Commit graph

11532 commits

Author SHA1 Message Date
Dr. Stephen Henson
017a15cbd2 New option no-ssl3-method which removes SSLv3_*method
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 3881d8106d)
2014-11-19 22:54:30 +00:00
Dr. Stephen Henson
786370b1b0 Fix excert logic.
If no keyfile has been specified use the certificate file instead.

Fix typo: we need to check the chain is not NULL, not the chain file.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-19 22:50:00 +00:00
Dr. Stephen Henson
56e8dc542b Process signature algorithms before deciding on certificate.
The supported signature algorithms extension needs to be processed before
the certificate to use is decided and before a cipher is selected (as the
set of shared signature algorithms supported may impact the choice).
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-19 14:44:42 +00:00
Matt Caswell
9ef1d283fe Added RFC 7027 references
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-18 13:10:41 +00:00
Matt Caswell
5a4a949904 Fixed cms-test.pl for no-ec2m
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-18 13:10:23 +00:00
Matt Caswell
ffa69c1ced Added OPENSSL_NO_EC2M guards around the default EC curves
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-18 13:10:01 +00:00
Jan Hykel
305e2b4111 Don't use msg on error.
Don't attempt to access msg structure if recvmsg returns an error.

PR#3483
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 012aa9ec76)
2014-11-17 12:41:47 +00:00
Dr. Stephen Henson
ba7aaa5622 Fix cross reference table generator.
If the hash or public key algorithm is "undef" the signature type
will receive special handling and shouldn't be included in the
cross reference table.
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 55f7fb8848)
2014-11-13 13:35:25 +00:00
Alok Menghrajani
2ad842b86a Fixes a minor typo in the EVP docs.
Out is the buffer which needs to contain at least inl + cipher_block_size - 1 bytes. Outl
is just an int*.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 5211e094de)
2014-11-12 21:05:01 +00:00
Michal Bozon
297a8fd4ac Correct timestamp output when clock_precision_digits > 0
PR#3535

Reviewed-by: Stephen Henson <steve@openssl.org>
2014-11-12 20:52:52 +00:00
Matt Caswell
5b3a5e3e90 Fix free of garbage pointer. PR#3595
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit e04d426bf9)
2014-11-12 20:29:27 +00:00
Kurt Roeckx
40e214a23b Fix warning about negative unsigned intergers
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-11 15:47:54 +01:00
Russell Coker
39679d858a Fix datarace reported by valgrind/helgrind
This doesn't really fix the datarace but changes it so it can only happens
once. This isn't really a problem since we always just set it to the same
value. We now just stop writing it after the first time.

PR3584, https://bugs.debian.org/534534

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-11-10 18:35:50 +01:00
Daniel Kahn Gillmor
0ec6898c67 Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH
see RT #3203

Future versions of OpenSSL use the canonical terms "ECDHE" and "DHE"
as configuration strings and compilation constants.  This patch
introduces aliases so that the stable 1.0.2 branch can be
forward-compatible with code and configuration scripts that use the
normalized terms, while avoiding changing any library output for
stable users.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-10 10:58:49 +01:00
Andy Polyakov
1e10aee2a7 armv4cpuid.S: fix compilation error in pre-ARMv7 build.
PR: 3474
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 6696203963)
2014-10-30 20:31:50 +01:00
Andy Polyakov
34a136d90f md32_common.h: address compiler warning in HOST_c2l.
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d45282fc7c)
2014-10-29 10:55:15 +01:00
Samuel Neves
42af669ff2 Use only unsigned arithmetic in constant-time operations
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-10-28 20:42:22 +01:00
Emilia Kasper
4c75f4e5ca Tighten session ticket handling
Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit d663df2399)
2014-10-28 17:38:23 +01:00
Emilia Kasper
1380317483 Sync CHANGES
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-27 17:52:15 +01:00
Emilia Kasper
a35f7adf5c Fix ssltest logic when some protocols are compiled out.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit fd28a41ec8)

Conflicts:
	ssl/ssltest.c
2014-10-27 16:33:28 +01:00
Dr. Stephen Henson
1ce95f1960 Copy negotiated parameters in SSL_set_SSL_CTX.
SSL_set_SSL_CTX is used to change the SSL_CTX for SNI, keep the
supported signature algorithms and raw cipherlist.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 14e14bf696)
2014-10-24 14:01:01 +01:00
Dr. Stephen Henson
51695b98f1 Process signature algorithms in ClientHello late.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit c800c27a8c)

Conflicts:

	ssl/ssl.h
	ssl/ssl_err.c
	ssl/ssl_locl.h
2014-10-24 13:57:23 +01:00
Dr. Stephen Henson
82182413a4 Parse custom extensions after SNI.
Since SNI will typically switch the SSL_CTX structure to the one
corresponding to the appopriate server we need to parse custom
extensions using the switched SSL_CTX not the original one. This
is done by parsing custom extensions *after* SNI.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-10-23 14:45:30 +01:00
Andy Polyakov
0ce2dbfb5b Add missing credit.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 9f4bd9d5f9)
2014-10-22 09:38:40 +02:00
Bodo Moeller
981545e1e7 Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-21 22:39:26 +02:00
Bodo Moeller
d60de314f4 When processing ClientHello.cipher_suites, don't ignore cipher suites
listed after TLS_FALLBACK_SCSV.

