Commit graph

8494 commits

Author SHA1 Message Date
David Benjamin
748e85308e Fix BN_is_prime* calls.
This function returns a tri-state -1 on error. See BoringSSL's
53409ee3d7595ed37da472bc73b010cd2c8a5ffd.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1251
2016-06-25 11:01:30 +02:00
Andy Polyakov
67b8bf4d84 perlasm/x86_64-xlate.pl: address errors and warnings in elderly perls.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-24 22:10:19 +02:00
Nathaniel McCallum
3b92e51899 Teach EVP_PKEY_HMAC keys how to EVP_PKEY_cmp()
Fixes openssl/openssl#1236

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1237)
2016-06-24 12:31:31 -04:00
Kurt Roeckx
5bea15ebb3 Avoid signed overflow
Found by afl

Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #3013
2016-06-24 18:17:10 +02:00
Ben Laurie
24bf6f3c7f Deal with API changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-24 14:40:33 +01:00
Matt Caswell
0def528bc5 Ensure HMAC key gets cleansed after use
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-24 13:25:00 +01:00
Matt Caswell
a6211814c4 Add a getter to obtain the HMAC_CTX md
As a result of opaque HMAC_CTX apps need a getter for the HMAC_CTX md.

GitHub Issue #1152

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-06-24 13:22:40 +01:00
Matt Caswell
d6079a87db Fix ASN1_STRING_to_UTF8 could not convert NumericString
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-23 20:49:43 +01:00
huangqinjin
51a3b763c3 Make x25519_compute_key() return a boolean
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 17:13:23 +01:00
huangqinjin
65ea288d47 Make ossl_ecdh_compute_key() return a boolean
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 17:13:23 +01:00
Rich Salz
fe2d149119 RT2867: des_ede3_cfb1 ignored "size in bits" flag
Code and tests by Steve.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-23 10:03:50 -04:00
FdaSilvaYY
3c82e437bb Add checks on sk_TYPE_push() returned result
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 14:03:29 +01:00
FdaSilvaYY
687b486859 Rework error handling from asn1_do_lock method.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-23 14:00:47 +01:00
Andy Polyakov
fc6076ca27 rand/randfile.c: make it non-ASCII-savvy.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-22 21:52:08 +02:00
Andy Polyakov
094878164d Move OS-specific fopen quirks to o_fopen.c.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-22 21:51:53 +02:00
Andy Polyakov
eeac54ef6d crypto/cryptlib.c: omit OPENSSL_ia32cap_loc().
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-22 20:20:37 +02:00
FdaSilvaYY
f430ba31ac Spelling... and more spelling
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1245)
2016-06-22 00:26:10 +02:00
Kurt Roeckx
5388b8d4e8 Avoid creating an illegal pointer.
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1230
2016-06-21 20:55:54 +02:00
Kurt Roeckx
01238aec40 buf2hexstr: properly deal with empty string
It wrote before the start of the string

found by afl

Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #2994
2016-06-21 20:55:54 +02:00
David Benjamin
abeae4d325 Make arm-xlate.pl set use strict.
It was already nearly clean. Just one undeclared variable.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1240)
2016-06-20 16:26:15 -04:00
Richard Levitte
d0ba7bc8a0 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Richard Levitte
ed17c7c146 Fix proxy certificate pathlength verification
While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly.  This corresponds to
RFC 3820, 4.1.4 (a).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Richard Levitte
c8223538cb Check that the subject name in a proxy cert complies to RFC 3820
The subject name MUST be the same as the issuer name, with a single CN
entry added.

RT#1852

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-20 21:34:37 +02:00
Kurt Cancemi
5e6e650d62 Remove pointless free loop in X509_TRUST_cleanup()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1194)
2016-06-20 09:58:58 -04:00
Kurt Cancemi
fa3a0286d1 Remove pointless free loop in X509_PURPOSE_cleanup()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1194)
2016-06-20 09:58:58 -04:00
Kurt Cancemi
b88e95f3a0 crypto/evp/e_aes_cbc_hmac_sha256.c: Remove spurious memset
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1231)
2016-06-20 09:38:37 -04:00
Emilia Kasper
9267c11bb5 Make DSA_SIG and ECDSA_SIG getters const.
Reorder arguments to follow convention.

Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0.

This complements GH1193 which adds non-const setters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 14:58:36 +02:00
Andy Polyakov
b73cfb137e rand/randfile.c: remove obsolete commentary.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-20 13:28:13 +02:00
Andy Polyakov
4973a60cb9 aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 12:30:15 +02:00
Andy Polyakov
3d32bab8f1 aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure.
RT#4578

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 12:29:47 +02:00
Richard Levitte
b8f304f70d Change default directory for the .rnd file on Windows and VMS
The previous change for Windows wasn't quite right.  Corrected to use
%HOME%, %USERPROFILE% and %SYSTEMPROFILE%, in that order.

Also adding the default home for VMS, SYS$LOGIN:

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-20 11:06:40 +02:00
FdaSilvaYY
823146d65f Useless header include of openssl/rand.h
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
2016-06-18 16:30:24 -04:00
FdaSilvaYY
93b8981d89 Useless includes
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
2016-06-18 16:30:24 -04:00
FdaSilvaYY
5ab0b7e626 Missing NULL check on OBJ_dup result in x509_name_canon
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
2016-06-18 16:30:24 -04:00
FdaSilvaYY
b1b1cba4e2 Fix an MSVC warning.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)
2016-06-18 16:30:24 -04:00
Matt Caswell
ac94c8fdb9 Improve const correctness for stacks of EVP_MD
EVP_MDs are always const, so stacks of them should be too. This silences
a warning about type punning on OpenBSD.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Matt Caswell
98370c2dd7 constify SRP
Add const qualifiers to lots of SRP stuff. This started out as an effort
to silence some "type-punning" warnings on OpenBSD...but the fix was to
have proper const correctness in SRP.

RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Matt Caswell
7fb4b92c01 Avoid type punning warnings in b_addr.c
RT4378

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-18 15:34:03 +01:00
Matt Caswell
13c03c8d6d Change default directory for storing the .rnd file on Windows
Previously we would try %RANDFILE%, then %HOME% and finally "C:".
Unfortunately this often ends up being "C:" which the user may not
have write permission for.

Now we try %RANDFILE% first, and then the same set of environment vars
as GetTempFile() uses, i.e. %TMP%, then %TEMP%, %USERPROFILE% and
%SYSTEMROOT%. If all else fails we fall back to %HOME% and only then "C:".

