Commit graph

13098 commits

Author SHA1 Message Date
Dr. Stephen Henson
5fe736e5fc Move some ASN.1 internals to asn1_int.h
Move ASN.1 internals used across multiple directories into new internal
header file asn1_int.h remove crypto/Makefile hack which allowed other
directories to include "asn1_locl.h"

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:03:36 +00:00
Rich Salz
0dfb9398bb free NULL cleanup
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets ASN1_OBJECT_free and ASN1_STRING_free.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 07:52:24 -04:00
Mike Frysinger
7c82e339a6 Fix malloc define typo
Fix compilation failure when SCTP is compiled due to incorrect define.

Reported-by: Conrad Kostecki <ck+gentoobugzilla@bl4ckb0x.de>
URL: https://bugs.gentoo.org/543828

RT#3758
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-24 11:33:39 +00:00
Richard Levitte
2383a74be1 Use OPENSSL_malloc rather than malloc/calloc
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:21:12 +01:00
Richard Levitte
912d7c75d4 Fix eng_cryptodev to not depend on BN internals.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:21:12 +01:00
Richard Levitte
77b1f87214 Adjust include path
Thanks to a -I.., the path does work, at least on unix.  However, this
doesn't work so well on VMS.  Correcting the path to not rely on given
-I does work on both.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 11:59:01 +01:00
Richard Levitte
47b3182788 JPAKE Makefile missing 'files' target
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 11:57:14 +01:00
Dr. Stephen Henson
dd12df794a Remove old style ASN.1 support.
Remove old ASN.1 COMPAT type. This was meant as a temporary measure
so older ASN.1 code (from OpenSSL 0.9.6) still worked. It's a hack
which breaks constification and hopefully nothing uses it now, if
it ever did.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23 23:21:40 +00:00
Kurt Roeckx
4dcb4b91db return unexpected message when receiving kx with kDHr or kDHd
It was saying that it was an illegal parameter / unsupported cipher

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23 21:08:20 +01:00
Kurt Roeckx
93f1c13619 Don't send a for ServerKeyExchange for kDHr and kDHd
The certificate already contains the DH parameters in that case.
ssl3_send_server_key_exchange() would fail in that case anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23 21:08:20 +01:00
Kurt Roeckx
24a0d3933d Make sure that cert is never NULL
Also removes for it being NULL

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23 21:08:20 +01:00
Dr. Stephen Henson
06e6aa47de Fix build.
Remove x_exten.c and x_exten.o from crypto/asn1/Makefile: they've moved now.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23 18:47:05 +00:00
Dr. Stephen Henson
4903abd50a make X509_EXTENSION opaque
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-23 18:27:04 +00:00
Matt Caswell
c7f5b5d7bc Fix SSL_clear unused return
Fix missing return value check in dtls1_listen when calling SSL_clear().

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-23 16:02:21 +00:00
Matt Caswell
77d514c5a0 ssl3_set_handshake_header returns
Change ssl_set_handshake_header from return void to returning int, and
handle error return code appropriately.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-23 15:23:24 +00:00
Matt Caswell
ac59d70553 apps return value checks
Ensure that all libssl functions called from within the apps have their
return values checked where appropriate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-23 15:23:18 +00:00
Matt Caswell
69f6823748 Fix missing return value checks
Ensure that all functions have their return values checked where
appropriate. This covers all functions defined and called from within
libssl.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-23 15:23:11 +00:00
Matt Caswell
4bcdb4a601 Check libssl function returns
Mark most functions returning a result defined in any libssl header file
with __owur to warn if they are used without checking the return value.
Use -DUNUSED_RETURN compiler flag with gcc to activate these warnings.
Some functions returning a result are skipped if it is common and valid to
use these functions without checking the return value.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-23 15:23:00 +00:00
Matt Caswell
913f1042b3 Add -DDEBUG_UNUSED to --strict-warnings
In order to receive warnings on unused function return values the flag
-DDEBUG_UNUSED must be passed to the compiler. This change adds that for the
--strict-warnings Configure option.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-23 15:22:36 +00:00
Richard Levitte
d2a5c40d0c Remove PREFIX, as it's not used any more.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23 16:16:00 +01:00
Richard Levitte
4a695602d2 Actually remove TABLE from version control
Follow up on the earlier "Do not keep TABLE in version control".
Actually removing TABLE from version control was forgotten.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23 16:16:00 +01:00
Matt Caswell
b79d24101e Don't check curves that haven't been sent
Don't check that the curve appears in the list of acceptable curves for the
peer, if they didn't send us such a list (RFC 4492 does not require that the
extension be sent).

