Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
575 views
Skip to first unread message
Dr. Stephen Henson
Apr 22, 2016, 7:28:58 PM4/22/16
to
The branch OpenSSL_1_0_2-stable has been updated
via f32774087f7b3db1f789688368d16d917757421e (commit)
from 9676402c3a6657781a65836c716066d3d39ee54f (commit)
- Log -----------------------------------------------------------------
commit f32774087f7b3db1f789688368d16d917757421e
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Apr 11 13:57:20 2016 +0100
Harden ASN.1 BIO handling of large amounts of data.
If the ASN.1 BIO is presented with a large length field read it in
chunks of increasing size checking for EOF on each read. This prevents
small files allocating excessive amounts of data.
CVE-2016-2109
Thanks to Brian Carpenter for reporting this issue.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
(cherry picked from commit c62981390d6cf9e3d612c489b8b77c2913b25807)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_d2i_fp.c | 36 ++++++++++++++++++++++++++----------
1 file changed, 26 insertions(+), 10 deletions(-)
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index a1864b4..51b6f24 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -141,6 +141,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
#endif
#define HEADER_SIZE 8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
BUF_MEM *b;
@@ -217,29 +218,44 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
/* suck in c.slen bytes of data */
want = c.slen;
if (want > (len - off)) {
+ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
want -= (len - off);
if (want > INT_MAX /* BIO_read takes an int length */ ||
len + want < len) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
- if (!BUF_MEM_grow_clean(b, len + want)) {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
- goto err;
- }
while (want > 0) {
- i = BIO_read(in, &(b->data[len]), want);
- if (i <= 0) {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
- ASN1_R_NOT_ENOUGH_DATA);
+ /*
+ * Read content in chunks of increasing size
+ * so we can return an error for EOF without
+ * having to allocate the entire content length
+ * in one go.
+ */
+ size_t chunk = want > chunk_max ? chunk_max : want;
+
+ if (!BUF_MEM_grow_clean(b, len + chunk)) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
+ want -= chunk;
+ while (chunk > 0) {
+ i = BIO_read(in, &(b->data[len]), chunk);
+ if (i <= 0) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+ ASN1_R_NOT_ENOUGH_DATA);
+ goto err;
+ }
/*
* This can't overflow because |len+want| didn't
* overflow.
*/
- len += i;
- want -= i;
+ len += i;
+ chunk -= i;
+ }
+ if (chunk_max < INT_MAX/2)
+ chunk_max *= 2;
}
}
if (off + c.slen < off) {
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
via f32774087f7b3db1f789688368d16d917757421e (commit)
from 9676402c3a6657781a65836c716066d3d39ee54f (commit)
- Log -----------------------------------------------------------------
commit f32774087f7b3db1f789688368d16d917757421e
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Apr 11 13:57:20 2016 +0100
Harden ASN.1 BIO handling of large amounts of data.
If the ASN.1 BIO is presented with a large length field read it in
chunks of increasing size checking for EOF on each read. This prevents
small files allocating excessive amounts of data.
CVE-2016-2109
Thanks to Brian Carpenter for reporting this issue.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
(cherry picked from commit c62981390d6cf9e3d612c489b8b77c2913b25807)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_d2i_fp.c | 36 ++++++++++++++++++++++++++----------
1 file changed, 26 insertions(+), 10 deletions(-)
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index a1864b4..51b6f24 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -141,6 +141,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
#endif
#define HEADER_SIZE 8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
BUF_MEM *b;
@@ -217,29 +218,44 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
/* suck in c.slen bytes of data */
want = c.slen;
if (want > (len - off)) {
+ size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
want -= (len - off);
if (want > INT_MAX /* BIO_read takes an int length */ ||
len + want < len) {
ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
goto err;
}
- if (!BUF_MEM_grow_clean(b, len + want)) {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
- goto err;
- }
while (want > 0) {
- i = BIO_read(in, &(b->data[len]), want);
- if (i <= 0) {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
- ASN1_R_NOT_ENOUGH_DATA);
+ /*
+ * Read content in chunks of increasing size
+ * so we can return an error for EOF without
+ * having to allocate the entire content length
+ * in one go.
+ */
+ size_t chunk = want > chunk_max ? chunk_max : want;
+
+ if (!BUF_MEM_grow_clean(b, len + chunk)) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
+ want -= chunk;
+ while (chunk > 0) {
+ i = BIO_read(in, &(b->data[len]), chunk);
+ if (i <= 0) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+ ASN1_R_NOT_ENOUGH_DATA);
+ goto err;
+ }
/*
* This can't overflow because |len+want| didn't
* overflow.
*/
- len += i;
- want -= i;
+ len += i;
+ chunk -= i;
+ }
+ if (chunk_max < INT_MAX/2)
+ chunk_max *= 2;
}
}
if (off + c.slen < off) {
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
Viktor Dukhovni
Apr 23, 2016, 12:45:43 AM4/23/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 2442382e11c022aaab4fdc6975bd15d5a75c4db2 (commit)
from f32774087f7b3db1f789688368d16d917757421e (commit)
- Log -----------------------------------------------------------------
commit 2442382e11c022aaab4fdc6975bd15d5a75c4db2
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: Tue Apr 19 22:23:24 2016 -0400
Fix buffer overrun in ASN1_parse().
Backport of commits:
79c7f74d6cefd5d32fa20e69195ad3de834ce065
bdcd660e33710079b495cf5cc6a1aaa5d2dcd317
from master.
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/asn1_lib.c | 18 +++++++-----------
crypto/asn1/asn1_par.c | 17 +++++++++++++----
2 files changed, 20 insertions(+), 15 deletions(-)
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 0b61fc9..54b683c 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -63,7 +63,7 @@
#include <openssl/asn1_mac.h>
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
- int max);
+ long max);
static void asn1_put_length(unsigned char **pp, int length);
const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
@@ -131,7 +131,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
}
*ptag = tag;
*pclass = xclass;
- if (!asn1_get_length(&p, &inf, plength, (int)max))
+ if (!asn1_get_length(&p, &inf, plength, max))
goto err;
if (inf && !(ret & V_ASN1_CONSTRUCTED))
@@ -159,14 +159,14 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
}
static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
- int max)
+ long max)
{
const unsigned char *p = *pp;
unsigned long ret = 0;
- unsigned int i;
+ unsigned long i;
if (max-- < 1)
- return (0);
+ return 0;
if (*p == 0x80) {
*inf = 1;
ret = 0;
@@ -175,15 +175,11 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
*inf = 0;
i = *p & 0x7f;
if (*(p++) & 0x80) {
- if (i > sizeof(long))
+ if (i > sizeof(ret) || max < i)
return 0;
- if (max-- == 0)
- return (0);
while (i-- > 0) {
ret <<= 8L;
ret |= *(p++);
- if (max-- == 0)
- return (0);
}
} else
ret = i;
@@ -192,7 +188,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
return 0;
*pp = p;
*rl = (long)ret;
- return (1);
+ return 1;
}
/*
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 0ca985a..e85e339 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -173,6 +173,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
goto end;
if (j & V_ASN1_CONSTRUCTED) {
+ const unsigned char *sp;
+
ep = p + len;
if (BIO_write(bp, "\n", 1) <= 0)
goto end;
@@ -182,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
goto end;
}
if ((j == 0x21) && (len == 0)) {
+ sp = p;
for (;;) {
r = asn1_parse2(bp, &p, (long)(tot - p),
offset + (p - *pp), depth + 1,
@@ -190,19 +193,25 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
ret = 0;
goto end;
}
- if ((r == 2) || (p >= tot))
+ if ((r == 2) || (p >= tot)) {
+ len = p - sp;
break;
+ }
}
- } else
+ } else {
+ long tmp = len;
+
while (p < ep) {
- r = asn1_parse2(bp, &p, (long)len,
- offset + (p - *pp), depth + 1,
+ sp = p;
+ r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1,
indent, dump);
if (r == 0) {
ret = 0;
goto end;
}
+ tmp -= p - sp;
}
+ }
} else if (xclass != 0) {
p += len;
if (BIO_write(bp, "\n", 1) <= 0)
Andy Polyakov
Apr 25, 2016, 5:55:21 AM4/25/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 0b48a24ce993d1a4409d7bde26295f6df0d173cb (commit)
from 2442382e11c022aaab4fdc6975bd15d5a75c4db2 (commit)
- Log -----------------------------------------------------------------
commit 0b48a24ce993d1a4409d7bde26295f6df0d173cb
Author: Andy Polyakov <ap...@openssl.org>
Date: Fri Apr 15 16:39:22 2016 +0200
s390x assembly pack: cache capability query results.
IBM argues that in certain scenarios capability query is really
expensive. At the same time it's asserted that query results can
be safely cached, because disabling CPACF is incompatible with
reboot-free operation.
Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 670ad0fbf6ebcf113e278d8174081a7e2d2fa44c)
-----------------------------------------------------------------------
Summary of changes:
crypto/aes/asm/aes-s390x.pl | 29 ++++++++++-----------------
crypto/modes/asm/ghash-s390x.pl | 4 +---
crypto/s390xcpuid.S | 44 +++++++++++++++++++++++++++++++++++------
crypto/sha/asm/sha1-s390x.pl | 7 ++-----
crypto/sha/asm/sha512-s390x.pl | 7 ++-----
5 files changed, 53 insertions(+), 38 deletions(-)
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
index e75dcd0..76ca8e5 100644
--- a/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/aes/asm/aes-s390x.pl
@@ -818,13 +818,9 @@ $code.=<<___ if (!$softonly);
tmhl %r0,0x4000 # check for message-security assist
jz .Lekey_internal
- lghi %r0,0 # query capability vector
- la %r1,16($sp)
- .long 0xb92f0042 # kmc %r4,%r2
-
- llihh %r1,0x8000
- srlg %r1,%r1,0(%r5)
- ng %r1,16($sp)
+ llihh %r0,0x8000
+ srlg %r0,%r0,0(%r5)
+ ng %r0,48(%r1) # check kmc capability vector
jz .Lekey_internal
lmg %r0,%r1,0($inp) # just copy 128 bits...
@@ -1444,13 +1440,10 @@ $code.=<<___ if (0); ######### kmctr code was measured to be ~12% slower
llgfr $s0,%r0
lgr $s1,%r1
- lghi %r0,0
- la %r1,16($sp)
- .long 0xb92d2042 # kmctr %r4,%r2,%r2
-
+ larl %r1,OPENSSL_s390xcap_P
llihh %r0,0x8000 # check if kmctr supports the function code
srlg %r0,%r0,0($s0)
- ng %r0,16($sp)
+ ng %r0,64(%r1) # check kmctr capability vector
lgr %r0,$s0
lgr %r1,$s1
jz .Lctr32_km_loop
@@ -1597,12 +1590,10 @@ $code.=<<___ if(1);
llgfr $s0,%r0 # put aside the function code
lghi $s1,0x7f
nr $s1,%r0
- lghi %r0,0 # query capability vector
- la %r1,$tweak-16($sp)
- .long 0xb92e0042 # km %r4,%r2
- llihh %r1,0x8000
- srlg %r1,%r1,32($s1) # check for 32+function code
- ng %r1,$tweak-16($sp)
+ larl %r1,OPENSSL_s390xcap_P
+ llihh %r0,0x8000
+ srlg %r0,%r0,32($s1) # check for 32+function code
+ ng %r0,32(%r1) # check km capability vector
lgr %r0,$s0 # restore the function code
la %r1,0($key1) # restore $key1
jz .Lxts_km_vanilla
@@ -2229,7 +2220,7 @@ ___
}
$code.=<<___;
.string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.comm OPENSSL_s390xcap_P,16,8
+.comm OPENSSL_s390xcap_P,80,8
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl
index 39096b4..be7d55f 100644
--- a/crypto/modes/asm/ghash-s390x.pl
+++ b/crypto/modes/asm/ghash-s390x.pl
@@ -85,9 +85,7 @@ $code.=<<___ if(!$softonly && 0); # hardware is slow for single block...
tmhl %r0,0x4000 # check for message-security-assist
jz .Lsoft_gmult
lghi %r0,0
- la %r1,16($sp)
- .long 0xb93e0004 # kimd %r0,%r4
- lg %r1,24($sp)
+ lg %r1,24(%r1) # load second word of kimd capabilities vector
tmhh %r1,0x4000 # check for function 65
jz .Lsoft_gmult
stg %r0,16($sp) # arrange 16 bytes of zero input
diff --git a/crypto/s390xcpuid.S b/crypto/s390xcpuid.S
index 0681534..d91d5bc 100644
--- a/crypto/s390xcpuid.S
+++ b/crypto/s390xcpuid.S
@@ -5,14 +5,46 @@
.align 16
OPENSSL_s390x_facilities:
lghi %r0,0
- larl %r2,OPENSSL_s390xcap_P
- stg %r0,8(%r2)
- .long 0xb2b02000 # stfle 0(%r2)
+ larl %r4,OPENSSL_s390xcap_P
+ stg %r0,8(%r4) # wipe capability vectors
+ stg %r0,16(%r4)
+ stg %r0,24(%r4)
+ stg %r0,32(%r4)
+ stg %r0,40(%r4)
+ stg %r0,48(%r4)
+ stg %r0,56(%r4)
+ stg %r0,64(%r4)
+ stg %r0,72(%r4)
+
+ .long 0xb2b04000 # stfle 0(%r4)
brc 8,.Ldone
lghi %r0,1
- .long 0xb2b02000 # stfle 0(%r2)
+ .long 0xb2b04000 # stfle 0(%r4)
.Ldone:
- lg %r2,0(%r2)
+ lmg %r2,%r3,0(%r4)
+ tmhl %r2,0x4000 # check for message-security-assist
+ jz .Lret
+
+ lghi %r0,0 # query kimd capabilities
+ la %r1,16(%r4)
+ .long 0xb93e0002 # kimd %r0,%r2
+
+ lghi %r0,0 # query km capability vector
+ la %r1,32(%r4)
+ .long 0xb92e0042 # km %r4,%r2
+
+ lghi %r0,0 # query kmc capability vector
+ la %r1,48(%r4)
+ .long 0xb92f0042 # kmc %r4,%r2
+
+ tmhh %r3,0x0004 # check for message-security-assist-4
+ jz .Lret
+
+ lghi %r0,0 # query kmctr capability vector
+ la %r1,64(%r4)
+ .long 0xb92d2042 # kmctr %r4,%r2,%r2
+
+.Lret:
br %r14
.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
@@ -96,4 +128,4 @@ OPENSSL_cleanse:
.section .init
brasl %r14,OPENSSL_cpuid_setup
-.comm OPENSSL_s390xcap_P,16,8
+.comm OPENSSL_s390xcap_P,80,8
diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl
index 9193dda..d5cf164 100644
--- a/crypto/sha/asm/sha1-s390x.pl
+++ b/crypto/sha/asm/sha1-s390x.pl
@@ -167,10 +167,7 @@ $code.=<<___ if ($kimdfunc);
lg %r0,0(%r1)
tmhl %r0,0x4000 # check for message-security assist
jz .Lsoftware
- lghi %r0,0
- la %r1,`2*$SIZE_T`($sp)
- .long 0xb93e0002 # kimd %r0,%r2
- lg %r0,`2*$SIZE_T`($sp)
+ lg %r0,16(%r1) # check kimd capabilities
tmhh %r0,`0x8000>>$kimdfunc`
jz .Lsoftware
lghi %r0,$kimdfunc
@@ -237,7 +234,7 @@ $code.=<<___;
br %r14
.size sha1_block_data_order,.-sha1_block_data_order
.string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.comm OPENSSL_s390xcap_P,16,8
+.comm OPENSSL_s390xcap_P,80,8
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl
index 079a3fc..9c10e4e 100644
--- a/crypto/sha/asm/sha512-s390x.pl
+++ b/crypto/sha/asm/sha512-s390x.pl
@@ -240,10 +240,7 @@ $code.=<<___ if ($kimdfunc);
lg %r0,0(%r1)
tmhl %r0,0x4000 # check for message-security assist
jz .Lsoftware
- lghi %r0,0
- la %r1,`2*$SIZE_T`($sp)
- .long 0xb93e0002 # kimd %r0,%r2
- lg %r0,`2*$SIZE_T`($sp)
+ lg %r0,16(%r1) # check kimd capabilities
tmhh %r0,`0x8000>>$kimdfunc`
jz .Lsoftware
lghi %r0,$kimdfunc
@@ -311,7 +308,7 @@ $code.=<<___;
br %r14
.size $Func,.-$Func
.string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.comm OPENSSL_s390xcap_P,16,8
+.comm OPENSSL_s390xcap_P,80,8
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
Rich Salz
Apr 25, 2016, 11:45:37 AM4/25/16
to
The branch OpenSSL_1_0_2-stable has been updated
via d31bc179b3a48351025c55756ce8be82bf9bfa4c (commit)from 0b48a24ce993d1a4409d7bde26295f6df0d173cb (commit)
- Log -----------------------------------------------------------------
commit d31bc179b3a48351025c55756ce8be82bf9bfa4c
Author: Rich Salz <rs...@openssl.org>
Date: Mon Apr 25 08:56:54 2016 -0400
Fix NULL deref in apps/pkcs7
Thanks to Brian Carpenter for finding and reporting this.
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit 79356a83b78a2d936dcd022847465d9ebf6c67b1)
-----------------------------------------------------------------------
Summary of changes:
apps/pkcs7.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 643507f..b677633 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -235,12 +235,16 @@ int MAIN(int argc, char **argv)
i = OBJ_obj2nid(p7->type);
switch (i) {
case NID_pkcs7_signed:
- certs = p7->d.sign->cert;
- crls = p7->d.sign->crl;
+ if (p7->d.sign != NULL) {
+ certs = p7->d.sign->cert;
+ crls = p7->d.sign->crl;
+ }
break;
case NID_pkcs7_signedAndEnveloped:
- certs = p7->d.signed_and_enveloped->cert;
- crls = p7->d.signed_and_enveloped->crl;
+ if (p7->d.signed_and_enveloped != NULL) {
+ certs = p7->d.signed_and_enveloped->cert;
+ crls = p7->d.signed_and_enveloped->crl;
+ }
break;
default:
break;
Matt Caswell
Apr 25, 2016, 2:51:22 PM4/25/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 0ca67644ddedfd656d43a6639d89a6236ff64652 (commit)
from d31bc179b3a48351025c55756ce8be82bf9bfa4c (commit)
- Log -----------------------------------------------------------------
commit 0ca67644ddedfd656d43a6639d89a6236ff64652
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Apr 25 17:45:11 2016 +0100
Fix a signed/unsigned warning
This causes a compilation failure when using --strict-warnings in 1.0.2
and 1.0.1
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/asn1_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 54b683c..874b1af 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -175,7 +175,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
*inf = 0;
i = *p & 0x7f;
if (*(p++) & 0x80) {
- if (i > sizeof(ret) || max < i)
i = *p & 0x7f;
if (*(p++) & 0x80) {
+ if (i > sizeof(ret) || max < (long)i)
return 0;
while (i-- > 0) {
ret <<= 8L;
ret <<= 8L;
Matt Caswell
Apr 26, 2016, 9:42:24 AM4/26/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 8f43c80bfac15544820739bf035df946eeb603e8 (commit)from 0ca67644ddedfd656d43a6639d89a6236ff64652 (commit)
- Log -----------------------------------------------------------------
commit 8f43c80bfac15544820739bf035df946eeb603e8
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Apr 25 16:05:55 2016 +0100
Ensure we check i2d_X509 return val
The i2d_X509() function can return a negative value on error. Therefore
we should make sure we check it.
Issue reported by Yuan Jochen Kang.
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit 446ba8de9af9aa4fa3debc7c76a38f4efed47a62)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/x_x509.c | 15 ++++++++++++---
ssl/ssl_cert.c | 9 +++++++--
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index e2cac83..ccdf6df 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -201,10 +201,19 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
int i2d_X509_AUX(X509 *a, unsigned char **pp)
{
- int length;
+ int length, tmplen;
+ unsigned char *start = *pp;
length = i2d_X509(a, pp);
- if (a)
- length += i2d_X509_CERT_AUX(a->aux, pp);
+ if (length < 0 || a == NULL)
+ return length;
+
+ tmplen = i2d_X509_CERT_AUX(a->aux, pp);
+ if (tmplen < 0) {
+ *pp = start;
+ return tmplen;
+ }
+ length += tmplen;
+
return length;
}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index acc5361..f48ebae 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1059,13 +1059,18 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
unsigned char *p;
n = i2d_X509(x, NULL);
- if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
+ if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
return 0;
}
p = (unsigned char *)&(buf->data[*l]);
l2n3(n, p);
- i2d_X509(x, &p);
+ n = i2d_X509(x, &p);
+ if (n < 0) {
+ /* Shouldn't happen */
+ SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
+ return 0;
+ }
*l += n + 3;
return 1;
Dr. Stephen Henson
Apr 27, 2016, 7:09:02 PM4/27/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 4436299296cc10c6d6611b066b4b73dc0bdae1a6 (commit)from 8f43c80bfac15544820739bf035df946eeb603e8 (commit)
- Log -----------------------------------------------------------------
commit 4436299296cc10c6d6611b066b4b73dc0bdae1a6
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sat Apr 23 13:33:05 2016 +0100
Reject inappropriate private key encryption ciphers.
The traditional private key encryption algorithm doesn't function
properly if the IV length of the cipher is zero. These ciphers
(e.g. ECB mode) are not suitable for private key encryption
anyway.
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit d78df5dfd650e6de159a19a033513481064644f5)
-----------------------------------------------------------------------
Summary of changes:
crypto/pem/pem_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index a29821a..fe881d6 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -348,7 +348,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
if (enc != NULL) {
objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
- if (objstr == NULL) {
+ if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0) {
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
goto err;
Dr. Stephen Henson
Apr 29, 2016, 3:03:03 PM4/29/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 9b08619cb45e75541809b1154c90e1a00450e537 (commit)
via 66e731ab09f2c652d0e179df3df10d069b407604 (commit)
via 65cb92f4da37a3895437f0c9940ee0bcf9f28c8a (commit)
from 4436299296cc10c6d6611b066b4b73dc0bdae1a6 (commit)
- Log -----------------------------------------------------------------
commit 9b08619cb45e75541809b1154c90e1a00450e537
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu Apr 28 19:45:44 2016 +0100
Add checks to X509_NAME_oneline()
Sanity check field lengths and sums to avoid potential overflows and reject
excessively large X509_NAME structures.
Issue reported by Guido Vranken.
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 77076dc944f76e821e4eae3a6563b853ce00c0ed)
Conflicts:
crypto/x509/x509_err.c
crypto/x509/x509_obj.c
commit 66e731ab09f2c652d0e179df3df10d069b407604
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu Apr 28 13:09:27 2016 +0100
Sanity check buffer length.
Reject zero length buffers passed to X509_NAME_onelne().
Issue reported by Guido Vranken.
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit b33d1141b6dcce947708b984c5e9e91dad3d675d)
commit 65cb92f4da37a3895437f0c9940ee0bcf9f28c8a
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu Apr 28 12:55:29 2016 +0100
Add size limit to X509_NAME structure.
This adds an explicit limit to the size of an X509_NAME structure. Some
part of OpenSSL (e.g. TLS) already effectively limit the size due to
restrictions on certificate size.
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 295f3a24919157e2f9021d0b1709353710ad63db)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/x_name.c | 11 +++++++++++
crypto/x509/x509.h | 1 +
crypto/x509/x509_err.c | 1 +
crypto/x509/x509_obj.c | 21 +++++++++++++++++++--
4 files changed, 32 insertions(+), 2 deletions(-)
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index 737c426..a858c29 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -66,6 +66,13 @@
typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
static int x509_name_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@@ -192,6 +199,10 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
+ if (len > X509_NAME_MAX) {
+ ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+ return 0;
+ }
q = p;
/* Get internal representation of Name */
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 99337b8..fc613ce 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -1305,6 +1305,7 @@ void ERR_load_X509_strings(void);
# define X509_R_LOADING_CERT_DIR 103
# define X509_R_LOADING_DEFAULTS 104
# define X509_R_METHOD_NOT_SUPPORTED 124
+# define X509_R_NAME_TOO_LONG 134
# define X509_R_NEWER_CRL_NOT_NEWER 132
# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
# define X509_R_NO_CRL_NUMBER 130
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 43cde18..1e779fe 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -151,6 +151,7 @@ static ERR_STRING_DATA X509_str_reasons[] = {
{ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
{ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED), "method not supported"},
+ {ERR_REASON(X509_R_NAME_TOO_LONG), "name too long"},
{ERR_REASON(X509_R_NEWER_CRL_NOT_NEWER), "newer crl not newer"},
{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
"no cert set for us to verify"},
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index d317f3a..f7daac2 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -63,6 +63,13 @@
#include <openssl/x509.h>
#include <openssl/buffer.h>
+/*
+ * Limit to ensure we don't overflow: much greater than
+ * anything enountered in practice.
+ */
+
+#define NAME_ONELINE_MAX (1024 * 1024)
+
char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
{
X509_NAME_ENTRY *ne;
@@ -86,6 +93,8 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
goto err;
b->data[0] = '\0';
len = 200;
+ } else if (len == 0) {
+ return NULL;
}
if (a == NULL) {
if (b) {
@@ -110,6 +119,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
type = ne->value->type;
num = ne->value->length;
+ if (num > NAME_ONELINE_MAX) {
+ X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+ goto end;
+ }
q = ne->value->data;
#ifdef CHARSET_EBCDIC
if (type == V_ASN1_GENERALSTRING ||
@@ -154,6 +167,10 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
lold = l;
l += 1 + l1 + 1 + l2;
+ if (l > NAME_ONELINE_MAX) {
+ X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+ goto end;
+ }
if (b != NULL) {
if (!BUF_MEM_grow(b, l + 1))
goto err;
@@ -206,7 +223,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
return (p);
err:
X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
- if (b != NULL)
- BUF_MEM_free(b);
+ end:
+ BUF_MEM_free(b);
return (NULL);
Dr. Stephen Henson
Apr 29, 2016, 4:43:43 PM4/29/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 64eaf6c928f4066d62aa86f805796ef05bd0b1cc (commit)
from 9b08619cb45e75541809b1154c90e1a00450e537 (commit)
- Log -----------------------------------------------------------------
commit 64eaf6c928f4066d62aa86f805796ef05bd0b1cc
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Wed Apr 27 20:27:41 2016 +0100
Don't free ret->data if malloc fails.
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_bytes.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
index 12715a7..385b539 100644
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@@ -200,13 +200,13 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
} else {
if (len != 0) {
if ((ret->length < len) || (ret->data == NULL)) {
- if (ret->data != NULL)
- OPENSSL_free(ret->data);
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL) {
i = ERR_R_MALLOC_FAILURE;
goto err;
}
+ if (ret->data != NULL)
+ OPENSSL_free(ret->data);
} else
s = ret->data;
memcpy(s, p, (int)len);
Rich Salz
May 2, 2016, 12:54:59 PM5/2/16
to
The branch OpenSSL_1_0_2-stable has been updated
via a8d40f64d820e199c87a21597acd92a530286885 (commit)
via 876931488652438645427b041da058883cbb3513 (commit)
from 64eaf6c928f4066d62aa86f805796ef05bd0b1cc (commit)
- Log -----------------------------------------------------------------
commit a8d40f64d820e199c87a21597acd92a530286885
Author: TJ Saunders <t...@castaglia.org>
Date: Fri Apr 29 07:40:28 2016 -0700
Remove confusing comment.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 876931488652438645427b041da058883cbb3513
Author: TJ Saunders <t...@castaglia.org>
Date: Wed Mar 23 11:55:53 2016 -0700
Issue #719:
If no serverinfo extension is found in some cases, do not abort the handshake,
but simply omit/skip that extension.
Check for already-registered serverinfo callbacks during serverinfo
registration.
Update SSL_CTX_use_serverinfo() documentation to mention the need to reload the
same serverinfo per certificate, for servers with multiple server certificates.
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
doc/ssl/SSL_CTX_use_serverinfo.pod | 8 ++++++++
ssl/ssl_rsa.c | 28 +++++++++++++++++++++-------
2 files changed, 29 insertions(+), 7 deletions(-)
diff --git a/doc/ssl/SSL_CTX_use_serverinfo.pod b/doc/ssl/SSL_CTX_use_serverinfo.pod
index 318e052..caeb28d 100644
--- a/doc/ssl/SSL_CTX_use_serverinfo.pod
+++ b/doc/ssl/SSL_CTX_use_serverinfo.pod
@@ -30,6 +30,14 @@ must consist of a 2-byte Extension Type, a 2-byte length, and then length
bytes of extension_data. Each PEM extension name must begin with the phrase
"BEGIN SERVERINFO FOR ".
+If more than one certificate (RSA/DSA) is installed using
+SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the
+last certificate installed. If e.g. the last item was a RSA certificate, the
+loaded serverinfo extension data will be loaded for that certificate. To
+use the serverinfo extension for multiple certificates,
+SSL_CTX_use_serverinfo() needs to be called multiple times, once B<after>
+each time a certificate is loaded.
+
=head1 NOTES
=head1 RETURN VALUES
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index b0f75c9..8202247 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -841,7 +841,7 @@ static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
return 0; /* No extension found, don't send extension */
return 1; /* Send extension */
}
- return -1; /* No serverinfo data found, don't send
+ return 0; /* No serverinfo data found, don't send
* extension */
}
@@ -870,12 +870,26 @@ static int serverinfo_process_buffer(const unsigned char *serverinfo,
/* Register callbacks for extensions */
ext_type = (serverinfo[0] << 8) + serverinfo[1];
- if (ctx && !SSL_CTX_add_server_custom_ext(ctx, ext_type,
- serverinfo_srv_add_cb,
- NULL, NULL,
- serverinfo_srv_parse_cb,
- NULL))
- return 0;
+ if (ctx) {
+ int have_ext_cbs = 0;
+ size_t i;
+ custom_ext_methods *exts = &ctx->cert->srv_ext;
+ custom_ext_method *meth = exts->meths;
+
+ for (i = 0; i < exts->meths_count; i++, meth++) {
+ if (ext_type == meth->ext_type) {
+ have_ext_cbs = 1;
+ break;
+ }
+ }
+
+ if (!have_ext_cbs && !SSL_CTX_add_server_custom_ext(ctx, ext_type,
+ serverinfo_srv_add_cb,
+ NULL, NULL,
+ serverinfo_srv_parse_cb,
+ NULL))
+ return 0;
+ }
serverinfo += 2;
serverinfo_length -= 2;
Dr. Stephen Henson
May 2, 2016, 5:53:15 PM5/2/16
to
The branch OpenSSL_1_0_2-stable has been updated
via c5e603ee182b40ede7713c6e229c15a8f3fdb58a (commit)from a8d40f64d820e199c87a21597acd92a530286885 (commit)
- Log -----------------------------------------------------------------
commit c5e603ee182b40ede7713c6e229c15a8f3fdb58a
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon May 2 17:33:50 2016 +0100
Fix i2d_X509_AUX: pp can be NULL.
Reported by David Benjamin
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit 05aef4bbdbc18e7b9490512cdee41e8a608bcc0e)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/x_x509.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index ccdf6df..e31e1e7 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -202,14 +202,15 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
int i2d_X509_AUX(X509 *a, unsigned char **pp)
{
int length, tmplen;
- unsigned char *start = *pp;
+ unsigned char *start = pp != NULL ? *pp : NULL;
length = i2d_X509(a, pp);
if (length < 0 || a == NULL)
return length;
tmplen = i2d_X509_CERT_AUX(a->aux, pp);
if (tmplen < 0) {
- *pp = start;
+ if (start != NULL)
+ *pp = start;
return tmplen;
}
length += tmplen;
Matt Caswell
May 3, 2016, 4:05:26 AM5/3/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 3ab937bc440371fbbe74318ce494ba95021f850a (commit)
from c5e603ee182b40ede7713c6e229c15a8f3fdb58a (commit)
- Log -----------------------------------------------------------------
commit 3ab937bc440371fbbe74318ce494ba95021f850a
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Mar 3 23:36:23 2016 +0000
Fix encrypt overflow
An overflow can occur in the EVP_EncryptUpdate function. If an attacker is
able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate with a partial block then a length check can overflow
resulting in a heap corruption.
Following an analysis of all OpenSSL internal usage of the
EVP_EncryptUpdate function all usage is one of two forms.
The first form is like this:
EVP_EncryptInit()
EVP_EncryptUpdate()
i.e. where the EVP_EncryptUpdate() call is known to be the first called
function after an EVP_EncryptInit(), and therefore that specific call
must be safe.
The second form is where the length passed to EVP_EncryptUpdate() can be
seen from the code to be some small value and therefore there is no
possibility of an overflow.
Since all instances are one of these two forms, I believe that there can
be no overflows in internal code due to this problem.
It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
in certain code paths. Also EVP_CipherUpdate() is a synonym for
EVP_EncryptUpdate(). Therefore I have checked all instances of these
calls too, and came to the same conclusion, i.e. there are no instances
in internal usage where an overflow could occur.
This could still represent a security issue for end user code that calls
this function directly.
CVE-2016-2106
Issue reported by Guido Vranken.
(cherry picked from commit 3f3582139fbb259a1c3cbb0a25236500a409bf26)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/evp_enc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 65f0e02..7d7be24 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -347,7 +347,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
bl = ctx->cipher->block_size;
OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
if (i != 0) {
- if (i + inl < bl) {
+ if (bl - i > inl) {
memcpy(&(ctx->buf[i]), in, inl);
ctx->buf_len += inl;
*outl = 0;
Matt Caswell
May 3, 2016, 5:30:19 AM5/3/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 9f2ccf1d718ab66c778a623f9aed3cddf17503a2 (commit)
from 3ab937bc440371fbbe74318ce494ba95021f850a (commit)
- Log -----------------------------------------------------------------
commit 9f2ccf1d718ab66c778a623f9aed3cddf17503a2
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Apr 28 10:46:55 2016 +0100
Prevent EBCDIC overread for very long strings
ASN1 Strings that are over 1024 bytes can cause an overread in
applications using the X509_NAME_oneline() function on EBCDIC systems.
This could result in arbitrary stack data being returned in the buffer.