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-17 17:26:18 +01:00
FdaSilvaYY
0ad69cd6c0 Spelling fixes
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1219)
2016-06-16 15:08:57 -04:00
Rich Salz
7f96f15bcf Fix build break.
Aggregate local initializers are rarely portable (:

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 14:22:58 -04:00
Nathaniel McCallum
ebad0b0beb Add EVP_PKEY_get0_hmac() function
Before the addition of this function, it was impossible to read the
symmetric key from an EVP_PKEY_HMAC type EVP_PKEY.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1217)
2016-06-16 13:33:47 -04:00
Matt Caswell
b84e12266f Fix the build and tests following constification of DH, DSA, RSA
Misc fixes following the constification of the DH, DSA and RSA
getters.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-06-16 13:34:44 +01:00
Matt Caswell
cf3404fcc7 Change the return type of EVP_EncodeUpdate
Previously EVP_EncodeUpdate returned a void. However there are a couple
of error conditions that can occur. Therefore the return type has been
changed to an int, with 0 indicating error and 1 indicating success.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-16 09:50:48 +01:00
Richard Levitte
2ac6115d9e Deal with the consequences of constifying getters
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-06-15 20:09:27 +02:00
Richard Levitte
fd809cfdbd Constify the parameter getters for RSA, DSA and DH
Including documentation changes

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-06-15 20:09:27 +02:00
FdaSilvaYY
c8f717fe87 Constify input buffers of some X509V3 and X509_PURPOSE -related methods
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
82643254d6 Constify X509_TRUST_add method.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
bd227450d4 Constify asn1/asn_mime.c
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
fa3a84422d Constify some input buffers in asn1
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
dc423f898e Constify CMS_get0_type input
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
472f727c55 Constify UI
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
82af00fbdd Constify PKCS12_create, PKCS12_add_key, PKCS12_add_safe.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
FdaSilvaYY
159b9a4d17 Constify some conf_mod.c internal methods
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1215)
2016-06-15 13:22:38 -04:00
Richard Levitte
fdcb499cc2 Change (!seqtt) to (seqtt == NULL)
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-06-15 01:36:11 +02:00
Richard Levitte
bace847eae Always check that the value returned by asn1_do_adb() is non-NULL
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-06-15 01:36:11 +02:00
Andy Polyakov
4e3d2866b6 perlasm/x86*.pl: add endbranch instruction.
For further information see "Control-flow Enforcement Technology
Preview" by Intel.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 23:43:52 +02:00
Andy Polyakov
cc77d0d84a modes/asm/ghashp8-ppc.pl: improve performance by 2.7x.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 23:28:39 +02:00
Andy Polyakov
627c953376 aes/asm/aesp8-ppc.pl: implement "tweak chaining".
This is useful in Linux kernel context, in cases data happens
to be fragmented and processing can take multiple calls.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 23:19:45 +02:00
Andy Polyakov
46f047d76b evp/e_aes.c: wire hardware-assisted XTS subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 23:19:35 +02:00
Andy Polyakov
b53d32574b aes/asm/aesp8-ppc.pl: add XTS subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 23:19:27 +02:00
Andy Polyakov
1eb12c437b perlasm/x86_64-xlate.pl: add commentary.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 22:50:47 +02:00
Andy Polyakov
6a4ea0022c perlasm/x86_64-xlate.pl: refactor argument parsing loop.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 22:50:42 +02:00
David Benjamin
c25278db8e Make x86_64-xlate.pl 'use strict' clean.
use strict would have caught a number of historical bugs in the perlasm
code, some in the repository and some found during review. It even found
a fresh masm-only bug (see below).

This required some tweaks. The "single instance is enough" globals got
switched to proper blessed objects rather than relying on symbolic refs.
A few types need $opcode passed in as a result.

The $$line thing is a little bit of a nuisance. There may be a clearer
pattern to use instead.

This even a bug in the masm code.
9b634c9b37 added logic to make labels
global or function-global based on whether something starts with a $,
seemingly intended to capture the $decor setting of '$L$'. However, it
references $ret which is not defined in label::out. label::out is always
called after label::re, so $ret was always the label itself, so the line
always ran.

I've removed the regular expression so as not to change the behavior of
the script. A number of the assembly files now routinely jump across
functions, so this seems to be the desired behavior now.

GH#1165

Signed-off-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 22:50:04 +02:00
Dr. Stephen Henson
7c46746bf2 Fix omitted selector handling.
The selector field could be omitted because it has a DEFAULT value.
In this case *sfld == NULL (sfld can never be NULL). This was not
noticed because this was never used in existing ASN.1 modules.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 19:15:51 +01:00
Matt Caswell
b2e8bd7bd5 Remove an unused variable assignment
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 17:35:30 +01:00
Rich Salz
cda3ae5bd0 RT4562: Fix misleading doc on OPENSSL_config
Also changed the code to use "appname" not "filename"

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-14 12:30:37 -04:00
Matt Caswell
036e61b166 Free memory on an error path
The function a2i_ASN1_STRING can encounter an error after already
allocating a buffer. It wasn't always freeing that buffer on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-14 11:45:34 +01:00
Rich Salz
35096e912c GH1141: Different fix, preferred by Richard.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-13 18:36:35 -04:00
Rich Salz
96d06c213d Missed some copyright merge
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-06-13 16:05:25 -04:00
TJ Saunders
bbaa9dd850 Ensure that NULL r and s parameters cannot be set on DSA_SIG/ECDSA_SIGs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
TJ Saunders
7ca3ea22c1 Reorder the setter arguments to more consistently match that of other APIs,
per review comments.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
TJ Saunders
6a571a18dd Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values.
SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given
the R and S values, and the data to be signed, by the client.  Thus in order
to validate these signatures, SSH2 implementations will digest and sign
the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects.

Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting
those R and S values in these objects, which makes using OpenSSL for such
SSH2 implementations much more difficult.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)
2016-06-13 15:44:49 -04:00
Matt Caswell
d356dc5619 Add some missing return value checks
Some misc return value checks

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-13 17:38:39 +01:00
Andy Polyakov
7d6284057b bn/bn_add.c: favour counted loops over ifs and breaks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-13 12:35:39 +02:00
Phillip Hellewell
6b3602882e RT3053: Check for NULL before dereferencing
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-06-12 07:50:32 -04:00
Kurt Roeckx
f3cf2251de Avoid creating illegal pointers
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1179
2016-06-11 16:43:53 +02:00
Kurt Roeckx
4b68cb41d1 Specify array sizes
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1172
2016-06-11 16:43:49 +02:00
Kurt Roeckx
8c918b7b9c Avoid creating an illegal pointer.
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1166
2016-06-11 16:43:48 +02:00
Kurt Roeckx
3892b95750 Avoid creating an illegal pointer
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1164
2016-06-11 16:43:48 +02:00
Matt Caswell
5000a6d121 Fix an error path leak in int X509_ATTRIBUTE_set1_data()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-10 16:42:05 +01:00
Matt Caswell
8605abf135 Fix an error path leak in do_ext_nconf()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-10 16:42:05 +01:00
Matt Caswell
e68a780ed6 Fix seg fault in TS_RESP_verify_response()
The TS_RESP_verify_response() function is used for verifying the response
from a TSA. You can set the provided TS_VERIFY_CTX with different flags
depending on what aspects of the response you wish to verify.

A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME
flags without also specifying TS_VFY_SIGNATURE.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-10 15:58:44 +01:00
Emilia Kasper
1e2012b7ff RT 4242: reject invalid EC point coordinates
We already test in EC_POINT_oct2point that points are on the curve. To
be on the safe side, move this check to
EC_POINT_set_affine_coordinates_* so as to also check point coordinates
received through some other method.

We do not check projective coordinates, though, as
- it's unlikely that applications would be receiving this primarily
  internal representation from untrusted sources, and
- it's possible that the projective setters are used in a setting where
  performance matters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-09 23:58:20 +02:00
Rich Salz
6670d55a84 Make a2i_ipadd an internal function
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-09 17:15:42 -04:00
Rich Salz
53934822ac Clean up "generic" intro pod files.
Files like dh.pod, etc., mostly duplicated the API-specific pod files.
Removed the duplicated content; that often mean the whole file could
be removed.  Some of the content about internals got moved into README
files in the source tree.  Some content (e.g., err.pod) got moved
into other pod pages.

