[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 837017b4748d587912d9d218894644d6ca86721f (commit)
from 8255fd0f4f86fa4202962d4b27185c0d96f21d75 (commit)
- Log -
commit 837017b4748d587912d9d218894644d6ca86721f
Author: Pauli
Date: Wed Aug 22 10:04:27 2018 +1000
Zero memory in CRYPTO_secure_malloc.
This commit destroys the free list pointers which would otherwise be
present in the returned memory blocks. This in turn helps prevent
information leakage from the secure memory area.
Note: CRYPTO_secure_malloc is not guaranteed to return zeroed memory:
before the secure memory system is initialised or if it isn't implemented.
[manual merge of #7011]
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/7026)
---
Summary of changes:
crypto/mem_sec.c | 16 +++-
test/secmemtest.c | 44
2 files changed, 55 insertions(+), 5 deletions(-)
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 25cdb47..1ccf68c 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -134,11 +134,12 @@ void *CRYPTO_secure_malloc(size_t num, const char *file,
int line)
void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
-void *ret = CRYPTO_secure_malloc(num, file, line);
-
-if (ret != NULL)
-memset(ret, 0, num);
-return ret;
+#ifdef IMPLEMENTED
+if (secure_mem_initialized)
+/* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
+return CRYPTO_secure_malloc(num, file, line);
+#endif
+return CRYPTO_zalloc(num, file, line);
}
void CRYPTO_secure_free(void *ptr, const char *file, int line)
@@ -574,6 +575,9 @@ static char *sh_malloc(size_t size)
OPENSSL_assert(WITHIN_ARENA(chunk));
+/* zero the free list header as a precaution against information leakage */
+memset(chunk, 0, sizeof(SH_LIST));
+
return chunk;
}
@@ -606,6 +610,8 @@ static void sh_free(char *ptr)
list--;
+/* Zero the higher addressed block's free list pointers */
+memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
if (ptr > buddy)
ptr = buddy;
diff --git a/test/secmemtest.c b/test/secmemtest.c
index 9405f34..6077216 100644
--- a/test/secmemtest.c
+++ b/test/secmemtest.c
@@ -18,6 +18,8 @@ int main(int argc, char **argv)
{
#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
char *p = NULL, *q = NULL, *r = NULL, *s = NULL;
+int i;
+const int size = 64;
s = OPENSSL_secure_malloc(20);
/* s = non-secure 20 */
@@ -128,6 +130,48 @@ int main(int argc, char **argv)
return 1;
}
+if (!CRYPTO_secure_malloc_init(32768, 16)) {
+perror_line();
+return 1;
+}
+
+/*
+ * Verify that secure memory gets zeroed properly.
+ */
+if ((p = OPENSSL_secure_malloc(size)) == NULL) {
+perror_line();
+return 1;
+}
+for (i = 0; i < size; i++)
+if (p[i] != 0) {
+perror_line();
+fprintf(stderr, "iteration %d\n", i);
+return 1;
+}
+
+for (i = 0; i < size; i++)
+p[i] = (unsigned char)(i + ' ' + 1);
+OPENSSL_secure_free(p);
+
+/*
+ * A deliberate use after free here to verify that the memory has been
+ * cleared properly. Since secure free doesn't return the memory to
+ * libc's memory pool, it technically isn't freed. However, the header
+ * bytes have to be skipped and these consist of two pointers in the
+ * current implementation.
+ */
+for (i = sizeof(void *) * 2; i < size; i++)
+if (p[i] != 0) {
+perror_line();
+fprintf(stderr, "iteration %d\n", i);
+return 1;
+}
+
+if (!CRYPTO_secure_malloc_done()) {
+perror_line();
+return 1;
+}
+
/*-
* There was also a possible infinite loop when the number of
* elements was 1<<31, as |int i| was set to that, which is a
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via ea5def1478cd9aef607acac0ce2288cfac53782b (commit)
from 0b1319ba94c85af9e87308e0d573d1260a802f53 (commit)
- Log -
commit ea5def1478cd9aef607acac0ce2288cfac53782b
Author: Matthias Kraft
Date: Fri Jun 15 12:36:03 2018 +0200
Extend dladdr() for AIX, consequence from changes for openssl#6368.
The shared libraries are now stored as members of archives, as it is usual
on AIX. To correctly address this the custom dladdr()-implementation as
well as the dlfcn_load() routine need to be able to cope with such a
construct: libname.a(libname.so).
