Matt Caswell [Wed, 29 Apr 2015 12:22:18 +0000 (13:22 +0100)]
Fix buffer overrun in RSA signing
The problem occurs in EVP_PKEY_sign() when using RSA with X931 padding.
It is only triggered if the RSA key size is smaller than the digest length.
So with SHA512 you can trigger the overflow with anything less than an RSA
512 bit key. I managed to trigger a 62 byte overflow when using a 16 bit RSA
key. This wasn't sufficient to cause a crash, although your mileage may
vary.
In practice RSA keys of this length are never used and X931 padding is very
rare. Even if someone did use an excessively short RSA key, the chances of
them combining that with a longer digest and X931 padding is very
small. For these reasons I do not believe there is a security implication to
this. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Wed, 29 Apr 2015 08:58:10 +0000 (09:58 +0100)]
Add sanity check to print_bin function
Add a sanity check to the print_bin function to ensure that the |off|
argument is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Tue, 28 Apr 2015 14:28:23 +0000 (15:28 +0100)]
Add sanity check to ssl_get_prev_session
Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin
Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Tue, 28 Apr 2015 14:19:50 +0000 (15:19 +0100)]
Sanity check the return from final_finish_mac
The return value is checked for 0. This is currently safe but we should
really check for <= 0 since -1 is frequently used for error conditions.
Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Mon, 27 Apr 2015 14:41:42 +0000 (15:41 +0100)]
Add sanity check in ssl3_cbc_digest_record
For SSLv3 the code assumes that |header_length| > |md_block_size|. Whilst
this is true for all SSLv3 ciphersuites, this fact is far from obvious by
looking at the code. If this were not the case then an integer overflow
would occur, leading to a subsequent buffer overflow. Therefore I have
added an explicit sanity check to ensure header_length is always valid.
Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Mon, 27 Apr 2015 14:41:03 +0000 (15:41 +0100)]
Clarify logic in BIO_*printf functions
The static function dynamically allocates an output buffer if the output
grows larger than the static buffer that is normally used. The original
logic implied that |currlen| could be greater than |maxlen| which is
incorrect (and if so would cause a buffer overrun). Also the original
logic would call OPENSSL_malloc to create a dynamic buffer equal to the
size of the static buffer, and then immediately call OPENSSL_realloc to
make it bigger, rather than just creating a buffer than was big enough in
the first place. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot
Oberoi (Int3 Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Mon, 27 Apr 2015 10:13:56 +0000 (11:13 +0100)]
Sanity check EVP_EncodeUpdate buffer len
There was already a sanity check to ensure the passed buffer length is not
zero. Extend this to ensure that it also not negative. Thanks to Kevin
Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Mon, 27 Apr 2015 10:07:06 +0000 (11:07 +0100)]
Sanity check EVP_CTRL_AEAD_TLS_AAD
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Mon, 27 Apr 2015 10:04:56 +0000 (11:04 +0100)]
Sanity check DES_enc_write buffer length
Add a sanity check to DES_enc_write to ensure the buffer length provided
is not negative. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot
Oberoi (Int3 Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Thu, 30 Apr 2015 22:10:52 +0000 (18:10 -0400)]
free cleanup 12
Don't check for NULL before calling free function. This gets:
NAME_CONSTRAINTS_free GENERAL_SUBTREE_free ECDSA_METHOD_free
JPAKE_CTX_free OCSP_REQ_CTX_free SCT_free SRP_VBASE_free
SRP_gN_free SRP_user_pwd_free TXT_DB_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 30 Apr 2015 22:00:44 +0000 (23:00 +0100)]
make update
Run make update following previous header file changes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Thu, 30 Apr 2015 21:57:32 +0000 (17:57 -0400)]
free cleanup almost the finale
Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 30 Apr 2015 21:48:31 +0000 (17:48 -0400)]
In apps, malloc or die
No point in proceeding if you're out of memory. So change
*all* OPENSSL_malloc calls in apps to use the new routine which
prints a message and exits.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 30 Apr 2015 21:33:59 +0000 (17:33 -0400)]
free NULL cleanup 5a
Don't check for NULL before calling a free routine. This gets X509_.*free:
x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 30 Apr 2015 15:30:03 +0000 (11:30 -0400)]
free NULL cleanup 8
Do not check for NULL before calling a free routine. This addresses:
ASN1_BIT_STRING_free ASN1_GENERALIZEDTIME_free ASN1_INTEGER_free
ASN1_OBJECT_free ASN1_OCTET_STRING_free ASN1_PCTX_free ASN1_SCTX_free
ASN1_STRING_clear_free ASN1_STRING_free ASN1_TYPE_free
ASN1_UTCTIME_free M_ASN1_free_of
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Thu, 30 Apr 2015 15:13:49 +0000 (11:13 -0400)]
Fix bug, "what mode" test was wrong.
