Commit Graph

6883 Commits

Author SHA1 Message Date
Rich Salz
74924dcb38 More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-23 17:09:35 -04:00
Rich Salz
ce7e647bc2 Add $! to errors, use script basename.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-23 08:39:52 -04:00
Richard Levitte
a1c506ae9e make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-23 02:59:47 +02:00
Richard Levitte
ed45f3c242 Rearrange rsaz
A small rearrangement so the inclusion of rsaz_exp.h would be
unconditional, but what that header defines becomes conditional.

This solves the weirdness where rsaz_exp.h gets in and out of the
dependency list for bn_exp.c, depending on the present architecture.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-23 02:59:47 +02:00
Rich Salz
7fba8407cc RT3917: add cleanup on an error path
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-21 17:52:12 -04:00
Richard Levitte
8ca96efd24 Cleanup mttest.c : because we no longer use stdio here, don't include it
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-21 21:45:48 +02:00
Richard Levitte
d62c98c81c Add -ldl to the build of mttest.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-21 21:45:48 +02:00
Richard Levitte
03b672deca Cleanup mttest.c : use BIO_free only, no preceding hacks
Since [sc]_ssl->[rw]bio aren't available, do not try to fiddle with
them.  Surely, a BIO_free on the "main" BIOs should be enough

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-21 21:45:48 +02:00
Richard Levitte
964626957f Cleanup mttest.c : do not try to output reference counts when threads are done
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-21 21:45:48 +02:00
Richard Levitte
7a1789d254 Cleanup mttest.c : better error reporting when certs are miggins
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-21 21:45:47 +02:00
Richard Levitte
f4c73bfe0a Cleanup mttest.c : make ssl_method a pointer to const
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-21 21:45:47 +02:00
Richard Levitte
bb8abd6735 Cleanup mttest.c : modernise output
Construct bio_err and bio_stdout from file handles instead of FILE
pointers, since the latter might not be implemented (when OPENSSL_NO_STDIO
is defined).
Convert all output to use BIO_printf.
Change lh_foo to lh_SSL_SESSION_foo.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-21 21:45:47 +02:00
Richard Levitte
5c78e18352 Cleanup mttest.c : modernise the threads setup
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-21 21:45:47 +02:00
Richard Levitte
a3f9286556 Cleanup mttest.c : remove MS_CALLBACK
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-21 21:45:47 +02:00
Richard Levitte
b4f0d1a4a8 Make preprocessor error into real preprocessor error
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-06-16 13:10:24 +02:00
Dr. Stephen Henson
f2dc4d517f Encode b == NULL or blen == 0 as zero.
PR#3904

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-13 12:25:42 +01:00
Matt Caswell
4b464e7b46 Fix ABI break with HMAC
Recent HMAC changes broke ABI compatibility due to a new field in HMAC_CTX.
This backs that change out, and does it a different way.

Thanks to Timo Teras for the concept.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-12 13:16:09 +01:00
Andy Polyakov
4924b37ee0 bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.
CVE-2015-1788

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-11 13:34:13 +02:00
Emilia Kasper
59302b600e PKCS#7: Fix NULL dereference with missing EncryptedContent.
CVE-2015-1790

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-11 11:06:31 +01:00
Emilia Kasper
f48b83b4fb Fix length checks in X509_cmp_time to avoid out-of-bounds reads.
Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.

CVE-2015-1789

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-11 11:06:30 +01:00
Andy Polyakov
f0fa5c8306 e_aes_cbc_hmac_sha*.c: address linker warning about OPENSSL_ia32cap_P size mismatch.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-11 10:12:54 +02:00
Andy Polyakov
75c4827dfe gcm.c: address linker warning about OPENSSL_ia32cap_P size mismatch.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-10 23:55:59 +02:00
Matt Caswell
e43a13c807 Fix leak in HMAC error path
In the event of an error in the HMAC function, leaks can occur because the
HMAC_CTX does not get cleaned up.

Thanks to the BoringSSL project for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-10 11:03:20 +01:00
Matt Caswell
68886be7e2 EC_POINT_is_on_curve does not return a boolean
The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-06-10 10:43:53 +01:00
Matt Caswell
b8b12aadd8 Change BIO_number_read and BIO_number_written() to be 64 bit
The return type of BIO_number_read() and BIO_number_written() as well as
the corresponding num_read and num_write members in the BIO structure has
been changed from unsigned long to uint64_t. On platforms where an unsigned
long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is
transferred.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-10 10:40:50 +01:00
Matt Caswell
aec54108ef Fix memory leaks in BIO_dup_chain()
This fixes a memory leak that can occur whilst duplicating a BIO chain if
the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak
where if a failure occurs after successfully creating the first BIO in the
chain, then the beginning of the new chain was not freed.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-06-10 10:09:57 +01:00
Matt Caswell
5d80fab086 Replace memset with OPENSSL_clear_free()
BUF_MEM_free() attempts to cleanse memory using memset immediately prior
to a free. This is at risk of being optimised away by the compiler, so
replace with a call to OPENSSL_clear_free() instead.

