

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 308ff28673)
2016-05-24 00:02:40 +01:00
Richard Levitte
d384bf39b1 openssl verify: only display the command usage on usage errors
All other errors should only display the error message.

RT#1866

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-20 16:57:35 +02:00
Richard Levitte
a531944796 Revert "Document the esc_2254 command line name option"
This reverts commit 54fc5795c9.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-20 16:21:50 +02:00
Richard Levitte
ca3c0d7c03 Revert "make update"
This reverts commit 7229a91a48.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-20 16:21:50 +02:00
Richard Levitte
d29d4b317b Revert "Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()"
This reverts commit 87728c6829.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-20 16:21:50 +02:00
Andy Polyakov
e10b54ca32 rand/randfile.c: remove _XOPEN_SOURCE definition.
Defintions of macros similar to _XOPEN_SOURCE belong in command line
or in worst case prior first #include directive in source. As for
macros is was allegedly controlling. One can argue that we are
probably better off demanding S_IS* macros but there are systems
that just don't comply, hence this compromise solution...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2e6d7799ff)
2016-05-20 16:05:15 +02:00