Signed-off-by: Matthias Kraft
Reviewed-by: Andy Polyakov
Reviewed-by: Matt Caswell
(Merged from https://github.com/openssl/openssl/pull/6872)
---
Summary of changes:
crypto/dso/dso_dlfcn.c | 39 +--
test/shlibloadtest.c | 7 ++-
2 files changed, 35 insertions(+), 11 deletions(-)
diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
index 21bfb3b..ad8899c 100644
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -108,6 +108,10 @@ static int dlfcn_load(DSO *dso)
if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
flags |= RTLD_GLOBAL;
# endif
+# ifdef _AIX
+if (filename[strlen(filename) - 1] == ')')
+flags |= RTLD_MEMBER;
+# endif
ptr = dlopen(filename, flags);
if (ptr == NULL) {
DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
@@ -332,7 +336,7 @@ static int dladdr(void *ptr, Dl_info *dl)
unsigned int found = 0;
struct ld_info *ldinfos, *next_ldi, *this_ldi;
-if ((ldinfos = (struct ld_info *)OPENSSL_malloc(DLFCN_LDINFO_SIZE)) ==
NULL) {
+if ((ldinfos = OPENSSL_malloc(DLFCN_LDINFO_SIZE)) == NULL) {
errno = ENOMEM;
dl->dli_fname = NULL;
return 0;
@@ -359,18 +363,33 @@ static int dladdr(void *ptr, Dl_info *dl)
|| ((addr >= (uintptr_t)this_ldi->ldinfo_dataorg)
&& (addr < ((uintptr_t)this_ldi->ldinfo_dataorg +
this_ldi->ldinfo_datasize {
+char *buffer, *member;
+size_t buffer_sz, member_len;
+
+buffer_sz = strlen(this_ldi->ldinfo_filename) + 1;
+member = this_ldi->ldinfo_filename + buffer_sz;
+if ((member_len = strlen(member)) > 0)
+buffer_sz += 1 + member_len + 1;
found = 1;
-/*
- * Ignoring the possibility of a member name and just returning
- * the path name. See docs: sys/ldr.h, loadquery() and
- * dlopen()/RTLD_MEMBER.
- */
-if ((dl->dli_fname =
- OPENSSL_strdup(this_ldi->ldinfo_filename)) == NULL)
+if ((buffer = OPENSSL_malloc(buffer_sz)) != NULL) {
+OPENSSL_strlcpy(buffer, this_ldi->ldinfo_filename, buffer_sz);
+if (member_len > 0) {
+/*
+ * Need to respect a possible member name and not just
+ * returning the path name in this case. See docs:
+ * sys/ldr.h, loadquery() and dlopen()/RTLD_MEMBER.
+ */
+OPENSSL_strlcat(buffer, "(", buffer_sz);
+OPENSSL_strlcat(buffer, member, buffer_sz);
+OPENSSL_strlcat(buffer, ")", buffer_sz);
+}
+dl->dli_fname = buffer;
+} else {
errno = ENOMEM;
+}
} else {
-next_ldi =
-(struct ld_info *)((uintptr_t)this_ldi +
this_ldi->ldinfo_next);
+next_ldi = (struct ld_info *)((uintptr_t)this_ldi +
+ this_ldi->ldinfo_next);
}
} while (this_ldi->ldinfo_next && !found);
OPENSSL_free((void *)ldinfos);
diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c
index aad90e6..53714aa 100644
--- a/test/shlibloadtest.c
+++ b/test/shlibloadtest.c
@@ -48,7 +48,12 @@ typedef void *SHLIB_SYM;
static int shlib_load(const char *filename, SHLIB *lib)
{
-*lib = dlopen(filename, RTLD_GLOBAL | RTLD_LAZY);
+int dl_flags = (RTLD_GLOBAL|RTLD_LAZY);
+#ifdef _AIX
+if (filename[strlen(filename) - 1] == ')')
+dl_flags |= RTLD_MEMBER;
+#endif
+*lib = dlopen(filename, dl_flags);
return *lib == NULL ? 0 : 1;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 8255fd0f4f86fa4202962d4b27185c0d96f21d75 (commit)
from b2a73156186ec436f584a565e6d4a98b75734286 (commit)
- Log -
commit 8255fd0f4f86fa4202962d4b27185c0d96f21d75
Author: Andy Polyakov
Date: Thu Aug 16 09:26:12 2018 +0200
crypto/init.c: improve destructor_key's portability.
It was assumed that CRYPTO_THREAD_LOCAL is universally scalar type,
which doesn't appear to hold true.