Reviewed-by: Matt Caswell <matt@openssl.org>
Matt Caswell [Thu, 30 Apr 2015 08:43:11 +0000 (09:43 +0100)]
Fix windows build
The big apps cleanup broke the windows build. This commit
fixes some miscellaneous issues so that it builds again.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Matt Caswell [Thu, 30 Apr 2015 08:40:55 +0000 (09:40 +0100)]
Remove redundant includes from dtls1.h
There were a set of includes in dtls1.h which are now redundant due to the
libssl opaque work. This commit removes those includes, which also has the
effect of resolving one issue preventing building on windows (i.e. the
include of winsock.h)
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Wed, 29 Apr 2015 21:37:04 +0000 (17:37 -0400)]
Add HTTP GET support to OCSP server
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Wed, 29 Apr 2015 18:50:00 +0000 (14:50 -0400)]
Rewrite parse_name
Remove need for multiple arrays, parse the X509 name
one RDN at a time. Thanks to Andy for careful review.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Wed, 29 Apr 2015 18:15:50 +0000 (14:15 -0400)]
use isxdigit and apps_tohex
Replace ad-hoc ascii->hex with isxdigit and new app_tohex.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Wed, 29 Apr 2015 15:27:08 +0000 (11:27 -0400)]
Remove needless bio_err argument
Many functions had a BIO* parameter, and it was always called
with bio_err. Remove the param and just use bio_err.
Reviewed-by: Matt Caswell <matt@openssl.org>
Rich Salz [Wed, 29 Apr 2015 01:48:44 +0000 (21:48 -0400)]
Make "make rehash" quiet
Don't complain about missing config file.
(Got the right env var name this time)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 28 Apr 2015 20:34:52 +0000 (16:34 -0400)]
realloc of NULL is like malloc
ANSI C, and OpenSSL's malloc wrapper do this, also.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 28 Apr 2015 19:28:14 +0000 (15:28 -0400)]
remove malloc casts
Following ANSI C rules, remove the casts from calls to
OPENSSL_malloc and OPENSSL_realloc.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 28 Apr 2015 14:50:54 +0000 (10:50 -0400)]
ERR_ cleanup
Remove ERR_[gs]et_implementation as they were not undocumented and
useless (the data structure was opaque).
Halve the number of lock/unlock calls in almost all ERR_
functions by letting the caller of get_hash or int_thread_set
able to lock. Very useful when looping, such as adding errors,
or when getting the hash and immediately doing a lookup on it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Tue, 28 Apr 2015 12:34:58 +0000 (14:34 +0200)]
Allow for types with leading underscore when checking error macros.
We have an increasing number of function declarations starting with
'__owur'. Unfortunately, util/ck_errf.pl fails to detect them. A
simple change fixes that issue.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Emilia Kasper [Mon, 27 Apr 2015 16:14:32 +0000 (18:14 +0200)]
NISTZ256: owur'ize.
__owur'ize static methods to catch calling errors within the module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Mon, 27 Apr 2015 16:49:43 +0000 (18:49 +0200)]
NISTZ256: use EC_POINT API and check errors.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Mon, 27 Apr 2015 16:29:39 +0000 (12:29 -0400)]
CRYPTO_mem_leaks should ignore it's BIO argument.