Annotate generic pages, remove dup NAME

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-09 16:39:19 -04:00
Andy Polyakov
85cbc182da hmac/hmac.c: fix sizeof typo in hmac_ctx_cleanup.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-09 21:22:24 +02:00
Jeffrey Walton
2a7de0fd5d Fixes to get -ansi working
Various fixes to get the following to compile:

./config no-asm -ansi -D_DEFAULT_SOURCE

RT4479
RT4480

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-08 20:18:04 +01:00
Rich Salz
e417070c9f Add some accessor API's
GH1098: Add X509_get_pathlen() (and a test)
GH1097:  Add SSL_is_dtls() function.

Documented.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-08 11:37:06 -04:00
Kurt Cancemi
01d0e241dc crypto/x509/x509_vpm.c: Simplify int_x509_param_set1()
This change also avoids calling strlen twice when srclen is 0

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-08 15:30:03 +01:00
Matt Caswell
37258dadaa Fix BN_mod_word bug
On systems where we do not have BN_ULLONG (e.g. typically 64 bit systems)
then BN_mod_word() can return incorrect results if the supplied modulus is
too big.

RT#4501

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-07 21:55:31 +01:00
Rob Percival
a9da48157c Fix potential access of null pointer (pp)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1186)
2016-06-07 12:21:46 -04:00
Rich Salz
56989dcd0e Fix some GitHub issues.
GH1180: Local variable sometimes unused
GH1181: Missing close paren.

Thanks to <wipedout@yandex.ru> for reporting these.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-07 11:08:33 -04:00
Cesar Pereida
47ae05ba62 Set flag BN_FLG_CONSTTIME earlier
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-07 15:26:57 +01:00
Cesar Pereida
033dc8fad0 Remove kq and set BN_FLG_CONSTTIME in k for BN_mod_inverse
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-07 15:26:57 +01:00
Matt Caswell
5584f65a10 Deprecate the flags that switch off constant time
The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
off the constant time implementation for RSA, DSA and DH have been made
no-ops and deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-06 11:09:06 +01:00
Matt Caswell
f943e640ef Simplify dsa_ossl.c
The dsa_ossl.c file defined a couple of multi-line macros, but then only
used each one once. The macros just serve to complicate the code and make
it more difficult to understand what is really going on. Hence they are
removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-06 11:08:15 +01:00
Cesar Pereida
399944622d Fix DSA, preserve BN_FLG_CONSTTIME
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.

CVE-2016-2178

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-06 11:08:15 +01:00
Andy Polyakov
0a4c87a90c s390x assembly pack: improve portability.
Some of the instructions used in latest additions are extension
ones. There is no real reason to limit ourselves to specific
processors, so [re-]adhere to base instruction set.

RT#4548

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-06 11:08:04 +02:00
FdaSilvaYY
3470795171 Constify X509V3_EXT_*_conf*
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
009951d24d Constify ASN1_generate_nconf
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
12eaf3b849 Constify ASN1_generate_v3
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
13f74c66ce Constify s2i_ASN1_IA5STRING
Return directly NULL after ASN1_STRING_set, as it already has set an error code.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
2b91da968c Constify s2i_ASN1_INTEGER
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
FdaSilvaYY
7d7da288b8 Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
2016-06-04 21:30:41 -04:00
Kurt Roeckx
578b551441 Specifiy size of arrays
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1139
2016-06-04 15:08:32 +02:00
Dr. Stephen Henson
bd95d64ace Check for overflows in EOC.
RT#4474 (partial)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 13:54:49 +01:00
Matt Caswell
416a5b6c92 BIO_printf() can fail to print the last character
If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 20:29:04 +01:00
Jonas Maebe
93879f8eed cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors
zapparams modification based on tip from Matt Caswell

RT#3198

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-03 20:29:04 +01:00
Mat
6191fc8634 Added define for STATUS_SUCCESS
Use STATUS_SUCCESS instead of 0.
Renamed USE_BCRYPT to RAND_WINDOWS_USE_BCRYPT to avoid possible collisions with other defines.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1142)
2016-06-03 12:18:59 -04:00
Mat
e56f956ef1 Adds casts for 64-bit
Adds missing casts for 64-bit.
Removed zero initialization of hProvider. hProvider is an "out" parameter of CryptAcquireContextW.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1142)
2016-06-03 12:18:59 -04:00
Mat
0814afcfa4 Define USE_BCRYPT
Define USE_BCRYPT
Removed _WIN32_WINNT define
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1142)
2016-06-03 12:18:59 -04:00
Mat
fa64e63373 Use BCryptGenRandom on Windows 7 or higher
When openssl is compiled with MSVC and _WIN32_WINNT>=0x0601 (Windows 7), BCryptGenRandom is used instead of the legacy CryptoAPI.

This change brings the following benefits:
- Removes dependency on CryptoAPI (legacy API) respectively advapi32.dll
- CryptoAPI Cryptographic Service Providers (rsa full) are not dynamically loaded.
- Allows Universal Windows Platform (UWP) apps to use openssl (CryptGenRandom is not available for Windows store apps)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1142)
2016-06-03 12:18:59 -04:00
Pauli
7d6df9e915 Fix threading issue that at best will leak memory
The problem is the checking in policy_cache_set, there is a race
condition between the null check and obtaining the lock.  The fix is in
policy_cache_new to detect if the creation has happened already.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 12:08:13 -04:00
Andy Polyakov
66bceb5f19 chacha/chacha_enc.c: harmonize counter width with subroutine name.
_ctr32 in function name refers to 32-bit counter, but it was implementing
64-bit one. This didn't pose problem to EVP, but 64-bit counter was just
misleading.

RT#4512

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-03 10:23:58 +02:00
Matt Caswell
02d6070430 Fix test failures when using enable-ubsan
Numerous test failures were occuring when Configured with enable-ubsan
although they could all be traced back to one issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-02 15:36:22 +01:00
Dr. Stephen Henson
03b89819f5 Tidy up OCSP print handling.
Also fixes -Wstrict-oveflow warning on this file.

