openssl

History

Matt Caswell aae41f8c54 Reject calls to X509_verify_cert that have not been reinitialised

The function X509_verify_cert checks the value of |ctx->chain| at the
beginning, and if it is NULL then it initialises it, along with the value
of ctx->untrusted. The normal way to use X509_verify_cert() is to first
call X509_STORE_CTX_init(); then set up various parameters etc; then call
X509_verify_cert(); then check the results; and finally call
X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets
|ctx->chain| to NULL. The only place in the OpenSSL codebase  where
|ctx->chain| is set to anything other than a non NULL value is in
X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be
non NULL on entry to X509_verify_cert is if one of the following occurs:
1) An application calls X509_verify_cert() twice without re-initialising
in between.
2) An application reaches inside the X509_STORE_CTX structure and changes
the value of |ctx->chain| directly.

With regards to the second of these, we should discount this - it should
not be supported to allow this.

With regards to the first of these, the documentation is not exactly
crystal clear, but the implication is that you must call
X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail
to do this then, at best, the results would be undefined.

Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is
likely to have unexpected results, and could be dangerous. This commit
changes the behaviour of X509_verify_cert() so that it causes an error if
|ctx->chain| is anything other than NULL (because this indicates that we
have not been initialised properly). It also clarifies the associated
documentation. This is a follow up commit to CVE-2015-1793.

Reviewed-by: Stephen Henson <steve@openssl.org>

2015-07-07 21:57:11 +01:00

ASN1_generate_nconf.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

ASN1_INTEGER_get_int64.pod

Add functions to convert between uint64_t and ASN1_INTEGER.

2015-05-20 15:04:19 +01:00

ASN1_OBJECT_new.pod

free NULL cleanup

2015-03-24 07:52:24 -04:00

ASN1_STRING_length.pod

ASN1_TYPE documentation.

2015-03-26 21:59:17 +00:00

ASN1_STRING_new.pod

free NULL cleanup

2015-03-24 07:52:24 -04:00

ASN1_STRING_print_ex.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

ASN1_TIME_set.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

ASN1_TYPE_get.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

BIO_ctrl.pod

Clarify the BIO_seek() mess and related issues.

2000-09-18 23:05:33 +00:00

BIO_f_base64.pod

Close a whole bunch of documentation-related tickets:

2014-07-02 22:42:40 -04:00

BIO_f_buffer.pod

Some cleanup of L<> markup in pod files

2015-01-06 12:16:24 -05:00

BIO_f_cipher.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

BIO_f_md.pod

Change version from 0.9.9 to 1.0.0 in docs

2009-09-30 23:43:01 +00:00

BIO_f_null.pod

Remove indentation in the NAME section. There's really no need to

2000-09-14 12:14:41 +00:00

BIO_f_ssl.pod

Version negotiation rewrite doc updates

2015-05-16 09:20:44 +01:00

BIO_find_type.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

BIO_new_CMS.pod

Change version from 0.9.9 to 1.0.0 in docs

2009-09-30 23:43:01 +00:00

BIO_new.pod

free NULL cleanup

2015-03-25 11:31:18 -04:00

BIO_push.pod

Typo.

2014-06-29 13:38:55 +01:00

BIO_read.pod

ispell and some other nit-picking

2000-09-16 15:39:28 +00:00

BIO_s_accept.pod

RT2379: Additional typo fix

2014-08-30 09:55:56 -04:00

BIO_s_bio.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

BIO_s_connect.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

BIO_s_fd.pod

Restore the descriptions to conform with the rest of the

2000-09-17 19:20:17 +00:00

BIO_s_file.pod

bss_file.c: refine UTF-8 logic on Windows.

2010-04-28 20:02:28 +00:00

BIO_s_mem.pod

More secure storage of key material.

2015-06-23 17:09:35 -04:00

BIO_s_null.pod

Remove indentation in the NAME section. There's really no need to

2000-09-14 12:14:41 +00:00

BIO_s_socket.pod

give pseudo prototypes instead of macro definitions for better clarity

2000-10-19 22:02:21 +00:00

BIO_set_callback.pod

fix documentation

2006-12-06 09:10:59 +00:00

BIO_should_retry.pod

PR: 2209

2010-04-06 14:45:18 +00:00

bio.pod

More secure storage of key material.

2015-06-23 17:09:35 -04:00

blowfish.pod

RT1665,2300: Crypto doc cleanups

2014-08-28 18:55:50 -04:00

BN_add_word.pod

fix BN_mod_word and give a more reasonable return value if an error occurred

2005-07-25 22:57:54 +00:00

BN_add.pod

It makes more sense to refer to specific function manuals than the concept

2002-09-25 13:11:12 +00:00

BN_BLINDING_new.pod

free NULL cleanup 7

2015-04-30 21:37:06 -04:00

BN_bn2bin.pod

It makes more sense to refer to specific function manuals than the concept

2002-09-25 13:33:28 +00:00

BN_cmp.pod

Update all links so they will be rendered better.

