The SRP user database lookup method SRP_VBASE_get_by_user had confusing
memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no
way of distinguishing these two cases.
Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.
Servers that do not configure SRP, or configure SRP but do not configure
a seed are not vulnerable.
In Apache, the seed directive is known as SSLSRPUnknownUserSeed.
To mitigate the memory leak, the seed handling in SRP_VBASE_get_by_user
is now disabled even if the user has configured a seed.
Applications are advised to migrate to SRP_VBASE_get1_by_user. However,
note that OpenSSL makes no strong guarantees about the
indistinguishability of valid and invalid logins. In particular,
computations are currently not carried out in constant time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Change the default keysize to 2048 bits, and the minimum to 512 bits.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a76265574398944d686d2d0de9bacca162f555ca)
Also fix option processing in pkeyutl to allow use of (formerly)
"out-of-order" switches that were needless implementation limitations.
RT2018
Reviewed-by: Rich Salz <rsalz@openssl.org>
During work on a larger change in master a number of locations were
identified where return value checks were missing. This backports the
relevant fixes.
Reviewed-by: Richard Levitte <levitte@openssl.org>
0 is a valid file descriptor.
RT#4068
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 4428c7dba8f6f407d915c1226f4e0f673e8be241)
If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.
PR#2397
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 03706afa30aeb4407287171a9d6f9a765395d0a2)
add -help descriptions of -curves, -sigalgs, -client_sigalgs
to s_client and s_server
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Also known as RT 4106
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b48357d9953decc43333979ca11ebc1500040f4e)
For librypto to be complete, the stuff in both crypto/ and engines/
have to be built. Doing 'make test' or 'make apps' from a clean
source tree failed to do so.
Corrected by using the new 'build_libcrypto' in the top Makefile.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit acaff3b797f50a0a0e17a0be45b7fafad962004e)
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in. This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.
This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88)
Conflicts:
Makefile.org
apps/Makefile
test/Makefile
RT2943 only complains about the incorrect check of -K argument size,
we might as well do the same thing with the -iv argument.
Before this, we only checked that the given argument wouldn't give a
bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and
check against the size of the actual cipher used.
(cherry picked from commit 8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4)
Reviewed-by: Rich Salz <rsalz@openssl.org>
The various implementations of EVP_CTRL_AEAD_TLS_AAD expect a buffer of at
least 13 bytes long. Add sanity checks to ensure that the length is at
least that. Also add a new constant (EVP_AEAD_TLS1_AAD_LEN) to evp.h to
represent this length. Thanks to Kevin Wojtysiak (Int3 Solutions) and
Paramjot Oberoi (Int3 Solutions) for reporting this issue.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit c8269881093324b881b81472be037055571f73f3)
Conflicts:
ssl/record/ssl3_record.c
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.
Conflicts:
apps/cms.c
apps/ocsp.c
apps/s_client.c
apps/s_server.c
apps/smime.c
apps/verify.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
Some miscellaneous removal of dead code from apps. Also fix an issue with
error handling with pkcs7.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 11abf92259e899f4f7da4a3e80781e84b0fb1a64)
Passing a negative value for the "-time" option to s_time results in a seg
fault. This commit fixes it so that time has to be greater than 0.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit dfef52f6f277327e118fdd0fe34486852c2789b6)
Move memory allocation failure checks closer to the site of the malloc in
dgst app. Only a problem if the debug flag is set...but still should be
fixed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit be1477adc97e76f4b83ed8075589f529069bd5d1)
Add some missing checks for memory allocation failures in ca app.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a561bfe944c0beba73551731cb98af70dfee3549)
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0b142f022e2c5072295e00ebc11c5b707a726d74)
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e)
Conflicts:
crypto/bio/bss_dgram.c
