| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
| |
found with smatch, ok tb@
|
| |
|
|
|
| |
BIO_new(BIO_s_mem()) now allocates this pointer, so we need to free it
before assigning to it.
|
| |
|
|
|
|
|
|
|
| |
This is a different way of avoiding the pointer arithmetic on NULL and
avoids test breakage in pyca/cryptography. This is also a gross hack
that penalizes existing callers of BIO_s_mem(), but this is rarely
called in a hot loop and if so that will most likely be a test.
ok kenjiro joshua jsing
|
| |
|
|
| |
This causes a test failure in pyca/cryptography.
|
| |
|
|
|
|
| |
Prompted by a diff by Kenjiro Nakayama
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These constitute the bulk of the remaining global mutable state in
libcrypto. This commit moves most of them into data.rel.ro, leaving
out ERR_str_{functs,libraries,reasons} (which require a slightly
different approach) and SYS_str_reasons which is populated on startup.
The main observation is that if ERR_load_strings() is called with a 0 lib
argument, the ERR_STRING_DATA argument is not actually modified. We could
use this fact to cast away const on the caller side and be done with it.
We can make this cleaner by adding a helper ERR_load_const_strings() which
explicitly avoids the assignment to str->error overriding the error code
already set in the table.
In order for this to work, we need to sprinkle some const in err/err.c.
CMS called ERR_load_strings() with non-0 lib argument, but this didn't
actually modify the error data since it ored in the value already stored
in the table.
Annoyingly, we need to cast const away once, namely in the call to
lh_insert() in int_err_set_item(). Fixing this would require changing
the public API and is going to be tricky since it requires that the
LHASH_DOALL_FN_* types adjust.
ok jsing
|
| |
|
|
| |
feedback and ok tb@
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
No need for an inconsistently named local variable and a ternary operator.
ok jsing
|
| |
|
|
|
|
|
| |
This used to be a dangerous implementation detail of BIO_new() that was
never used outside of libcrypto.
ok jsing
|
| |
|
|
|
|
|
| |
These were disabled and the internals that need to remain were fixed.
Time for this garbage to go.
ok jsing
|
| |
|
|
|
|
|
| |
Unsued printing functionality. If something should need this we can readily
add it back.
ok jsing
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
BIO_set() is a dangerous function that cannot be used safely. Thankfully,
the only consumer is BIO_new(), hence inline the functionality and disable
the BIO_set() function (for complete removal in the near future).
ok tb@
|
| |
|
|
|
|
|
|
| |
Rather than 'a' or 'b', use 'bio' more consistently - there are still some
more complex cases that have been left alone for now. Also use fewer
parentheses.
No change to generated assembly other than line numbers.
|
| |
|
|
|
|
|
|
|
| |
This API returns an int encoding the number of bytes printed. Thus, a dump
of a large enough byte string can make this overflow and rely on undefined
behavior. With an indent of 64, as little as 26 MB is enough to make this
happen.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of heaps of unchecked strlcpy/strlcat/snprintf doing hard to follow
gymnastics, use a byte string, a somewhat comprehensible computation of the
number of bytes to dump per output line and write using checked BIO_printf()
directly to the BIO.
Longer strings will still overflow the terminal width of 80 and even longer
strings will still overflow the return value (undefined behavior). I don't
care much about the former but the latter should be fixed in a later pass.
ok beck
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
apache-httpd uses BIO_dump(), libssl uses BIO_dump_indent(), and the
openssl(1) app uses both. Otherwise this is unused. This is horribly
bad code even by libcrypto standards.
By doing away with the callbacks fixes incorrect error checking for
fwrite() but there is a lot more wrong in here. This can be cleaned
up in a later pass, the only concern here is to be able to remove the
unused variants in the next major bump.
ok beck
|
| |
|
|
| |
OK tb@ jsing@
|
| |
|
|
|
|
|
|
| |
If CRYPTO_dup_ex_data() fails, the new_bio is leaked. If an error occurs
after the first iteration, all members of the new chain except the head
are leaked.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is one of those strange things that should never have made it into
a security-oriented libraries. From BIO_s_bio.3:
.\" The following non-copying I/O functions are intentionally undocumented
.\" because they seem fragile and unused by anything:
It was used in a single place: the gorgeous ssltest. I'm not smart enough
to follow. Also:
/* WARNING: The non-copying interface is largely untested as of yet
* and may contain bugs. */
Oh, really? Into the great bitbucket in the sky you go.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With every bump we can remove a bit more of the ASN.1 BIO and the
streaming interface. At some point enough will be internal so that
we can rewrite it and bring it in a shape where mere mortals can
follow all the twists and turns. This is the next step: BIO_f_asn1(3)
goes away and takes BIO_asn1_{get,set}_{prefix,suffix}() with it,
a bunch of functions helping along in a write-after-free recently.
The getters go away, the setters stay for now.
ok jsing
|
| |
|
|
| |
ok beck jsing millert
|
| |
|
|
|
|
|
|
| |
me aliasing symbols not in the headers I was procesing.
This unbreaks the namespace build so it will pass again
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok beck@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
*) On VMS, stdout may very well lead to a file that is written to
in a record-oriented fashion. That means that every write() will
write a separate record, which will be read separately by the
programs trying to read from it. This can be very confusing.
