Commit Graph

13080 Commits

Author SHA1 Message Date
Dr. David von Oheimb
981a5b7ce3 OSSL_HTTP_open(): Fix memory leak on TLS connect failure via proxy
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16119)
2021-07-22 10:14:47 +02:00
Pauli
4e6fa8014f err: remove the derivation function is mandatory for FIPS error message since it's no longer used and newly introduced
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16096)
2021-07-20 18:34:07 +10:00
Ingo Schwarze
c5dc9ab965 Fix a read buffer overrun in X509_aux_print().
The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in any
way either, so we must assume the return value from X509_alias_get0(3)
is merely a byte array and not necessarily a string in the sense
of the C language.

I found this bug while writing manual pages for X509_print_ex(3)
and related functions.  Theo Buehler <tb@openbsd.org> checked my
patch to fix the same bug in LibreSSL, see

http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9

As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others.  But let's stay focussed.  Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16108)
2021-07-20 09:40:56 +02:00
Tomas Mraz
52f7e44ec8 Split bignum code out of the sparcv9cap.c
Fixes #15978

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16019)
2021-07-15 09:33:04 +02:00
Pauli
56fdb70796 evp: constify some OSSL_PARAM arguments
These were missed when the initialisation params were added

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16072)
2021-07-15 16:46:18 +10:00
Tomas Mraz
11f18ef1f5 Make EVP_PKEY_check() be an alias for EVP_PKEY_pairwise_check()
The implementation of EVP_PKEY_pairwise_check() is also changed
to handle the legacy keys.

Fixes #16046

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16069)
2021-07-15 10:54:25 +10:00
Pauli
a773e67b89 asn.1: fix Coverity 1487104 Logically dead code
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16042)
2021-07-13 09:24:04 +10:00
Dr. David von Oheimb
6a1f9cdc0c Improve doc of OSSL_HTTP_REQ_CTX_set_expected() on timeout param < 0
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16029)
2021-07-11 17:06:12 +02:00
Daiki Ueno
15729bef38 BIO_lookup_ex: use AI_ADDRCONFIG only if explicit host name is given
The flag only affects which record types are queried via DNS (A or
AAAA, or both).  When node is NULL and AF_UNSPEC is used, it prevents
getaddrinfo returning the right address associated with the loopback
interface.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16033)
2021-07-10 17:59:00 +02:00
Richard Levitte
4cd4735187 ASN.1: Refuse to encode to DER if non-optional items are missing
Fixes #16026

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16036)
2021-07-10 17:05:07 +02:00
Pauli
e278127cbf evp: detect and raise an error if no digest is found for a sign/verify operation
If no digest is specified, the code looks for a default digest per PKEY via the
evp_keymgmt_util_get_deflt_digest_name() call.  If this call returns NULL,
indicating no digest found, the code continues regardless.  If the verify/sign
init later fails, it returns an error without raising one.  This change raises
an error in this case.

Fixes #15372

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16015)
2021-07-08 20:22:21 +10:00
Juergen Christ
daf4b2437f Fix compile warning with GCC 11.
When configured with strict warnings, GCC 11 complains about a possible
stringop-translation:

Config:

/usr/bin/perl ./Configure enable-asan enable-ubsan enable-zlib-dynamic \
enable-unit-test enable-md2 enable-rc5 enable-buildtest-c++ \
enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-fips -w \
--strict-warnings

Warning:

crypto/evp/ctrl_params_translate.c: In function 'fix_rsa_pss_saltlen':
crypto/evp/ctrl_params_translate.c:1356:13: error: 'strncpy' specified bound 50 equals destination size [-Werror=stringop-truncation]
 1356 |             strncpy(ctx->name_buf, str_value_map[i].ptr, sizeof(ctx->name_buf));
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix by copying one byte less than the buffer size.  We anyway overwrite the
last byte.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15993)
2021-07-08 10:34:55 +02:00
Rich Salz
02db7354fe Fix bug in X509_print_ex
If the user set nmflags == XN_FLAG_COMPAT and X509_NAME_print_ex(3)
failed, the error return value of 0 was misinterpreted as an indicator
of success, causing X509_print_ex(3) to ignore the error, continue
printing, and potentially return successfully even though not all
the content of the certificate was printed.

The X509_NAME_print_ex(3) manual page explains that this function
indicates failure by returning 0 if nmflags == XN_FLAG_COMPAT
and by returning -1 if nmflags != XN_FLAG_COMPAT.

Note that just checking for <= 0 in all cases would not be correct
either because X509_NAME_print_ex(3) returns 0 to indicate that it
successfully printed zero bytes in some cases, for example when all
three of the following conditions hold:
1. nmflags != XN_FLAG_COMPAT
2. indent == 0 (which X509_print_ex(3) does use in some cases)
3. the name object is NULL or empty

Thanks to Ingo Schwarze <schwarze@openbsd.org> for finding the bug,
and Joel Sing <jsing@openbsd.org> for contributing an idea for the
fix.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16009)
2021-07-08 11:46:19 +10:00
Richard Levitte
d101700dff CRYPTO: Remove the check for built-in methods in the export_to function
That check was seen as necessary at the time, but other changes have
been made since, so we now have better control on when we're handling
legacy structures and methods, making it safe to run the export_to
function on keys with foreign methods.

