Matt Caswell
f063e30fe9
RT3065: automatically generate a missing EC public key
...
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.
Reviewed-by: Dr Stephen Henson <steve@openssl.org >
2014-08-27 19:49:35 +02:00
Adam Langley
0388ac4c99
RT3065: ec_private_key_dont_crash
...
This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:
-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----
Reviewed-by: Dr Stephen Henson <steve@openssl.org >
2014-08-27 19:49:34 +02:00
Emilia Kasper
bc46db60f1
RT3061: slightly amend patch
...
Add an extra NULL dereference check
Reviewed-by: Viktor Dukhovni <viktor@openssl.org >
2014-08-22 15:23:33 +02:00
Emilia Kasper
da92be4d68
Fix build when BSAES_ASM is defined but VPAES_ASM is not
...
Reviewed-by: Andy Polyakov <appro@openssl.org >
2014-08-21 15:42:57 +02:00
Andy Polyakov
15735e4f0e
bn/asm/rsaz-*.pl: allow spaces in Perl path name.
...
RT: 2835
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-21 00:17:45 +02:00
Andy Polyakov
e608273a80
sha1-mb-x86_64.pl: add commentary.
...
Reviewed-by: Emilia Kasper <emilia@openssl.org >
2014-08-21 00:15:40 +02:00
Laszlo Papp
09ec8c8e89
PR2490: Remove unused local variable bn ecp_nist.c
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-20 16:36:20 -04:00
Andy Polyakov
2893a302a9
crypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings.
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-20 22:18:14 +02:00
Andy Polyakov
55eb14da20
sha1-mb-x86_64.pl: fix typo.
...
Reviewed-by: Emilia Kasper <emilia@openssl.org >
2014-08-20 22:10:20 +02:00
Martin Olsson
1afd7fa97c
RT2513: Fix typo's paramter-->parameter
...
I also found a couple of others (padlock and signinit)
and fixed them.
Reviewed-by: Emilia Kasper <emilia@openssl.org >
2014-08-19 11:09:33 -04:00
Laszlo Papp
8b6e517e33
RT2492: Remove extra NULL check.
2014-08-18 17:41:24 -04:00
Laszlo Papp
ddc29125a1
RT2489: Remove extra "sig" local variable.
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-18 17:36:49 -04:00
Doug Goldstein
448155e9bb
RT2163: Remove some unneeded #include's
...
Several files #include stdio.h and don't need it.
Also, per tjh, remove BN_COUNT
Reviewed-by: Emilia Kasper <emilia@openssl.org >
2014-08-18 12:50:00 -04:00
Justin Blanchard
f756fb430e
RT1815: More const'ness improvements
...
Add a dozen more const declarations where appropriate.
These are from Justin; while adding his patch, I noticed
ASN1_BIT_STRING_check could be fixed, too.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-18 11:49:16 -04:00
Jonas Maebe
9f01a8acb3
process_pci_value: free (*policy)->data before setting to NULL after failed realloc
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-17 18:56:35 +02:00
Jonas Maebe
259ac68aeb
do_ext_i2d: free ext_der or ext_oct on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-17 18:56:24 +02:00
Jonas Maebe
54298141d3
do_othername: check for NULL after allocating objtmp
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-17 18:56:05 +02:00
Jonas Maebe
f6983d0d76
NETSCAPE_SPKI_b64_encode: free der_spki and b64_str on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-17 18:55:12 +02:00
Jonas Maebe
254f1c8019
get_cert_by_subject: check for NULL when allocating hent
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-17 18:55:01 +02:00
Jonas Maebe
fb7fbf28b3
UI_construct_prompt: check for NULL when allocating prompt
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-17 18:54:49 +02:00
Jonas Maebe
ba494ee593
hashbn: check for NULL result when allocating bin and return an error if it fails all (in)direct callers of hashbn: propagate potential error in hashbn
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-17 18:54:39 +02:00
Jonas Maebe
462319c3e9
JPAKE_CTX_new: check for NULL result when allocating ctx
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-17 18:54:11 +02:00
Jonas Maebe
34374c2d2c
old_hmac_encode: check for NULL result when allocating *pder
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-17 18:52:44 +02:00
Jonas Maebe
6f77f82bfc
dev_crypto_md5_copy: return error if allocating to_md->data fails
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-17 18:52:30 +02:00
Jonas Maebe
771e0c6c7a
dev_crypto_md5_update: check result of realloc(md_data->data) and don't leak memory if it fails
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-17 18:52:14 +02:00
Jonas Maebe
d8513b4abd
dev_crypto_cipher: return immediately if allocating cin/cout failed
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-17 18:51:35 +02:00
Jonas Maebe
c84029dbdc
dev_crypto_init_key: return error if allocating CDATA(ctx)->key failed
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-17 18:51:16 +02:00
Rich Salz
c9a81b3026
RT2751: Declare get_issuer_sk() earlier.
