Commit Graph

535 Commits

Author SHA1 Message Date
Richard Levitte
fcd9c8c014 Fix pointer size issues on VMS
On VMS, the C compiler can work with 32-bit and 64-bit pointers, and
the command line determines what the initial pointer size shall be.

However, there is some functionality that only works with 32-bit
pointers.  In this case, it's gethostbyname(), getservbyname() and
accompanying structures, so we need to make sure that we define our
own pointers as 32-bit ones.

Furthermore, there seems to be a bug in VMS C netdb.h, where struct
addrinfo is always defined with 32-bit pointers no matter what, but
the functions handling it are adapted to the initial pointer size.
This leads to pointer size warnings when compiling with
/POINTER_SIZE=64.  The workaround is to force struct addrinfo to be
the 64-bit variant if the initial pointer size is 64.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-30 20:25:08 +02:00
Richard Levitte
622c7e99a9 Rearrange the use of 'proto' in BIO_lookup
'proto' wasn't properly used as a fallback in all appropriate cases.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-30 18:45:33 +02:00
Richard Levitte
dcdb4028b3 Adapt bf_lbuf for opaque BIO
Also, have it always be built, even though it's only (currently) used
on VMS.  That will assure it will get the same changes as all others.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-30 04:35:14 +02:00
Matt Caswell
a146ae55ba Make BIO opaque
Move the the BIO_METHOD and BIO structures into internal header files,
provide appropriate accessor methods and update all internal code to use
the new accessors where appropriate.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
Matt Caswell
f334461fac Add functions for creating BIO_METHODs
BIO_METHODs are soon to be opaque so we need to have functions available
to set them up.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-29 17:40:54 +01:00
David Benjamin
04f6b0fd91 RT4660: BIO_METHODs should be const.
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:49:10 -04:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:02:00 +01:00
Rich Salz
1fbab1dc6f Remove Netware and OS/2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 17:06:57 -04:00
Rich Salz
23d38992fc Remove ultrix/mips support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 15:29:15 -04:00
Matt Caswell
c3caf76035 Remove some dead code from 1999
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 21:32:13 +00:00
Matt Caswell
81161070f8 Don't clobber the last error
On Windows we call WSAGetLastError() to find out the last error that
happened on a socket operation. We use this to find out whether we can
retry the operation or not. You are supposed to call this immediately
however in a couple of places we logged an error first. This can end up
making other Windows system calls to get the thread local error state.
Sometimes that can clobber the error code, so if you call WSAGetLastError()
later on you get a spurious response and the socket operation looks like
a fatal error.

Really we shouldn't be logging an error anyway if its a retryable issue.
Otherwise we could end up with stale errors on the error queue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 21:32:13 +00:00
Benjamin Kaduk
a1673e1536 Avoid negative array index in BIO_debug_callback()
BIO_snprintf() can return -1 on truncation (and overflow as of commit
9cb177301f).  Though neither can
realistically occur while printing a pointer and short fixed string into
a buffer of length 256, the analysis to confirm that this the case goes
somewhat far up the call chain, and not all static analyzers can
successfully follow the chain of logic.

It's easy enough to clamp the returned length to be nonnegative before
continuing, which appeases the static analyzer and does not harm the
subsequent code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 20:52:19 -05:00
Alessandro Ghedini
fb46be0348 Convert CRYPTO_LOCK_BIO to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
f989cd8c0b Convert CRYPTO_LOCK_GET*BYNAME to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:07:32 -05:00
Rich Salz
8731a4fcd2 ISSUE 43: Add BIO_sock_shutdown
This replaces SHUTDOWN/SHUTDOWN2 with BIO_closesocket.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 14:47:54 -05:00
Matt Caswell
9cb177301f Fix memory issues in BIO_*printf functions
The internal |fmtstr| function used in processing a "%s" format string
in the BIO_*printf functions could overflow while calculating the length
of a string and cause an OOB read when printing very long strings.