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-23 14:03:39 +00:00
Dr. Stephen Henson
4fe67498b0 Remove deleted functions, update ordinals.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-23 13:47:57 +00:00
Dr. Stephen Henson
564df0ddea Remove {i2d,d2i}_ASN1_BOOLEAN
Remove {i2d,d2i}_ASN1_BOOLEAN.

Rewrite single occurrence of d2i_ASN1_BOOLEAN in asn1_parse2

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-23 13:15:07 +00:00
Dr. Stephen Henson
f422a51486 Remove old ASN.1 code.
Remove old M_ASN1_ macros and replace any occurences with the corresponding
function.

Remove d2i_ASN1_bytes, d2i_ASN1_SET, i2d_ASN1_SET: no longer used internally.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-23 13:15:06 +00:00
Andy Polyakov
2ecd32a1f8 sha/asm/sha256-armv4.pl: adapt for use in Linux kernel context.
In cooperation with Ard Biesheuvel (Linaro) and Sami Tolvanen (Google).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-23 13:34:03 +01:00
Richard Levitte
9b956beccd Refer to $table{$target} rather than $table{$t}.
Using $t is an artifact from the earlier changes in Configure and was
unfortunately forgotten as is.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-03-22 00:57:09 +01:00
Dr. Stephen Henson
77e127ea6e Add AES unwrap test with invalid key.
This tests the unwrap algorithm with an invalid key. The result should
be rejected without returning any plaintext.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-20 23:22:17 +00:00
Dr. Stephen Henson
5724bd49a2 Fix memory leak.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-20 23:22:17 +00:00
Richard Godbee
e6abba3ad6 CRYPTO_128_unwrap(): Fix refactoring damage
crypto/modes/wrap128.c was heavily refactored to support AES Key Wrap
with Padding, and four bugs were introduced into CRYPTO_128_unwrap() at
that time:

- crypto_128_unwrap_raw()'s return value ('ret') is checked incorrectly,
  and the function immediately returns 'ret' in (almost) all cases.
  This makes the IV checking code later in the function unreachable, but
  callers think the IV check succeeded since CRYPTO_128_unwrap()'s
  return value is non-zero.

  FIX: Return 0 (error) if crypto_128_unwrap_raw() returned 0 (error).

- crypto_128_unwrap_raw() writes the IV to the 'got_iv' buffer, not to
  the first 8 bytes of the output buffer ('out') as the IV checking code
  expects.  This makes the IV check fail.

  FIX: Compare 'iv' to 'got_iv', not 'out'.

- The data written to the output buffer ('out') is "cleansed" if the IV
  check fails, but the code passes OPENSSL_cleanse() the input buffer
  length ('inlen') instead of the number of bytes that
  crypto_128_unwrap_raw() wrote to the output buffer ('ret').  This
  means that OPENSSL_cleanse() could potentially write past the end of
  'out'.

  FIX: Change 'inlen' to 'ret' in the OPENSSL_cleanse() call.

- CRYPTO_128_unwrap() is returning the length of the input buffer
  ('inlen') instead of the number of bytes written to the output buffer
  ('ret').  This could cause the caller to read past the end of 'out'.

  FIX: Return 'ret' instead of 'inlen' at the end of the function.

