Commit graph

10938 commits

Author SHA1 Message Date
Matt Caswell
5fc8bb6ab7 Check EVP_Cipher return values for SSL2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-27 21:53:27 +00:00
Matt Caswell
244d0955ad Add checks to the return value of EVP_Cipher to prevent silent encryption failure.
PR#1767

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-27 21:53:02 +00:00
Matt Caswell
061e68c554 Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST
PR#3613

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit fc3968a25c)
2014-11-27 20:53:58 +00:00
Matt Caswell
3f1d582f70 Remove duplicated code
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 14:32:40 +00:00
Matt Caswell
8a2e5bf6b7 Tidy up ocsp help output
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5e31a40f47)

Conflicts:
	apps/ocsp.c

(cherry picked from commit e164582690)
2014-11-27 14:18:45 +00:00
André Guerreiro
6c3d948723 Add documentation on -timeout option in the ocsp utility
PR#3612

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit de87dd46c1)
(cherry picked from commit 4d3df37bc7)
2014-11-27 14:18:45 +00:00
Guenter
51c5ab5d3a NetWare compilation fix.
Workaround for NetWare CodeWarrior compiler which doesn't properly lookup
includes when in same directory as the C file which includes it.

PR#3569
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

(cherry picked from commit 333fad9f2d)
2014-11-27 14:04:13 +00:00
Matt Caswell
ff60f33811 Updates to X509_NAME_get_index_by_NID.pod submitted by user Bernardh via the wiki
Minor changes made by Matt Caswell

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 6484958645)
2014-11-27 13:57:23 +00:00
Matt Caswell
2cfa5edb26 Updates to X509_NAME_add_entry_by_txt.pod submitted by user Bernardh via the wiki
Minor changes made by Matt Caswell.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit f281b8df70)
2014-11-27 13:57:23 +00:00
Matt Caswell
291a3e9629 Updates to EVP_PKEY_encrypt.pod submitted by user Bernardh via the wiki
Minor changes made by Matt Caswell.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 34890ac18e)
2014-11-27 13:57:23 +00:00
Matt Caswell
2184a14b62 Add include of ssl.h which is required by srtp.h
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit f67203836c)
2014-11-27 13:19:23 +00:00
Matt Caswell
2e84084fbc Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask
PR#3608

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 8a35dbb6d8)
2014-11-26 10:14:13 +00:00
Matt Caswell
26f9cfbdca Corrected comments in ssl.h about SSLv23_method and friends
PR#3574

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 3a0765882c)
2014-11-25 22:25:18 +00:00
David Benjamin
7fc5f4f117 Do not resume a session if the negotiated protocol version does not match
the session's version (server).

See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 9e189b9dc1)
2014-11-20 16:31:42 +01:00
Emilia Kasper
249a3e362f Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset
once the ChangeCipherSpec message is received. Previously, the server would
set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED.
This would allow a second CCS to arrive and would corrupt the server state.

(Because the first CCS would latch the correct keys and subsequent CCS
messages would have to be encrypted, a MitM attacker cannot exploit this,
though.)

Thanks to Joeri de Ruiter for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit e94a6c0ede)

Conflicts:
	CHANGES
	ssl/s3_srvr.c
2014-11-20 15:32:08 +01:00
Emilia Kasper
15d717f574 Always require an advertised NewSessionTicket message.
The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.

An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit de2c7504eb)

Conflicts:
	CHANGES
2014-11-20 15:29:17 +01:00
Emilia Kasper
b8712b2b9a Remove ssl3_check_finished.
The client sends a session ID with the session ticket, and uses
the returned ID to detect resumption, so we do not need to peek
at handshake messages: s->hit tells us explicitly if we're resuming.

An equivalent change was independently made in BoringSSL, see commit
407886f589cf2dbaed82db0a44173036c3bc3317.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 980bc1ec61)

Conflicts:
	ssl/d1_clnt.c
	ssl/s3_clnt.c
2014-11-20 15:26:26 +01:00
Emilia Kasper
1eaccbef57 Set s->hit when resuming from external pre-shared secret.
The same change was independently made in BoringSSL, see commit
9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 7b3ba508af)
2014-11-20 15:20:17 +01:00
Emilia Kasper
e2f69f5ce7 Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext.
This ensures that it's zeroed even if the SSL object is reused
(as in ssltest.c). It also ensures that it applies to DTLS, too.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit a06cd5d056)
2014-11-20 15:20:16 +01:00
Dr. Stephen Henson
821bee4333 New option no-ssl3-method which removes SSLv3_*method
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 3881d8106d)

Conflicts:
	util/mkdef.pl
2014-11-19 22:57:51 +00:00
Matt Caswell
8b6205c484 Added OPENSSL_NO_EC2M guards around the preferred EC curve list
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-18 13:15:28 +00:00
Jan Hykel
e5cf62b04d Don't use msg on error.
Don't attempt to access msg structure if recvmsg returns an error.