The basic message is that foreign methods must set key structure
values according to our standards no matter what, or not set them at
all.  This has really always been the case, but was harder to see at
the time because of interaction with other bugs.

Fixes #15927

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15996)
2021-07-07 15:38:21 +02:00
Pauli
105c83150f bn: procduce correct sign for result of BN_mod()
There is a problem that appears when calling BN_div(a, c, a, b) with negative b.
In this case, the sign of the remainder c is incorrect.  The problem only
occurs if the dividend and the quotient are the same BIGNUM.

Fixes #15982

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15991)
2021-07-07 19:12:48 +10:00
Tomas Mraz
3f773c911a fips module header inclusion fine-tunning
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)
2021-07-06 10:52:27 +10:00
Martin Schwenke
1627a41f1d bn: Make fixed-length Montgomery Multiplication conditional on PPC64
This code is currently unconditional even though build.info has:

  $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s

This causes a build failure on 32-bit systems.

Fixes #15923

Signed-off-by: Martin Schwenke <martin@meltin.net>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)
2021-07-06 10:49:01 +10:00
Martin Schwenke
e7370fa016 bn: Fix .size directive
This requires the text address.

Fixes #15923

Signed-off-by: Martin Schwenke <martin@meltin.net>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)
2021-07-06 10:49:01 +10:00
Martin Schwenke
bf9b78214d bn: Use a basic branch-if-not-zero
Ancient toolchains fail the build because they don't like the hints,
newer ISAs recommend not using the hints and relying on dynamic branch
prediction.

Signed-off-by: Martin Schwenke <martin@meltin.net>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)
2021-07-06 10:49:01 +10:00
Tomas Mraz
643ce3108f rsa_cms_verify: Avoid negative return with missing pss parameters
Fixes #15984

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15985)
2021-07-06 10:08:08 +10:00
Tomas Mraz
0a02c81f81 Coverity #1486687: fix potential dereference of NULL keymgmt
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15986)
2021-07-05 12:44:54 +10:00
Richard Levitte
f40c5f2c53 PROV & STORE: Make the 'file:' store loader understand more binary formats
The 'file:' store loader only understood DER natively.  With all the
whatever to key decoders gone, direct support for other binary file
formats are gone, and we need to recreate them for this store loader.

With these changes, it now also understands MSBLOB and PVK files.

As a consequence, any store loader that handles some form of open file
data (such as a PEM object) can now simply pass that data back via
OSSL_FUNC_store_load()'s object callback.  As long as libcrypto has
access to a decoder that can understand the data, the appropriate
OpenSSL object will be generated for it, even if the store loader sits
in a different provider than any decoder or keymgmt.
For example, an LDAP store loader, which typically finds diverse PEM
formatted blobs in the database, can simply pass those back via the
object callback, and let libcrypto do the rest of the work.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15981)
2021-07-03 19:44:15 +02:00
Oliver Mihatsch
3a1d2b5952 Fix memory leak in i2d_ASN1_bio_stream
When creating a signed S/MIME message using SMIME_write_CMS()
if the reading from the bio fails, the state is therefore
still ASN1_STATE_START when BIO_flush() is called by i2d_ASN1_bio_stream().
This results in calling asn1_bio_flush_ex cleanup but will only
reset retry flags as the state is not ASN1_STATE_POST_COPY.
Therefore 48 bytes (Linux x86_64) leaked since the
ndef_prefix_free / ndef_suffix_free callbacks are not executed
and the ndef_aux structure is not freed.

By always calling free function callback in asn1_bio_free() the
memory leak is fixed.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14844)
2021-07-02 16:17:11 +02:00
Tomas Mraz
66a7c9f34b pem_read_bio_key: Add passphrase caching to avoid asking for password twice
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)
2021-07-02 15:33:34 +02:00
Tomas Mraz
fbbd425336 pem_read_bio_key_decoder: Avoid spurious error on unknown PEM data
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)
2021-07-02 15:33:27 +02:00
Shane Lontis
92d7120c60 Fix compile errors when building with --api=1.1.0 no-deprecated.
Fixes #15963

INSTALL.md uses these exact options as an example so it should work.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15965)
2021-07-02 13:45:32 +10:00
Randall S. Becker
6870c1e7b7 Defined out MUTEX attributes not available on NonStop SPT Threads.
Standard Posix Threads (SPT) Threads are an older separate branch of
pthreads that do not support some of the capabilities in the current
Posix User Threads (PUT).

The change also includes a rename of the close field of OSSL_STORE_LOADER
which was causing preprocessor conflicts.