Issue reported by Guido Vranken.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_obj.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index f7daac2..3de3ac7 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -130,8 +130,9 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
type == V_ASN1_PRINTABLESTRING ||
type == V_ASN1_TELETEXSTRING ||
type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
- ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
- ? sizeof ebcdic_buf : num);
+ if (num > (int)sizeof(ebcdic_buf))
+ num = sizeof(ebcdic_buf);
+ ascii2ebcdic(ebcdic_buf, q, num);
q = ebcdic_buf;
}
#endif
Matt Caswell
May 3, 2016, 6:58:21 AM5/3/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 0b3762a342bef77fcd8c2d712eae4860af706b20 (commit)
via 3850c2b9d55fb91ea1d9b8228fd8a761d0ba1780 (commit)
via 172c6e1e14defe7d49d62f5fc9ea6a79b225424f (commit)
from 9f2ccf1d718ab66c778a623f9aed3cddf17503a2 (commit)
- Log -----------------------------------------------------------------
commit 0b3762a342bef77fcd8c2d712eae4860af706b20
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Apr 25 11:54:30 2016 +0100
Add documentation for EVP_EncodeInit() and similar functions
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 3850c2b9d55fb91ea1d9b8228fd8a761d0ba1780
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Apr 25 09:06:29 2016 +0100
Ensure EVP_EncodeUpdate handles an output length that is too long
With the EVP_EncodeUpdate function it is the caller's responsibility to
determine how big the output buffer should be. The function writes the
amount actually used to |*outl|. However this could go negative with a
sufficiently large value for |inl|. We add a check for this error
condition.
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit 172c6e1e14defe7d49d62f5fc9ea6a79b225424f
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Mar 4 10:17:17 2016 +0000
Avoid overflow in EVP_EncodeUpdate
An overflow can occur in the EVP_EncodeUpdate function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption. Due to the very large amounts of data involved this will most
likely result in a crash.
Internally to OpenSSL the EVP_EncodeUpdate function is primarly used by the
PEM_write_bio* family of functions. These are mainly used within the
OpenSSL command line applications, so any application which processes
data from an untrusted source and outputs it as a PEM file should be
considered vulnerable to this issue.
User applications that call these APIs directly with large amounts of
untrusted data may also be vulnerable.
Issue reported by Guido Vranken.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/encode.c | 12 +++-
doc/crypto/EVP_EncodeInit.pod | 146 ++++++++++++++++++++++++++++++++++++++++++
doc/crypto/evp.pod | 5 ++
3 files changed, 160 insertions(+), 3 deletions(-)
create mode 100644 doc/crypto/EVP_EncodeInit.pod
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index c6abc4a..c6c775e 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -57,6 +57,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include "cryptlib.h"
#include <openssl/evp.h>
@@ -151,13 +152,13 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int i, j;
- unsigned int total = 0;
+ size_t total = 0;
*outl = 0;
if (inl <= 0)
return;
OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
- if ((ctx->num + inl) < ctx->length) {
+ if (ctx->length - ctx->num > inl) {
memcpy(&(ctx->enc_data[ctx->num]), in, inl);
ctx->num += inl;
return;
@@ -174,7 +175,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
*out = '\0';
total = j + 1;
}
- while (inl >= ctx->length) {
+ while (inl >= ctx->length && total <= INT_MAX) {
j = EVP_EncodeBlock(out, in, ctx->length);
in += ctx->length;
inl -= ctx->length;
@@ -183,6 +184,11 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
*out = '\0';
total += j + 1;
}
+ if (total > INT_MAX) {
+ /* Too much output data! */
+ *outl = 0;
+ return;
+ }
if (inl != 0)
memcpy(&(ctx->enc_data[0]), in, inl);
ctx->num = inl;
diff --git a/doc/crypto/EVP_EncodeInit.pod b/doc/crypto/EVP_EncodeInit.pod
new file mode 100644
index 0000000..bc35acf
--- /dev/null
+++ b/doc/crypto/EVP_EncodeInit.pod
@@ -0,0 +1,146 @@
+=pod
+
+=head1 NAME
+
+EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_num, EVP_EncodeInit,
+EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit,
+EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode
+routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+ void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+ int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+ void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+ int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+ char *out, int *outl);
+ int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+=head1 DESCRIPTION
+
+The EVP encode routines provide a high level interface to base 64 encoding and
+decoding. Base 64 encoding converts binary data into a printable form that uses
+the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. For every 3
+bytes of binary data provided 4 bytes of base 64 encoded data will be produced
+plus some occasional newlines (see below). If the input data length is not a
+multiple of 3 then the output data will be padded at the end using the "="
+character.
+
+EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for
+the encode/decode functions.
+
+EVP_ENCODE_CTX_free() cleans up an encode/decode context B<ctx> and frees up the
+space allocated to it.
+
+Encoding of binary data is performed in blocks of 48 input bytes (or less for
+the final block). For each 48 byte input block encoded 64 bytes of base 64 data
+is output plus an additional newline character (i.e. 65 bytes in total). The
+final block (which may be less than 48 bytes) will output 4 bytes for every 3
+bytes of input. If the data length is not divisible by 3 then a full 4 bytes is
+still output for the final 1 or 2 bytes of input. Similarly a newline character
+will also be output.
+
+EVP_EncodeInit() initialises B<ctx> for the start of a new encoding operation.
+
+EVP_EncodeUpdate() encode B<inl> bytes of data found in the buffer pointed to by
+B<in>. The output is stored in the buffer B<out> and the number of bytes output
+is stored in B<*outl>. It is the caller's responsibility to ensure that the
+buffer at B<out> is sufficiently large to accommodate the output data. Only full
+blocks of data (48 bytes) will be immediately processed and output by this
+function. Any remainder is held in the B<ctx> object and will be processed by a
+subsequent call to EVP_EncodeUpdate() or EVP_EncodeFinal(). To calculate the
+required size of the output buffer add together the value of B<inl> with the
+amount of unprocessed data held in B<ctx> and divide the result by 48 (ignore
+any remainder). This gives the number of blocks of data that will be processed.
+Ensure the output buffer contains 65 bytes of storage for each block, plus an
+additional byte for a NUL terminator. EVP_EncodeUpdate() may be called
+repeatedly to process large amounts of input data. In the event of an error
+EVP_EncodeUpdate() will set B<*outl> to 0.
+
+EVP_EncodeFinal() must be called at the end of an encoding operation. It will
+process any partial block of data remaining in the B<ctx> object. The output
+data will be stored in B<out> and the length of the data written will be stored
+in B<*outl>. It is the caller's responsibility to ensure that B<out> is
+sufficiently large to accommodate the output data which will never be more than
+65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
+
+EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to
+be encoded or decoded that are pending in the B<ctx> object.
+
+EVP_EncodeBlock() encodes a full block of input data in B<f> and of length
+B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
+output data will be produced. If B<dlen> is not divisible by 3 then the block is
+encoded as a final block of data and the output is padded such that it is always
+divisible by 4. Additionally a NUL terminator character will be added. For
+example if 16 bytes of input data is provided then 24 bytes of encoded data is
+created plus 1 byte for a NUL terminator (i.e. 25 bytes in total). The length of
+the data generated I<without> the NUL terminator is returned from the function.
+
+EVP_DecodeInit() initialises B<ctx> for the start of a new decoding operation.
+
+EVP_DecodeUpdate() decodes B<inl> characters of data found in the buffer pointed
+to by B<in>. The output is stored in the buffer B<out> and the number of bytes
+output is stored in B<*outl>. It is the caller's responsibility to ensure that
+the buffer at B<out> is sufficiently large to accommodate the output data. This
+function will attempt to decode as much data as possible in 4 byte chunks. Any
+whitespace, newline or carriage return characters are ignored. Any partial chunk
+of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in
+the B<ctx> object and processed by a subsequent call to EVP_DecodeUpdate(). If
+any illegal base 64 characters are encountered or if the base 64 padding
+character "=" is encountered in the middle of the data then the function returns
+-1 to indicate an error. A return value of 0 or 1 indicates successful
+processing of the data. A return value of 0 additionally indicates that the last
+input data characters processed included the base 64 padding character "=" and
+therefore no more non-padding character data is expected to be processed. For
+every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and
+line feeds), 3 bytes of binary output data will be produced (or less at the end
+of the data where the padding character "=" has been used).
+
+EVP_DecodeFinal() must be called at the end of a decoding operation. If there
+is any unprocessed data still in B<ctx> then the input data must not have been
+a multiple of 4 and therefore an error has occurred. The function will return -1
+in this case. Otherwise the function returns 1 on success.
+
+EVP_DecodeBlock() will decode the block of B<n> characters of base 64 data
+contained in B<f> and store the result in B<t>. Any leading whitespace will be
+trimmed as will any trailing whitespace, newlines, carriage returns or EOF
+characters. After such trimming the length of the data in B<f> must be divisbile
+by 4. For every 4 input bytes exactly 3 output bytes will be produced. The
+output will be padded with 0 bits if necessary to ensure that the output is
+always 3 bytes for every 4 input bytes. This function will return the length of
+the data decoded or -1 on error.
+
+=head1 RETURN VALUES
+
+EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX
+object or NULL on error.
+
+EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding in
+B<ctx>.
+
+EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL
+terminator.
+
+EVP_DecodeUpdate() returns -1 on error and 0 or 1 on success. If 0 is returned
+then no more non-padding base 64 characters are expected.
+
+EVP_DecodeFinal() returns -1 on error or 1 on success.
+
+EVP_DecodeBlock() returns the length of the data decoded or -1 on error.
+
+=head1 SEE ALSO
+
+L<evp(3)>
+
+=cut
diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod
index 29fab9f..303cd95 100644
--- a/doc/crypto/evp.pod
+++ b/doc/crypto/evp.pod
@@ -61,6 +61,10 @@ based encryption. Careful selection of the parameters will provide a PKCS#5 PBKD
implementation. However, new applications should not typically use this (preferring, for example,
PBKDF2 from PCKS#5).
+The L<B<EVP_Encode>I<...>|EVP_EncodeInit(3)> and
+L<B<EVP_Decode>I<...>|EVP_EncodeInit(3)> functions implement base 64 encoding
+and decoding.
+
Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>.
All the symmetric algorithms (ciphers), digests and asymmetric algorithms
@@ -86,6 +90,7 @@ L<EVP_SealInit(3)|EVP_SealInit(3)>,
L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>,
L<EVP_SignInit(3)|EVP_SignInit(3)>,
L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<EVP_EncodeInit(3)>,
L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>,
L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>,
L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>,
Matt Caswell
May 3, 2016, 7:55:08 AM5/3/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 643e8e972e54fa358935e5f8b7f5a8be9616d56b (commit)
from 0b3762a342bef77fcd8c2d712eae4860af706b20 (commit)
- Log -----------------------------------------------------------------
commit 643e8e972e54fa358935e5f8b7f5a8be9616d56b
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 3 12:45:45 2016 +0100
Remove some documentation for functions not in 1.0.x
A few functions in the recently added EVP_EncodeInit docs don't apply to
the 1.0.x branches.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 3 insertions(+), 22 deletions(-)
diff --git a/doc/crypto/EVP_EncodeInit.pod b/doc/crypto/EVP_EncodeInit.pod
index bc35acf..c6f1267 100644
--- a/doc/crypto/EVP_EncodeInit.pod
+++ b/doc/crypto/EVP_EncodeInit.pod
@@ -2,18 +2,14 @@
=head1 NAME
-EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_num, EVP_EncodeInit,
-EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit,
-EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64 encode/decode
-routines
+EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock,
+EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock - EVP base 64
+encode/decode routines
=head1 SYNOPSIS
#include <openssl/evp.h>
- EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
- void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
- int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl);
@@ -37,12 +33,6 @@ plus some occasional newlines (see below). If the input data length is not a
multiple of 3 then the output data will be padded at the end using the "="
character.
-EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for
-the encode/decode functions.
-
-EVP_ENCODE_CTX_free() cleans up an encode/decode context B<ctx> and frees up the
-space allocated to it.
-
Encoding of binary data is performed in blocks of 48 input bytes (or less for
the final block). For each 48 byte input block encoded 64 bytes of base 64 data
is output plus an additional newline character (i.e. 65 bytes in total). The
@@ -75,9 +65,6 @@ in B<*outl>. It is the caller's responsibility to ensure that B<out> is
sufficiently large to accommodate the output data which will never be more than
65 bytes plus an additional NUL terminator (i.e. 66 bytes in total).
-EVP_ENCODE_CTX_num() will return the number of as yet unprocessed bytes still to
-be encoded or decoded that are pending in the B<ctx> object.
-
EVP_EncodeBlock() encodes a full block of input data in B<f> and of length
B<dlen> and stores it in B<t>. For every 3 bytes of input provided 4 bytes of
output data will be produced. If B<dlen> is not divisible by 3 then the block is
@@ -123,12 +110,6 @@ the data decoded or -1 on error.
=head1 RETURN VALUES
-EVP_ENCODE_CTX_new() returns a pointer to the newly allocated EVP_ENCODE_CTX
-object or NULL on error.
-
-EVP_ENCODE_CTX_num() returns the number of bytes pending encoding or decoding in
-B<ctx>.
-
EVP_EncodeBlock() returns the number of bytes encoded excluding the NUL
terminator.
Matt Caswell
May 3, 2016, 9:58:11 AM5/3/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 5c6944593d3125800ae1a9b28d2efb6f870273c2 (commit)via 5dd94f1847c744929a3bd24819f1c99644bb18c7 (commit)
via 76564c8e7865ef45aa45d44d4d99979f181f8a74 (commit)
via b4d56b8ecb985ed8c8d3b757b5a728aa52143e41 (commit)
via d4b25980020821d4685752ecb9105c0902109ab5 (commit)
via 68595c0c2886e7942a14f98c17a55a88afb6c292 (commit)
from 643e8e972e54fa358935e5f8b7f5a8be9616d56b (commit)
- Log -----------------------------------------------------------------
commit 5c6944593d3125800ae1a9b28d2efb6f870273c2
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 3 14:47:32 2016 +0100
Prepare for 1.0.2i-dev
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 5dd94f1847c744929a3bd24819f1c99644bb18c7
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 3 14:46:41 2016 +0100
Prepare for 1.0.2h release
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 76564c8e7865ef45aa45d44d4d99979f181f8a74
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 3 14:46:41 2016 +0100
make update
Reviewed-by: Rich Salz <rs...@openssl.org>
commit b4d56b8ecb985ed8c8d3b757b5a728aa52143e41
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 3 09:37:23 2016 +0100
Update CHANGES and NEWS for the new release
Reviewed-by: Richard Levitte <lev...@openssl.org>
commit d4b25980020821d4685752ecb9105c0902109ab5
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Fri Apr 15 02:37:09 2016 +0100
Fix ASN1_INTEGER handling.
Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.
Thanks to David Benjamin <davi...@google.com> for reporting this bug.
This was found using libFuzzer.
RT#4364 (part)CVE-2016-2108.
Reviewed-by: Emilia Käsper <emi...@openssl.org>
commit 68595c0c2886e7942a14f98c17a55a88afb6c292
Author: Kurt Roeckx <ku...@roeckx.be>
Date: Sat Apr 16 23:08:56 2016 +0200
Check that we have enough padding characters.
Reviewed-by: Emilia Käsper <emi...@openssl.org>
CVE-2016-2107
MR: #2572
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 89 +++++++++++++++++++++++++++++++++++++-
NEWS | 15 ++++++-
README | 2 +-
crypto/asn1/a_type.c | 2 -
crypto/asn1/tasn_dec.c | 2 -
crypto/asn1/tasn_enc.c | 2 -
crypto/evp/Makefile | 13 +++---
crypto/evp/e_aes_cbc_hmac_sha1.c | 3 ++
crypto/evp/e_aes_cbc_hmac_sha256.c | 3 ++
crypto/opensslv.h | 6 +--
openssl.spec | 2 +-
11 files changed, 120 insertions(+), 19 deletions(-)
diff --git a/CHANGES b/CHANGES
index 2d73627..c3d3d7a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,94 @@
OpenSSL CHANGES
_______________
- Changes between 1.0.2g and 1.0.2h [xx XXX xxxx]
+ Changes between 1.0.2h and 1.0.2i [xx XXX xxxx]
+
+ *)
+
+ Changes between 1.0.2g and 1.0.2h [3 May 2016]
+
+ *) Prevent padding oracle in AES-NI CBC MAC check
+
+ A MITM attacker can use a padding oracle attack to decrypt traffic
+ when the connection uses an AES CBC cipher and the server support
+ AES-NI.
+
+ This issue was introduced as part of the fix for Lucky 13 padding
+ attack (CVE-2013-0169). The padding check was rewritten to be in
+ constant time by making sure that always the same bytes are read and
+ compared against either the MAC or padding bytes. But it no longer
+ checked that there was enough data to have both the MAC and padding
+ bytes.
+
+ This issue was reported by Juraj Somorovsky using TLS-Attacker.
+ (CVE-2016-2107)
+ [Kurt Roeckx]
+
+ *) Fix EVP_EncodeUpdate overflow
+
+ An overflow can occur in the EVP_EncodeUpdate() function which is used for
+ Base64 encoding of binary data. If an attacker is able to supply very large
+ amounts of input data then a length check can overflow resulting in a heap
+ corruption.
+
+ Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
+ the PEM_write_bio* family of functions. These are mainly used within the
+ OpenSSL command line applications, so any application which processes data
+ from an untrusted source and outputs it as a PEM file should be considered
+ vulnerable to this issue. User applications that call these APIs directly
+ with large amounts of untrusted data may also be vulnerable.
+
+ This issue was reported by Guido Vranken.
+ (CVE-2016-2105)
+ [Matt Caswell]
+
+ *) Fix EVP_EncryptUpdate overflow
+
+ An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
+ is able to supply very large amounts of input data after a previous call to
+ EVP_EncryptUpdate() with a partial block then a length check can overflow
+ resulting in a heap corruption. Following an analysis of all OpenSSL
+ internal usage of the EVP_EncryptUpdate() function all usage is one of two
+ forms. The first form is where the EVP_EncryptUpdate() call is known to be
+ the first called function after an EVP_EncryptInit(), and therefore that
+ specific call must be safe. The second form is where the length passed to
+ EVP_EncryptUpdate() can be seen from the code to be some small value and
+ therefore there is no possibility of an overflow. Since all instances are
+ one of these two forms, it is believed that there can be no overflows in
+ internal code due to this problem. It should be noted that
+ EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
+ Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
+ of these calls have also been analysed too and it is believed there are no
+ instances in internal usage where an overflow could occur.
+
+ This issue was reported by Guido Vranken.
+ (CVE-2016-2106)
+ [Matt Caswell]
+
+ *) Prevent ASN.1 BIO excessive memory allocation
+
+ When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
+ a short invalid encoding can casuse allocation of large amounts of memory
+ potentially consuming excessive resources or exhausting memory.
+
+ Any application parsing untrusted data through d2i BIO functions is
+ affected. The memory based functions such as d2i_X509() are *not* affected.
+ Since the memory based functions are used by the TLS library, TLS
+ applications are not affected.
+
+ This issue was reported by Brian Carpenter.
+ (CVE-2016-2109)
+ [Stephen Henson]
+
+ *) EBCDIC overread
+
+ ASN1 Strings that are over 1024 bytes can cause an overread in applications
+ using the X509_NAME_oneline() function on EBCDIC systems. This could result
+ in arbitrary stack data being returned in the buffer.
+
+ This issue was reported by Guido Vranken.
+ (CVE-2016-2176)
+ [Matt Caswell]
*) Modify behavior of ALPN to invoke callback after SNI/servername
callback, such that updates to the SSL_CTX affect ALPN.
diff --git a/NEWS b/NEWS
index 4737636..1d59f3e 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,23 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
- Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [under development]
+ Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [under development]
o
+ Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
+
+ o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
+ o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
+ o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
+ o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
+ o EBCDIC overread (CVE-2016-2176)
+ o Modify behavior of ALPN to invoke callback after SNI/servername
+ callback, such that updates to the SSL_CTX affect ALPN.
+ o Remove LOW from the DEFAULT cipher list. This removes singles DES from
+ the default.
+ o Only remove the SSLv2 methods with the no-ssl2-method option.
+
Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
diff --git a/README b/README
index bb2e4c6..a065f68 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2h-dev
+ OpenSSL 1.0.2i-dev
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index af79530..bb166e8 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -126,9 +126,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
result = 0; /* They do not have content. */
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
case V_ASN1_BIT_STRING:
case V_ASN1_OCTET_STRING:
case V_ASN1_SEQUENCE:
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 5a50796..6bdcd5c 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -901,9 +901,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
tint = (ASN1_INTEGER **)pval;
if (!c2i_ASN1_INTEGER(tint, &cont, len))
goto err;
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index f04a689..f7f83e5 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -611,9 +611,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
break;
case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
/*
* These are all have the same content format as ASN1_INTEGER
*/
diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
index aaaad98..fa138d0 100644
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -199,8 +199,8 @@ e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/bio.h
+e_aes_cbc_hmac_sha1.o: ../../e_os.h ../../include/openssl/aes.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h
@@ -214,9 +214,9 @@ e_aes_cbc_hmac_sha1.o: ../../include/openssl/rand.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
-e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../modes/modes_lcl.h
-e_aes_cbc_hmac_sha1.o: e_aes_cbc_hmac_sha1.c
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/aes.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+e_aes_cbc_hmac_sha1.o: ../modes/modes_lcl.h e_aes_cbc_hmac_sha1.c
+e_aes_cbc_hmac_sha256.o: ../../e_os.h ../../include/openssl/aes.h
e_aes_cbc_hmac_sha256.o: ../../include/openssl/asn1.h
e_aes_cbc_hmac_sha256.o: ../../include/openssl/bio.h
e_aes_cbc_hmac_sha256.o: ../../include/openssl/crypto.h
@@ -232,7 +232,8 @@ e_aes_cbc_hmac_sha256.o: ../../include/openssl/rand.h
e_aes_cbc_hmac_sha256.o: ../../include/openssl/safestack.h
e_aes_cbc_hmac_sha256.o: ../../include/openssl/sha.h
e_aes_cbc_hmac_sha256.o: ../../include/openssl/stack.h
-e_aes_cbc_hmac_sha256.o: ../../include/openssl/symhacks.h ../modes/modes_lcl.h
+e_aes_cbc_hmac_sha256.o: ../../include/openssl/symhacks.h
+e_aes_cbc_hmac_sha256.o: ../constant_time_locl.h ../modes/modes_lcl.h
e_aes_cbc_hmac_sha256.o: e_aes_cbc_hmac_sha256.c
e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 8330964..6dfd590 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -60,6 +60,7 @@
# include <openssl/sha.h>
# include <openssl/rand.h>
# include "modes_lcl.h"
+# include "constant_time_locl.h"
# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
@@ -578,6 +579,8 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
+ ret &= constant_time_ge(maxpad, pad);
+
inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 3780021..46c9d03 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -60,6 +60,7 @@
# include <openssl/sha.h>
# include <openssl/rand.h>
# include "modes_lcl.h"
+# include "constant_time_locl.h"
# ifndef EVP_CIPH_FLAG_AEAD_CIPHER
# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000
@@ -589,6 +590,8 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
maxpad &= 255;
+ ret &= constant_time_ge(maxpad, pad);
+
inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1)));
inp_len &= mask;
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
index d6d671a..2db36ac 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x10002080L
+# define OPENSSL_VERSION_NUMBER 0x10002090L
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2h-fips-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2i-fips-dev xx XXX xxxx"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2h-dev xx XXX xxxx"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2i-dev xx XXX xxxx"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/openssl.spec b/openssl.spec
index 55c05c4..e63771f 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -6,7 +6,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 1.0.2h
+Version: 1.0.2i
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
Dr. Stephen Henson
May 4, 2016, 8:01:31 AM5/4/16
to
The branch OpenSSL_1_0_2-stable has been updated
via b8c75aab217842e527bd6dbe21d1908484edfb03 (commit)
via 9dfd498af8f3993e1b72080a6fdeb723f4523ed8 (commit)
from 5c6944593d3125800ae1a9b28d2efb6f870273c2 (commit)
- Log -----------------------------------------------------------------
commit b8c75aab217842e527bd6dbe21d1908484edfb03
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Tue May 3 15:05:31 2016 +0100
Fix double free in d2i_PrivateKey().
RT#4527
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 3340e8bb186f689df5720352f65a9c0c42b6046b)
commit 9dfd498af8f3993e1b72080a6fdeb723f4523ed8
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Tue May 3 15:21:41 2016 +0100
add documentation
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit b1b3e14fbeb373a288ba20402600e071e6f402f8)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/d2i_pr.c | 8 +++---
doc/crypto/d2i_PrivateKey.pod | 59 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 64 insertions(+), 3 deletions(-)
create mode 100644 doc/crypto/d2i_PrivateKey.pod
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index d21829a..86dcf5f 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -97,15 +97,17 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
if (!ret->ameth->old_priv_decode ||
!ret->ameth->old_priv_decode(ret, &p, length)) {
if (ret->ameth->priv_decode) {
+ EVP_PKEY *tmp;
PKCS8_PRIV_KEY_INFO *p8 = NULL;
p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
if (!p8)
goto err;
- EVP_PKEY_free(ret);
- ret = EVP_PKCS82PKEY(p8);
+ tmp = EVP_PKCS82PKEY(p8);
PKCS8_PRIV_KEY_INFO_free(p8);
- if (ret == NULL)
+ if (tmp == NULL)
goto err;
+ EVP_PKEY_free(ret);
+ ret = tmp;
} else {
ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
goto err;
diff --git a/doc/crypto/d2i_PrivateKey.pod b/doc/crypto/d2i_PrivateKey.pod
new file mode 100644
index 0000000..e06ab6c
--- /dev/null
+++ b/doc/crypto/d2i_PrivateKey.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+d2i_Private_key, d2i_AutoPrivateKey, i2d_PrivateKey - decode and encode
+
+=head1 NAME
+
+functions for reading and saving EVP_PKEY structures.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ long length);
+ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+ long length);
+ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+d2i_PrivateKey() decodes a private key using algorithm B<type>. It attempts to
+use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The
+B<type> parameter should be a public key algorithm constant such as
+B<EVP_PKEY_RSA>. An error occurs if the decoded key does not match B<type>.
+
+d2i_AutoPrivateKey() is similar to d2i_PrivateKey() except it attempts to
+automatically detect the private key format.
+
+i2d_PrivateKey() encodes B<key>. It uses a key specific format or, if none is
+defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format.
+
+These functions are similar to the d2i_X509() functions, and you should refer to
+that page for a detailed description (see L<d2i_X509(3)>).
+
+=head1 NOTES
+
+All these functions use DER format and unencrypted keys. Applications wishing
+to encrypt or decrypt private keys should use other functions such as
+d2i_PKC8PrivateKey() instead.
+
+If the B<*a> is not NULL when calling d2i_PrivateKey() or d2i_AutoPrivateKey()
+(i.e. an existing structure is being reused) and the key format is PKCS#8
+then B<*a> will be freed and replaced on a successful call.
+
+=head1 RETURN VALUES
+
+d2i_PrivateKey() and d2i_AutoPrivateKey() return a valid B<EVP_KEY> structure
+=head1 RETURN VALUES
+
+or B<NULL> if an error occurs. The error code can be obtained by calling
+L<ERR_get_error(3)>.
+
+i2d_PrivateKey() returns the number of bytes successfully encoded or a
+negative value if an error occurs. The error code can be obtained by calling
+L<ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<crypto(3)>,
+=head1 SEE ALSO
+
+L<d2i_PKCS8PrivateKey(3)>
+
+=cut
Dr. Stephen Henson
May 4, 2016, 12:45:27 PM5/4/16
to
The branch OpenSSL_1_0_2-stable has been updated
via a1eef756cc1948ed4d1f175d97367aa2b24d962d (commit)
from b8c75aab217842e527bd6dbe21d1908484edfb03 (commit)
- Log -----------------------------------------------------------------
commit a1eef756cc1948ed4d1f175d97367aa2b24d962d
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Wed May 4 16:09:06 2016 +0100
Fix name length limit check.
The name length limit check in x509_name_ex_d2i() includes
the containing structure as well as the actual X509_NAME. This will
cause large CRLs to be rejected.
Fix by limiting the length passed to ASN1_item_ex_d2i() which will
then return an error if the passed X509_NAME exceeds the length.
RT#4531
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 4e0d184ac1dde845ba9574872e2ae5c903c81dff)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/x_name.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index a858c29..26378fd 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -199,10 +199,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
int i, j, ret;
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
- if (len > X509_NAME_MAX) {
STACK_OF(X509_NAME_ENTRY) *entries;
X509_NAME_ENTRY *entry;
- ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
- return 0;
- }
+ if (len > X509_NAME_MAX)
+ len = X509_NAME_MAX;
q = p;
/* Get internal representation of Name */
/* Get internal representation of Name */
Richard Levitte
May 5, 2016, 5:04:19 AM5/5/16
to
The branch OpenSSL_1_0_2-stable has been updated
via b9284c75acc2db7bd117b7759a640b90a8e37ae6 (commit)
from a1eef756cc1948ed4d1f175d97367aa2b24d962d (commit)
- Log -----------------------------------------------------------------
commit b9284c75acc2db7bd117b7759a640b90a8e37ae6
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 4 14:44:10 2016 +0200
Check return of PEM_write_* functions and report possible errors
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1025)
(cherry picked from commit c73aa309049c4f04ec81f0f1cf552eab8456a16e)
-----------------------------------------------------------------------
Summary of changes:
apps/pkcs12.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index cbb75b7..4e43c66 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -832,6 +832,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8;
X509 *x509;
+ int ret = 0;
switch (M_PKCS12_bag_type(bag)) {
case NID_keyBag:
@@ -844,7 +845,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
if (!(pkey = EVP_PKCS82PKEY(p8)))
return 0;
print_attribs(out, p8->attributes, "Key Attributes");
- PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+ ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
@@ -864,7 +865,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
}
print_attribs(out, p8->attributes, "Key Attributes");
PKCS8_PRIV_KEY_INFO_free(p8);
- PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+ ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
EVP_PKEY_free(pkey);
break;
@@ -884,7 +885,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
if (!(x509 = PKCS12_certbag2x509(bag)))
return 0;
dump_cert_text(out, x509);
- PEM_write_bio_X509(out, x509);
+ ret = PEM_write_bio_X509(out, x509);
X509_free(x509);
break;
@@ -902,7 +903,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
return 1;
break;
}
- return 1;
+ return ret;
}
/* Given a single certificate return a verified chain or NULL if error */
Dr. Stephen Henson
May 5, 2016, 6:58:19 PM5/5/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 493d732ab1f0311d925e6b9d56f0003012f93353 (commit)
from b9284c75acc2db7bd117b7759a640b90a8e37ae6 (commit)
- Log -----------------------------------------------------------------
commit 493d732ab1f0311d925e6b9d56f0003012f93353
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon Mar 21 15:48:51 2016 +0000
Always try to set ASN.1 parameters for CMS.
Try to set the ASN.1 parameters for CMS encryption even if the IV
length is zero as the underlying cipher should still set the type.
This will correctly result in errors if an attempt is made to use
an unsupported cipher type.
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 3fd60dc42288591737a35a90368d72dbd00fdef8)
Conflicts:
crypto/cms/cms_enc.c
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_enc.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index b14b4b6..9f8e514 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -180,17 +180,20 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
goto err;
}
- if (piv) {
- calg->parameter = ASN1_TYPE_new();
- if (!calg->parameter) {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
- goto err;
- }
+ calg->parameter = ASN1_TYPE_new();
+ if (calg->parameter == NULL) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+ goto err;
+ }
+ /* If parameter type not set omit parameter */
+ if (calg->parameter->type == V_ASN1_UNDEF) {
+ ASN1_TYPE_free(calg->parameter);
+ calg->parameter = NULL;
}
ok = 1;
Dr. Stephen Henson
May 5, 2016, 7:04:23 PM5/5/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 0c4465ede7847227e2958e8a3fbcc0bc98af0e06 (commit)
from 493d732ab1f0311d925e6b9d56f0003012f93353 (commit)
- Log -----------------------------------------------------------------
commit 0c4465ede7847227e2958e8a3fbcc0bc98af0e06
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu May 5 22:17:05 2016 +0100
Use default ASN.1 for SEED.
The default ASN.1 handling can be used for SEED. This also makes
CMS work with SEED.
PR#4504
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit c0aa8c274843c5b8a70d70fc05d71fa3dfd510db)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/e_seed.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c
index 7249d1b..3d01eac 100644
--- a/crypto/evp/e_seed.c
+++ b/crypto/evp/e_seed.c
@@ -70,7 +70,8 @@ typedef struct {
} EVP_SEED_KEY;
IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
- 16, 16, 16, 128, 0, seed_init_key, 0, 0, 0, 0)
+ 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+ seed_init_key, 0, 0, 0, 0)
static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
Dr. Stephen Henson
May 6, 2016, 4:15:06 PM5/6/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 6e216ba689c38cf8183dbe09d00af644b3d7bc10 (commit)
from 0c4465ede7847227e2958e8a3fbcc0bc98af0e06 (commit)
- Log -----------------------------------------------------------------
commit 6e216ba689c38cf8183dbe09d00af644b3d7bc10
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Fri May 6 19:27:49 2016 +0100
Only set CMS parameter when encrypting
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 708cf5ded249f871fcd5e3de27d9281b1f37ae71)
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_enc.c | 31 ++++++++++++++++---------------
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 9f8e514..e282c9d 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -179,21 +179,22 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
CMS_R_CIPHER_INITIALISATION_ERROR);
goto err;
}
-
- calg->parameter = ASN1_TYPE_new();
- if (calg->parameter == NULL) {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
- goto err;
- }
- /* If parameter type not set omit parameter */
- goto err;
- }
- if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
- goto err;
- }
- if (calg->parameter->type == V_ASN1_UNDEF) {
- ASN1_TYPE_free(calg->parameter);
- calg->parameter = NULL;
+ if (enc) {
+ calg->parameter = ASN1_TYPE_new();
+ if (calg->parameter == NULL) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+ goto err;
+ }
+ /* If parameter type not set omit parameter */
+ if (calg->parameter->type == V_ASN1_UNDEF) {
+ ASN1_TYPE_free(calg->parameter);
+ calg->parameter = NULL;
+ }
+ if (calg->parameter == NULL) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+ goto err;
+ }
+ /* If parameter type not set omit parameter */
+ if (calg->parameter->type == V_ASN1_UNDEF) {
+ ASN1_TYPE_free(calg->parameter);
+ calg->parameter = NULL;
}
ok = 1;
Dr. Stephen Henson
May 6, 2016, 4:51:44 PM5/6/16
to
The branch OpenSSL_1_0_2-stable has been updated
via b1f8ba4dc7032a061d60b960c393178263e4a471 (commit)
via 06227924ad77fee9ead79189328aebf078c37add (commit)
from 6e216ba689c38cf8183dbe09d00af644b3d7bc10 (commit)
- Log -----------------------------------------------------------------
commit b1f8ba4dc7032a061d60b960c393178263e4a471
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Fri May 6 03:46:09 2016 +0100
Constify PKCS12_newpass()
PR#4449
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 049f5bbce3eebdf4ec2030042eb2ae64bb67aedb)
Conflicts:
doc/crypto/PKCS12_newpass.pod
commit 06227924ad77fee9ead79189328aebf078c37add
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Thu May 5 15:37:23 2016 +0100
Tidy up PKCS12_newpass() fix memory leaks.
