Commit graph

12296 commits

Author SHA1 Message Date
Dr. Stephen Henson
e1be1dce77 Leak fixes.
Fix error path leaks in a2i_ASN1_STRING(), a2i_ASN1_INTEGER() and
a2i_ASN1_ENUMERATED().

Thanks to Shi Lei for reporting these issues.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 16:46:09 +01:00
Kurt Roeckx
32baafb2f6 Return error when trying to print invalid ASN1 integer
GH: #1322
(cherry picked from commit 5e3553c2de)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-08-04 22:22:07 +01:00
Dr. Stephen Henson
81f69e5b69 Limit recursion depth in old d2i_ASN1_bytes function
Thanks to Shi Lei for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-04 17:46:27 +01:00
Dr. Stephen Henson
af601b8319 Check for overflows in i2d_ASN1_SET()
Thanks to Shi Lei for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-04 17:42:53 +01:00
Dr. Stephen Henson
f96b3ff25e Limit status message sisze in ts_get_status_check
Thanks to Shi Lei for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 20fc103f78)

Conflicts:
	include/openssl/ts.h
2016-08-04 17:37:59 +01:00
Richard Levitte
1228ae7738 Don't check any revocation info on proxy certificates
Because proxy certificates typically come without any CRL information,
trying to check revocation on them will fail.  Better not to try
checking such information for them at all.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 790555d675)
2016-08-03 16:15:05 +02:00
Dr. Stephen Henson
436dead2e2 Calculate sequence length properly.
Use correct length in old ASN.1 indefinite length sequence decoder
(only used by SSL_SESSION).

This bug was discovered by Hanno Böck using libfuzzer.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-03 00:13:03 +01:00
Dr. Stephen Henson
134ab5139a include <limits.h>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-02 23:41:45 +01:00
Dr. Stephen Henson
ff8b6b92f4 Check for overflows in ASN1_object_size().
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e9f17097e9)
2016-08-02 20:54:32 +01:00
Dr. Stephen Henson
b10c10422a Check for overlows and error return from ASN1_object_size()
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 56f9953c84)
2016-08-02 20:54:31 +01:00
Dr. Stephen Henson
3dc160e9be Fix CRL time comparison.
Thanks to David Benjamin <davidben@google.com> for reporting this bug.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e032117db2)
2016-07-29 18:49:12 +01:00
Rich Salz
cdddc96d5d Add missing casts.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-07-28 11:48:59 -04:00
Dr. Stephen Henson
68bc6b7a36 Note cipher BIO write errors too.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 976ef6adcc)

Conflicts:
	crypto/evp/bio_enc.c
2016-07-26 22:45:04 +01:00
Dr. Stephen Henson
97a7b2ebd9 Set error if EVP_CipherUpdate fails.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit ee6ce5cc36)

Conflicts:
	crypto/evp/bio_enc.c
2016-07-26 17:12:46 +01:00
Dr. Stephen Henson
325da8231c Use newest CRL.
If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.

RT#4615

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 626aa24849)
2016-07-22 16:15:02 +01:00
Dr. Stephen Henson
02f873c541 Send alert for bad DH CKE
RT#4511

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-22 16:02:07 +01:00
Dr. Stephen Henson
b746aa3fe0 Fix OOB read in TS_OBJ_print_bio().
TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.

CVE-2016-2180

Thanks to Shi Lei for reporting this bug.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0ed26acce3)
2016-07-22 15:16:31 +01:00
Dr. Stephen Henson
b880283683 Clarify digest change in HMAC_Init_ex()
RT#4603

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-22 14:11:13 +01:00
Todd Short
941d9fb6bd OCSP_request_add0_id() inconsistent error return
There are two failure cases for OCSP_request_add_id():
1. OCSP_ONEREQ_new() failure, where |cid| is not freed
2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed

This changes makes the error behavior consistent, such that |cid| is
not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
ownership of |cid| when the function succeeds.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1289)
(cherry picked from commit 415e7c488e)
2016-07-20 01:29:16 -04:00
Dr. Stephen Henson
b5c835b399 Sanity check in ssl_get_algorithm2().
RT#4600

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 52eede5a97)

Conflicts:
	ssl/s3_lib.c
2016-07-20 00:14:36 +01:00
Dr. Stephen Henson
9ae9cbc0c7 Send alert on CKE error.
RT#4610

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 17:20:58 +01:00
Dr. Stephen Henson
6d3b5eeb51 Support PKCS v2.0 print in pkcs12 utility.
Extended alg_print() in pkcs12 utility to support PBES2 algorithms.

RT#4588

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-19 12:32:05 +01:00
Dr. Stephen Henson
59eefa115a Check and print out boolean type properly.
If underlying type is boolean don't check field is NULL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit ad72d9fdf7)
2016-07-19 02:33:34 +01:00
Dr. Stephen Henson
1a2e1334a2 Fix print of ASN.1 BIGNUM type.
The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3cea73a7fc)

Conflicts:
	crypto/asn1/x_bignum.c
2016-07-18 19:42:12 +01:00
Richard Levitte
25dfe50b51 Remove the silly CVS markers from LPdir_*.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 28e90f69fb)
2016-07-16 09:04:56 +02:00
Richard Levitte
427b22646d Fix ASN.1 private encode of EC_KEY to not change the input key
RT#4611

Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit b8a7bd83e6)
2016-07-15 15:17:31 +02:00
Matt Caswell
e88a5cfc2c Disallow multiple protocol flags to s_server and s_client
We shouldn't allow both "-tls1" and "-tls1_2", or "-tls1" and "-no_tls1_2".
The only time multiple flags are allowed is where they are all "-no_<prot>".

