[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Mar 17 14:04:35 UTC 2015
The branch master has been updated
via e4676e900f165f5272991443225813002300b09b (commit)
via 3475c7a1854977e290ab44deb16551f6d55ad9a7 (commit)
via dfef52f6f277327e118fdd0fe34486852c2789b6 (commit)
via 668f6f08c62177ab5893fc26ebb67053aafdffc8 (commit)
via 7132ac830fa08d9a936e011d7c541b0c52115b33 (commit)
via be1477adc97e76f4b83ed8075589f529069bd5d1 (commit)
via a561bfe944c0beba73551731cb98af70dfee3549 (commit)
from e3c159648d19e0396b23dba02b85be2bf12ce24c (commit)
- Log -----------------------------------------------------------------
commit e4676e900f165f5272991443225813002300b09b
Author: Matt Caswell <matt at openssl.org>
Date: Fri Mar 13 12:48:57 2015 +0000
Fix probable_prime over large shift
In the probable_prime() function we behave slightly different if the number
of bits we are interested in is <= BN_BITS2 (the num of bits in a BN_ULONG).
As part of the calculation we work out a size_limit as follows:
size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
There is a problem though if bits == BN_BITS2. Shifting by that much causes
undefined behaviour. I did some tests. On my system BN_BITS2 == 64. So I
set bits to 64 and calculated the result of:
(((BN_ULONG)1) << bits)
I was expecting to get the result 0. I actually got 1! Strangely this...
(((BN_ULONG)0) << BN_BITS2)
...does equal 0! This means that, on my system at least, size_limit will be
off by 1 when bits == BN_BITS2.
This commit fixes the behaviour so that we always get consistent results.
Reviewed-by: Andy Polyakov <appro at openssl.org>
commit 3475c7a1854977e290ab44deb16551f6d55ad9a7
Author: Matt Caswell <matt at openssl.org>
Date: Thu Mar 12 15:59:07 2015 +0000
Fix unintended sign extension
The function CRYPTO_128_unwrap_pad uses an 8 byte AIV (Alternative Initial
Value). The least significant 4 bytes of this is placed into the local
variable |ptext_len|. This is done as follows:
ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7];
aiv[4] is an unsigned char, but (aiv[4] << 24) is promoted to a *signed*
int - therefore we could end up shifting into the sign bit and end up with
a negative value. |ptext_len| is a size_t (typically 64-bits). If the
result of the shifts is negative then the upper bits of |ptext_len| will
all be 1.
This commit fixes the issue by explicitly casting to an unsigned int.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit dfef52f6f277327e118fdd0fe34486852c2789b6
Author: Matt Caswell <matt at openssl.org>
Date: Thu Mar 12 16:42:55 2015 +0000
Fix seg fault in s_time
Passing a negative value for the "-time" option to s_time results in a seg
fault. This commit fixes it so that time has to be greater than 0.
Reviewed-by: Andy Polyakov <appro at openssl.org>
commit 668f6f08c62177ab5893fc26ebb67053aafdffc8
Author: Matt Caswell <matt at openssl.org>
Date: Thu Mar 12 14:37:26 2015 +0000
Add sanity check to PRF
The function tls1_PRF counts the number of digests in use and partitions
security evenly between them. There always needs to be at least one digest
in use, otherwise this is an internal error. Add a sanity check for this.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 7132ac830fa08d9a936e011d7c541b0c52115b33
Author: Matt Caswell <matt at openssl.org>
Date: Thu Mar 12 12:54:44 2015 +0000
Fix memset call in stack.c
The function sk_zero is supposed to zero the elements held within a stack.
It uses memset to do this. However it calculates the size of each element
as being sizeof(char **) instead of sizeof(char *). This probably doesn't
make much practical difference in most cases, but isn't a portable
assumption.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit be1477adc97e76f4b83ed8075589f529069bd5d1
Author: Matt Caswell <matt at openssl.org>
Date: Thu Mar 12 11:25:03 2015 +0000
Move malloc fail checks closer to malloc
Move memory allocation failure checks closer to the site of the malloc in
dgst app. Only a problem if the debug flag is set...but still should be
fixed.
Reviewed-by: Tim Hudson <tjh at openssl.org>
commit a561bfe944c0beba73551731cb98af70dfee3549
Author: Matt Caswell <matt at openssl.org>
Date: Thu Mar 12 11:10:47 2015 +0000
Add malloc failure checks
Add some missing checks for memory allocation failures in ca app.
