1. 10 11月, 2015 1 次提交
  2. 05 11月, 2015 1 次提交
  3. 31 10月, 2015 1 次提交
  4. 08 10月, 2015 2 次提交
    • M
      Don't treat a bare OCTETSTRING as DigestInfo in int_rsa_verify · dffe5109
      Matt Caswell 提交于
      The function int_rsa_verify is an internal function used for verifying an
      RSA signature. It takes an argument |dtype| which indicates the digest type
      that was used. Dependant on that digest type the processing of the
      signature data will vary. In particular if |dtype == NID_mdc2| and the
      signature data is a bare OCTETSTRING then it is treated differently to the
      default case where the signature data is treated as a DigestInfo (X509_SIG).
      
      Due to a missing "else" keyword the logic actually correctly processes the
      OCTETSTRING format signature first, and then attempts to continue and
      process it as DigestInfo. This will invariably fail because we already know
      that it is a bare OCTETSTRING.
      
      This failure doesn't actualy make a real difference because it ends up at
      the |err| label regardless and still returns a "success" result. This patch
      just cleans things up to make it look a bit more sane.
      
      RT#4076
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      dffe5109
    • P
      c804d23d
  5. 04 9月, 2015 2 次提交
  6. 03 9月, 2015 1 次提交
  7. 26 8月, 2015 1 次提交
  8. 11 8月, 2015 1 次提交
  9. 24 6月, 2015 1 次提交
  10. 09 6月, 2015 1 次提交
  11. 23 5月, 2015 1 次提交
    • R
      Fix the update target and remove duplicate file updates · 0f539dc1
      Richard Levitte 提交于
      We had updates of certain header files in both Makefile.org and the
      Makefile in the directory the header file lived in.  This is error
      prone and also sometimes generates slightly different results (usually
      just a comment that differs) depending on which way the update was
      done.
      
      This removes the file update targets from the top level Makefile, adds
      an update: target in all Makefiles and has it depend on the depend: or
      local_depend: targets, whichever is appropriate, so we don't get a
      double run through the whole file tree.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      0f539dc1
  12. 14 5月, 2015 4 次提交
  13. 11 5月, 2015 1 次提交
  14. 07 5月, 2015 1 次提交
  15. 06 5月, 2015 1 次提交
  16. 05 5月, 2015 1 次提交
    • R
      Use safer sizeof variant in malloc · b4faea50
      Rich Salz 提交于
      For a local variable:
              TYPE *p;
      Allocations like this are "risky":
              p = OPENSSL_malloc(sizeof(TYPE));
      if the type of p changes, and the malloc call isn't updated, you
      could get memory corruption.  Instead do this:
              p = OPENSSL_malloc(sizeof(*p));
      Also fixed a few memset() calls that I noticed while doing this.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      b4faea50
  17. 02 5月, 2015 1 次提交
    • R
      free NULL cleanup -- coda · 25aaa98a
      Rich Salz 提交于
      After the finale, the "real" final part. :)  Do a recursive grep with
      "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
      an "if NULL" check that can be removed.
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      25aaa98a
  18. 01 5月, 2015 5 次提交
    • R
      free null cleanup finale · b548a1f1
      Rich Salz 提交于
      Don't check for NULL before calling OPENSSL_free
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      b548a1f1
    • R
      free NULL cleanup 7 · 23a1d5e9
      Rich Salz 提交于
      This gets BN_.*free:
          BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
          BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free
      
      Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
      dead code in engines/e_ubsec.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      23a1d5e9
    • M
      Fix buffer overrun in RSA signing · 34166d41
      Matt Caswell 提交于
      The problem occurs in EVP_PKEY_sign() when using RSA with X931 padding.
      It is only triggered if the RSA key size is smaller than the digest length.
      So with SHA512 you can trigger the overflow with anything less than an RSA
      512 bit key. I managed to trigger a 62 byte overflow when using a 16 bit RSA
      key. This wasn't sufficient to cause a crash, although your mileage may
      vary.
      
      In practice RSA keys of this length are never used and X931 padding is very
      rare. Even if someone did use an excessively short RSA key, the chances of
      them combining that with a longer digest and X931 padding is very
      small. For these reasons I do not believe there is a security implication to
      this. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
      Solutions) for reporting this issue.
      Reviewed-by: NAndy Polyakov <appro@openssl.org>
      34166d41
    • R
      free cleanup almost the finale · 4b45c6e5
      Rich Salz 提交于
      Add OPENSSL_clear_free which merges cleanse and free.
      (Names was picked to be similar to BN_clear_free, etc.)
      Removed OPENSSL_freeFunc macro.
      Fixed the small simple ones that are left:
              CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      4b45c6e5
    • R
      free NULL cleanup 5a · 222561fe
      Rich Salz 提交于
      Don't check for NULL before calling a free routine.  This gets X509_.*free:
          x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
          X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
          X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      222561fe
  19. 29 4月, 2015 1 次提交
  20. 01 4月, 2015 2 次提交
  21. 31 3月, 2015 1 次提交
  22. 25 3月, 2015 2 次提交
  23. 24 3月, 2015 4 次提交
  24. 23 3月, 2015 1 次提交
  25. 19 3月, 2015 1 次提交
    • D
      Reject invalid PSS parameters. · 09f06923
      Dr. Stephen Henson 提交于
      Fix a bug where invalid PSS parameters are not rejected resulting in a
      NULL pointer exception. This can be triggered during certificate
      verification so could be a DoS attack against a client or a server
      enabling client authentication.
      
      Thanks to Brian Carpenter for reporting this issues.
      
      CVE-2015-0208
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      09f06923
  26. 12 3月, 2015 1 次提交
    • M
      Fix RSA_X931_derive_ex · 007fd140
      Matt Caswell 提交于
      In the RSA_X931_derive_ex a call to BN_CTX_new is made. This can return
      NULL on error. However the return value is not tested until *after* it is
      derefed! Also at the top of the function a test is made to ensure that
      |rsa| is not NULL. If it is we go to the "err" label. Unfortunately the
      error handling code deref's rsa.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      007fd140