Commit graph

12036 commits

Author SHA1 Message Date
Emilia Kasper
21b538d616 RT2772: accept empty SessionTicket
RFC 5077 section 3.3 says: If the server determines that it does not
want to include a ticket after it has included the SessionTicket
extension in the ServerHello, then it sends a zero-length ticket in the
NewSessionTicket handshake message.

Previously the client would fail upon attempting to allocate a
zero-length buffer. Now, we have the client ignore the empty ticket and
keep the existing session.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-28 16:07:00 +02:00
Dr. Stephen Henson
92ea6fe597 SRP memory leak fix
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-28 14:31:53 +01:00
Rich Salz
920f7cf897 Fix typo in previous merge.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-25 11:44:28 -04:00
Rich Salz
605a54ef1c Change --debug to -d for compat with old releases.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 1d4ddb4e1a)
2015-09-25 11:39:26 -04:00
Emilia Kasper
51ff683c12 Document BUF_strnlen
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 21b0fa9118)
2015-09-22 20:04:36 +02:00
Emilia Kasper
be250ee2d3 BUF_strdup and friends: update docs
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 58e3457a82)
2015-09-22 20:04:32 +02:00
Emilia Kasper
f5afe9ce3f BUF_strndup: tidy
Fix comment, add another overflow check, tidy style

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit de8883e11b)
2015-09-22 20:04:01 +02:00
Alessandro Ghedini
f61216ba9d Make BUF_strndup() read-safe on arbitrary inputs
BUF_strndup was calling strlen through BUF_strlcpy, and ended up reading
past the input if the input was not a C string.

Make it explicitly part of BUF_strndup's contract to never read more
than |siz| input bytes. This augments the standard strndup contract to
be safer.

The commit also adds a check for siz overflow and some brief documentation
for BUF_strndup().

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 110f7b37de)
2015-09-22 20:03:57 +02:00
Rich Salz
c038e6b504 GH398: Add mingw cross-compile, etc.
For all release branches.  It adds travis build support. If you don't
have a config file it uses the default (because we enabled travis for the
project), which uses ruby/rake/rakefiles, and you get confusing "build
still failing" messages.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit db9defdfe3)
2015-09-22 13:46:06 -04:00
David Woodhouse
0ea050e743 RT3479: Add UTF8 support to BIO_read_filename()
If we use BIO_new_file(), on Windows it'll jump through hoops to work
around their unusual charset/Unicode handling. it'll convert a UTF-8
filename to UCS-16LE and attempt to use _wfopen().

If you use BIO_read_filename(), it doesn't do this. Shouldn't it be
consistent?

It would certainly be nice if SSL_use_certificate_chain_file() worked.

Also made BIO_C_SET_FILENAME work (rsalz)

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit ff03599a2f)
2015-09-21 17:31:58 -04:00
Gunnar Kudrjavets
d601b9b50c RT3823: Improve the robustness of event logging
There are a couple of minor fixes here:

1) Handle the case when RegisterEventSource() fails (which it may for
various reasons) and do the work of logging the event only if it succeeds.

2) Handle the case when ReportEvent() fails and do our best in debug builds
to at least attempt somehow indicate that something has gone wrong. The
typical situation would be someone running tools like DbMon, DBWin32,
DebugView or just having the debugger attached. The intent is to make sure
that at least some data will be captured so that we can save hours and days
of debugging time.

3) Minor fix to change the MessageBox() flag to MB_ICONERROR. Though the
value of MB_ICONERROR is the same value as MB_ICONSTOP, the intent is
better conveyed by using MB_ICONERROR.

Testing performed:

1) Clean compilation for debug-VC-WIN32 and VC-WIN32.

2) Good test results (nmake -f ms\ntdll.mak test) for debug-VC-WIN32 and
VC-WIN32.

3) Stepped through relevant changes using WinDBG and exercised the impacted
code paths.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4cd94416a4)
2015-09-21 14:36:26 -04:00
Matt Caswell
b21b330bf1 Fix SRP memory leaks
There were some memory leaks in the creation of an SRP verifier (both on
successful completion and also on some error paths).