CRYPTO_mem_leaks takes a BIO* argument. It's not a leak if that
argument hasn't been free'd.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Mon, 27 Apr 2015 14:16:15 +0000 (16:16 +0200)]
NISTZ256: don't swallow malloc errors
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Mon, 27 Apr 2015 13:41:52 +0000 (15:41 +0200)]
NISTZ256: set Z_is_one to boolean 0/1 as is customary.
Cosmetic, no real effect.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Mon, 27 Apr 2015 14:21:48 +0000 (16:21 +0200)]
Error checking and memory leak fixes in NISTZ256.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Mon, 27 Apr 2015 13:58:39 +0000 (15:58 +0200)]
Fix Wmaybe-uninitialized: initialize variable
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Mon, 27 Apr 2015 09:10:17 +0000 (11:10 +0200)]
Fix the check of test apps in util/mk1mf.pl
The previous check assumed that the variables for each test app, ending
with TEST would be indication enough. Experience showed that this isn't
the best way. Instead, simply look for the EXE variable in test/Makefile.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Richard Levitte [Mon, 27 Apr 2015 09:02:36 +0000 (11:02 +0200)]
Small fixes after the Big apps cleanup
This fixes util/mk1mf.pl, which was looking for old variable names from
apps/Makefile.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Mon, 27 Apr 2015 03:45:12 +0000 (23:45 -0400)]
Add readline (etc) support
Compile with -DREADLINE and the appropriate library.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Mon, 27 Apr 2015 01:28:38 +0000 (21:28 -0400)]
Simplify parse_yesno; remove local variable
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Mon, 27 Apr 2015 01:23:43 +0000 (21:23 -0400)]
Fix typo in help & comment formatting
Reviewed-by: Tim Hudson <tjh@openssl.org>
Rich Salz [Sun, 26 Apr 2015 20:43:18 +0000 (16:43 -0400)]
Fix error message
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Rich Salz [Sun, 26 Apr 2015 17:12:04 +0000 (13:12 -0400)]
Fix main build breakage.
A variable declaration got dropped during a merge.
And if a compiler inlines strcmp() and you put a strcmp in an
assert message, the resultant stringification exceeds ANSI string
limits.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Rich Salz [Sun, 26 Apr 2015 14:31:48 +0000 (10:31 -0400)]
Remove the special list-xxxx commands
There's a new "list" command, which takes a flag to say what
to list. Removing the old hacky commands. Re-ordered some
functions to remove some needless declarations.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sun, 26 Apr 2015 03:08:00 +0000 (23:08 -0400)]
RT2962: add -keytab and -krb5svc flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sun, 26 Apr 2015 02:55:36 +0000 (22:55 -0400)]
Free malloc data on encoding errors.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sat, 25 Apr 2015 20:07:28 +0000 (16:07 -0400)]
apps-cleanup: the doc fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sat, 25 Apr 2015 20:06:19 +0000 (16:06 -0400)]
Quote HTML entities in s_server output
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sat, 25 Apr 2015 20:04:42 +0000 (16:04 -0400)]
RT2206: Add -issuer flag to ocsp command
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sat, 25 Apr 2015 20:03:07 +0000 (16:03 -0400)]
Remove EFENCE support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sat, 25 Apr 2015 20:01:21 +0000 (16:01 -0400)]
RT2451: Add telnet to s_client -starttls
Also add -xmpphost and -smtphost flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sat, 25 Apr 2015 19:58:22 +0000 (15:58 -0400)]
Add -nocommands to s_client.
Add flag to disable the 'command letters' from s_client.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sat, 25 Apr 2015 19:41:29 +0000 (15:41 -0400)]
fewer NO_ENGINE #ifdef's
Make setup_engine be a dummy if NO_ENGINE is enabled.
