Age | Commit message (Collapse) | Author |
|
Fix an off by one error in the overflow check added by 07bed46f332fc
("Check for errors in BN_bn2dec()").
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 099e2968ed3c7d256cda048995626664082b1b30)
|
|
Also, re-organize RSA check to use goto err.
Try all checks, not just stopping at first (via Richard Levitte)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 464d59a5bb5811f7671e2bd37f41d610606b829d)
|
|
Most of the time, this isn't strictly needed. However, in the default
extern model (called relaxed refdef), symbols are treated as weak
common objects unless they are initialised. The librarian doesn't
include weak symbols in the (static) libraries, which renders them
invisible when linking a program with said those libraries, which is a
problem at times.
Using the strict refdef model is much more like standard C on all
other platforms, and thereby avoid the issues that come with the
relaxed refdef model.
Note: this doesn't apply to VAX C. It's possible that this will make
OpenSSL building with VAX C difficult some time in the future if it
isn't already. However, VAX C is a very old compiler that we don't
expect to see too often, as DEC C (a.k.a VMS C) should have replaced
it a long time ago.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Original strategy for page-walking was adjust stack pointer and then
touch pages in order. This kind of asks for double-fault, because
if touch fails, then signal will be delivered to frame above adjusted
stack pointer. But touching pages prior adjusting stack pointer would
upset valgrind. As compromise let's adjust stack pointer in pages,
touching top of the stack. This still asks for double-fault, but at
least prevents corruption of neighbour stack if allocation is to
overstep the guard page.
Also omit predict-non-taken hints as they reportedly trigger illegal
instructions in some VM setups.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 3ba1ef829cf3dd36eaa5e819258d90291c6a1027)
|
|
Thanks to Brian Smith for reporting this.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #3176
(cherry picked from commit a73be798ced572a988d455d961a2387f6eccb549)
|
|
RT4386: Add sanity checks for BN_new()
RT4384: Missing Sanity Checks for RSA_new_method()
RT4384: Missing Sanity Check plus potential NULL pointer deref
RT4382: Missing Sanity Check(s) for BUF_strdup()
RT4380: Missing Sanity Checks for EVP_PKEY_new()
RT4377: Prevent potential NULL pointer dereference
RT4375: Missing sanity checks for OPENSSL_malloc()
RT4374: Potential for NULL pointer dereferences
RT4371: Missing Sanity Check for malloc()
RT4370: Potential for NULL pointer dereferences
Also expand tabs, make update, typo fix (rsalz)
Minor tweak by Paul Dale.
Some minor internal review feedback.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
- make the VMS version of RAND_poll() faster and more secure
- avoid pointer size warnings with setvbuf()
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Apply a limit to the maximum blob length which can be read in do_d2i_bio()
to avoid excessive allocation.
Thanks to Shi Lei for reporting this.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 66bcba145740e4f1210499ba6e5033035a2a4647)
|
|
If an oversize BIGNUM is presented to BN_bn2dec() it can cause
BN_div_word() to fail and not reduce the value of 't' resulting
in OOB writes to the bn_data buffer and eventually crashing.
Fix by checking return value of BN_div_word() and checking writes
don't overflow buffer.
Thanks to Shi Lei for reporting this bug.
CVE-2016-2182
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 07bed46f332fce8c1d157689a2cdf915a982ae34)
Conflicts:
crypto/bn/bn_print.c
|
|
Check for error return in BN_div_word().
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 8b9afbc0fc7f8be0049d389d34d9416fa377e2aa)
|
|
RT#4530
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7123aa81e9fb19afb11fdf3850662c5f7ff1f19c)
|
|
Thanks to Hanno Böck for reporting this bug.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 39a43280316f1b9c45be5ac5b04f4f5c3f923686)
Conflicts:
crypto/pkcs12/p12_utl.c
|
|
Fix error path leaks in a2i_ASN1_STRING(), a2i_ASN1_INTEGER() and
a2i_ASN1_ENUMERATED().
Thanks to Shi Lei for reporting these issues.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
GH: #1322
(cherry picked from commit 5e3553c2de9a365479324b8ba8b998f0cce3e527)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Thanks to Shi Lei for reporting this bug.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Thanks to Shi Lei for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Thanks to Shi Lei for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 20fc103f782bb0bcd41d211c6423187b02146b9d)
Conflicts:
include/openssl/ts.h
|
|
Because proxy certificates typically come without any CRL information,
trying to check revocation on them will fail. Better not to try
checking such information for them at all.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 790555d6756285b3ec18e3efbb195cf33f217d8f)
|
|
Use correct length in old ASN.1 indefinite length sequence decoder
(only used by SSL_SESSION).