RT#4474 (partial)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-02 15:30:27 +01:00
Matt Caswell
723412d4d8 Don't leak memory on set_reasons() error path
The set_reasons() function in v3_crld.c leaks a STACK_OF(CONF_VALUE)
object on an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Matt Caswell
137e5555bd Don't leak memory on int X509_PURPOSE_add() error path
The int X509_PURPOSE_add() function was leaking an X509_PURPOSE object
on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Matt Caswell
423281001c Don't leak memory on X509_TRUST_add() error path
The X509_TRUST_add() function was leaking an X509_TRUST object on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Matt Caswell
69e2bd32ef Don't leak memory on ASN1_item_pack() error path
The ASN1_item_pack() function was leaking an ASN1_STRING object on error
paths.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Matt Caswell
fe71bb3ad9 Don't leak memory on ASN1_GENERALIZEDTIME_adj() error path
The ASN1_GENERALIZEDTIME_adj() function leaks an ASN1_GENERALIZEDTIME
object on an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Matt Caswell
379a8ed1ff Don't leak memory in v2i_POLICY_MAPPINGS() on error path
The v2i_POLICY_MAPPINGS() function leaked ASN1_OBJECT pointers on error
paths.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Matt Caswell
6eb311eea6 Don't leak memory from notice_section function on error path
The notice_section() function allocates a STACK_OF(CONF_VALUE) but
then fails to free it on an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Matt Caswell
97323d57cd Don't leak memory in v2i_AUTHORITY_KEYID
The v2i_AUTHORITY_KEYID() function can leak memory under an error
condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Matt Caswell
b0cb22b07c Free buffer on error in a2i_ASN1_INTEGER()
The function a2i_ASN1_INTEGER() allocates a buffer |s| but then fails
to free it on error paths.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Matt Caswell
0e9eb1a57b Free tempory data on error in ec_wNAF_mul()
The ec_wNAF_mul() function allocates some temporary storage that it
doesn't always free on an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 18:00:53 +01:00
Rich Salz
b8a9af6881 Remove/rename some old files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 11:29:57 -04:00
Rich Salz
44c8a5e2b9 Add final(?) set of copyrights.
Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 11:27:25 -04:00
Rich Salz
0f91e1dff4 Fix some RAND bugs
RT2630 -- segfault for int overlow
RT2877 -- check return values in apps/rand
Update CHANGES file for previous "windows rand" changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 10:45:18 -04:00
Rich Salz
6493e4801e RT4337: Crash in DES
Salt must be two ASCII characters.  Add tests to check for that,
and a test to test the checks.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-01 09:28:53 -04:00
Matt Caswell
1d54ef3408 Fix printing of DH Parameters
The -text argument to dhparam is broken, because the DHparams_print()
function always returns an error. The problem is that always expects a
public or private key to be present, even though that is never the case
with parameters.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 13:19:02 +01:00
FdaSilvaYY
b2b361f6af Raise an Err when CRYPTO_THREAD_lock_new fails
Add missing error raise call, as it is done everywhere else.
and as CRYPTO_THREAD_lock_new don't do it internally.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-01 13:14:49 +01:00
Matt Caswell
e51329d381 OpenBSD doesn't have ucontext.h so don't try and include it
On OpenBSD we turn off async capabilities due to no ucontext.h.

RT#4379

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 10:19:25 +01:00
Mat
af9895cb8c Updates from review
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-31 17:39:00 -04:00
Mat
b01e1644d7 Fix: PEM_read_bio_PrivateKey with no-ui / no-stdio
If openssl is compiled with no-ui or no-stdio, then PEM_read_bio_PrivateKey fails if a password but no callback is provided.

The reason is that the premature return in the PEM_def_callback implementation when OPENSSL_NO_STDIO or OPENSSL_NO_UI is defined, comes too early.

This patch moves the ifdef block to the correct place.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-31 17:39:00 -04:00
Dr. Stephen Henson
f72f00d495 Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.

If key type is not initialised return missing parameters

RT#4149

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-31 13:06:16 +01:00
Richard Levitte
453fc7a018 Make sure max in fmtstr() doesn't overflow into negativity
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-30 05:41:57 +02:00
Joey Yandle
73241290bc add removed functions back as deprecated
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
42af747925 get rid of unnecessary include
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
75dcf70a99 remove RAND_screen and friends
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
888db7f224 cherry pick pr-512 changes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
4447d829de OR flags with CRYPT_SILENT to really make sure no UI pops up
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
1cd02c699f fix endif comment
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
1150999e04 remove all WINCE ifdefs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Joey Yandle
eb9b92ec8e - remove insane heap walk and kernel loading code; clean up style and calling conventions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1079)
2016-05-29 13:36:59 -04:00
Andy Polyakov
cfe1d9929e x86_64 assembly pack: tolerate spaces in source directory name.
[as it is now quoting $output is not required, but done just in case]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-29 14:12:51 +02:00
FdaSilvaYY
f59f23c383 Add more zalloc
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/997)
2016-05-29 01:36:11 +02:00
FdaSilvaYY
8e89e85f55 Fix some missing inits
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/997)
2016-05-29 01:36:11 +02:00
Andy Polyakov
8640f21093 poly1305/asm/poly1305-mips.pl: adhere to standard frame layout.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-28 22:17:59 +02:00
Andy Polyakov
ff823ee89b SPARC assembly pack: add missing .type directives.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-28 22:14:13 +02:00
Richard Levitte
38e19eb96f Change a call of OPENSSL_strcasecmp to strcasecmp
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-28 02:15:04 +02:00
Richard Levitte
7233bea263 Remove internal functions OPENSSL_strcasecmp and OPENSSL_strncasecmp
Their only reason to exist was that they didn't exist in VMS before
version 7.0.  We do not support such old versions any more.

However, for the benefit of systems that don't get strings.h included
by string.h, we include the former in e_os.h.

RT#4458

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-28 02:15:04 +02:00
Andy Polyakov
efdb2d6c79 crypto/o_str.c: add _GNU_SOURCE strerror_r case.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-27 23:02:56 +02:00
Andy Polyakov
43c4116cd7 crypto/o_str.c: strerror_s is provided by specific compiler run-time,
not by OS [as was implied by guarding #if condition].

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-27 23:01:37 +02:00
Andy Polyakov
bb83c8796b bn/bn_exp.c: explain 'volatile' in MOD_EXP_CTIME_COPY_FROM_PREBUF.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-27 22:58:49 +02:00
Andy Polyakov
dae9e15d74 bf/build.info: engage assembly module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-27 22:56:02 +02:00
Kurt Roeckx
369e93398b Avoid calling memcpy with lenght of 0
We can call memcpy() with a pointer 1 past the last allocated byte and length
of 0 and you can argue that that's undefined behaviour.

Reported by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1132
2016-05-27 21:01:12 +02:00
Richard Levitte
230c691a52 Fix fmtstr for BIO_printf() et al
-   If we have a maximum amount of characters permitted to be printed
    (for example "%.2s", which allows for a maximum of 2 chars), we
    minimize the number of characters from the string to printed to
    that size.
-   If there is space for padding and there is a maximum amount of
    characters to print (for example "%3.2s", which shall give at
    least a 1 space padding), the amount of characters to pad with
    gets added to the maximum so the minimum field size (3 in this
    example) gets filled out.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-27 17:47:25 +02:00
Matt Caswell
1b62d880b5 Prevent an overflow when trying to print excessively big floats
We convert the integer part of the float to a long. We should check it
fits first.

Issue reported by Guido Vranken.

GitHub Issue #1102

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-27 10:23:18 +01:00
Matt Caswell
d6056f085d Fix implementation of "e" and "g" formats for printing floating points
The previous commit which "fixed" the "e" and "g" floating point formats
just printed them in the same way as "f". This is wrong. This commit
provides the correct formatting.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-27 10:23:18 +01:00
Matt Caswell
242073bdbc Fix some issues in b_print.c code
Convert assert to OPENSSL_assert(), add some documentation, add the calls
to fmtfp() for the "e" and "g" floating point formats which were missing.

Based on a patch provided by Ger Hobbelt <ger@hobbelt.com>.

RT#2270

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-27 10:23:18 +01:00
huangqinjin
58c03e3b92 fix BN_hex2bn()/BN_dec2bn() memory leak
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-27 10:04:26 +01:00
Dr. Stephen Henson
1d00db6b5a Add rfc822Mailbox to string table.
RT#2369

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-26 02:49:40 +01:00
Richard Levitte
dc6b5c7beb Handle Visual C warning about non-standard function names.
Visual C version from version 2003 complain about certain function
names, for example:

    apps\apps.c(2572) : warning C4996: 'open': The POSIX name for this item is deprecated. Instead, use the ISO C++ conformant name: _open. See online help for details.

