Commit graph

11076 commits

Author SHA1 Message Date
Dr. Stephen Henson
e9b4b8afbd Don't try and verify signatures if key is NULL (CVE-2013-0166)
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b)
2014-04-01 16:39:35 +01:00
Dr. Stephen Henson
bc5ec653ba Fix memory leak with client auth. 2014-03-27 16:10:50 +00:00
Dr. Stephen Henson
1f44dac24d Add -no_resumption_on_reneg to SSL_CONF. 2014-03-27 15:51:25 +00:00
Dr. Stephen Henson
2dd6976f6d Update chain building function.
Don't clear verification errors from the error queue unless
SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set.

If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR
is set return 2 so applications can issue warnings.
2014-03-27 14:23:46 +00:00
Emilia Kasper
662239183d Allow duplicate certs in ssl_build_cert_chain 2014-03-25 17:28:04 +00:00
Dr. Stephen Henson
66243398bb Workaround for some CMS signature formats.
Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.
(cherry picked from commit 3a98f9cf20)
2014-03-19 17:29:55 +00:00
Piotr Sikora
aa10982c49 Retry callback only after ClientHello received.
(cherry picked from commit f04665a653)
2014-03-18 23:58:39 +00:00
Dr. Stephen Henson
8b0336c810 Update ordinals.
Use a previously unused value as we will be updating multiple released
branches.
(cherry picked from commit 0737acd2a8)
2014-03-12 14:41:52 +00:00
Dr. Stephen Henson
0a9f7780e5 Fix for CVE-2014-0076
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483)

Conflicts:

	CHANGES
2014-03-12 14:23:21 +00:00
Dr. Stephen Henson
44f7e399d3 typo
(cherry picked from commit a029788b0e)
2014-03-10 15:48:12 +00:00
Dr. Stephen Henson
8419df95e1 Remove -WX option from debug-VC-WIN32
(cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
2014-03-07 19:07:51 +00:00
Andy Polyakov
59314f304e engines/ccgost/gosthash.c: simplify and avoid SEGV.
PR: 3275
(cherry picked from commit ea38f02049)
2014-03-07 11:03:25 +01:00
Andy Polyakov
cc6dc9b229 SPARC T4 assembly pack: treat zero input length in CBC.
The problem is that OpenSSH calls EVP_Cipher, which is not as
protective as EVP_CipherUpdate. Formally speaking we ought to
do more checks in *_cipher methods, including rejecting
lengths not divisible by block size (unless ciphertext stealing
is in place). But for now I implement check for zero length in
low-level based on precedent.

PR: 3087, 2775
(cherry picked from commit 5e44c144e6)
2014-03-07 10:48:51 +01:00
Andy Polyakov
fe69e6be6e dh_check.c: check BN_CTX_get's return value.
(cherry picked from commit 53e5161231)
2014-03-06 14:21:17 +01:00
Andy Polyakov
430c5ca02e test/Makefile: allow emulated test (e.g. under wine) [from master].
Submitted by: Roumen Petrov
2014-03-06 14:09:58 +01:00
Andy Polyakov
25ebd9e3ce bss_dgram.c,d1_lib.c: make it compile with mingw.
Submitted by: Roumen Petrov
(cherry picked from commit 972b0dc350)
2014-03-06 14:07:16 +01:00
Dr. Stephen Henson
bdfc0e284c For self signed root only indicate one error. 2014-03-03 23:33:51 +00:00
Dr. Stephen Henson
12c56e4888 Sync crypto documentation with master branch. 2014-03-03 15:12:17 +00:00
Dr. Stephen Henson
1bd4ee1da1 Use nid not cipher type as some ciphers don't have OIDs. 2014-03-02 15:00:21 +00:00
Dr. Stephen Henson
3956bfce60 Make null cipher work in FIPS mode. 2014-03-02 13:50:06 +00:00
Dr. Stephen Henson
8394109c89 Add new VMS hack symbol, update ordinals. 2014-03-02 13:50:06 +00:00
Dr. Stephen Henson
813cfd9c0a Add additional FIPS digests.
Add a few special case digests not returned by FIPS_get_digestbynid().

Thanks to Roumen Petrov <openssl@roumenpetrov.info> for reporting this
issue.
2014-03-01 23:14:08 +00:00
Dr. Stephen Henson
976c58302b Add function to free compression methods.
Although the memory allocated by compression methods is fixed and
cannot grow over time it can cause warnings in some leak checking
tools. The function SSL_COMP_free_compression_methods() will free
and zero the list of supported compression methods. This should
*only* be called in a single threaded context when an application
is shutting down to avoid interfering with existing contexts
attempting to look up compression methods.
2014-03-01 23:14:08 +00:00
Dr. Stephen Henson
b60272b01f PKCS#8 support for alternative PRFs.
Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.

