Commit graph

11699 commits

Author SHA1 Message Date
Matt Caswell
c2a2ff3f0a Fix SRTP compile issues for windows
Related to CVE-2014-3513

This fix was developed by the OpenSSL Team

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	util/mkdef.pl
	util/ssleay.num

Conflicts:
	util/mkdef.pl
2014-10-15 08:54:26 -04:00
Matt Caswell
d64b6c980c Fix for SRTP Memory Leak
CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 08:54:26 -04:00
Bodo Moeller
05df9b9ae5 Fix SSL_R naming inconsistency.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-15 14:48:00 +02:00
Andy Polyakov
3e3cc471c2 aesni-x86_64.pl: make ECB subroutine Windows ABI compliant.
RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 69d5747f90)
2014-10-15 11:12:24 +02:00
Bodo Moeller
80fb4820cb Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv
handling out of #ifndef OPENSSL_NO_DTLS1 section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 10:50:53 +02:00
Bodo Moeller
2229fe5b94 Oop: revert unintentional change committed along with
TLS_FALLBACK_SCSV support, restoring a reviewed state instead.

Reviewed-by: Stephen Henson (steve@openssl.org)
2014-10-15 04:50:13 +02:00
Bodo Moeller
a46c705214 Support TLS_FALLBACK_SCSV.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 04:04:55 +02:00
Matt Caswell
dc7bca8bcc Removed duplicate definition of PKCS7_type_is_encrypted
Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.

PR#3551

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e0fdea3e49)
2014-10-06 23:43:49 +01:00
Ben Laurie
f58cfe0422 Fix single makefile.
Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>
2014-10-06 18:06:18 +01:00
Rich Salz
20d1c8111f RT3462: Document actions when data==NULL
If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 5aed169305)
2014-10-03 10:39:32 -04:00
Bodo Moeller
c578fe37d9 DTLS 1.2 support has been added to 1.0.2.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-02 17:58:10 +02:00
Rich Salz
a4ee5bbc77 RT2309: Fix podpage MMNNFFPPS->MNNFFPPS
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 9208640a36)
2014-09-30 16:31:44 -04:00
Andy Polyakov
8ad9050318 e_os.h: refine inline override logic (to address warnings in debug build).
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 55c7a4cf11)
2014-09-30 21:07:59 +02:00
Dr. Stephen Henson
5df07a7210 Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-29 12:24:04 +01:00
Matt Caswell
0853b2c5e4 Prepare for 1.0.2-beta4-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-09-25 21:35:35 +01:00
Matt Caswell
2c5db8dac3 Prepare for 1.0.2-beta3 release
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-09-25 21:31:40 +01:00
Matt Caswell
bffd5a7f35 make update
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-09-25 21:31:40 +01:00
Matt Caswell
5e60396fe7 Added 1.0.1i CHANGES and NEWS updates
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-25 21:29:25 +01:00
Emilia Kasper
0d6a11a91f Add missing tests
Accidentally omitted from commit 455b65dfab

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit fdc35a9d3e)
2014-09-25 13:46:55 +02:00
Tim Hudson
f9fac6163e Add constant_time_locl.h to HEADERS,
so the Win32 compile picks it up correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-09-25 08:08:51 +02:00
Richard Levitte
ef8055cbb7 Add the constant time test to the VMS build and tests
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-25 08:07:54 +02:00
Richard Levitte
3b7ab6f4b8 Include "constant_time_locl.h" rather than "../constant_time_locl.h".
The different -I compiler parameters will take care of the rest...

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-25 08:06:47 +02:00
Dr. Stephen Henson
3b4a761853 Don't allow non-FIPS curves in FIPS mode.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-25 00:20:56 +01:00
Dr. Stephen Henson
255401756d Use correct function name: CMS_add1_signer()
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5886354dcc)
2014-09-25 00:06:46 +01:00
Andy Polyakov
ec65b83d65 crypto/bn/bn_nist.c: work around MSC ARM compiler bug.
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 8b07c005fe)
2014-09-25 00:46:45 +02:00
Andy Polyakov
d169bf9cab e_os.h: allow inline functions to be compiled by legacy compilers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 40155f4089)
2014-09-25 00:36:10 +02:00
Emilia Kasper
738911cde6 RT3425: constant-time evp_enc
Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f75)

Conflicts:
	crypto/evp/evp_enc.c
2014-09-24 16:25:04 +02:00
Emilia Kasper
e1080ea3c7 RT3067: simplify patch
(Original commit adb46dbc6d)

Use the new constant-time methods consistently in s3_srvr.c

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 455b65dfab)
2014-09-24 15:54:51 +02:00
Adam Langley
941af48fec This change alters the processing of invalid, RSA pre-master secrets so
that bad encryptions are treated like random session keys in constant
time.