This adds preprocessor aliases for them in e_os.h.

Additionally, crypto/conf/conf_lib.c needs to include e_os.h to catch
those aliases.

RT#4488
RT#4489

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-26 00:48:23 +02:00
Kurt Roeckx
dc9887c019 Avoid creating an illegal pointer
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1122
2016-05-25 21:20:07 +02:00
Richard Levitte
7030e35d07 build.info files: add quotes around any spec that may contain spaces
RT#4492

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-25 11:50:44 +02:00
Kurt Roeckx
73b61c7e14 Avoid creating an illegal pointer
Found by tis-interpreter

Reviewed-by: Richard Levitte <levitte@openssl.org>

GH: #1115
2016-05-24 21:33:02 +02:00
Rich Salz
0447316581 GH919: Fix wrappers for two headers
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-24 11:04:38 -04:00
Todd Short
c01a3c6df0 Fix braces in e_aes.c: aes_init_key
This compiles correctly, but depending on what may be defined, it's
possible that this could fail compilation. The braces are mismatched,
and it's possible to end up with an else followed by another else.

This presumes the indentation is mostly correct and indicative of
intent. Found via static analysis.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1118)
2016-05-24 10:51:14 -04:00
Todd Short
e0a675e211 Clean up RAND_bytes() calls
When RAND_pseudo_bytes() was replaced with RAND_bytes(), this case
was not reduced to a simple RAND_bytes() call.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1117)
2016-05-24 08:55:12 -04:00
Matt Caswell
0a618df059 Fix a mem leak on an error path in OBJ_NAME_add()
If lh_OBJ_NAME_insert() fails then the allocated |onp| value is leaked.

RT#2238

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-24 00:09:56 +01:00
Matt Caswell
308ff28673 Fix error return value in SRP functions
The functions SRP_Calc_client_key() and SRP_Calc_server_key() were
incorrectly returning a valid pointer in the event of error.

Issue reported by Yuan Jochen Kang

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-23 23:55:11 +01:00
Matt Caswell
dae00d631f Add error return for OPENSSL_INIT_set_config_filename()
The OPENSSL_INIT_set_config_filename() function can fail so ensure that it
provides a suitable error code.

GitHub Issue #920

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-23 23:30:24 +01:00
Matt Caswell
7d37818dac Use strerror_r()/strerror_s() instead of strerror() where possible
The function strerror() is not thread safe. We should use strerror_r()
where possible, or strerror_s() on Windows.

RT#2267

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-23 23:26:10 +01:00
J Mohan Rao Arisankala
a93e0e78db #4342: few missing malloc return checks and free in error paths
ossl_hmac_cleanup, pkey_hmac_cleanup:
 - allow to invoke with NULL data
 - using EVP_PKEY_CTX_[get|set]_data

EVP_DigestInit_ex:
 - remove additional check for ‘type’ and doing clear free instead of
free

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 23:08:22 +01:00
Rich Salz
0cd0a820ab Remove unused error/function codes.
Add script to find unused err/reason codes
Remove unused reason codes.
Remove entries for unused functions

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 15:04:23 -04:00
Richard Levitte
f3fcd4d5e7 VMS: remove last VAX vestiges
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-23 19:36:55 +02:00
Dr. Stephen Henson
05dba8151b Support for traditional format private keys.
Add new function PEM_write_bio_PrivateKey_traditional() to enforce the
use of legacy "traditional" private key format. Add -traditional option
to pkcs8 and pkey utilities.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 16:41:34 +01:00
FdaSilvaYY
e5a5e3f3db Add checks on CRYPTO_set_ex_data return value
Fix possible leak in danetest.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 13:43:31 +01:00
FdaSilvaYY
11ed851db0 Fix and simplify error handling in (RSA/EC_kmeth)_new_method()
Inspired from PR #873.
Nearly same as 2bbf0ba.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 13:37:02 +01:00
FdaSilvaYY
aca6dae94b Remove useless NULL checks
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 13:37:02 +01:00
Richard Levitte
154fe2b4be Complete the rename of LHASH functions and types
LHASH_NODE was used internally, which doesn't work when configured
'no-deprecated'

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-23 00:46:53 +02:00
Kurt Roeckx
1544583bbc Avoid creating an illegal pointer
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1106
2016-05-22 12:05:15 +02:00
Kurt Roeckx
acc600928d Avoid creating an illegal pointer
Found by tis-interpreter

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1106
2016-05-22 12:05:13 +02:00
Dr. Stephen Henson
4591e5fb41 Constify stack and lhash macros.
RT#4471

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-21 22:49:00 +01:00
Rich Salz
6aa36e8e5a Add OpenSSL copyright to .pl files
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-21 08:23:39 -04:00
Matt Caswell
fcb318c64b Fix Windows 64 bit crashes
The function InitOnceExceuteOnce is the best way to support the
implementation of CRYPTO_THREAD_run_once() on Windows. Unfortunately
WinXP doesn't have it. To get around that we had two different
implementations: one for WinXP and one for later versions. Which one was
used was based on the value of _WIN32_WINNT.

This approach was starting to cause problems though because other parts of
OpenSSL assume _WIN32_WINNT is going to be 0x0501 and crashes were
occurring dependant on include file ordering. In addition a conditional
based on _WIN32_WINNT had made its way into a public header file through
commit 5c4328f. This is problematic because the value of this macro can
vary between OpenSSL build time and application build time.

The simplest solution to this mess is just to always use the WinXP version
of CRYPTO_THREAD_run_once(). Its perhaps slightly sub-optimal but probably
not noticably.

GitHub Issue #1086

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-20 23:08:18 +01:00
Rich Salz
739a1eb196 Rename lh_xxx,sk_xxx tp OPENSSL_{LH,SK}_xxx
Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK
Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE
Make lhash stuff opaque.
Use typedefs for function pointers; makes the code simpler.
Remove CHECKED_xxx macros.
Add documentation; remove old X509-oriented doc.
Add API-compat names for entire old API

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-20 10:48:29 -04:00
Richard Levitte
06593767b2 Clean up the VMS hacks in crypto/rand/randfile.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-20 16:09:48 +02:00
Richard Levitte
8ff889c2a2 VMS: setbuf() only takes 32-bit pointers
Giving setbuf() a 64-bit pointer isn't faulty, as the argument is
passed by a 64-bit register anyway, so you only get a warning
(MAYLOSEDATA2) pointing out that only the least significant 32 bits
will be used.

However, we know that a FILE* returned by fopen() and such really is a
32-bit pointer (a study of the system header files make that clear),
so we temporarly turn off that warning when calling setbuf().

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-20 16:09:48 +02:00
Andy Polyakov
e33826f01b Add assembly CRYPTO_memcmp.
GH: #102

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-19 22:33:00 +02:00
Andy Polyakov
2e6d7799ff rand/randfile.c: remove _XOPEN_SOURCE definition.
Defintions of macros similar to _XOPEN_SOURCE belong in command line
or in worst case prior first #include directive in source. As for
macros is was allegedly controlling. One can argue that we are
probably better off demanding S_IS* macros but there are systems
that just don't comply, hence this compromise solution...

