| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6957)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6955)
|
|
Just as was done recently for i2d_ASN1_OBJECT, we also make
i2d_ASN1_BOOLEAN comply with the documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6943)
|
|
Since 0.9.7, all i2d_ functions were documented to allocate an output
buffer if the user didn't provide one, under these conditions (from
the 1.0.2 documentation):
For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
allocated for a buffer and the encoded data written to it. In this
case B<*out> is not incremented and it points to the start of the
data just written.
i2d_ASN1_OBJECT was found not to do this, and would crash if a NULL
output buffer was provided.
Fixes #6914
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6918)
(cherry picked from commit 6114041540d8d1fecaf23a861788c3c742d3b467)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6881)
|
|
which is used for ASN1_STRING_print_ex*() and X509_NAME_print_ex*().
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6118)
|
|
If we don't have OID data for an object then we should fail if we
are asked to encode the ASN.1 for that OID.
Fixes #5723
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5725)
(cherry picked from commit 53c9818e970fc0c22d77e19fda3b3e6f6c9e759d)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Constructed types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. Therefore we limit the stack depth.
CVE-2018-0739
Credit to OSSFuzz for finding this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5142)
(cherry picked from commit a26dd465b21d8def440c16b6bd90227b03e12e02)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4875)
|
|
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4600)
(cherry picked from commit a6f622bc99ffdc7b34199babb9d200b24a7a6431)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
The previous change with this intention didn't quite do it. An
embedded item must not be freed itself, but might potentially contain
non-embedded elements, which must be freed.
So instead of calling ASN1_item_ex_free(), where we can't pass the
combine flag, we call asn1_item_embed_free() directly.
This changes asn1_item_embed_free() from being a static function to
being a private non-static function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/4578)
|
|
An embedded item wasn't allocated separately on the heap, so don't
free it as if it was.
Issue discovered by Pavel Kopyl
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4571)
|
|
c2i_ASN1_BIT_STRING takes length as a long but uses it as an int. Check
bounds before doing so. Previously, excessively large inputs to the
function could write a single byte outside the target buffer. (This is
unreachable as asn1_ex_c2i already uses int for the length.)
Thanks to NCC for finding this issue. Fix written by Martin Kreichgauer.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4385)
(cherry picked from commit 6b1c8204b33aaedb7df7a009c241412839aaf950)
|
|
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4326)
(cherry picked from commit 180794c54e98ae467c4ebced3737e1ede03e320a)
|
|
Fixes #3349
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3819)
|
|
ASN1_GENERALIZEDTIME and ASN1_UTCTIME may be specified using offsets,
even though that's not supported within certificates.
To convert the offset time back to GMT, the offsets are supposed to be
subtracted, not added. e.g. 1759-0500 == 2359+0100 == 2259Z.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3335)
(cherry picked from commit ae32742e3db45a19aead2c42e30072882492be1d)
|
|
EV Guidelines section 9.2.5 says jurisdictionCountryName follows the
same ASN.1 encoding rules as countryName.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3284)
(cherry picked from commit 52c0c4d13e8220f19eb2b205dc0c30508c4a51a9)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3026)
|
|
We should not write to |out| in error cases, so we should defer doing this
until the "done" block.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3002)
|
|
LONG and ZLONG items (which are OpenSSL private special cases of
ASN1_INTEGER) are encoded into DER with padding if the leading octet
has the high bit set, where the padding can be 0x00 (for positive
numbers) or 0xff (for negative ones).
When decoding DER to LONG or ZLONG, the padding wasn't taken in
account at all, which means that if the encoded size with padding
is one byte more than the size of long, decoding fails. This change
fixes that issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3000)
(cherry picked from commit ca2045dc545ba4afe8abbe29d0316ee3d36da7df)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2230
(partial cherry pick from commit 68d4bcfd0651c7ea5d37ca52abc0d2e6e6b3bd20)
|
|
llvm's ubsan reported:
runtime error: negation of -9223372036854775808 cannot be represented in type
'long'; cast to an unsigned type to negate this value to itself
Found using afl
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1325
(cherry picked from commit 1618679ac478c8f41fc5f320fb4d8a33883b3868)
|
|
Found by afl
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #3013
(cherry picked from commit 5bea15ebb359c91a1bb7569620ead14bb71cfb81)
|
|
If ret is allocated, it may be leaked on error.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2666)
(cherry picked from commit 4483e23444fa18034344874ffbe67919207e9e47)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2640)
(cherry picked from commit aa402e2ba408254c052b5750b14e7f01e48bced1)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2641)
|
|
Fixed a memory leak in ASN1_digest and ASN1_item_digest.
asn1_template_noexp_d2i call ASN1_item_ex_free(&skfield,...) on error.
