Commit graph

5951 commits

Author SHA1 Message Date
Matt Caswell
921095d4d3 make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 13:31:16 +00:00
Matt Caswell
18029a3d07 Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 12:58:35 +00:00
Emilia Kasper
c0334c2c92 PKCS#7: avoid NULL pointer dereferences with missing content
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>
2015-03-19 12:58:35 +00:00
Dr. Stephen Henson
c3c7fb07dc Fix ASN1_TYPE_cmp
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-19 12:58:35 +00:00
Dr. Stephen Henson
4b22cce381 Reject invalid PSS parameters.
Fix a bug where invalid PSS parameters are not rejected resulting in a
NULL pointer exception. This can be triggered during certificate
verification so could be a DoS attack against a client or a server
enabling client authentication.

Thanks to Brian Carpenter for reporting this issues.

CVE-2015-0208

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-19 12:58:35 +00:00
Dr. Stephen Henson
b717b08307 Free up ADB and CHOICE if already initialised.
CVE-2015-0287

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-03-19 11:11:22 +00:00
Matt Caswell
d8d2e50359 Remove dead code from crypto
Some miscellaneous removal of dead code from lib crypto.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b7573c597c)
2015-03-17 14:49:47 +00:00
Matt Caswell
b2b8163964 Fix memset call in stack.c
The function sk_zero is supposed to zero the elements held within a stack.
It uses memset to do this. However it calculates the size of each element
as being sizeof(char **) instead of sizeof(char *). This probably doesn't
make much practical difference in most cases, but isn't a portable
assumption.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 7132ac830f)
2015-03-17 13:48:04 +00:00
Carl Jackson
912c8c92b5 Fix regression in ASN1_UTCTIME_cmp_time_t
Previously, ASN1_UTCTIME_cmp_time_t would return 1 if s > t, -1 if
s < t, and 0 if s == t.

This behavior was broken in a refactor [0], resulting in the opposite
time comparison behavior.

[0]: 904348a492

PR#3706

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit da27006df0)
2015-03-15 19:47:08 +00:00
Andy Polyakov
94be83127b Avoid reading an unused byte after the buffer
Other curves don't have this problem.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 9fbbdd73c5)
2015-03-14 18:24:58 +01:00
Emilia Kasper
be109b9eec Fix undefined behaviour in shifts.
Td4 and Te4 are arrays of u8. A u8 << int promotes the u8 to an int first then shifts.
If the mathematical result of a shift (as modelled by lhs * 2^{rhs}) is not representable
in an integer, behaviour is undefined. In other words, you can't shift into the sign bit
of a signed integer. Fix this by casting to u32 whenever we're shifting left by 24.

(For consistency, cast other shifts, too.)

Caught by -fsanitize=shift

Submitted by Nick Lewycky (Google)

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8b37e5c14f)
2015-03-13 21:14:20 -07:00
Dr. Stephen Henson
8cd6714084 ASN.1 print fix.
When printing out an ASN.1 structure if the type is an item template don't
fall thru and attempt to interpret as a primitive type.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 5dc1247a74)
2015-03-12 13:45:24 +00:00
Matt Caswell
8e91b3d991 Fix missing return checks in v3_cpols.c
Fixed assorted missing return value checks in c3_cpols.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c5f2b5336a)
2015-03-12 09:29:48 +00:00
Matt Caswell
20223855e4 Fix dsa_pub_encode
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0c7ca4033d)
2015-03-12 09:29:48 +00:00
Matt Caswell
563fc239d2 Fix dh_pub_encode
The return value from ASN1_STRING_new() was not being checked which could
lead to a NULL deref in the event of a malloc failure. Also fixed a mem
leak in the error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6aa8dab2bb)
2015-03-12 09:29:48 +00:00
Matt Caswell
15919ecadc Fix asn1_item_print_ctx
The call to asn1_do_adb can return NULL on error, so we should check the
return value before attempting to use it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 34a7ed0c39)
2015-03-12 09:29:48 +00:00
Matt Caswell
289c06823e ASN1_primitive_new NULL param handling
ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple
of conditional code paths that check whether |it| is NULL or not - but
later |it| is deref'd unconditionally. If |it| was ever really NULL then
this would seg fault. In practice ASN1_primitive_new is marked as an
internal function in the public header file. The only places it is ever
used internally always pass a non NULL parameter for |it|. Therefore, change
the code to sanity check that |it| is not NULL, and remove the conditional
checking.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 9e488fd6ab)
2015-03-12 09:29:48 +00:00
Matt Caswell
ff2459b918 Fix EVP_DigestInit_ex with NULL digest
Calling EVP_DigestInit_ex which has already had the digest set up for it
should be possible. You are supposed to be able to pass NULL for the type.
However currently this seg faults.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit a01087027b)
2015-03-12 09:29:48 +00:00
Matt Caswell
8944d10e2d Fix error handling in bn_exp
In the event of an error |rr| could be NULL. Therefore don't assume you can
use |rr| in the error handling code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8c5a7b33c6)
2015-03-12 09:29:48 +00:00
Andy Polyakov
df57e42baa evp/e_aes.c: fix SPARC T4-specific problem:
- SIGSEGV/ILL in CCM (RT#3688);

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-12 09:07:53 +01:00
Matt Caswell
9c5c18500b Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit ac5a110621)
2015-03-11 11:21:09 +00:00
Richard Godbee
5a9e9669d8 BIO_debug_callback: Fix output on 64-bit machines
BIO_debug_callback() no longer assumes the hexadecimal representation of
a pointer fits in 8 characters.

Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 460e920d8a)
2015-03-10 12:34:21 +01:00
Dmitry-Me
b65b4c3481 Fix wrong numbers being passed as string lengths
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0b142f022e)
2015-03-09 21:05:39 +01:00
Dr. Stephen Henson
bfa34f551c Cleanse PKCS#8 private key components.
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891d4)
2015-03-08 16:29:28 +00:00
Matt Caswell
d6b4a41d10 Unchecked malloc fixes
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb86529)

Conflicts:
	crypto/bio/bss_dgram.c
2015-03-05 09:15:08 +00:00
Dr. Stephen Henson
9fdbaf3a32 Check public key is not NULL.
CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 28a00bcd8e)
2015-03-02 15:26:41 +00:00
Dr. Stephen Henson
6fff54b0ce Fix format script.
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b533)
2015-03-02 13:43:17 +00:00
Matt Caswell
8f51c206b3 Fix evp_extra_test.c with no-ec
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a988036259)
2015-02-26 23:34:54 +00:00
Matt Caswell
4d2207f097 Remove pointless free, and use preferred way of calling d2i_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
ba5d0113e8 Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
f747572547 Import evp_test.c from BoringSSL. Unfortunately we already have a file
called evp_test.c, so I have called this one evp_extra_test.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Conflicts:
	crypto/evp/Makefile
	test/Makefile
2015-02-25 17:21:58 +00:00
Andy Polyakov
13c1807041 Fix crash in SPARC T4 XTS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 775b669de3)
2015-02-24 10:12:57 +01:00
Andy Polyakov
f243def213 sha/asm/sha1-586.pl: fix typo.
The typo doesn't affect supported configuration, only unsupported masm.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 3372c4fffa)
2015-02-22 19:22:09 +01:00
Kurt Roeckx
f95519538a Fix memory leak
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit edac5dc220)
2015-02-22 13:23:53 +01:00
Doug Hogan
79e2e927e6 Avoid a double-free in an error path.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 1549a26520)
2015-02-22 13:23:52 +01:00
Richard Levitte
458a55af16 Assume TERMIOS is default, remove TERMIO on all Linux.
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux.  For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.

crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit 64e6bf64b3)

Conflicts:
	Configure
	crypto/ui/ui_openssl.c
2015-02-22 08:10:29 +01:00
Rich Salz
872f91c403 RT3684: rand_egd needs stddef.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-12 14:23:28 -05:00
Graeme Perrow
ee1ccd0a41 RT3670: Check return from BUF_MEM_grow_clean
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b0333e697c)
2015-02-12 13:01:33 -05:00
Emilia Kasper
95929797a0 Fix hostname validation in the command-line tool to honour negative return values.
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 0923e7df9e)
2015-02-10 15:36:03 +01:00
Andy Polyakov
bcfaa4eeee objects/obj_xref.h: revert reformat.
obj_xref.h was erroneously restored to pre-reformat state.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 08:55:30 +01:00
Andy Polyakov
cb43fd0467 Bring objects.pl output even closer to new format.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 849037169d)
2015-02-09 16:00:25 +01:00
Dr. Stephen Henson
ba25221226 Fix memory leak reporting.
Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 9c7a780bbe)
2015-02-09 13:01:15 +00:00
Andy Polyakov
506805e708 Harmonize objects.pl output with new format.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce3862319)
2015-02-09 09:57:23 +01:00
Rich Salz
16064539ad Fixed bad formatting in crypto/des/spr.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06ea9)
2015-02-05 09:45:25 -05:00
Dr. Stephen Henson
75c77a71fa Make objxref.pl output in correct format
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6922ddee1b)
2015-02-04 13:35:35 +00:00
Dr. Stephen Henson
f17a4ad7d7 Check PKCS#8 pkey field is valid before cleansing.
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9de)
2015-02-03 14:02:12 +00:00
Andy Polyakov
8d5d455988 modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure
on affected platforms (PowerPC and AArch64).

For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b2991c081a)
2015-01-30 16:38:42 +01:00
Richard Levitte
bc1544d8c5 dso_vms needs to add the .EXE extension if there is none already
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit be7b1097e2)
2015-01-30 05:02:56 +01:00
Rich Salz
63ac16ccac Remove obsolete support for old code.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 3d0cf91807)
2015-01-26 11:06:28 -05:00
Rich Salz
db7cb7ab9a Remove unused eng_rsax and related asm file
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-26 10:46:26 -05:00