Commit graph

8499 commits

Author SHA1 Message Date
Matt Caswell
9205ebeb8e Convert num_alloc to a size_t in stack.c and tweak style
We were casting num_alloc to size_t in lots of places, or just using it in
a context where size_t makes more sense - so convert it. This simplifies
the code a bit.

Also tweak the style in stack.c a bit following on from the previous
commit

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-19 23:25:52 +01:00
Guido Vranken
9731a9ce7d Prevent overflows in stack API
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-19 23:24:49 +01:00
FdaSilvaYY
81f9ce1e19 Constify code about X509_VERIFY_PARAM
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1594)
2016-09-18 00:22:00 -04:00
FdaSilvaYY
76dc356384 Remove an useless definition.
APP_INFO is currently a field of MEM struct.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1583)
2016-09-17 12:32:37 -04:00
Matt Caswell
73f0df8331 Add some sanity checks around usage of t_fromb64()
The internal SRP function t_fromb64() converts from base64 to binary. It
does not validate that the size of the destination is sufficiently large -
that is up to the callers. In some places there was such a check, but not
in others.

Add an argument to t_fromb64() to provide the size of the destination
buffer and validate that we don't write too much data. Also add some sanity
checks to the callers where appropriate.

With thanks to Shi Lei for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-14 10:06:41 +01:00
Andy Polyakov
cc2cb7bf63 bn/bn_lcl.h: improve interoperability with clang and Android NDK.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 13:34:12 +02:00
Richard Levitte
278a33da3c VMS: be less picky when loading DSOs
The DSO API was picky about casing of symbol names on VMS.

There's really no reason to be that picky, it's mostly just annoying.
Therefore, we take away the possibility to flag for a choice, and will
instead first try to find a symbol with exact case, and failing that,
we try to find it in upper case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-11 23:18:03 +02:00
Tim Hudson
82f52631b2 Fix EC_KEY_print so it prints out private key information
even when the public key is not present in an EC_KEY

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-09-10 06:53:33 +10:00
Richard Levitte
e82e2186e9 If errno is ENXIO in BSS_new_file(), set BIO_R_NO_SUCH_FILE
VMS sets that errno when the device part of a file spec is malformed
or a logical name that doesn't exist.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-08 23:39:26 +02:00
Matt Caswell
135648bcd0 Fix mem leaks during auto-deinit
Certain functions are automatically called during auto-deinit in order
to deallocate resources. However, if we have never entered a function which
marks lib crypto as inited then they never get called. This can happen if
the user only ever makes use of a small sub-set of functions that don't hit
the auto-init code.

This commit ensures all such resources deallocated by these functions also
init libcrypto when they are initially allocated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-09-08 12:40:19 +01:00
Andy Polyakov
abcbf7ed7e chacha/asm/chacha-ppc.pl: add missing .text directive.
RT#4667

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-08 09:05:59 +02:00
David Woodhouse
978ecbb08b Avoid EVP_PKEY_cmp() crash on EC keys without public component
Some hardware devices don't provide the public EC_POINT data. The only
way for X509_check_private_key() to validate that the key matches a
given certificate is to actually perform a sign operation and then
verify it using the public key in the certificate.

Maybe that can come later, as discussed in issue 1532. But for now let's
at least make it fail gracefully and not crash.

GH: 1532

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1547)
(cherry picked from commit 92ed7fa575)
2016-09-07 13:57:48 -04:00
Alex Gaynor
d65c3615f6 GH1537: Avoid double-free in the EVP_PKEY API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-07 09:41:20 -04:00
Rich Salz
01c09f9fde Misc BN fixes
Never output -0; make "negative zero" an impossibility.
Do better checking on BN_rand top/bottom requirements and #bits.
Update doc.
Ignoring trailing garbage in BN_asc2bn.