Reviewed-by: Kurt Roeckx
(Merged from https://github.com/openssl/openssl/pull/6976)
(cherry picked from commit 0b1319ba94c85af9e87308e0d573d1260a802f53)
---
Summary of changes:
crypto/init.c | 19 +++
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/crypto/init.c b/crypto/init.c
index 00a9179..2ad946c 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -41,7 +41,10 @@ static int stopped = 0;
* key value and pull NULL past initialization in the first thread that
* intends to use libcrypto.
*/
-static CRYPTO_THREAD_LOCAL destructor_key = (CRYPTO_THREAD_LOCAL)-1;
+static union {
+long sane;
+CRYPTO_THREAD_LOCAL value;
+} destructor_key = { -1 };
static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
@@ -53,17 +56,17 @@ static void ossl_init_thread_destructor(void *local)
static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
{
struct thread_local_inits_st *local =
-CRYPTO_THREAD_get_local(_key);
+CRYPTO_THREAD_get_local(_key.value);
if (alloc) {
if (local == NULL
&& (local = OPENSSL_zalloc(sizeof(*local))) != NULL
-&& !CRYPTO_THREAD_set_local(_key, local)) {
+&& !CRYPTO_THREAD_set_local(_key.value, local)) {
OPENSSL_free(local);
return NULL;
}
} else {
-CRYPTO_THREAD_set_local(_key, NULL);
+CRYPTO_THREAD_set_local(_key.value, NULL);
}
return local;
@@ -97,7 +100,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
#endif
OPENSSL_cpuid_setup();
-destructor_key = key;
+destructor_key.value = key;
base_inited = 1;
return 1;
@@ -396,7 +399,7 @@ static void ossl_init_thread_stop(struct
thread_local_inits_st *locals)
void OPENSSL_thread_stop(void)
{
-if (destructor_key != (CRYPTO_THREAD_LOCAL)-1)
+if (destructor_key.sane != -1)
ossl_init_thread_stop(ossl_init_get_thread_local(0));
}
@@ -493,8 +496,8 @@ void OPENSSL_cleanup(void)
err_free_strings_int();
}
-key = destructor_key;
-destructor_key = (CRYPTO_THREAD_LOCAL)-1;
+key = destructor_key.value;
+destructor_key.sane = -1;
CRYPTO_THREAD_cleanup_local();
#ifdef OPENSSL_INIT_DEBUG
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 0b1319ba94c85af9e87308e0d573d1260a802f53 (commit)
from 2d162ea93f6512909454ee10597b63206862a056 (commit)
- Log -
commit 0b1319ba94c85af9e87308e0d573d1260a802f53
Author: Andy Polyakov
Date: Thu Aug 16 09:26:12 2018 +0200
crypto/init.c: improve destructor_key's portability.
It was assumed that CRYPTO_THREAD_LOCAL is universally scalar type,
which doesn't appear to hold true.
Reviewed-by: Kurt Roeckx
(Merged from https://github.com/openssl/openssl/pull/6976)
---
Summary of changes:
crypto/init.c | 19 +++
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/crypto/init.c b/crypto/init.c
index 7b69927..209d1a4 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -44,7 +44,10 @@ static int stopped = 0;
* key value and pull NULL past initialization in the first thread that
* intends to use libcrypto.
*/
-static CRYPTO_THREAD_LOCAL destructor_key = (CRYPTO_THREAD_LOCAL)-1;
+static union {
+long sane;
+CRYPTO_THREAD_LOCAL value;
+} destructor_key = { -1 };
static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
@@ -56,17 +59,17 @@ static void ossl_init_thread_destructor(void *local)
static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
{
struct thread_local_inits_st *local =
-CRYPTO_THREAD_get_local(_key);
+CRYPTO_THREAD_get_local(_key.value);
if (alloc) {
if (local == NULL
&& (local = OPENSSL_zalloc(sizeof(*local))) != NULL
-&& !CRYPTO_THREAD_set_local(_key, local)) {
+&& !CRYPTO_THREAD_set_local(_key.value, local)) {
OPENSSL_free(local);
return NULL;
}
} else {
-CRYPTO_THREAD_set_local(_key, NULL);
+CRYPTO_THREAD_set_local(_key.value, NULL);
}
return local;
@@ -103,7 +106,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
#endif
OPENSSL_cpuid_setup();
-destructor_key = key;
+destructor_key.value = key;
base_inited = 1;
return 1;
@@ -409,7 +412,7 @@ static void ossl_init_thread_stop(struct
thread_local_inits_st *locals)
void OPENSSL_thread_stop(void)
{
-if (destructor_key != (CRYPTO_THREAD_LOCAL)-1)
+if (destructor_key.sane != -1)
ossl_init_thread_stop(ossl_init_get_thread_local(0));
}
@@ -515,8 +518,8 @@ void OPENSSL_cleanup(void)
err_free_strings_int();
}
-key = destructor_key;
-destructor_key = (CRYPTO_THREAD_LOCAL)-1;
+key = destructor_key.value;
+destructor_key.sane = -1;
CRYPTO_THREAD_cleanup_local();
#ifdef OPENSSL_INIT_DEBUG
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 2d162ea93f6512909454ee10597b63206862a056 (commit)
via 19934970ac8534cd19eb3f64299e5731d97a7a80 (commit)
from f112dc82a44729d3f7c853c01047f6bfeb8f90ce (commit)
- Log -
commit 2d162ea93f6512909454ee10597b63206862a056
Author: Andy Polyakov
Date: Mon Aug 20 09:38:36 2018 +0200
man3/OBJ_nid2obj.pod: mention failure code for OBJ_create.
