Commit graph

6302 commits

Author SHA1 Message Date
Dr. Stephen Henson
3dc160e9be Fix CRL time comparison.
Thanks to David Benjamin <davidben@google.com> for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e032117db2)
2016-07-29 18:49:12 +01:00
Dr. Stephen Henson
68bc6b7a36 Note cipher BIO write errors too.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 976ef6adcc)

Conflicts:
	crypto/evp/bio_enc.c
2016-07-26 22:45:04 +01:00
Dr. Stephen Henson
97a7b2ebd9 Set error if EVP_CipherUpdate fails.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit ee6ce5cc36)

Conflicts:
	crypto/evp/bio_enc.c
2016-07-26 17:12:46 +01:00
Dr. Stephen Henson
325da8231c Use newest CRL.
If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.

RT#4615

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 626aa24849)
2016-07-22 16:15:02 +01:00
Dr. Stephen Henson
b746aa3fe0 Fix OOB read in TS_OBJ_print_bio().
TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0ed26acce3)
2016-07-22 15:16:31 +01:00
Todd Short
941d9fb6bd OCSP_request_add0_id() inconsistent error return
There are two failure cases for OCSP_request_add_id():
1. OCSP_ONEREQ_new() failure, where |cid| is not freed
2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed

This changes makes the error behavior consistent, such that |cid| is
not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
ownership of |cid| when the function succeeds.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1289)
(cherry picked from commit 415e7c488e)
2016-07-20 01:29:16 -04:00
Dr. Stephen Henson
59eefa115a Check and print out boolean type properly.
If underlying type is boolean don't check field is NULL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit ad72d9fdf7)
2016-07-19 02:33:34 +01:00
Dr. Stephen Henson
1a2e1334a2 Fix print of ASN.1 BIGNUM type.
The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3cea73a7fc)

Conflicts:
	crypto/asn1/x_bignum.c
2016-07-18 19:42:12 +01:00
Richard Levitte
25dfe50b51 Remove the silly CVS markers from LPdir_*.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 28e90f69fb)
2016-07-16 09:04:56 +02:00
Richard Levitte
427b22646d Fix ASN.1 private encode of EC_KEY to not change the input key
RT#4611

Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit b8a7bd83e6)
2016-07-15 15:17:31 +02:00
Orgad Shaneh
23aec60661 Fix compilation with CMS disabled
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1293)
2016-07-06 08:44:51 +03:00
Dr. Stephen Henson
9bda728801 Don't indicate errors during initial adb decode.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit b385889640)
2016-07-06 02:41:55 +01:00
Cristian Stoica
6c6bd9bc2f remove double initialization of cryptodev engine
cryptodev engine is initialized together with the other engines in
ENGINE_load_builtin_engines. The initialization done through
OpenSSL_add_all_algorithms is redundant.

Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-05 22:56:45 +02:00
Andy Polyakov
cbffd2d9ca SPARC assembly pack: enforce V8+ ABI constraints.
Even though it's hard to imagine, it turned out that upper half of
arguments passed to V8+ subroutine can be non-zero.

["n" pseudo-instructions, such as srln being srl in 32-bit case and
srlx in 64-bit one, were implemented in binutils 2.10. It's assumed
that Solaris assembler implemented it around same time, i.e. 2000.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f198cc43a0)
2016-07-01 14:26:21 +02:00
Matt Caswell
cb5ebf9613 Convert memset calls to OPENSSL_cleanse
Ensure things really do get cleared when we intend them to.

Addresses an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-30 15:53:44 +01:00
Richard Levitte
30aeb31281 Fix proxy certificate pathlength verification
While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly.  This corresponds to
RFC 3820, 4.1.4 (a).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-29 23:13:54 +02:00
Richard Levitte
338fb1688f Check that the subject name in a proxy cert complies to RFC 3820
The subject name MUST be the same as the issuer name, with a single CN
entry added.

RT#1852

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-29 23:13:54 +02:00
Matt Caswell
ad64a69e02 Change usage of RAND_pseudo_bytes to RAND_bytes
RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-27 15:00:08 +01:00
Matt Caswell
1bb0918c3d Ensure HMAC key gets cleansed after use
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 0def528bc5)
2016-06-24 13:28:29 +01:00
Matt Caswell
bd598cc405 Fix ASN1_STRING_to_UTF8 could not convert NumericString
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte

Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d6079a87db)
2016-06-23 20:51:28 +01:00
John Foley
a43cfd7bb1 RT3752: Add FIPS callback for thread id
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-06-21 16:49:26 -04:00
Dr. Matthias St. Pierre
398260af10 RT3925: Remove trailing semi from #define's.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-20 15:12:16 -04:00
Andy Polyakov
c3bc7f4988 aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4973a60cb9)
2016-06-20 12:31:39 +02:00
Andy Polyakov
b62e9bf5cb aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure.
RT#4578

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3d32bab8f1)
2016-06-20 12:31:27 +02:00
Rich Salz
d0a2bb1f94 RT4545: Backport 2877 to 1.0.2
Sender verified that the fix works.  This is a backport/cherry-pick
of just the bugfix part of 0f91e1dff4

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 14:39:56 -04:00
Richard Levitte
5e102f96eb Change (!seqtt) to (seqtt == NULL)
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit fdcb499cc2)
2016-06-15 01:42:40 +02:00
Richard Levitte
a9b2346524 Always check that the value returned by asn1_do_adb() is non-NULL
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit bace847eae)
2016-06-15 01:42:40 +02:00
Dr. Stephen Henson
c421067331 Fix omitted selector handling.
The selector field could be omitted because it has a DEFAULT value.
In this case *sfld == NULL (sfld can never be NULL). This was not
noticed because this was never used in existing ASN.1 modules.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 7c46746bf2)
2016-06-14 19:16:19 +01:00
Andy Polyakov
32957936b5 crypto/sparccpuid.S: limit symbol visibility.
Couple of never-used symbols were clasing with FIPS module, "weakening"
them allows to resolve linking errors.

