Commits · e6f2bb66042f329fbb6a4ab810abce7c295b08dc · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

Apr 29, 2016

Fixed scripts order for generate_crypto_objects target · e6f2bb66

Kirill Marinushkin authored Apr 24, 2016



Script obj_dat.pl depends on file obj_mac.h generated by script objects.pl

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

e6f2bb66

crypto/ppccap.c: fix missing declaration warning. · 53385e1f
Andy Polyakov authored Apr 27, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
53385e1f
crypto/ppccap.c: permit build with no-chacha and no-poly1305. · fa79c543
Andy Polyakov authored Apr 27, 2016
```
RT#4508

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
fa79c543

Remove some dead code · 10a57adc

Matt Caswell authored Apr 28, 2016

Commit e1d9f1ab

 left some dead code behind. This removes it.

Reviewed-by: Stephen Henson <steve@openssl.org>

10a57adc

A call to RSA_set0_key had the arguments in the wrong order · b375f081
Matt Caswell authored Apr 28, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b375f081

Client side CKE processing can double free on error · 6f137370

Matt Caswell authored Apr 28, 2016



The tls_client_key_exchange_post_work() frees the pms on error. It also
calls ssl_generate_master_secret() which also free the pms. If an error
occurs after ssl_generate_master_secret() has been called then a double
free can occur.

Reviewed-by: Andy Polyakov <appro@openssl.org>

6f137370

Don't free the BIGNUM passed to BN_mpi2bn · b8f1c116

Matt Caswell authored Apr 28, 2016

Commit 91fb42dd

 fixed a leak but introduced a problem where a parameter
is erroneously freed instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

b8f1c116

Fix a leak in i2b_PVK · 098c1e3d

Matt Caswell authored Apr 28, 2016

Commit 8e588e28

 fixed a leak but introduced a new one.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

098c1e3d

make update · 1f644005
Richard Levitte authored Apr 29, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
1f644005

apps/progs.pl: don't make digests disablable by default · 08590a86

Richard Levitte authored Apr 29, 2016



Some digest algorithms can't be disabled, don't pretend they can.

Reviewed-by: Matt Caswell <matt@openssl.org>

08590a86

Apr 28, 2016

BIO_free should call method->destroy before free'ing member fields · a14a740d

FdaSilvaYY authored Apr 28, 2016



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1007)

a14a740d

Add checks on CRYPTO_new_ex_data return value... · 2bbf0baa

FdaSilvaYY authored Mar 08, 2016


with some adaptation to new multi-threading API.

Once reference, lock, meth and flag fields are setup,
DSA_free/DH_free can be called directly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/996)

2bbf0baa

Add checks on CRYPTO_new_ex_data return value · 25a807bc

FdaSilvaYY authored Feb 13, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/996)

25a807bc

Fix an error code spelling. · 8fdc99cb

FdaSilvaYY authored Apr 04, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)

8fdc99cb

various spelling fixes · 8483a003

FdaSilvaYY authored Mar 10, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)

8483a003

Add getters for X509_STORE and X509_OBJECT members · f0c58c32

Christian Heimes authored Apr 19, 2016



OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl
module requires access to some of the struct members. Three new getters
are added:

int X509_OBJECT_get_type(X509_OBJECT *a);
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);

Signed-off-by: Christian Heimes <cheimes@redhat.com>

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

f0c58c32

make update · d5553b4c

Viktor Dukhovni authored Apr 27, 2016



Recycling an unused slot.

Reviewed-by: Rich Salz <rsalz@openssl.org>

d5553b4c

Implement X509_STORE_CTX_set_current_cert() accessor · c9654873
Viktor Dukhovni authored Apr 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
c9654873

Fix BIO_set_nbio_accept() · 68423b14

Richard Levitte authored Apr 28, 2016



The code that implements this control would work when enabling nbio,
but the disabling code needed fixing.

Reviewed-by: Matt Caswell <matt@openssl.org>

68423b14

Don't leak memory on error path in dane_ctx_enable() · b3bd3d5a

Matt Caswell authored Apr 27, 2016



The function dane_ctx_enable() allocated some memory that it did not
free in an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>

b3bd3d5a

Free an ASN1_OBJECT in an error path · 34b9acbd

Matt Caswell authored Apr 27, 2016



The r2i_certpol() function allocates an ASN1_OBJECT but can fail to free
it in an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>

34b9acbd

Don't leak an ASN1_OCTET_STRING on error in rsa_cms_encrypt · 5e8129f2

Matt Caswell authored Apr 27, 2016



The rsa_cms_encrypt() function allocates an ASN1_OCTET_STRING but can
then fail to free it in an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>

5e8129f2

Free memory on error in PKCS7_dataFinal() · d54ac5c4

Matt Caswell authored Apr 27, 2016



The PKCS7_dataFinal() function allocates a memory buffer but then fails
to free it on an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>

d54ac5c4

Don't leak memory on error in PKCS12_key_gen_uni · 460c5e1d

Matt Caswell authored Apr 27, 2016



The PKCS12_key_gen_uni() had one error path which did not free memory
correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>

460c5e1d

Don't leak memory on error in i2b_PVK · 8e588e28

Matt Caswell authored Apr 27, 2016



The i2b_PVK function leaked a number of different memory allocations on
error paths (and even some non-error paths).

Reviewed-by: Richard Levitte <levitte@openssl.org>

8e588e28

Don't leak memory on error in b2i_rsa · 204cf940

Matt Caswell authored Apr 27, 2016



The b2i_rsa() function uses a number of temporary local variables which
get leaked on an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>

204cf940

Don't leak resource on error in OCSP_url_svcloc_new · a4e584a6

Matt Caswell authored Apr 27, 2016



On error we could leak a ACCESS_DESCRIPTION and an ASN1_IA5STRING. Both
should be freed in the error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>

a4e584a6

Check that we were actually allocated BIGNUMs in dsa_builtin_paramgen2 · f08e8034

Matt Caswell authored Apr 27, 2016



Calls to BN_CTX_get() can fail so we should check that they were
successful.

Reviewed-by: Richard Levitte <levitte@openssl.org>

f08e8034

Don't leak EVP_MD_CTX on error path · 22803581

Matt Caswell authored Apr 27, 2016



The cms_SignerInfo_content_sign() function allocated an EVP_MD_CTX but
then failed to free it on an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>

22803581

Don't leak memory on error in cms_RecipientInfo_pwri_crypt · 29f4c357

Matt Caswell authored Apr 27, 2016



The cms_RecipientInfo_pwri_crypt() allocated an EVP_CIPHER_CTX but then
failed to free it in some error paths. By allocating it a bit later that
can be avoided.

Reviewed-by: Richard Levitte <levitte@openssl.org>

29f4c357

Don't leak memory on error in BN_generate_prime_ex · d71eb667

Matt Caswell authored Apr 27, 2016



In BN_generate_prime_ex() we do some sanity checks first and return
with an error if they fail. We should do that *before* allocating any
resources to avoid a memory leak.

Reviewed-by: Richard Levitte <levitte@openssl.org>

d71eb667

Free a BIGNUM on error in BN_mpi2bn · 91fb42dd

Matt Caswell authored Apr 27, 2016



In the BN_mpi2bn() function, a failure of a call to BN_bin2bn() could
result in the leak of a previously allocated BIGNUM value.

Reviewed-by: Richard Levitte <levitte@openssl.org>

91fb42dd

Don't leak memory on failure to create a mem BIO · b0b6ba2d

Matt Caswell authored Apr 27, 2016



During construction of a mem BIO we allocate some resources. If this
allocation fails we can end up leaking everything we have allocated so
far.

Reviewed-by: Richard Levitte <levitte@openssl.org>

b0b6ba2d

Close the accept socket on error · df0f2759

Matt Caswell authored Apr 27, 2016



When setting an accepted socket for non-blocking, if the operation fails
make sure we close the accepted socket.

Reviewed-by: Richard Levitte <levitte@openssl.org>

df0f2759

Make BIO_sock_error return a proper error code when getsockopt fails · 2bd8c853

Richard Levitte authored Apr 28, 2016



BIO_sock_error() returned 1 when getsockopt() fails when it should
return the error code for that failure.

Additionally, the optlen parameter to getsockopt() has to point at
the size of the area that the optval parameter points at rather than
zero.  Some systems may forgive it being zero, but others don't.

Reviewed-by: Matt Caswell <matt@openssl.org>

2bd8c853

Apr 27, 2016

Reject inappropriate private key encryption ciphers. · d78df5df

Dr. Stephen Henson authored Apr 23, 2016



The traditional private key encryption algorithm doesn't function
properly if the IV length of the cipher is zero. These ciphers
(e.g. ECB mode) are not suitable for private key encryption
anyway.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

d78df5df

Fix set0 reuse test · 4a397f51

Viktor Dukhovni authored Apr 27, 2016



We must test for new object == current object, not !=.

Reviewed-by: Richard Levitte <levitte@openssl.org>

4a397f51

Future proof build_chain() in x509_vfy.c · 69664d6a

Viktor Dukhovni authored Apr 26, 2016



Coverity reports a potential NULL deref when "2 0 0" DANE trust-anchors
from DNS are configured via SSL_dane_tlsa_add() and X509_STORE_CTX_init()
is called with a NULL stack of untrusted certificates.

Since ssl_verify_cert_chain() always provideds a non-NULL stack of
untrusted certs, and no other code path enables DANE, the problem
can only happen in applications that use SSL_CTX_set_cert_verify_callback()
to implement their own wrappers around X509_verify_cert() passing
only the leaf certificate to the latter.

Regardless of the "improbability" of the problem, we do need to
ensure that build_chain() handles this case correctly.

Reviewed-by: Matt Caswell <matt@openssl.org>

69664d6a

Documentation the changed {RSA,DSA,DH}_set0_* functionality change · 4c5e6b2c
Richard Levitte authored Apr 26, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
4c5e6b2c

RSA, DSA, DH: Allow some given input to be NULL on already initialised keys · 1da12e34

Richard Levitte authored Apr 25, 2016



The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised.  Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:

    RSA_get0_key(rsa, NULL, &e, NULL);
    RSA_get0_factors(rsa, &p, &q);
    /* calculate new d */
    RSA_set0_key(rsa, NULL, NULL, d);

Reviewed-by: Matt Caswell <matt@openssl.org>

1da12e34