Reviewed-by: Kurt Roeckx
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6998)
commit 19934970ac8534cd19eb3f64299e5731d97a7a80
Author: Andy Polyakov
Date: Fri Aug 17 23:04:03 2018 +0200
asn1/asn_moid.c: overhaul do_create.
Original could allocate nid and then bail out on malloc failure. Instead
allocate first *then* attempt to create object.
Reviewed-by: Kurt Roeckx
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/6998)
---
Summary of changes:
crypto/asn1/asn_moid.c | 30 --
doc/man3/OBJ_nid2obj.pod | 3 ++-
2 files changed, 14 insertions(+), 19 deletions(-)
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
index f0b4dab..68a01f3 100644
--- a/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
@@ -60,29 +60,20 @@ void ASN1_add_oid_module(void)
static int do_create(const char *value, const char *name)
{
int nid;
-ASN1_OBJECT *oid;
const char *ln, *ostr, *p;
-char *lntmp;
+char *lntmp = NULL;
+
p = strrchr(value, ',');
-if (!p) {
+if (p == NULL) {
ln = name;
ostr = value;
} else {
-ln = NULL;
+ln = value;
ostr = p + 1;
-if (!*ostr)
+if (*ostr == '\0')
return 0;
while (ossl_isspace(*ostr))
ostr++;
-}
-
-nid = OBJ_create(ostr, name, ln);
-
-if (nid == NID_undef)
-return 0;
-
-if (p) {
-ln = value;
while (ossl_isspace(*ln))
ln++;
p--;
@@ -97,10 +88,13 @@ static int do_create(const char *value, const char *name)
return 0;
}
memcpy(lntmp, ln, p - ln);
-lntmp[p - ln] = 0;
-oid = OBJ_nid2obj(nid);
-oid->ln = lntmp;
+lntmp[p - ln] = '\0';
+ln = lntmp;
}
-return 1;
+nid = OBJ_create(ostr, name, ln);
+
+OPENSSL_free(lntmp);
+
+return nid != NID_undef;
}
diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod
index df4e2e1..cbf889f 100644
--- a/doc/man3/OBJ_nid2obj.pod
+++ b/doc/man3/OBJ_nid2obj.pod
@@ -84,7 +84,8 @@ OBJ_dup() returns a copy of B.
OBJ_create() adds a new object to the internal table. B is the
numerical form of the object, B the short name and B the
-long name. A new NID is returned for the created object.
+long name. A new NID is returned for the created object in case of
+success and NID_undef in case of failure.
OBJ_length() returns the size of the content octets of B.
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via f112dc82a44729d3f7c853c01047f6bfeb8f90ce (commit)
via aabbc24e424382bb44ed6f88a134e50c2ef6d897 (commit)
from 2fe3e2b68272e803a6e35259a49919d57205418b (commit)
- Log -
commit f112dc82a44729d3f7c853c01047f6bfeb8f90ce
Author: Matt Caswell
Date: Thu Aug 9 16:01:20 2018 +0100
Ignore the digest in req app if using EdDSA
This follows on from the previous commit, and makes the same change to
ignore the digest if we are using EdDSA.
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/6901)
commit aabbc24e424382bb44ed6f88a134e50c2ef6d897
Author: Matt Caswell
Date: Thu Aug 9 13:31:20 2018 +0100
Improve the usability of the ca app using EdDSA
Previously you had to supply "null" as the digest to use EdDSA. This changes
things so that any digest is ignored.