Reworked error handling in asn1_item_ex_combine_new:
- call ASN1_item_ex_free and return the correct error code if ASN1_template_new failed.
- dont call ASN1_item_ex_free if ASN1_OP_NEW_PRE failed.
Reworked error handing in x509_name_ex_d2i and x509_name_encode.
Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup.
Fixed a memory leak in def_get_class if lh_EX_CLASS_ITEM_insert fails due to OOM:
- to figure out if the insertion succeeded, use lh_EX_CLASS_ITEM_retrieve again.
- on error, p will be NULL, and gen needs to be cleaned up again.
int_free_ex_data needs to have a fallback solution if unable to allocate "storage":
- if free_func is non-zero this must be called to clean up all memory.
Fixed error handling in pkey_hmac_copy.
Fixed error handling in ssleay_rand_add and ssleay_rand_bytes.
Fixed error handling in X509_STORE_new.
Fixed a memory leak in ssl3_get_key_exchange.
Check for null pointer in ssl3_write_bytes.
Check for null pointer in ssl3_get_cert_verify.
Fixed a memory leak in ssl_cert_dup.
Fixes #2087 #2094 #2103 #2104 #2105 #2106 #2107 #2108 #2110 #2111 #2112 #2115
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2127)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1906)
(cherry picked from commit 2191dc846a85ce82925cb06b4dd8649da7fc403c)
|
|
Unhandled critical CRL extensions were not detected if they appeared
after the handled ones. (GitHub issue 1757). Thanks to John Chuah
for reporting this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1769)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #3176
(cherry picked from commit a73be798ced572a988d455d961a2387f6eccb549)
|
|
RT4386: Add sanity checks for BN_new()
RT4384: Missing Sanity Checks for RSA_new_method()
RT4384: Missing Sanity Check plus potential NULL pointer deref
RT4382: Missing Sanity Check(s) for BUF_strdup()
RT4380: Missing Sanity Checks for EVP_PKEY_new()
RT4377: Prevent potential NULL pointer dereference
RT4375: Missing sanity checks for OPENSSL_malloc()
RT4374: Potential for NULL pointer dereferences
RT4371: Missing Sanity Check for malloc()
RT4370: Potential for NULL pointer dereferences
Also expand tabs, make update, typo fix (rsalz)
Minor tweak by Paul Dale.
Some minor internal review feedback.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Check for error return in BN_div_word().
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 8b9afbc0fc7f8be0049d389d34d9416fa377e2aa)
|
|
Fix error path leaks in a2i_ASN1_STRING(), a2i_ASN1_INTEGER() and
a2i_ASN1_ENUMERATED().
Thanks to Shi Lei for reporting these issues.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
GH: #1322
(cherry picked from commit 5e3553c2de9a365479324b8ba8b998f0cce3e527)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Thanks to Shi Lei for reporting this bug.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Thanks to Shi Lei for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Use correct length in old ASN.1 indefinite length sequence decoder
(only used by SSL_SESSION).
This bug was discovered by Hanno Böck using libfuzzer.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e9f17097e9fbba3e7664cd67e54eebf2bd438863)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 56f9953c846204cb3251ab27605e403c7444fd72)
|
|
If underlying type is boolean don't check field is NULL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit ad72d9fdf7709ddb97a58d7d45d755e6e0504b96)
|
|
The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3cea73a7fcaaada1ea0ee4b4353ed0176fee1112)
Conflicts:
crypto/asn1/x_bignum.c
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit b385889640517531a9cfeb672b15db7089b1bbb8)
|
|
RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d6079a87db58ad17550b5d00a74512464e6a029e)
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit fdcb499cc2cd57412e496302a4bca8c5d9f1a9c7)
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit bace847eae24f48adc6a967c6cce7f8d05bbeda3)
|