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-19 22:28:49 +02:00
Ben Laurie
e64b555781 ok was uninitialised on failure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-19 03:22:16 -04:00
Viktor Dukhovni
f75b34c8c8 When strict SCT fails record verification failure
Since with SSL_VERIFY_NONE, the connection may continue and the
session may even be cached, we should save some evidence that the
chain was not sufficiently verified and would have been rejected
with SSL_VERIFY_PEER.  To that end when a CT callback returs failure
we set the verify result to X509_V_ERR_NO_VALID_SCTS.

Note: We only run the CT callback in the first place if the verify
result is still X509_V_OK prior to start of the callback.

RT #4502

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-19 00:25:42 -04:00
Viktor Dukhovni
a5a3722bc1 make update
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-19 00:06:19 -04:00
Viktor Dukhovni
67787844f1 Improve and document low-level PEM read routines
PEM_read(), PEM_read_bio(), PEM_get_EVP_CIPHER_INFO() and
PEM_do_header().

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-19 00:05:30 -04:00
Cynh
c9141a43e2 Fix SRP client key computation
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1017
2016-05-18 23:02:30 +02:00
Richard Levitte
6a6eb7a4aa Cleanup openssl.ec
STORE doesn't exist for now

HMAC doesn't have any error codes

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 22:03:11 +02:00
Viktor Dukhovni
f3e235ed6f Ensure verify error is set when X509_verify_cert() fails
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Also, when X509_verify_cert()
returns <= 0 make sure that the verification status does not remain
X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED,
just in case some code path returns an error without setting an
appropriate value of ctx->error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 15:16:37 -04:00
Richard Levitte
0794b6a6a8 make update
RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 18:30:00 +02:00
Richard Levitte
bc77651098 Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()
Also adds 'esc_2254' to the possible command line name options

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 18:30:00 +02:00
Dr. Stephen Henson
52832e470f OID code tidy up.
Tidy up and simplify OBJ_dup() and OBJ_create().

Sanity check added OIDs: don't allow duplicates.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 15:33:11 +01:00
Matt Caswell
569d064609 Add some error messages for malloc fails
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 10:47:15 +01:00
Matt Caswell
6ef020c988 Better checks for malloc failure in various METHOD functions
A number of the METHOD functions weren't properly handling malloc failures.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 10:47:15 +01:00
Matt Caswell
24854e0117 Fix some malloc failures in b_addr.c
There were some unchecked calls to OPENSSL_strdup().

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 10:47:15 +01:00
Kazuki Yamaguchi
d2dfd4820b Fix a NULL dereference in chacha20_poly1305_init_key()
chacha20_poly1305_init_key() dereferences NULL when called with inkey !=
NULL && iv == NULL. This function is called by EVP_EncryptInit_ex()
family, whose documentation allows setting key and iv in separate calls.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 11:08:55 +02:00
Rich Salz
b6cff313cb Manual fixes after copyright consolidation
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 17:38:18 -04:00
Rich Salz
6ddbb4cd92 X509_STORE_CTX accessors.
Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 16:06:09 -04:00
Rich Salz
aa6bb1352b Copyright consolidation 05/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 15:38:09 -04:00
Rich Salz
b1322259d9 Copyright consolidation 09/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:53:16 -04:00
Rich Salz
2039c421b0 Copyright consolidation 08/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:34 -04:00
Rich Salz
d2e9e32018 Copyright consolidation 07/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:26 -04:00
Rich Salz
4f22f40507 Copyright consolidation 06/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:04 -04:00
Rich Salz
6286757141 Copyright consolidation 04/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:24:46 -04:00
Rich Salz
21dcbebc6e Copyright consolidation 03/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:24:17 -04:00
Matt Caswell
2647e2617e Remove repeated condition from if in X509_NAME_oneline
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING
twice. We only need to do it once.

GitHub Issue #656

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:27:19 +01:00
Andy Polyakov
6133b4edbd ARMv8 assembly pack: add OPENSSL_cleanse.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 22:21:17 +02:00
Matt Caswell
a7f9e0a45f Remove an unneccessary check of cipher
Due to short-circuiting we only need to check "cipher" for NULL once.

PR#699

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 20:28:03 +01:00
Rich Salz
49445f21da Use OPENSSL_hexchar2int
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 15:21:10 -04:00
Steffan Karger
2194351fda const correctness: make HMAC_size() take a const *
CLA: none; trivial

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1070
2016-05-16 20:56:56 +02:00
Viktor Dukhovni
5c4328f04f Fold threads.h into crypto.h making API public
Document thread-safe lock creation

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 12:16:26 -04:00
Richard Levitte
b160f2823f Don't require any length of password when decrypting
RT#2534

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-16 18:03:40 +02:00
FdaSilvaYY
c5ebfcab71 Unify <TYPE>_up_ref methods signature and behaviour.
Add a status return value instead of void.
Add some sanity checks on reference counter value.
Update the docs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-16 10:17:33 +01:00
FdaSilvaYY
4e0e4d2937 Fix some missing OBJ_dup failure checks.
Fix some missing OBJ_dup failure checks.
Merged from
https://boringssl.googlesource.com/boringssl/+/0ce78a757d815c0dde9ed5884229f3a5b2cb3e9c%5E!

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1057)
2016-05-16 10:28:25 +02:00
Kirill Marinushkin
c32b9dcac2 Fix engine cryptodev: pointer to IV
Currently point to wrong address

Signed-off-by: Kirill Marinushkin <k.marinushkin@gmail.com>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-14 11:29:09 +02:00
Insu Yun
edeb3fd295 Fix OpenSSL_memdup error handling
check source's kdf_ukm, not destination's

use != NULL, instead of implicit checking

don't free internal data structure like pkey_rsa_copy()

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-13 16:44:55 +01:00
Richard Levitte
2c25ebd1e2 DJGPP adjustments
* Configure: Replaced -DTERMIO by -DTERMIOS in CFLAGS.

* crypto/bio/bss_dgram.c [WATT32]: Remove obsolete redefinition of
  function names: sock_write, sock_read and sock_puts.

* crypto/bio/bss_sock.c [WATT32]: For Watt-32 2.2.11 sock_write,
  sock_read and sock_puts are redefined to their private names so
  their names must be undefined first before they can be redefined
  again.

* crypto/bio/bss_file.c (file_fopen) [__DJGPP__]: Make a copy of the
  passed file name and replace the leading dots in the dirname part
  and the basname part of the file name, unless LFN is supported.

* e_os.h [__DJGPP__]: Undefine macro DEVRANDOM_EGD. Neither MS-DOS nor
  FreeDOS provide 'egd' sockets.
  New macro HAS_LFN_SUPPORT checks if underlying file system supports
  long file names or not.
  Include sys/un.h.
  Define WATT32_NO_OLDIES.

* INSTALL.DJGPP: Update URL of WATT-32 library.

Submitted by Juan Manuel Guerrero <juan.guerrero@gmx.de>

RT#4217

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-12 22:10:55 +02:00
Dr. Stephen Henson
7c0ef84318 Don't leak memory if realloc fails.
RT#4403

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-12 12:02:38 +01:00
Dr. Stephen Henson
8fc06e8860 Update pkcs8 defaults.
Update pkcs8 utility to use 256 bit AES using SHA256 by default.

