Commit graph

12232 commits

Author SHA1 Message Date
Andy Polyakov
5bbdc26cad crypto/mem_clr.c: switch to OPENSSL_cleanse implementation from master.
It's probably worth reminding that this is a fall-back implementation
for platforms that don't have assembly OPENSSL_cleanse.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-12 13:47:57 +02:00
Andy Polyakov
4f0b6e6775 hmac/hmac.c: switch to OPENSSL_cleanse.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-12 13:47:32 +02:00
Matt Caswell
e6f65f769d Fix an error path leak in int X509_ATTRIBUTE_set1_data()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5000a6d121)
2016-06-10 16:45:04 +01:00
Matt Caswell
4457017587 Fix an error path leak in do_ext_nconf()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 8605abf135)
2016-06-10 16:44:06 +01:00
Matt Caswell
f6186cfba6 Fix seg fault in TS_RESP_verify_response()
The TS_RESP_verify_response() function is used for verifying the response
from a TSA. You can set the provided TS_VERIFY_CTX with different flags
depending on what aspects of the response you wish to verify.

A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME
flags without also specifying TS_VFY_SIGNATURE.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-10 14:36:21 +01:00
Matt Caswell
e4c4b2766b Add a BN_mod_word test()
The previous commit fixed a bug with BN_mod_word() which would have been
caught if we had a test for it. This commit adds one.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-07 21:58:55 +01:00
Matt Caswell
e82fd1b457 Fix BN_mod_word bug
On systems where we do not have BN_ULLONG (e.g. typically 64 bit systems)
then BN_mod_word() can return incorrect results if the supplied modulus is
too big.

RT#4501

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 37258dadaa)
2016-06-07 21:58:46 +01:00
Matt Caswell
b7d0f2834e More fix DSA, preserve BN_FLG_CONSTTIME
The previous "fix" still left "k" exposed to constant time problems in
the later BN_mod_inverse() call. Ensure both k and kq have the
BN_FLG_CONSTTIME flag set at the earliest opportunity after creation.

CVE-2016-2178

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-07 09:14:32 +01:00
Cesar Pereida
621eaf49a2 Fix DSA, preserve BN_FLG_CONSTTIME
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.

CVE-2016-2178

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-06 11:27:55 +01:00
Matt Caswell
46bad91986 Fix documentation error in x509 app certopt flag
According to the x509 man page in the section discussing -certopt it says
that the ca_default option is the same as that used by the ca utility and
(amongst other things) has the effect of suppressing printing of the
signature - but in fact it doesn't. This error seems to have been present
since the documentation was written back in 2001. It never had this effect.

The default config file sets the certopt value to ca_default. The ca utility
takes that and THEN adds additional options to suppress printing of the
signature. So the ca utility DOES suppress printing of the signature - but
it is not as a result of using the ca_default option.

GitHub Issue #247

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 39a470088a)
2016-06-03 23:22:22 +01:00
Matt Caswell
96f1de5bf4 BIO_printf() can fail to print the last character
If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 20:31:24 +01:00
Jonas Maebe
f3cab0b11f cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors
zapparams modification based on tip from Matt Caswell

RT#3198

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-03 20:31:24 +01:00
Dirk Feytons
782a2be2ed Fix build with no-cmac
Add missing ifdefs. Same change is already present in master, see
b4a3aeebd9

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1155)
2016-06-03 13:03:29 -04:00
Matt Caswell
733f72f182 Update CONTRIBUTING
Fix typos and clarify a few things in the CONTRIBUTING file.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 17:12:08 +01:00
Matt Caswell
a004e72b95 Avoid some undefined pointer arithmetic
A common idiom in the codebase is:

if (p + len > limit)
{
    return; /* Too long */
}

Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE

"len" here could be from some externally supplied data (e.g. from a TLS
message).

The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.

For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit!

Issue reported by Guido Vranken.

CVE-2016-2177

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-01 14:22:40 +01:00
FdaSilvaYY
f792c66304 Fix some missing inits
Backport of 8e89e85f55
From PR #1019 / #997

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1019)
2016-05-31 16:58:22 -04:00
Dr. Stephen Henson
fd785ca892 Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.

If key type is not initialised return missing parameters

RT#4149

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f72f00d495)
2016-05-31 13:26:54 +01:00
Matt Caswell
8e0a94a58a Check for malloc failure in EVP_PKEY_keygen()
After a call to EVP_PKEY_new() we should check for malloc failure.

RT#4180

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-26 16:13:08 +01:00
Matt Caswell
ada5de7ca1 The ssl3_digest_cached_records() function does not handle errors properly
The ssl3_digest_cached_records() function was failing to handle errors
that might be returned from EVP_DigestSignInit() and
EVP_DigestSignUpdate().

RT#4180

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-26 16:13:08 +01:00
Matt Caswell
649af484c8 Fix a mem leak on an error path in OBJ_NAME_add()
If lh_OBJ_NAME_insert() fails then the allocated |onp| value is leaked.

RT#2238

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 0a618df059)
2016-05-24 00:12:04 +01:00
Matt Caswell
e117522e75 Fix error return value in SRP functions
The functions SRP_Calc_client_key() and SRP_Calc_server_key() were
incorrectly returning a valid pointer in the event of error.

Issue reported by Yuan Jochen Kang

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 308ff28673)
2016-05-24 00:02:40 +01:00
Richard Levitte
d384bf39b1 openssl verify: only display the command usage on usage errors
All other errors should only display the error message.