With thanks to the Open Crypto Audit Project for reporting this issue.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-06-10 10:09:57 +01:00
Rich Salz
121ee399c9 Fix -DZLIB build for opaque COMP types
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-09 12:49:50 -04:00
Rich Salz
51b04a6117 No fprintf in the txt_db component
Also removed a source file that isn't built, and moved
another one to test for eventual fixing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-09 12:39:08 -04:00
Kurt Roeckx
26c79d5641 Properly check certificate in case of export ciphers.
Reviewed-by: Matt Caswell <matt@openssl.org>
MR #588
2015-06-09 00:46:59 +02:00
Dr. Stephen Henson
0fb9990480 return correct NID for undefined object
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-08 21:44:56 +01:00
Emilia Kasper
1e4a355dca Use CRYPTO_memcmp when comparing authenticators
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley
(Google).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-08 14:55:50 +02:00
Dr. Stephen Henson
4336de0c63 Check ASN1_INTEGER_get for errors.
Check return value when calling ASN1_INTEGER_get to retrieve a certificate
serial number. If an error occurs (which will be caused by the value being
out of range) revert to hex dump of serial number.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-06-06 13:17:06 +01:00
Rich Salz
c0cf5b84dd Set error code, no fprintf stderr, on errors.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-04 18:03:33 -04:00
Rich Salz
9c422b5b1e Rename all static TS_xxx to ts_xxx
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-04 09:47:18 -04:00
Matt Caswell
c56353071d Fix off-by-one error in BN_bn2hex
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
for this and can allocate a buffer one byte too short in the event of -0
being used, leading to a one byte buffer overrun. All usage within the
OpenSSL library is considered safe. Any security risk is considered
negligible.

With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
Filip Palian for discovering and reporting this issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-04 09:23:02 +01:00
Dr. Stephen Henson
97cacc537e make update.
Make update with manual edit so EVP_PKEY_asn1_set_item uses the same
ordinal as 1.0.2.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-03 15:39:29 +01:00
Sergey Agievich
3418f7b7b0 Add funtions to set item_sign and item_verify
PR#3872

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit ad0fb7f498)

Conflicts:
	crypto/asn1/ameth_lib.c
2015-06-03 15:39:29 +01:00
Matt Caswell
133dce447b Fix compilation failure for some tool chains
Some tool chains (e.g. android) do not define IP_PMTUDISC_PROBE, and so
this build breaks.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-02 23:35:28 +01:00
Annie Yousar
591b7aef05 RT3230: Better test for C identifier
objects.pl only looked for a space to see if the name could be
used as a C identifier.  Improve the test to match the real C
rules.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-02 17:16:54 -04:00
Per Allansson
0baaff1a76 Fix IP_MTU_DISCOVER typo
The code in bss_dgram.c checks if IP_MTUDISCOVER is defined, where it
should test for IP_MTU_DISCOVER

RT#3888

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-02 12:57:31 +01:00
Peter Dettman
88f4c6f3d2 Fix build errors with enable-ec_nistp_64_gcc_128
RT 3871

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-29 12:40:53 +02:00
Dr. Stephen Henson
2849707fa6 check for error when creating PKCS#8 structure
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-28 17:58:03 +01:00
Rich Salz
bca3f06b84 Use enum for X509_LOOKUP_TYPE
Using an enum with -Wswitch means all lookup routines handle
all cases.  Remove X509_LU_PKEY which was never used.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-28 12:54:27 -04:00
Dr. Stephen Henson
f2e19cb15e make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:24:59 +01:00
Dr. Stephen Henson
6355d31538 Add function PKCS8_set0_pbe
This adds a new function which will encrypt a private key using PKCS#8
based on an X509_ALGOR structure and reimplements PKCS8_encrypt to use it.

Update pkcs8 utlity to use PKCS8_set0_pbe.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:09:26 +01:00
Dr. Stephen Henson
fef034f85e Error if memory limit exceeded.
Set a specific error if the parameters are otherwise valid but exceed the
memory limit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:09:25 +01:00
Dr. Stephen Henson
764ca96c95 Fix memory leak.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:09:25 +01:00
Matt Caswell
fc52ac9028 Handle unsigned struct timeval members
The members of struct timeval on OpenVMS are unsigned. The logic for
calculating timeouts needs adjusting to deal with this.

RT#3862

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-26 10:34:56 +01:00
Billy Brumley
71f6130b7a fix copy paste error in ec_GF2m function prototypes
RT#3858

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-26 10:12:22 +02:00