Commit graph

12286 commits

Author SHA1 Message Date
Dr. Stephen Henson
3dc160e9be Fix CRL time comparison.
Thanks to David Benjamin <davidben@google.com> for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e032117db2)
2016-07-29 18:49:12 +01:00
Rich Salz
cdddc96d5d Add missing casts.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-07-28 11:48:59 -04:00
Dr. Stephen Henson
68bc6b7a36 Note cipher BIO write errors too.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 976ef6adcc)

Conflicts:
	crypto/evp/bio_enc.c
2016-07-26 22:45:04 +01:00
Dr. Stephen Henson
97a7b2ebd9 Set error if EVP_CipherUpdate fails.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit ee6ce5cc36)

Conflicts:
	crypto/evp/bio_enc.c
2016-07-26 17:12:46 +01:00
Dr. Stephen Henson
325da8231c Use newest CRL.
If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.

RT#4615

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 626aa24849)
2016-07-22 16:15:02 +01:00
Dr. Stephen Henson
02f873c541 Send alert for bad DH CKE
RT#4511

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-22 16:02:07 +01:00
Dr. Stephen Henson
b746aa3fe0 Fix OOB read in TS_OBJ_print_bio().
TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0ed26acce3)
2016-07-22 15:16:31 +01:00
Dr. Stephen Henson
b880283683 Clarify digest change in HMAC_Init_ex()
RT#4603

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-22 14:11:13 +01:00
Todd Short
941d9fb6bd OCSP_request_add0_id() inconsistent error return
There are two failure cases for OCSP_request_add_id():
1. OCSP_ONEREQ_new() failure, where |cid| is not freed
2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed

This changes makes the error behavior consistent, such that |cid| is
not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
ownership of |cid| when the function succeeds.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1289)
(cherry picked from commit 415e7c488e)
2016-07-20 01:29:16 -04:00
Dr. Stephen Henson
b5c835b399 Sanity check in ssl_get_algorithm2().
RT#4600

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 52eede5a97)

Conflicts:
	ssl/s3_lib.c
2016-07-20 00:14:36 +01:00
Dr. Stephen Henson
9ae9cbc0c7 Send alert on CKE error.
RT#4610

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 17:20:58 +01:00
Dr. Stephen Henson
6d3b5eeb51 Support PKCS v2.0 print in pkcs12 utility.
Extended alg_print() in pkcs12 utility to support PBES2 algorithms.

RT#4588

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 12:32:05 +01:00
Dr. Stephen Henson
59eefa115a Check and print out boolean type properly.
If underlying type is boolean don't check field is NULL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit ad72d9fdf7)
2016-07-19 02:33:34 +01:00
Dr. Stephen Henson
1a2e1334a2 Fix print of ASN.1 BIGNUM type.
The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3cea73a7fc)

Conflicts:
	crypto/asn1/x_bignum.c
2016-07-18 19:42:12 +01:00
Richard Levitte
25dfe50b51 Remove the silly CVS markers from LPdir_*.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 28e90f69fb)
2016-07-16 09:04:56 +02:00
Richard Levitte
427b22646d Fix ASN.1 private encode of EC_KEY to not change the input key
RT#4611

Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit b8a7bd83e6)
2016-07-15 15:17:31 +02:00
Matt Caswell
e88a5cfc2c Disallow multiple protocol flags to s_server and s_client
We shouldn't allow both "-tls1" and "-tls1_2", or "-tls1" and "-no_tls1_2".
The only time multiple flags are allowed is where they are all "-no_<prot>".

This fixes Github Issue #1268

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-08 16:24:00 +01:00
Orgad Shaneh
23aec60661 Fix compilation with CMS disabled
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1293)
2016-07-06 08:44:51 +03:00
Dr. Stephen Henson
9bda728801 Don't indicate errors during initial adb decode.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit b385889640)
2016-07-06 02:41:55 +01:00
Cristian Stoica
6c6bd9bc2f remove double initialization of cryptodev engine
cryptodev engine is initialized together with the other engines in
ENGINE_load_builtin_engines. The initialization done through
OpenSSL_add_all_algorithms is redundant.

Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-05 22:56:45 +02:00
Matt Caswell
77857ddcca Avoid an overflow in constructing the ServerKeyExchange message
We calculate the size required for the ServerKeyExchange message and then
call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
2 bytes required for the signature algorithm and 2 bytes for the signature
length, i.e. we could overflow by 4 bytes. In reality this won't happen
because the buffer is pre-allocated to a large size that means it should be
big enough anyway.

Addresses an OCAP Audit issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 19:26:12 +01:00
Andy Polyakov
cbffd2d9ca SPARC assembly pack: enforce V8+ ABI constraints.
Even though it's hard to imagine, it turned out that upper half of
arguments passed to V8+ subroutine can be non-zero.

["n" pseudo-instructions, such as srln being srl in 32-bit case and
srlx in 64-bit one, were implemented in binutils 2.10. It's assumed
that Solaris assembler implemented it around same time, i.e. 2000.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f198cc43a0)
2016-07-01 14:26:21 +02:00
Matt Caswell
cb5ebf9613 Convert memset calls to OPENSSL_cleanse
Ensure things really do get cleared when we intend them to.