2000-01-27 01:25:31 +00:00

BN_copy.pod

It makes more sense to refer to specific function manuals than the concept

2002-09-25 13:33:28 +00:00

BN_CTX_new.pod

More secure storage of key material.

2015-06-23 17:09:35 -04:00

BN_CTX_start.pod

Add an early reference to BN_CTX_new so that the usage of BN_CTX_start

2000-07-11 20:35:45 +00:00

BN_generate_prime.pod

free NULL cleanup 7

2015-04-30 21:37:06 -04:00

bn_internal.pod

PR: 2078

2009-10-28 13:52:07 +00:00

BN_mod_inverse.pod

It makes more sense to refer to specific function manuals than the concept

2002-09-25 13:33:28 +00:00

BN_mod_mul_montgomery.pod

free NULL cleanup 7

2015-04-30 21:37:06 -04:00

BN_mod_mul_reciprocal.pod

free NULL cleanup 7

2015-04-30 21:37:06 -04:00

BN_new.pod

free NULL cleanup 7

2015-04-30 21:37:06 -04:00

BN_num_bytes.pod

Explain a little better what BN_num_bits() and BN_num_bits_word() do.

2004-07-01 12:33:39 +00:00

BN_rand.pod

Fix off-by-one in BN_rand

2015-05-22 23:40:38 +01:00

BN_set_bit.pod

Reject negative shifts for BN_rshift and BN_lshift

2015-05-22 23:15:02 +01:00

BN_swap.pod

Add bn_mod.c (should have happend in the previous commit ...).

2000-11-26 16:46:57 +00:00

BN_zero.pod

Add history for documented new functions.

2002-07-18 18:54:46 +00:00

bn.pod

More secure storage of key material.

2015-06-23 17:09:35 -04:00

buffer.pod

More secure storage of key material.

2015-06-23 17:09:35 -04:00

CMS_add0_cert.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

CMS_add1_recipient_cert.pod

Reformat, fix typos and clarify CMS API docs.

2008-04-10 23:28:25 +00:00

CMS_add1_signer.pod

Use correct function name: CMS_add1_signer()

2014-09-25 00:03:27 +01:00

CMS_compress.pod

Change version from 0.9.9 to 1.0.0 in docs

2009-09-30 23:43:01 +00:00

CMS_decrypt.pod

Clarify CMS_decrypt behaviour.

2014-04-15 18:17:12 +01:00

CMS_encrypt.pod

Change version from 0.9.9 to 1.0.0 in docs

2009-09-30 23:43:01 +00:00

CMS_final.pod

Reformat, fix typos and clarify CMS API docs.

2008-04-10 23:28:25 +00:00

CMS_get0_RecipientInfos.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

CMS_get0_SignerInfos.pod

Add CMS_SignerInfo_get0_signature function.

2013-11-09 15:09:23 +00:00

CMS_get0_type.pod

Additional CMS documentation.

2015-03-08 16:18:21 +00:00

CMS_get1_ReceiptRequest.pod

Reformat, fix typos and clarify CMS API docs.

2008-04-10 23:28:25 +00:00

CMS_sign_receipt.pod

Reformat, fix typos and clarify CMS API docs.

2008-04-10 23:28:25 +00:00

CMS_sign.pod

Change version from 0.9.9 to 1.0.0 in docs

2009-09-30 23:43:01 +00:00

CMS_uncompress.pod

Revert argument swap change... oops CMS_uncompress() was consistent...

2008-04-11 23:23:18 +00:00

CMS_verify_receipt.pod

Reformat, fix typos and clarify CMS API docs.

2008-04-10 23:28:25 +00:00

CMS_verify.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

CONF_modules_free.pod

Corrected POD syntax errors. PR#3353

2014-05-14 21:07:51 +01:00

CONF_modules_load_file.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

CRYPTO_secure_malloc.pod

More secure storage of key material.

2015-06-23 17:09:35 -04:00

CRYPTO_set_ex_data.pod

Add includes in synopsis.

2006-05-14 11:28:00 +00:00

crypto.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

d2i_ASN1_OBJECT.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

d2i_CMS_ContentInfo.pod

Additional CMS documentation.

2015-03-08 16:18:21 +00:00

d2i_DHparams.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

d2i_DSAPublicKey.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

d2i_ECPKParameters.pod

Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using

2015-02-25 20:46:51 +00:00

d2i_ECPrivateKey.pod

Fix some minor documentation issues

2015-02-25 17:13:34 +00:00

d2i_PKCS8PrivateKey.pod

More d2i/i2d manual pages.