PR#4466
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit d800d0f45b7618c30692c01d4dbf96042468b932)
Conflicts:
crypto/pkcs12/p12_npas.c
-----------------------------------------------------------------------
Summary of changes:
crypto/pkcs12/p12_npas.c | 113 ++++++++++++++++++++++-------------------------
crypto/pkcs12/pkcs12.h | 2 +-
2 files changed, 55 insertions(+), 60 deletions(-)
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index a89b61a..9e8ebb2 100644
--- a/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
@@ -66,17 +66,18 @@
/* PKCS#12 password change routine */
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
- char *newpass);
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+ const char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+ const char *newpass);
static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
/*
* Change the password on a PKCS#12 structure.
*/
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
{
/* Check for NULL PKCS12 structure */
@@ -103,20 +104,21 @@ int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
/* Parse the outer PKCS#12 structure */
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
{
- STACK_OF(PKCS7) *asafes, *newsafes;
- STACK_OF(PKCS12_SAFEBAG) *bags;
+ STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL;
+ STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
PKCS7 *p7, *p7new;
- ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
+ ASN1_OCTET_STRING *p12_data_tmp = NULL;
unsigned char mac[EVP_MAX_MD_SIZE];
unsigned int maclen;
+ int rv = 0;
- if (!(asafes = PKCS12_unpack_authsafes(p12)))
- return 0;
- if (!(newsafes = sk_PKCS7_new_null()))
- return 0;
+ if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+ goto err;
+ if ((newsafes = sk_PKCS7_new_null()) == NULL)
+ goto err;
for (i = 0; i < sk_PKCS7_num(asafes); i++) {
p7 = sk_PKCS7_value(asafes, i);
bagnid = OBJ_obj2nid(p7->type);
@@ -125,67 +127,57 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
} else if (bagnid == NID_pkcs7_encrypted) {
bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
if (!alg_get(p7->d.encrypted->enc_data->algorithm,
- &pbe_nid, &pbe_iter, &pbe_saltlen)) {
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- bags = NULL;
- }
- } else
+ &pbe_nid, &pbe_iter, &pbe_saltlen))
+ goto err;
+ } else {
continue;
- if (!bags) {
- sk_PKCS7_pop_free(asafes, PKCS7_free);
- return 0;
- }
- if (!newpass_bags(bags, oldpass, newpass)) {
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- sk_PKCS7_pop_free(asafes, PKCS7_free);
- return 0;
}
+ if (bags == NULL)
+ goto err;
+ if (!newpass_bags(bags, oldpass, newpass))
+ goto err;
/* Repack bag in same form with new password */
if (bagnid == NID_pkcs7_data)
p7new = PKCS12_pack_p7data(bags);
else
p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
pbe_saltlen, pbe_iter, bags);
+ if (!p7new || !sk_PKCS7_push(newsafes, p7new))
+ goto err;
sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- if (!p7new) {
- sk_PKCS7_pop_free(asafes, PKCS7_free);
- return 0;
- }
- sk_PKCS7_push(newsafes, p7new);
+ bags = NULL;
}
- sk_PKCS7_pop_free(asafes, PKCS7_free);
/* Repack safe: save old safe in case of error */
p12_data_tmp = p12->authsafes->d.data;
- if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new()))
- goto saferr;
+ if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL)
+ goto err;
if (!PKCS12_pack_authsafes(p12, newsafes))
- goto saferr;
-
+ goto err;
if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
- goto saferr;
- if (!(macnew = ASN1_OCTET_STRING_new()))
- goto saferr;
- if (!ASN1_OCTET_STRING_set(macnew, mac, maclen))
- goto saferr;
- ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
- p12->mac->dinfo->digest = macnew;
- ASN1_OCTET_STRING_free(p12_data_tmp);
-
- return 1;
-
- saferr:
- /* Restore old safe */
- ASN1_OCTET_STRING_free(p12->authsafes->d.data);
- ASN1_OCTET_STRING_free(macnew);
- p12->authsafes->d.data = p12_data_tmp;
- return 0;
-
+ goto err;
+ if (!ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))
+ goto err;
+
+ rv = 1;
+
+err:
+ /* Restore old safe if necessary */
+ if (rv == 1) {
+ ASN1_OCTET_STRING_free(p12_data_tmp);
+ } else if (p12_data_tmp != NULL) {
+ ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+ p12->authsafes->d.data = p12_data_tmp;
+ }
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
+ sk_PKCS7_pop_free(newsafes, PKCS7_free);
+ return rv;
}
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
- char *newpass)
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+ const char *newpass)
{
int i;
for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
@@ -197,7 +189,8 @@ static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
/* Change password of safebag: only needs handle shrouded keybags */
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+ const char *newpass)
{
PKCS8_PRIV_KEY_INFO *p8;
X509_SIG *p8new;
@@ -210,8 +203,10 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
return 0;
if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen))
return 0;
- if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
- p8_iter, p8)))
+ p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+ p8_iter, p8);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ if (p8new == NULL)
return 0;
X509_SIG_free(bag->value.shkeybag);
bag->value.shkeybag = p8new;
diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h
index a39adf5..21f1f62 100644
--- a/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
@@ -270,7 +270,7 @@ int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
/* BEGIN ERROR CODES */
/*
Dr. Stephen Henson
May 8, 2016, 9:10:06 PM5/8/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 2b4825d0bb6057e44717007a54797df72babdb7e (commit)
from b1f8ba4dc7032a061d60b960c393178263e4a471 (commit)
- Log -----------------------------------------------------------------
commit 2b4825d0bb6057e44717007a54797df72babdb7e
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Mon May 9 00:06:02 2016 +0100
Only call FIPS_update, FIPS_final in FIPS mode.
RT#3826
Reviewed-by: Tim Hudson <t...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/digest.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 5b642b2..ee4296e 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -253,10 +253,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
{
#ifdef OPENSSL_FIPS
- return FIPS_digestupdate(ctx, data, count);
-#else
- return ctx->update(ctx, data, count);
+ if (FIPS_mode())
+ return FIPS_digestupdate(ctx, data, count);
#endif
+ return ctx->update(ctx, data, count);
}
/* The caller can assume that this removes any secret data from the context */
@@ -271,10 +271,11 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
/* The caller can assume that this removes any secret data from the context */
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
-#ifdef OPENSSL_FIPS
- return FIPS_digestfinal(ctx, md, size);
-#else
int ret;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return FIPS_digestfinal(ctx, md, size);
+#endif
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret = ctx->digest->final(ctx, md);
@@ -286,7 +287,6 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
}
memset(ctx->md_data, 0, ctx->digest->ctx_size);
return ret;
-#endif
}
int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
Matt Caswell
May 9, 2016, 12:10:57 PM5/9/16
to
The branch OpenSSL_1_0_2-stable has been updated
via d516d7a94098a284e35dfcf62b81be0cc771e120 (commit)
from 2b4825d0bb6057e44717007a54797df72babdb7e (commit)
- Log -----------------------------------------------------------------
commit d516d7a94098a284e35dfcf62b81be0cc771e120
Author: Matt Caswell <ma...@openssl.org>
Date: Mon May 9 15:04:11 2016 +0100
Fix BIO_eof() for BIO pairs
BIO_eof() was always returning true when using a BIO pair. It should only
be true if the peer BIO is empty and has been shutdown.
RT#1215
Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 3105d695358d86c0f2a404b2b74a1870b941ce5e)
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/bss_bio.c | 15 +++++++--------
doc/crypto/BIO_s_bio.pod | 3 +++
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
index 4d8727f..202cc36 100644
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -655,16 +655,15 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
break;
case BIO_CTRL_EOF:
- {
- BIO *other_bio = ptr;
-
- if (other_bio) {
- struct bio_bio_st *other_b = other_bio->ptr;
+ if (b->peer != NULL) {
+ struct bio_bio_st *peer_b = b->peer->ptr;
- assert(other_b != NULL);
- ret = other_b->len == 0 && other_b->closed;
- } else
+ if (peer_b->len == 0 && peer_b->closed)
ret = 1;
+ else
+ ret = 0;
+ } else {
+ ret = 1;
}
break;
diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod
index 8d0a55a..9fe88b2 100644
--- a/doc/crypto/BIO_s_bio.pod
+++ b/doc/crypto/BIO_s_bio.pod
@@ -120,6 +120,9 @@ the application then waits for data to be available on the underlying transport
before flushing the write buffer it will never succeed because the request was
never sent!
+BIO_eof() is true if no data is in the peer BIO and the peer BIO has been
+shutdown.
+
=head1 RETURN VALUES
BIO_new_bio_pair() returns 1 on success, with the new BIOs available in
Dr. Stephen Henson
May 9, 2016, 12:57:29 PM5/9/16
to
The branch OpenSSL_1_0_2-stable has been updated
via b8943a511b58828c04a68016aedd5d9e40ee6df7 (commit)
from d516d7a94098a284e35dfcf62b81be0cc771e120 (commit)
- Log -----------------------------------------------------------------
commit b8943a511b58828c04a68016aedd5d9e40ee6df7
Author: David Benjamin <davi...@google.com>
Date: Sat Mar 5 19:49:20 2016 -0500
Don't send signature algorithms when client_version is below TLS 1.2.
Per RFC 5246,
Note: this extension is not meaningful for TLS versions prior to 1.2.
Clients MUST NOT offer it if they are offering prior versions.
However, even if clients do offer it, the rules specified in [TLSEXT]
require servers to ignore extensions they do not understand.
Although second sentence would suggest that there would be no interop
problems in always offering the extension, WebRTC has reported issues
with Bouncy Castle on < TLS 1.2 ClientHellos that still include
signature_algorithms. See also
https://bugs.chromium.org/p/webrtc/issues/detail?id=4223
RT#4390
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Stephen Henson <st...@openssl.org>
(cherry picked from commit f7aa318552c4ef62d902c480b59bd7c4513c0009)
Conflicts:
ssl/ssl_locl.h
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_locl.h | 6 ++++++
ssl/t1_lib.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 747e718..3dd2a54 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -491,6 +491,12 @@
# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s) \
((SSL_IS_DTLS(s) && s->client_version <= DTLS1_2_VERSION) || \
(!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION))
+/*
+ * Determine if a client should send signature algorithms extension:
+ * as with TLS1.2 cipher we can't rely on method flags.
+ */
+# define SSL_CLIENT_USE_SIGALGS(s) \
+ SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
/* Mostly for SSLv3 */
# define SSL_PKEY_RSA_ENC 0
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dd5bd00..fb64607 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1429,7 +1429,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
}
skip_ext:
- if (SSL_USE_SIGALGS(s)) {
+ if (SSL_CLIENT_USE_SIGALGS(s)) {
size_t salglen;
const unsigned char *salg;
salglen = tls12_get_psigalgs(s, &salg);
Richard Levitte
May 9, 2016, 4:30:41 PM5/9/16
to
The branch OpenSSL_1_0_2-stable has been updated
via a20dd9f951ae7a550a069617cd65918e0cece99e (commit)
from b8943a511b58828c04a68016aedd5d9e40ee6df7 (commit)
- Log -----------------------------------------------------------------
commit a20dd9f951ae7a550a069617cd65918e0cece99e
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 9 21:52:11 2016 +0200
Add NULL check in i2d_PrivateKey()
Originally submitted by Kurt Cancemi <ku...@x64architecture.com>
Closes RT#4533
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 59a56c4cf02bbf1efeda6c2a5893d5079db78ff3)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/i2d_pr.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
index 4d338ac..12966ec 100644
--- a/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c
@@ -69,10 +69,13 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
}
if (a->ameth && a->ameth->priv_encode) {
PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
- int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
- PKCS8_PRIV_KEY_INFO_free(p8);
+ int ret = 0;
+ if (p8 != NULL) {
+ ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ }
return ret;
}
ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
- return (-1);
+ return -1;
Dr. Stephen Henson
May 10, 2016, 11:52:45 AM5/10/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 2f460e1adb4b32addb390428e8a98c7169d46bfc (commit)
from a20dd9f951ae7a550a069617cd65918e0cece99e (commit)
- Log -----------------------------------------------------------------
commit 2f460e1adb4b32addb390428e8a98c7169d46bfc
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Tue May 10 16:39:52 2016 +0100
Typo.
RT#4538
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 981b5bb8efca8a8adbf6a567e3a401c586a694cc)
-----------------------------------------------------------------------
Summary of changes:
doc/apps/x509v3_config.pod | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod
index c82cea1..fb5f79c 100644
--- a/doc/apps/x509v3_config.pod
+++ b/doc/apps/x509v3_config.pod
@@ -104,7 +104,7 @@ Examples:
This extensions consists of a list of usages indicating purposes for which
the certificate public key can be used for,
-These can either be object short names of the dotted numerical form of OIDs.
+These can either be object short names or the dotted numerical form of OIDs.
While any OID can be used only certain values make sense. In particular the
following PKIX, NS and MS values are meaningful:
Rich Salz
May 10, 2016, 1:42:22 PM5/10/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 74d6762543335641e4155fd84deaba67cd0105e4 (commit)
from 2f460e1adb4b32addb390428e8a98c7169d46bfc (commit)
- Log -----------------------------------------------------------------
commit 74d6762543335641e4155fd84deaba67cd0105e4
Author: Rich Salz <rs...@openssl.org>
Date: Tue May 10 13:41:06 2016 -0400
GH837: Avoid double-free in OCSP parse.
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Dr. Stephen Henson <st...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/ocsp/ocsp_lib.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index cabf539..ff781e5 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -271,12 +271,18 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
err:
if (buf)
OPENSSL_free(buf);
- if (*ppath)
+ if (*ppath) {
OPENSSL_free(*ppath);
- if (*pport)
+ *ppath = NULL;
+ }
+ if (*pport) {
OPENSSL_free(*pport);
- if (*phost)
+ *pport = NULL;
+ }
+ if (*phost) {
OPENSSL_free(*phost);
+ *phost = NULL;
+ }
return 0;
Viktor Dukhovni
May 11, 2016, 1:50:50 AM5/11/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 36c37944909496a123e2656ad1f651769a7cc72f (commit)
from 74d6762543335641e4155fd84deaba67cd0105e4 (commit)
- Log -----------------------------------------------------------------
commit 36c37944909496a123e2656ad1f651769a7cc72f
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: Mon May 2 15:00:21 2016 -0400
Fix i2d_X509_AUX and update docs
When *pp is NULL, don't write garbage, return an unexpected pointer
or leak memory on error.
Reviewed-by: Dr. Stephen Henson <st...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/d2i_X509.pod | 14 ++++++++++++-
2 files changed, 65 insertions(+), 3 deletions(-)
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index e31e1e7..aada4a8 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -199,12 +199,26 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
return NULL;
}
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
+/*
+ * Serialize trusted certificate to *pp or just return the required buffer
+ * length if pp == NULL. We ultimately want to avoid modifying *pp in the
+ * error path, but that depends on similar hygiene in lower-level functions.
+ * Here we avoid compounding the problem.
+ */
+static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
{
int length, tmplen;
unsigned char *start = pp != NULL ? *pp : NULL;
+
+ OPENSSL_assert(pp == NULL || *pp != NULL);
+
+ /*
+ * This might perturb *pp on error, but fixing that belongs in i2d_X509()
+ * not here. It should be that if a == NULL length is zero, but we check
+ * both just in case.
+ */
length = i2d_X509(a, pp);
- if (length < 0 || a == NULL)
+ if (length <= 0 || a == NULL)
return length;
tmplen = i2d_X509_CERT_AUX(a->aux, pp);
@@ -218,6 +232,42 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
tmplen = i2d_X509_CERT_AUX(a->aux, pp);
return length;
}
+/*
+ * Serialize trusted certificate to *pp, or just return the required buffer
+ * length if pp == NULL.
+ *
+ * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
+ * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
+ * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
+ * allocated buffer.
+ */
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+ int length;
+ unsigned char *tmp;
+
+ /* Buffer provided by caller */
+ if (pp == NULL || *pp != NULL)
+ return i2d_x509_aux_internal(a, pp);
+
+ /* Obtain the combined length */
+ if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
+ return length;
+
+ /* Allocate requisite combined storage */
+ *pp = tmp = OPENSSL_malloc(length);
+ if (tmp == NULL)
+ return -1; /* Push error onto error stack? */
+
+ /* Encode, but keep *pp at the originally malloced pointer */
+ length = i2d_x509_aux_internal(a, &tmp);
+ if (length <= 0) {
+ OPENSSL_free(*pp);
+ *pp = NULL;
+ }
+ return length;
+}
+
int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
+}
+
{
x->cert_info->enc.modified = 1;
diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
index 5b7c16f..2743bc7 100644
--- a/doc/crypto/d2i_X509.pod
+++ b/doc/crypto/d2i_X509.pod
@@ -9,8 +9,10 @@ i2d_X509_fp - X509 encode and decode functions
#include <openssl/x509.h>
- X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
+ X509 *d2i_X509(X509 **px, const unsigned char **in, long len);
+ X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len);
int i2d_X509(X509 *x, unsigned char **out);
+ int i2d_X509_AUX(X509 *x, unsigned char **out);
X509 *d2i_X509_bio(BIO *bp, X509 **x);
X509 *d2i_X509_fp(FILE *fp, X509 **x);
@@ -37,6 +39,11 @@ below, and the discussion in the RETURN VALUES section).
If the call is successful B<*in> is incremented to the byte following the
parsed data.
+d2i_X509_AUX() is similar to d2i_X509() but the input is expected to consist of
+an X509 certificate followed by auxiliary trust information.
+This is used by the PEM routines to read "TRUSTED CERTIFICATE" objects.
+This function should not be called on untrusted input.
+
i2d_X509() encodes the structure pointed to by B<x> into DER format.
If B<out> is not B<NULL> is writes the DER encoded data to the buffer
at B<*out>, and increments it to point after the data just written.
@@ -48,6 +55,11 @@ allocated for a buffer and the encoded data written to it. In this
case B<*out> is not incremented and it points to the start of the
data just written.
+i2d_X509_AUX() is similar to i2d_X509(), but the encoded output contains both
+the certificate and any auxiliary trust information.
+This is used by the PEM routines to write "TRUSTED CERTIFICATE" objects.
+Note, this is a non-standard OpenSSL-specific data format.
+
d2i_X509_bio() is similar to d2i_X509() except it attempts
to parse data from BIO B<bp>.
Dr. Stephen Henson
May 11, 2016, 8:16:03 AM5/11/16
to
The branch OpenSSL_1_0_2-stable has been updated
via a6eec3574e220fe83b95be048106ed3add80942a (commit)
from 36c37944909496a123e2656ad1f651769a7cc72f (commit)
- Log -----------------------------------------------------------------
commit a6eec3574e220fe83b95be048106ed3add80942a
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Tue May 10 20:30:00 2016 +0100
Add -signcert to CA.pl usage message.
RT#4256
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit c1176ebf298ffa0bad0d368bd81aacbb30572a95)
Conflicts:
apps/CA.pl.in
-----------------------------------------------------------------------
Summary of changes:
apps/CA.pl.in | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index c783a6e..3bf4c99 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -64,7 +64,7 @@ $RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
@@ -186,4 +186,3 @@ while (<IN>) {
}
}
}
-
Dr. Stephen Henson
May 11, 2016, 1:57:48 PM5/11/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 48bacd31e88421fa413f0a62ef8e0285e3dbd402 (commit)
from a6eec3574e220fe83b95be048106ed3add80942a (commit)
- Log -----------------------------------------------------------------
commit 48bacd31e88421fa413f0a62ef8e0285e3dbd402
Author: Steven Valdez <sva...@google.com>
Date: Tue Mar 1 13:20:43 2016 -0500
Adding missing BN_CTX_(start/end) in crypto/ec/ec_key.c
RT#4363
(cherry picked from commit 2ab851b779a77d119e1677b2495b368a46d83eef)
Conflicts:
crypto/ec/ec_key.c
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_key.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index bc94ab5..456080e 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -377,9 +377,9 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
return 0;
}
ctx = BN_CTX_new();
- if (!ctx)
- goto err;
-
+ if (ctx == NULL)
+ return 0;
+ BN_CTX_start(ctx);
point = EC_POINT_new(key->group);
if (!point)
@@ -432,10 +432,9 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
ok = 1;
err:
- if (ctx)
- BN_CTX_free(ctx);
- if (point)
- EC_POINT_free(point);
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ EC_POINT_free(point);
return ok;
Rich Salz
May 11, 2016, 4:47:59 PM5/11/16
to
The branch OpenSSL_1_0_2-stable has been updated
via c393a5de99b5c565a124af8f69936dadde77184f (commit)
from 48bacd31e88421fa413f0a62ef8e0285e3dbd402 (commit)
- Log -----------------------------------------------------------------
commit c393a5de99b5c565a124af8f69936dadde77184f
Author: Rich Salz <rs...@openssl.org>
Date: Wed May 11 16:46:44 2016 -0400
Recommend GH over RT, per team vote.
Reviewed-by: Richard Levitte <lev...@openssl.org>
(Manual cherry-pick of f2b9c257216a27b568b3d5d703ca5bdd926c5c28)
-----------------------------------------------------------------------
Summary of changes:
CONTRIBUTING | 86 ++++++++++++++++++++++++++++++++++++++++--------------------
1 file changed, 58 insertions(+), 28 deletions(-)
diff --git a/CONTRIBUTING b/CONTRIBUTING
index 9d63d8a..1bfbc1b 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -1,38 +1,68 @@
-HOW TO CONTRIBUTE TO OpenSSL
-----------------------------
+HOW TO CONTRIBUTE TO PATCHES OpenSSL
+------------------------------------
-Development is coordinated on the openssl-dev mailing list (see
-http://www.openssl.org for information on subscribing). If you
-would like to submit a patch, send it to r...@openssl.org with
-the string "[PATCH]" in the subject. Please be sure to include a
-textual explanation of what your patch does.
-
-You can also make GitHub pull requests. If you do this, please also send
-mail to r...@openssl.org with a brief description and a link to the PR so
-that we can more easily keep track of it.
+(Please visit https://openssl.org/community/getting-started.html for
+other ideas about how to contribute.)
+Development is coordinated on the openssl-dev mailing list (see the
+above link or http://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
-OpenSSL community please discuss it on the openssl-dev mailing list first.
-Someone may be already working on the same thing or there may be a good
-reason as to why that feature isn't implemented.
+OpenSSL community you might want to discuss it on the openssl-dev mailing
+list first. Someone may be already working on the same thing or there
+may be a good reason as to why that feature isn't implemented.
-Patches should be as up to date as possible, preferably relative to the
-current Git or the last snapshot. They should follow our coding style
-(see https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag. OpenSSL compiles on many varied
-platforms: try to ensure you only use portable features.
+The best way to submit a patch is to make a pull request on GitHub.
+(It is not necessary to send mail to r...@openssl.org to open a ticket!)
+If you think the patch could use feedback from the community, please
+start a thread on openssl-dev.
-Our preferred format for patch files is "git format-patch" output. For example
-to provide a patch file containing the last commit in your local git repository
-use the following command:
+You can also submit patches by sending it as mail to rt@opensslorg.
+Please include the word "PATCH" and an explanation of what the patch
+does in the subject line. If you do this, our preferred format is "git
+format-patch" output. For example to provide a patch file containing the
+last commit in your local git repository use the following command:
-# git format-patch --stdout HEAD^ >mydiffs.patch
+ % git format-patch --stdout HEAD^ >mydiffs.patch
Another method of creating an acceptable patch file without using git is as
follows:
-# cd openssl-work
-# [your changes]
-# ./Configure dist; make clean
-# cd ..
-# diff -ur openssl-orig openssl-work > mydiffs.patch
+ % cd openssl-work
+ ...make your changes...
+ % ./Configure dist; make clean
+ % cd ..
+ % diff -ur openssl-orig openssl-work >mydiffs.patch
+
+Note that pull requests are generally easier for the team, and community, to
+work with. Pull requests benefit from all of the standard GitHub features,
+including code review tools, simpler integration, and CI build support.
+
+No matter how a patch is submitted, the following items will help make
+the acceptance and review process faster:
+
+ 1. Anything other than trivial contributions will require a contributor
+ licensing agreement, giving us permission to use your code. See
+ https://openssl.org/policies/cla.html for details.
+
+ 2. All source files should start with the following text (with
+ appropriate comment characters at the start of each line and the
+ year(s) updated):
+
+ Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
+
+ Licensed under the OpenSSL license (the "License"). You may not use
+ this file except in compliance with the License. You can obtain a copy
+ in the file LICENSE in the source distribution or at
+ https://www.openssl.org/source/license.html
+
+ 3. Patches should be as current as possible. When using GitHub, please
+ expect to have to rebase and update often.
+
+ 3. Patches should follow our coding style (see
+ https://www.openssl.org/policies/codingstyle.html) and compile without
+ warnings using the --strict-warnings flag. OpenSSL compiles on many
+ varied platforms: try to ensure you only use portable features.
+
+ 4. When at all possible, patches should include tests. These can either be
+ added to an existing test, or completely new. Please see test/README
+ for information on the test framework.
Richard Levitte
May 12, 2016, 11:44:23 AM5/12/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 93c9545d4dbc5d48924ecdb1c576f1d6f04555e3 (commit)
from c393a5de99b5c565a124af8f69936dadde77184f (commit)
- Log -----------------------------------------------------------------
commit 93c9545d4dbc5d48924ecdb1c576f1d6f04555e3
Author: Richard Levitte <lev...@openssl.org>
Date: Thu May 12 17:23:21 2016 +0200
Use RPMBUILD macros rather than hard coded paths in openssl.spec
RT#4522
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/openssl.spec b/openssl.spec
index e63771f..e4bf1b7 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,4 +1,5 @@
%define _unpackaged_files_terminate_build 0
+%define debug_package %{nil}
Release: 1
@@ -80,7 +81,7 @@ documentation and POD files from which the man pages were produced.
%build
-%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir}
+%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=%{_exec_prefix} --openssldir=%{openssldir}
perl util/perlpath.pl /usr/bin/perl
@@ -102,7 +103,7 @@ LD_LIBRARY_PATH=`pwd` make test
%install
rm -rf $RPM_BUILD_ROOT
-make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install
+make MANDIR=%{_mandir} MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install
# Make backwards-compatibility symlink to ssleay
ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
@@ -114,10 +115,12 @@ rm -rf $RPM_BUILD_ROOT
%defattr(0644,root,root,0755)
%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-%attr(0755,root,root) /usr/bin/*
-%attr(0755,root,root) /usr/lib/*.so*
+%attr(0755,root,root) %{_bindir}/*
+%attr(0755,root,root) %{_libdir}/*.so*
+%attr(0755,root,root) %{_libdir}/engines/*.so*
+%attr(0755,root,root) %{_libdir}/pkgconfig/*
%attr(0755,root,root) %{openssldir}/misc/*
-%attr(0644,root,root) /usr/man/man[157]/*
+%attr(0644,root,root) %{_mandir}/man[157]/*
%config %attr(0644,root,root) %{openssldir}/openssl.cnf
%dir %attr(0755,root,root) %{openssldir}/certs
@@ -128,10 +131,10 @@ rm -rf $RPM_BUILD_ROOT
%defattr(0644,root,root,0755)
%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-%attr(0644,root,root) /usr/lib/*.a
-%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc
-%attr(0644,root,root) /usr/include/openssl/*
-%attr(0644,root,root) /usr/man/man[3]/*
+%attr(0644,root,root) %{_libdir}/*.a
+%attr(0644,root,root) %{_libdir}/pkgconfig/openssl.pc
+%attr(0644,root,root) %{_includedir}/openssl/*
+%attr(0644,root,root) %{_mandir}/man[3]/*
%files doc
%defattr(0644,root,root,0755)
Richard Levitte
May 14, 2016, 2:08:00 PM5/14/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 688c10544d2ba32428830d0634e91233c20920c1 (commit)
from 93c9545d4dbc5d48924ecdb1c576f1d6f04555e3 (commit)
- Log -----------------------------------------------------------------
commit 688c10544d2ba32428830d0634e91233c20920c1
Author: isnotnick <isno...@users.noreply.github.com>
Date: Tue Dec 16 16:25:59 2014 +0100
RT3513: req doesn't display attributes using utf8string
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/t_req.c | 1 +
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 1 insertion(+)
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index 024553a..70aba4c 100644
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -196,6 +196,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
if (BIO_puts(bp, ":") <= 0)
goto err;
if ((type == V_ASN1_PRINTABLESTRING) ||
+ (type == V_ASN1_UTF8STRING) ||
(type == V_ASN1_T61STRING) ||
(type == V_ASN1_IA5STRING)) {
if (BIO_write(bp, (char *)bs->data, bs->length)
Richard Levitte
May 16, 2016, 11:48:23 AM5/16/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 05fc0bae8661aaca9b4c11071c1bd7bf06d1b90f (commit)
from 688c10544d2ba32428830d0634e91233c20920c1 (commit)
- Log -----------------------------------------------------------------
commit 05fc0bae8661aaca9b4c11071c1bd7bf06d1b90f
Author: Richard Levitte <lev...@openssl.org>
Date: Thu May 12 22:34:17 2016 +0200
Windows: Add CRYPT32.LIB to the libraries to link your app with
Reviewed-by: Matt Caswell <ma...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1064)
-----------------------------------------------------------------------
Summary of changes:
INSTALL.W32 | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/INSTALL.W32 b/INSTALL.W32
index 80e5382..bd10187 100644
--- a/INSTALL.W32
+++ b/INSTALL.W32
@@ -300,17 +300,17 @@
If you link with static OpenSSL libraries [those built with ms/nt.mak],
then you're expected to additionally link your application with
- WS2_32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
- non-interactive service applications might feel concerned about linking
- with the latter two, as they are justly associated with interactive
- desktop, which is not available to service processes. The toolkit is
- designed to detect in which context it's currently executed, GUI,
- console app or service, and act accordingly, namely whether or not to
- actually make GUI calls. Additionally those who wish to
- /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and actually keep them
- off service process should consider implementing and exporting from
- .exe image in question own _OPENSSL_isservice not relying on USER32.DLL.
- E.g., on Windows Vista and later you could:
+ WS2_32.LIB, GDI32.LIB, ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those
+ developing non-interactive service applications might feel concerned about
+ linking with GDI32.LIB and USER32.LIB, as they are justly associated with
+ interactive desktop, which is not available to service processes. The toolkit
+ is designed to detect in which context it's currently executed, GUI, console
+ app or service, and act accordingly, namely whether or not to actually make
+ GUI calls. Additionally those who wish to /DELAYLOAD:GDI32.DLL and
+ /DELAYLOAD:USER32.DLL and actually keep them off service process should
+ consider implementing and exporting from .exe image in question own
+ _OPENSSL_isservice not relying on USER32.DLL. E.g., on Windows Vista and
+ later you could:
__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{ DWORD sess;
Richard Levitte
May 16, 2016, 12:35:36 PM5/16/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 2a73576f89b7271018c064c7a4632f24c6dcfe65 (commit)
from 05fc0bae8661aaca9b4c11071c1bd7bf06d1b90f (commit)
- Log -----------------------------------------------------------------
commit 2a73576f89b7271018c064c7a4632f24c6dcfe65
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 16 15:39:50 2016 +0200
Documentation: Clarify sizes for UI_add_input_string()
The given sizes to not include the final NUL character.
RT#2622
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 727ee8cfeb2893d5aec4a6e571e9adf0667e9135)
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/ui.pod | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod
index 04f8e9c..2e94d8c 100644
--- a/doc/crypto/ui.pod
+++ b/doc/crypto/ui.pod
@@ -109,12 +109,12 @@ that's connected to it, like duplicated input strings, results and others.
UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
as well as flags and a result buffer and the desired minimum and maximum
-sizes of the result. The given information is used to prompt for
-information, for example a password, and to verify a password (i.e. having
-the user enter it twice and check that the same string was entered twice).
-UI_add_verify_string() takes and extra argument that should be a pointer
-to the result buffer of the input string that it's supposed to verify, or
-verification will fail.
+sizes of the result, not counting the final NUL character. The given
+information is used to prompt for information, for example a password,
+and to verify a password (i.e. having the user enter it twice and check
+that the same string was entered twice). UI_add_verify_string() takes
+and extra argument that should be a pointer to the result buffer of the
+input string that it's supposed to verify, or verification will fail.
UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
in a boolean way, with a single character for yes and a different character
Matt Caswell
May 17, 2016, 9:26:39 AM5/17/16
to
The branch OpenSSL_1_0_2-stable has been updated
via a79a40a9fe136b63f19b6756cd2a3ce6bd170f54 (commit)
from 2a73576f89b7271018c064c7a4632f24c6dcfe65 (commit)
- Log -----------------------------------------------------------------
commit a79a40a9fe136b63f19b6756cd2a3ce6bd170f54
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 17 09:23:36 2016 +0100
Fix SSL compression symbol exporting
Some compression related functions in libssl have dummy versions to be
used when compiled with no-comp. However those dummy functions were not
being exported on Windows so they are unusable when dynamically linked.