Update documentation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-11 20:36:10 +01:00
Steven Valdez
2ab851b779 Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c
RT#4363

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-11 18:48:48 +01:00
Viktor Dukhovni
fde2257f05 Fix i2d_X509_AUX, update docs and add tests
When *pp is NULL, don't write garbage, return an unexpected pointer
or leak memory on error.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-11 01:46:06 -04:00
Andy Polyakov
bfcdd4d098 crypto/des: remove obsolete functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-10 20:32:20 +02:00
Andy Polyakov
c6b77c16a6 MIPS64 assembly pack: add Poly1305 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 20:27:52 +02:00
Richard Levitte
21e001747d Restore the ERR_remove_thread_state() API and make it a no-op
The ERR_remove_thread_state() API is restored to take a pointer
argument, but does nothing more.  ERR_remove_state() is also made into
a no-op.  Both functions are deprecated and users are recommended to
use OPENSSL_thread_stop() instead.

Documentation is changed to reflect this.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-10 11:31:05 +02:00
Richard Levitte
59a56c4cf0 Add NULL check in i2d_PrivateKey()
Originally submitted by Kurt Cancemi <kurt@x64architecture.com>

Closes RT#4533

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 22:29:13 +02:00
Matt Caswell
3105d69535 Fix BIO_eof() for BIO pairs
BIO_eof() was always returning true when using a BIO pair. It should only
be true if the peer BIO is empty and has been shutdown.

RT#1215

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-09 17:05:16 +01:00
FdaSilvaYY
dccd20d1b5 fix tab-space mixed indentation
No code change

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:09:55 +01:00
J Mohan Rao Arisankala
e0d32e98f0 fix check
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:06:06 +01:00
J Mohan Rao Arisankala
cb1d435cac few missing allocation failure checks and releases on error paths
- Missing checks for allocation failure.
- releasing memory in few missing error paths

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-09 09:06:06 +01:00
Ben Laurie
5cf14ce074 memset() doesn't take NULL.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-07 18:28:07 +01:00
Dr. Stephen Henson
049f5bbce3 Constify PKCS12_newpass()
PR#4449

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-06 21:21:54 +01:00
Dr. Stephen Henson
d800d0f45b Tidy up PKCS12_newpass() fix memory leaks.
PR#4466

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-06 21:19:36 +01:00
Dr. Stephen Henson
708cf5ded2 Only set CMS parameter when encrypting
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-06 21:12:29 +01:00
isnotnick
ec5b56f3c5 RT3513: req doesn't display attributes using utf8string
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-06 15:58:24 +02:00
Andy Polyakov
3992e8c023 poly1305/asm/poly1305-x86_64.pl: contain symbols within shared lib.
We don't need it, but external users might find it handy.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-06 09:48:15 +02:00
Andy Polyakov
284116575d poly1305/asm/poly1305-x86_64.pl: make it cross-compile.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-06 09:46:39 +02:00
Dr. Stephen Henson
c0aa8c2748 Use default ASN.1 for SEED.
The default ASN.1 handling can be used for SEED. This also makes
CMS work with SEED.

PR#4504

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 23:59:01 +01:00
Dr. Stephen Henson
5ff73fb230 typo
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 23:52:52 +01:00
Dr. Stephen Henson
3fd60dc422 Always try to set ASN.1 parameters for CMS.
Try to set the ASN.1 parameters for CMS encryption even if the IV
length is zero as the underlying cipher should still set the type.

This will correctly result in errors if an attempt is made to use
an unsupported cipher type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 22:30:23 +01:00
Emilia Kasper
0eadff033f Document inversion ladder in curve25519
This demystifies two for-loops that do nothing. They were used to write
the ladder in a unified way. Now that the ladder is otherwise commented,
remove the dead loops.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-05 18:51:53 +02:00
Rich Salz
fb37410ee0 Script changed; update the generated file.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-05-05 11:34:31 -04:00
Dr. Stephen Henson
9d103dbb6f support embed in ASN.1 print
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-04 20:09:02 +01:00
Dr. Stephen Henson
4e0d184ac1 Fix name length limit check.
The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.

Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.

RT#4531

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-04 17:39:37 +01:00
Marek Klein
e6c5dbc8e8 DEFINE_STACK_OF(ASN1_UTF8STRING) moved from ts_lcl.h to asn1.h
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1020)
2016-05-04 14:48:41 +02:00
Matt Caswell
ad9a05621a Handle malloc failures in BIO_accept
The old BIO_accept() function can encounter errors during malloc. We need
to ensure we properly clean up if that occurs.

GH Issue #817

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-04 13:42:14 +01:00
Dr. Stephen Henson
d5975c8d5a reject zero block length in PKCS12 keygen
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-04 13:20:49 +01:00
Dr. Stephen Henson
6dccec2b59 Fix Blake block length
PR#4514

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-04 13:20:49 +01:00
Dr. Stephen Henson
3340e8bb18 Fix double free in d2i_PrivateKey().
RT#4527

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-04 12:57:41 +01:00
Andy Polyakov
c6cb8e3ca4 Alpha assembly pack: make it work on Linux.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-04 08:51:08 +02:00
Andy Polyakov
f7dc4a3bd7 MIPS assembly pack: fix MIPS64 assembler warnings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-04 08:48:53 +02:00
Andy Polyakov
b4de72bf64 Tru64 fixes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 20:14:26 +02:00
Viktor Dukhovni
7b7eb4725e Drop duplicate ctx->verify_cb assignment
The right variant is ~18 lines below.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-03 10:50:40 -04:00
Kurt Roeckx
70428eada9 Check that we have enough padding characters.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

CVE-2016-2107

MR: #2572
2016-05-03 13:15:39 +01:00
Dr. Stephen Henson
d7ab691bc4 Fix ASN1_INTEGER handling.
Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.

Thanks to David Benjamin <davidben@google.com> for reporting this bug.

This was found using libFuzzer.

RT#4364 (part)CVE-2016-2108.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-03 13:06:15 +01:00
Matt Caswell
2bd5d70ce5 Ensure EVP_EncodeUpdate handles an output length that is too long
With the EVP_EncodeUpdate function it is the caller's responsibility to
determine how big the output buffer should be. The function writes the
amount actually used to |*outl|. However this could go negative with a
sufficiently large value for |inl|. We add a check for this error
condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 11:56:23 +01:00
Matt Caswell
ee1e3cac2e Avoid overflow in EVP_EncodeUpdate
An overflow can occur in the EVP_EncodeUpdate function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption. Due to the very large amounts of data involved this will most
likely result in a crash.

Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the
PEM_write_bio* family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes
data from an untrusted source and outputs it as a PEM file should be
considered vulnerable to this issue.

User applications that call these APIs directly with large amounts of
untrusted data may also be vulnerable.

Issue reported by Guido Vranken.

CVE-2016-2105

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 11:56:23 +01:00
Dmitry-Me
b7b8e94801 Properly own the duplicated string
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 12:33:44 +02:00
Dmitry-Me
399de49699 Improve comment
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 12:30:09 +02:00
Matt Caswell
ea96ad5a20 Prevent EBCDIC overread for very long strings
ASN1 Strings that are over 1024 bytes can cause an overread in
applications using the X509_NAME_oneline() function on EBCDIC systems.
This could result in arbitrary stack data being returned in the buffer.

Issue reported by Guido Vranken.

CVE-2016-2176

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-03 10:22:47 +01:00
Matt Caswell
3f3582139f Fix encrypt overflow
An overflow can occur in the EVP_EncryptUpdate function. If an attacker is
able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate with a partial block then a length check can overflow
resulting in a heap corruption.

Following an analysis of all OpenSSL internal usage of the
EVP_EncryptUpdate function all usage is one of two forms.