PR#3483
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 012aa9ec76)
2014-11-17 12:42:15 +00:00
Dr. Stephen Henson
b1edca2a4c Fix cross reference table generator.
If the hash or public key algorithm is "undef" the signature type
will receive special handling and shouldn't be included in the
cross reference table.
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 55f7fb8848)
2014-11-13 13:35:58 +00:00
Alok Menghrajani
e7768ebbd2 Fixes a minor typo in the EVP docs.
Out is the buffer which needs to contain at least inl + cipher_block_size - 1 bytes. Outl
is just an int*.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 5211e094de)
2014-11-12 21:05:24 +00:00
Michal Bozon
329a76c085 Correct timestamp output when clock_precision_digits > 0
PR#3535

Reviewed-by: Stephen Henson <steve@openssl.org>
2014-11-12 20:54:10 +00:00
Matt Caswell
bbb76be9b5 Fix free of garbage pointer. PR#3595
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit e04d426bf9)
2014-11-12 20:31:27 +00:00
Kurt Roeckx
b726b8a60c Fix warning about negative unsigned intergers
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-11 15:48:34 +01:00
Russell Coker
e298409c34 Fix datarace reported by valgrind/helgrind
This doesn't really fix the datarace but changes it so it can only happens
once. This isn't really a problem since we always just set it to the same
value. We now just stop writing it after the first time.

PR3584, https://bugs.debian.org/534534

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-11-10 18:36:09 +01:00
Andy Polyakov
25012d5e79 md32_common.h: address compiler warning in HOST_c2l.
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d45282fc7c)
2014-10-29 10:55:48 +01:00
Samuel Neves
09b7de77b3 Use only unsigned arithmetic in constant-time operations
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-10-28 20:50:44 +01:00
Emilia Kasper
9bdedec0cf Tighten session ticket handling
Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit d663df2399)

Conflicts:
	CHANGES
2014-10-28 17:41:49 +01:00
Emilia Kasper
f63fa8b10a Fix ssltest logic when some protocols are compiled out.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit fd28a41ec8)

Conflicts:
	ssl/ssltest.c
2014-10-27 16:36:19 +01:00
Bodo Moeller
d47aebbb47 Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-21 22:40:41 +02:00
Bodo Moeller
08931f1cd6 When processing ClientHello.cipher_suites, don't ignore cipher suites
listed after TLS_FALLBACK_SCSV.

RT: 3575
Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-10-21 22:32:30 +02:00
Kurt Roeckx
6ce9687b5a Keep old method in case of an unsupported protocol
When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
the method to NULL.  We didn't used to do that, and it breaks things.  This is a
regression introduced in 62f45cc27d.  Keep the old
method since the code is not able to deal with a NULL method at this time.

CVE-2014-3569, PR#3571

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 392fa7a952)
2014-10-21 21:08:14 +02:00
Tim Hudson
20e610580e no-ssl2 with no-ssl3 does not mean drop the ssl lib
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit c882abd522)
2014-10-20 15:25:55 +10:00
Andy Polyakov
4fa17211bb e_os.h: refine inline override logic (to address warnings in debug build).
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 55c7a4cf11)
2014-10-17 11:53:02 +02:00
Andy Polyakov
d8d40fc676 e_os.h: allow inline functions to be compiled by legacy compilers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 40155f4089)
2014-10-17 11:52:47 +02:00
Kurt Cancemi
3c7fcdfdd4 RT3547: Add missing static qualifier
Reviewed-by: Ben Laurie <ben@openssl.org>
(cherry picked from commit 87d388c955)
2014-10-17 11:48:42 +02:00
Matt Caswell
e356ac5c06 Prepare for 1.0.1k-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-10-15 13:55:20 +01:00
Matt Caswell
872e681c00 Prepare for 1.0.1j release
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-10-15 13:54:46 +01:00
Matt Caswell
38b71ba8ff Updates to NEWS
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-10-15 08:51:50 -04:00
Matt Caswell
f8cf36c298 Add updates to CHANGES file
Reviewed-by: Bodo Möller <bodo@openssl.org>
2014-10-15 08:51:50 -04:00
Geoff Thorpe
26a59d9b46 Fix no-ssl3 configuration option
CVE-2014-3568

Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 08:51:50 -04:00
Dr. Stephen Henson
7fd4ce6a99 Fix for session tickets memory leak.
CVE-2014-3567

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5dc6070a03779cd524f0e67f76c945cb0ac38320)
2014-10-15 08:51:50 -04:00
Matt Caswell
d9d09a8d0f Fix SRTP compile issues for windows
Related to CVE-2014-3513

This fix was developed by the OpenSSL Team

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 08:51:50 -04:00
Matt Caswell
2b0532f398 Fix for SRTP Memory Leak
CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an origi
issue and patch developed by the LibreSSL project. Further analysis of the i
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 08:51:49 -04:00
Bodo Moeller
7d07c75c5b Fix SSL_R naming inconsistency.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 14:47:39 +02:00
Andy Polyakov
f34297db80 aesni-x86_64.pl: make ECB subroutine Windows ABI compliant.
RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 69d5747f90)
2014-10-15 11:13:14 +02:00
Tim Hudson
e2e5326e5b Add constant_time_locl.h to HEADERS,
so the Win32 compile picks it up correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-10-15 10:49:51 +02:00