RT#3699

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 19:44:56 +02:00
Rich Salz
beb4c4518c RT4560: Initialize variable to NULL
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-13 09:33:17 -04:00
Andy Polyakov
6397ac585d crypto/mem.c: drop reference to cleanse_ctr and fix no-asm builds.
crypto/mem_clr.c was harmonized with master branch and doesn't use
cleanse_ctr kludge anymore.

RT#4563

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-12 23:59:24 +02:00
Phillip Hellewell
63b2499b67 RT3053: Check for NULL before dereferencing
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6b3602882e)
2016-06-12 07:54:31 -04:00
Andy Polyakov
5bbdc26cad crypto/mem_clr.c: switch to OPENSSL_cleanse implementation from master.
It's probably worth reminding that this is a fall-back implementation
for platforms that don't have assembly OPENSSL_cleanse.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-12 13:47:57 +02:00
Andy Polyakov
4f0b6e6775 hmac/hmac.c: switch to OPENSSL_cleanse.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-12 13:47:32 +02:00
Matt Caswell
e6f65f769d Fix an error path leak in int X509_ATTRIBUTE_set1_data()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5000a6d121)
2016-06-10 16:45:04 +01:00
Matt Caswell
4457017587 Fix an error path leak in do_ext_nconf()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 8605abf135)
2016-06-10 16:44:06 +01:00
Matt Caswell
f6186cfba6 Fix seg fault in TS_RESP_verify_response()
The TS_RESP_verify_response() function is used for verifying the response
from a TSA. You can set the provided TS_VERIFY_CTX with different flags
depending on what aspects of the response you wish to verify.

A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME
flags without also specifying TS_VFY_SIGNATURE.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-10 14:36:21 +01:00
Matt Caswell
e4c4b2766b Add a BN_mod_word test()
The previous commit fixed a bug with BN_mod_word() which would have been
caught if we had a test for it. This commit adds one.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-07 21:58:55 +01:00
Matt Caswell
e82fd1b457 Fix BN_mod_word bug
On systems where we do not have BN_ULLONG (e.g. typically 64 bit systems)
then BN_mod_word() can return incorrect results if the supplied modulus is
too big.

RT#4501

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 37258dadaa)
2016-06-07 21:58:46 +01:00
Matt Caswell
b7d0f2834e More fix DSA, preserve BN_FLG_CONSTTIME
The previous "fix" still left "k" exposed to constant time problems in
the later BN_mod_inverse() call. Ensure both k and kq have the
BN_FLG_CONSTTIME flag set at the earliest opportunity after creation.

CVE-2016-2178

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-07 09:14:32 +01:00
Cesar Pereida
621eaf49a2 Fix DSA, preserve BN_FLG_CONSTTIME
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.

CVE-2016-2178

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-06 11:27:55 +01:00
Matt Caswell
96f1de5bf4 BIO_printf() can fail to print the last character
If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 20:31:24 +01:00
Jonas Maebe
f3cab0b11f cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors
zapparams modification based on tip from Matt Caswell

RT#3198

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-03 20:31:24 +01:00
Dirk Feytons
782a2be2ed Fix build with no-cmac
Add missing ifdefs. Same change is already present in master, see
b4a3aeebd9

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1155)
2016-06-03 13:03:29 -04:00
FdaSilvaYY
f792c66304 Fix some missing inits
Backport of 8e89e85f55
From PR #1019 / #997

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1019)
2016-05-31 16:58:22 -04:00
Dr. Stephen Henson
fd785ca892 Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.

If key type is not initialised return missing parameters

RT#4149

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f72f00d495)
2016-05-31 13:26:54 +01:00
Matt Caswell
8e0a94a58a Check for malloc failure in EVP_PKEY_keygen()
After a call to EVP_PKEY_new() we should check for malloc failure.

RT#4180

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-26 16:13:08 +01:00
Matt Caswell
649af484c8 Fix a mem leak on an error path in OBJ_NAME_add()
If lh_OBJ_NAME_insert() fails then the allocated |onp| value is leaked.

RT#2238

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 0a618df059)
2016-05-24 00:12:04 +01:00
Matt Caswell
e117522e75 Fix error return value in SRP functions
The functions SRP_Calc_client_key() and SRP_Calc_server_key() were
incorrectly returning a valid pointer in the event of error.

Issue reported by Yuan Jochen Kang

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 308ff28673)
2016-05-24 00:02:40 +01:00
Richard Levitte
ca3c0d7c03 Revert "make update"
This reverts commit 7229a91a48.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-20 16:21:50 +02:00