generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
8,848 Commits 16 Branches 258 Tags
Commit Graph

8848 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Emilia Kasper
544e3e3b69 PKCS#7: avoid NULL pointer dereferences with missing content 
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

Reviewed-by: Steve Henson <steve@openssl.org>

Conflicts:
	crypto/pkcs7/pk7_doit.c
 2015-03-19 13:00:45 +00:00
Dr. Stephen Henson
497d0b00dc Fix ASN1_TYPE_cmp 
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-19 13:00:44 +00:00
Dr. Stephen Henson
674341f1b0 Free up ADB and CHOICE if already initialised. 
CVE-2015-0287

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2015-03-18 11:52:58 +00:00
Dr. Stephen Henson
c58f4f73bd Tolerate test_sqr errors for FIPS builds. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-03-14 22:21:21 +00:00
Kurt Roeckx
c85c1e08ce Disable export and SSLv2 ciphers by default 
They are moved to the COMPLEMENTOFDEFAULT instead.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2015-03-14 18:46:31 +01:00
Matt Caswell
c2f5de13cd Cleanse buffers 
Cleanse various intermediate buffers used by the PRF (backported version
from master).

Conflicts:
	ssl/s3_enc.c

Conflicts:
	ssl/t1_enc.c

Conflicts:
	ssl/t1_enc.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-11 10:57:14 +00:00
Dr. Stephen Henson
01320ad3b9 Fix warnings. 
Fix compiler warnings (similar to commit 25012d5e79)

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-08 17:23:40 +00:00
Matt Caswell
a065737afb Update mkerr.pl for new format 
Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2015-03-06 14:10:30 +00:00
Dr. Stephen Henson
241cff623e Check public key is not NULL. 
CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9)
 2015-03-02 15:26:57 +00:00
Dr. Stephen Henson
8a8ba07167 Fix format script. 
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a)

Conflicts:
	crypto/asn1/x_long.c
 2015-03-02 13:50:01 +00:00
Matt Caswell
1b4a8df38f Fix a failure to NULL a pointer freed on error. 
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2015-02-25 20:40:38 +00:00
Andy Polyakov
6d4655c27e Bring objects.pl output even closer to new format. 
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 849037169d98d070c27d094ac341fc6aca1ed2ca)
 2015-02-09 16:07:51 +01:00
Andy Polyakov
9eca2cbc16 Harmonize objects.pl output with new format. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce38623194f6df6a846cd01753b63f361c88e57)
 2015-02-09 10:03:30 +01:00
Matt Caswell
d7efe7ea18 Fix error handling in ssltest 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ae632974f905c59176fa5f312826f8f692890b67)
 2015-02-06 10:15:22 +00:00
Rich Salz
49fa6b6c2d Fixed bad formatting in crypto/des/spr.h 
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b)
 2015-02-05 09:46:24 -05:00
Dr. Stephen Henson
d64a227f1f Check PKCS#8 pkey field is valid before cleansing. 
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 52e028b9de371da62c1e51b46592517b1068d770)
 2015-02-03 14:02:51 +00:00
Matt Caswell
6844c12968 Fix for reformat problems with e_padlock.c 
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0)
 2015-01-22 14:17:04 +00:00
Matt Caswell
ead95e760c Fix formatting error in pem.h 
Reviewed-by: Andy Polyakov <appro@openssl.org>

Conflicts:
	crypto/pem/pem.h

Conflicts:
	crypto/pem/pem.h
 2015-01-22 14:17:02 +00:00
Matt Caswell
02f0c26cea Re-align some comments after running the reformat script. 
This should be a one off operation (subsequent invokation of the
script should not move them)

This commit is for the 0.9.8 changes

Reviewed-by: Tim Hudson <tjh@openssl.org>
OpenSSL_0_9_8-post-reformat 		2015-01-22 09:53:07 +00:00
Matt Caswell
6f1f3c6653 Rerun util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
OpenSSL_0_9_8-post-auto-reformat 		2015-01-22 09:53:02 +00:00
Matt Caswell
40720ce3ca Run util/openssl-format-source -v -c . 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:55 +00:00
Matt Caswell
9d03aabea3 More comment changes required for indent 
Reviewed-by: Tim Hudson <tjh@openssl.org>
OpenSSL_0_9_8-pre-auto-reformat 		2015-01-22 09:52:49 +00:00
Matt Caswell
117e79dd88 Yet more changes to comments 
Conflicts:
	ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:44 +00:00
Matt Caswell
bc91221636 More tweaks for comments due indent issues 
Conflicts:
	ssl/ssl_ciph.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:40 +00:00
Matt Caswell
b9006da5d7 Backport hw_ibmca.c from master due to failed merge 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:34 +00:00
Matt Caswell
d26667b28f Tweaks for comments due to indent's inability to handle them 
Conflicts:
	ssl/s3_srvr.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:28 +00:00
Matt Caswell
13270477f4 Move more comments that confuse indent 
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Conflicts:
	crypto/bn/rsaz_exp.c
	crypto/evp/e_aes_cbc_hmac_sha1.c
	crypto/evp/e_aes_cbc_hmac_sha256.c
	ssl/ssl_locl.h