...
Add a declaration for get_issuer_sk() so that other
functions in x509_vf.c could use it. (Planned work
around cross-certification chains.)
Reviewed-by: Kurt Roeckx <kurt@openssl.org >
2014-08-15 17:49:03 -04:00
Jonas Maebe
d6f69ae547
cryptodev_digest_copy: return error if allocating dstate->mac_data fails
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-15 22:38:51 +02:00
Jonas Maebe
349e6b2b0a
cryptodev_digest_update: don't leak original state->mac_data if realloc fails
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-15 22:38:36 +02:00
Jonas Maebe
36f7ed5040
cms_SignerInfo_content_sign: free sig on failure path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-15 22:38:19 +02:00
Jonas Maebe
4e64f671c9
rtcp_new: return failure if allocation of bi->ptr failed
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-15 22:38:05 +02:00
Jonas Maebe
1c4b688cb4
multi_split: check for NULL when allocating parts and bpart, and for failure of sk_BIO_push()
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-15 22:37:48 +02:00
Jonas Maebe
bd4acbc70e
BIO_new_dgram_sctp, dgram_sctp_read: zero entire authchunks
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-15 22:37:28 +02:00
Jonas Maebe
8957278869
mime_hdr_addparam: free tmpname, tmpval and mparam on error path, and check whether sk_MIME_PARAM_push succeeds
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-15 22:37:14 +02:00
Jonas Maebe
15297d962c
mime_hdr_new: free mhdr, tmpname, tmpval on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-15 22:36:54 +02:00
Jonas Maebe
c9c63b0180
ASN1_verify, ASN1_item_verify: cleanse and free buf_in on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-15 22:36:34 +02:00
Jonas Maebe
b9b9f853b5
SetBlob: free rgSetBlob on error path
...
Signed-off-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Rich Salz <rsalz@openssl.org >
2014-08-15 22:35:11 +02:00
Istvan Noszticzius
865886553d
Fix use after free bug.
...
Reviewed-by: Stephen Henson <steve@openssl.org >
Reviewed-by: Emilia Käsper <emilia@openssl.org >
2014-08-15 16:50:16 +01:00
Frdric Giudicelli
c753e71e0a
RT783: Minor optimization to ASN1_INTEGER_set
...
Remove local variable and avoid extra assignment.
Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net >
2014-08-15 10:54:43 -04:00
Rob Austein
cf8bac4456
RT2465: Silence some gcc warnings
...
"Another machine, another version of gcc, another batch
of compiler warnings." Add "=NULL" to some local variable
declarations that are set by passing thier address into a
utility function; confuses GCC it might not be set.
Reviewed-by: Emilia Ksper <emilia@silkandcyanide.net >
2014-08-15 10:52:06 -04:00
Hans Wennborg
01e438f288
RT3023: Redundant logical expressions
...
Remove some redundant logical expressions
Reviewed-by: Emilia Kasper <emilia@silkandcyanide.net >
2014-08-15 10:45:00 -04:00
Emilia Kasper
f0ca9ccaef
make depend
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
2014-08-14 15:24:58 +02:00
Bodo Moeller
16602b5cd5
Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
...
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h).
Reviewed-by: emilia@openssl.org
2014-08-13 17:37:19 +02:00
Dr Stephen Henson
b00f586a81
Fix d4a4370050
...
Fully remove old error, per drH
Reviewed-by: rsalz
2014-08-11 17:32:57 -04:00
Scott Schaefer
d4a4370050
RT 2517: Various typo's.
...
Reviewed-by: Emilia Kasper
Many of these were already fixed, this catches the last
few that were missed.
2014-08-11 13:43:31 -04:00
Rich Salz
f642ebc1e2
Undo a90081576c
...
Undo unapproved commit that removed DJGPP and WATT32
2014-08-09 08:02:20 -04:00
Rich Salz
a90081576c
Remove DJGPP (and therefore WATT32) #ifdef's.
...
DJGPP is no longer a supported platform. Remove all #ifdef, etc.,
cases that refer to it. DJGPP also #define'd WATT32, so that
is now removed as well.
2014-08-08 16:54:14 -04:00
Dr. Stephen Henson
4a23b12a03
Fix SRP buffer overrun vulnerability.
...
Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.
Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.
2014-08-06 20:36:41 +01:00
Emilia Kasper
0042fb5fd1
Fix OID handling:
...
- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.
CVE-2014-3508
Reviewed-by: Dr. Stephen Henson <steve@openssl.org >
Reviewed-by: Kurt Roeckx <kurt@openssl.org >
Reviewed-by: Tim Hudson <tjh@openssl.org >
2014-08-06 20:36:41 +01:00