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl.h | 8 --------
ssl/ssl_ciph.c | 16 +++++++++++++---
ssl/ssl_lib.c | 4 ++--
util/ssleay.num | 20 ++++++++++----------
5 files changed, 27 insertions(+), 23 deletions(-)
diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h
index 9144ea2..364d262 100644
--- a/crypto/ossl_typ.h
+++ b/crypto/ossl_typ.h
@@ -178,6 +178,8 @@ typedef struct engine_st ENGINE;
typedef struct ssl_st SSL;
typedef struct ssl_ctx_st SSL_CTX;
+typedef struct comp_method_st COMP_METHOD;
+
typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 5ef56fa..028681a 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2532,7 +2532,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl,
int keylength));
# endif
-# ifndef OPENSSL_NO_COMP
const COMP_METHOD *SSL_get_current_compression(SSL *s);
const COMP_METHOD *SSL_get_current_expansion(SSL *s);
const char *SSL_COMP_get_name(const COMP_METHOD *comp);
@@ -2541,13 +2540,6 @@ STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
*meths);
void SSL_COMP_free_compression_methods(void);
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
-# else
-const void *SSL_get_current_compression(SSL *s);
-const void *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const void *comp);
-void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id, void *cm);
-# endif
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 302464e..d500dac 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1932,17 +1932,27 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
}
#ifdef OPENSSL_NO_COMP
-void *SSL_COMP_get_compression_methods(void)
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
return NULL;
}
-int SSL_COMP_add_compression_method(int id, void *cm)
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+ *meths)
+{
+ return NULL;
+}
+
+void SSL_COMP_free_compression_methods(void)
+{
+}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
return 1;
}
-const char *SSL_COMP_get_name(const void *comp)
+const char *SSL_COMP_get_name(const COMP_METHOD *comp)
{
return NULL;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fd94325..714a31e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3050,12 +3050,12 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
}
#ifdef OPENSSL_NO_COMP
-const void *SSL_get_current_compression(SSL *s)
+const COMP_METHOD *SSL_get_current_compression(SSL *s)
{
return NULL;
}
-const void *SSL_get_current_expansion(SSL *s)
+const COMP_METHOD *SSL_get_current_expansion(SSL *s)
{
return NULL;
}
diff --git a/util/ssleay.num b/util/ssleay.num
index 5760bc4..e3fdaf2 100755
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -164,7 +164,7 @@ SSL_CTX_get_cert_store 180 EXIST::FUNCTION:
SSL_CTX_set_cert_store 181 EXIST::FUNCTION:
SSL_want 182 EXIST::FUNCTION:
SSL_library_init 183 EXIST::FUNCTION:
-SSL_COMP_add_compression_method 184 EXIST::FUNCTION:COMP
+SSL_COMP_add_compression_method 184 EXIST::FUNCTION:
SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:STDIO
SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO
SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA
@@ -219,13 +219,13 @@ SSL_set_msg_callback 267 EXIST::FUNCTION:
DTLSv1_client_method 268 EXIST::FUNCTION:
SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH
SSL_set_tmp_ecdh_callback 270 EXIST::FUNCTION:ECDH
-SSL_COMP_get_name 271 EXIST::FUNCTION:COMP
-SSL_get_current_compression 272 EXIST::FUNCTION:COMP
+SSL_COMP_get_name 271 EXIST::FUNCTION:
+SSL_get_current_compression 272 EXIST::FUNCTION:
DTLSv1_method 273 EXIST::FUNCTION:
-SSL_get_current_expansion 274 EXIST::FUNCTION:COMP
+SSL_get_current_expansion 274 EXIST::FUNCTION:
DTLSv1_server_method 275 EXIST::FUNCTION:
-SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION:COMP
-SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION:COMP
+SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION:
+SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION:
SSL_SESSION_get_id 277 EXIST::FUNCTION:
SSL_CTX_sess_set_new_cb 278 EXIST::FUNCTION:
SSL_CTX_sess_get_get_cb 279 EXIST::FUNCTION:
@@ -332,8 +332,8 @@ SSL_set_alpn_protos 370 EXIST::FUNCTION:
SSL_CTX_set_srv_supp_data 371 NOEXIST::FUNCTION:
SSL_CONF_cmd_argv 372 EXIST::FUNCTION:
DTLSv1_2_server_method 373 EXIST::FUNCTION:
-SSL_COMP_set0_compression_methods 374 EXIST:!VMS:FUNCTION:COMP
-SSL_COMP_set0_compress_methods 374 EXIST:VMS:FUNCTION:COMP
+SSL_COMP_set0_compression_methods 374 EXIST:!VMS:FUNCTION:
+SSL_COMP_set0_compress_methods 374 EXIST:VMS:FUNCTION:
SSL_CTX_set_cert_cb 375 EXIST::FUNCTION:
SSL_CTX_add_client_custom_ext 376 EXIST::FUNCTION:TLSEXT
SSL_is_server 377 EXIST::FUNCTION:
@@ -365,6 +365,6 @@ SSL_CTX_set_cli_supp_data 403 NOEXIST::FUNCTION:
DTLSv1_2_method 404 EXIST::FUNCTION:
DTLS_server_method 405 EXIST::FUNCTION:
SSL_CTX_use_serverinfo_file 406 EXIST::FUNCTION:STDIO,TLSEXT
-SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION:COMP
-SSL_COMP_free_compress_methods 407 EXIST:VMS:FUNCTION:COMP
+SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION:
+SSL_COMP_free_compress_methods 407 EXIST:VMS:FUNCTION:
SSL_extension_supported 409 EXIST::FUNCTION:TLSEXT
Matt Caswell
May 17, 2016, 9:31:58 AM5/17/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 57f115e9088fafdc8a65bdf709e9154dded4ab10 (commit)
from a79a40a9fe136b63f19b6756cd2a3ce6bd170f54 (commit)
- Log -----------------------------------------------------------------
commit 57f115e9088fafdc8a65bdf709e9154dded4ab10
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 17 11:07:27 2016 +0100
Remove repeated condition from if in X509_NAME_oneline
An if checks the value of |type| to see if it is V_ASN1_VISIBLESTRING
twice. We only need to do it once.
GitHub Issue #656
Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 2647e2617e31002cb0ab80758be4e566917d2888)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_obj.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index 3de3ac7..0a839f3 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -129,7 +129,7 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
type == V_ASN1_VISIBLESTRING ||
type == V_ASN1_PRINTABLESTRING ||
type == V_ASN1_TELETEXSTRING ||
- type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
+ type == V_ASN1_IA5STRING) {
if (num > (int)sizeof(ebcdic_buf))
num = sizeof(ebcdic_buf);
ascii2ebcdic(ebcdic_buf, q, num);
Richard Levitte
May 17, 2016, 11:18:53 AM5/17/16
to
The branch OpenSSL_1_0_2-stable has been updated
via cbacc6f7e96b2d6d6d2ae3c1984ca7df439fe4c5 (commit)
via 477b9afc68863bb287f3b629ff0879e2fababbb7 (commit)
via 4e16885c8c0e28e9586f3abe546cdf976bd21875 (commit)
from 57f115e9088fafdc8a65bdf709e9154dded4ab10 (commit)
- Log -----------------------------------------------------------------
commit cbacc6f7e96b2d6d6d2ae3c1984ca7df439fe4c5
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 16 17:29:43 2016 +0200
Don't require any length of password when decrypting
RT#2534
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit 477b9afc68863bb287f3b629ff0879e2fababbb7
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 16 17:13:32 2016 +0200
Add missing initialiser in e_chil.c
RT#2616
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit 4e16885c8c0e28e9586f3abe546cdf976bd21875
Author: Richard Levitte <lev...@openssl.org>
Date: Mon May 16 17:10:16 2016 +0200
Add support for RC / WINDRES env variables
RT#2558
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
Configure | 3 +++
Makefile.org | 2 ++
Makefile.shared | 2 +-
crypto/pem/pem_lib.c | 12 +++++++++---
engines/e_chil.c | 2 +-
5 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/Configure b/Configure
index c98107a..3a77276 100755
--- a/Configure
+++ b/Configure
@@ -1254,6 +1254,7 @@ my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
my $ar = $ENV{'AR'} || "ar";
my $arflags = $fields[$idx_arflags];
+my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
my $multilib = $fields[$idx_multilib];
# if $prefix/lib$multilib is not an existing directory, then
@@ -1717,12 +1718,14 @@ while (<IN>)
s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
+ s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
+ s/^RC=.*/RC= $windres/;
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
}
diff --git a/Makefile.org b/Makefile.org
index 76fdbdf..bda6c09 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -66,6 +66,7 @@ EXE_EXT=
ARFLAGS=
AR=ar $(ARFLAGS) r
RANLIB= ranlib
+RC= windres
NM= nm
PERL= perl
TAR= tar
@@ -208,6 +209,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\
CC='$(CC)' CFLAG='$(CFLAG)' \
AS='$(CC)' ASFLAG='$(CFLAG) -c' \
AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
+ RC='$(RC)' \
CROSS_COMPILE='$(CROSS_COMPILE)' \
PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
diff --git a/Makefile.shared b/Makefile.shared
index a2aa980..e8d222a 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -293,7 +293,7 @@ link_a.cygwin:
fi; \
dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
$(PERL) util/mkrc.pl $$dll_name | \
- $(CROSS_COMPILE)windres -o rc.o; \
+ $(RC) -o rc.o; \
extras="$$extras rc.o"; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index fe881d6..ac4faae 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -105,17 +105,23 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
prompt = "Enter PEM pass phrase:";
for (;;) {
- i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w);
+ /*
+ * We assume that w == 0 means decryption,
+ * while w == 1 means encryption
+ */
+ int min_len = w ? MIN_LENGTH : 0;
+
+ i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
if (i != 0) {
PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)num);
return (-1);
}
j = strlen(buf);
- if (j < MIN_LENGTH) {
+ if (min_len && j < min_len) {
fprintf(stderr,
"phrase is too short, needs to be at least %d chars\n",
- MIN_LENGTH);
+ min_len);
} else
break;
}
diff --git a/engines/e_chil.c b/engines/e_chil.c
index 5dfab51..5e725f5 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -1272,7 +1272,7 @@ static int hwcrhk_insert_card(const char *prompt_info,
ui = UI_new_method(ui_method);
if (ui) {
- char answer;
+ char answer = '\0';
char buf[BUFSIZ];
/*
* Despite what the documentation says wrong_info can be an empty
Richard Levitte
May 18, 2016, 12:39:56 PM5/18/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 54fc5795c9f7d0dc95d537672c716c9d250eb0fb (commit)
via 7229a91a48d706804f790a392b3ad50bc358cdc4 (commit)
via 87728c682995d0575b52a5a19d69405bb764e76e (commit)
from cbacc6f7e96b2d6d6d2ae3c1984ca7df439fe4c5 (commit)
- Log -----------------------------------------------------------------
commit 54fc5795c9f7d0dc95d537672c716c9d250eb0fb
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 18 17:39:33 2016 +0200
Document the esc_2254 command line name option
RT#1466
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit a37458c1bf76c603cc27e8baf32ac2aa1cd7662e)
commit 7229a91a48d706804f790a392b3ad50bc358cdc4
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 18 17:33:53 2016 +0200
make update
RT#1466
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 0794b6a6a8a9a1dc1c7b0f9cfaf804253af29cdc)
commit 87728c682995d0575b52a5a19d69405bb764e76e
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 18 17:14:19 2016 +0200
Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()
Also adds 'esc_2254' to the possible command line name options
RT#1466
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit bc776510982b3768761d32c1160e79cb45a561c3)
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 1 +
crypto/asn1/a_strex.c | 21 +++++++++++++--------
crypto/asn1/asn1.h | 5 +++++
crypto/asn1/charmap.h | 8 ++++----
crypto/asn1/charmap.pl | 11 ++++++++++-
doc/apps/x509.pod | 7 ++++++-
6 files changed, 39 insertions(+), 14 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index b1dd970..566d547 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1321,6 +1321,7 @@ int set_name_ex(unsigned long *flags, const char *arg)
{
static const NAME_EX_TBL ex_tbl[] = {
{"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+ {"esc_2254", ASN1_STRFLGS_ESC_2254, 0},
{"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
{"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
{"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 35fd44c..5fa7a31 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -75,6 +75,7 @@
#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+ ASN1_STRFLGS_ESC_2254 | \
ASN1_STRFLGS_ESC_QUOTE | \
ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB)
@@ -124,7 +125,8 @@ typedef int char_io (void *arg, const void *buf, int len);
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
char_io *io_ch, void *arg)
{
- unsigned char chflgs, chtmp;
+ unsigned short chflgs;
+ unsigned char chtmp;
char tmphex[HEX_SIZE(long) + 3];
if (c > 0xffffffffL)
@@ -161,7 +163,9 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
return -1;
return 2;
}
- if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) {
+ if (chflgs & (ASN1_STRFLGS_ESC_CTRL
+ | ASN1_STRFLGS_ESC_MSB
+ | ASN1_STRFLGS_ESC_2254)) {
BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
if (!io_ch(arg, tmphex, 3))
return -1;
@@ -191,11 +195,12 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
*/
static int do_buf(unsigned char *buf, int buflen,
- int type, unsigned char flags, char *quotes, char_io *io_ch,
+ int type, unsigned short flags, char *quotes, char_io *io_ch,
void *arg)
{
int i, outlen, len;
- unsigned char orflags, *p, *q;
+ unsigned short orflags;
+ unsigned char *p, *q;
unsigned long c;
p = buf;
q = buf + buflen;
@@ -245,7 +250,7 @@ static int do_buf(unsigned char *buf, int buflen,
* character will never be escaped on first and last.
*/
len =
- do_esc_char(utfbuf[i], (unsigned char)(flags | orflags),
+ do_esc_char(utfbuf[i], (unsigned short)(flags | orflags),
quotes, io_ch, arg);
if (len < 0)
return -1;
@@ -253,7 +258,7 @@ static int do_buf(unsigned char *buf, int buflen,
}
} else {
len =
- do_esc_char(c, (unsigned char)(flags | orflags), quotes,
+ do_esc_char(c, (unsigned short)(flags | orflags), quotes,
io_ch, arg);
if (len < 0)
return -1;
@@ -355,10 +360,10 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
int outlen, len;
int type;
char quotes;
- unsigned char flags;
+ unsigned short flags;
quotes = 0;
/* Keep a copy of escape flags */
- flags = (unsigned char)(lflags & ESC_FLAGS);
+ flags = (unsigned short)(lflags & ESC_FLAGS);
type = str->type;
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 68e791f..09335a9 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -505,6 +505,11 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
# define ASN1_STRFLGS_DUMP_DER 0x200
/*
+ * This flag specifies that RC2254 escaping shall be performed.
+ */
+#define ASN1_STRFLGS_ESC_2254 0x400
+
+/*
* All the string flags consistent with RFC2253, escaping control characters
* isn't essential in RFC2253 but it is advisable anyway.
*/
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index 3305ad1..117a91e 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@@ -3,13 +3,13 @@
* properties
*/
-static const unsigned char char_type[] = {
+static const unsigned short char_type[] = {
+ 1026, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16,
+ 120, 0, 1, 40, 0, 0, 0, 16, 1040, 1040, 1024, 25, 25, 16, 16, 16,
16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16,
0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
- 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0,
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1025, 0, 0, 0,
0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
};
diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
index 25ebf2c..6c6eb34 100644
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@@ -18,6 +18,7 @@ my $NOESC_QUOTE = 8; # Not escaped if quoted
my $PSTRING_CHAR = 0x10; # Valid PrintableString character
my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character
+my $RFC2254_ESC = 0x400; # Character escaped \XX
for($i = 0; $i < 128; $i++) {
# Set the RFC2253 escape characters (control)
@@ -49,6 +50,14 @@ $arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
+# Remaining RFC2254 characters
+
+$arr[0] |= $RFC2254_ESC;
+$arr[ord("(")] |= $RFC2254_ESC;
+$arr[ord(")")] |= $RFC2254_ESC;
+$arr[ord("*")] |= $RFC2254_ESC;
+$arr[ord("\\")] |= $RFC2254_ESC;
+
# Remaining PrintableString characters
$arr[ord(" ")] |= $PSTRING_CHAR;
@@ -71,7 +80,7 @@ print <<EOF;
* Mask of various character properties
*/
-static unsigned char char_type[] = {
+static unsigned short char_type[] = {
EOF
for($i = 0; $i < 128; $i++) {
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 26f71c8..13db4c0 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -464,10 +464,15 @@ B<space_eq>, B<lname> and B<align>.
=item B<esc_2253>
-escape the "special" characters required by RFC2253 in a field That is
+escape the "special" characters required by RFC2253 in a field. That is
B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string
and a space character at the beginning or end of a string.
+=item B<esc_2254>
+
+escape the "special" characters required by RFC2254 in a field. That is
+the B<NUL> character as well as and B<()*>.
+
=item B<esc_ctrl>
escape control characters. That is those with ASCII values less than
Rich Salz
May 18, 2016, 1:39:01 PM5/18/16
to
The branch OpenSSL_1_0_2-stable has been updated
via eb334f73a8f82f6663038bcbc402468295944694 (commit)
from 54fc5795c9f7d0dc95d537672c716c9d250eb0fb (commit)
- Log -----------------------------------------------------------------
commit eb334f73a8f82f6663038bcbc402468295944694
Author: Alessandro Ghedini <aless...@ghedini.me>
Date: Tue May 17 16:23:46 2016 +0100
Avoid double declaration of COMP_METHOD
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Kurt Roeckx <ku...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1083)
-----------------------------------------------------------------------
Summary of changes:
crypto/comp/comp.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/comp/comp.h b/crypto/comp/comp.h
index 60a0734..df599ba 100644
--- a/crypto/comp/comp.h
+++ b/crypto/comp/comp.h
@@ -14,7 +14,7 @@ extern "C" {
typedef struct comp_ctx_st COMP_CTX;
-typedef struct comp_method_st {
+struct comp_method_st {
int type; /* NID for compression library */
const char *name; /* A text string to identify the library */
int (*init) (COMP_CTX *ctx);
@@ -30,7 +30,7 @@ typedef struct comp_method_st {
*/
long (*ctrl) (void);
long (*callback_ctrl) (void);
-} COMP_METHOD;
+};
struct comp_ctx_st {
COMP_METHOD *meth;
Richard Levitte
May 18, 2016, 1:57:23 PM5/18/16
to
The branch OpenSSL_1_0_2-stable has been updated
via b3ed78cb84a5da280f268d607d1daa0f7bcd8222 (commit)
via f5d3117d4e8067e587a0122659e087fe9b22d387 (commit)
from eb334f73a8f82f6663038bcbc402468295944694 (commit)
- Log -----------------------------------------------------------------
commit b3ed78cb84a5da280f268d607d1daa0f7bcd8222
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 18 19:09:42 2016 +0200
Run the refreshed scripts
Some output difference in crypto/conf/conf_def.h, because the earlier
source reformatting needlessly indented the macro values.
Reviewed-by: Rich Salz <rs...@openssl.org>
commit f5d3117d4e8067e587a0122659e087fe9b22d387
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 18 19:08:41 2016 +0200
Refresh seldom used C generating scripts to current C standard
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/conf/conf_def.h | 44 +++++++++---------
crypto/conf/keysets.pl | 118 +++++++++++++++++++++++++------------------------
3 files changed, 90 insertions(+), 86 deletions(-)
diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
index 6c6eb34..9c15fa5 100644
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@@ -76,17 +76,19 @@ $arr[ord("?")] |= $PSTRING_CHAR;
# Now generate the C code
print <<EOF;
-/* Auto generated with chartype.pl script.
- * Mask of various character properties
+/*
+ * Auto generated with chartype.pl script. Mask of various character
+ * properties
*/
-static unsigned short char_type[] = {
+static const unsigned short char_type[] = {
EOF
+print " ";
for($i = 0; $i < 128; $i++) {
- print("\n") if($i && (($i % 16) == 0));
- printf("%2d", $arr[$i]);
+ print("\n ") if($i && (($i % 16) == 0));
+ printf(" %d", $arr[$i]);
print(",") if ($i != 127);
}
-print("\n};\n\n");
+print("\n};\n");
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index 7d897b8..48b3442 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -81,34 +81,34 @@
#define KEYTYPES(c) ((unsigned short *)((c)->meth_data))
#ifndef CHARSET_EBCDIC
-# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS)
-# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS)
+# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
-#else /* CHARSET_EBCDIC */
+#else /*CHARSET_EBCDIC*/
-# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
+# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
+# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
+# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
+# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
+# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
+# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
-# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
-#endif /* CHARSET_EBCDIC */
+# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
+# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
+# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+#endif /*CHARSET_EBCDIC*/
static unsigned short CONF_type_default[256] = {
0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
diff --git a/crypto/conf/keysets.pl b/crypto/conf/keysets.pl
index 50ed67f..5c9b2aa 100644
--- a/crypto/conf/keysets.pl
+++ b/crypto/conf/keysets.pl
@@ -59,21 +59,21 @@ print <<"EOF";
* This package is an SSL implementation written
* by Eric Young (eay\@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh\@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -88,10 +88,10 @@ print <<"EOF";
* Eric Young (eay\@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh\@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -103,83 +103,85 @@ print <<"EOF";
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
-/* THIS FILE WAS AUTOMAGICALLY GENERATED!
- Please modify and use keysets.pl to regenerate it. */
-
-#define CONF_NUMBER $NUMBER
-#define CONF_UPPER $UPPER
-#define CONF_LOWER $LOWER
-#define CONF_UNDER $UNDER
-#define CONF_PUNCTUATION $PUNCTUATION
-#define CONF_WS $WS
-#define CONF_ESC $ESC
-#define CONF_QUOTE $QUOTE
-#define CONF_DQUOTE $DQUOTE
-#define CONF_COMMENT $COMMENT
-#define CONF_FCOMMENT $FCOMMENT
-#define CONF_EOF $EOF
-#define CONF_HIGHBIT $HIGHBIT
-#define CONF_ALPHA (CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+/*
+ * THIS FILE WAS AUTOMAGICALLY GENERATED! Please modify and use keysets.pl to
+ * regenerate it.
+ */
+
+#define CONF_NUMBER $NUMBER
+#define CONF_UPPER $UPPER
+#define CONF_LOWER $LOWER
+#define CONF_UNDER $UNDER
+#define CONF_PUNCTUATION $PUNCTUATION
+#define CONF_WS $WS
+#define CONF_ESC $ESC
+#define CONF_QUOTE $QUOTE
+#define CONF_DQUOTE $DQUOTE
+#define CONF_COMMENT $COMMENT
+#define CONF_FCOMMENT $FCOMMENT
+#define CONF_EOF $EOF
+#define CONF_HIGHBIT $HIGHBIT
+#define CONF_ALPHA (CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
- CONF_PUNCTUATION)
+ CONF_PUNCTUATION)
-#define KEYTYPES(c) ((unsigned short *)((c)->meth_data))
+#define KEYTYPES(c) ((unsigned short *)((c)->meth_data))
#ifndef CHARSET_EBCDIC
-#define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-#define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-#define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
- (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS)
+# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+# define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+ (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
#else /*CHARSET_EBCDIC*/
-#define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-#define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-#define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
- (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
+# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
+# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
+# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
+# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
+# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
+# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+# define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+ (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
+# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
+# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
#endif /*CHARSET_EBCDIC*/
EOF
-print "static unsigned short CONF_type_default[256]={";
+print "static unsigned short CONF_type_default[256] = {";
for ($i=0; $i<256; $i++)
{
- print "\n\t" if ($i % 8) == 0;
- printf "0x%04X,",$V_def[$i];
+ print "\n " if ($i % 8) == 0;
+ printf " 0x%04X,",$V_def[$i];
}
-print "\n\t};\n\n";
+print "\n};\n\n";
-print "static unsigned short CONF_type_win32[256]={";
+print "static unsigned short CONF_type_win32[256] = {";
for ($i=0; $i<256; $i++)
{
- print "\n\t" if ($i % 8) == 0;
- printf "0x%04X,",$V_w32[$i];
+ print "\n " if ($i % 8) == 0;
+ printf " 0x%04X,",$V_w32[$i];
}
-print "\n\t};\n\n";
+print "\n};\n";
Richard Levitte
May 18, 2016, 4:58:43 PM5/18/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 72fdf00202b1f0eca369ef4742e321b61fc5f599 (commit)
via c9e2fab4b3485afa525cc5a185b1d0641e9afc96 (commit)
from b3ed78cb84a5da280f268d607d1daa0f7bcd8222 (commit)
- Log -----------------------------------------------------------------
commit 72fdf00202b1f0eca369ef4742e321b61fc5f599
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 18 22:27:54 2016 +0200
Cleanup openssl.ec
HMAC doesn't have any error codes
Reviewed-by: Rich Salz <rs...@openssl.org>
commit c9e2fab4b3485afa525cc5a185b1d0641e9afc96
Author: Richard Levitte <lev...@openssl.org>
Date: Wed May 18 19:52:34 2016 +0200
Fix util/mkerr.pl
- Adjust mkerr.pl to produce the line length we used for source
reformating.
- Have mkerr.pl keep track of preprocessor directive indentation
Among others, do not spuriously throw away a #endif at the end of
header files.
- Make sure mkerr.pl specifies any header inclusion correctly
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
util/mkerr.pl | 41 ++++++++++++++++++++++++++++-------------
2 files changed, 29 insertions(+), 14 deletions(-)
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index 139afe3..04dc9ce 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -32,7 +32,7 @@ L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c
L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c
L STORE crypto/store/store.h crypto/store/str_err.c
L TS crypto/ts/ts.h crypto/ts/ts_err.c
-L HMAC crypto/hmac/hmac.h crypto/hmac/hmac_err.c
+#L HMAC crypto/hmac/hmac.h crypto/hmac/hmac_err.c
L CMS crypto/cms/cms.h crypto/cms/cms_err.c
L JPAKE crypto/jpake/jpake.h crypto/jpake/jpake_err.c
diff --git a/util/mkerr.pl b/util/mkerr.pl
index 09ebebe..c197f3a 100644
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -158,8 +158,8 @@ close IN;
while (($hdr, $lib) = each %libinc)
{
next if($hdr eq "NONE");
- print STDERR "Scanning header file $hdr\n" if $debug;
- my $line = "", $def= "", $linenr = 0, $gotfile = 0;
+ print STDERR "Scanning header file $hdr\n" if $debug;
+ my $line = "", $def= "", $linenr = 0, $gotfile = 0, $cpp = 0;
if (open(IN, "<$hdr")) {
$gotfile = 1;
while(<IN>) {
@@ -382,14 +382,21 @@ foreach $lib (keys %csrc)
# Rewrite the header file
+ $cpp = 0;
+ $cplusplus = 0;
if (open(IN, "<$hfile")) {
# Copy across the old file
while(<IN>) {
+ $cplusplus = $cpp if /^#.*ifdef.*cplusplus/;
+ $cpp++ if /^#\s*if/;
+ $cpp-- if /^#\s*endif/;
push @out, $_;
last if (/BEGIN ERROR CODES/);
}
close IN;
} else {
+ $cpp = 1;
+ $cplusplus = 1;
push @out,
"/* ====================================================================\n",
" * Copyright (c) 2001-$year The OpenSSL Project. All rights reserved.\n",
@@ -446,11 +453,11 @@ foreach $lib (keys %csrc)
" */\n",
"\n",
"#ifndef HEADER_${lib}_ERR_H\n",
-"#define HEADER_${lib}_ERR_H\n",
+"# define HEADER_${lib}_ERR_H\n",
"\n",
-"#ifdef __cplusplus\n",
+"# ifdef __cplusplus\n",
"extern \"C\" {\n",
-"#endif\n",
+"# endif\n",
"\n",
"/* BEGIN ERROR CODES */\n";
}
@@ -463,6 +470,7 @@ foreach $lib (keys %csrc)
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+
EOF
if($static) {
print OUT <<"EOF";
@@ -523,11 +531,17 @@ EOF
}
print OUT <<"EOF";
-#ifdef __cplusplus
-}
-#endif
-#endif
EOF
+ do {
+ if ($cplusplus == $cpp) {
+ print OUT "#", " "x$cpp, "ifdef __cplusplus\n";
+ print OUT "}\n";
+ print OUT "#", " "x$cpp, "endif\n";
+ }
+ if ($cpp-- > 0) {
+ print OUT "#", " "x$cpp, "endif\n";
+ }
+ } while ($cpp);
close OUT;
# Rewrite the C source file containing the error details.
@@ -559,8 +573,9 @@ EOF
my $hincf;
if($static) {
- $hfile =~ /([^\/]+)$/;
- $hincf = "<${hprefix}$1>";
+ $hincf = $hfile;
+ $hincf =~ s|.*/||g;
+ $hincf = "<${hprefix}${hincf}>";
} else {
$hincf = "\"$hfile\"";
}
@@ -665,7 +680,7 @@ EOF
$fn = $ftrans{$fn};
}
# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
- if(length($i) + length($fn) > 58) {
+ if(length($i) + length($fn) > 57) {
print OUT " {ERR_FUNC($i),\n \"$fn\"},\n";
} else {
print OUT " {ERR_FUNC($i), \"$fn\"},\n";
@@ -688,7 +703,7 @@ EOF
$rn = $1;
$rn =~ tr/_[A-Z]/ [a-z]/;
}
- if(length($i) + length($rn) > 56) {
+ if(length($i) + length($rn) > 55) {
print OUT " {${rstr},\n \"$rn\"},\n";
} else {
print OUT " {${rstr}, \"$rn\"},\n";
Kurt Roeckx
May 18, 2016, 5:29:49 PM5/18/16
to
The branch OpenSSL_1_0_2-stable has been updated
via b1d7eaaccfeece198c268912ec015a089fdaed39 (commit)
from 72fdf00202b1f0eca369ef4742e321b61fc5f599 (commit)
- Log -----------------------------------------------------------------
commit b1d7eaaccfeece198c268912ec015a089fdaed39
Author: Cynh <cy...@hotmail.fr>
Date: Sun May 1 15:59:43 2016 +0200
Fix SRP client key computation
Signed-off-by: Kurt Roeckx <ku...@roeckx.be>
Reviewed-by: Matt Caswell <ma...@openssl.org>
GH: #1017
(cherry picked from commit c9141a43e246d527ec8b5a97b98e93fc31b0f0b8)
-----------------------------------------------------------------------
Summary of changes:
crypto/srp/srp_lib.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index e9a2e05..b3e5fbb 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -279,9 +279,9 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
goto err;
- if (!BN_mod_mul(tmp3, u, x, N, bn_ctx))
+ if (!BN_mul(tmp3, u, x, bn_ctx))
goto err;
- if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx))
+ if (!BN_add(tmp2, a, tmp3))
goto err;
if (!BN_mod_exp(K, tmp, tmp2, N, bn_ctx))
goto err;
Matt Caswell
May 19, 2016, 4:00:19 PM5/19/16
to
The branch OpenSSL_1_0_2-stable has been updated
via ec8f246e6ed4d39a8a5417078eaa49f3e757c25d (commit)
from b1d7eaaccfeece198c268912ec015a089fdaed39 (commit)
- Log -----------------------------------------------------------------
commit ec8f246e6ed4d39a8a5417078eaa49f3e757c25d
Author: Matt Caswell <ma...@openssl.org>
Date: Thu May 5 09:35:10 2016 +0100
Fix a double free in tls1_setup_key_block
If p2 == NULL then p1 can get freed twice and a crash could occur.
Issue reported by Shi Lei (Qihoo 360 Inc)
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/t1_enc.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 514fcb3..b6d1ee9 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -673,7 +673,6 @@ int tls1_setup_key_block(SSL *s)
if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) {
SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
- OPENSSL_free(p1);
goto err;
}
#ifdef TLS_DEBUG
Matt Caswell
May 19, 2016, 4:15:09 PM5/19/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 2e648db2469ea94d54fa51e3af7ac54663b94966 (commit)
from ec8f246e6ed4d39a8a5417078eaa49f3e757c25d (commit)
- Log -----------------------------------------------------------------
commit 2e648db2469ea94d54fa51e3af7ac54663b94966
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Apr 25 16:50:59 2016 +0100
Check that the obtained public key is valid
In the X509 app check that the obtained public key is valid before we
attempt to use it.
Issue reported by Yuan Jochen Kang.
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 6 insertions(+)
diff --git a/apps/x509.c b/apps/x509.c
index 7c215bc..17cb62d 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1105,6 +1105,10 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
EVP_PKEY *upkey;
upkey = X509_get_pubkey(xca);
+ if (upkey == NULL) {
+ BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
+ goto end;
+ }
EVP_PKEY_copy_parameters(upkey, pkey);
EVP_PKEY_free(upkey);
@@ -1217,6 +1221,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
EVP_PKEY *pktmp;
pktmp = X509_get_pubkey(x);
+ if (pktmp == NULL)
+ goto err;
EVP_PKEY_copy_parameters(pktmp, pkey);
EVP_PKEY_save_parameters(pktmp, 1);
EVP_PKEY_free(pktmp);
Viktor Dukhovni
May 19, 2016, 6:16:46 PM5/19/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 5553a12735e11bc9aa28727afe721e7236788aab (commit)
via 96747f0f4e43863a1ec446a95463c2fca9b6ae82 (commit)
from 2e648db2469ea94d54fa51e3af7ac54663b94966 (commit)
- Log -----------------------------------------------------------------
commit 5553a12735e11bc9aa28727afe721e7236788aab
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: Tue May 17 18:25:40 2016 -0400
Ensure verify error is set when X509_verify_cert() fails
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure. Similarly for issuer lookup failures
and caller errors (bad parameters or invalid state).
Also, when X509_verify_cert() returns <= 0 make sure that the
verification status does not remain X509_V_OK, as a last resort set
it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns
an error without setting an appropriate value of ctx->error.
Add new and some missing error codes to X509 error -> SSL alert switch.
Reviewed-by: Tim Hudson <t...@openssl.org>
commit 96747f0f4e43863a1ec446a95463c2fca9b6ae82
Author: Viktor Dukhovni <openss...@dukhovni.org>
Date: Mon May 16 21:38:03 2016 -0400
Clarify negative return from X509_verify_cert()
Reviewed-by: Tim Hudson <t...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_vfy.c | 39 ++++++++++++++++++++++++++++++++++-----
crypto/x509/x509_vfy.h | 7 +++++--
crypto/x509v3/v3_addr.c | 6 ++++++
doc/crypto/X509_verify_cert.pod | 13 +++++++------
ssl/s3_both.c | 6 ++++++
6 files changed, 63 insertions(+), 13 deletions(-)
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 3d46d3f..4475715 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -204,6 +204,11 @@ const char *X509_verify_cert_error_string(long n)
case X509_V_ERR_IP_ADDRESS_MISMATCH:
return ("IP address mismatch");
+ case X509_V_ERR_INVALID_CALL:
+ return ("Invalid certificate verification context");
+ case X509_V_ERR_STORE_LOOKUP:
+ return ("Issuer certificate lookup error");
+
default:
BIO_snprintf(buf, sizeof buf, "error number %ld", n);
return (buf);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 4d34dba..f3fe255 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -199,6 +199,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (ctx->cert == NULL) {
X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+ ctx->error = X509_V_ERR_INVALID_CALL;
return -1;
}
if (ctx->chain != NULL) {
@@ -207,6 +208,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
* cannot do another one.
*/
X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ctx->error = X509_V_ERR_INVALID_CALL;
return -1;
}
@@ -219,6 +221,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (((ctx->chain = sk_X509_new_null()) == NULL) ||
(!sk_X509_push(ctx->chain, ctx->cert))) {
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
ok = -1;
goto err;
}
@@ -229,6 +232,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (ctx->untrusted != NULL
&& (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
ok = -1;
goto err;
}
@@ -253,8 +257,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
*/
if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
ok = ctx->get_issuer(&xtmp, ctx, x);
- if (ok < 0)
+ if (ok < 0) {
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
goto err;
+ }
/*
* If successful for now free up cert so it will be picked up
* again later.