Reviewed-by: Viktor Dukhovni
(Merged from https://github.com/openssl/openssl/pull/6901)
---
Summary of changes:
apps/ca.c| 22 +-
apps/req.c | 11 ++-
crypto/ec/ecx_meth.c | 16 +---
doc/man1/ca.pod | 9 +
doc/man1/req.pod | 10 +-
doc/man3/EVP_PKEY_get_default_digest_nid.pod | 3 ++-
6 files changed, 48 insertions(+), 23 deletions(-)
diff --git a/apps/ca.c b/apps/ca.c
index 558809e..48f7cd1 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -255,7 +255,7 @@ int ca_main(int argc, char **argv)
int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0;
int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
-int rand_ser = 0, i, j, selfsign = 0;
+int rand_ser = 0, i, j, selfsign = 0, def_nid, def_ret;
long crldays = 0, crlhours = 0, crlsec = 0, days = 0;
unsigned long chtype = MBSTRING_ASC, certopt = 0;
X509 *x509 = NULL, *x509p = NULL, *x = NULL;
@@ -728,24 +728,28 @@ end_of_options:
}
}
-if (md == NULL && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) ==
NULL)
-goto end;
-
-if (strcmp(md, "null") == 0) {
+def_ret = EVP_PKEY_get_default_digest_nid(pkey, _nid);
+/*
+ * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is
+ * mandatory for this algorithm.
+ */
+if (def_ret == 2 && def_nid == NID_undef) {
+/* The signing algorithm requires there to be no digest */
dgst = EVP_md_null();
+} else if (md == NULL
+ && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) {
+goto end;
} else {
if (strcmp(md, "default") == 0) {
-int def_nid;
-if (EVP_PKEY_get_default_digest_nid(pkey, _nid) <= 0) {
+if (def_ret <= 0) {
BIO_puts(bio_err, "no default digest\n");
goto end;
}
md = (char *)OBJ_nid2sn(def_nid);
}
-if (!opt_md(md, )) {
+if (!opt_md(md, ))
goto end;
-}
}
if (req) {
diff --git a/apps/req.c b/apps/req.c
index 48f3a3a..08a1468e 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1601,10 +1601,19 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
{
EVP_PKEY_CTX *pkctx = NULL;
-int i;
+int i, def_nid;
if (ctx == NULL)
return 0;
+/*
+ * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is mandatory
+ * for this algorithm.
+ */
+if (EVP_PKEY_get_default_digest_nid(pkey, _nid) == 2
+&& def_nid == NID_undef) {
+/* The signing algorithm requires there to be no digest */
+md = NULL;
+}
if (!EVP_DigestSignInit(ctx, , md, NULL, pkey))
return 0;
for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index e75e07b..b76bfdb 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -331,8 +331,18 @@ static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1,
void *arg2)
}
return 0;
+default:
+return -2;
+
+}
+}
+
+static int ecd_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+switch (op) {
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-*(int *)arg2 = NID_sha256;
+/* We currently only support Pure EdDSA which takes no digest */
+*(int *)arg2 = NID_undef;
return 2;
default:
@@ -579,7 +589,7 @@ const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
0, 0,
ecx_free,
-0,
+ecd_ctrl,
NULL,
NULL,
ecd_item_verify,
@@ -621,7 +631,7
[openssl-commits] [openssl] master update
The branch master has been updated via 2fe3e2b68272e803a6e35259a49919d57205418b (commit) via 5627f9f21764af7eac2af2fb8ec867cd65ca8949 (commit) via 3e7cb13dff37795f022a1bedc5951130099a0fc6 (commit) via b5b993b2295be98e23fa8bb570b2c38c5bf8aaf3 (commit) from bc420ebea2c5ad813779ac3395f1c5a1083d49c5 (commit) - Log - commit 2fe3e2b68272e803a6e35259a49919d57205418b Author: Matt Caswell Date: Wed Aug 22 14:10:48 2018 +0100 Fix BoringSSL external test failures We recently turned on the TLSv1.3 downgrade sentinels by default. Unfortunately we are using a very old version of the BoringSSL test runner which uses an old draft implementation of TLSv1.3 that also uses the downgrade sentinels by default. The two implementations do not play well together and were causing spurious test failures. Until such time as we update the BoringSSL test runner we disable the failing tests: SendFallbackSCSV In this test the client is OpenSSL and the server is the boring test runner. The client and server fail to negotiate TLSv1.3 because