Commit graph

5310 commits

Author SHA1 Message Date
Loganaden Velvindron
895c1b79dd Clear BN-mont values when free'ing it.
From a CloudFlare patch.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 1a586b3942)
2015-07-31 13:38:57 -04:00
Martin Vejnar
86fecb23df RT3774: double-free in DSA
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit fa4629b6a2)
2015-07-29 21:21:58 -04:00
Dr. Stephen Henson
989ba38f7f Don't output bogus errors in PKCS12_parse
PR#3923

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ffbf304d48)
2015-06-25 04:56:20 +01:00
Richard Levitte
c040acd76a Make preprocessor error into real preprocessor error
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit b4f0d1a4a8)
2015-06-16 13:14:11 +02:00
Richard Levitte
7c3f919832 Remove one extraneous parenthesis
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 30cf91784b)
2015-06-16 13:14:11 +02:00
Matt Caswell
c9f4108465 Prepare for 1.0.0t-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-06-11 15:16:43 +01:00
Matt Caswell
a06ec5a26f Prepare for 1.0.0s release
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-06-11 15:13:36 +01:00
Emilia Kasper
f46e8095aa PKCS#7: Fix NULL dereference with missing EncryptedContent.
CVE-2015-1790

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-11 15:10:48 +01:00
Emilia Kasper
57de3216e2 Fix length checks in X509_cmp_time to avoid out-of-bounds reads.
Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.

CVE-2015-1789

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-11 15:10:48 +01:00
Dr. Stephen Henson
857b2ced04 Fix infinite loop in CMS
Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
to verify and a digest is not recognised. Reported by Johannes Bauer.

CVE-2015-1792

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-11 15:10:48 +01:00
Matt Caswell
cb9f1bc1d1 EC_POINT_is_on_curve does not return a boolean
The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 68886be7e2)

Conflicts:
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_oct.c
	crypto/ec/ectest.c
2015-06-10 10:57:05 +01:00
Dr. Stephen Henson
228806a4f3 return correct NID for undefined object
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 0fb9990480)
2015-06-08 21:47:24 +01:00
Matt Caswell
0d3a7e7c91 Fix off-by-one error in BN_bn2hex
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
for this and can allocate a buffer one byte too short in the event of -0
being used, leading to a one byte buffer overrun. All usage within the
OpenSSL library is considered safe. Any security risk is considered
negligible.

With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
Filip Palian for discovering and reporting this issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit c56353071d)

Conflicts:
	crypto/bn/bn_print.c
2015-06-04 09:31:08 +01:00
Dr. Stephen Henson
aaa654d607 check for error when creating PKCS#8 structure
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2849707fa6)
2015-05-28 18:02:43 +01:00
Richard Levitte
1b8403889b Fix the update target and remove duplicate file updates
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in.  This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.

This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2)

Conflicts:
	Makefile.org
	apps/Makefile
	test/Makefile
	crypto/cmac/Makefile
	crypto/srp/Makefile
2015-05-23 11:17:35 +02:00
Matt Caswell
e261cf5a2e Fix off-by-one in BN_rand
If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-22 23:47:16 +01:00
Matt Caswell
b3c721482b Reject negative shifts for BN_rshift and BN_lshift
The functions BN_rshift and BN_lshift shift their arguments to the right or
left by a specified number of bits. Unpredicatable results (including
crashes) can occur if a negative number is supplied for the shift value.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
for discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 7cc18d8158)

Conflicts:
	crypto/bn/bn.h
	crypto/bn/bn_err.c
2015-05-22 23:23:50 +01:00
Rich Salz
690d040b2e Add NULL checks from master
The big "don't check for NULL" cleanup requires backporting some
of the lowest-level functions to actually do nothing if NULL is
given.  This will make it easier to backport fixes to release
branches, where master assumes those lower-level functions are "safe"

This commit addresses those tickets: 3798 3799 3801.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit f34b095fab)
2015-05-13 12:56:02 -04:00
Gilles Khouzam
6c63867178 RT3820: Don't call GetDesktopWindow()
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit bed2edf1cb)
2015-05-02 08:02:18 -04:00
Dr. Stephen Henson
b3ac37c69a Limit depth of nested sequences when generating ASN.1
Reported by Hanno Böck <hanno@hboeck.de>
PR#3800

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c4137b5e82)

Conflicts:
	crypto/asn1/asn1_gen.c
2015-04-22 21:57:50 +01:00
Loganaden Velvindron
50c2c64fe7 Fix CRYPTO_strdup
The function CRYPTO_strdup (aka OPENSSL_strdup) fails to check the return
value from CRYPTO_malloc to see if it is NULL before attempting to use it.
This patch adds a NULL check.