Conflicts:
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/ec/ecp_oct.c
	crypto/modes/gcm128.c
	ssl/ssl_locl.h

Conflicts:
	apps/apps.c
	crypto/crypto.h
	crypto/rand/md_rand.c
	ssl/d1_pkt.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:21 +00:00
Dr. Stephen Henson
3600d5a744 Delete trailing whitespace from output. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:17 +00:00
Dr. Stephen Henson
2b2f5ac045 Add -d debug option to save preprocessed files. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:12 +00:00
Dr. Stephen Henson
7d3081c5ae Test option -nc 
Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:05 +00:00
Matt Caswell
9a5d775320 Add ecp_nistz256.c to list of files skipped by openssl-format-source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:52:00 +00:00
Matt Caswell
e29126f99a Manually reformat aes_x86core.c and add it to the list of files skipped by 
openssl-format-source

Conflicts:
	crypto/aes/aes_x86core.c

Conflicts:
	crypto/aes/aes_x86core.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:54 +00:00
Matt Caswell
175af9de89 Fix indent comment corruption issue 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:49 +00:00
Matt Caswell
53d6e678dc Amend openssl-format-source so that it give more repeatable output 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:43 +00:00
Andy Polyakov
4191a11f36 bn/bn_const.c: make it indent-friendly. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:38 +00:00
Andy Polyakov
f6e4701f2a bn/asm/x86_64-gcc.cL make it indent-friendly. 
Conflicts:
	crypto/bn/asm/x86_64-gcc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:32 +00:00
Andy Polyakov
86183798f3 bn/bn_asm.c: make it indent-friendly. 
Conflicts:
	crypto/bn/bn_asm.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:26 +00:00
Andy Polyakov
b527959318 bn/bn_exp.c: make it indent-friendly. 
Conflicts:
	crypto/bn/bn_exp.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:21 +00:00
Matt Caswell
25ca15e9a3 Manually reformat aes_core.c 
Add aes_core.c to the list of files not processed by openssl-format-source

Conflicts:
	crypto/aes/aes_core.c

Conflicts:
	crypto/aes/aes_core.c

Conflicts:
	crypto/aes/aes_core.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:15 +00:00
Matt Caswell
d1d4b4f398 Add obj_dat.h to the list of files that will not be processed by 
openssl-format-source

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:09 +00:00
Matt Caswell
2a3e745a17 Fix strange formatting by indent 
Conflicts:
	crypto/hmac/hmac.h

Conflicts:
	crypto/evp/e_aes_cbc_hmac_sha256.c

Conflicts:
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ectest.c

Conflicts:
	crypto/asn1/asn1_par.c
	crypto/evp/e_des3.c
	crypto/hmac/hmac.h
	crypto/sparcv9cap.c
	engines/ccgost/gost94_keyx.c
	ssl/t1_enc.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:51:04 +00:00
Matt Caswell
c7c7a432df indent has problems with comments that are on the right hand side of a line. 
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.

Conflicts:
	crypto/bn/bn.h
	crypto/ec/ec_lcl.h
	crypto/rsa/rsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl.h
	ssl/ssl3.h

Conflicts:
	crypto/ec/ec_lcl.h
	ssl/tls1.h

Conflicts:
	crypto/ec/ecp_nistp224.c
	crypto/evp/evp.h
	ssl/d1_both.c
	ssl/ssl.h
	ssl/ssl_lib.c

Conflicts:
	crypto/bio/bss_file.c
	crypto/ec/ec_lcl.h
	crypto/evp/evp.h
	crypto/store/str_mem.c
	crypto/whrlpool/wp_block.c
	crypto/x509/x509_vfy.h
	ssl/ssl.h
	ssl/ssl3.h
	ssl/ssltest.c
	ssl/t1_lib.c
	ssl/tls1.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:57 +00:00
Andy Polyakov
5ba9d5bb3b crypto/mem_dbg.c: make it indent-friendly. 
Conflicts:
	crypto/mem_dbg.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:52 +00:00
Matt Caswell
883a4d55c2 More indent fixes for STACK_OF 
Conflicts:
	ssl/s3_lib.c

Conflicts:
	apps/cms.c
	crypto/x509/x509_lu.c
	crypto/x509/x509_vfy.h
	ssl/s3_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:46 +00:00
Matt Caswell
b4f1dbdc4b Fix indent issue with engine.h 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:41 +00:00
Matt Caswell
5741067dea Fix logic to check for indent.pro 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:37 +00:00
Andy Polyakov
dd7ad2c53d crypto/cryptlib.c: make it indent-friendly. 
Conflicts:
	crypto/cryptlib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:31 +00:00
Andy Polyakov
366b193f89 bn/bntest.c: make it indent-friendly. 
Conflicts:
	crypto/bn/bntest.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:26 +00:00
Andy Polyakov
402eec1ae5 bn/bn_recp.c: make it indent-friendly. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:22 +00:00
Andy Polyakov
44759a0d9e engines/e_ubsec.c: make it indent-friendly. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2015-01-22 09:50:17 +00:00