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit bf95cde287)
2015-09-21 10:23:25 +01:00
Dr. Stephen Henson
325bb1ac25 Handle SSL_ERROR_WANT_X509_LOOKUP
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f1c412c9e6)
2015-09-20 14:21:18 +01:00
Dr. Stephen Henson
2e3a21e152 Make SRP work with -www
PR#3817

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4e7e623012)
2015-09-20 14:21:17 +01:00
Viktor Dukhovni
8748519f64 Fix indentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 4fe1cbdff8)
2015-09-19 09:09:14 -04:00
Rich Salz
6be18a2219 This undoes GH367 for non-master
Was only approved for master, to avoid compatibility issues on
previous releases.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-18 15:56:23 -04:00
Matt Caswell
197db2143c Make sure OPENSSL_cleanse checks for NULL
In master we have the function OPENSSL_clear_free(x,y), which immediately
returns if x == NULL. In <=1.0.2 this function does not exist so we have to
do:
OPENSSL_cleanse(x, y);
OPENSSL_free(x);

However, previously, OPENSSL_cleanse did not check that if x == NULL, so
the real equivalent check would have to be:
if (x != NULL)
    OPENSSL_cleanse(x, y);
OPENSSL_free(x);

It would be easy to get this wrong during cherry-picking to other branches
and therefore, for safety, it is best to just ensure OPENSSL_cleanse also
checks for NULL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 020d8fc83f)
2015-09-17 22:31:24 +01:00
Emilia Kasper
cb71f17dc7 base64 decode: check for high bit
Previously, the conversion would silently coerce to ASCII. Now, we error
out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b785504a10)
2015-09-17 21:45:06 +02:00
Emilia Kasper
37faf11796 RT3757: base64 encoding bugs
Rewrite EVP_DecodeUpdate.

In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.

Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.

In addition, this appears to fix a possible two-byte oob read.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 3cdd1e94b1)
2015-09-17 20:12:34 +02:00
Kurt Roeckx
0711826ae9 Fix return values when adding serverinfo fails.
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR #1128

(cherry picked from commit fae11ec714)
2015-09-16 21:03:45 +02:00
Ivo Raisr
929f6d6f55 Make no-psk compile without warnings.
PR#4035

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-16 18:09:00 +01:00
Rich Salz
beb841c5d1 RT4044: Remove .cvsignore files.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 83fcd322f7)
2015-09-15 12:02:17 -04:00
Rich Salz
3be39dc1e3 RT4044: Remove .cvsignore files.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-15 11:58:27 -04:00
Kurt Roeckx
728bcd59d3 d2i: don't update input pointer on failure
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
MR #1005
(cherry picked from commit a46c9789ce)
2015-09-15 00:07:54 +02:00
Dr. Stephen Henson
5116aeeacb Constify ECDSA_METHOD_new.
PR#3920.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit aabd492320)
2015-09-12 02:47:40 +01:00
Dr. Stephen Henson
2aa5a2c766 Check for FIPS mode after loading config.
PR#3958

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-12 01:02:23 +01:00
John Foley
eac2b837d6 Use memmove instead of memcpy.
PR#4036

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-09-12 00:11:23 +01:00
Dr. Stephen Henson
ce5ae63ab2 Use default field separator.
If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 03706afa30)
2015-09-11 20:52:17 +01:00
Emilia Kasper
4dcdde120b RT3754: check for NULL pointer
Fix both the caller to error out on malloc failure, as well as the
eventual callee to handle a NULL gracefully.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-09-10 17:23:02 +02:00
Rich Salz
7b8a999202 Remove bogus CHANGES entries
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-09-08 11:37:05 -04:00
Dr. Stephen Henson
2df619b06c Match SUITEB strings at start of cipher list.
PR#4009.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 13e228d684)

Conflicts:
	ssl/ssl_ciph.c
2015-09-04 21:32:25 +01:00
Alessandro Ghedini
cef9dcbb45 Add initial Travis CI configuration
Closes #63

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
(cherry picked from commit 66c103bdab)
2015-09-03 12:40:25 -04:00
Viktor Dukhovni
40d5689458 Cleaner handling of "cnid" in do_x509_check
Avoid using cnid = 0, use NID_undef instead, and return early instead
of trying to find an instance of that in the subject DN.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit fffc2faeb2)
2015-09-02 10:02:10 -04:00
Viktor Dukhovni
39c76ceb2d Better handling of verify param id peername field
Initialize pointers in param id by the book (explicit NULL assignment,
rather than just memset 0).

In x509_verify_param_zero() set peername to NULL after freeing it.

In x509_vfy.c's internal check_hosts(), avoid potential leak of
possibly already non-NULL peername.  This is only set when a check
succeeds, so don't need to do this repeatedly in the loop.