The solution is to put a BIO filter in the way that will buffer
text until a linefeed is reached, and then write everything a
line at a time, so every record written will be an actual line,
not chunks of lines and not (usually doesn't happen, but I've
seen it once) several lines in one record. BIO_f_linebuffer() is
the answer.
Currently, it's a VMS-only method, because that's where it has
been tested well enough.
[Richard Levitte]
Yeah, no, we don't care about any of this and haven't compiled this file
since forever. Looks like tedu's chainsaw got blunt at some point...
|
| |
|
|
|
|
|
|
|
|
| |
At least SMIME_text() relies on this. Pushing an error on the stack trips
PKCS7 regress in py-cryptography, so indicate nothing was written instead
of throwing an error.
Reported by Alex Gaynor a while back
ok jsing
|
| |
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
jsing@ worries that cycle prevention might increase risk because
software that is not checking return values (and indeed, not checking
is likely common in practice) might silently behave incorrectly
with cycle prevention whereas without, it will likely either crash
right away through infinite recursion or at least hang in an infinite
loop when trying to use the cyclic chain, in both cases making it
likely that the bug will be found and fixed.
Besides, tb@ points out that BIO_set_next(3) ought to behave as
similarly as possible to BIO_push(3), but adding cycle prevention
to BIO_set_next(3) would be even less convincing because that
function does not provide a return value, encouraging users to
expect that it will always succeed. While a safe idiom for checking
the success of BIO_set_next(3) could easily be designed, let's be
realistic: application software would be highly unlikely to pick up
such an idiom.
|
| |
|
|
|
|
| |
and reports failure if a call would result in a cycle.
The algorithm used was originally suggested by jsing@.
Feedback and OK tb@.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and next_bio fields of all BIO objects in all affected chains, no
matter what the arguments are.
In particular, if the second argument (the one to be appended) is
not at the beginning of its chain, properly detach the beginning
of its chain before appending.
We have weak indications that this bug might affect real-world code.
For example, in FreeRDP, file libfreerdp/crypto/tls.c, function
bio_rdp_tls_ctrl(), case BIO_C_SET_SSL, BIO_push(3) is definitely
called with a second argument that is *not* at the beginning of its
chain. Admittedly, that code is hard to fathom, but it does appear
to result in a bogus prev_bio pointer without this patch.
The practical impact of this bug in this and other software remains
unknown; the consequences might possibly escalate up to use-after-free
issues if BIO_pop(3) is afterwards called on corrupted BIO objects.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
invariants of the prev_bio and next_bio fields of all BIO objects
in all involved chains, no matter which arguments this function is
called with.
Both real-world uses of this function (in libssl and freerdp) have
been audited to make sure this makes nothing worse. We believe libssl
behaves correctly before and after the patch (mostly because the second
argument is NULL there), and we believe the code in freerdp behaves
incorrectly before and after the patch, leaving a prev_bio pointer in
place that is becoming bogus, only in a different object before and
after the patch. But after the patch, that bogus pointer is due to a
separate bug in BIO_push(3), which we are planning to fix afterwards.
Joint work with and OK tb@.
|
| |
|
|
|
|
|
|
|
| |
As schwarze points out, you can pop any BIO in a chain, not just the first
one (bonus points for a great name for this API).
The internal doubly linked was used to fix up the BIO chain bio was part
of when you BIO_pop() a bio that wasn't in the first position, which is
explicitly allowed in our documentation and implied by OpenSSL's.
|
| |
|
|
|
|
|
|
|
|
| |
For various historical reasons, there are a number of cases where our
BIO_read() and BIO_write() return slightly different values to what
OpenSSL 3.x does (of course OpenSSL 1.0 differs from OpenSSL 1.1 which
differs from OpenSSL 3.x). Mostly align these - some further work will be
needed.
Issue raised by tb@ who also wrote some test code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
While BIO chains are doubly linked lists, nothing has ever made use of this
fact internally. Even libssl has failed to maintain prev_bio properly in
two places for a long time. When BIO was made opaque, the opportunity to
fix that was missed. Instead, BIO_set_next() now allows breaking the lists
from outside the library, which freerdp has long done.
Problem found by schwarze while trying to document BIO_set_next().
schwarze likes the idea
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Passing an indent value of 67 results in DUMP_WIDTH_LESS_IDENT returning a
value of zero, which is promptly used for division. Likewise, passing a
value larger than 67 results in a negative value being returned.
Prevent this by limiting indent to 64 (which matches OpenSSL's current
behaviour), as well as ensuring that dump_width is > 0.
Should fix oss-fuzz #52464 and #52467.
ok miod@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Various projects use bio_info_cb and BIO_info_cb interchangeably, for
example mupdf and freerdp. This is because this was changed in OpenSSL
commit fce78bd4 (2017), triggered by new warnings in gcc 8.
https://github.com/openssl/openssl/pull/4493
This results in some scary compiler warnings and useless patches in ports.
Nobody seems to be using the old bio_info_cb() version.
ok jsing
|
| |
|
|
|
|
|
|
| |
If the bgets() callback returns <= 0, we currently rely on the user
provided callback to set readbytes, which isn't ideal. This also
matches what's done in BIO_read() and BIO_write().
ok jsing
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
