Commit graph

105 commits

Author SHA1 Message Date
Matt Caswell
ae5c8664e5 Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:31:38 +00:00
Matt Caswell
f3b6ee30f4 Move more comments that confuse indent
Conflicts:
	crypto/dsa/dsa.h
	demos/engines/ibmca/hw_ibmca.c
	ssl/ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:28:49 +00:00
Matt Caswell
cc6e2a5936 Fix strange formatting by indent
Conflicts:
	crypto/hmac/hmac.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:26:58 +00:00
Matt Caswell
bc2d623c0e Fix source where indent will not be able to cope
Conflicts:
	apps/ciphers.c
	ssl/s3_pkt.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:24:04 +00:00
Matt Caswell
e19d4a99b8 Further comment amendments to preserve formatting prior to source reformat
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)

Conflicts:
	crypto/x509v3/pcy_tree.c

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 09:23:50 +00:00
Richard Levitte
bf68456f53 Clear warnings/errors within TLS_DEBUG code sections
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-12-17 14:17:54 +01:00
Richard Levitte
53332a75d1 Clear warnings/errors within KSSL_DEBUG code sections
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-12-17 14:17:54 +01:00
Bodo Moeller
a46c705214 Support TLS_FALLBACK_SCSV.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 04:04:55 +02:00
yogesh nagarkar
00ab230a3f Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG
PR#3141
(cherry picked from commit d183545d45)
2014-06-28 00:41:31 +01:00
Dr. Stephen Henson
87a0cbdf2e Use correct digest when exporting keying material.
PR#3319
(cherry picked from commit 84691390eae86befd33c83721dacedb539ae34e6)
2014-05-30 13:24:36 +01:00
Andy Polyakov
8d08627c94 ssl/t1_enc.c: check EVP_MD_CTX_copy return value.
PR: 3201
(cherry picked from commit 03da57fe14)
2014-02-25 22:23:49 +01:00
Andy Polyakov
4abe148444 ssl/t1_enc.c: optimize PRF (suggested by Intel).
(cherry picked from commit e8b0dd57c0)
2014-01-03 21:56:03 +01:00
Dr. Stephen Henson
80b6d97585 Fix DTLS retransmission from previous session.
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1)
2013-12-20 23:25:41 +00:00
Dr. Stephen Henson
a32ba49352 Check EVP errors for handshake digests.
Partial mitigation of PR#3200
(cherry picked from commit 0294b2be5f)
2013-12-18 13:27:15 +00:00
Dr. Stephen Henson
b60b9e7afe Enable TLS 1.2 ciphers in DTLS 1.2.
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in
DTLS 1.2 mode too.
(cherry picked from commit 4221c0dd30)
2013-09-18 13:46:02 +01:00
Dr. Stephen Henson
1b6ab411d3 Use enc_flags when deciding protocol variations.
Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.
(cherry picked from commit cbd64894ec)

Conflicts:

	ssl/ssl_locl.h
2013-09-18 13:46:02 +01:00
Andy Polyakov
eeb486a5f4 ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 8bfd4c659f)
2013-02-06 13:56:15 +00:00
Dr. Stephen Henson
d91d9acc58 Timing fix mitigation for FIPS mode.
We have to use EVP in FIPS mode so we can only partially mitigate
timing differences.