This bug was discovered by Hanno Böck using libfuzzer.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e9f17097e9fbba3e7664cd67e54eebf2bd438863)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 56f9953c846204cb3251ab27605e403c7444fd72)
|
|
Thanks to David Benjamin <davidben@google.com> for reporting this bug.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e032117db251968bd09badc7d4718c2497302e55)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 976ef6adcc157233fb641ca99e2424630ef1814f)
Conflicts:
crypto/evp/bio_enc.c
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit ee6ce5cc368574c0b0b470e61ee2f82a0efadbb7)
Conflicts:
crypto/evp/bio_enc.c
|
|
If two CRLs are equivalent then use the one with a later lastUpdate field:
this will result in the newest CRL available being used.
RT#4615
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 626aa24849be549b7ef4f049d8427989940c8a37)
|
|
TS_OBJ_print_bio() misuses OBJ_txt2obj: it should print the result
as a null terminated buffer. The length value returned is the total
length the complete text reprsentation would need not the amount of
data written.
CVE-2016-2180
Thanks to Shi Lei for reporting this bug.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0ed26acce328ec16a3aa635f1ca37365e8c7403a)
|
|
There are two failure cases for OCSP_request_add_id():
1. OCSP_ONEREQ_new() failure, where |cid| is not freed
2. sk_OCSP_ONEREQ_push() failure, where |cid| is freed
This changes makes the error behavior consistent, such that |cid| is
not freed when sk_OCSP_ONEREQ_push() fails. OpenSSL only takes
ownership of |cid| when the function succeeds.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1289)
(cherry picked from commit 415e7c488e09119a42be24129e38ddd43524ee06)
|
|
If underlying type is boolean don't check field is NULL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit ad72d9fdf7709ddb97a58d7d45d755e6e0504b96)
|
|
The ASN.1 BIGNUM type needs to be handled in a custom way as it is
not a generic ASN1_STRING type.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 3cea73a7fcaaada1ea0ee4b4353ed0176fee1112)
Conflicts:
crypto/asn1/x_bignum.c
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 28e90f69fbcdcd3c06359a53adceb2dbdfaba614)
|
|
RT#4611
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit b8a7bd83e68405fdf595077973035ac6fe24cb97)
|
|
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1293)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit b385889640517531a9cfeb672b15db7089b1bbb8)
|
|
cryptodev engine is initialized together with the other engines in
ENGINE_load_builtin_engines. The initialization done through
OpenSSL_add_all_algorithms is redundant.
Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Even though it's hard to imagine, it turned out that upper half of
arguments passed to V8+ subroutine can be non-zero.
["n" pseudo-instructions, such as srln being srl in 32-bit case and
srlx in 64-bit one, were implemented in binutils 2.10. It's assumed
that Solaris assembler implemented it around same time, i.e. 2000.]
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f198cc43a0eca4bf1a8e7f60c51af560f4346dc8)
|
|
Ensure things really do get cleared when we intend them to.
Addresses an OCAP Audit issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly. This corresponds to
RFC 3820, 4.1.4 (a).
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The subject name MUST be the same as the issuer name, with a single CN
entry added.
RT#1852
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
RAND_pseudo_bytes() allows random data to be returned even in low entropy
conditions. Sometimes this is ok. Many times it is not. For the avoidance
of any doubt, replace existing usage of RAND_pseudo_bytes() with
RAND_bytes().
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
aesni_cbc_hmac_sha256_ctrl() and aesni_cbc_hmac_sha1_ctrl() cleanse the
HMAC key after use, but static int rc4_hmac_md5_ctrl() doesn't.
Fixes an OCAP Audit issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 0def528bc502a888a3f4ef3c38ea4c5e69fd7375)
|
|
tag2nbyte had -1 at 18th position, but underlying ASN1_mbstring_copy
supports NumericString. tag2nbyte is also used in do_print_ex which will
not be broken by setting 1 at 18th position of tag2nbyte
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d6079a87db58ad17550b5d00a74512464e6a029e)
|
|
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|