The option is not enabled if NO_ENGINE is enabled, so the one "wasted"
variable just sits there. Removes some variables and code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Sat, 25 Apr 2015 13:26:48 +0000 (09:26 -0400)]
Add missing BIO_flush() calls
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Fri, 24 Apr 2015 19:26:15 +0000 (15:26 -0400)]
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by
b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Fri, 24 Apr 2015 13:38:24 +0000 (15:38 +0200)]
Fix error checking and memory leaks in NISTZ256 precomputation.
Thanks to Brian Smith for reporting these issues.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Fri, 24 Apr 2015 13:19:15 +0000 (15:19 +0200)]
Correctly set Z_is_one on the return value in the NISTZ256 implementation.
Also add a few comments about constant-timeness.
Thanks to Brian Smith for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Loganaden Velvindron [Wed, 22 Apr 2015 15:16:30 +0000 (16:16 +0100)]
Fix CRYPTO_strdup
The function CRYPTO_strdup (aka OPENSSL_strdup) fails to check the return
value from CRYPTO_malloc to see if it is NULL before attempting to use it.
This patch adds a NULL check.
RT3786
Signed-off-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
37b0cf936744d9edb99b5dd82cae78a7eac6ad60)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
20d21389c8b6f5b754573ffb6a4dc4f3986f2ca4)
Dr. Stephen Henson [Tue, 21 Apr 2015 14:48:02 +0000 (15:48 +0100)]
SSL_CIPHER lookup functions.
Add tables to convert between SSL_CIPHER fields and indices for ciphers
and MACs.
Reorganise ssl_ciph.c to use tables to lookup values and load them.
New functions SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid.
Add documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Tue, 21 Apr 2015 20:57:29 +0000 (16:57 -0400)]
Avoid "no config file" warning message
Set config to /dev/null when doing make rehash.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Tue, 21 Apr 2015 19:52:51 +0000 (15:52 -0400)]
ssltest output cleanup
Make only errors go to stderr.
Print count and size before the loop, so you can see it's an 838K
message that will take a few moments.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Richard Levitte [Mon, 20 Apr 2015 23:40:36 +0000 (01:40 +0200)]
test/Makefile dclean cleans out a few files too many.
The files removed are the ones that were symbolic links before, but
aren't now, so we should not remove them any more.
Reviewed-by: Stephen Henson <steve@openssl.org>
Emilia Kasper [Tue, 21 Apr 2015 16:12:58 +0000 (18:12 +0200)]
Repair EAP-FAST session resumption
EAP-FAST session resumption relies on handshake message lookahead
to determine server intentions. Commits
980bc1ec6114f5511b20c2e6ca741e61a39b99d6
and
7b3ba508af5c86afe43e28174aa3c53a0a24f4d9
removed the lookahead so broke session resumption.
This change partially reverts the commits and brings the lookahead back
in reduced capacity for TLS + EAP-FAST only. Since EAP-FAST does not
support regular session tickets, the lookahead now only checks for a
Finished message.
Regular handshakes are unaffected by this change.
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Sun, 22 Feb 2015 17:16:22 +0000 (18:16 +0100)]
Engage ec/asm/ecp_nistz256-sparcv9 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Sun, 22 Feb 2015 17:11:28 +0000 (18:11 +0100)]
Add ec/asm/ecp_nistz256-sparcv9.pl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Mon, 20 Apr 2015 13:36:35 +0000 (15:36 +0200)]
modes/asm/ghashv8-armx.pl: additional performance data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Mon, 20 Apr 2015 15:49:29 +0000 (17:49 +0200)]
aes/asm/aesni-x86.pl: fix typo affecting Windows build.
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Fri, 23 Jan 2015 16:27:10 +0000 (17:27 +0100)]
aes/asm/aesni-x86[_64].pl update.