@@ -271,6 +277,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (xtmp != NULL) {
if (!sk_X509_push(ctx->chain, xtmp)) {
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
ok = -1;
goto err;
}
@@ -352,14 +359,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
break;
ok = ctx->get_issuer(&xtmp, ctx, x);
- if (ok < 0)
+ if (ok < 0) {
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
goto err;
+ }
if (ok == 0)
break;
x = xtmp;
if (!sk_X509_push(ctx->chain, x)) {
X509_free(xtmp);
X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
ok = -1;
goto err;
}
@@ -386,8 +396,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
while (j-- > 1) {
xtmp2 = sk_X509_value(ctx->chain, j - 1);
ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
- if (ok < 0)
+ if (ok < 0) {
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
goto err;
+ }
/* Check if we found an alternate chain */
if (ok > 0) {
/*
@@ -515,6 +527,10 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
sk_X509_free(sktmp);
if (chain_ss != NULL)
X509_free(chain_ss);
+
+ /* Safety net, error returns must set ctx->error */
+ if (ok <= 0 && ctx->error == X509_V_OK)
+ ctx->error = X509_V_ERR_UNSPECIFIED;
return ok;
}
@@ -736,12 +752,19 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
if (nc) {
rv = NAME_CONSTRAINTS_check(x, nc);
- if (rv != X509_V_OK) {
+ switch (rv) {
+ case X509_V_OK:
+ continue;
+ case X509_V_ERR_OUT_OF_MEM:
+ ctx->error = rv;
+ return 0;
+ default:
ctx->error = rv;
ctx->error_depth = i;
ctx->current_cert = x;
if (!ctx->verify_cb(0, ctx))
return 0;
+ break;
}
}
}
@@ -1630,6 +1653,7 @@ static int check_policy(X509_STORE_CTX *ctx)
ctx->param->policies, ctx->param->flags);
if (ret == 0) {
X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
return 0;
}
/* Invalid or inconsistent extensions */
@@ -1658,7 +1682,12 @@ static int check_policy(X509_STORE_CTX *ctx)
if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
ctx->current_cert = NULL;
- ctx->error = X509_V_OK;
+ /*
+ * Verification errors need to be "sticky", a callback may have allowed
+ * an SSL handshake to continue despite an error, and we must then
+ * remain in an error state. Therefore, we MUST NOT clear earlier
+ * verification errors by setting the error to X509_V_OK.
+ */
if (!ctx->verify_cb(2, ctx))
return 0;
}
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 2663e1c..f54ecc5 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -368,6 +368,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
# define X509_V_ERR_PERMITTED_VIOLATION 47
# define X509_V_ERR_EXCLUDED_VIOLATION 48
# define X509_V_ERR_SUBTREE_MINMAX 49
+# define X509_V_ERR_APPLICATION_VERIFICATION 50
# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
@@ -386,8 +387,10 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
# define X509_V_ERR_EMAIL_MISMATCH 63
# define X509_V_ERR_IP_ADDRESS_MISMATCH 64
-/* The application is not happy */
-# define X509_V_ERR_APPLICATION_VERIFICATION 50
+/* Caller error */
+# define X509_V_ERR_INVALID_CALL 65
+/* Issuer lookup error */
+# define X509_V_ERR_STORE_LOOKUP 66
/* Certificate verify flags */
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 94cfed0..1290dec 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -1211,6 +1211,11 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
/*
* Core code for RFC 3779 2.3 path validation.
+ *
+ * Returns 1 for success, 0 on error.
+ *
+ * When returning 0, ctx->error MUST be set to an appropriate value other than
+ * X509_V_OK.
*/
static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
STACK_OF(X509) *chain,
@@ -1245,6 +1250,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL,
ERR_R_MALLOC_FAILURE);
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
ret = 0;
goto done;
}
diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod
index a22e441..4689e3a 100644
--- a/doc/crypto/X509_verify_cert.pod
+++ b/doc/crypto/X509_verify_cert.pod
@@ -31,12 +31,13 @@ Applications rarely call this function directly but it is used by
OpenSSL internally for certificate validation, in both the S/MIME and
SSL/TLS code.
-The negative return value from X509_verify_cert() can only occur if no
-certificate is set in B<ctx> (due to a programming error); if X509_verify_cert()
-twice without reinitialising B<ctx> in between; or if a retry
-operation is requested during internal lookups (which never happens with
-standard lookup methods). It is however recommended that application check
-for <= 0 return value on error.
+A negative return value from X509_verify_cert() can occur if it is invoked
+incorrectly, such as with no certificate set in B<ctx>, or when it is called
+twice in succession without reinitialising B<ctx> for the second call.
+A negative return value can also happen due to internal resource problems or if
+a retry operation is requested during internal lookups (which never happens
+with standard lookup methods).
+Applications must check for <= 0 return value on error.
=head1 BUGS
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 09d0661..4b636b0 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -535,6 +535,9 @@ int ssl_verify_alarm_type(long type)
case X509_V_ERR_CRL_NOT_YET_VALID:
case X509_V_ERR_CERT_UNTRUSTED:
case X509_V_ERR_CERT_REJECTED:
+ case X509_V_ERR_HOSTNAME_MISMATCH:
+ case X509_V_ERR_EMAIL_MISMATCH:
+ case X509_V_ERR_IP_ADDRESS_MISMATCH:
al = SSL_AD_BAD_CERTIFICATE;
break;
case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -548,7 +551,10 @@ int ssl_verify_alarm_type(long type)
case X509_V_ERR_CERT_REVOKED:
al = SSL_AD_CERTIFICATE_REVOKED;
break;
+ case X509_V_ERR_UNSPECIFIED:
case X509_V_ERR_OUT_OF_MEM:
+ case X509_V_ERR_INVALID_CALL:
+ case X509_V_ERR_STORE_LOOKUP:
al = SSL_AD_INTERNAL_ERROR;
break;
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
Andy Polyakov
May 20, 2016, 10:06:06 AM5/20/16
to
The branch OpenSSL_1_0_2-stable has been updated
via e10b54ca32280d9fec20085f404dcdcf2217c90e (commit)
from 5553a12735e11bc9aa28727afe721e7236788aab (commit)
- Log -----------------------------------------------------------------
commit e10b54ca32280d9fec20085f404dcdcf2217c90e
Author: Andy Polyakov <ap...@openssl.org>
Date: Mon May 16 16:44:33 2016 +0200
rand/randfile.c: remove _XOPEN_SOURCE definition.
Defintions of macros similar to _XOPEN_SOURCE belong in command line
or in worst case prior first #include directive in source. As for
macros is was allegedly controlling. One can argue that we are
probably better off demanding S_IS* macros but there are systems
that just don't comply, hence this compromise solution...
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 2e6d7799ffc47604d06e0465afeb84b91aff8006)
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/randfile.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 9537c56..76bdb9a 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -56,11 +56,6 @@
* [including the GNU Public Licence.]
*/
-/* We need to define this to get macros like S_IFBLK and S_IFCHR */
*/
-#if !defined(OPENSSL_SYS_VXWORKS)
-# define _XOPEN_SOURCE 500
-#endif
-
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
@@ -80,6 +75,29 @@
#ifndef OPENSSL_NO_POSIX_IO
# include <sys/stat.h>
# include <fcntl.h>
+/*
+ * Following should not be needed, and we could have been stricter
+ * and demand S_IS*. But some systems just don't comply... Formally
+ * below macros are "anatomically incorrect", because normally they
+ * would look like ((m) & MASK == TYPE), but since MASK availability
+ * is as questionable, we settle for this poor-man fallback...
+ */
+# if !defined(S_ISBLK)
+# if defined(_S_IFBLK)
+# define S_ISBLK(m) ((m) & _S_IFBLK)
+# elif defined(S_IFBLK)
+# define S_ISBLK(m) ((m) & S_IFBLK)
+# elif defined(_WIN32)
+# define S_ISBLK(m) 0 /* no concept of block devices on Windows */
+# endif
+# endif
+# if !defined(S_ISCHR)
+# if defined(_S_IFCHR)
+# define S_ISCHR(m) ((m) & _S_IFCHR)
+# elif defined(S_IFCHR)
+# define S_ISCHR(m) ((m) & S_IFCHR)
+# endif
+# endif
#endif
#ifdef _WIN32
@@ -151,8 +169,8 @@ int RAND_load_file(const char *file, long bytes)
#endif
if (in == NULL)
goto err;
-#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
- if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
+#if defined(S_ISBLK) && defined(S_ISCHR) && !defined(OPENSSL_NO_POSIX_IO)
+ if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
/*
* this file is a device. we don't want read an infinite number of
* bytes from a random device, nor do we want to use buffered I/O
Richard Levitte
May 20, 2016, 10:22:19 AM5/20/16
to
The branch OpenSSL_1_0_2-stable has been updated
via a5319447964570ce1e9d2ad34c75d5ded429d857 (commit)
via ca3c0d7c030e4ba8ae6df2e1ea39d9872dac5d48 (commit)
via d29d4b317b9e01da742f1df657ec572e7bc27f9b (commit)
from e10b54ca32280d9fec20085f404dcdcf2217c90e (commit)
- Log -----------------------------------------------------------------
commit a5319447964570ce1e9d2ad34c75d5ded429d857
Author: Richard Levitte <lev...@openssl.org>
Date: Thu May 19 06:20:07 2016 +0200
Revert "Document the esc_2254 command line name option"
This reverts commit 54fc5795c9f7d0dc95d537672c716c9d250eb0fb.
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit ca3c0d7c030e4ba8ae6df2e1ea39d9872dac5d48
Author: Richard Levitte <lev...@openssl.org>
Date: Thu May 19 06:20:02 2016 +0200
Revert "make update"
This reverts commit 7229a91a48d706804f790a392b3ad50bc358cdc4.
Reviewed-by: Matt Caswell <ma...@openssl.org>
commit d29d4b317b9e01da742f1df657ec572e7bc27f9b
Author: Richard Levitte <lev...@openssl.org>
Date: Thu May 19 06:19:53 2016 +0200
Revert "Make it possible to have RFC2254 escapes with ASN1_STRING_print_ex()"
This reverts commit 87728c682995d0575b52a5a19d69405bb764e76e.
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 1 -
crypto/asn1/a_strex.c | 21 ++++++++-------------
crypto/asn1/asn1.h | 5 -----
crypto/asn1/charmap.h | 8 ++++----
crypto/asn1/charmap.pl | 11 +----------
doc/apps/x509.pod | 7 +------
6 files changed, 14 insertions(+), 39 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index 566d547..b1dd970 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1321,7 +1321,6 @@ int set_name_ex(unsigned long *flags, const char *arg)
{
static const NAME_EX_TBL ex_tbl[] = {
{"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
- {"esc_2254", ASN1_STRFLGS_ESC_2254, 0},
static const NAME_EX_TBL ex_tbl[] = {
{"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
{"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
{"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
{"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 5fa7a31..35fd44c 100644
{"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
{"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -75,7 +75,6 @@
#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
- ASN1_STRFLGS_ESC_2254 | \
#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
ASN1_STRFLGS_ESC_QUOTE | \
ASN1_STRFLGS_ESC_CTRL | \
ASN1_STRFLGS_ESC_MSB)
@@ -125,8 +124,7 @@ typedef int char_io (void *arg, const void *buf, int len);
static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
char_io *io_ch, void *arg)
{
- unsigned short chflgs;
char_io *io_ch, void *arg)
{
- unsigned char chtmp;
+ unsigned char chflgs, chtmp;
char tmphex[HEX_SIZE(long) + 3];
if (c > 0xffffffffL)
@@ -163,9 +161,7 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
if (c > 0xffffffffL)
return -1;
return 2;
}
- if (chflgs & (ASN1_STRFLGS_ESC_CTRL
- | ASN1_STRFLGS_ESC_MSB
return 2;
}
- if (chflgs & (ASN1_STRFLGS_ESC_CTRL
- | ASN1_STRFLGS_ESC_2254)) {
+ if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) {
BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
if (!io_ch(arg, tmphex, 3))
return -1;
@@ -195,12 +191,11 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
if (!io_ch(arg, tmphex, 3))
return -1;
*/
static int do_buf(unsigned char *buf, int buflen,
- int type, unsigned short flags, char *quotes, char_io *io_ch,
static int do_buf(unsigned char *buf, int buflen,
+ int type, unsigned char flags, char *quotes, char_io *io_ch,
void *arg)
{
int i, outlen, len;
- unsigned short orflags;
{
int i, outlen, len;
- unsigned char *p, *q;
+ unsigned char orflags, *p, *q;
unsigned long c;
p = buf;
q = buf + buflen;
@@ -250,7 +245,7 @@ static int do_buf(unsigned char *buf, int buflen,
p = buf;
q = buf + buflen;
* character will never be escaped on first and last.
*/
len =
- do_esc_char(utfbuf[i], (unsigned short)(flags | orflags),
*/
len =
+ do_esc_char(utfbuf[i], (unsigned char)(flags | orflags),
quotes, io_ch, arg);
if (len < 0)
return -1;
@@ -258,7 +253,7 @@ static int do_buf(unsigned char *buf, int buflen,
if (len < 0)
return -1;
}
} else {
len =
- do_esc_char(c, (unsigned short)(flags | orflags), quotes,
+ do_esc_char(c, (unsigned char)(flags | orflags), quotes,
io_ch, arg);
if (len < 0)
return -1;
@@ -360,10 +355,10 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
if (len < 0)
return -1;
int outlen, len;
int type;
char quotes;
- unsigned short flags;
int type;
char quotes;
+ unsigned char flags;
quotes = 0;
/* Keep a copy of escape flags */
- flags = (unsigned short)(lflags & ESC_FLAGS);
/* Keep a copy of escape flags */
+ flags = (unsigned char)(lflags & ESC_FLAGS);
type = str->type;
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -505,11 +505,6 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
# define ASN1_STRFLGS_DUMP_DER 0x200
/*
- * This flag specifies that RC2254 escaping shall be performed.
/*
- */
-#define ASN1_STRFLGS_ESC_2254 0x400
-
-/*
* All the string flags consistent with RFC2253, escaping control characters
* isn't essential in RFC2253 but it is advisable anyway.
*/
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index 117a91e..3305ad1 100644
* isn't essential in RFC2253 but it is advisable anyway.
*/
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@@ -3,13 +3,13 @@
* properties
*/
-static const unsigned short char_type[] = {
+++ b/crypto/asn1/charmap.h
@@ -3,13 +3,13 @@
* properties
*/
- 1026, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+static const unsigned char char_type[] = {
2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 120, 0, 1, 40, 0, 0, 0, 16, 1040, 1040, 1024, 25, 25, 16, 16, 16,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16,
16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16,
0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
- 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1025, 0, 0, 0,
0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0,
0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
};
diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
};
index 9c15fa5..12ac34a 100644
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@@ -18,7 +18,6 @@ my $NOESC_QUOTE = 8; # Not escaped if quoted
my $PSTRING_CHAR = 0x10; # Valid PrintableString character
my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character
-my $RFC2254_ESC = 0x400; # Character escaped \XX
my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character
for($i = 0; $i < 128; $i++) {
# Set the RFC2253 escape characters (control)
@@ -50,14 +49,6 @@ $arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
-# Remaining RFC2254 characters
$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
-
-$arr[0] |= $RFC2254_ESC;
-$arr[ord("(")] |= $RFC2254_ESC;
-$arr[ord(")")] |= $RFC2254_ESC;
-$arr[ord("*")] |= $RFC2254_ESC;
-$arr[ord("\\")] |= $RFC2254_ESC;
-
# Remaining PrintableString characters
$arr[ord(" ")] |= $PSTRING_CHAR;
@@ -81,7 +72,7 @@ print <<EOF;
$arr[ord(" ")] |= $PSTRING_CHAR;
* properties
*/
-static const unsigned short char_type[] = {
+static const unsigned char char_type[] = {
EOF
print " ";
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 13db4c0..26f71c8 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -464,15 +464,10 @@ B<space_eq>, B<lname> and B<align>.
=item B<esc_2253>
-escape the "special" characters required by RFC2253 in a field. That is
+escape the "special" characters required by RFC2253 in a field That is
B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string
and a space character at the beginning or end of a string.
-=item B<esc_2254>
and a space character at the beginning or end of a string.
-
-escape the "special" characters required by RFC2254 in a field. That is
-the B<NUL> character as well as and B<()*>.
-
=item B<esc_ctrl>
escape control characters. That is those with ASCII values less than
escape control characters. That is those with ASCII values less than
Richard Levitte
May 20, 2016, 9:58:04 PM5/20/16
to
The branch OpenSSL_1_0_2-stable has been updated
via d384bf39b17fa879dd91138d08105114b5a25370 (commit)
from a5319447964570ce1e9d2ad34c75d5ded429d857 (commit)
- Log -----------------------------------------------------------------
commit d384bf39b17fa879dd91138d08105114b5a25370
Author: Richard Levitte <lev...@openssl.org>
Date: Fri May 20 16:57:35 2016 +0200
openssl verify: only display the command usage on usage errors
All other errors should only display the error message.
RT#1866
Reviewed-by: Viktor Dukhovni <vik...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/apps/verify.c b/apps/verify.c
index 78e729f..b5ae6b3 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -115,43 +115,43 @@ int MAIN(int argc, char **argv)
if (argc >= 1) {
if (strcmp(*argv, "-CApath") == 0) {
if (argc-- < 1)
- goto end;
+ goto usage;
CApath = *(++argv);
} else if (strcmp(*argv, "-CAfile") == 0) {
if (argc-- < 1)
- goto end;
+ goto usage;
CAfile = *(++argv);
} else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
if (badarg)
- goto end;
+ goto usage;
continue;
} else if (strcmp(*argv, "-untrusted") == 0) {
if (argc-- < 1)
- goto end;
+ goto usage;
untfile = *(++argv);
} else if (strcmp(*argv, "-trusted") == 0) {
if (argc-- < 1)
- goto end;
+ goto usage;
trustfile = *(++argv);
} else if (strcmp(*argv, "-CRLfile") == 0) {
if (argc-- < 1)
- goto end;
+ goto usage;
crlfile = *(++argv);
} else if (strcmp(*argv, "-crl_download") == 0)
crl_download = 1;
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv, "-engine") == 0) {
if (--argc < 1)
- goto end;
+ goto usage;
engine = *(++argv);
}
#endif
else if (strcmp(*argv, "-help") == 0)
- goto end;
+ goto usage;
else if (strcmp(*argv, "-verbose") == 0)
v_verbose = 1;
else if (argv[0][0] == '-')
- goto end;
+ goto usage;
else
break;
argc--;
@@ -228,7 +228,7 @@ int MAIN(int argc, char **argv)
ret = -1;
}
- end:
+ usage:
if (ret == 1) {
BIO_printf(bio_err,
"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
@@ -247,6 +247,7 @@ int MAIN(int argc, char **argv)
X509_PURPOSE_get0_name(ptmp));
}
}
+ end:
if (vpm)
X509_VERIFY_PARAM_free(vpm);
if (cert_ctx != NULL)
Matt Caswell
May 23, 2016, 7:09:09 PM5/23/16
to
The branch OpenSSL_1_0_2-stable has been updated
via e117522e752478a1fbb87117e4660ee20b85acc2 (commit)
from d384bf39b17fa879dd91138d08105114b5a25370 (commit)
- Log -----------------------------------------------------------------
commit e117522e752478a1fbb87117e4660ee20b85acc2
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Apr 25 16:22:31 2016 +0100
Fix error return value in SRP functions
The functions SRP_Calc_client_key() and SRP_Calc_server_key() were
incorrectly returning a valid pointer in the event of error.
Issue reported by Yuan Jochen Kang
(cherry picked from commit 308ff28673ae1a4a1b346761224b4a8851d41f58)
-----------------------------------------------------------------------
Summary of changes:
crypto/srp/srp_lib.c | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index b3e5fbb..6df3b1c 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -159,8 +159,7 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
return NULL;
- if ((bn_ctx = BN_CTX_new()) == NULL ||
- (tmp = BN_new()) == NULL || (S = BN_new()) == NULL)
+ if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL)
goto err;
/* S = (A*v**u) ** b */
@@ -169,8 +168,12 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
goto err;
if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
goto err;
- if (!BN_mod_exp(S, tmp, b, N, bn_ctx))
- goto err;
+
+ S = BN_new();
+ if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) {
+ BN_free(S);
+ S = NULL;
+ }
err:
BN_CTX_free(bn_ctx);
BN_clear_free(tmp);
@@ -267,7 +270,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
if ((tmp = BN_new()) == NULL ||
(tmp2 = BN_new()) == NULL ||
- (tmp3 = BN_new()) == NULL || (K = BN_new()) == NULL)
+ (tmp3 = BN_new()) == NULL)
goto err;
if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
@@ -283,8 +286,11 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
goto err;
if (!BN_add(tmp2, a, tmp3))
goto err;
- if (!BN_mod_exp(K, tmp, tmp2, N, bn_ctx))
goto err;
- goto err;
+ K = BN_new();
+ if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) {
+ BN_free(K);
+ K = NULL;
+ }
err:
BN_CTX_free(bn_ctx);
Matt Caswell
May 23, 2016, 7:14:31 PM5/23/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 649af484c8a15ad916c101aba86c7529dac7eccb (commit)
from e117522e752478a1fbb87117e4660ee20b85acc2 (commit)
- Log -----------------------------------------------------------------
commit 649af484c8a15ad916c101aba86c7529dac7eccb
Author: Matt Caswell <ma...@openssl.org>
Date: Mon May 9 17:44:26 2016 +0100
Fix a mem leak on an error path in OBJ_NAME_add()
If lh_OBJ_NAME_insert() fails then the allocated |onp| value is leaked.
RT#2238
Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 0a618df059d93bf7fe9e3ec92e04db8bc1eeff07)
-----------------------------------------------------------------------
Summary of changes:
crypto/objects/o_names.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index 2485992..f106905 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -191,7 +191,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
onp = (OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
if (onp == NULL) {
/* ERROR */
- return (0);
+ return 0;
}
onp->name = name;
@@ -216,10 +216,11 @@ int OBJ_NAME_add(const char *name, int type, const char *data)
} else {
if (lh_OBJ_NAME_error(names_lh)) {
/* ERROR */
- return (0);
+ OPENSSL_free(onp);
+ return 0;
}
}
- return (1);
+ return 1;
}
int OBJ_NAME_remove(const char *name, int type)
Matt Caswell
May 26, 2016, 11:53:24 AM5/26/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 8e0a94a58a4382296b6c2ba6d7381c48e24e26cd (commit)
via ada5de7ca1deae28713303319694806214dfa7d9 (commit)
from 649af484c8a15ad916c101aba86c7529dac7eccb (commit)
- Log -----------------------------------------------------------------
commit 8e0a94a58a4382296b6c2ba6d7381c48e24e26cd
Author: Matt Caswell <ma...@openssl.org>
Date: Thu May 26 15:54:48 2016 +0100
Check for malloc failure in EVP_PKEY_keygen()
After a call to EVP_PKEY_new() we should check for malloc failure.
RT#4180
Reviewed-by: Stephen Henson <st...@openssl.org>
commit ada5de7ca1deae28713303319694806214dfa7d9
Author: Matt Caswell <ma...@openssl.org>
Date: Thu May 26 15:45:14 2016 +0100
The ssl3_digest_cached_records() function does not handle errors properly
The ssl3_digest_cached_records() function was failing to handle errors
that might be returned from EVP_DigestSignInit() and
EVP_DigestSignUpdate().
RT#4180
Reviewed-by: Stephen Henson <st...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/pmeth_gn.c | 4 +++-
ssl/s3_enc.c | 8 ++++++--
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index 6435f1b..6a4d357 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -149,8 +149,10 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
if (!ppkey)
return -1;
- if (!*ppkey)
+ if (*ppkey == NULL)
*ppkey = EVP_PKEY_new();
+ if (*ppkey == NULL)
+ return -1;
ret = ctx->pmeth->keygen(ctx, *ppkey);
if (ret <= 0) {
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 47a0ec9..b9fc0c7 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -624,8 +624,12 @@ int ssl3_digest_cached_records(SSL *s)
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
}
#endif
- EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL);
- EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen);
+ if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL)
+ || !EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata,
+ hdatalen)) {
+ SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
} else {
s->s3->handshake_dgst[i] = NULL;
Dr. Stephen Henson
May 31, 2016, 9:44:12 AM5/31/16
to
The branch OpenSSL_1_0_2-stable has been updated
via fd785ca8921af85b00755fd1ce3cfe460edb2f95 (commit)
from 8e0a94a58a4382296b6c2ba6d7381c48e24e26cd (commit)
- Log -----------------------------------------------------------------
commit fd785ca8921af85b00755fd1ce3cfe460edb2f95
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Fri May 27 14:18:40 2016 +0100
Parameter copy sanity checks.
Don't copy parameters is they're already present in the destination.
Return error if an attempt is made to copy different parameters to
destination. Update documentation.
If key type is not initialised return missing parameters
RT#4149
Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit f72f00d49549c6620d7101f5e9bf7963da6df9ee)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_ameth.c | 2 +-
crypto/dsa/dsa_ameth.c | 2 +-
crypto/ec/ec_ameth.c | 2 +-
crypto/evp/p_lib.c | 8 ++++++++
doc/crypto/EVP_PKEY_cmp.pod | 4 +++-
5 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index ac72468..4558283 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -519,7 +519,7 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
static int dh_missing_parameters(const EVP_PKEY *a)
{
- if (!a->pkey.dh->p || !a->pkey.dh->g)
+ if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
return 1;
return 0;
}
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index cc83d6e..c4fa105 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -350,7 +350,7 @@ static int dsa_missing_parameters(const EVP_PKEY *pkey)
{
DSA *dsa;
dsa = pkey->pkey.dsa;
- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+ if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
return 1;
return 0;
}
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 83e208c..b529995 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -378,7 +378,7 @@ static int ec_bits(const EVP_PKEY *pkey)
static int ec_missing_parameters(const EVP_PKEY *pkey)
{
- if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+ if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
return 1;
return 0;
}
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index c017124..545d04f 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -130,6 +130,14 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
goto err;
}
+
+ if (!EVP_PKEY_missing_parameters(to)) {
+ if (EVP_PKEY_cmp_parameters(to, from) == 1)
+ return 1;
+ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
+ return 0;
+ }
+
if (from->ameth && from->ameth->param_copy)
return from->ameth->param_copy(to, from);
err:
diff --git a/doc/crypto/EVP_PKEY_cmp.pod b/doc/crypto/EVP_PKEY_cmp.pod
index 0ff027c..f8e7ff1 100644
--- a/doc/crypto/EVP_PKEY_cmp.pod
+++ b/doc/crypto/EVP_PKEY_cmp.pod
@@ -21,7 +21,9 @@ parameters of B<pkey> are missing and 0 if they are present or the algorithm
doesn't use parameters.
The function EVP_PKEY_copy_parameters() copies the parameters from key
-B<from> to key B<to>.
+B<from> to key B<to>. An error is returned if the parameters are missing in
+B<from> or present in both B<from> and B<to> and mismatch. If the parameters
+in B<from> and B<to> are both present and match this function has no effect.
The function EVP_PKEY_cmp_parameters() compares the parameters of keys
B<a> and B<b>.
Rich Salz
May 31, 2016, 4:58:54 PM5/31/16
to
The branch OpenSSL_1_0_2-stable has been updated
via f792c663048f19347a1bb72125e535e4fb2ecf39 (commit)
from fd785ca8921af85b00755fd1ce3cfe460edb2f95 (commit)
- Log -----------------------------------------------------------------
commit f792c663048f19347a1bb72125e535e4fb2ecf39
Author: FdaSilvaYY <fdasi...@gmail.com>
Date: Sun Mar 6 21:26:46 2016 +0100
Fix some missing inits
Backport of 8e89e85f556f549f05d3b49f5408a217ac5e3700
From PR #1019 / #997
Reviewed-by: Matt Caswell <ma...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1019)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_strnid.c | 1 +
crypto/asn1/bio_asn1.c | 6 ++++--
crypto/asn1/bio_ndef.c | 1 +
crypto/bio/bss_bio.c | 4 ++++
4 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index 5224345..2d2303d 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -250,6 +250,7 @@ int ASN1_STRING_TABLE_add(int nid,
}
tmp->flags = flags | STABLE_FLAGS_MALLOC;
tmp->nid = nid;
+ tmp->minsize = tmp->maxsize = -1;
new_nid = 1;
} else
tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
index 60189b3..c3afff6 100644
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -170,10 +170,12 @@ static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
ctx->copylen = 0;
ctx->asn1_class = V_ASN1_UNIVERSAL;
ctx->asn1_tag = V_ASN1_OCTET_STRING;
- ctx->ex_buf = 0;
- ctx->ex_pos = 0;
+ ctx->ex_buf = NULL;
ctx->ex_len = 0;
+ ctx->ex_pos = 0;
ctx->state = ASN1_STATE_START;
+ ctx->prefix = ctx->prefix_free = ctx->suffix = ctx->suffix_free = NULL;
+ ctx->ex_arg = NULL;
return 1;
}
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
index 31949b8..8d70466 100644
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -136,6 +136,7 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
ndef_aux->ndef_bio = sarg.ndef_bio;
ndef_aux->boundary = sarg.boundary;
ndef_aux->out = out;
+ ndef_aux->derbuf = NULL;
BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
index 202cc36..3dd8187 100644
--- a/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
@@ -149,9 +149,13 @@ static int bio_new(BIO *bio)
return 0;
b->peer = NULL;
+ b->closed = 0;
+ b->len = 0;
+ b->offset = 0;
/* enough for one TLS record (just a default) */
b->size = 17 * 1024;
b->buf = NULL;
+ b->request = 0;
bio->ptr = b;
return 1;
Matt Caswell
Jun 1, 2016, 9:27:54 AM6/1/16
to
The branch OpenSSL_1_0_2-stable has been updated
via a004e72b95835136d3f1ea90517f706c24c03da7 (commit)
from f792c663048f19347a1bb72125e535e4fb2ecf39 (commit)
- Log -----------------------------------------------------------------
commit a004e72b95835136d3f1ea90517f706c24c03da7
Author: Matt Caswell <ma...@openssl.org>
Date: Thu May 5 11:10:26 2016 +0100
Avoid some undefined pointer arithmetic
A common idiom in the codebase is:
if (p + len > limit)
{
return; /* Too long */
}
Where "p" points to some malloc'd data of SIZE bytes and
limit == p + SIZE
"len" here could be from some externally supplied data (e.g. from a TLS
message).
The rules of C pointer arithmetic are such that "p + len" is only well
defined where len <= SIZE. Therefore the above idiom is actually
undefined behaviour.
For example this could cause problems if some malloc implementation
provides an address for "p" such that "p + len" actually overflows for
values of len that are too big and therefore p + len < limit!
Issue reported by Guido Vranken.
CVE-2016-2177
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/ssl_sess.c | 2 +-
ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++--------------------------
3 files changed, 38 insertions(+), 34 deletions(-)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ab28702..ab7f690 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
session_length = *(p + SSL3_RANDOM_SIZE);
- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
/* get the session-id */
j = *(p++);
- if (p + j > d + n) {
+ if ((d + n) - p < j) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
if (SSL_IS_DTLS(s)) {
/* cookie stuff */
- if (p + 1 > d + n) {
+ if ((d + n) - p < 1) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
}
cookie_len = *(p++);
- if (p + cookie_len > d + n) {
+ if ((d + n ) - p < cookie_len) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
}
}
- if (p + 2 > d + n) {
+ if ((d + n ) - p < 2) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
goto f_err;
@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
}
/* i bytes of cipher data + 1 byte for compression length later */
- if ((p + i + 1) > (d + n)) {
+ if ((d + n) - p < i + 1) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
/* compression */
i = *(p++);
- if ((p + i) > (d + n)) {
+ if ((d + n) - p < i) {
/* not enough data */
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index b182998..54ee783 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
int r;
#endif
- if (session_id + len > limit) {
+ if (limit - session_id < len) {
fatal = 1;
goto err;
}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fb64607..cdac011 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
0x02, 0x03, /* SHA-1/ECDSA */
};
- if (data >= (limit - 2))
+ if (limit - data <= 2)
return;
data += 2;
- if (data > (limit - 4))
+ if (limit - data < 4)
return;
n2s(data, type);
n2s(data, size);
@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
if (type != TLSEXT_TYPE_server_name)
return;
- if (data + size > limit)
+ if (limit - data < size)
return;
data += size;
@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
const size_t len1 = sizeof(kSafariExtensionsBlock);
const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
- if (data + len1 + len2 != limit)
+ if (limit - data != (int)(len1 + len2))
return;
if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
return;
@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
} else {
const size_t len = sizeof(kSafariExtensionsBlock);
- if (data + len != limit)
+ if (limit - data != (int)(len))
return;
if (memcmp(data, kSafariExtensionsBlock, len) != 0)
return;
@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
if (data == limit)
goto ri_check;
- if (data > (limit - 2))
+ if (limit - data < 2)
goto err;
n2s(data, len);
- if (data + len != limit)
+ if (limit - data != len)
goto err;
- while (data <= (limit - 4)) {
+ while (limit - data >= 4) {
n2s(data, type);
n2s(data, size);
- if (data + size > (limit))
+ if (limit - data < size)
goto err;
# if 0
fprintf(stderr, "Received extension type %d size %d\n", type, size);
@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
if (s->hit || s->cert->srv_ext.meths_count == 0)
return 1;
- if (data >= limit - 2)
+ if (limit - data <= 2)
return 1;
n2s(data, len);
- if (data > limit - len)
+ if (limit - data < len)
return 1;
- while (data <= limit - 4) {
+ while (limit - data >= 4) {
n2s(data, type);
n2s(data, size);
- if (data + size > limit)
+ if (limit - data < size)
return 1;
if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
return 0;
@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
# endif
- if (data >= (d + n - 2))
+ if ((d + n) - data <= 2)
goto ri_check;
n2s(data, length);
- if (data + length != d + n) {
+ if ((d + n) - data != length) {
*al = SSL_AD_DECODE_ERROR;
return 0;
}
- while (data <= (d + n - 4)) {
+ while ((d + n) - data >= 4) {
n2s(data, type);
n2s(data, size);
- if (data + size > (d + n))
+ if ((d + n) - data < size)
goto ri_check;
if (s->tlsext_debug_cb)
@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
/* Skip past DTLS cookie */
if (SSL_IS_DTLS(s)) {
i = *(p++);
- p += i;
- if (p >= limit)
+
+ if (limit - p <= i)
return -1;
+
+ p += i;
}
/* Skip past cipher list */
n2s(p, i);
- p += i;
- if (p >= limit)
+ if (limit - p <= i)
return -1;
+ p += i;
+
/* Skip past compression algorithm list */
i = *(p++);
- p += i;
- if (p > limit)
+ if (limit - p < i)
return -1;
+ p += i;
+
/* Now at start of extensions */
- if ((p + 2) >= limit)
+ if (limit - p <= 2)
return 0;
n2s(p, i);
- while ((p + 4) <= limit) {
+ while (limit - p >= 4) {
unsigned short type, size;
n2s(p, type);
n2s(p, size);
- if (p + size > limit)
+ if (limit - p < size)
return 0;
if (type == TLSEXT_TYPE_session_ticket) {
int r;
Matt Caswell
Jun 3, 2016, 12:17:18 PM6/3/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 733f72f182f420282bc248441cbf34a0f3721e7f (commit)
from a004e72b95835136d3f1ea90517f706c24c03da7 (commit)
- Log -----------------------------------------------------------------
commit 733f72f182f420282bc248441cbf34a0f3721e7f
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 3 17:12:08 2016 +0100
Update CONTRIBUTING
Fix typos and clarify a few things in the CONTRIBUTING file.