Port this commit from boringSSL: https://boringssl.googlesource.com/boringssl/+/899b9b19a4cd3fe526aaf5047ab9234cdca19f7d%5E!/
        Ensure |BN_div| never gives negative zero in the no_branch code.

        Have |bn_correct_top| fix |bn->neg| if the input is zero so that we
        don't have negative zeros lying around.

        Thanks to Brian Smith for noticing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-06 10:42:01 -04:00
Andy Polyakov
6cf412c473 modes/asm/ghash-armv4.pl: improve interoperability with Android NDK.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-03 10:41:52 +02:00
Andy Polyakov
947716c187 MIPS assembly pack: adapt it for MIPS[32|64]R6.
MIPS[32|64]R6 is binary and source incompatible with previous MIPS ISA
specifications. Fortunately it's still possible to resolve differences
in source code with standard pre-processor and switching to trap-free
version of addition and subtraction instructions.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-02 13:33:17 +02:00
Andy Polyakov
68b4a6e91f crypto/bn/*: x86[_64] division instruction doesn't handle constants, change constraint from 'g' to 'r'.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-31 16:45:00 +02:00
Rich Salz
bde588df8a Code cleanup UI
Remove NULL check on parameter, and use NULL not ! on buffer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-31 09:34:16 -04:00
Andy Polyakov
d8f432aa97 Add ecp_nistz256-ppc64 module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-29 23:12:32 +02:00
Andy Polyakov
b17ff188b1 perlasm/ppc-xlate.pl: recognize .type directive.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-29 23:12:28 +02:00
Andy Polyakov
fca8f5ded8 bn/asm/ppc.pl: harmonize .size directive in bn_mul_words.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-29 23:12:05 +02:00
Rich Salz
d196305aa0 Remove comment tags from structs (coding style)
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-29 09:07:38 -04:00
Rich Salz
66117ab0f6 Use uppercase name for PCT_ enum
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-29 09:06:24 -04:00
Richard Levitte
216e8d9103 Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c
The definition of STITCHED_CALL relies on OPENSSL_NO_ASM.  However,
when a configuration simply lacks the assembler implementation for RC4
(which is where we have implemented the stitched call), OPENSSL_NO_ASM
isn't implemented.  Better, then, to rely on specific macros that
indicated that RC4 (and MD5) are implemented in assembler.

For this to work properly, we must also make sure Configure adds the
definition of RC4_ASM among the C flags.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-26 12:41:07 +02:00
Andy Polyakov
fb5d9f1db5 Windows: UTF-8 opt-in for command-line arguments and console input.
User can make Windows openssl.exe to treat command-line arguments
and console input as UTF-8 By setting OPENSSL_WIN32_UTF8 environment
variable (to any value). This is likely to be required for data
interchangeability with other OSes and PKCS#12 containers generated
with Windows CryptoAPI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 11:56:28 +01:00
Andy Polyakov
0fe17491c3 Don't switch password formats using global state.
To avoid possible race conditions don't switch password format using
global state in crypto/pkcs12

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 11:42:33 +01:00
Matt Caswell
cc06906707 Fix an uninitialised read on an error path
Found by Coverity.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-25 10:11:35 +01:00
Viktor Dukhovni
4a7b3a7b4d Un-delete still documented X509_STORE_CTX_set_verify
It should not have been removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 20:30:45 +01:00
Andy Polyakov
d3034d31e7 ec/asm/ecp_nistz256-x86_64.pl: /cmovb/cmovc/ as nasm doesn't recognize cmovb.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 17:13:09 +02:00
Richard Levitte
1beca67688 CRYPTO_atomic_add(): check that the object is lock free
If not, fall back to our own code, using the given mutex

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-24 14:37:48 +01:00
Richard Levitte
11fc6c7611 CRYPTO_atomic_add(): use acquire release memory order rather than relaxed
For increments, the relaxed model is fine.  For decrements, it's
recommended to use the acquire release model.  We therefore go for the
latter.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-24 14:37:40 +01:00
Richard Levitte
cb4b54c23b Check for __GNUC__ to use GNU C atomic buildins
Note: we trust any other compiler that fully implements GNU extension
to define __GNUC__

RT#4642

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-24 14:37:30 +01:00
Dr. Stephen Henson
55d83bf7c1 Avoid overflow in MDC2_Update()
Thanks to Shi Lei for reporting this issue.