Make an extra call to EVP_DigestSignUpdate to hash additonal blocks
to cover any timing differences caused by removal of padding.
(cherry picked from commit b908e88ec1)
2013-02-06 13:56:13 +00:00
Ben Laurie
1326a64a33 Update DTLS code to match CBC decoding in TLS.
This change updates the DTLS code to match the constant-time CBC
behaviour in the TLS.
(cherry picked from commit 9f27de170d)
2013-02-06 13:56:13 +00:00
Ben Laurie
e0da2c2ed2 Don't crash when processing a zero-length, TLS >= 1.1 record.
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681)
2013-02-06 13:56:13 +00:00
Ben Laurie
fb0a59cc58 Make CBC decoding constant time.
This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bcc)
2013-02-06 13:56:12 +00:00
Dr. Stephen Henson
bc200e691c SSL/TLS record tracing code (backport from HEAD). 2012-12-26 22:40:46 +00:00
Richard Levitte
451cec33df * ssl/t1_enc.c (tls1_change_cipher_state): Stupid bug. Fortunately in
debugging code that's seldom used.
2012-09-21 13:08:30 +00:00
Dr. Stephen Henson
e7c8483891 Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
DTLS to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
2012-05-10 16:03:36 +00:00
Andy Polyakov
9cc42cb091 ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD]. 2012-03-13 19:21:15 +00:00
Ben Laurie
96fe35e7d4 Remove redundant TLS exporter. 2011-12-13 14:35:12 +00:00
Ben Laurie
e87afb1518 SSL export fixes (from Adam Langley). 2011-12-13 14:25:11 +00:00
Ben Laurie
a0cf79e841 Fix exporter. 2011-12-02 16:49:32 +00:00
Ben Laurie
825e1a7c56 Fix warnings. 2011-12-02 14:39:41 +00:00
Dr. Stephen Henson
2c7d978c2d PR: 1794
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Reviewed by: steve

Make SRP conformant to rfc 5054.

Changes are:

- removal of the addition state after client hello
- removal of all pre-rfc srp alert ids
- sending a fatal alert when there is no srp extension but when the
server wants SRP
- removal of unnecessary code in the client.
2011-11-25 00:18:10 +00:00
Dr. Stephen Henson
43716567f5 bcmp doesn't exist on all platforms, replace with memcmp 2011-11-21 22:29:16 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Dr. Stephen Henson
aed53d6c5a Backport GCM support from HEAD. 2011-08-04 11:13:28 +00:00
Andy Polyakov
90f3e4cf05 Back-port TLS AEAD framework [from HEAD]. 2011-07-21 19:22:57 +00:00
Dr. Stephen Henson
f93b03a5e6 Don't round up partitioned premaster secret length if there is only one
digest in use: this caused the PRF to fail for an odd premaster secret
length.
2011-05-31 10:35:22 +00:00
Dr. Stephen Henson
7043fa702f add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support 2011-05-19 18:22:16 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD.
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
2011-05-11 13:37:52 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Dr. Stephen Henson
4577b38d22 Don't use decryption_failed alert for TLS v1.1 or later. 2011-01-04 19:39:42 +00:00
Dr. Stephen Henson
95eef4df79 use generalised mac API for SSL key generation 2010-11-24 13:17:48 +00:00
Dr. Stephen Henson
1a8ecda3ee Only use explicit IV if cipher is in CBC mode. 2010-11-14 17:47:21 +00:00
Dr. Stephen Henson
53e7985c8d PR: 1830
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson

Support for RFC5705 key extractor.
2010-07-18 17:39:46 +00:00
Dr. Stephen Henson
28566b4966 no need for empty fragments with TLS 1.1 and later due to explicit IV 2010-06-27 14:42:43 +00:00
Dr. Stephen Henson
b4b15f68c0 Backport TLS v1.1 support from HEAD, ssl/ changes 2010-06-27 14:22:11 +00:00
Dr. Stephen Henson
e97359435e Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
72240ab31a PR: 2259
Submitted By: Artem Chuprina <ran@cryptocom.ru>

Check return values of HMAC in tls_P_hash and tls1_generate_key_block.

Although the previous version could in theory crash that would only happen if a
digest call failed. The standard software methods can never fail and only one
ENGINE currently uses digests and it is not compiled in by default.
2010-05-17 11:26:56 +00:00
Dr. Stephen Henson
b452f43322 PR: 1751
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
2009-04-19 18:03:13 +00:00
Dr. Stephen Henson
d7ecd42255 Fix warnings properly this time ;-) 2009-01-11 20:34:23 +00:00
Dr. Stephen Henson
211655fcdd Fix sign-compare warnings. 2009-01-11 15:58:51 +00:00
Lutz Jänicke
fceac0bc74 Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
2009-01-05 14:43:05 +00:00