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/CONTRIBUTING b/CONTRIBUTING
index 1bfbc1b..07115e5 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -1,11 +1,11 @@
HOW TO CONTRIBUTE TO PATCHES OpenSSL
------------------------------------
-(Please visit https://openssl.org/community/getting-started.html for
+(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is coordinated on the openssl-dev mailing list (see the
-above link or http://mta.openssl.org for information on subscribing).
+above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
@@ -16,7 +16,7 @@ The best way to submit a patch is to make a pull request on GitHub.
If you think the patch could use feedback from the community, please
start a thread on openssl-dev.
-You can also submit patches by sending it as mail to rt@opensslorg.
+You can also submit patches by sending it as mail to r...@openssl.org.
Please include the word "PATCH" and an explanation of what the patch
does in the subject line. If you do this, our preferred format is "git
format-patch" output. For example to provide a patch file containing the
@@ -42,7 +42,7 @@ the acceptance and review process faster:
1. Anything other than trivial contributions will require a contributor
licensing agreement, giving us permission to use your code. See
- https://openssl.org/policies/cla.html for details.
+ https://www.openssl.org/policies/cla.html for details.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
@@ -56,13 +56,20 @@ the acceptance and review process faster:
https://www.openssl.org/source/license.html
3. Patches should be as current as possible. When using GitHub, please
+ expect to have to rebase and update often. Note that we do not accept merge
+ commits. You will be asked to remove them before a patch is considered
+ acceptable.
- 3. Patches should follow our coding style (see
+ 4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
- warnings using the --strict-warnings flag. OpenSSL compiles on many
- varied platforms: try to ensure you only use portable features.
+ warnings. Where gcc or clang is availble you should use the
+ --strict-warnings Configure option. OpenSSL compiles on many varied
+ platforms: try to ensure you only use portable features.
- 4. When at all possible, patches should include tests. These can either be
+ 5. When at all possible, patches should include tests. These can either be
added to an existing test, or completely new. Please see test/README
for information on the test framework.
+
+ 6. New features or changed functionality must include documentation. Please
+ look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
+ our style.
Rich Salz
Jun 3, 2016, 1:08:36 PM6/3/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 782a2be2ed5f4781d6c90d56ccf4a608b875f325 (commit)
from 733f72f182f420282bc248441cbf34a0f3721e7f (commit)
- Log -----------------------------------------------------------------
commit 782a2be2ed5f4781d6c90d56ccf4a608b875f325
Author: Dirk Feytons <dirk.f...@technicolor.com>
Date: Thu Jun 2 15:31:57 2016 +0200
Fix build with no-cmac
Add missing ifdefs. Same change is already present in master, see
b4a3aeebd9f9280aa7e69a343f5c824e68466d90
(Merged from https://github.com/openssl/openssl/pull/1155)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/ameth_lib.c | 2 ++
crypto/evp/pmeth_lib.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 5389c04..43ddebb 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -93,7 +93,9 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
&eckey_asn1_meth,
#endif
&hmac_asn1_meth,
+#ifndef OPENSSL_NO_CMAC
&cmac_asn1_meth,
+#endif
#ifndef OPENSSL_NO_DH
&dhx_asn1_meth
#endif
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 9f81d10..9668b3a 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -91,7 +91,9 @@ static const EVP_PKEY_METHOD *standard_methods[] = {
&ec_pkey_meth,
#endif
&hmac_pkey_meth,
+#ifndef OPENSSL_NO_CMAC
&cmac_pkey_meth,
+#endif
#ifndef OPENSSL_NO_DH
&dhx_pkey_meth
#endif
Matt Caswell
Jun 3, 2016, 3:33:56 PM6/3/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 96f1de5bf40af27db3df91c106d799fa86165eb9 (commit)
via f3cab0b11ffd1e1816f34a2880493ff1a3313f49 (commit)
from 782a2be2ed5f4781d6c90d56ccf4a608b875f325 (commit)
- Log -----------------------------------------------------------------
commit 96f1de5bf40af27db3df91c106d799fa86165eb9
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 3 15:53:54 2016 +0100
BIO_printf() can fail to print the last character
If the string to print is exactly 2048 character long (excluding the NULL
terminator) then BIO_printf will chop off the last byte. This is because
it has filled its static buffer but hasn't yet allocated a dynamic buffer.
In cases where we don't have a dynamic buffer we need to truncate but that
is not the case for BIO_printf(). We need to check whether we are able to
have a dynamic buffer buffer deciding to truncate.
Reviewed-by: Rich Salz <rs...@openssl.org>
commit f3cab0b11ffd1e1816f34a2880493ff1a3313f49
Author: Jonas Maebe <jonas...@elis.ugent.be>
Date: Sun Dec 8 17:24:18 2013 +0100
cryptodev_asym, zapparams: use OPENSSL_* allocation routines, handle errors
zapparams modification based on tip from Matt Caswell
RT#3198
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/bio/b_print.c | 12 +++++++++---
-----------------------------------------------------------------------
Summary of changes:
crypto/engine/eng_cryptodev.c | 23 ++++++++++++++++-------
2 files changed, 25 insertions(+), 10 deletions(-)
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 90248fa..987fe06 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -423,9 +423,15 @@ _dopr(char **sbuffer,
break;
}
}
- *truncated = (currlen > *maxlen - 1);
- if (*truncated)
- currlen = *maxlen - 1;
+ /*
+ * We have to truncate if there is no dynamic buffer and we have filled the
+ * static buffer.
+ */
+ if (buffer == NULL) {
+ *truncated = (currlen > *maxlen - 1);
+ if (*truncated)
+ currlen = *maxlen - 1;
+ }
if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
return 0;
*retlen = currlen - 1;
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 8fb9c33..5a2ca6d 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -26,6 +26,7 @@
*
*/
+#include <string.h>
#include <openssl/objects.h>
#include <openssl/engine.h>
#include <openssl/evp.h>
@@ -1064,8 +1065,7 @@ static void zapparams(struct crypt_kop *kop)
int i;
for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
- if (kop->crk_param[i].crp_p)
- free(kop->crk_param[i].crp_p);
+ OPENSSL_free(kop->crk_param[i].crp_p);
kop->crk_param[i].crp_p = NULL;
kop->crk_param[i].crp_nbits = 0;
}
@@ -1078,16 +1078,25 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
int fd, ret = -1;
if ((fd = get_asym_dev_crypto()) < 0)
- return (ret);
+ return ret;
if (r) {
- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+ kop->crk_param[kop->crk_iparams].crp_p = OPENSSL_malloc(rlen);
+ if (kop->crk_param[kop->crk_iparams].crp_p == NULL)
+ return ret;
+ memset(kop->crk_param[kop->crk_iparams].crp_p, 0, (size_t)rlen);
kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
kop->crk_oparams++;
}
if (s) {
- kop->crk_param[kop->crk_iparams + 1].crp_p =
- calloc(slen, sizeof(char));
+ kop->crk_param[kop->crk_iparams + 1].crp_p = OPENSSL_malloc(slen);
+ /* No need to free the kop->crk_iparams parameter if it was allocated,
+ * callers of this routine have to free allocated parameters through
+ * zapparams both in case of success and failure
+ */
+ if (kop->crk_param[kop->crk_iparams+1].crp_p == NULL)
+ return ret;
+ memset(kop->crk_param[kop->crk_iparams + 1].crp_p, 0, (size_t)slen);
kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
kop->crk_oparams++;
}
@@ -1100,7 +1109,7 @@ cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
ret = 0;
}
- return (ret);
+ return ret;
}
static int
Matt Caswell
Jun 3, 2016, 7:02:38 PM6/3/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 46bad91986eb56f2beb9059e14fb4ee94c3f952a (commit)
from 96f1de5bf40af27db3df91c106d799fa86165eb9 (commit)
- Log -----------------------------------------------------------------
commit 46bad91986eb56f2beb9059e14fb4ee94c3f952a
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 3 21:49:01 2016 +0100
Fix documentation error in x509 app certopt flag
According to the x509 man page in the section discussing -certopt it says
that the ca_default option is the same as that used by the ca utility and
(amongst other things) has the effect of suppressing printing of the
signature - but in fact it doesn't. This error seems to have been present
since the documentation was written back in 2001. It never had this effect.
The default config file sets the certopt value to ca_default. The ca utility
takes that and THEN adds additional options to suppress printing of the
signature. So the ca utility DOES suppress printing of the signature - but
it is not as a result of using the ca_default option.
GitHub Issue #247
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 39a470088af6f833bd1a912908c44bf4a9f48b0c)
-----------------------------------------------------------------------
Summary of changes:
doc/apps/x509.pod | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 26f71c8..1479a74 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -642,8 +642,8 @@ hex dump unsupported extensions.
=item B<ca_default>
-the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>,
-B<no_version>, B<no_sigdump> and B<no_signame>.
+the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>,
+B<no_header>, and B<no_version>.
=back
Matt Caswell
Jun 6, 2016, 6:34:36 AM6/6/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 621eaf49a289bfac26d4cbcdb7396e796784c534 (commit)
from 46bad91986eb56f2beb9059e14fb4ee94c3f952a (commit)
- Log -----------------------------------------------------------------
commit 621eaf49a289bfac26d4cbcdb7396e796784c534
Author: Cesar Pereida <cesar....@aalto.fi>
Date: Mon May 23 12:45:25 2016 +0300
Fix DSA, preserve BN_FLG_CONSTTIME
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
implementation means that a non-constant time codepath is followed for
certain operations. This has been demonstrated through a cache-timing
attack to be sufficient for an attacker to recover the private DSA key.
CVE-2016-2178
Reviewed-by: Richard Levitte <lev...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_ossl.c | 6 +++---
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index efc4f1b..b29eb4b 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
if (!BN_rand_range(&k, dsa->q))
goto err;
while (BN_is_zero(&k)) ;
- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
- BN_set_flags(&k, BN_FLG_CONSTTIME);
- }
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
@@ -279,9 +276,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
}
K = &kq;
+
+ BN_set_flags(K, BN_FLG_CONSTTIME);
} else {
K = &k;
}
+
DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
dsa->method_mont_p);
if (!BN_mod(r, r, dsa->q, ctx))
Matt Caswell
Jun 7, 2016, 10:25:41 AM6/7/16
to
The branch OpenSSL_1_0_2-stable has been updated
via b7d0f2834e139a20560d64c73e2565e93715ce2b (commit)
from 621eaf49a289bfac26d4cbcdb7396e796784c534 (commit)
- Log -----------------------------------------------------------------
commit b7d0f2834e139a20560d64c73e2565e93715ce2b
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jun 7 09:12:51 2016 +0100
More fix DSA, preserve BN_FLG_CONSTTIME
The previous "fix" still left "k" exposed to constant time problems in
the later BN_mod_inverse() call. Ensure both k and kq have the
BN_FLG_CONSTTIME flag set at the earliest opportunity after creation.
CVE-2016-2178
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_ossl.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index b29eb4b..58013a4 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -247,7 +247,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
do
if (!BN_rand_range(&k, dsa->q))
goto err;
- while (BN_is_zero(&k)) ;
goto err;
+ while (BN_is_zero(&k));
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+ BN_set_flags(&k, BN_FLG_CONSTTIME);
+ }
+
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
if (!BN_copy(&kq, &k))
goto err;
+ BN_set_flags(&kq, BN_FLG_CONSTTIME);
+
/*
* We do not want timing information to leak the length of k, so we
* compute g^k using an equivalent exponent of fixed length. (This
@@ -276,8 +283,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
}
K = &kq;
-
- BN_set_flags(K, BN_FLG_CONSTTIME);
} else {
K = &k;
}
Matt Caswell
Jun 7, 2016, 5:03:32 PM6/7/16
to
The branch OpenSSL_1_0_2-stable has been updated
via e4c4b2766bb97b34ea3479252276ab7c66311809 (commit)
via e82fd1b4574c8908b2c3bb68e1237f057a981820 (commit)
from b7d0f2834e139a20560d64c73e2565e93715ce2b (commit)
- Log -----------------------------------------------------------------
commit e4c4b2766bb97b34ea3479252276ab7c66311809
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 31 11:38:52 2016 +0100
Add a BN_mod_word test()
The previous commit fixed a bug with BN_mod_word() which would have been
caught if we had a test for it. This commit adds one.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
commit e82fd1b4574c8908b2c3bb68e1237f057a981820
Author: Matt Caswell <ma...@openssl.org>
Date: Tue May 31 11:28:14 2016 +0100
Fix BN_mod_word bug
On systems where we do not have BN_ULLONG (e.g. typically 64 bit systems)
then BN_mod_word() can return incorrect results if the supplied modulus is
too big.
RT#4501
Reviewed-by: Andy Polyakov <ap...@openssl.org>
(cherry picked from commit 37258dadaa9e36db4b96a3aa54aa6c67136160cc)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_word.c | 22 ++++++++++++++++++++++
crypto/bn/bntest.c | 8 +++++++-
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c
index b031a60..9b5f9cb 100644
--- a/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
@@ -72,10 +72,32 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
if (w == 0)
return (BN_ULONG)-1;
+#ifndef BN_LLONG
+ /*
+ * If |w| is too long and we don't have BN_ULLONG then we need to fall
+ * back to using BN_div_word
+ */
+ if (w > ((BN_ULONG)1 << BN_BITS4)) {
+ BIGNUM *tmp = BN_dup(a);
+ if (tmp == NULL)
+ return (BN_ULONG)-1;
+
+ ret = BN_div_word(tmp, w);
+ BN_free(tmp);
+
+ return ret;
+ }
+#endif
+
bn_check_top(a);
w &= BN_MASK2;
for (i = a->top - 1; i >= 0; i--) {
#ifndef BN_LLONG
+ /*
+ * We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so
+ * | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are
+ * safe and will not overflow
+ */
ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
#else
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index 1e35988..a327b1a 100644
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -514,7 +514,7 @@ static void print_word(BIO *bp, BN_ULONG w)
int test_div_word(BIO *bp)
{
BIGNUM a, b;
- BN_ULONG r, s;
+ BN_ULONG r, rmod, s;
int i;
BN_init(&a);
@@ -528,8 +528,14 @@ int test_div_word(BIO *bp)
s = b.d[0];
BN_copy(&b, &a);
+ rmod = BN_mod_word(&b, s);
r = BN_div_word(&b, s);
+ if (rmod != r) {
+ fprintf(stderr, "Mod (word) test failed!\n");
+ return 0;
+ }
+
if (bp != NULL) {
+ }
+
if (!results) {
BN_print(bp, &a);
Matt Caswell
Jun 10, 2016, 11:06:58 AM6/10/16
to
The branch OpenSSL_1_0_2-stable has been updated
via f6186cfba64593d3cefd6851a487a21abd0657a3 (commit)
from e4c4b2766bb97b34ea3479252276ab7c66311809 (commit)
- Log -----------------------------------------------------------------
commit f6186cfba64593d3cefd6851a487a21abd0657a3
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 10 14:25:15 2016 +0100
Fix seg fault in TS_RESP_verify_response()
The TS_RESP_verify_response() function is used for verifying the response
from a TSA. You can set the provided TS_VERIFY_CTX with different flags
depending on what aspects of the response you wish to verify.
A seg fault will occur if you supply the TS_VFY_SIGNER or TS_VFY_TSA_NAME
flags without also specifying TS_VFY_SIGNATURE.
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 29aa5a4..97d9c81 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -434,51 +434,58 @@ static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx,
unsigned char *imprint = NULL;
unsigned imprint_len = 0;
int ret = 0;
+ int flags = ctx->flags;
+
+ /* Some options require us to also check the signature */
+ if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
+ || (flags & TS_VFY_TSA_NAME)) {
+ flags |= TS_VFY_SIGNATURE;
+ }
/* Verify the signature. */
- if ((ctx->flags & TS_VFY_SIGNATURE)
+ if ((flags & TS_VFY_SIGNATURE)
&& !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
goto err;
/* Check version number of response. */
- if ((ctx->flags & TS_VFY_VERSION)
+ if ((flags & TS_VFY_VERSION)
&& TS_TST_INFO_get_version(tst_info) != 1) {
TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
goto err;
}
/* Check policies. */
- if ((ctx->flags & TS_VFY_POLICY)
+ if ((flags & TS_VFY_POLICY)
&& !TS_check_policy(ctx->policy, tst_info))
goto err;
/* Check message imprints. */
- if ((ctx->flags & TS_VFY_IMPRINT)
+ if ((flags & TS_VFY_IMPRINT)
&& !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
tst_info))
goto err;
/* Compute and check message imprints. */
- if ((ctx->flags & TS_VFY_DATA)
+ if ((flags & TS_VFY_DATA)
&& (!TS_compute_imprint(ctx->data, tst_info,
&md_alg, &imprint, &imprint_len)
|| !TS_check_imprints(md_alg, imprint, imprint_len, tst_info)))
goto err;
/* Check nonces. */
- if ((ctx->flags & TS_VFY_NONCE)
+ if ((flags & TS_VFY_NONCE)
&& !TS_check_nonces(ctx->nonce, tst_info))
goto err;
/* Check whether TSA name and signer certificate match. */
- if ((ctx->flags & TS_VFY_SIGNER)
+ if ((flags & TS_VFY_SIGNER)
&& tsa_name && !TS_check_signer_name(tsa_name, signer)) {
TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
goto err;
}
/* Check whether the TSA is the expected one. */
- if ((ctx->flags & TS_VFY_TSA_NAME)
+ if ((flags & TS_VFY_TSA_NAME)
&& !TS_check_signer_name(ctx->tsa_name, signer)) {
TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
goto err;
Matt Caswell
Jun 10, 2016, 11:50:30 AM6/10/16
to
The branch OpenSSL_1_0_2-stable has been updated
via e6f65f769d87846bdc5b58ef8d2ef4074044022d (commit)
via 4457017587efae316ac10b159f2e5b0cc81d9921 (commit)
from f6186cfba64593d3cefd6851a487a21abd0657a3 (commit)
- Log -----------------------------------------------------------------
commit e6f65f769d87846bdc5b58ef8d2ef4074044022d
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 10 15:30:41 2016 +0100
Fix an error path leak in int X509_ATTRIBUTE_set1_data()
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 5000a6d1215ea7d6ed6179d0bcd44263f6e3c26b)
commit 4457017587efae316ac10b159f2e5b0cc81d9921
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 10 15:30:09 2016 +0100
Fix an error path leak in do_ext_nconf()
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 8605abf13523579ecab8b1f2a4bcb8354d94af79)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_att.c | 12 +++++++++---
crypto/x509v3/v3_conf.c | 4 +++-
2 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index bd59281..2501075 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -296,7 +296,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
const void *data, int len)
{
- ASN1_TYPE *ttmp;
+ ASN1_TYPE *ttmp = NULL;
ASN1_STRING *stmp = NULL;
int atype = 0;
if (!attr)
@@ -324,20 +324,26 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
* least one value but some types use and zero length SET and require
* this.
*/
- if (attrtype == 0)
+ if (attrtype == 0) {
+ ASN1_STRING_free(stmp);
return 1;
+ }
if (!(ttmp = ASN1_TYPE_new()))
goto err;
if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
if (!ASN1_TYPE_set1(ttmp, attrtype, data))
goto err;
- } else
+ } else {
ASN1_TYPE_set(ttmp, atype, stmp);
+ stmp = NULL;
+ }
if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
goto err;
return 1;
err:
X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+ ASN1_TYPE_free(ttmp);
+ ASN1_STRING_free(stmp);
return 0;
}
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index eeff8bd..c1b4c1a 100644
--- a/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
@@ -135,11 +135,13 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
nval = NCONF_get_section(conf, value + 1);
else
nval = X509V3_parse_list(value);
- if (sk_CONF_VALUE_num(nval) <= 0) {
+ if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
X509V3err(X509V3_F_DO_EXT_NCONF,
X509V3_R_INVALID_EXTENSION_STRING);
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
value);
+ if (*value != '@')
+ sk_CONF_VALUE_free(nval);
return NULL;
}
ext_struc = method->v2i(method, ctx, nval);
Andy Polyakov
Jun 12, 2016, 7:49:18 AM6/12/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 5bbdc26cadc01cab811040e861f1f98e0f3af348 (commit)
via 4f0b6e6775e4bd08cb2fc89a2f32c84c441f290d (commit)
from e6f65f769d87846bdc5b58ef8d2ef4074044022d (commit)
- Log -----------------------------------------------------------------
commit 5bbdc26cadc01cab811040e861f1f98e0f3af348
Author: Andy Polyakov <ap...@openssl.org>
Date: Thu Jun 9 21:56:09 2016 +0200
crypto/mem_clr.c: switch to OPENSSL_cleanse implementation from master.
It's probably worth reminding that this is a fall-back implementation
for platforms that don't have assembly OPENSSL_cleanse.
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 4f0b6e6775e4bd08cb2fc89a2f32c84c441f290d
Author: Andy Polyakov <ap...@openssl.org>
Date: Thu Jun 9 21:54:19 2016 +0200
hmac/hmac.c: switch to OPENSSL_cleanse.
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/mem_clr.c | 24 +++++++++---------------
2 files changed, 10 insertions(+), 16 deletions(-)
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 51a0a3e..213504e 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -234,7 +234,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx)
EVP_MD_CTX_cleanup(&ctx->i_ctx);
EVP_MD_CTX_cleanup(&ctx->o_ctx);
EVP_MD_CTX_cleanup(&ctx->md_ctx);
- memset(ctx, 0, sizeof *ctx);
+ OPENSSL_cleanse(ctx, sizeof *ctx);
}
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
index ab85344..579e9d1 100644
--- a/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
@@ -60,22 +60,16 @@
#include <string.h>
#include <openssl/crypto.h>
-unsigned char cleanse_ctr = 0;
+/*
+ * Pointer to memset is volatile so that compiler must de-reference
+ * the pointer and can't assume that it points to any function in
+ * particular (such as memset, which it then might further "optimize")
+ */
+typedef void *(*memset_t)(void *,int,size_t);
+
+static volatile memset_t memset_func = memset;
void OPENSSL_cleanse(void *ptr, size_t len)
{
- unsigned char *p = ptr;
- size_t loop = len, ctr = cleanse_ctr;
-
- if (ptr == NULL)
- return;
-
- while (loop--) {
- *(p++) = (unsigned char)ctr;
- ctr += (17 + ((size_t)p & 0xF));
- }
- p = memchr(ptr, (unsigned char)ctr, len);
- if (p)
- ctr += (63 + (size_t)p);
- cleanse_ctr = (unsigned char)ctr;
+ memset_func(ptr, 0, len);
Rich Salz
Jun 12, 2016, 7:54:54 AM6/12/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 63b2499b6733022c6d1906709df4d808c44b634e (commit)
from 5bbdc26cadc01cab811040e861f1f98e0f3af348 (commit)
- Log -----------------------------------------------------------------
commit 63b2499b6733022c6d1906709df4d808c44b634e
Author: Phillip Hellewell <ssh...@gmail.com>
Date: Sat Jun 11 20:04:21 2016 -0400
RT3053: Check for NULL before dereferencing
Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit 6b3602882e089aaca18828a72d9f4072e6a20252)
-----------------------------------------------------------------------
Summary of changes:
crypto/cms/cms_lib.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index d6cb60d..6d27c49 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -413,6 +413,8 @@ static STACK_OF(CMS_CertificateChoices)
return &cms->d.signedData->certificates;
case NID_pkcs7_enveloped:
+ if (cms->d.envelopedData->originatorInfo == NULL)
+ return NULL;
return &cms->d.envelopedData->originatorInfo->certificates;
default:
@@ -488,6 +490,8 @@ static STACK_OF(CMS_RevocationInfoChoice)
return &cms->d.signedData->crls;
case NID_pkcs7_enveloped:
+ if (cms->d.envelopedData->originatorInfo == NULL)
+ return NULL;
return &cms->d.envelopedData->originatorInfo->crls;
default:
Dr. Stephen Henson
Jun 12, 2016, 3:21:17 PM6/12/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 80e07cc7f0ce97b8898780082d70e0cb0adb3f61 (commit)
from 63b2499b6733022c6d1906709df4d808c44b634e (commit)
- Log -----------------------------------------------------------------
commit 80e07cc7f0ce97b8898780082d70e0cb0adb3f61
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Wed Jun 8 19:01:42 2016 +0100
Don't skip leading zeroes in PSK keys.
Don't use BN_hex2bn() for PSK key conversion as the conversion to
BN and back removes leading zeroes, use OPENSSL_hexstr2buf() instead.
RT#4554
Reviewed-by: Matt Caswell <ma...@openssl.org>
(cherry picked from commit 6ec6d5207187dbc1dbd971bd50ea17c9a94906d0)
Conflicts:
apps/s_client.c
apps/s_server.c
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 33 +++++++++++++++------------------
apps/s_server.c | 33 +++++++++++++--------------------
2 files changed, 28 insertions(+), 38 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index 0c1102b..80cbd94 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -242,9 +242,9 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
unsigned char *psk,
unsigned int max_psk_len)
{
- unsigned int psk_len = 0;
int ret;
- BIGNUM *bn = NULL;
+ long key_len;
+ unsigned char *key;
if (c_debug)
BIO_printf(bio_c_out, "psk_client_cb\n");
@@ -265,32 +265,29 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
if (c_debug)
BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
ret);
- ret = BN_hex2bn(&bn, psk_key);
- if (!ret) {
- BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
+
+ /* convert the PSK key to binary */
+ key = OPENSSL_hexstr2buf(psk_key, &key_len);
+ if (key == NULL) {
+ BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
psk_key);
- if (bn)
- BN_free(bn);
return 0;
}
-
- if ((unsigned int)BN_num_bytes(bn) > max_psk_len) {
+ if (key_len > max_psk_len) {
BIO_printf(bio_err,
- "psk buffer of callback is too small (%d) for key (%d)\n",
- max_psk_len, BN_num_bytes(bn));
- BN_free(bn);
+ "psk buffer of callback is too small (%d) for key (%ld)\n",
+ max_psk_len, key_len);
+ OPENSSL_free(key);
return 0;
}
- psk_len = BN_bn2bin(bn, psk);
- BN_free(bn);
- if (psk_len == 0)
- goto out_err;
+ memcpy(psk, key, key_len);
+ OPENSSL_free(key);
if (c_debug)
- BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
+ BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len);
- return psk_len;
+ return key_len;
out_err:
if (c_debug)
BIO_printf(bio_err, "Error in PSK client callback\n");
diff --git a/apps/s_server.c b/apps/s_server.c
index 09c755b..ceacd89 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -353,9 +353,8 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len)
{
- unsigned int psk_len = 0;
- int ret;
- BIGNUM *bn = NULL;
+ long key_len = 0;
+ unsigned char *key;
if (s_debug)
BIO_printf(bio_s_out, "psk_server_cb\n");
@@ -377,32 +376,26 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
BIO_printf(bio_s_out, "PSK client identity found\n");
/* convert the PSK key to binary */
- ret = BN_hex2bn(&bn, psk_key);
- if (!ret) {
- BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
+ key = OPENSSL_hexstr2buf(psk_key, &key_len);
+ if (key == NULL) {
+ BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
psk_key);
- if (bn)
- BN_free(bn);
return 0;
}
- if (BN_num_bytes(bn) > (int)max_psk_len) {
+ if (key_len > (int)max_psk_len) {
BIO_printf(bio_err,
- "psk buffer of callback is too small (%d) for key (%d)\n",
- max_psk_len, BN_num_bytes(bn));
- BN_free(bn);
+ "psk buffer of callback is too small (%d) for key (%ld)\n",
+ max_psk_len, key_len);
+ OPENSSL_free(key);
return 0;
}
- ret = BN_bn2bin(bn, psk);
- BN_free(bn);
-
- if (ret < 0)
- goto out_err;
- psk_len = (unsigned int)ret;
+ memcpy(psk, key, key_len);
+ OPENSSL_free(key);
if (s_debug)
- BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
- return psk_len;
+ BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
+ return key_len;
out_err:
if (s_debug)
BIO_printf(bio_err, "Error in PSK server callback\n");
Andy Polyakov
Jun 12, 2016, 6:10:26 PM6/12/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 6397ac585d6d4101be0fb742ac0db5074bd4e8a6 (commit)
from 80e07cc7f0ce97b8898780082d70e0cb0adb3f61 (commit)
- Log -----------------------------------------------------------------
commit 6397ac585d6d4101be0fb742ac0db5074bd4e8a6
Author: Andy Polyakov <ap...@openssl.org>
Date: Sun Jun 12 20:04:50 2016 +0200
crypto/mem.c: drop reference to cleanse_ctr and fix no-asm builds.
crypto/mem_clr.c was harmonized with master branch and doesn't use
cleanse_ctr kludge anymore.
RT#4563
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 24 deletions(-)
diff --git a/crypto/mem.c b/crypto/mem.c
index fdad49b..1e873e3 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -298,18 +298,6 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
if (malloc_debug_func != NULL)
malloc_debug_func(ret, num, file, line, 1);
-#ifndef OPENSSL_CPUID_OBJ
- /*
- * Create a dependency on the value of 'cleanse_ctr' so our memory
- * sanitisation function can't be optimised out. NB: We only do this for
- * >2Kb so the overhead doesn't bother us.
- */
- if (ret && (num > 2048)) {
- extern unsigned char cleanse_ctr;
- ((unsigned char *)ret)[0] = cleanse_ctr;
- }
-#endif
-
return ret;
}
@@ -346,18 +334,6 @@ void *CRYPTO_malloc(int num, const char *file, int line)
if (malloc_debug_func != NULL)
malloc_debug_func(ret, num, file, line, 1);
-#ifndef OPENSSL_CPUID_OBJ
- /*
- * Create a dependency on the value of 'cleanse_ctr' so our memory
- * sanitisation function can't be optimised out. NB: We only do this for
- * >2Kb so the overhead doesn't bother us.
- */
- if (ret && (num > 2048)) {
- extern unsigned char cleanse_ctr;
- ((unsigned char *)ret)[0] = cleanse_ctr;
- }
-#endif
-
return ret;
Rich Salz
Jun 12, 2016, 9:29:15 PM6/12/16
to
The branch OpenSSL_1_0_2-stable has been updated
via ccd582c2f1bd3bea1423a0205692dc2e358ace51 (commit)
from 6397ac585d6d4101be0fb742ac0db5074bd4e8a6 (commit)
- Log -----------------------------------------------------------------
commit ccd582c2f1bd3bea1423a0205692dc2e358ace51
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sun Jun 12 23:22:30 2016 +0100
Fix link error.
Use string_to_hex, OPENSSL_hexstr2buf() doesn't exist in OpenSSL 1.0.2
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/s_server.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index 80cbd94..951a202 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -267,7 +267,7 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
ret);
/* convert the PSK key to binary */
+ key = string_to_hex(psk_key, &key_len);
if (key == NULL) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
psk_key);
diff --git a/apps/s_server.c b/apps/s_server.c
psk_key);
index ceacd89..d6c53d9 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -376,7 +376,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
BIO_printf(bio_s_out, "PSK client identity found\n");
/* convert the PSK key to binary */
- key = OPENSSL_hexstr2buf(psk_key, &key_len);
/* convert the PSK key to binary */
+ key = string_to_hex(psk_key, &key_len);
if (key == NULL) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
psk_key);
psk_key);
Rich Salz
Jun 13, 2016, 9:35:49 AM6/13/16
to
The branch OpenSSL_1_0_2-stable has been updated
via beb4c4518c25609ab2da75ab650d09ea7ae16223 (commit)
from ccd582c2f1bd3bea1423a0205692dc2e358ace51 (commit)
- Log -----------------------------------------------------------------
commit beb4c4518c25609ab2da75ab650d09ea7ae16223
Author: Rich Salz <rs...@openssl.org>
Date: Sun Jun 12 21:55:46 2016 -0400
RT4560: Initialize variable to NULL
Reviewed-by: Andy Polyakov <ap...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/evp_enc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 7d7be24..0e40f09 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -170,7 +170,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
#ifdef OPENSSL_FIPS
if (FIPS_mode()) {
- const EVP_CIPHER *fcipher;
+ const EVP_CIPHER *fcipher = NULL;
if (cipher)
fcipher = evp_get_fips_cipher(cipher);
if (fcipher)
Rich Salz
Jun 14, 2016, 12:44:47 PM6/14/16
to
The branch OpenSSL_1_0_2-stable has been updated
via dd8a1f2016d9d307e3bf017b20e4c08beadd5ee1 (commit)
from beb4c4518c25609ab2da75ab650d09ea7ae16223 (commit)
- Log -----------------------------------------------------------------
commit dd8a1f2016d9d307e3bf017b20e4c08beadd5ee1
Author: Rich Salz <rs...@openssl.org>
Date: Tue Jun 14 12:35:26 2016 -0400
RT4562: Backport doc fix.
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod
index 2d25b26..4e71365 100644
--- a/doc/crypto/OPENSSL_config.pod
+++ b/doc/crypto/OPENSSL_config.pod
@@ -8,15 +8,14 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
#include <openssl/conf.h>
- void OPENSSL_config(const char *config_name);
+ void OPENSSL_config(const char *appname);
void OPENSSL_no_config(void);
=head1 DESCRIPTION
-OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
-configuration file name using B<config_name>. If B<config_name> is NULL then
-the file specified in the environment variable B<OPENSSL_CONF> will be used,
-and if that is not set then a system default location is used.
+OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf> and
+reads from the application section B<appname>. If B<appname> is NULL then
+the default section, B<openssl_conf>, will be used.
Errors are silently ignored.
Multiple calls have no effect.
Andy Polyakov
Jun 14, 2016, 1:45:28 PM6/14/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 32957936b54c5c07b8e7d6eeeca54705ffe93ace (commit)
from dd8a1f2016d9d307e3bf017b20e4c08beadd5ee1 (commit)
- Log -----------------------------------------------------------------
commit 32957936b54c5c07b8e7d6eeeca54705ffe93ace
Author: Andy Polyakov <ap...@openssl.org>
Date: Mon Jun 13 23:30:08 2016 +0200
crypto/sparccpuid.S: limit symbol visibility.
Couple of never-used symbols were clasing with FIPS module, "weakening"
them allows to resolve linking errors.
RT#3699
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 2 insertions(+)
diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S
index 7b12ec2..51ba441 100644
--- a/crypto/sparccpuid.S
+++ b/crypto/sparccpuid.S
@@ -429,6 +429,7 @@ OPENSSL_cleanse:
.size OPENSSL_cleanse,.-OPENSSL_cleanse
.global _sparcv9_vis1_instrument_bus
+.weak _sparcv9_vis1_instrument_bus
.align 8
_sparcv9_vis1_instrument_bus:
mov %o1,%o3 ! save cnt
@@ -467,6 +468,7 @@ _sparcv9_vis1_instrument_bus:
.size _sparcv9_vis1_instrument_bus,.-_sparcv9_vis1_instrument_bus
.global _sparcv9_vis1_instrument_bus2
+.weak _sparcv9_vis1_instrument_bus2
.align 8
_sparcv9_vis1_instrument_bus2:
mov %o1,%o3 ! save cnt
Dr. Stephen Henson
Jun 14, 2016, 2:17:04 PM6/14/16
to
The branch OpenSSL_1_0_2-stable has been updated
via c4210673313482edacede58d92e92c213d7a181a (commit)
from 32957936b54c5c07b8e7d6eeeca54705ffe93ace (commit)
- Log -----------------------------------------------------------------
commit c4210673313482edacede58d92e92c213d7a181a
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Tue Jun 14 17:44:22 2016 +0100
Fix omitted selector handling.
The selector field could be omitted because it has a DEFAULT value.
In this case *sfld == NULL (sfld can never be NULL). This was not
noticed because this was never used in existing ASN.1 modules.
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 7c46746bf2958fd2eccc59ecb48039e4e20ce38a)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/tasn_utl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index 41726d8..e14889f 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -234,7 +234,7 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
sfld = offset2ptr(*pval, adb->offset);
/* Check if NULL */
- if (!sfld) {
+ if (*sfld == NULL) {
if (!adb->null_tt)
goto err;
return adb->null_tt;
Rich Salz
Jun 14, 2016, 3:05:24 PM6/14/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 95fb422aceea9f48e3f5f04c745801fcbf953012 (commit)
from c4210673313482edacede58d92e92c213d7a181a (commit)
- Log -----------------------------------------------------------------
commit 95fb422aceea9f48e3f5f04c745801fcbf953012
Author: Rich Salz <rs...@openssl.org>
Date: Mon May 30 15:01:09 2016 -0400
RT4546: Backport doc fix
Reviewed-by: Matt Caswell <ma...@openssl.org>
Manual cherry-pick of 538860a3ce0b9fd142a7f1a62e597cccb74475d3.
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/EVP_EncryptInit.pod | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod
index c69e6a6..d951333 100644
--- a/doc/crypto/EVP_EncryptInit.pod
+++ b/doc/crypto/EVP_EncryptInit.pod
@@ -165,10 +165,11 @@ similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
EVP_CipherInit_ex() except the B<ctx> parameter does not need to be
initialized and they always use the default cipher implementation.
-EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
-similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
-EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up
-after the call.
+EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() are
+identical to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
+EVP_CipherFinal_ex(). In previous releases they also cleaned up
+the B<ctx>, but this is no longer done and EVP_CIPHER_CTX_clean()
+must be called to free any context resources.
EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
return an EVP_CIPHER structure when passed a cipher name, a NID or an
Richard Levitte
Jun 14, 2016, 7:42:58 PM6/14/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 5e102f96eb6fcdba1db2dba41132f92fa492aea0 (commit)via a9b23465243b6d692bb0b419bdbe0b1f5a849e9c (commit)
from 95fb422aceea9f48e3f5f04c745801fcbf953012 (commit)
- Log -----------------------------------------------------------------
commit 5e102f96eb6fcdba1db2dba41132f92fa492aea0
Author: Richard Levitte <lev...@openssl.org>
Date: Wed Jun 15 01:31:14 2016 +0200
Change (!seqtt) to (seqtt == NULL)
Reviewed-by: Stephen Henson <st...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit fdcb499cc2cd57412e496302a4bca8c5d9f1a9c7)
commit a9b23465243b6d692bb0b419bdbe0b1f5a849e9c
Author: Richard Levitte <lev...@openssl.org>
Date: Tue Jun 14 23:54:56 2016 +0200
Always check that the value returned by asn1_do_adb() is non-NULL
Reviewed-by: Stephen Henson <st...@openssl.org>
Reviewed-by: Emilia Käsper <emi...@openssl.org>
(cherry picked from commit bace847eae24f48adc6a967c6cce7f8d05bbeda3)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/tasn_dec.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 6bdcd5c..6b01f65 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -401,6 +401,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 1);
+ if (seqtt == NULL)
+ continue;
pseqval = asn1_get_field_ptr(pval, seqtt);
ASN1_template_free(pseqval, seqtt);
}
@@ -411,7 +413,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
seqtt = asn1_do_adb(pval, tt, 1);
- if (!seqtt)
+ if (seqtt == NULL)
goto err;
pseqval = asn1_get_field_ptr(pval, seqtt);
/* Have we ran out of data? */
@@ -476,7 +478,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
for (; i < it->tcount; tt++, i++) {
const ASN1_TEMPLATE *seqtt;
seqtt = asn1_do_adb(pval, tt, 1);
- if (!seqtt)
+ if (seqtt == NULL)
goto err;
if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
ASN1_VALUE **pseqval;
Rich Salz
Jun 15, 2016, 9:35:36 PM6/15/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 75f90688fb2dec0f897cad8be8b92be725c5016b (commit)
from 5e102f96eb6fcdba1db2dba41132f92fa492aea0 (commit)
- Log -----------------------------------------------------------------
commit 75f90688fb2dec0f897cad8be8b92be725c5016b
Author: Rich Salz <rs...@openssl.org>
Date: Tue Jun 14 16:19:37 2016 -0400
RT4526: Call TerminateProcess, not ExitProcess
Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit 9c1a9ccf65d0ea1912675d3a622fa8e51b524b9e)
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 2 +-
ms/uplink.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index 95adcc1..a37c9b5 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -332,7 +332,7 @@ static double Time_F(int s)
if (thr == NULL) {
DWORD ret = GetLastError();
BIO_printf(bio_err, "unable to CreateThread (%d)", ret);
- ExitProcess(ret);
+ TerminateProcess(GetCurrentProcess(), err);
}
CloseHandle(thr); /* detach the thread */
while (!schlock)
diff --git a/ms/uplink.c b/ms/uplink.c
index e58ab9d..c5c9cd4 100644
--- a/ms/uplink.c
+++ b/ms/uplink.c
@@ -19,7 +19,7 @@ static TCHAR msg[128];
static void unimplemented(void)
{
OPENSSL_showfatal(sizeof(TCHAR) == sizeof(char) ? "%s\n" : "%S\n", msg);
- ExitProcess(1);
+ TerminateProcess(GetCurrentProcess(), 1);
}
void OPENSSL_Uplink(volatile void **table, int index)
Rich Salz
Jun 16, 2016, 7:29:36 AM6/16/16
to
The branch OpenSSL_1_0_2-stable has been updated
via d9e6d7716425593751c34e71b001f68693480fe2 (commit)
from 75f90688fb2dec0f897cad8be8b92be725c5016b (commit)
- Log -----------------------------------------------------------------
commit d9e6d7716425593751c34e71b001f68693480fe2
Author: Pauli <paul...@oracle.com>
Date: Wed Jun 15 09:59:24 2016 -0400
RT4573: Synopsis for RAND_add is wrong
Reviewed-by: Matt Caswell <ma...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
index d102df2..b754854 100644
--- a/doc/crypto/rand.pod
+++ b/doc/crypto/rand.pod
@@ -14,7 +14,7 @@ rand - pseudo-random number generator
int RAND_pseudo_bytes(unsigned char *buf, int num);
void RAND_seed(const void *buf, int num);
- void RAND_add(const void *buf, int num, int entropy);
+ void RAND_add(const void *buf, int num, double entropy);
int RAND_status(void);
int RAND_load_file(const char *file, long max_bytes);
Matt Caswell
Jun 16, 2016, 12:43:14 PM6/16/16
to
The branch OpenSSL_1_0_2-stable has been updated
via c144b4edda9177ab42c0fa94977098763074f912 (commit)
from d9e6d7716425593751c34e71b001f68693480fe2 (commit)
- Log -----------------------------------------------------------------
commit c144b4edda9177ab42c0fa94977098763074f912
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 16 16:01:58 2016 +0100
Revert "RT4526: Call TerminateProcess, not ExitProcess"
This reverts commit 75f90688fb2dec0f897cad8be8b92be725c5016b.
TerminateProcess is asynchronous, so the code as written in the above
commit is not correct (and doesn't even compile at the moment). It is
also probably not needed in the speed case. Reverting in order to figure
out the correct solution.
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 2 +-
ms/uplink.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -332,7 +332,7 @@ static double Time_F(int s)
if (thr == NULL) {
DWORD ret = GetLastError();
BIO_printf(bio_err, "unable to CreateThread (%d)", ret);
- TerminateProcess(GetCurrentProcess(), err);
+++ b/apps/speed.c
@@ -332,7 +332,7 @@ static double Time_F(int s)
if (thr == NULL) {
DWORD ret = GetLastError();
BIO_printf(bio_err, "unable to CreateThread (%d)", ret);
+ ExitProcess(ret);
}
CloseHandle(thr); /* detach the thread */
while (!schlock)
diff --git a/ms/uplink.c b/ms/uplink.c
index c5c9cd4..e58ab9d 100644
CloseHandle(thr); /* detach the thread */
while (!schlock)
diff --git a/ms/uplink.c b/ms/uplink.c
--- a/ms/uplink.c
+++ b/ms/uplink.c
@@ -19,7 +19,7 @@ static TCHAR msg[128];
static void unimplemented(void)
{
OPENSSL_showfatal(sizeof(TCHAR) == sizeof(char) ? "%s\n" : "%S\n", msg);
- TerminateProcess(GetCurrentProcess(), 1);
+++ b/ms/uplink.c
@@ -19,7 +19,7 @@ static TCHAR msg[128];
static void unimplemented(void)
{
OPENSSL_showfatal(sizeof(TCHAR) == sizeof(char) ? "%s\n" : "%S\n", msg);
+ ExitProcess(1);
}
void OPENSSL_Uplink(volatile void **table, int index)
void OPENSSL_Uplink(volatile void **table, int index)
Rich Salz
Jun 16, 2016, 2:40:15 PM6/16/16
to
The branch OpenSSL_1_0_2-stable has been updated
via d0a2bb1f94e26c2e7b44676e9b739c23ad763a79 (commit)
from c144b4edda9177ab42c0fa94977098763074f912 (commit)
- Log -----------------------------------------------------------------
commit d0a2bb1f94e26c2e7b44676e9b739c23ad763a79
Author: Rich Salz <rs...@openssl.org>
Date: Thu Jun 16 11:21:37 2016 -0400
RT4545: Backport 2877 to 1.0.2
Sender verified that the fix works. This is a backport/cherry-pick
of just the bugfix part of 0f91e1dff4ab2e7c25bbae5a48dfabbd1a4eae3c
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/md_rand.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 5c13d57..bd76e23 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -136,7 +136,7 @@
/* #define PREDICT 1 */
#define STATE_SIZE 1023
-static int state_num = 0, state_index = 0;
+static size_t state_num = 0, state_index = 0;
static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
static unsigned char md[MD_DIGEST_LENGTH];
static long md_count[2] = { 0, 0 };
@@ -336,8 +336,8 @@ static void ssleay_rand_seed(const void *buf, int num)
int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
{
static volatile int stirred_pool = 0;
- int i, j, k, st_num, st_idx;
- int num_ceil;
+ int i, j, k;
+ size_t num_ceil, st_idx, st_num;
int ok;
long md_c[2];
unsigned char local_md[MD_DIGEST_LENGTH];
Andy Polyakov
Jun 20, 2016, 6:31:56 AM6/20/16
to
The branch OpenSSL_1_0_2-stable has been updated
via c3bc7f498815b355533d96b54b9a09e030d4130c (commit)
via b62e9bf5cbbe278b7e0017c9234999dae68ee867 (commit)
from d0a2bb1f94e26c2e7b44676e9b739c23ad763a79 (commit)
- Log -----------------------------------------------------------------
commit c3bc7f498815b355533d96b54b9a09e030d4130c
Author: Andy Polyakov <ap...@openssl.org>
Date: Sat Jun 18 15:49:57 2016 +0200
aes/asm/bsaes-armv7.pl: omit redundant stores in XTS subroutines.
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 4973a60cb92dc121fc09246bff3815afc0f8ab9a)
commit b62e9bf5cbbe278b7e0017c9234999dae68ee867
Author: Andy Polyakov <ap...@openssl.org>
Date: Sat Jun 18 15:37:25 2016 +0200
aes/asm/bsaes-armv7.pl: fix XTS decrypt test failure.
RT#4578
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 3d32bab8f1742a3b57742e18f92a408f0403df8d)
-----------------------------------------------------------------------
Summary of changes:
crypto/aes/asm/bsaes-armv7.pl | 24 +++---------------------
1 file changed, 3 insertions(+), 21 deletions(-)
diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
index fcc81d1..83343e2 100644
--- a/crypto/aes/asm/bsaes-armv7.pl
+++ b/crypto/aes/asm/bsaes-armv7.pl
@@ -1797,8 +1797,6 @@ $code.=<<___;
b .Lxts_enc_done
.align 4
.Lxts_enc_6:
- vst1.64 {@XMM[14]}, [r0,:128] @ next round tweak
-
veor @XMM[4], @XMM[4], @XMM[12]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@@ -1834,8 +1832,6 @@ $code.=<<___;
.align 5
.Lxts_enc_5:
- vst1.64 {@XMM[13]}, [r0,:128] @ next round tweak
-
veor @XMM[3], @XMM[3], @XMM[11]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@@ -1864,8 +1860,6 @@ $code.=<<___;
b .Lxts_enc_done
.align 4
.Lxts_enc_4:
- vst1.64 {@XMM[12]}, [r0,:128] @ next round tweak
-
veor @XMM[2], @XMM[2], @XMM[10]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@@ -1891,8 +1885,6 @@ $code.=<<___;
b .Lxts_enc_done
.align 4
.Lxts_enc_3:
- vst1.64 {@XMM[11]}, [r0,:128] @ next round tweak
-
veor @XMM[1], @XMM[1], @XMM[9]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@@ -1917,8 +1909,6 @@ $code.=<<___;
b .Lxts_enc_done
.align 4
.Lxts_enc_2:
- vst1.64 {@XMM[10]}, [r0,:128] @ next round tweak
-
veor @XMM[0], @XMM[0], @XMM[8]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@@ -1941,7 +1931,7 @@ $code.=<<___;
.align 4
.Lxts_enc_1:
mov r0, sp
- veor @XMM[0], @XMM[8]
+ veor @XMM[0], @XMM[0], @XMM[8]
mov r1, sp
vst1.8 {@XMM[0]}, [sp,:128]
mov r2, $key
@@ -2251,8 +2241,6 @@ $code.=<<___;
b .Lxts_dec_done
.align 4
.Lxts_dec_5:
- vst1.64 {@XMM[13]}, [r0,:128] @ next round tweak
-
veor @XMM[3], @XMM[3], @XMM[11]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@@ -2281,8 +2269,6 @@ $code.=<<___;
b .Lxts_dec_done
.align 4
.Lxts_dec_4:
- vst1.64 {@XMM[12]}, [r0,:128] @ next round tweak
-
veor @XMM[2], @XMM[2], @XMM[10]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@@ -2308,8 +2294,6 @@ $code.=<<___;
b .Lxts_dec_done
.align 4
.Lxts_dec_3:
- vst1.64 {@XMM[11]}, [r0,:128] @ next round tweak
-
veor @XMM[1], @XMM[1], @XMM[9]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@@ -2334,8 +2318,6 @@ $code.=<<___;
b .Lxts_dec_done
.align 4
.Lxts_dec_2:
- vst1.64 {@XMM[10]}, [r0,:128] @ next round tweak
-
veor @XMM[0], @XMM[0], @XMM[8]
#ifndef BSAES_ASM_EXTENDED_KEY
add r4, sp, #0x90 @ pass key schedule
@@ -2358,12 +2340,12 @@ $code.=<<___;
.align 4
.Lxts_dec_1:
mov r0, sp
- veor @XMM[0], @XMM[8]
+ veor @XMM[0], @XMM[0], @XMM[8]
mov r1, sp
vst1.8 {@XMM[0]}, [sp,:128]
+ mov r5, $magic @ preserve magic
mov r2, $key
mov r4, $fp @ preserve fp
- mov r5, $magic @ preserve magic
bl AES_decrypt
Richard Levitte
Jun 20, 2016, 2:16:13 PM6/20/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 141f8da7b6d2f582004786a9b4d8aa50a0d9130f (commit)
from c3bc7f498815b355533d96b54b9a09e030d4130c (commit)
- Log -----------------------------------------------------------------
commit 141f8da7b6d2f582004786a9b4d8aa50a0d9130f
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Jun 20 20:07:13 2016 +0200
apps/req.c: Increment the right variable when parsing '+'
Reviewed-by: Rich Salz <rs...@openssl.org>
(cherry picked from commit 14d3c0dd2c31b9fd1f92d608524dd650f5ec5a7e)
-----------------------------------------------------------------------
Summary of changes:
apps/req.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index e818bd2..9f1066f 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1331,12 +1331,11 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
break;
}
#ifndef CHARSET_EBCDIC
- if (*p == '+')
+ if (*type == '+')
#else
- if (*p == os_toascii['+'])
+ if (*type == os_toascii['+'])
#endif
- {
- p++;
+ type++;
mval = -1;
} else
mval = 0;
Rich Salz
Jun 20, 2016, 3:12:47 PM6/20/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 398260af10445b7edc31dacefa96a909d4cc3c90 (commit)
from 141f8da7b6d2f582004786a9b4d8aa50a0d9130f (commit)
- Log -----------------------------------------------------------------
commit 398260af10445b7edc31dacefa96a909d4cc3c90
Author: Dr. Matthias St. Pierre <Matthias....@ncp-e.com>
Date: Mon Jun 20 13:32:34 2016 -0400
RT3925: Remove trailing semi from #define's.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
index 6790aed..8f2438c 100644
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -559,11 +559,11 @@ int BIO_read_filename(BIO *b, const char *name);
# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
# define BIO_set_ssl_renegotiate_bytes(b,num) \
- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
# define BIO_get_num_renegotiates(b) \
- BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
+ BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
/* defined in evp.h */
/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
Richard Levitte
Jun 20, 2016, 3:27:12 PM6/20/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 482449624c6ca12d24f29eca0448eb589c50b0ec (commit)
from 398260af10445b7edc31dacefa96a909d4cc3c90 (commit)
- Log -----------------------------------------------------------------
commit 482449624c6ca12d24f29eca0448eb589c50b0ec
Author: Richard Levitte <lev...@openssl.org>
Date: Mon Jun 20 21:12:29 2016 +0200
Fix missing opening braces
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/req.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/apps/req.c b/apps/req.c
index 9f1066f..46255f5 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1331,9 +1331,9 @@ static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
break;
}
#ifndef CHARSET_EBCDIC
- if (*type == '+')
+ if (*type == '+') {
#else
- if (*type == os_toascii['+'])
#else
+ if (*type == os_toascii['+']) {
#endif
type++;
#endif
mval = -1;
Rich Salz
Jun 21, 2016, 4:49:55 PM6/21/16
to
The branch OpenSSL_1_0_2-stable has been updated
via a43cfd7bb1fc681d563e5efa75cc926d7e8e5c36 (commit)
from 482449624c6ca12d24f29eca0448eb589c50b0ec (commit)
- Log -----------------------------------------------------------------
commit a43cfd7bb1fc681d563e5efa75cc926d7e8e5c36
Author: John Foley <fol...@cisco.com>
Date: Mon Jun 20 12:11:35 2016 -0400
RT3752: Add FIPS callback for thread id
Reviewed-by: Dr. Stephen Henson <st...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/o_init.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/crypto/o_init.c b/crypto/o_init.c
index 2088388..185841e 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -73,6 +73,9 @@ void OPENSSL_init(void)
done = 1;
#ifdef OPENSSL_FIPS
FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
+# ifndef OPENSSL_NO_DEPRECATED
+ FIPS_crypto_set_id_callback(CRYPTO_thread_id);
+# endif
FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
RAND_init_fips();
Andy Polyakov
Jun 22, 2016, 2:19:38 PM6/22/16
to
The branch OpenSSL_1_0_2-stable has been updated
via ecb044db58b85c2329cfc1c1e196cc1b8302ca53 (commit)
from a43cfd7bb1fc681d563e5efa75cc926d7e8e5c36 (commit)
- Log -----------------------------------------------------------------
commit ecb044db58b85c2329cfc1c1e196cc1b8302ca53
Author: Andy Polyakov <ap...@openssl.org>
Date: Mon Jun 20 12:47:44 2016 +0200
doc/crypto/OPENSSL_ia32cap.pod: harmonize with actual declaration.
[Note that in master declaration is different.]
RT#4568
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/crypto/OPENSSL_ia32cap.pod b/doc/crypto/OPENSSL_ia32cap.pod
index 90156d2..5bcb82e 100644
--- a/doc/crypto/OPENSSL_ia32cap.pod
+++ b/doc/crypto/OPENSSL_ia32cap.pod
@@ -6,7 +6,7 @@ OPENSSL_ia32cap, OPENSSL_ia32cap_loc - the IA-32 processor capabilities vector
=head1 SYNOPSIS
- unsigned int *OPENSSL_ia32cap_loc(void);
+ unsigned long *OPENSSL_ia32cap_loc(void);
#define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0])
=head1 DESCRIPTION
Matt Caswell
Jun 23, 2016, 3:53:58 PM6/23/16
to
The branch OpenSSL_1_0_2-stable has been updated
via bd598cc405e981de259a07558e600b5a9ef64bd6 (commit)
from ecb044db58b85c2329cfc1c1e196cc1b8302ca53 (commit)
- Log -----------------------------------------------------------------
commit bd598cc405e981de259a07558e600b5a9ef64bd6
Author: Matt Caswell <ma...@openssl.org>
Date: Thu Jun 23 19:54:06 2016 +0100
Fix ASN1_STRING_to_UTF8 could not convert NumericString
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte
Reviewed-by: Stephen Henson <st...@openssl.org>
(cherry picked from commit d6079a87db58ad17550b5d00a74512464e6a029e)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/a_strex.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 35fd44c..2d562f9 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -337,7 +337,7 @@ static const signed char tag2nbyte[] = {
-1, -1, -1, -1, -1, /* 5-9 */
-1, -1, 0, -1, /* 10-13 */
-1, -1, -1, -1, /* 15-17 */
- -1, 1, 1, /* 18-20 */
+ 1, 1, 1, /* 18-20 */
-1, 1, 1, 1, /* 21-24 */
-1, 1, -1, /* 25-27 */
4, -1, 2 /* 28-30 */
Matt Caswell
Jun 24, 2016, 8:30:56 AM6/24/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 1bb0918c3d272900612d15781bb26c20b6a87601 (commit)
from bd598cc405e981de259a07558e600b5a9ef64bd6 (commit)
- Log -----------------------------------------------------------------
commit 1bb0918c3d272900612d15781bb26c20b6a87601
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 24 10:31:08 2016 +0100
Ensure HMAC key gets cleansed after use
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.
Fixes an OCAP Audit issue.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
(cherry picked from commit 0def528bc502a888a3f4ef3c38ea4c5e69fd7375)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/e_rc4_hmac_md5.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 2da1117..ba5979d 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -254,6 +254,8 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
MD5_Init(&key->tail);
MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
+ OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
return 1;
}
case EVP_CTRL_AEAD_TLS1_AAD:
Rich Salz
Jun 25, 2016, 4:42:40 PM6/25/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 58b18779ba6e6060ac357cd0803d83317ed00f8b (commit)
from 1bb0918c3d272900612d15781bb26c20b6a87601 (commit)
- Log -----------------------------------------------------------------
commit 58b18779ba6e6060ac357cd0803d83317ed00f8b
Author: Rich Salz <rs...@openssl.org>
Date: Sat Jun 25 14:51:53 2016 -0400
RT2964: Fix it via doc
OBJ_nid2obj() and friends should be treated as const.
Reviewed-by: Dr. Stephen Henson <st...@openssl.org>
(cherry picked from commit 82f31fe4dd0dac30229fa8684229b49d2bcef404)
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/OBJ_nid2obj.pod | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod
index 1e45dd4..7388f20 100644
--- a/doc/crypto/OBJ_nid2obj.pod
+++ b/doc/crypto/OBJ_nid2obj.pod
@@ -33,6 +33,12 @@ functions
The ASN1 object utility functions process ASN1_OBJECT structures which are
a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
+For convenience, OID's are usually represented in source code as numeric
+identifiers, or B<NID>'s. OpenSSL has an internal table of OID's that
+are generated when the library is built, and their corresponding NID's
+are available as define'd constants. For the functions below, application
+code should treat all returned values -- OID's, NID's, or names -- as
+constants.
OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
an ASN1_OBJECT structure, its long name and its short name respectively,
@@ -112,6 +118,7 @@ Create a new NID and initialize an object from it:
int new_nid;
ASN1_OBJECT *obj;
+
new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
obj = OBJ_nid2obj(new_nid);
@@ -129,6 +136,9 @@ Instead B<buf> must point to a valid buffer and B<buf_len> should
be set to a positive value. A buffer length of 80 should be more
than enough to handle any OID encountered in practice.
+Many of the functions here should probably be changed to return B<const>
+pointers. But the lack of consistency makes that too awkward to do.
+
=head1 RETURN VALUES
OBJ_nid2obj() returns an B<ASN1_OBJECT> structure or B<NULL> is an
Rich Salz
Jun 25, 2016, 10:09:25 PM6/25/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 345b8400c1798b32300b212fbcb117a46d9f6fab (commit)
from 58b18779ba6e6060ac357cd0803d83317ed00f8b (commit)
- Log -----------------------------------------------------------------
commit 345b8400c1798b32300b212fbcb117a46d9f6fab
Author: Rich Salz <rs...@openssl.org>
Date: Sat Jun 25 22:09:05 2016 -0400
Revert "RT2964: Fix it via doc"
This reverts commit 58b18779ba6e6060ac357cd0803d83317ed00f8b.
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/OBJ_nid2obj.pod | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod
index 7388f20..1e45dd4 100644
--- a/doc/crypto/OBJ_nid2obj.pod
+++ b/doc/crypto/OBJ_nid2obj.pod
@@ -33,12 +33,6 @@ functions
The ASN1 object utility functions process ASN1_OBJECT structures which are
a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
-identifiers, or B<NID>'s. OpenSSL has an internal table of OID's that
-are generated when the library is built, and their corresponding NID's
-are available as define'd constants. For the functions below, application
-code should treat all returned values -- OID's, NID's, or names -- as
-constants.
OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
an ASN1_OBJECT structure, its long name and its short name respectively,
int new_nid;
ASN1_OBJECT *obj;
-
new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
obj = OBJ_nid2obj(new_nid);
@@ -136,9 +129,6 @@ Instead B<buf> must point to a valid buffer and B<buf_len> should
obj = OBJ_nid2obj(new_nid);
be set to a positive value. A buffer length of 80 should be more
than enough to handle any OID encountered in practice.
-Many of the functions here should probably be changed to return B<const>
than enough to handle any OID encountered in practice.
-pointers. But the lack of consistency makes that too awkward to do.
-
Rich Salz
Jun 26, 2016, 9:26:34 AM6/26/16
to
The branch OpenSSL_1_0_2-stable has been updated
via f3dbce6634dee43dcb0243544db05e101104fe6b (commit)
from 345b8400c1798b32300b212fbcb117a46d9f6fab (commit)
- Log -----------------------------------------------------------------
commit f3dbce6634dee43dcb0243544db05e101104fe6b
Author: Rich Salz <rs...@openssl.org>
Date: Sun Jun 26 09:24:49 2016 -0400
RT2964: Fix it via doc
OBJ_nid2obj() and friends should be treated as const.
Reviewed-by: Dr. Stephen Henson <st...@openssl.org>
(cherry picked from commit 5d28ff38fd4127c5894d22533e842ee446c3d3c2)
-----------------------------------------------------------------------
Summary of changes:
doc/crypto/OBJ_nid2obj.pod | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod
index 1e45dd4..2431398 100644
--- a/doc/crypto/OBJ_nid2obj.pod
+++ b/doc/crypto/OBJ_nid2obj.pod
@@ -33,6 +33,12 @@ functions
The ASN1 object utility functions process ASN1_OBJECT structures which are
a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
+identifiers, or B<NID>s. OpenSSL has an internal table of OIDs that
+are generated when the library is built, and their corresponding NIDs
+are available as defined constants. For the functions below, application
+code should treat all returned values -- OIDs, NIDs, or names -- as
+constants.
OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
an ASN1_OBJECT structure, its long name and its short name respectively,
the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
form of an OID.
+Some objects are used to represent algorithms which do not have a
+corresponding ASN.1 OBJECT IDENTIFIER encoding (for example no OID currently
+exists for a particular algorithm). As a result they B<cannot> be encoded or
+decoded as part of ASN.1 structures. Applications can determine if there
+is a corresponding OBJECT IDENTIFIER by checking OBJ_length() is not zero.
+
+These functions cannot return B<const> because an B<ASN1_OBJECT> can
+represent both an internal, constant, OID and a dynamically-created one.
+The latter cannot be constant because it needs to be freed after use.
+
=head1 EXAMPLES
Create an object for B<commonName>:
@@ -112,6 +128,7 @@ Create a new NID and initialize an object from it:
int new_nid;
ASN1_OBJECT *obj;
+
new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
obj = OBJ_nid2obj(new_nid);
obj = OBJ_nid2obj(new_nid);
Matt Caswell
Jun 27, 2016, 10:05:29 AM6/27/16
to
The branch OpenSSL_1_0_2-stable has been updated
via ad64a69e02f7dda422d0f4f53dce7b1278715380 (commit)
from f3dbce6634dee43dcb0243544db05e101104fe6b (commit)
- Log -----------------------------------------------------------------
commit ad64a69e02f7dda422d0f4f53dce7b1278715380
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Apr 25 17:06:56 2016 +0100
Change usage of RAND_pseudo_bytes to RAND_bytes
RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/passwd.c | 4 ++--
apps/s_server.c | 2 +-
crypto/asn1/asn_mime.c | 2 +-
crypto/asn1/p5_pbe.c | 2 +-
crypto/asn1/p5_pbev2.c | 4 ++--
crypto/bio/bf_nbio.c | 4 ++--
crypto/bn/bn_rand.c | 10 +++-------
crypto/cms/cms_enc.c | 2 +-
crypto/cms/cms_ess.c | 3 +--
crypto/cms/cms_pwri.c | 4 ++--
crypto/des/des.c | 2 +-
crypto/des/enc_writ.c | 2 +-
crypto/dsa/dsa_gen.c | 4 ++--
crypto/evp/bio_ok.c | 2 +-
crypto/ocsp/ocsp_ext.c | 2 +-
crypto/pem/pem_lib.c | 2 +-
crypto/pkcs12/p12_mutl.c | 2 +-
crypto/pkcs7/pk7_doit.c | 2 +-
crypto/srp/srp_vfy.c | 6 +++---
ssl/d1_both.c | 6 +++---
ssl/s23_clnt.c | 8 ++++----
ssl/s2_clnt.c | 4 ++--
ssl/s2_srvr.c | 12 ++++--------
ssl/s3_srvr.c | 7 ++-----
ssl/ssl_lib.c | 2 +-
ssl/ssl_sess.c | 2 +-
ssl/t1_lib.c | 6 +++---
28 files changed, 49 insertions(+), 61 deletions(-)
diff --git a/apps/enc.c b/apps/enc.c
index 7b7c70b..8e2ef27 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -509,7 +509,7 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "invalid hex salt value\n");
goto end;
}
- } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
+ } else if (RAND_bytes(salt, sizeof salt) <= 0)
goto end;
/*
* If -P option then don't bother writing
diff --git a/apps/passwd.c b/apps/passwd.c
index 5ff53b5..798a6d5 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -416,7 +416,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (*salt_malloc_p == NULL)
goto err;
}
- if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+ if (RAND_bytes((unsigned char *)*salt_p, 2) <= 0)
goto err;
(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
@@ -437,7 +437,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
if (*salt_malloc_p == NULL)
goto err;
}
- if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+ if (RAND_bytes((unsigned char *)*salt_p, 8) <= 0)
goto err;
for (i = 0; i < 8; i++)
diff --git a/apps/s_server.c b/apps/s_server.c
index d6c53d9..2c1e5ee 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -3364,7 +3364,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
{
unsigned int count = 0;
do {
- if (RAND_pseudo_bytes(id, *id_len) < 0)
+ if (RAND_bytes(id, *id_len) <= 0)
return 0;
/*
* Prefix the session_id with the required prefix. NB: If our prefix
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 96110c5..9fd5bef 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -289,7 +289,7 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
if ((flags & SMIME_DETACHED) && data) {
/* We want multipart/signed */
/* Generate a random boundary */
- if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0)
+ if (RAND_bytes((unsigned char *)bound, 32) <= 0)
return 0;
for (i = 0; i < 32; i++) {
c = bound[i] & 0xf;
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index bdbfdcd..e2a1def 100644
--- a/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
@@ -101,7 +101,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
sstr = ASN1_STRING_data(pbe->salt);
if (salt)
memcpy(sstr, salt, saltlen);
- else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
+ else if (RAND_bytes(sstr, saltlen) <= 0)
goto err;
if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index 73ba4a3..388053e 100644
--- a/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
@@ -120,7 +120,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
if (EVP_CIPHER_iv_length(cipher)) {
if (aiv)
memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
- else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+ else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
goto err;
}
@@ -225,7 +225,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
if (salt)
memcpy(osalt->data, salt, saltlen);
- else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0)
+ else if (RAND_bytes(osalt->data, saltlen) <= 0)
goto merr;
if (iter <= 0)
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
index a04f32a..4842bb4 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -139,7 +139,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
BIO_clear_retry_flags(b);
#if 1
- if (RAND_pseudo_bytes(&n, 1) < 0)
+ if (RAND_bytes(&n, 1) <= 0)
return -1;
num = (n & 0x07);
@@ -179,7 +179,7 @@ static int nbiof_write(BIO *b, const char *in, int inl)
num = nt->lwn;
nt->lwn = 0;
} else {
- if (RAND_pseudo_bytes(&n, 1) < 0)
+ if (RAND_bytes(&n, 1) <= 0)
return -1;
num = (n & 7);
}
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index f9fb2e9..2266d22 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -145,13 +145,9 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
time(&tim);
RAND_add(&tim, sizeof(tim), 0.0);
- if (pseudorand) {
- if (RAND_pseudo_bytes(buf, bytes) == -1)
- goto err;
- } else {
- if (RAND_bytes(buf, bytes) <= 0)
- goto err;
- }
+ /* We ignore the value of pseudorand and always call RAND_bytes */
+ if (RAND_bytes(buf, bytes) <= 0)
+ goto err;
#if 1
if (pseudorand == 2) {
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index e282c9d..90b1fcc 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -119,7 +119,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Generate a random IV if we need one */
ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
- if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ if (RAND_bytes(iv, ivlen) <= 0)
goto err;
piv = iv;
}
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index 8631a2e..8212560 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -107,8 +107,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
else {
if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
goto merr;
- if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
- <= 0)
+ if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0)
goto err;
}
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index b91c016..5c817ca 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -134,7 +134,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
if (ivlen > 0) {
- if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ if (RAND_bytes(iv, ivlen) <= 0)
goto err;
if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
@@ -301,7 +301,7 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
memcpy(out + 4, in, inlen);
/* Add random padding to end */
if (olen > inlen + 4
- && RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0)
+ && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
return 0;
/* Encrypt twice */
EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
diff --git a/crypto/des/des.c b/crypto/des/des.c
index 586aed7..d737438 100644
--- a/crypto/des/des.c
+++ b/crypto/des/des.c
@@ -456,7 +456,7 @@ void doencryption(void)
len = l - rem;
if (feof(DES_IN)) {
for (i = 7 - rem; i > 0; i--) {
- if (RAND_pseudo_bytes(buf + l++, 1) < 0)
+ if (RAND_bytes(buf + l++, 1) <= 0)
goto problems;
}
buf[l++] = rem;
diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
index bfaabde..c2aaa8e 100644
--- a/crypto/des/enc_writ.c
+++ b/crypto/des/enc_writ.c
@@ -135,7 +135,7 @@ int DES_enc_write(int fd, const void *_buf, int len,
if (len < 8) {
cp = shortbuf;
memcpy(shortbuf, buf, len);
- if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) {
+ if (RAND_bytes(shortbuf + len, 8 - len) <= 0) {
return -1;
}
rnum = 8;
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 15f3bb4..f6de684 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -197,7 +197,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
goto err;
if (!seed_len || !seed_in) {
- if (RAND_pseudo_bytes(seed, qsize) < 0)
+ if (RAND_bytes(seed, qsize) <= 0)
goto err;
seed_is_random = 1;
} else {
@@ -491,7 +491,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
goto err;
if (!seed_in) {
- if (RAND_pseudo_bytes(seed, seed_len) < 0)
+ if (RAND_bytes(seed, seed_len) <= 0)
goto err;
}
/* step 2 */
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index 5c32e35..16e151f 100644
--- a/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
@@ -491,7 +491,7 @@ static int sig_out(BIO *b)
* FIXME: there's absolutely no guarantee this makes any sense at all,
* particularly now EVP_MD_CTX has been restructured.
