Commit graph

12032 commits

Author SHA1 Message Date
Hubert Kario
343e5cf194 add ECC strings to ciphers(1), point out difference between DH and ECDH
* Make a clear distinction between DH and ECDH key exchange.
 * Group all key exchange cipher suite identifiers, first DH then ECDH
 * add descriptions for all supported *DH* identifiers
 * add ECDSA authentication descriptions
 * add example showing how to disable all suites that offer no
   authentication or encryption
2014-06-10 20:53:07 +01:00
Mike Bland
3ead9f3798 Create test/testutil.h for unit test helper macros
Defines SETUP_TEST_FIXTURE and EXECUTE_TEST, and updates ssl/heartbeat_test.c
using these macros. SETUP_TEST_FIXTURE makes use of the new TEST_CASE_NAME
macro, defined to use __func__ or __FUNCTION__ on platforms that support those
symbols, or to use the file name and line number otherwise. This should fix
several reported build problems related to lack of C99 support.
2014-06-10 19:20:25 +01:00
Dr. Stephen Henson
7a9d59c148 Fix null pointer errors.
PR#3394
2014-06-10 14:47:29 +01:00
Dr. Stephen Henson
447280ca7b SRP ciphersuite correction.
SRP ciphersuites do not have no authentication. They have authentication
based on SRP. Add new SRP authentication flag and cipher string.
2014-06-09 12:09:52 +01:00
Dr. Stephen Henson
1bea384fd5 Update strength_bits for 3DES.
Fix strength_bits to 112 for 3DES.
2014-06-09 12:09:52 +01:00
Kurt Roeckx
95fe635d90 Link heartbeat_test with the static version of the libraries
It's using an internal API that that might not be available in the shared
library.
2014-06-09 00:10:24 +01:00
Jakub Wilk
7be1d8764d Create ~/.rnd with mode 0600 instead of 0666
Because of a missing include <fcntl.h> we don't have O_CREATE and don't create
the file with open() using mode 0600 but fall back to using fopen() with the
default umask followed by a chmod().

Problem found by Jakub Wilk <jwilk@debian.org>.
2014-06-08 21:15:48 +01:00
Dr. Stephen Henson
fb8d9ddb9d Make tls_session_secret_cb work with CVE-2014-0224 fix.
If application uses tls_session_secret_cb for session resumption
set the CCS_OK flag.
2014-06-07 15:27:23 +01:00
Dr. Stephen Henson
c43a55407d Add official extension value.
Encrypt then MAC now has an official extension value, see:

http://www.ietf.org/id/draft-ietf-tls-encrypt-then-mac-02.txt
2014-06-07 15:27:23 +01:00
Matt Caswell
fa6bb85ae0 Fixed minor duplication in docs 2014-06-07 12:30:18 +01:00
Andy Polyakov
5dcf70a1c5 ARM assembly pack: get ARMv7 instruction endianness right.
Pointer out and suggested by: Ard Biesheuvel.
2014-06-06 21:27:18 +02:00
Andy Polyakov
cd91fd7c32 sha[1|512]-armv8.pl: get instruction endianness right.
Submitted by: Ard Biesheuvel.
2014-06-06 20:50:43 +02:00
Andy Polyakov
82741e9c89 Engage GHASH for ARMv8. 2014-06-06 20:48:35 +02:00
Andy Polyakov
2d5a799d27 Add GHASH for ARMv8 Crypto Extension.
Result of joint effort with Ard Biesheuvel.
2014-06-06 20:43:02 +02:00
Dr. Stephen Henson
7178c711dd Update NEWS. 2014-06-06 14:34:23 +01:00
Andy Polyakov
65cad34b10 aesv8-armx.pl update:
- fix 32-bit build (submitted by Ard Biesheuvel);
- fix performance issue in CTR;
2014-06-06 12:18:51 +02:00
Dr. Stephen Henson
5111672b8e Update value to use a free bit. 2014-06-05 13:27:11 +01:00
Dr. Stephen Henson
410e444b71 Fix for CVE-2014-0195
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.
(cherry picked from commit 1632ef7448)
2014-06-05 13:23:05 +01:00
Dr. Stephen Henson
a91be10833 Fix for CVE-2014-0224
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
(cherry picked from commit bc8923b1ec)
2014-06-05 13:22:42 +01:00
Dr. Stephen Henson
a7c682fb6f Additional CVE-2014-0224 protection.
Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd7083f)
2014-06-05 13:22:24 +01:00
Dr. Stephen Henson
b4322e1de8 Fix CVE-2014-0221
Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
(cherry picked from commit d3152655d5)
2014-06-05 13:22:03 +01:00
Dr. Stephen Henson
a5362db460 Fix CVE-2014-3470
Check session_cert is not NULL before dereferencing it.
(cherry picked from commit 8011cd56e3)
2014-06-05 13:21:50 +01:00
Andy Polyakov
d86689e1d9 aesp8-ppc.pl: fix typos. 2014-06-04 08:34:18 +02:00
Andy Polyakov
53a224bb0a evp/e_aes.c: add erroneously omitted break; 2014-06-04 08:33:06 +02:00
Libor Krystek
8e3231642b Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370 2014-06-03 23:15:58 +01:00
David Benjamin
c7f267397e Check there is enough room for extension. 2014-06-02 23:55:56 +01:00
zhu qun-ying
470990fee0 Free up s->d1->buffered_app_data.q properly.
PR#3286
2014-06-02 23:55:55 +01:00
Andy Polyakov
030a3f9527 evp/e_aes.c: populate HWAES_* to remaning modes.
Submitted by: Ard Biesheuvel.
2014-06-02 21:48:02 +02:00
Dr. Stephen Henson
14f47acf23 Allow reordering of certificates when signing.
Add certificates if -nocerts and -certfile specified when signing
in smime application. This can be used this to specify the
order certificates appear in the PKCS#7 structure: some broken
applications require a certain ordering.