Add option to pkcs8 utility.

Update docs.
2014-03-01 23:14:08 +00:00
Dr. Stephen Henson
124d218889 Fix memory leak. 2014-03-01 23:14:08 +00:00
Andy Polyakov
cd077dab08 Makefile.org: fix syntax error on Solaris.
PR: 3271
(cherry picked from commit 65370f9bbc)
2014-02-28 22:55:44 +01:00
Dr. Stephen Henson
d1201e3195 Fix compilation errors with no-nextprotoneg 2014-02-28 13:35:30 +00:00
Dr. Stephen Henson
5f2329b82a Fix fips flag handling.
Don't set the fips flags in cipher and digests as the implementations
aren't suitable for FIPS mode and will be redirected to the FIPS module
versions anyway.

Return EVP_CIPH_FLAG_FIPS or EVP_MD_FLAG_FIPS if a FIPS implementation
exists when calling EVP_CIPHER_flags and EVP_MD_flags repectively.

Remove unused FIPS code from e_aes.c: the 1.0.2 branch will never be
used to build a FIPS module.
2014-02-27 19:18:58 +00:00
Dr. Stephen Henson
01fb5e133f Remove unused file.
The file evp_fips.c isn't used in OpenSSL 1.0.2 as FIPS and non-FIPS
implementations of algorithms can coexist.
2014-02-27 19:08:53 +00:00
Andy Polyakov
fd2c85f6ae evp/e_aes.c: harmonize with 1.0.1. 2014-02-27 17:47:23 +01:00
Andy Polyakov
41977c2e04 Configure: mark unixware target as elf-1.
(cherry picked from commit 4ca026560a)
2014-02-27 14:32:46 +01:00
Andy Polyakov
ca88a1d439 perlasm/x86asm.pl: recognize elf-1 denoting old ELF platforms.
(cherry picked from commit b62a4a1c0e)
2014-02-27 14:30:42 +01:00
Andy Polyakov
5615196f7b perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF.
(cherry picked from commit ce876d8316)
2014-02-27 14:29:07 +01:00
Andy Polyakov
1f59eb5f11 rc4/asm/rc4-586.pl: allow for 386-only build.
(cherry picked from commit f861b1d433)
2014-02-27 14:28:54 +01:00
Andy Polyakov
4bf6d66e67 des/asm/des-586.pl: shortcut reference to DES_SPtrans.
(cherry picked from commit fd361a67ef)
2014-02-27 14:28:44 +01:00
Andy Polyakov
2f34088e5e Makefile.org: mask touch's exit code
[but don't let it mask make's].

PR: 3269
2014-02-27 12:35:02 +01:00
Andy Polyakov
559e69f9b4 crypto/Makefile: make it OSF-make-friendly
PR: 3165
2014-02-26 16:42:57 +01:00
Rob Stradling
f3b7e522d8 CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration.
(cherry picked from commit ffcc832ba6e17859d45779eea87e38467561dd5d)
2014-02-26 15:33:10 +00:00
Dr. Stephen Henson
73be56a21d Fix for WIN32 builds with KRB5 2014-02-26 15:33:10 +00:00
Andy Polyakov
d00ae7cf70 sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2.
(cherry picked from commit d49135e7ea)
2014-02-26 10:23:56 +01:00
Andy Polyakov
f92926e331 sha/asm/sha512-x86_64.pl: fix compilation error on Solaris.
(cherry picked from commit 147cca8f53)
2014-02-26 09:31:40 +01:00
Andy Polyakov
241c8004ce Configure: blended processor target in solaris-x86-cc.
(cherry picked from commit 7bb9d84e35)
2014-02-26 09:31:26 +01:00
Andy Polyakov
8d08627c94 ssl/t1_enc.c: check EVP_MD_CTX_copy return value.
PR: 3201
(cherry picked from commit 03da57fe14)
2014-02-25 22:23:49 +01:00
Andy Polyakov
aa1bb606f3 aes/asm/vpaes-ppc.pl: fix traceback info.
(cherry picked from commit e704741bf3)
2014-02-25 20:13:41 +01:00
Zoltan Arpadffy
dabd4f1986 OpenVMS fixes. 2014-02-25 15:16:03 +00:00
Dr. Stephen Henson
251c47001b update NEWS with v3_scts.c issue 2014-02-25 15:08:45 +00:00
Dr. Stephen Henson
3678161d71 Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP. 2014-02-25 15:05:08 +00:00
Dr. Stephen Henson
6634416732 Fix for v3_scts.c
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
2014-02-25 14:54:09 +00:00
Dr. Stephen Henson
7101fd705c update NEWS 2014-02-25 13:56:40 +00:00
Dr. Stephen Henson
0f9bcf3319 Avoid Windows 8 Getversion deprecated errors.
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041)
2014-02-25 13:41:53 +00:00