the test runner is using an old draft TLSv1.3 version. The server does however add the TLSv1.3->TLSv1.2 downgrade sentinel in the ServerHello random. Since we recently turned on checking of the downgrade sentinels on the client side this causes the connection to fail. VersionNegotiationExtension-TLS11 In this test the test runner is the client and OpenSSL is the server. The test modifies the supported_versions extension sent by the client to only include TLSv1.1 (and some other spurious versions), even though the client does actually support TLSv1.2. The server successfully selects TLSv1.1, but adds the TLSv1.3->TLSv1.1 downgrade sentinel. This behaviour was recently switched on by default. The test runner then checks the downgrade sentinel and aborts the connection because it knows that it really supports TLSv1.2. VersionNegotiationExtension-TLS1 VersionNegotiationExtension-SSL3 The same as VersionNegotiationExtension-TLS11 but for TLSv1 and SSLv3. ConflictingVersionNegotiation In this test the client is the test runner, and OpenSSL is the server. The client offers TLSv1.2 in ClientHello.version, but also adds a supported_versions extension that only offers TLSv1.1. The supported_versions extension takes precedence and the server (correctly) selects TLSv1.1. However it also adds the TLSv1.3->TLSv1.1 downgrade sentinel. On the client side it knows it actually offered TLSv1.2 and so the downgrade sentinel check fails. [extended tests] Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/7013) commit 5627f9f21764af7eac2af2fb8ec867cd65ca8949 Author: Matt Caswell Date: Mon Aug 20 18:05:28 2018 +0100 Don't detect a downgrade where the server has a protocol version hole Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/7013) commit 3e7cb13dff37795f022a1bedc5951130099a0fc6 Author: Matt Caswell Date: Mon Aug 20 17:44:58 2018 +0100 Test that a client protocol "hole" doesn't get detected as a downgrade Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/7013) commit b5b993b2295be98e23fa8bb570b2c38c5bf8aaf3 Author: Matt Caswell Date: Mon Aug 20 15:12:39 2018 +0100 Use the same min-max version range on the client consistently We need to ensure that the min-max version range we use when constructing the ClientHello is the same range we use when we validate the version selected by the ServerHello. Otherwise this may appear as a fallback or downgrade. Fixes #6964 Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/7013) --- Summary of changes: ssl/ssl_locl.h| 2 +- ssl/statem/extensions.c | 2 +- ssl/statem/extensions_clnt.c | 2 +- ssl/statem/statem_lib.c | 147 -- ssl/t1_lib.c | 2 +- test/ossl_shim/ossl_config.json | 7 +- test/recipes/70-test_tls13downgrade.t | 19 - 7 files changed, 113 insertions(+), 68 deletions(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 362ae1c..e8819e7 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2384,7 +2384,7 @@ __owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, __owur int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions); __owur int ssl_get_min_max_version(const SSL *s, int *min_version, - int *max_version); +
[openssl-commits] [openssl] master update
The branch master has been updated
via bc420ebea2c5ad813779ac3395f1c5a1083d49c5 (commit)
from a21285b3636a8356f01027416b0cd43b016f58ca (commit)
- Log -
commit bc420ebea2c5ad813779ac3395f1c5a1083d49c5
Author: Dr. Matthias St. Pierre
Date: Tue Aug 21 22:51:28 2018 +0200
rand_lib.c: Don't open random devices while cleaning up.
Fixes #7022
In pull request #6432 a change was made to keep the handles to the
random devices opened in order to avoid reseeding problems for
applications in chroot environments.
As a consequence, the handles of the random devices were leaked at exit
if the random generator was not used by the application. This happened,
because the call to RAND_set_rand_method(NULL) in rand_cleanup_int()
triggered a call to the call_once function do_rand_init, which opened
the random devices via rand_pool_init().
Thanks to GitHub user @bwelling for reporting this issue.