Addresses an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-30 15:53:44 +01:00
Richard Levitte
6ad8c48291 Allow proxy certs to be present when verifying a chain
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-29 23:13:54 +02:00
Richard Levitte
30aeb31281 Fix proxy certificate pathlength verification
While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly.  This corresponds to
RFC 3820, 4.1.4 (a).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-29 23:13:54 +02:00
Richard Levitte
338fb1688f Check that the subject name in a proxy cert complies to RFC 3820
The subject name MUST be the same as the issuer name, with a single CN
entry added.

RT#1852

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-29 23:13:54 +02:00
Matt Caswell
ad64a69e02 Change usage of RAND_pseudo_bytes to RAND_bytes
RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-27 15:00:08 +01:00
Rich Salz
f3dbce6634 RT2964: Fix it via doc
OBJ_nid2obj() and friends should be treated as const.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5d28ff38fd)
2016-06-26 09:26:19 -04:00
Rich Salz
345b8400c1 Revert "RT2964: Fix it via doc"
This reverts commit 58b18779ba.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-06-25 22:09:05 -04:00
Rich Salz
58b18779ba RT2964: Fix it via doc
OBJ_nid2obj() and friends should be treated as const.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 82f31fe4dd)
2016-06-25 16:40:51 -04:00
Matt Caswell
1bb0918c3d Ensure HMAC key gets cleansed after use
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 0def528bc5)
2016-06-24 13:28:29 +01:00
Matt Caswell
bd598cc405 Fix ASN1_STRING_to_UTF8 could not convert NumericString
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte

Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d6079a87db)
2016-06-23 20:51:28 +01:00
Andy Polyakov
ecb044db58 doc/crypto/OPENSSL_ia32cap.pod: harmonize with actual declaration.
[Note that in master declaration is different.]

RT#4568

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-22 20:18:17 +02:00
John Foley
a43cfd7bb1 RT3752: Add FIPS callback for thread id
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-06-21 16:49:26 -04:00
Richard Levitte
482449624c Fix missing opening braces
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 21:26:31 +02:00
Dr. Matthias St. Pierre
398260af10 RT3925: Remove trailing semi from #define's.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-20 15:12:16 -04:00
Richard Levitte
141f8da7b6 apps/req.c: Increment the right variable when parsing '+'
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 14d3c0dd2c)
2016-06-20 20:15:44 +02:00
Andy Polyakov
c3bc7f4988 aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4973a60cb9)
2016-06-20 12:31:39 +02:00
Andy Polyakov
b62e9bf5cb aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure.
RT#4578

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3d32bab8f1)
2016-06-20 12:31:27 +02:00
Rich Salz
d0a2bb1f94 RT4545: Backport 2877 to 1.0.2
Sender verified that the fix works.  This is a backport/cherry-pick
of just the bugfix part of 0f91e1dff4

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 14:39:56 -04:00
Matt Caswell
c144b4edda Revert "RT4526: Call TerminateProcess, not ExitProcess"
This reverts commit 75f90688fb.

TerminateProcess is asynchronous, so the code as written in the above
commit is not correct (and doesn't even compile at the moment). It is
also probably not needed in the speed case. Reverting in order to figure
out the correct solution.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-16 16:21:05 +01:00
Pauli
d9e6d77164 RT4573: Synopsis for RAND_add is wrong
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-16 07:28:49 -04:00
Rich Salz
75f90688fb RT4526: Call TerminateProcess, not ExitProcess
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 9c1a9ccf65)
2016-06-15 13:42:17 -04:00
Richard Levitte
5e102f96eb Change (!seqtt) to (seqtt == NULL)
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit fdcb499cc2)
2016-06-15 01:42:40 +02:00
Richard Levitte
a9b2346524 Always check that the value returned by asn1_do_adb() is non-NULL
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit bace847eae)
2016-06-15 01:42:40 +02:00
Rich Salz
95fb422ace RT4546: Backport doc fix
Reviewed-by: Matt Caswell <matt@openssl.org>
Manual cherry-pick of 538860a3ce.
2016-06-14 15:04:33 -04:00
Dr. Stephen Henson
c421067331 Fix omitted selector handling.
The selector field could be omitted because it has a DEFAULT value.
In this case *sfld == NULL (sfld can never be NULL). This was not
noticed because this was never used in existing ASN.1 modules.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 7c46746bf2)
2016-06-14 19:16:19 +01:00
Andy Polyakov
32957936b5 crypto/sparccpuid.S: limit symbol visibility.
Couple of never-used symbols were clasing with FIPS module, "weakening"
them allows to resolve linking errors.

RT#3699

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 19:44:56 +02:00
Rich Salz
dd8a1f2016 RT4562: Backport doc fix.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-14 12:44:27 -04:00
Rich Salz
beb4c4518c RT4560: Initialize variable to NULL
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-13 09:33:17 -04:00