The first form is like this:
EVP_EncryptInit()
EVP_EncryptUpdate()

i.e. where the EVP_EncryptUpdate() call is known to be the first called
function after an EVP_EncryptInit(), and therefore that specific call
must be safe.

The second form is where the length passed to EVP_EncryptUpdate() can be
seen from the code to be some small value and therefore there is no
possibility of an overflow.

Since all instances are one of these two forms, I believe that there can
be no overflows in internal code due to this problem.

It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
in certain code paths. Also EVP_CipherUpdate() is a synonym for
EVP_EncryptUpdate(). Therefore I have checked all instances of these
calls too, and came to the same conclusion, i.e. there are no instances
in internal usage where an overflow could occur.

This could still represent a security issue for end user code that calls
this function directly.

CVE-2016-2106

Issue reported by Guido Vranken.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-03 08:57:06 +01:00
Dr. Stephen Henson
05aef4bbdb Fix i2d_X509_AUX: pp can be NULL.
Reported by David Benjamin

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-02 22:46:39 +01:00
Todd Short
e8408681b3 Secure memory fixes
Fix some of the variables to be (s)size_t, so that more than 1GB of
secure memory can be allocated. The arena has to be a power of 2, and
2GB fails because it ends up being a negative 32-bit signed number.

The |too_late| flag is not strictly necessary; it is easy to figure
out if something is secure memory by looking at the arena. As before,
secure memory allocations will not fail, but now they can be freed
correctly. Once initialized, secure memory can still be used, even if
allocations occured before initialization.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-02 12:58:03 -04:00
Andy Polyakov
cba792a1e9 Android build fixes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-02 12:49:57 +02:00
Andy Polyakov
b1a07c3854 Remove obsolete defined(__INTEL__) condition.
This macro was defined by no-longer-supported __MWERKS__ compiler.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-02 12:35:01 +02:00
Andy Polyakov
8e9f1bb99e chacha/asm/chacha-x86.pl: make it compile on legacy systems.
Usage of $ymm variable is a bit misleading here, it doesn't refer
to %ymm register bank, but rather to VEX instruction encoding,
which AMD XOP code path depends on.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-02 12:34:42 +02:00
Richard Levitte
e0f96357e4 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-01 15:10:15 +02:00
Richard Levitte
e18cf66aaf Adjust a last few generators to new license boilerplate and C code style
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-01 15:08:34 +02:00
Matt Caswell
7cafbb4bd3 Fix some X509_STORE macros
Some X509_STORE macros do not work since the type was made opaque.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-04-29 23:13:58 +01:00
Dr. Stephen Henson
77076dc944 Add checks to X509_NAME_oneline()
Sanity check field lengths and sums to avoid potential overflows and reject
excessively large X509_NAME structures.

Issue reported by Guido Vranken.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-29 19:42:21 +01:00
Dr. Stephen Henson
b33d1141b6 Sanity check buffer length.
Reject zero length buffers passed to X509_NAME_onelne().

Issue reported by Guido Vranken.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-29 19:42:21 +01:00
Dr. Stephen Henson
295f3a2491 Add size limit to X509_NAME structure.
This adds an explicit limit to the size of an X509_NAME structure. Some
part of OpenSSL (e.g. TLS) already effectively limit the size due to
restrictions on certificate size.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-29 19:42:21 +01:00
Matt Caswell
b8c51459aa Remove some dead code from EC_GROUP_check()
EC_GROUP_check() was obtaining a temporary BIGNUM from the BN_CTX, but
then not using it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 16:47:41 +01:00
Matt Caswell
40a8643a37 Avoid a NULL ptr deref if group is not set
We should only copy parameters and keys if the group is set. Otherwise
they don't really make any sense. Previously we copied the private key
regardless of whether the group was set...but if it wasn't a NULL ptr
deref could occur. It's unclear whether we could ever get into that
situation, but since we were already checking it for the public key we
should be consistent.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 16:47:41 +01:00
Matt Caswell
138388fe33 Check for failed malloc in BIO_ADDR_new
BIO_ADDR_new() calls OPENSSL_zalloc() which can fail - but the return
value is not checked.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 16:47:41 +01:00
Matt Caswell
ed3eb5e0cc The x509_name_canon function doesn't check for an error return
i2d_name_canon can return a negative number on error. We should check it
before continuing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 16:47:41 +01:00
David Benjamin
87a8405b66 Avoid overflow issues in X509_cmp.
The length is a long, so returning the difference does not quite work.

Thanks to Torbjörn Granlund for noticing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-29 17:01:09 +02:00
Matt Caswell
a1f82f0639 Fix EBCDIC problem in conf_def.h
The non-ascii version of this set of macros ensures that the "a" variable
is inside the expected range. This logic wasn't quite right for the
EBCDIC version.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-04-29 15:04:15 +01:00
Matt Caswell
4cd5c3f4ee Fix a build error with strict-warnings and CHARSET_EBCDIC
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-04-29 15:04:15 +01:00
Matt Caswell
e31066f7e9 Add the ability to test EBCDIC builds
This adds the define CHARSET_EBCDIC_TEST which enables testing of EBCDIC
code on an ASCII system.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-04-29 15:04:15 +01:00
Matt Caswell
5fd1478df3 Fix building with -DCHARSET_EBCDIC
Building with -DCHARSET_EBCDIC and using --strict-warnings resulted in
lots of miscellaneous errors. This fixes it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-04-29 15:04:15 +01:00
Kirill Marinushkin
842dc98705 Add aliases for des-ede-ecb and des-ede3-ecb ciphers.
Currently we can get all block ciphers with
	EVP_get_cipherbyname("<alg_name>-<block-mode-name>")
for example, by names "aes-128-ecb" or "des-ede-cbc".
I found a problem with des-ede-ecb and des-ede3-ecb ciphers as
they can be accessed only with names:
	EVP_get_cipherbyname("des-ede")
	EVP_get_cipherbyname("des-ede3")
It breaks the general concept.

In this patch I add aliases which allow to use names:
	EVP_get_cipherbyname("des-ede-ecb")
	EVP_get_cipherbyname("des-ede3-ecb")
in addition to the currently used names.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 09:17:09 -04:00
Andy Polyakov
53385e1fee crypto/ppccap.c: fix missing declaration warning.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-29 11:52:28 +02:00
Andy Polyakov
fa79c543d2 crypto/ppccap.c: permit build with no-chacha and no-poly1305.
RT#4508

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-29 11:52:06 +02:00
Matt Caswell
10a57adc60 Remove some dead code
Commit e1d9f1ab39 left some dead code behind. This removes it.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-04-29 09:23:45 +01:00
Matt Caswell
b375f08145 A call to RSA_set0_key had the arguments in the wrong order
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-29 09:20:13 +01:00
Matt Caswell
b8f1c116a3 Don't free the BIGNUM passed to BN_mpi2bn
Commit 91fb42dd fixed a leak but introduced a problem where a parameter
is erroneously freed instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 09:05:23 +01:00
Matt Caswell
098c1e3d14 Fix a leak in i2b_PVK
Commit 8e588e28 fixed a leak but introduced a new one.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-29 09:05:23 +01:00
Richard Levitte
1f644005ac make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-29 09:09:46 +02:00
FdaSilvaYY
a14a740dbe BIO_free should call method->destroy before free'ing member fields
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1007)
2016-04-28 22:16:52 +02:00