PR#3316
2014-06-02 14:22:07 +01:00
Sami Farin
13b7896022 Typo: set i to -1 before goto.
PR#3302
2014-06-02 14:22:07 +01:00
Andy Polyakov
de51e830a6 Engage POWER8 AES support. 2014-06-01 23:38:11 +02:00
Matt Caswell
a5510df337 Added SSLErr call for internal error in dtls1_buffer_record 2014-06-01 21:36:25 +01:00
David Ramos
d1e1aeef8f Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362 2014-06-01 21:36:25 +01:00
Andy Polyakov
723463282f armv4cpuid.S: switch to CNTVCT tick counter. 2014-06-01 22:34:02 +02:00
Andy Polyakov
797d24bee9 sha[1|256]-armv4: harmonize with arm_arch.h. 2014-06-01 22:29:50 +02:00
Andy Polyakov
ddacb8f27b Engage ARMv8 AES support. 2014-06-01 22:20:37 +02:00
Dr. Stephen Henson
a09220d823 Recognise padding extension. 2014-06-01 18:15:21 +01:00
Dr. Stephen Henson
01f2f18f3c Option to disable padding extension.
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
2014-06-01 18:15:21 +01:00
Andy Polyakov
f8aab6174c linux-aarch64: engage SHA modules. 2014-06-01 18:03:51 +02:00
Andy Polyakov
ddb6b965da Add SHA for ARMv8. 2014-06-01 18:02:11 +02:00
Andy Polyakov
e8d93e342b Add linux-aarch64 taget.
armcap.c is shared between 32- and 64-bit builds and features link-time
detection of getauxval.

Submitted by: Ard Biesheuvel.
2014-06-01 17:21:06 +02:00
Ben Laurie
992bba11d5 Merge branch 'erbridge-probable_primes' 2014-06-01 15:37:08 +01:00
Ben Laurie
5fc3a5fe49 Credit to Felix.
Closes #116.
2014-06-01 15:31:27 +01:00
Ben Laurie
c93233dbfd Tidy up, don't exceed the number of requested bits. 2014-06-01 15:31:27 +01:00
Ben Laurie
46838817c7 Constify and reduce coprime random bits to allow for multiplier. 2014-06-01 15:31:27 +01:00
Ben Laurie
0382950c6c Zero prime doits. 2014-06-01 15:31:27 +01:00
Ben Laurie
5efa13ca7e Add option to run all prime tests. 2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
8927c2786d Add a test to check we're really generating probable primes. 2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
9a3a99748b Remove unused BIGNUMs. 2014-06-01 15:31:27 +01:00
Felix Laurie von Massenbach
a77889f560 Only count successful generations. 2014-06-01 15:31:26 +01:00