(cherry picked from commit adb46dbc6d)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-24 15:42:43 +02:00
Emilia Kasper
9bed73adaa RT3066: rewrite RSA padding checks to be slightly more constant time.
Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

Conflicts:
	crypto/rsa/rsa_oaep.c
	crypto/rsa/rsa_pk1.c
	ssl/s3_cbc.c
2014-09-24 12:47:19 +02:00
Emilia Kasper
e9128d9401 Note i2d_re_X509_tbs and related changes in CHANGES
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-23 18:26:42 +02:00
Emilia Kasper
972868b23d make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-23 18:20:26 +02:00
Emilia Kasper
e774a3055b Add i2d_re_X509_tbs
i2d_re_X509_tbs re-encodes the TBS portion of the certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 95b1752cc7)
2014-09-23 18:20:26 +02:00
Emilia Kasper
d9f99d4ef3 Revert "Add accessor for x509.cert_info."
This reverts commit 519ad9b384.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-23 18:20:26 +02:00
Emilia Kasper
6ce2a64191 Revert "Add more accessors."
This reverts commit cacdfcb247.

Conflicts:
	crypto/x509/x509.h

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-23 18:20:26 +02:00
Andy Polyakov
d2a1226b81 CHANGES: mention ECP_NISTZ256.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit 507efe7372)
2014-09-23 14:56:46 +02:00
Andy Polyakov
9fa9370b6f crypto/ecp_nistz256.c: harmonize error codes.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit be07ae9b10)
2014-09-22 00:11:04 +02:00
Dr. Stephen Henson
12f14b1d8f Fix warning.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 16e5b45f72)
2014-09-22 00:10:53 +02:00
Andy Polyakov
27918b7c25 crypto/ec: harmonize new code with FIPS module.
RT: 3149
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-22 00:07:44 +02:00
Andy Polyakov
2e31c47adb Configure: engage ECP_NISTZ256.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 847147908b)

Resolved conflicts:

	Configure
	TABLE
2014-09-22 00:07:44 +02:00
Andy Polyakov
3842a64d36 Add ECP_NISTZ256 by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4d3fa06fce)
2014-09-22 00:07:44 +02:00
Andy Polyakov
8aed2a7548 Reserve option to use BN_mod_exp_mont_consttime in ECDSA.
Submitted by Shay Gueron, Intel Corp.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f54be179aa)
2014-09-22 00:07:44 +02:00
Andy Polyakov
f7835e1c20 perlasm/x86_64-xlate.pl: handle inter-bank movd.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 902b30df19)
2014-09-22 00:07:44 +02:00
Andy Polyakov
11d8abb331 Configure: add configuration for crypto/ec/asm extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6019cdd327)

Resolved conflicts:

	Configure
	Makefile.org
	TABLE
2014-09-22 00:07:44 +02:00
Tim Hudson
320d949781 Fixed error introduced in commit f2be92b94d
that fixed PR#3450 where an existing cast masked an issue when i was changed
from int to long in that commit

Picked up on z/linux (s390) where sizeof(int)!=sizeof(long)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b5ff559ff9)
2014-09-22 06:35:57 +10:00
Andy Polyakov
dfb5de6fc0 Harmonize Tru64 and Linux make rules.
RT: 3333,3165
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d475b2a3bf)
2014-09-20 10:22:13 +02:00
Jake Goulding
5015a93ded RT2301: GetDIBits, not GetBitmapBits in rand_win
GetDIBits has been around since Windows2000 and
BitBitmapBits is an old Win16 compatibility function
that is much slower.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 99b00fd993)
2014-09-18 16:42:07 -04:00
Rich Salz
478b3470ff RT2772 update: c_rehash was broken
Move the readdir() lines out of the if statement, so
that flist is available globally.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6f46c3c3b0)
2014-09-11 13:09:56 -04:00
Rich Salz
3258429883 RT3271 update; extra; semi-colon; confuses; some;
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit cb4bb56bae)
2014-09-10 15:09:53 -04:00
Rich Salz
a9d928a8b6 RT2560: missing NULL check in ocsp_req_find_signer
If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980)
2014-09-10 12:20:15 -04:00