RT: 3575
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-10-21 22:32:09 +02:00
Kurt Roeckx
b6ece4c1fc Keep old method in case of an unsupported protocol
When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
the method to NULL.  We didn't used to do that, and it breaks things.  This is a
regression introduced in 62f45cc27d.  Keep the old
method since the code is not able to deal with a NULL method at this time.

CVE-2014-3569, PR#3571

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 392fa7a952)
2014-10-21 21:04:09 +02:00
Tim Hudson
bb086221dd no-ssl2 with no-ssl3 does not mean drop the ssl lib
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit c882abd522)
2014-10-20 15:26:16 +10:00
Kurt Cancemi
b4b8969df8 RT3547: Add missing static qualifier
Reviewed-by: Ben Laurie <ben@openssl.org>
(cherry picked from commit 87d388c955)
2014-10-17 11:48:32 +02:00
Matt Caswell
010d37621d Updates to NEWS file
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-10-15 08:54:27 -04:00
Matt Caswell
84d4f99d31 Updates to CHANGES file
Reviewed-by: Bodo Möller <bodo@openssl.org>
2014-10-15 08:54:26 -04:00
Geoff Thorpe
82180dcc0a Fix no-ssl3 configuration option
CVE-2014-3568

Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 08:54:26 -04:00
Dr. Stephen Henson
c2b90b398d Fix for session tickets memory leak.
CVE-2014-3567

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5dc6070a03779cd524f0e67f76c945cb0ac38320)
2014-10-15 08:54:26 -04:00
Matt Caswell
c2a2ff3f0a Fix SRTP compile issues for windows
Related to CVE-2014-3513

This fix was developed by the OpenSSL Team

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	util/mkdef.pl
	util/ssleay.num

Conflicts:
	util/mkdef.pl
2014-10-15 08:54:26 -04:00
Matt Caswell
d64b6c980c Fix for SRTP Memory Leak
CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 08:54:26 -04:00
Bodo Moeller
05df9b9ae5 Fix SSL_R naming inconsistency.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 14:48:00 +02:00
Andy Polyakov
3e3cc471c2 aesni-x86_64.pl: make ECB subroutine Windows ABI compliant.
RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 69d5747f90)
2014-10-15 11:12:24 +02:00
Bodo Moeller
80fb4820cb Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv
handling out of #ifndef OPENSSL_NO_DTLS1 section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 10:50:53 +02:00
Bodo Moeller
2229fe5b94 Oop: revert unintentional change committed along with
TLS_FALLBACK_SCSV support, restoring a reviewed state instead.

Reviewed-by: Stephen Henson (steve@openssl.org)
2014-10-15 04:50:13 +02:00
Bodo Moeller
a46c705214 Support TLS_FALLBACK_SCSV.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 04:04:55 +02:00
Matt Caswell
dc7bca8bcc Removed duplicate definition of PKCS7_type_is_encrypted
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.

PR#3551

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e0fdea3e49)
2014-10-06 23:43:49 +01:00
Ben Laurie
f58cfe0422 Fix single makefile.
Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>
2014-10-06 18:06:18 +01:00
Rich Salz
20d1c8111f RT3462: Document actions when data==NULL
If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 5aed169305)
2014-10-03 10:39:32 -04:00
Bodo Moeller
c578fe37d9 DTLS 1.2 support has been added to 1.0.2.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-02 17:58:10 +02:00
Rich Salz
a4ee5bbc77 RT2309: Fix podpage MMNNFFPPS->MNNFFPPS
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 9208640a36)
2014-09-30 16:31:44 -04:00
Andy Polyakov
8ad9050318 e_os.h: refine inline override logic (to address warnings in debug build).
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 55c7a4cf11)
2014-09-30 21:07:59 +02:00
Dr. Stephen Henson
5df07a7210 Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-29 12:24:04 +01:00
Matt Caswell
0853b2c5e4 Prepare for 1.0.2-beta4-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-09-25 21:35:35 +01:00
Matt Caswell
2c5db8dac3 Prepare for 1.0.2-beta3 release
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-09-25 21:31:40 +01:00
Matt Caswell
bffd5a7f35 make update
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-09-25 21:31:40 +01:00