This fixes Github Issue #1268

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-08 16:24:00 +01:00
Orgad Shaneh
23aec60661 Fix compilation with CMS disabled
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1293)
2016-07-06 08:44:51 +03:00
Dr. Stephen Henson
9bda728801 Don't indicate errors during initial adb decode.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit b385889640)
2016-07-06 02:41:55 +01:00
Cristian Stoica
6c6bd9bc2f remove double initialization of cryptodev engine
cryptodev engine is initialized together with the other engines in
ENGINE_load_builtin_engines. The initialization done through
OpenSSL_add_all_algorithms is redundant.

Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-05 22:56:45 +02:00
Matt Caswell
77857ddcca Avoid an overflow in constructing the ServerKeyExchange message
We calculate the size required for the ServerKeyExchange message and then
call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
2 bytes required for the signature algorithm and 2 bytes for the signature
length, i.e. we could overflow by 4 bytes. In reality this won't happen
because the buffer is pre-allocated to a large size that means it should be
big enough anyway.

Addresses an OCAP Audit issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 19:26:12 +01:00
Andy Polyakov
cbffd2d9ca SPARC assembly pack: enforce V8+ ABI constraints.
Even though it's hard to imagine, it turned out that upper half of
arguments passed to V8+ subroutine can be non-zero.

["n" pseudo-instructions, such as srln being srl in 32-bit case and
srlx in 64-bit one, were implemented in binutils 2.10. It's assumed
that Solaris assembler implemented it around same time, i.e. 2000.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f198cc43a0)
2016-07-01 14:26:21 +02:00
Matt Caswell
cb5ebf9613 Convert memset calls to OPENSSL_cleanse
Ensure things really do get cleared when we intend them to.

Addresses an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-30 15:53:44 +01:00
Richard Levitte
6ad8c48291 Allow proxy certs to be present when verifying a chain
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-29 23:13:54 +02:00
Richard Levitte
30aeb31281 Fix proxy certificate pathlength verification
While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly.  This corresponds to
RFC 3820, 4.1.4 (a).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-29 23:13:54 +02:00
Richard Levitte
338fb1688f Check that the subject name in a proxy cert complies to RFC 3820
The subject name MUST be the same as the issuer name, with a single CN
entry added.

RT#1852

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-29 23:13:54 +02:00
Matt Caswell
ad64a69e02 Change usage of RAND_pseudo_bytes to RAND_bytes
RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-27 15:00:08 +01:00
Rich Salz
f3dbce6634 RT2964: Fix it via doc
OBJ_nid2obj() and friends should be treated as const.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5d28ff38fd)
2016-06-26 09:26:19 -04:00
Rich Salz
345b8400c1 Revert "RT2964: Fix it via doc"
This reverts commit 58b18779ba.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-06-25 22:09:05 -04:00
Rich Salz
58b18779ba RT2964: Fix it via doc
OBJ_nid2obj() and friends should be treated as const.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 82f31fe4dd)
2016-06-25 16:40:51 -04:00
Matt Caswell
1bb0918c3d Ensure HMAC key gets cleansed after use
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.

Fixes an OCAP Audit issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 0def528bc5)
2016-06-24 13:28:29 +01:00
Matt Caswell
bd598cc405 Fix ASN1_STRING_to_UTF8 could not convert NumericString
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte

Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d6079a87db)
2016-06-23 20:51:28 +01:00
Andy Polyakov
ecb044db58 doc/crypto/OPENSSL_ia32cap.pod: harmonize with actual declaration.
[Note that in master declaration is different.]

RT#4568

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-22 20:18:17 +02:00
John Foley
a43cfd7bb1 RT3752: Add FIPS callback for thread id
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-06-21 16:49:26 -04:00
Richard Levitte
482449624c Fix missing opening braces
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-20 21:26:31 +02:00
Dr. Matthias St. Pierre
398260af10 RT3925: Remove trailing semi from #define's.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-20 15:12:16 -04:00
Richard Levitte
141f8da7b6 apps/req.c: Increment the right variable when parsing '+'
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 14d3c0dd2c)
2016-06-20 20:15:44 +02:00
Andy Polyakov
c3bc7f4988 aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4973a60cb9)
2016-06-20 12:31:39 +02:00
Andy Polyakov
b62e9bf5cb aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure.
RT#4578

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3d32bab8f1)
2016-06-20 12:31:27 +02:00
Rich Salz
d0a2bb1f94 RT4545: Backport 2877 to 1.0.2
Sender verified that the fix works.  This is a backport/cherry-pick
of just the bugfix part of 0f91e1dff4

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 14:39:56 -04:00