Additionally the internal |doapr_outch| function can attempt to write to
an OOB memory location (at an offset from the NULL pointer) in the event of
a memory allocation failure. In 1.0.2 and below this could be caused where
the size of a buffer to be allocated is greater than INT_MAX. E.g. this
could be in processing a very long "%s" format string. Memory leaks can also
occur.

These issues will only occur on certain platforms where sizeof(size_t) >
sizeof(int). E.g. many 64 bit systems. The first issue may mask the second
issue dependent on compiler behaviour.

These problems could enable attacks where large amounts of untrusted data
is passed to the BIO_*printf functions. If applications use these functions
in this way then they could be vulnerable. OpenSSL itself uses these
functions when printing out human-readable dumps of ASN.1 data. Therefore
applications that print this data could be vulnerable if the data is from
untrusted sources. OpenSSL command line applications could also be
vulnerable where they print out ASN.1 data, or if untrusted data is passed
as command line arguments.

Libssl is not considered directly vulnerable. Additionally certificates etc
received via remote connections via libssl are also unlikely to be able to
trigger these issues because of message size limits enforced within libssl.

CVE-2016-0799

Issue reported by Guido Vranken.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-25 22:45:58 +00:00
Flavio Medeiros
b5292f7b40 GH480: Don't break statements with CPP stuff.
This is also RT 4137

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-24 16:11:39 -05:00
FdaSilvaYY
a2d0baa2d9 GH678: Add a few more zalloc
Remove some duplicated NULL/zero init.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-22 12:13:37 -05:00
Richard Levitte
45502bfe19 Always build library object files with shared library cflags
This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Emilia Kasper
f0496ad71f getaddrinfo: zero the hints structure
This silences the memory sanitizer. All fields were already correctly
initialized but the struct padding wasn't, causing an uninitialized read
warning.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-19 16:44:28 +01:00
Richard Levitte
ce192ebed0 Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was.  Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:43:09 +01:00
Rich Salz
1288f26fb9 RT4310: Fix varous no-XXX builds
When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing.
This prevents md_rand.c from failing to build. Probably better to do it
this way than to wrap every instance in an explicit #ifdef.

A bunch of new socket code got added to a new file crypto/bio/b_addr.c.
Make it all go away if OPENSSL_NO_SOCK is defined.

Allow configuration with no-ripemd, no-ts, no-ui
We use these for the UEFI build.

Also remove the 'Really???' comment from no-err and no-locking. We use
those too.

We need to drop the crypto/engine directory from the build too, and also
set OPENSSL_NO_ENGINE

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 13:33:51 -05:00
Richard Levitte
29620124ff On solaris, the variable name sun clashes, use s_un instead
For orthogonality, we change sin -> s_in and sin6 -> s_in6 as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-16 17:16:32 +01:00
Rich Salz
d9d8e7a9c1 Make the BIO_ADDR param optional.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-14 17:36:10 -05:00
Richard Levitte
59d9bb591c Make sure a socklen_t can compare with a sizeof() result
Most of the times, it seems that socklen_t is unsigned.
Unfortunately, this isn't always the case, and it doesn't compare with
a size_t without warning.

A cast resolves the issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-14 11:16:37 +01:00
Rob Percival
e634b448c3 Defines OSSL_SSIZE_MAX
Removes SSIZE_MAX definition from bss_bio.c and changes that file to use
OSSL_SSIZE_MAX.

No need to account for OPENSSL_SYS_VXWORKS, since that never actually
gets defined anywhere. It must be a historical artifact.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-13 10:22:54 +00:00
Richard Levitte
6faffd0ad2 Better workaround for VMS getnameinfo() bug
The actual bug with current getnameinfo() on VMS is not that it puts
gibberish in the service buffer, but that it doesn't touch it at all.
The gibberish we dealt with before was simply stuff that happened to
be on the stack.