Reviewed-by: Richard Levitte <levitte@openssl.org>

(cherry picked from commit a0724ef1c9)
2015-09-02 10:01:23 -04:00
Rich Salz
0a1682d8b5 RT3767: openssl_button.gif should be PNG
No, we should just delete it.  And updated the README

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 8db7878106)
2015-09-01 21:38:27 -04:00
Hiroyuki YAMAMORI
31472acf61 Fix DTLS1.2 compression
Backport of equivalent fix from master. The only compression
method is stateful and hence incompatible with DTLS. The DTLS
test was not working for DTLS1.2

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-02 00:37:58 +01:00
Hiroyuki YAMAMORI
28643a1615 Fix DTLS1.2 buffers
Fix the setup of DTLS1.2 buffers to take account of the Header

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-02 00:37:58 +01:00
Matt Caswell
dc0c888811 Fix session resumption
Commit f0348c842e introduced a problem with session resumption. The
version for the session is fixed when the session is created. By moving
the creation of the session earlier in the process the version is fixed
*before* version negotiation has completed when processing the ServerHello
on the client side. This fix updates the session version after version neg
has completed.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-02 00:29:00 +01:00
Matt Caswell
9a931208d7 Fix building with OPENSSL_NO_TLSEXT.
Builds using no-tlsext in 1.0.0 and 0.9.8 are broken. This commit fixes the
issue. The same commit is applied to 1.0.1 and 1.0.2 branches for code
consistency. However this commit will not fix no-tlsext in those branches
which have always been broken for other reasons. The commit is not applied
to master at all, because no-tlsext has been completely removed from that
branch.

Based on a patch by Marc Branchaud <marcnarc@xiplink.com>

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-09-02 00:01:29 +01:00
Tim Zhang
41fe7d2380 Fix the comment for POINT_CONVERSION_UNCOMPRESSED
The |z| value should be 0x04 not 0x02

RT#3838

Signed-off-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 91d2728b38)
2015-09-01 23:53:48 +01:00
Emilia Kasper
cc42e4af2c Add missing CHANGES entry for 1.0.2
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-01 20:12:28 +02:00
Emilia Kasper
59793f5c1e RT4002: check for NULL cipher in p12_crpt.c
The NULL cipher case can't actually happen because we have no
EVP_PBE_CTL combinations where cipher_nid is -1 and keygen is
PKCS12_PBE_keyivgen. But make the code more obviously correct.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 394f7b6fcc)
2015-09-01 20:03:04 +02:00
Emilia Kasper
5f623eb616 RT 3493: fix RSA test
- Pass in the right ciphertext length to ensure we're indeed testing
  ciphertext corruption (and not truncation).
- Only test one mutation per byte to not make the test too slow.
- Add a separate test for truncated ciphertexts.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 25d6b3401c)
2015-09-01 20:02:54 +02:00
Richard Levitte
5425917406 Ignore .dir-locals.el
Because we recently encourage people to have a .dir-locals.el, it's a good
idea to ignore it on a git level.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d7c02691a5)
2015-09-01 01:19:46 +02:00
mrpre
cae70cfd46 check bn_new return value
Slightly modified from the original PR.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>

(cherry picked from commit a7e974c7be)
2015-08-31 16:04:39 -04:00
Ben Kaduk
df1565ed9c GH367 follow-up, for more clarity
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 36ac7bc8a9)
2015-08-31 13:46:30 -04:00
Emilia Kasper
cf633fa002 BN_mod_exp_mont_consttime: check for zero modulus.
Don't dereference |d| when |top| is zero. Also test that various BIGNUM methods behave correctly on zero/even inputs.

Follow-up to b11980d79a

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 19:33:03 +02:00
Richard Levitte
732a6b5522 Remove auto-fill-mode
Apparently, emacs sees changes to auto-fill-mode as insecure

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6dc08048d9)
2015-08-31 18:20:24 +02:00
Richard Levitte
43613c0a02 Add an example .dir-locals.el
This file, when copied to .dir-locals.el in the OpenSSL source top,
will make sure that the CC mode style "OpenSSL-II" will be used for
all C files.

Additionally, I makes sure that tabs are never used as indentation
character, regardless of the emacs mode, and that the fill column is
78.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0927f0d822)
2015-08-31 18:20:24 +02:00
Richard Levitte
254b259ef0 Add emacs CC mode style for OpenSSL
This hopefully conforms closely enough to the current code style.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d9b3554b2d)
2015-08-31 18:20:24 +02:00