Reviewed-by: Paul Dale
(Merged from https://github.com/openssl/openssl/pull/7023)
---
Summary of changes:
crypto/rand/rand_lib.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 6123d14..e9bc952 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -31,6 +31,8 @@ int rand_fork_count;
static CRYPTO_RWLOCK *rand_nonce_lock;
static int rand_nonce_count;
+static int rand_cleaning_up = 0;
+
#ifdef OPENSSL_RAND_SEED_RDTSC
/*
* IMPORTANT NOTE: It is not currently possible to use this code
@@ -324,7 +326,7 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
if (rand_nonce_lock == NULL)
goto err2;
-if (!rand_pool_init())
+if (!rand_cleaning_up && !rand_pool_init())
goto err3;
return 1;
@@ -346,10 +348,12 @@ void rand_cleanup_int(void)
{
const RAND_METHOD *meth = default_RAND_meth;
+rand_cleaning_up = 1;
+
if (meth != NULL && meth->cleanup != NULL)
meth->cleanup();
-rand_pool_cleanup();
RAND_set_rand_method(NULL);
+rand_pool_cleanup();
#ifndef OPENSSL_NO_ENGINE
CRYPTO_THREAD_lock_free(rand_engine_lock);
rand_engine_lock = NULL;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 6c27271343534942a6fee6fa97302072bde93e67 (commit) from 60246d07484ce72139483e7bbcc52c7b45a3b408 (commit) - Log - commit 6c27271343534942a6fee6fa97302072bde93e67 Author: Richard Levitte Date: Wed Aug 22 13:01:20 2018 +0200 Update the end copyright year Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/72) --- Summary of changes: inc/footer.shtml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/footer.shtml b/inc/footer.shtml index 89f8e84..65be9f1 100644 --- a/inc/footer.shtml +++ b/inc/footer.shtml @@ -4,7 +4,7 @@ Please report problems with this website to webmaster at openssl.org. -Copyright 1999-2017, OpenSSL Software Foundation. +Copyright 1999-2018, OpenSSL Software Foundation. _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via c6ea08836bb97555194afb6fd1a81fd9da29985a (commit) from 3b8e97ab61624f4fbe8bb6a587f4da75cc3d988e (commit) - Log - commit c6ea08836bb97555194afb6fd1a81fd9da29985a Author: Tomas Mraz Date: Tue Aug 14 15:03:16 2018 +0200 Allow TLS-1.3 ciphersuites in @SECLEVEL=3 and above The TLS-1.3 ciphersuites must not be blocked by @SECLEVEL=3 even though they are not explicitly marked as using DH/ECDH. Reviewed-by: Kurt Roeckx Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6959) --- Summary of changes: ssl/ssl_cert.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index df5cff7..e740a8c 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -947,7 +947,8 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, if (level >= 2 && c->algorithm_enc == SSL_RC4) return 0; /* Level 3: forward secure ciphersuites only */ -if (level >= 3 && !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) +if (level >= 3 && (c->min_tls != TLS1_3_VERSION || + !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH return 0; break; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 3b8e97ab61624f4fbe8bb6a587f4da75cc3d988e (commit)
from d41a8319272968596a5daa1870007f2adf1e75ee (commit)
- Log -
commit 3b8e97ab61624f4fbe8bb6a587f4da75cc3d988e
Author: Pauli
Date: Wed Aug 22 09:20:18 2018 +1000
Zero memory in CRYPTO_secure_malloc.
This commit destroys the free list pointers which would otherwise be
present in the returned memory blocks. This in turn helps prevent
information leakage from the secure memory area.
Note: CRYPTO_secure_malloc is not guaranteed to return zeroed memory:
before the secure memory system is initialised or if it isn't implemented.
Reviewed-by: Tim Hudson
Reviewed-by: Matthias St. Pierre
(Merged from https://github.com/openssl/openssl/pull/7011)
---
Summary of changes:
crypto/mem_sec.c | 16 +++-
test/secmemtest.c | 44
2 files changed, 55 insertions(+), 5 deletions(-)
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 959c637..c4190be 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -137,11 +137,12 @@ void *CRYPTO_secure_malloc(size_t num, const char *file,
int line)
void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
-void *ret = CRYPTO_secure_malloc(num, file, line);
-
-if (ret != NULL)
-memset(ret, 0, num);
-return ret;
+#ifdef IMPLEMENTED
+if (secure_mem_initialized)
+/* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
+return CRYPTO_secure_malloc(num, file, line);
+#endif
+return CRYPTO_zalloc(num, file, line);
}
void CRYPTO_secure_free(void *ptr, const char *file, int line)
@@ -588,6 +589,9 @@ static void *sh_malloc(size_t size)
OPENSSL_assert(WITHIN_ARENA(chunk));
+/* zero the free list header as a precaution against information leakage */
+memset(chunk, 0, sizeof(SH_LIST));
+
return chunk;
}
@@ -620,6 +624,8 @@ static void sh_free(void *ptr)
list--;
+/* Zero the higher addressed block's free list pointers */
+memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
if (ptr > buddy)
ptr = buddy;
diff --git a/test/secmemtest.c b/test/secmemtest.c
index 9efa2c8..2795abb 100644
--- a/test/secmemtest.c
+++ b/test/secmemtest.c
@@ -129,8 +129,52 @@ static int test_sec_mem(void)
#endif
}
+static int test_sec_mem_clear(void)
+{
+#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
+const int size = 64;
+unsigned char *p = NULL;
+int i, res = 0;
+
+if (!TEST_true(CRYPTO_secure_malloc_init(4096, 32))
+|| !TEST_ptr(p = OPENSSL_secure_malloc(size)))
+goto err;
+
+for (i = 0; i < size; i++)
+if (!TEST_uchar_eq(p[i], 0))
+goto err;
+
+for (i = 0; i < size; i++)
+p[i] = (unsigned char)(i + ' ' + 1);
+
+OPENSSL_secure_free(p);
+
+/*
+ * A deliberate use after free here to verify that the memory has been
+ * cleared properly. Since secure free doesn't return the memory to
+ * libc's memory pool, it technically isn't freed. However, the header
+ * bytes have to be skipped and these consist of two pointers in the
+ * current implementation.
