Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.
Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and
Hanno Böck <hanno@hboeck.de> for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a0eed48d37a4b7beea0c966caf09ad46f4a92a44)
While *pval is usually a pointer in rare circumstances it can be a long
value. One some platforms (e.g. WIN64) where
sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field.
*pval is initialised correctly in the rest of ASN1_item_ex_new so setting it
to NULL is unecessary anyway.
Thanks to Julien Kauffmann for reporting this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f617b4969a9261b9d7d381670aefbe2cf766a2cb)
Conflicts:
crypto/asn1/tasn_new.c
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.
CVE-2015-0286
Reviewed-by: Richard Levitte <levitte@openssl.org>
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a)
Conflicts:
crypto/asn1/x_long.c
Sometimes it fails to format them very well, and sometimes it corrupts them!
This commit moves some particularly problematic ones.
Conflicts:
crypto/bn/bn.h
crypto/ec/ec_lcl.h
crypto/rsa/rsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl.h
ssl/ssl3.h
Conflicts:
crypto/ec/ec_lcl.h
ssl/tls1.h
Conflicts:
crypto/ec/ecp_nistp224.c
crypto/evp/evp.h
ssl/d1_both.c
ssl/ssl.h
ssl/ssl_lib.c
Conflicts:
crypto/bio/bss_file.c
crypto/ec/ec_lcl.h
crypto/evp/evp.h
crypto/store/str_mem.c
crypto/whrlpool/wp_block.c
crypto/x509/x509_vfy.h
ssl/ssl.h
ssl/ssl3.h
ssl/ssltest.c
ssl/t1_lib.c
ssl/tls1.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.
1. Reject signatures with non zero unused bits.
If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.
2. Check certificate algorithm consistency.
Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.
3. Check DSA/ECDSA signatures use DER.
Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.
This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).
CVE-2014-8275
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 208a6012be3077d83df4475f32dd1b1446f3a02e)
Conflicts:
crypto/dsa/dsa_vrf.c
According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit f5e4b6b5b566320a8d774f9475540f7d0e6a704d)
Conflicts:
crypto/asn1/asn1_err.c
- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.
CVE-2014-3508
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
Reported by: Daniel Marschall <daniel-marschall@viathinksoft.de>
Reviewed by: steve
Fix OID routines.
Check on encoding leading zero rejection should start at beginning of
encoding.
Allow for initial digit when testing when to use BIGNUMs which can increase
first value by 2 * 40.
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
Submitted by: steve@openssl.org
Fix to make DHparams_dup() et al work in C++.
For 0.9.8, we just change the macro to avoid making incompatible changes to
the API.
Submitted by: Paolo Ganci <Paolo.Ganci@AdNovum.CH>
Approved by: steve@openssl.org
Don't set fields to NULL when freeing them up in ASN1 code. On some platforms
with sizeof(long) < sizeof(char *) this can cause a crash.