Fixes #15885

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15886)
2021-07-02 12:33:45 +10:00
Dr. David von Oheimb
1986f6152f OSSL_CRMF_{CERTTEMPLATE,CERTID}_get0_serialNumber(): Make result const for consistency
Also make doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod consistent with crmf.h.in regarding const results

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
2021-06-30 10:38:23 +02:00
Dr. David von Oheimb
7df56adac7 CMP: Add missing getter functions to CRMF API and CMP API
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)
2021-06-30 10:38:23 +02:00
Pauli
5e56f4587d evp: fix coverity 1473380 Copy into fixed size buffer (STRING_OVERFLOW)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
2021-06-30 13:55:09 +10:00
Pauli
196feb18de bio: check for valid socket when closing
Fixes coverity 271258 Improper use of negative value (NEGATIVE_RETURNS)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)
2021-06-30 13:55:09 +10:00
Pauli
10af976962 x509: improve error reporting
Distinguish between not being able to extract a public key versus not knowing
the key's type.

Alternative to #15921

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15944)
2021-06-30 13:53:49 +10:00
Tomas Mraz
475c5bbd10 coverity #1486531: return error properly from x509_pubkey_ex_new_ex()
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15942)
2021-06-29 18:41:45 +02:00
Richard Levitte
69e14a546d EVP: Have EVP_PKCS82PKEY_ex() pass a correct selection to OSSL_DECODER
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)
2021-06-29 13:50:51 +02:00
Richard Levitte
398f8fe1c4 DECODER & ENCODER: Make sure to pass around the original selection bits
When decoding a key and asking the keymgmt to import the key data, it
was told that the key data includes everything.  This may not be true,
since the user may have specified a different selection, and some
keymgmts may want to be informed.

Our key decoders' export function, on the other hand, didn't care
either, and simply export anything they could, regardless.

In both cases, the selection that was specified by the user is now
passed all the way.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)
2021-06-29 13:50:51 +02:00
Dr. David von Oheimb
6eaf139f62 ossl_cmp_error_new(): Fix Coverity issue 1486534, and consequently also issues 1486536 and 1486533
The issues are due to an integer overflow that may happen on '(ERR_SYSTEM_FLAG << 1)'.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15938)
2021-06-29 13:05:52 +02:00
Richard Levitte
19c0b46b83 OSSL_STORE: Fix crash when tracing STORE
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15931)
2021-06-29 09:32:59 +02:00
Richard Levitte
f616ad4b02 ENCODER & DECODER: Make a tighter coupling between en/decoders and keymgmt
If there are keymgmts and en/decoders from the same provider, try to
combine them first.

This avoids unnecessary export/import dances, and also tries to avoid
issues where the keymgmt doesn't fully support exporting and importing,
which we can assume will be the case for HSM protected keys.

Fixes #15932

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15933)
2021-06-29 17:03:45 +10:00
Richard Levitte
92eb592b3b ENCODER & DECODER: Allow en/decoders to have multiple names
We had prepared for this a little bit, but apparently not completed it.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15904)
2021-06-26 16:44:22 +10:00
Pauli
a52d20c82a ui: address potential memory leak
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
2021-06-26 11:33:52 +10:00
Pauli
150251904c x509: address NULL dereference and memory leaks
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)
2021-06-26 11:33:52 +10:00
yunh
d5567d5f6e enable getauxval on android 10
Fixes #9498

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15870)

(cherry picked from commit b2dea4d5f2)
2021-06-25 18:31:05 +10:00
Tomas Mraz
3d178db73b ppccap.c: Split out algorithm-specific functions
Fixes #13336

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15828)
2021-06-25 08:49:45 +01:00
Dr. David von Oheimb
991519aeb9 CMP: Improve reporting of error codes and related strings via 'error' msg
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)
2021-06-25 07:44:50 +02:00
Dr. David von Oheimb
cfd854a55e ossl_sk_ASN1_UTF8STRING2text(): Minor generalization and refactoring for readability
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)
2021-06-25 07:44:50 +02:00
Dr. David von Oheimb
7b3990e3f8 CMP: Clean up internal message creation API and its documentation
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)
2021-06-25 07:44:50 +02:00
Petr Gotthard
11efa7d45b BIO_new_from_core_bio: Fix heap-use-after-free after attach
The providers have to call up_ref to keep the cbio pointer, just like
the internal bio_prov.c does.

OSSL_STORE_attach passes a cbio pointer to the provider and then calls
ossl_core_bio_free(cbio). If up_ref is not called, the cbio gets
freed way too early.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15163)
2021-06-25 10:11:29 +10:00
Matt Caswell
59a783d05a Fix a race in ossl_provider_add_to_store()
If two threads both attempt to load the same provider at the same time,
they will first both check to see if the provider already exists. If it
doesn't then they will both then create new provider objects and call the
init function. However only one of the threads will be successful in adding
the provider to the store. For the "losing" thread we should still return
"success", but we should deinitialise and free the no longer required
provider object, and return the object that exists in the store.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
2021-06-24 14:48:15 +01:00
Matt Caswell
d382c46525 Move OPENSSL_add_builtin back into provider.c
An earlier stage of the refactor in the last few commits moved this
function out of provider.c because it needed access to the provider
structure internals. The final version however no longer needs this so
it is moved back again.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
2021-06-24 14:48:15 +01:00
Matt Caswell
b7248964a4 make struct provider_info_st a full type
Create the OSSL_PROVIDER_INFO to replace struct provider_info_st.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
2021-06-24 14:48:15 +01:00