PR#3749

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-20 23:22:17 +00:00
Richard Godbee
1062ecfc53 wrap128.c: Fix Doxygen comments
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-20 23:22:17 +00:00
Matt Caswell
3c381e5423 Add DTLS tests to make test
Updated test/testssl script to include the new DTLS capability in ssltest.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-20 12:00:56 +00:00
David Woodhouse
98b8cdd322 Add DTLS support to ssltest
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-20 12:00:48 +00:00
David Woodhouse
504e643e09 Add DTLS to SSL_get_version
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-20 12:00:02 +00:00
Richard Levitte
21ab123770 If the target is an old style debug- target, it will not have debugging [cl]flags
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-03-19 22:49:51 +01:00
Matt Caswell
5e5d53d341 Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:01:13 +00:00
Matt Caswell
367eab2f9f Update NEWS
Resync NEWS with the latest version from 1.0.2

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:01:13 +00:00
Matt Caswell
bdc234f3c3 Update CHANGES
Resync CHANGES with the latest version from 1.0.2.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:01:13 +00:00
Emilia Kasper
c225c3cf9b PKCS#7: avoid NULL pointer dereferences with missing content
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>
2015-03-19 13:01:13 +00:00
Dr. Stephen Henson
e677e8d135 Fix ASN1_TYPE_cmp
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:01:13 +00:00
Matt Caswell
d3cc5e610d Fix DHE Null CKE vulnerability
If client auth is used then a server can seg fault in the event of a DHE
cipher being used and a zero length ClientKeyExchange message being sent
by the client. This could be exploited in a DoS attack.

CVE-2015-1787

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:01:13 +00:00
Dr. Stephen Henson
34e3edbf3a Fix for CVE-2015-0291
If a client renegotiates using an invalid signature algorithms extension
it will crash a server with a NULL pointer dereference.

Thanks to David Ramos of Stanford University for reporting this bug.

CVE-2015-0291

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-19 13:01:13 +00:00
Dr. Stephen Henson
09f06923e6 Reject invalid PSS parameters.
Fix a bug where invalid PSS parameters are not rejected resulting in a
NULL pointer exception. This can be triggered during certificate
verification so could be a DoS attack against a client or a server
enabling client authentication.

Thanks to Brian Carpenter for reporting this issues.

CVE-2015-0208

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-19 13:01:13 +00:00
Dr. Stephen Henson
8106d61c35 Free up ADB and CHOICE if already initialised.
CVE-2015-0287

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-19 11:11:02 +00:00
Matt Caswell
e83ee04bb7 Fix Seg fault in DTLSv1_listen
The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next that can lead to a segmentation fault. Erorrs processing the initial
ClientHello can trigger this scenario. An example of such an error could
be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
server.

CVE-2015-0207

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 11:11:02 +00:00
Matt Caswell
1d2a18dc5a Multiblock corrupted pointer fix
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
feature only applies on 64 bit x86 architecture platforms that support AES
NI instructions. A defect in the implementation of "multiblock" can cause
OpenSSL's internal write buffer to become incorrectly set to NULL when
using non-blocking IO. Typically, when the user application is using a
socket BIO for writing, this will only result in a failed connection.
However if some other BIO is used then it is likely that a segmentation
fault will be triggered, thus enabling a potential DoS attack.

CVE-2015-0290

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-19 11:11:02 +00:00
Andy Polyakov
7ead0c8918 Configure: fold related configurations more aggressively and clean-up.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-18 16:27:00 +01:00
Richard Levitte
9e43c6b5c2 Correct the request of debug builds
./config would translate -d into having the target get a 'debug-'
prefix, and then run './Configure LIST' to find out if such a
debugging target exists or not.

With the recent changes, the separate 'debug-foo' targets are
disappearing, and we're giving the normal targets debugging
capabilities instead.  Unfortunately, './config' wasn't changed to
match this new behavior.

This change introduces the arguments '--debug' and '--release' - the
latter just for orthogonality - to ./Configure, and ./config now
treats -d by adding '--debug' to the options for ./Configure.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-17 17:01:31 +01:00
Matt Caswell
11abf92259 Dead code removal from apps
Some miscellaneous removal of dead code from apps. Also fix an issue with
error handling with pkcs7.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-17 14:49:01 +00:00
Matt Caswell
b7573c597c Remove dead code from crypto
Some miscellaneous removal of dead code from lib crypto.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-17 14:48:44 +00:00