| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
ok tb
from jcs
This is errata/7.3/004_ssl.patch.sig
|
| | |
|
| | |
|
| |
|
|
| |
Its is fully covered by bn_mod_exp_zero now.
|
| |
|
|
|
| |
This exercises the same corner cases as bn_mod_exp and a few more.
With input from jsing
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
|
|
| |
manpage
with and OK tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
This is essentially the original text with a few tweaks and fixes by me,
removing parts inapplicable to LibreSSL. There are dangling references to
EVP_CIPHER_CTX_copy(3) and EVP_CIPHER_CTX_get_cipher_data(3). This all
isn't great, but it's better than nothing. Probably good enough for these
rarely used functions.
|
| |
|
|
| |
OK tb@
|
| | |
|
| |
|
|
| |
Originally from djm@. OK deraadt@ florian@ bluhm@
|
| |
|
|
|
|
|
|
|
| |
This is required behavior of the EVP_DigestSign() API, but seemingly
almost nothing uses this. Well, turns out ldns does.
Reported by Stephane. Helpful comments by sthen.
ok jsing
|
| |
|
|
|
|
| |
There's some method to this madness.
ok jsing
|
| |
|
|
|
|
|
| |
pull the setting of the ex_arg up, so we can do error
checking.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
At least SMIME_text() relies on this. Pushing an error on the stack trips
PKCS7 regress in py-cryptography, so indicate nothing was written instead
of throwing an error.
Reported by Alex Gaynor a while back
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
A negative input to BN_mod_exp_mont_consttime() is not correctly reduced,
remaining negative (when it should be in the range [0, m)). Fix this by
unconditionally calling BN_nnmod() on the input.
Fixes ossfuzz #55997.
ok tb@
|
| |
|
|
| |
This currently fails.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
BIO_new_NDEF() sets up an ASN.1 BIO to the output chain and then adds even
more BIOs. Since BIO_push(bio, new_tail) returns bio on success, after the
if ((out = BIO_push(asn_bio, out)) != NULL) the 'out' BIO and the 'asn_bio'
are the same. The code then goes on and uses one or the other. This is very
confusing. Simply stop using out once it's appended to asn_bio.
ok jsing
|
| |
|
|
|
|
| |
Add and fix FALLTHROUGH statement. I was confused for way too long since
I hadn't noticed that this case fell through to the next. Also add and
move some empty lines in the cms_cb() to make this resemble KNF more.
|
| |
|
|
|
|
|
|
|
|
|
| |
In case the input is not NUL terminated, the reversed check for length
and terminating NUL results in a one-byte overread. The documentation
says that the input should be a string, but in ASN.1 land you never
know...
Reported by Guido Vranken a while back
ok beck
|
| | |
|
| | |
|
| |
|
|
|
| |
Turn a malloc() into calloc() and check two function calls directly
forever instead of a combined check afterward.
|
| |
|
|
| |
Requested by jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Once the asn_bio is prepended to the out chain, and before the asn1_cb()
has done its thing, asn_bio needs to be popped off again on error. Failing
to do this can cause write after frees or double frees when the out BIO
is used after the function returned.
Based on a very complicated diff by Matt Caswell and Viktor Dukhovni.
This was part of the fixes in OpenSSL 1.1.1t.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
The private key is a random number in [1, q-1], so 1 must be allowed.
Since q is at least an 160-bit prime and 2^159 + 1 is not prime (159
is not a power of 2), the probability that this is hit is < 2^-159,
but a tiny little bit wrong is still wrong.
Found while investigating a report by bluhm
ok jsing
|
| |
|
|
|
|
| |
Issue reported by Graham Percival (@gperciva)
ok tb@
|
| |
|
|
| |
This gets us some minimal test coverage.
|
| |
|
|
|
|
|
|
|
| |
Currently, the use of BN_div_word() can result in -0 - avoid this by
setting negative again, at the end of the computation.
Should fix oss-fuzz 56667.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A sign handling bug was introduced to BN_add_word() in bn_word.c r1.18.
When handling addition to a negative bignum, the BN_sub_word() call can
result in the sign being flipped, which we need to account for. Use the
same code in BN_sub_word() - while not technically needed here it keeps
the code consistent.
Issue discovered by tb@
ok tb@
|
| | |
|
| |
|
|
|
|
|
| |
This also provides some indirect coverage for BN_hex2bn(), BN_bn2hex() and
BN_get_word().
Two of these tests are currently failing and will be fixed shortly.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If something goes wrong before the ASN.1 BIO state machine has passed
both flushing states, asn1_bio_free() forgets to free the ndef_aux
and the ex_arg since the prefix_free() and suffix_free callbacks are
not called.
This can lead to leaks, notably in streaming bios.
Part of https://github.com/openssl/openssl/pull/15999
I have a regress covering this but it is not yet ready to land.
ok beck jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ASN.1 BOOLEANs and ASN.1 NULL are handled specially in the ASN.1 sausage
factory and they are special in that they don't have a->value.ptr set.
Both need to be special cased here since they fail the a->type.ptr != NULL
check.
Apart from fixing an obvious bug in ASN1_TYPE_get(), this fixes another
crash in openssl(1) asn1parse. There is more to do in the vicinity, but
that is more complex and will have to wait for OpenBSD 7.3-current.
with/ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When pointing openssl asn1parse -strparse at DER octets 01 01, it crashes:
$ printf '<\x01\x01>' | openssl asn1parse -inform der -strparse 1
Refuse to parse BOOLEAN types instead, which avoids a crash in hensonian
/* hmm... this is a little evil, but it works */ code.
Found while poking at CMS timestamps to understand one of job's diffs.
with/ok jsing
|
| |
|
|
|
|
|
|
| |
Check the return value of BIO_set_md(). Prompted by OpenSSL's fix for
CVE-2023-0401 (the crash in that bug is an OpenSSL 3-only problem due
to provider design).
ok beck jsing
|
| | |
|
| |
|
|
| |
Thanks to Mark Patruck for reporting.
|
| | |
|