+ */
+for (i = sizeof(void *) * 2; i < size; i++)
+if (!TEST_uchar_eq(p[i], 0))
+return 0;
+
+res = 1;
+p = NULL;
+
+err:
+OPENSSL_secure_free(p);
+CRYPTO_secure_malloc_done();
+return res;
+#else
+return 1;
+#endif
+}
+
int setup_tests(void)
{
ADD_TEST(test_sec_mem);
+ADD_TEST(test_sec_mem_clear);
return 1;
}
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 60246d07484ce72139483e7bbcc52c7b45a3b408 (commit) from 46b7dc43cbd00b4d6cf275afb544a770a991a2ec (commit) - Log - commit 60246d07484ce72139483e7bbcc52c7b45a3b408 Author: Matt Caswell Date: Tue Aug 21 15:30:13 2018 +0100 Update the support contracts page In accordance with an OMC vote Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/web/pull/71) --- Summary of changes: support/contracts.html | 93 +++--- 1 file changed, 20 insertions(+), 73 deletions(-) diff --git a/support/contracts.html b/support/contracts.html index 0651184..7f35804 100644 --- a/support/contracts.html +++ b/support/contracts.html @@ -15,7 +15,9 @@ OpenSSL Software Services offers three different types of support contract. If you have specific requirements not addressed by any of these plans, - or for more information, discuss custom arrangements. + or for more information, please contact us at + mailto:osf-cont...@openssl.org;>osf-cont...@openssl.org to + discuss custom arrangements. Please see the list of definitions at the bottom of the page for the definitions used below. @@ -25,11 +27,11 @@ Enterprise Level Support Designed for the large enterprise utilising OpenSSL extensively in product lines or critical infrastructure. - Vendor Support + Vendor Support Designed for organisations requiring support of product lines using OpenSSL or for customised in-house versions of OpenSSL. - Basic Support + Basic Support Basic technical support for application development shops or end users. @@ -38,102 +40,47 @@ Premium Level Support US$50,000 annually - All technical support requests handled directly by a Designated Responder - 24x7x365 availability - Four Support Administrators - Unlimited Service Requests - Custom patch preparation and creation - OpenSSL FIPS Object Module support included - FIPS validation support + A custom support contract designed to meet the needs of a specific Enterprise customer + Exact costs will depend on the terms of the agreed support contract - The premium support plan is designed for the large enterprise + The premium support plan is intended for the large enterprise using OpenSSL as an essential component of multiple products or product lines or in support of in-house or commercially provided - services. Many prospective Premium Level customers have already - hired individual OpenSSL team members for specific tasks. The - typical large enterprise customer has a capable in-house technical - staff but still finds it cost-effective to engage the world class - talent of OpenSSL authors and maintainers. Customisation of - OpenSSL by prospective Schedule A customers is common, as are - "private label" FIPS 140-2 validations. - Note we don't expect to sell very many of the premium support - plans, but those few customers will receive careful attention for - both immediate problems and long range strategic interests. + services. The typical large enterprise customer has a capable in-house + technical staff but still finds it cost-effective to engage OpenSSL + authors and maintainers directly. Vendor Level Support - US$20,000 annually + US$25,000 annually - Institutional Response with escalation to Designated Responder as appropriate. - 12x5 availability - Two Support Administrators + Email response Limit of four Service Requests per month - Custom patch preparation - OpenSSL FIPS Object Module support included - FIPS validation support excluded + Patch preparation + Two Support Administrators This plan is designed for the medium enterprise using OpenSSL for a single product or product line. The prospective Vendor Level Support customer has a proficient technical staff but no specific - expertise in cryptography or OpenSSL. Technical support is - provided for use of the unmodified OpenSSL FIPS Object Module, but - not for validations of derivative software. + expertise in cryptography or