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/ca.c | 13 +++++++++++++
apps/dgst.c | 10 +++++-----
apps/s_time.c | 7 ++++++-
crypto/bn/bn_prime.c | 12 +++++++++++-
crypto/modes/wrap128.c | 5 ++++-
crypto/stack/stack.c | 2 +-
ssl/t1_enc.c | 5 +++++
7 files changed, 45 insertions(+), 9 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 814162d..9ef0ce3 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2809,6 +2809,11 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
ASN1_GENERALIZEDTIME *comp_time = NULL;
tmp = BUF_strdup(str);
+ if(!tmp) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
+
p = strchr(tmp, ',');
rtime_str = tmp;
@@ -2826,6 +2831,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
if (prevtm) {
*prevtm = ASN1_UTCTIME_new();
+ if(!*prevtm) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
goto err;
@@ -2866,6 +2875,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
goto err;
}
comp_time = ASN1_GENERALIZEDTIME_new();
+ if(!comp_time) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto err;
+ }
if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
goto err;
diff --git a/apps/dgst.c b/apps/dgst.c
index 47c2f69..95e5fa3 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -293,6 +293,11 @@ int MAIN(int argc, char **argv)
in = BIO_new(BIO_s_file());
bmd = BIO_new(BIO_f_md());
+ if ((in == NULL) || (bmd == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
if (debug) {
BIO_set_callback(in, BIO_debug_callback);
/* needed for windows 3.1 */
@@ -304,11 +309,6 @@ int MAIN(int argc, char **argv)
goto end;
}
- if ((in == NULL) || (bmd == NULL)) {
- ERR_print_errors(bio_err);
- goto end;
- }
-
if (out_bin == -1) {
if (keyfile)
out_bin = 1;
diff --git a/apps/s_time.c b/apps/s_time.c
index 102ee72..96e39aa 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -283,6 +283,10 @@ static int parseArgs(int argc, char **argv)
if (--argc < 1)
goto bad;
maxTime = atoi(*(++argv));
+ if(maxTime <= 0) {
+ BIO_printf(bio_err, "time must be > 0\n");
+ badop = 1;
+ }
} else {
BIO_printf(bio_err, "unknown option %s\n", *argv);
badop = 1;
@@ -527,7 +531,8 @@ int MAIN(int argc, char **argv)
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
- nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
+ nConn, (long)time(NULL) - finishtime + maxTime,
+ bytes_read / (nConn?nConn:1));
ret = 0;
end:
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index b12295e..2a7822e 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -518,7 +518,17 @@ static int probable_prime(BIGNUM *rnd, int bits)
* additionally don't want to exceed that many bits.
*/
if (is_single_word) {
- BN_ULONG size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
+ BN_ULONG size_limit;
+
+ if (bits == BN_BITS2) {
+ /*
+ * Shifting by this much has undefined behaviour so we do it a
+ * different way
+ */
+ size_limit = ~((BN_ULONG)0) - BN_get_word(rnd);
+ } else {
+ size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1;
+ }
if (size_limit < maxdelta)
maxdelta = size_limit;
}
diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c
index ccb58c5..73718ae 100644
--- a/crypto/modes/wrap128.c
+++ b/crypto/modes/wrap128.c
@@ -350,7 +350,10 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
* LSB(32,AIV).
*/
- ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7];
+ ptext_len = ((unsigned int)aiv[4] << 24)
+ | ((unsigned int)aiv[5] << 16)
+ | ((unsigned int)aiv[6] << 8)
+ | (unsigned int)aiv[7];
if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) {
OPENSSL_cleanse(out, inlen);
return 0;
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index 1b89f55..7d97c2c 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -299,7 +299,7 @@ void sk_zero(_STACK *st)
return;
if (st->num <= 0)
return;
- memset((char *)st->data, 0, sizeof(st->data) * st->num);
+ memset((char *)st->data, 0, sizeof(*st->data) * st->num);
st->num = 0;
}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 1833eb7..26f8415 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -260,6 +260,11 @@ static int tls1_PRF(long digest_mask,
if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask)
count++;
}
+ if(!count) {
+ /* Should never happen */
+ SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
len = slen / count;
if (count == 1)
slen = 0;
More information about the openssl-commits
mailing list