RT3786

Signed-off-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 37b0cf936744d9edb99b5dd82cae78a7eac6ad60)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 20d21389c8b6f5b754573ffb6a4dc4f3986f2ca4)
2015-04-22 17:26:20 +01:00
Dr. Stephen Henson
a6202a74f9 Fix encoding bug in i2c_ASN1_INTEGER
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.

Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and
Hanno Böck <hanno@hboeck.de> for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a0eed48d37)
2015-04-18 14:44:54 +01:00
Viktor Dukhovni
6b7d6c4404 Code style: space after 'if'
Reviewed-by: Matt Caswell <gitlab@openssl.org>
2015-04-16 13:53:17 -04:00
Dr. Stephen Henson
21220998f3 Reject empty generation strings.
Reported by Hanno Böck <hanno@hboeck.de>

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 111b60bea0)

Conflicts:
	crypto/asn1/asn1_gen.c
2015-04-16 16:07:41 +01:00
Dr. Stephen Henson
dafa9534de Don't set *pval to NULL in ASN1_item_ex_new.
While *pval is usually a pointer in rare circumstances it can be a long
value. One some platforms (e.g. WIN64) where
sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field.

*pval is initialised correctly in the rest of ASN1_item_ex_new so setting it
to NULL is unecessary anyway.

Thanks to Julien Kauffmann for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f617b4969a)

Conflicts:
	crypto/asn1/tasn_new.c
2015-04-10 19:53:45 +01:00
Dr. Stephen Henson
e35e22e1d9 Make OCSP response verification more flexible.
If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.

PR#3668

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4ca5efc287)
2015-03-24 12:14:56 +00:00
Matt Caswell
06cf4418cf Prepare for 1.0.0s-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:45:41 +00:00
Matt Caswell
81741de632 Prepare for 1.0.0r release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:43:00 +00:00
Matt Caswell
f2f2f64dee make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:43:00 +00:00
Matt Caswell
dfc3e9698b Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:00:11 +00:00
Emilia Kasper
9104dc4255 PKCS#7: avoid NULL pointer dereferences with missing content
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>
2015-03-19 13:00:11 +00:00
Dr. Stephen Henson
0275883673 Fix ASN1_TYPE_cmp
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:00:11 +00:00
Dr. Stephen Henson
7746ff501c Free up ADB and CHOICE if already initialised.
CVE-2015-0287

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-18 11:52:43 +00:00
Dr. Stephen Henson
765db5f9e5 ASN.1 print fix.
When printing out an ASN.1 structure if the type is an item template don't
fall thru and attempt to interpret as a primitive type.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 5dc1247a74)
2015-03-12 13:46:44 +00:00
Dr. Stephen Henson
394a30c2f8 Fix warnings.
Fix compiler warnings (similar to commit 25012d5e79)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-08 16:57:46 +00:00
Dr. Stephen Henson
36971258e3 Cleanse PKCS#8 private key components.
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891d4)

Conflicts:
	crypto/dh/dh_ameth.c
2015-03-08 16:32:35 +00:00
Dr. Stephen Henson
4bf7b29169 Check public key is not NULL.
CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 28a00bcd8e)
2015-03-02 15:26:52 +00:00
Dr. Stephen Henson
42ad0100f1 Fix format script.
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b533)
2015-03-02 13:43:40 +00:00
Matt Caswell
dac693c957 Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 20:38:25 +00:00
Andy Polyakov
0e5e7af955 Bring objects.pl output even closer to new format.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 849037169d)
2015-02-09 16:04:58 +01:00
Andy Polyakov
2487d77104 Harmonize objects.pl output with new format.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce3862319)
2015-02-09 10:01:54 +01:00
Rich Salz
189de54506 Fixed bad formatting in crypto/des/spr.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06ea9)
2015-02-05 09:46:06 -05:00
Dr. Stephen Henson
beac071b13 Make objxref.pl output in correct format
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6922ddee1b)
2015-02-04 13:36:00 +00:00
Dr. Stephen Henson
99ff40515d Check PKCS#8 pkey field is valid before cleansing.
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9de)
2015-02-03 14:02:34 +00:00
Matt Caswell
1804f78298 Fix formatting error in pem.h
Reviewed-by: Andy Polyakov <appro@openssl.org>

Conflicts:
	crypto/pem/pem.h
2015-01-22 14:15:45 +00:00
Matt Caswell
3d7a9aca8c Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 1.0.0 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:46:52 +00:00
Matt Caswell
4bc9913844 Rerun util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:46:26 +00:00
Matt Caswell
a8b966f48f Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:46:18 +00:00
Matt Caswell
e3db68b766 Yet more changes to comments
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:46:13 +00:00
Matt Caswell
31082f2127 Fix modes.h so that indent doesn't complain
Conflicts:
	crypto/modes/modes.h

Conflicts:
	crypto/modes/modes.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:46:01 +00:00