This addresses
- request for improvement for faster key setup in RT#3576;
- clearing registers and stack in RT#3554 (this is more of a gesture to
see if there will be some traction from compiler side);
- more commentary around input parameters handling and stack layout
(desired when RT#3553 was reviewed);
- minor size and single block performance optimization (was lying around);
Reviewed-by: Matt Caswell <matt@openssl.org>
Andy Polyakov [Thu, 2 Apr 2015 08:17:42 +0000 (10:17 +0200)]
Add assembly support for 32-bit iOS.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Mon, 20 Apr 2015 12:58:01 +0000 (14:58 +0200)]
Configure: Engage ecp_nistz256-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Sun, 15 Feb 2015 21:26:08 +0000 (22:26 +0100)]
Add ecp_nistz256-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Thu, 2 Apr 2015 21:18:10 +0000 (23:18 +0200)]
Configure: add initial support for 64-bit Android.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Andy Polyakov [Fri, 13 Mar 2015 10:47:24 +0000 (11:47 +0100)]
crypto/ec/ecp_nistp[224|521].c: fix formatting.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Fri, 13 Mar 2015 10:28:16 +0000 (11:28 +0100)]
ec/ecp_nistp*.c: fix SEGVs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Sat, 21 Mar 2015 12:54:55 +0000 (13:54 +0100)]
Configure: engage ARMv8 Montgomery multiplication module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Sat, 21 Mar 2015 12:54:17 +0000 (13:54 +0100)]
Add ARMv8 Montgomery multiplication module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Andy Polyakov [Mon, 20 Apr 2015 12:30:50 +0000 (14:30 +0200)]
aes/asm/vpaes-armv8.pl: make it compile on iOS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Rich Salz [Mon, 20 Apr 2015 11:24:23 +0000 (07:24 -0400)]
Remove SET oid config file and SET certs
Reviewed-by: Andy Polyakov <appro@openssl.org>
Rich Salz [Mon, 20 Apr 2015 11:23:04 +0000 (07:23 -0400)]
Use 2K RSA and SHA256 in tests
Reviewed-by: Andy Polyakov <appro@openssl.org>
Dr. Stephen Henson [Thu, 16 Apr 2015 15:43:09 +0000 (16:43 +0100)]
Fix encoding bug in i2c_ASN1_INTEGER
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.
Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and
Hanno Böck <hanno@hboeck.de> for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Wed, 15 Apr 2015 12:18:55 +0000 (14:18 +0200)]
Error out immediately on empty ciphers list.
A 0-length ciphers list is never permitted. The old code only used to
reject an empty ciphers list for connections with a session ID. It
would later error out on a NULL structure, so this change just moves
the alert closer to the problem source.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Tue, 14 Apr 2015 14:04:40 +0000 (16:04 +0200)]
Use -Wall -Wextra with clang
The disabled set of -Weverything is hard to maintain across versions.
Use -Wall -Wextra but also document other useful warnings that currently trigger.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Dukhovni [Fri, 17 Apr 2015 05:06:46 +0000 (01:06 -0400)]
SunOS non-posix shells do not grok export name=value
Reviewed-by: Richard Levitte <levitte@openssl.org>
Viktor Dukhovni [Thu, 16 Apr 2015 05:50:03 +0000 (01:50 -0400)]
Code style: space after 'if'
Reviewed-by: Matt Caswell <matt@openssl.org>
Emilia Kasper [Thu, 16 Apr 2015 14:02:53 +0000 (16:02 +0200)]
Remove code for deleted function from ssl.h
ssl_cert_inst was removed in
2c3823491d8812560922a58677e3ad2db4b2ec8d
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Dr. Stephen Henson [Wed, 15 Apr 2015 23:21:05 +0000 (00:21 +0100)]
Reject empty generation strings.