RT#1866

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-20 16:57:35 +02:00
Richard Levitte
a531944796 Revert "Document the esc_2254 command line name option"
This reverts commit 54fc5795c9.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-20 16:21:50 +02:00
Richard Levitte
ca3c0d7c03 Revert "make update"
This reverts commit 7229a91a48.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-20 16:21:50 +02:00
Richard Levitte
d29d4b317b Revert "Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()"
This reverts commit 87728c6829.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-20 16:21:50 +02:00
Andy Polyakov
e10b54ca32 rand/randfile.c: remove _XOPEN_SOURCE definition.
Defintions of macros similar to _XOPEN_SOURCE belong in command line
or in worst case prior first #include directive in source. As for
macros is was allegedly controlling. One can argue that we are
probably better off demanding S_IS* macros but there are systems
that just don't comply, hence this compromise solution...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2e6d7799ff)
2016-05-20 16:05:15 +02:00
Viktor Dukhovni
5553a12735 Ensure verify error is set when X509_verify_cert() fails
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Similarly for issuer lookup failures
and caller errors (bad parameters or invalid state).

Also, when X509_verify_cert() returns <= 0 make sure that the
verification status does not remain X509_V_OK, as a last resort set
it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns
an error without setting an appropriate value of ctx->error.

Add new and some missing error codes to X509 error -> SSL alert switch.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-19 18:15:08 -04:00
Viktor Dukhovni
96747f0f4e Clarify negative return from X509_verify_cert()
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-19 18:14:43 -04:00
Matt Caswell
2e648db246 Check that the obtained public key is valid
In the X509 app check that the obtained public key is valid before we
attempt to use it.

Issue reported by Yuan Jochen Kang.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-19 21:07:15 +01:00
Matt Caswell
ec8f246e6e Fix a double free in tls1_setup_key_block
If p2 == NULL then p1 can get freed twice and a crash could occur.

Issue reported by Shi Lei (Qihoo 360 Inc)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-05-19 20:55:55 +01:00
Cynh
b1d7eaaccf Fix SRP client key computation
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

GH: #1017
(cherry picked from commit c9141a43e2)
2016-05-18 23:23:59 +02:00
Richard Levitte
72fdf00202 Cleanup openssl.ec
HMAC doesn't have any error codes

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 22:32:21 +02:00
Richard Levitte
c9e2fab4b3 Fix util/mkerr.pl
- Adjust mkerr.pl to produce the line length we used for source
  reformating.

- Have mkerr.pl keep track of preprocessor directive indentation

  Among others, do not spuriously throw away a #endif at the end of
  header files.

- Make sure mkerr.pl specifies any header inclusion correctly

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 22:32:13 +02:00
Richard Levitte
b3ed78cb84 Run the refreshed scripts
Some output difference in crypto/conf/conf_def.h, because the earlier
source reformatting needlessly indented the macro values.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 19:57:06 +02:00
Richard Levitte
f5d3117d4e Refresh seldom used C generating scripts to current C standard
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-18 19:57:06 +02:00
Alessandro Ghedini
eb334f73a8 Avoid double declaration of COMP_METHOD
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1083)
2016-05-18 13:38:27 -04:00
Richard Levitte
54fc5795c9 Document the esc_2254 command line name option
RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a37458c1bf)
2016-05-18 18:38:52 +02:00
Richard Levitte
7229a91a48 make update
RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0794b6a6a8)
2016-05-18 18:38:47 +02:00
Richard Levitte
87728c6829 Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()
Also adds 'esc_2254' to the possible command line name options

RT#1466

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit bc77651098)
2016-05-18 18:33:00 +02:00
Richard Levitte
cbacc6f7e9 Don't require any length of password when decrypting
RT#2534

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-17 17:18:25 +02:00
Richard Levitte
477b9afc68 Add missing initialiser in e_chil.c
RT#2616

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-17 17:18:25 +02:00
Richard Levitte
4e16885c8c Add support for RC / WINDRES env variables
RT#2558

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-17 17:18:25 +02:00
Matt Caswell
57f115e908 Remove repeated condition from if in X509_NAME_oneline
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING
twice. We only need to do it once.

GitHub Issue #656

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 2647e2617e)
2016-05-17 14:27:59 +01:00
Matt Caswell
a79a40a9fe Fix SSL compression symbol exporting
Some compression related functions in libssl have dummy versions to be
used when compiled with no-comp. However those dummy functions were not
being exported on Windows so they are unusable when dynamically linked.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 09:23:36 +01:00
Richard Levitte
2a73576f89 Documentation: Clarify sizes for UI_add_input_string()
The given sizes to not include the final NUL character.

RT#2622

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 727ee8cfeb)
2016-05-16 18:35:11 +02:00
Richard Levitte
05fc0bae86 Windows: Add CRYPT32.LIB to the libraries to link your app with
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1064)
2016-05-16 17:47:20 +02:00
isnotnick
688c10544d RT3513: req doesn't display attributes using utf8string
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-14 20:06:33 +02:00
Richard Levitte
93c9545d4d Use RPMBUILD macros rather than hard coded paths in openssl.spec
RT#4522

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-12 17:43:58 +02:00
Rich Salz
c393a5de99 Recommend GH over RT, per team vote.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Manual cherry-pick of f2b9c25721)
2016-05-11 16:47:17 -04:00
Steven Valdez
48bacd31e8 Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c
RT#4363

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit 2ab851b779)

Conflicts:
	crypto/ec/ec_key.c
2016-05-11 18:51:13 +01:00