It's better to initialise the service buffer properly (with the empty
string) and check if it's still an empty string after the
getnameinfo() call, and fill it with the direct numerical translation
of the raw port if that's the case.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-12 19:50:46 +01:00
Rich Salz
f3f1cf8444 Move to REF_DEBUG, for consistency.
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:40:32 -05:00
Rich Salz
27f172d9a3 GH620: second diff from rt-2275, adds error code
clean up and apply patches from RT-2275

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 09:33:51 -05:00
Richard Levitte
c72fb77ff2 Rework BIO_ADDRINFO_protocol() to return correct values
As noted already, some platforms don't fill in ai_protocol as
expected.  To circumvent that, we have BIO_ADDRINFO_protocol() to
compute a sensible answer in that case.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-11 14:13:01 +01:00
Rich Salz
330fad61af BIO_PAIR_DEBUG did nothing; remove it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-10 15:28:18 -05:00
Richard Levitte
d40cf9bc9c VMS getnameinfo() seems to have a bug with returned service string
It seems like it gives back gibberish.  If we asked for a numeric
service, it's easy to check for a digit in the first position, and
if there isn't any, rewrite it using older methods.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 05:12:52 +01:00
Richard Levitte
e5a82bfd68 Small fixes
- One typo fixed in crypto/bio/b_addr.c
- Add a comment in doc/crypto/BIO_parse_hostserv.pod to explain the
  blank lines with one lonely space each.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-08 23:11:33 +01:00
Rich Salz
43ecb9c35c GH641: Don't care openssl_zmalloc
Don't cast malloc-family return values.
Also found some places where (a) blank line was missing; and (b)
the *wrong* return value was checked.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-08 11:09:16 -05:00
Andy Polyakov
2f0c9d5cdf bio/b_sock.c: cleanup obsolete stuff.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 15:59:16 +01:00
Roumen Petrov
8092650298 avoid crash if hostserv is with host part only
(if priority is set to host)

Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 15:41:36 +01:00
Matt Caswell
7d1d48a2d0 Add a BIO_ADDR_clear function
Adds a new function BIO_ADDR_clear to reset a BIO_ADDR back to an
unitialised state, and to set the family to AF_UNSPEC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-05 20:47:36 +00:00
FdaSilvaYY
0d4fb84390 GH601: Various spelling fixes.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-05 15:25:50 -05:00
Richard Levitte
424d5db248 VMS lacks socklen_t, give it one
Fortunately, we only use socklen_t internally

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-05 14:08:05 +01:00
Richard Levitte
b8c84b280f Update crypto/bio/build.info
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-04 23:34:20 +01:00
Richard Levitte
ed03c46134 Make sure getaddrinfo and getnameinfo works as intended on Windows
Both getaddrinfo() and getnameinfo() have to be preceeded with a call
to BIO_sock_init().

Also, make sure to give gai_strerror() the actual error code.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-02-04 17:33:28 +01:00
Kurt Roeckx
c86d1f19fc Use WSAGetLastError() on windows
Windows doesn't have h_error or hstrerror()

Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #1848
2016-02-04 16:05:59 +01:00
Viktor Szakats
bdb7a621ac bio_err.c: remove a reappeared filename comment
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-04 12:05:22 +01:00
Kurt Roeckx
37e3daf4a1 Make fallback addresses static so that we can initialize it
Reviewed-by: Richard Levitte <levitte@openssl.org>

MR: #1841
2016-02-04 11:03:54 +01:00
Richard Levitte
d858c87653 Refactoring BIO: Adapt BIO_s_datagram and all that depends on it
The control commands that previously took a struct sockaddr * have
been changed to take a BIO_ADDR * instead.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:40:32 +01:00
Richard Levitte
52f5926c3c make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:40:32 +01:00
Richard Levitte
417be660e1 Refactoring BIO: adapt BIO_s_connect and BIO_s_accept
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:40:32 +01:00
Richard Levitte
4f1374e605 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:39:37 +01:00
Richard Levitte
5bca70ca49 Refactoring BIO: reimplement old socket handling functions with new ones
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:39:37 +01:00
Richard Levitte
2fcff74c87 make update
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-03 19:38:07 +01:00