Reported by Hanno Böck <hanno@hboeck.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Wed, 15 Apr 2015 23:00:40 +0000 (00:00 +0100)]
Limit depth of nested sequences when generating ASN.1
Reported by Hanno Böck <hanno@hboeck.de>
PR#3800
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Wed, 15 Apr 2015 12:58:38 +0000 (13:58 +0100)]
Remove obsolete options for debug-steve*
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Wed, 15 Apr 2015 12:57:51 +0000 (13:57 +0100)]
Add -Wtype-limits to strict warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Tue, 14 Apr 2015 15:42:42 +0000 (17:42 +0200)]
Initialize variable
newsig may be used (freed) uninitialized on a malloc error.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 10 Apr 2015 15:49:33 +0000 (16:49 +0100)]
Fix ssl_get_prev_session overrun
If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read
past the end of the ClientHello message if the session_id length in the
ClientHello is invalid. This should not cause any security issues since the
underlying buffer is 16k in size. It should never be possible to overrun by
that many bytes.
This is probably made redundant by the previous commit - but you can never be
too careful.
With thanks to Qinghao Tang for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Matt Caswell [Fri, 10 Apr 2015 16:25:27 +0000 (17:25 +0100)]
Check for ClientHello message overruns
The ClientHello processing is insufficiently rigorous in its checks to make
sure that we don't read past the end of the message. This does not have
security implications due to the size of the underlying buffer - but still
needs to be fixed.
With thanks to Qinghao Tang for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Rich Salz [Sat, 11 Apr 2015 20:32:54 +0000 (16:32 -0400)]
free NULL cleanup 9
Ongoing work to skip NULL check before calling free routine. This gets:
ecp_nistz256_pre_comp_free nistp224_pre_comp_free nistp256_pre_comp_free
nistp521_pre_comp_free PKCS7_free PKCS7_RECIP_INFO_free
PKCS7_SIGNER_INFO_free sk_PKCS7_pop_free PKCS8_PRIV_KEY_INFO_free
PKCS12_free PKCS12_SAFEBAG_free PKCS12_free sk_PKCS12_SAFEBAG_pop_free
SSL_CONF_CTX_free SSL_CTX_free SSL_SESSION_free SSL_free ssl_cert_free
ssl_sess_cert_free
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Rich Salz [Sat, 11 Apr 2015 14:53:27 +0000 (16:53 +0200)]
Fix memory leak
It should have freed them when != NULL, not when == NULL.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
Kurt Roeckx [Sat, 11 Apr 2015 14:39:13 +0000 (16:39 +0200)]
do_dirname: Don't change gen on failures
It would set gen->d.dirn to a freed pointer in case X509V3_NAME_from_section
failed.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Kurt Roeckx [Sat, 11 Apr 2015 15:08:38 +0000 (17:08 +0200)]
X509_VERIFY_PARAM_free: Check param for NULL
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
Rich Salz [Sat, 11 Apr 2015 14:22:36 +0000 (10:22 -0400)]
free NULL cleanup 10
Avoid checking for NULL before calling free functions. This gets
ssl.*free:
ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free
SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free
SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Kurt Cancemi [Thu, 9 Apr 2015 13:54:38 +0000 (09:54 -0400)]
The wrong ifdef is used to guard usage of PSK code
PR#3790
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Thu, 2 Apr 2015 12:45:14 +0000 (13:45 +0100)]
Don't set *pval to NULL in ASN1_item_ex_new.
While *pval is usually a pointer in rare circumstances it can be a long
value. One some platforms (e.g. WIN64) where
sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field.
*pval is initialised correctly in the rest of ASN1_item_ex_new so setting it
to NULL is unecessary anyway.
Thanks to Julien Kauffmann for reporting this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Fri, 10 Apr 2015 01:31:16 +0000 (02:31 +0100)]
Fix ECDH detection, add ECDH keyid test.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Dr. Stephen Henson [Fri, 10 Apr 2015 01:33:44 +0000 (02:33 +0100)]
Fix ECDH key identifier support.
PR#3789
Reviewed-by: Rich Salz <rsalz@openssl.org>
Viktor Dukhovni [Fri, 10 Apr 2015 16:25:30 +0000 (12:25 -0400)]
Polish shell script to avoid needless complexity.
No need for here documents, just use "yes" or </dev/null.
No need for "|| exit 1" clauses, just use "set -e".
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>