*/
- if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0)
+ if (RAND_bytes(md->md_data, md->digest->md_size) <= 0)
goto berr;
memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index c19648c..55af31b 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -361,7 +361,7 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
if (val)
memcpy(tmpval, val, len);
- else if (RAND_pseudo_bytes(tmpval, len) < 0)
+ else if (RAND_bytes(tmpval, len) <= 0)
goto err;
if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
&os, 0, X509V3_ADD_REPLACE))
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index ac4faae..c82b3c0 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -393,7 +393,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
}
RAND_add(data, i, 0); /* put in the RSA key. */
OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
- if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */
+ if (RAND_bytes(iv, enc->iv_len) <= 0) /* Generate a salt */
goto err;
/*
* The 'iv' is used as the iv and as a salt. It is NOT taken from
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index a927782..cbf34da 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -179,7 +179,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
}
p12->mac->salt->length = saltlen;
if (!salt) {
- if (RAND_pseudo_bytes(p12->mac->salt->data, saltlen) < 0)
+ if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
return 0;
} else
memcpy(p12->mac->salt->data, salt, saltlen);
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 946aaa6..1ab6d5a 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -340,7 +340,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
ivlen = EVP_CIPHER_iv_length(evp_cipher);
xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
if (ivlen > 0)
- if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ if (RAND_bytes(iv, ivlen) <= 0)
goto err;
if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
goto err;
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index 26ad3e0..986babf 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -544,7 +544,7 @@ SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
if (!SRP_user_pwd_set_ids(user, username, NULL))
goto err;
- if (RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH) < 0)
+ if (RAND_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
goto err;
EVP_MD_CTX_init(&ctxt);
EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
@@ -597,7 +597,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
}
if (*salt == NULL) {
- if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0)
+ if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
goto err;
s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
@@ -670,7 +670,7 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
srp_bn_print(g);
if (*salt == NULL) {
- if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0)
+ if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
goto err;
salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 5d26c94..b5900de 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1469,7 +1469,7 @@ int dtls1_process_heartbeat(SSL *s)
memcpy(bp, pl, payload);
bp += payload;
/* Random padding */
- if (RAND_pseudo_bytes(bp, padding) < 0) {
+ if (RAND_bytes(bp, padding) <= 0) {
OPENSSL_free(buffer);
return -1;
}
@@ -1554,11 +1554,11 @@ int dtls1_heartbeat(SSL *s)
/* Sequence number */
s2n(s->tlsext_hb_seq, p);
/* 16 random bytes */
- if (RAND_pseudo_bytes(p, 16) < 0)
+ if (RAND_bytes(p, 16) <= 0)
goto err;
p += 16;
/* Random padding */
- if (RAND_pseudo_bytes(p, padding) < 0)
+ if (RAND_bytes(p, padding) <= 0)
goto err;
ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index f782010..6850dc0 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -289,9 +289,9 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
unsigned long Time = (unsigned long)time(NULL);
unsigned char *p = result;
l2n(Time, p);
- return RAND_pseudo_bytes(p, len - 4);
+ return RAND_bytes(p, len - 4);
} else
- return RAND_pseudo_bytes(result, len);
+ return RAND_bytes(result, len);
}
static int ssl23_client_hello(SSL *s)
@@ -466,8 +466,8 @@ static int ssl23_client_hello(SSL *s)
i = ch_len;
s2n(i, d);
memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
- if (RAND_pseudo_bytes
- (&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0)
+ if (RAND_bytes (&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i)
+ <= 0)
return -1;
memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 69da6b1..20de1a8 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -581,7 +581,7 @@ static int client_hello(SSL *s)
/*
* challenge id data
*/
- if (RAND_pseudo_bytes(s->s2->challenge, SSL2_CHALLENGE_LENGTH) <= 0)
+ if (RAND_bytes(s->s2->challenge, SSL2_CHALLENGE_LENGTH) <= 0)
return -1;
memcpy(d, s->s2->challenge, SSL2_CHALLENGE_LENGTH);
d += SSL2_CHALLENGE_LENGTH;
@@ -629,7 +629,7 @@ static int client_master_key(SSL *s)
return -1;
}
if (i > 0)
- if (RAND_pseudo_bytes(sess->key_arg, i) <= 0)
+ if (RAND_bytes(sess->key_arg, i) <= 0)
return -1;
/* make a master key */
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 07e9df8..d3b243c 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -526,11 +526,8 @@ static int get_client_master_key(SSL *s)
* fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
*/
- /*
- * should be RAND_bytes, but we cannot work around a failure.
- */
- if (RAND_pseudo_bytes(rand_premaster_secret,
- (int)num_encrypted_key_bytes) <= 0)
+ if (RAND_bytes(rand_premaster_secret,
+ (int)num_encrypted_key_bytes) <= 0)
return 0;
i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
@@ -822,8 +819,7 @@ static int server_hello(SSL *s)
/* make and send conn_id */
s2n(SSL2_CONNECTION_ID_LENGTH, p); /* add conn_id length */
s->s2->conn_id_length = SSL2_CONNECTION_ID_LENGTH;
- if (RAND_pseudo_bytes(s->s2->conn_id, (int)s->s2->conn_id_length) <=
- 0)
+ if (RAND_bytes(s->s2->conn_id, (int)s->s2->conn_id_length) <= 0)
return -1;
memcpy(d, s->s2->conn_id, SSL2_CONNECTION_ID_LENGTH);
d += SSL2_CONNECTION_ID_LENGTH;
@@ -962,7 +958,7 @@ static int request_certificate(SSL *s)
p = (unsigned char *)s->init_buf->data;
*(p++) = SSL2_MT_REQUEST_CERTIFICATE;
*(p++) = SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
- if (RAND_pseudo_bytes(ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
+ if (RAND_bytes(ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
return -1;
memcpy(p, ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH);
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ab7f690..0c43c49 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2229,11 +2229,8 @@ int ssl3_get_client_key_exchange(SSL *s)
* fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
*/
- /*
- * should be RAND_bytes, but we cannot work around a failure.
- */
- if (RAND_pseudo_bytes(rand_premaster_secret,
- sizeof(rand_premaster_secret)) <= 0)
+ if (RAND_bytes(rand_premaster_secret,
+ sizeof(rand_premaster_secret)) <= 0)
goto err;
decrypt_len =
RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 714a31e..a707612 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2000,7 +2000,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tlsext_servername_callback = 0;
ret->tlsext_servername_arg = NULL;
/* Setup RFC4507 ticket keys */
- if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
+ if ((RAND_bytes(ret->tlsext_tick_key_name, 16) <= 0)
|| (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
|| (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
ret->options |= SSL_OP_NO_TICKET;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 54ee783..ba5737f 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -382,7 +382,7 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
{
unsigned int retry = 0;
do
- if (RAND_pseudo_bytes(id, *id_len) <= 0)
+ if (RAND_bytes(id, *id_len) <= 0)
return 0;
while (SSL_has_matching_session_id(ssl, id, *id_len) &&
(++retry < MAX_SESS_ID_ATTEMPTS)) ;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index cdac011..8071b4a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3906,7 +3906,7 @@ int tls1_process_heartbeat(SSL *s)
memcpy(bp, pl, payload);
bp += payload;
/* Random padding */
- if (RAND_pseudo_bytes(bp, padding) < 0) {
+ if (RAND_bytes(bp, padding) <= 0) {
OPENSSL_free(buffer);
return -1;
}
@@ -3992,13 +3992,13 @@ int tls1_heartbeat(SSL *s)
/* Sequence number */
s2n(s->tlsext_hb_seq, p);
/* 16 random bytes */
- if (RAND_pseudo_bytes(p, 16) < 0) {
+ if (RAND_bytes(p, 16) <= 0) {
SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
goto err;
}
p += 16;
/* Random padding */
- if (RAND_pseudo_bytes(p, padding) < 0) {
+ if (RAND_bytes(p, padding) <= 0) {
SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR);
goto err;
Richard Levitte
Jun 29, 2016, 5:14:18 PM6/29/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 6ad8c48291622a6ccc51489b9a230c9a05ca5614 (commit)
via 30aeb3128199c15760a785d88a4eda9e156d5af6 (commit)
via 338fb1688fbfb7efe0bdd475b01791a6de5ef94b (commit)
from ad64a69e02f7dda422d0f4f53dce7b1278715380 (commit)
- Log -----------------------------------------------------------------
commit 6ad8c48291622a6ccc51489b9a230c9a05ca5614
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 19 10:55:43 2016 +0200
Allow proxy certs to be present when verifying a chain
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 30aeb3128199c15760a785d88a4eda9e156d5af6
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 19 10:55:29 2016 +0200
Fix proxy certificate pathlength verification
While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly. This corresponds to
RFC 3820, 4.1.4 (a).
Reviewed-by: Rich Salz <rs...@openssl.org>
commit 338fb1688fbfb7efe0bdd475b01791a6de5ef94b
Author: Richard Levitte <lev...@openssl.org>
Date: Sun Jun 19 10:55:16 2016 +0200
Check that the subject name in a proxy cert complies to RFC 3820
The subject name MUST be the same as the issuer name, with a single CN
entry added.
RT#1852
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509.h | 6 ++-
crypto/x509/x509_err.c | 3 +-
crypto/x509/x509_txt.c | 2 +
crypto/x509/x509_vfy.c | 103 +++++++++++++++++++++++++++++++++++++++++++++----
crypto/x509/x509_vfy.h | 2 +
doc/apps/verify.pod | 5 +++
7 files changed, 113 insertions(+), 10 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index b1dd970..0385490 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2374,6 +2374,8 @@ int args_verify(char ***pargs, int *pargc,
flags |= X509_V_FLAG_PARTIAL_CHAIN;
else if (!strcmp(arg, "-no_alt_chains"))
flags |= X509_V_FLAG_NO_ALT_CHAINS;
+ else if (!strcmp(arg, "-allow_proxy_certs"))
+ flags |= X509_V_FLAG_ALLOW_PROXY_CERTS;
else
return 0;
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index fc613ce..6fa28eb 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -1234,6 +1234,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+
void ERR_load_X509_strings(void);
/* Error codes for the X509 functions. */
@@ -1241,6 +1242,7 @@ void ERR_load_X509_strings(void);
/* Function codes. */
# define X509_F_ADD_CERT_DIR 100
# define X509_F_BY_FILE_CTRL 101
+# define X509_F_CHECK_NAME_CONSTRAINTS 106
# define X509_F_CHECK_POLICY 145
# define X509_F_DIR_CTRL 102
# define X509_F_GET_CERT_BY_SUBJECT 103
@@ -1322,7 +1324,7 @@ void ERR_load_X509_strings(void);
# define X509_R_WRONG_LOOKUP_TYPE 112
# define X509_R_WRONG_TYPE 122
-#ifdef __cplusplus
+# ifdef __cplusplus
}
-#endif
+# endif
#endif
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 1e779fe..a2a8e1b 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -1,6 +1,6 @@
/* crypto/x509/x509_err.c */
/* ====================================================================
- * Copyright (c) 1999-2012 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -72,6 +72,7 @@
static ERR_STRING_DATA X509_str_functs[] = {
{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
+ {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "CHECK_NAME_CONSTRAINTS"},
{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 4475715..35db095 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -208,6 +208,8 @@ const char *X509_verify_cert_error_string(long n)
return ("Invalid certificate verification context");
case X509_V_ERR_STORE_LOOKUP:
return ("Issuer certificate lookup error");
+ case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION:
+ return ("proxy subject name violation");
default:
BIO_snprintf(buf, sizeof buf, "error number %ld", n);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index f3fe255..389b1c2 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -713,13 +713,27 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
* the next certificate must be a CA certificate.
*/
if (x->ex_flags & EXFLAG_PROXY) {
- if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
- ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
- ctx->error_depth = i;
- ctx->current_cert = x;
- ok = cb(0, ctx);
- if (!ok)
- goto end;
+ /*
+ * RFC3820, 4.1.3 (b)(1) stipulates that if pCPathLengthConstraint
+ * is less than max_path_length, the former should be copied to
+ * the latter, and 4.1.4 (a) stipulates that max_path_length
+ * should be verified to be larger than zero and decrement it.
+ *
+ * Because we're checking the certs in the reverse order, we start
+ * with verifying that proxy_path_length isn't larger than pcPLC,
+ * and copy the latter to the former if it is, and finally,
+ * increment proxy_path_length.
+ */
+ if (x->ex_pcpathlen != -1) {
+ if (proxy_path_length > x->ex_pcpathlen) {
+ ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ ok = cb(0, ctx);
+ if (!ok)
+ goto end;
+ }
+ proxy_path_length = x->ex_pcpathlen;
}
proxy_path_length++;
must_be_ca = 0;
@@ -742,6 +756,81 @@ static int check_name_constraints(X509_STORE_CTX *ctx)
/* Ignore self issued certs unless last in chain */
if (i && (x->ex_flags & EXFLAG_SI))
continue;
+
+ /*
+ * Proxy certificates policy has an extra constraint, where the
+ * certificate subject MUST be the issuer with a single CN entry
+ * added.
+ * (RFC 3820: 3.4, 4.1.3 (a)(4))
+ */
+ if (x->ex_flags & EXFLAG_PROXY) {
+ X509_NAME *tmpsubject = X509_get_subject_name(x);
+ X509_NAME *tmpissuer = X509_get_issuer_name(x);
+ X509_NAME_ENTRY *tmpentry = NULL;
+ int last_object_nid = 0;
+ int err = X509_V_OK;
+ int last_object_loc = X509_NAME_entry_count(tmpsubject) - 1;
+
+ /* Check that there are at least two RDNs */
+ if (last_object_loc < 1) {
+ err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+ goto proxy_name_done;
+ }
+
+ /*
+ * Check that there is exactly one more RDN in subject as
+ * there is in issuer.
+ */
+ if (X509_NAME_entry_count(tmpsubject)
+ != X509_NAME_entry_count(tmpissuer) + 1) {
+ err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+ goto proxy_name_done;
+ }
+
+ /*
+ * Check that the last subject component isn't part of a
+ * multivalued RDN
+ */
+ if (X509_NAME_get_entry(tmpsubject, last_object_loc)->set
+ == X509_NAME_get_entry(tmpsubject, last_object_loc - 1)->set) {
+ err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+ goto proxy_name_done;
+ }
+
+ /*
+ * Check that the last subject RDN is a commonName, and that
+ * all the previous RDNs match the issuer exactly
+ */
+ tmpsubject = X509_NAME_dup(tmpsubject);
+ if (tmpsubject == NULL) {
+ X509err(X509_F_CHECK_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
+ return 0;
+ }
+
+ tmpentry =
+ X509_NAME_delete_entry(tmpsubject, last_object_loc);
+ last_object_nid =
+ OBJ_obj2nid(X509_NAME_ENTRY_get_object(tmpentry));
+
+ if (last_object_nid != NID_commonName
+ || X509_NAME_cmp(tmpsubject, tmpissuer) != 0) {
+ err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+ }
+
+ X509_NAME_ENTRY_free(tmpentry);
+ X509_NAME_free(tmpsubject);
+
+ proxy_name_done:
+ if (err != X509_V_OK) {
+ ctx->error = err;
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ if (!ctx->verify_cb(0, ctx))
+ return 0;
+ }
+ }
+
/*
* Check against constraints for all certificates higher in chain
* including trust anchor. Trust anchor not strictly speaking needed
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index f54ecc5..5062682 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -392,6 +392,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
/* Issuer lookup error */
# define X509_V_ERR_STORE_LOOKUP 66
+# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 67
+
/* Certificate verify flags */
/* Send issuer+subject checks to verify_cb */
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index bffa6c0..b376732 100644
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -27,6 +27,7 @@ B<openssl> B<verify>
[B<-use_deltas>]
[B<-policy_print>]
[B<-no_alt_chains>]
+[B<-allow_proxy_certs>]
[B<-untrusted file>]
[B<-help>]
[B<-issuer_checks>]
@@ -139,6 +140,10 @@ be found that is trusted. With this option that behaviour is suppressed so that
only the first chain found is ever used. Using this option will force the
behaviour to match that of previous OpenSSL versions.
+=item B<-allow_proxy_certs>
+
+Allow the verification of proxy certificates.
+
=item B<-trusted file>
A file of additional trusted certificates. The file should contain multiple
Matt Caswell
Jun 30, 2016, 10:59:35 AM6/30/16
to
The branch OpenSSL_1_0_2-stable has been updated
via cb5ebf961333896776fbce10ef88c2af7bec8aea (commit)
from 6ad8c48291622a6ccc51489b9a230c9a05ca5614 (commit)
- Log -----------------------------------------------------------------
commit cb5ebf961333896776fbce10ef88c2af7bec8aea
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jun 24 23:37:27 2016 +0100
Convert memset calls to OPENSSL_cleanse
Ensure things really do get cleared when we intend them to.
Addresses an OCAP Audit issue.
Reviewed-by: Andy Polyakov <ap...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/bn_lib.c | 2 +-
crypto/evp/digest.c | 2 +-
crypto/md2/md2_dgst.c | 2 +-
crypto/md32_common.h | 10 +++++++++-
crypto/rand/rand_unix.c | 2 +-
crypto/whrlpool/wp_dgst.c | 3 ++-
6 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 80105ff..10b78f5 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -569,7 +569,7 @@ void BN_clear(BIGNUM *a)
{
bn_check_top(a);
if (a->d != NULL)
- memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+ OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
a->top = 0;
a->neg = 0;
}
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index ee4296e..4db1796 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -285,7 +285,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
ctx->digest->cleanup(ctx);
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
}
- memset(ctx->md_data, 0, ctx->digest->ctx_size);
+ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
return ret;
}
diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index 9cd79f8..7f5d9ba 100644
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -219,6 +219,6 @@ int MD2_Final(unsigned char *md, MD2_CTX *c)
for (i = 0; i < 16; i++)
md[i] = (UCHAR) (p1[i] & 0xff);
- memset((char *)&c, 0, sizeof(c));
+ OPENSSL_cleanse(c, sizeof(*c));
return 1;
}
diff --git a/crypto/md32_common.h b/crypto/md32_common.h
index 96828d2..b5a04bf 100644
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -109,6 +109,8 @@
* <ap...@fy.chalmers.se>
*/
+#include <openssl/crypto.h>
+
#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
# error "DATA_ORDER must be defined!"
#endif
@@ -329,6 +331,12 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
data += n;
len -= n;
c->num = 0;
+ /*
+ * We use memset rather than OPENSSL_cleanse() here deliberately.
+ * Using OPENSSL_cleanse() here could be a performance issue. It
+ * will get properly cleansed on finalisation so this isn't a
+ * security problem.
+ */
memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
} else {
memcpy(p + n, data, len);
@@ -384,7 +392,7 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
p -= HASH_CBLOCK;
HASH_BLOCK_DATA_ORDER(c, p, 1);
c->num = 0;
- memset(p, 0, HASH_CBLOCK);
+ OPENSSL_cleanse(p, HASH_CBLOCK);
#ifndef HASH_MAKE_STRING
# error "HASH_MAKE_STRING must be defined!"
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 266111e..6c5b65d 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -235,7 +235,7 @@ int RAND_poll(void)
rnd >>= 8;
}
RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
- memset(buf, 0, sizeof(buf));
+ OPENSSL_cleanse(buf, sizeof(buf));
return 1;
}
diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c
index e33bb4f..807d1c4 100644
--- a/crypto/whrlpool/wp_dgst.c
+++ b/crypto/whrlpool/wp_dgst.c
@@ -51,6 +51,7 @@
* input. This is done for perfomance.
*/
+#include <openssl/crypto.h>
#include "wp_locl.h"
#include <openssl/crypto.h>
#include <string.h>
@@ -237,7 +238,7 @@ int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
if (md) {
memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
- memset(c, 0, sizeof(*c));
+ OPENSSL_cleanse(c, sizeof(*c));
return (1);
}
return (0);
Andy Polyakov
Jul 1, 2016, 8:27:01 AM7/1/16
to
The branch OpenSSL_1_0_2-stable has been updated
via cbffd2d9ca91dabb1cdfb181311f2a8458b4a8e8 (commit)
from cb5ebf961333896776fbce10ef88c2af7bec8aea (commit)
- Log -----------------------------------------------------------------
commit cbffd2d9ca91dabb1cdfb181311f2a8458b4a8e8
Author: Andy Polyakov <ap...@openssl.org>
Date: Thu Jun 30 15:57:57 2016 +0200
SPARC assembly pack: enforce V8+ ABI constraints.
Even though it's hard to imagine, it turned out that upper half of
arguments passed to V8+ subroutine can be non-zero.
["n" pseudo-instructions, such as srln being srl in 32-bit case and
srlx in 64-bit one, were implemented in binutils 2.10. It's assumed
that Solaris assembler implemented it around same time, i.e. 2000.]
Reviewed-by: Richard Levitte <lev...@openssl.org>
(cherry picked from commit f198cc43a0eca4bf1a8e7f60c51af560f4346dc8)
-----------------------------------------------------------------------
Summary of changes:
crypto/des/asm/dest4-sparcv9.pl | 8 ++++----
crypto/modes/asm/ghash-sparcv9.pl | 2 ++
crypto/perlasm/sparcv9_modes.pl | 4 ++++
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl
index 1dc6024..5f3a511 100644
--- a/crypto/des/asm/dest4-sparcv9.pl
+++ b/crypto/des/asm/dest4-sparcv9.pl
@@ -96,7 +96,7 @@ $code.=<<___;
des_t4_cbc_encrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
- nop
+ srln $len, 0, $len ! needed on v8+, "nop" on v9
ld [$ivec + 0], %f0 ! load ivec
ld [$ivec + 4], %f1
@@ -197,7 +197,7 @@ des_t4_cbc_encrypt:
des_t4_cbc_decrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
- nop
+ srln $len, 0, $len ! needed on v8+, "nop" on v9
ld [$ivec + 0], %f2 ! load ivec
ld [$ivec + 4], %f3
@@ -305,7 +305,7 @@ $code.=<<___;
des_t4_ede3_cbc_encrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
- nop
+ srln $len, 0, $len ! needed on v8+, "nop" on v9
ld [$ivec + 0], %f0 ! load ivec
ld [$ivec + 4], %f1
@@ -457,7 +457,7 @@ des_t4_ede3_cbc_encrypt:
des_t4_ede3_cbc_decrypt:
cmp $len, 0
be,pn $::size_t_cc, .Lcbc_abort
- nop
+ srln $len, 0, $len ! needed on v8+, "nop" on v9
ld [$ivec + 0], %f2 ! load ivec
ld [$ivec + 4], %f3
diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl
index 5bc2870..b129ba7 100644
--- a/crypto/modes/asm/ghash-sparcv9.pl
+++ b/crypto/modes/asm/ghash-sparcv9.pl
@@ -445,6 +445,8 @@ gcm_gmult_vis3:
.align 32
gcm_ghash_vis3:
save %sp,-$frame,%sp
+ nop
+ srln $len,0,$len ! needed on v8+, "nop" on v9
ldx [$Xip+8],$C2 ! load Xi
ldx [$Xip+0],$C3
diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl
index eb267a5..ac8da32 100644
--- a/crypto/perlasm/sparcv9_modes.pl
+++ b/crypto/perlasm/sparcv9_modes.pl
@@ -37,6 +37,7 @@ ${alg}${bits}_t4_cbc_encrypt:
save %sp, -$::frame, %sp
cmp $len, 0
be,pn $::size_t_cc, .L${bits}_cbc_enc_abort
+ srln $len, 0, $len ! needed on v8+, "nop" on v9
sub $inp, $out, $blk_init ! $inp!=$out
___
$::code.=<<___ if (!$::evp);
@@ -254,6 +255,7 @@ ${alg}${bits}_t4_cbc_decrypt:
save %sp, -$::frame, %sp
cmp $len, 0
be,pn $::size_t_cc, .L${bits}_cbc_dec_abort
+ srln $len, 0, $len ! needed on v8+, "nop" on v9
sub $inp, $out, $blk_init ! $inp!=$out
___
$::code.=<<___ if (!$::evp);
@@ -613,6 +615,7 @@ $::code.=<<___;
.align 32
${alg}${bits}_t4_ctr32_encrypt:
save %sp, -$::frame, %sp
+ srln $len, 0, $len ! needed on v8+, "nop" on v9
prefetch [$inp], 20
prefetch [$inp + 63], 20
@@ -916,6 +919,7 @@ $::code.=<<___;
.align 32
${alg}${bits}_t4_xts_${dir}crypt:
save %sp, -$::frame-16, %sp
+ srln $len, 0, $len ! needed on v8+, "nop" on v9
mov $ivec, %o0
add %fp, $::bias-16, %o1
Matt Caswell
Jul 1, 2016, 2:29:12 PM7/1/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 77857ddcca41e1ad34725715fe7b32adc4de7930 (commit)
from cbffd2d9ca91dabb1cdfb181311f2a8458b4a8e8 (commit)
- Log -----------------------------------------------------------------
commit 77857ddcca41e1ad34725715fe7b32adc4de7930
Author: Matt Caswell <ma...@openssl.org>
Date: Fri Jul 1 11:58:05 2016 +0100
Avoid an overflow in constructing the ServerKeyExchange message
We calculate the size required for the ServerKeyExchange message and then
call BUF_MEM_grow_clean() on the buffer. However we fail to take account of
2 bytes required for the signature algorithm and 2 bytes for the signature
length, i.e. we could overflow by 4 bytes. In reality this won't happen
because the buffer is pre-allocated to a large size that means it should be
big enough anyway.
Addresses an OCAP Audit issue.
Reviewed-by: Rich Salz <rs...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/s3_srvr.c | 5 +++++
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 5 insertions(+)
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 0c43c49..299f85b 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1872,6 +1872,11 @@ int ssl3_send_server_key_exchange(SSL *s)
goto f_err;
}
kn = EVP_PKEY_size(pkey);
+ /* Allow space for signature algorithm */
+ if (SSL_USE_SIGALGS(s))
+ kn += 2;
+ /* Allow space for signature length */
+ kn += 2;
} else {
pkey = NULL;
kn = 0;
Richard Levitte
Jul 5, 2016, 4:57:03 PM7/5/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 6c6bd9bc2f972ebadc6a326f7864b3f2edc40b5b (commit)
from 77857ddcca41e1ad34725715fe7b32adc4de7930 (commit)
- Log -----------------------------------------------------------------
commit 6c6bd9bc2f972ebadc6a326f7864b3f2edc40b5b
Author: Cristian Stoica <cristia...@freescale.com>
Date: Tue Sep 10 12:46:46 2013 +0300
remove double initialization of cryptodev engine
cryptodev engine is initialized together with the other engines in
ENGINE_load_builtin_engines. The initialization done through
OpenSSL_add_all_algorithms is redundant.
Signed-off-by: Cristian Stoica <cristia...@nxp.com>
Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Richard Levitte <lev...@openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/c_all.c | 5 -----
-----------------------------------------------------------------------
Summary of changes:
1 file changed, 5 deletions(-)
diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
index a3ed00d..719e34d 100644
--- a/crypto/evp/c_all.c
+++ b/crypto/evp/c_all.c
@@ -82,9 +82,4 @@ void OPENSSL_add_all_algorithms_noconf(void)
OPENSSL_cpuid_setup();
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
-#ifndef OPENSSL_NO_ENGINE
-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
- ENGINE_setup_bsd_cryptodev();
-# endif
-#endif
Dr. Stephen Henson
Jul 5, 2016, 9:48:05 PM7/5/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 9bda72880113b2b2262d290b23bdd1d3b19ff5b3 (commit)
from 6c6bd9bc2f972ebadc6a326f7864b3f2edc40b5b (commit)
- Log -----------------------------------------------------------------
commit 9bda72880113b2b2262d290b23bdd1d3b19ff5b3
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Tue Jul 5 23:24:26 2016 +0100
Don't indicate errors during initial adb decode.
Reviewed-by: Tim Hudson <t...@openssl.org>
(cherry picked from commit b385889640517531a9cfeb672b15db7089b1bbb8)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/tasn_dec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 6b01f65..d254027 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -400,7 +400,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
if (tt->flags & ASN1_TFLG_ADB_MASK) {
const ASN1_TEMPLATE *seqtt;
ASN1_VALUE **pseqval;
- seqtt = asn1_do_adb(pval, tt, 1);
ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 0);
if (seqtt == NULL)
continue;
pseqval = asn1_get_field_ptr(pval, seqtt);
pseqval = asn1_get_field_ptr(pval, seqtt);
Rich Salz
Jul 7, 2016, 5:50:08 PM7/7/16
to
The branch OpenSSL_1_0_2-stable has been updated
via 23aec60661cd8fc39b31809c18e03efb98f4882a (commit)
from 9bda72880113b2b2262d290b23bdd1d3b19ff5b3 (commit)
- Log -----------------------------------------------------------------
commit 23aec60661cd8fc39b31809c18e03efb98f4882a
Author: Orgad Shaneh <orgad....@audiocodes.com>
Date: Wed Jul 6 08:44:51 2016 +0300
Fix compilation with CMS disabled
Reviewed-by: Kurt Roeckx <ku...@openssl.org>
Reviewed-by: Rich Salz <rs...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1293)
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_ameth.c | 2 ++
crypto/rsa/rsa_ameth.c | 8 ++++++++
2 files changed, 10 insertions(+)
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index b529995..53a2b4d 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -67,8 +67,10 @@
#include <openssl/asn1t.h>
#include "asn1_locl.h"
+#ifndef OPENSSL_NO_CMS
static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
{
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 4e06218..951e1d5 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -68,10 +68,12 @@
#endif
#include "asn1_locl.h"
+#ifndef OPENSSL_NO_CMS
static int rsa_cms_sign(CMS_SignerInfo *si);
static int rsa_cms_verify(CMS_SignerInfo *si);
static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{
@@ -665,6 +667,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
return rv;
}
+#ifndef OPENSSL_NO_CMS
static int rsa_cms_verify(CMS_SignerInfo *si)
{
int nid, nid2;
@@ -683,6 +686,7 @@ static int rsa_cms_verify(CMS_SignerInfo *si)
}
return 0;
}
+#endif
/*
* Customised RSA item verification routine. This is called when a signature
@@ -705,6 +709,7 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
return -1;
}
+#ifndef OPENSSL_NO_CMS
static int rsa_cms_sign(CMS_SignerInfo *si)
{
int pad_mode = RSA_PKCS1_PADDING;
@@ -729,6 +734,7 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
return 1;
}
+#endif
static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
@@ -785,6 +791,7 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
return pss;
}
+#ifndef OPENSSL_NO_CMS
static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
{
EVP_PKEY_CTX *pkctx;
@@ -920,6 +927,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
ASN1_STRING_free(os);
return rv;
}
+#endif
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
{
It is loading more messages.
0 new messages