Age | Commit message (Collapse) | Author |
|
Since we don't use the eay style any more, there's no point tryint to
tell emacs to use it.
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
Commit 2b0180c37fa6ffc48ee40caa831ca398b828e680 attempted to do this but
only hit one of many BN_mod_exp codepaths. Fix remaining variants and add
a test for each method.
Thanks to Hanno Boeck for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit d911097d7c93e4cfeab624b34d73fe51da158b69)
|
|
RT#4171
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit b9749432346f69b29d82070041e71b237d718ce7)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Avoid seg fault by checking mgf1 parameter is not NULL. This can be
triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.
Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.
CVE-2015-3194
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
|
|
When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.
This can leak memory in any application parsing PKCS#7 or CMS structures.
CVE-2015-3195.
Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.
PR#4131
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
RT#4162
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b5516cfbd65de9331d827012fc5bdace1953613e)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2238e0e45d03ec9ba15e9547f7739cc6987a8f57)
|
|
RT#4142
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 76eba0d94bb418325be6409b272eac5e2bd4a0a9)
Resolved conflicts:
crypto/bn/asm/x86_64-mont.pl
crypto/bn/asm/x86_64-mont5.pl
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #466
(cherry picked from commit 434b58457c8cca4d09f77a1774d6d2c446604bae)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 63eb10a07ee29a312e50a227f5b3a290b1ad22b4)
|
|
Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 158e5207a794603f5d64ffa95e0247c7808ab445)
Conflicts:
crypto/asn1/asn1_par.c
|
|
Strict ISO confirming C compilers only define __sun
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
RT #4144, MR #1353
(cherry picked from commit 3d32218812e87221344f2985512e42e4aaa88745)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ce24d2ed232a095349886aecc8cb959d5dda8342)
|
|
The problem remained unnoticed so far, because it's never called by default.
You have to craft OPENSSL_ppccap environment variable to trigger the problem.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e4693b4e2a0c3f6241d4d3e61460c34c7e0013f6)
|
|
is couple percent faster]. Triggered by RT#4128, but solves the problem by real modulo-scheduling.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 9d0e4dc6351df7d0c08400c4b4cf17c017022e50)
|
|
It was also found that stich performs suboptimally on AMD Jaguar, hence
execution is limited to XOP-capable and Intel processors.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit a5fd24d19bbb586b1c6d235c2021e9bead22c9f5)
|
|
Manual cherry-pick of 0704343f138a38d3882d5af2a4ebe8821e9a8f3a.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
During work on a larger change in master a number of locations were
identified where return value checks were missing. This backports the
relevant fixes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
MR #1276, RT #4107
(cherry picked from commit 94b3664a528258df5ebcaae213d19bf6568cc47d)
|
|
RT#4081
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 070c23325af4526c9a8532a60d63522c58d5554b)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 8cf9d71a3a43d9b98a8a278d47dc08088a954a7b)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit d900a015b5a89ea2018e6122dd2738925e4d68ab)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit c2319cf9fce87a2e82efb6e58ced11a85190dc3d)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 3f6c7691870d1cd2ad0e0c83638cef3f35a0b548)
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 8acaabec429b39f9436f6a88006384d72d292539)
|
|
Don't mark a certificate as self signed if keyUsage is present and
certificate signing not asserted.
PR#3979
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit f51e5ed6b4b91d12228da873db72aa28109d1797)
|
|
RFC5753 requires that we omit parameters for AES key wrap and set them
to NULL for 3DES wrap. OpenSSL decrypt uses the received algorithm
parameters so can transparently handle either form.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 4ec36aff2a3c221b640dafa56ac838312e6724f4)
|
|
PR#4079
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit c69ce9351336f5b4a8b33890756b3fd185528210)
|
|
The function int_rsa_verify is an internal function used for verifying an
RSA signature. It takes an argument |dtype| which indicates the digest type
that was used. Dependant on that digest type the processing of the
signature data will vary. In particular if |dtype == NID_mdc2| and the
signature data is a bare OCTETSTRING then it is treated differently to the
default case where the signature data is treated as a DigestInfo (X509_SIG).
Due to a missing "else" keyword the logic actually correctly processes the
OCTETSTRING format signature first, and then attempts to continue and
process it as DigestInfo. This will invariably fail because we already know
that it is a bare OCTETSTRING.
This failure doesn't actualy make a real difference because it ends up at
the |err| label regardless and still returns a "success" result. This patch
just cleans things up to make it look a bit more sane.
RT#4076
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit dffe51091f412dcbc18f6641132f0b4f0def6bce)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5850cc75ea0c1581a9034390f1ca77cadc596238)
|
|
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
(cherry picked from commit 99c203337574d967c86ffbfa13f40ace51048485)
|
|
It returns -1 on error, not 0.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
(cherry picked from commit d6e92c0bd6c36fc68291e79ef5753fd7f0420695)
|
|
BN_with_flags() will read the dest->flags to keep the BN_FLG_MALLOCED but
overwrites everything else.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1231
(cherry picked from commit f92768e6f5259069bd21dbed2b98b3423c1dfca4)
|
|
Thanks to David Benjamin <davidben@google.com> for pointing them out.
Reviewed-by: Steve Henson <steve@openssl.org>
MR #1198
(cherry picked from commit 605236f6a8fe0743af2f63d93239a74c69dae137)
|
|
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Fix comment, add another overflow check, tidy style
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit de8883e11befde31d9b6cfbbd1fc017c365e0bbf)
|
|
BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.
Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.
The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 110f7b37de9feecfb64950601cc7cec77cf6130b)
|
|
If we use BIO_new_file(), on Windows it'll jump through hoops to work
around their unusual charset/Unicode handling. it'll convert a UTF-8
filename to UCS-16LE and attempt to use _wfopen().
If you use BIO_read_filename(), it doesn't do this. Shouldn't it be
consistent?
It would certainly be nice if SSL_use_certificate_chain_file() worked.
Also made BIO_C_SET_FILENAME work (rsalz)
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit ff03599a2f518dbdf13bca0bb0208e431b892fe9)
|
|
There are a couple of minor fixes here:
1) Handle the case when RegisterEventSource() fails (which it may for
various reasons) and do the work of logging the event only if it succeeds.
2) Handle the case when ReportEvent() fails and do our best in debug builds
to at least attempt somehow indicate that something has gone wrong. The
typical situation would be someone running tools like DbMon, DBWin32,
DebugView or just having the debugger attached. The intent is to make sure
that at least some data will be captured so that we can save hours and days
of debugging time.
3) Minor fix to change the MessageBox() flag to MB_ICONERROR. Though the
value of MB_ICONERROR is the same value as MB_ICONSTOP, the intent is
better conveyed by using MB_ICONERROR.
Testing performed:
1) Clean compilation for debug-VC-WIN32 and VC-WIN32.
2) Good test results (nmake -f ms\ntdll.mak test) for debug-VC-WIN32 and
VC-WIN32.
3) Stepped through relevant changes using WinDBG and exercised the impacted
code paths.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4cd94416a452c3a3e0df24c297f7d2f0e6d5bb5f)
|
|
There were some memory leaks in the creation of an SRP verifier (both on
successful completion and also on some error paths).
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit bf95cde28712cfcad90cb3975cdcb8e5c0f20fde)
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 4fe1cbdff89768c5d1983988ce1022674a438bbb)
|
|
Was only approved for master, to avoid compatibility issues on
previous releases.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|