CVE-2016-6303

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-24 14:12:51 +01:00
Matt Caswell
fe81a1b051 Remove useless assignment
The variable assignment c1 is never read before it is overwritten.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-08-24 11:25:23 +01:00
Andy Polyakov
c74aea8d6c ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
RT#4625

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:55:11 +01:00
Andy Polyakov
e3057a57ca ec/ecp_nistz256: harmonize is_infinity with ec_GFp_simple_is_at_infinity.
RT#4625

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:55:02 +01:00
Andy Polyakov
dfde4219fd ec/asm/ecp_nistz256-*.pl: addition to perform stricter reduction.
Addition was not preserving inputs' property of being fully reduced.

Thanks to Brian Smith for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:44:56 +01:00
Andy Polyakov
b62b2454fa ec/asm/ecp_nistz256-x86_64.pl: addition to perform stricter reduction.
Addition was not preserving inputs' property of being fully reduced.

Thanks to Brian Smith for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-24 10:44:48 +01:00
Andy Polyakov
9e421962e1 evp/bio_enc.c: stop using pointer arithmetic for error detection.
Thanks to David Benjamin for reporting this.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-24 10:34:27 +01:00
Matt Caswell
44cb4f5b5f Fix no-sock
The declaration of bio_type_lock is independent of no-sock so should not be
inside OPENSSL_NO_SOCK guards.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-24 09:25:53 +01:00
David Benjamin
2338ad8885 Fix math in BN_bn2dec comment.
The bound on log(2)/3 on the second line is incorrect and has an extra
zero compared to the divisions in the third line. log(2)/3 = 0.10034...
which is bounded by 0.101 and not 0.1001. The divisions actually
correspond to 0.101 which is fine. The third line also dropped a factor
of three.

The actual code appears to be fine. Just the comments are wrong.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:37:58 +01:00
Rob Percival
fa515410aa SCT_set_source resets validation_status
This makes it consistent with all of the other SCT setters.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:31:03 +01:00
Rob Percival
eb96e8b5fd Document that o2i_SCT_signature can leave the SCT in an inconsistent state
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:23:28 +01:00
Rob Percival
63e27d4d0f Removes {i2o,o2i}_SCT_signature from the CT public API
They may return if an SCT_signature struct is added in the future that
allows them to be refactored to conform to the i2d/d2i function signature
conventions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:23:28 +01:00
Rob Percival
986dbbbeff Prevent double-free of CTLOG public key
Previously, if ct_v1_log_id_from_pkey failed, public_key would be freed by
CTLOG_free at the end of the function, and then again by the caller (who
would assume ownership was not transferred when CTLOG_new returned NULL).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:17:14 +01:00
Rob Percival
cdb2a60347 Internalizes SCT_verify and removes SCT_verify_v1
SCT_verify is impossible to call through the public API (SCT_CTX_new() is
not part of the public API), so rename it to SCT_CTX_verify and move it
out of the public API.

SCT_verify_v1 is redundant, since SCT_validate does the same verification
(by calling SCT_verify) and more. The API is less confusing with a single
verification function (SCT_validate).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-23 20:12:25 +01:00
FdaSilvaYY
0fe9123687 Constify a bit X509_NAME_get_entry
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
9f5466b9b8 Constify some X509_NAME, ASN1 printing code
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
bf9d5e483d Constify some input parameters.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00
FdaSilvaYY
a026fbf977 Constify some inputs buffers
remove useless cast to call ASN1_STRING_set

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 11:47:22 +02:00