2002-10-07 13:07:00 +00:00

d2i_RSAPublicKey.pod

Changes from 1.0.0-stable.

2009-04-07 16:33:26 +00:00

d2i_X509_ALGOR.pod

Additional X509_ALGOR documentation

2015-05-12 02:09:49 +01:00

d2i_X509_CRL.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

d2i_X509_NAME.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

d2i_X509_REQ.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

d2i_X509_SIG.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

d2i_X509.pod

Fix some minor documentation issues

2015-02-25 17:13:34 +00:00

des_modes.pod

small cosmetics: align title with the other similar manual page

2007-02-27 07:41:54 +00:00

des.pod

old_des fix windows build, remove docs

2015-02-02 22:40:36 -05:00

DH_generate_key.pod

It makes more sense to refer to specific function manuals than the concept

2002-09-25 13:33:28 +00:00

DH_generate_parameters.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

DH_get_ex_new_index.pod

Typos in links between manual pages

2002-07-10 19:35:54 +00:00

DH_new.pod

free NULL cleanup

2015-03-24 23:17:16 -04:00

DH_set_method.pod

Typos in man pages: dependant->dependent

2007-11-19 09:18:03 +00:00

DH_size.pod

Properly check certificate in case of export ciphers.

2015-06-09 00:46:59 +02:00

dh.pod

Properly check certificate in case of export ciphers.

2015-06-09 00:46:59 +02:00

DSA_do_sign.pod

It makes more sense to refer to specific function manuals than the concept

2002-09-25 13:33:28 +00:00

DSA_dup_DH.pod

It makes more sense to refer to specific function manuals than the concept

2002-09-25 13:33:28 +00:00

DSA_generate_key.pod

It makes more sense to refer to specific function manuals than the concept

2002-09-25 13:33:28 +00:00

DSA_generate_parameters.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

DSA_get_ex_new_index.pod

Typo.

2009-10-17 17:06:19 +00:00

DSA_new.pod

free NULL cleanup

2015-03-24 23:17:16 -04:00

DSA_set_method.pod

Typos in man pages: dependant->dependent

2007-11-19 09:18:03 +00:00

DSA_SIG_new.pod

It makes more sense to refer to specific function manuals than the concept

2002-09-25 13:33:28 +00:00

DSA_sign.pod

It makes more sense to refer to specific function manuals than the concept

2002-09-25 13:33:28 +00:00

DSA_size.pod

These are updates/fixes to DH/DSA/RAND docs based on the fixes to the RSA

2002-08-05 16:27:01 +00:00

dsa.pod

These are updates/fixes to DH/DSA/RAND docs based on the fixes to the RSA

2002-08-05 16:27:01 +00:00

EC_GFp_simple_method.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

EC_GROUP_copy.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

EC_GROUP_new.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

EC_KEY_new.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

EC_POINT_add.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

EC_POINT_new.pod

free NULL cleanup.

2015-03-25 18:35:24 -04:00

ec.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

ecdsa.pod

Correct ECDSA example.

2013-08-21 13:43:00 +01:00

engine.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

ERR_clear_error.pod

Document ERR library.

2000-02-01 01:37:00 +00:00

ERR_error_string.pod

PR: 923

2004-11-14 15:11:37 +00:00

ERR_get_error.pod

Fix doc typo.

2014-07-02 03:43:42 +01:00

ERR_GET_LIB.pod

Document ERR library.

2000-02-01 01:37:00 +00:00

ERR_load_crypto_strings.pod

nicer manpages

2000-02-24 11:55:57 +00:00

ERR_load_strings.pod

nicer manpages

2000-02-24 11:55:57 +00:00

ERR_print_errors.pod

Document ERR library.

2000-02-01 01:37:00 +00:00

ERR_put_error.pod

nicer manpages

2000-02-24 11:55:57 +00:00

ERR_remove_state.pod

Document updates from wiki.

2013-06-12 23:42:08 +01:00

ERR_set_mark.pod

Add documentation for ERR_set_mark() and ERR_pop_to_mark().

2003-06-11 20:51:49 +00:00

err.pod

Version negotiation rewrite doc updates

2015-05-16 09:20:44 +01:00

EVP_BytesToKey.pod

Explicitly mention PKCS5_PBKDF2_HMAC in EVP doc.

2015-06-08 20:20:24 -04:00

EVP_DigestInit.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

EVP_DigestSignInit.pod

RT3802: Fixes typos in doc/crypto/

2015-05-03 08:51:23 -04:00

EVP_DigestVerifyInit.pod

Typo fixes to evp documentation.

2014-08-24 21:24:28 +01:00

EVP_EncryptInit.pod

Harmonise use of EVP_CTRL_GET_TAG/EVP_CTRL_SET_TAG/EVP_CTRL_SET_IVLEN

2015-01-28 10:39:01 +00:00

EVP_OpenInit.pod