Commit graph

11367 commits

Author SHA1 Message Date
Matt Caswell
80d09058af The first call to query the mtu in dtls1_do_write correctly checks that the
mtu that we have received is not less than the minimum. If its less it uses the
minimum instead. The second call to query the mtu does not do that, but
instead uses whatever comes back. We have seen an instance in RT#3592 where we
have got an unreasonably small mtu come back. This commit makes both query
checks consistent.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 6abb0d1f8e)
2014-12-03 09:30:21 +00:00
Matt Caswell
3cc0c0d21c The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being
automatically updated, and we should use the one provided instead.
Unfortunately there are a couple of locations where this is not respected.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 001235778a)
2014-12-03 09:30:21 +00:00
Matt Caswell
5e47008b61 Verify that we have a sensible message len and fail if not
RT#3592 provides an instance where the OPENSSL_assert that this commit
replaces can be hit. I was able to recreate this issue by forcing the
underlying BIO to misbehave and come back with very small mtu values. This
happens the second time around the while loop after we have detected that the
MTU has been exceeded following the call to dtls1_write_bytes.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit cf75017bfd)
2014-12-03 09:30:21 +00:00
Kurt Roeckx
e9f47de1f0 Use the SSLv23 method by default
If SSLv2 and SSLv3 are both disabled we still support SSL/TLS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-02 11:28:42 +01:00
Richard Levitte
6a7a4a4e19 Check for FindNextFile when defining it rather than FindFirstFile
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-28 23:31:28 +01:00
Richard Levitte
67a0ea702b [PR3597] Advance to the next state variant when reusing messages.
Previously, state variant was not advanced, which resulted in state
being stuck in the st1 variant (usually "_A").

This broke certificate callback retry logic when accepting connections
that were using SSLv2 ClientHello (hence reusing the message), because
their state never advanced to SSL3_ST_SR_CLNT_HELLO_C variant required
for the retry code path.

Reported by Yichun Zhang (agentzh).

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-28 23:31:28 +01:00
Richard Levitte
89e1e5c84d Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 8123d158ab)
2014-11-28 17:04:15 +01:00
Alok Menghrajani
7cae6eeed0 Improves the proxy certificates howto doc.
The current documentation contains a bunch of spelling and grammar mistakes. I also
found it hard to understand some paragraphs, so here is my attempt to improve its
readability.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 03b637a730)
2014-11-28 17:04:15 +01:00
Matt Caswell
4b12a17fe3 Fix warning in ssl2_enc
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit f9ea4deba0)
2014-11-27 21:46:04 +00:00
Matt Caswell
2e524475cd Remove more references to dtls1_enc
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit eceef8fb86)
2014-11-27 21:46:04 +00:00
Matt Caswell
ac3dc3ee87 Check EVP_Cipher return values for SSL2
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 81ec01b217)
2014-11-27 21:46:04 +00:00
Matt Caswell
63039a177a Delete unused file
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 4b87706d20)

Conflicts:
	ssl/d1_enc.c
2014-11-27 21:46:00 +00:00
Matt Caswell
ca88bd4112 Add checks to the return value of EVP_Cipher to prevent silent encryption failure.
PR#1767

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit fe78f08d15)
2014-11-27 21:44:03 +00:00
Matt Caswell
1e7b4891cb Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST
PR#3613

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit fc3968a25c)
2014-11-27 20:51:59 +00:00
Matt Caswell
3623e24b45 Remove duplicated code
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 14:30:36 +00:00
Matt Caswell
e164582690 Tidy up ocsp help output
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 5e31a40f47)

Conflicts:
	apps/ocsp.c
2014-11-27 14:16:49 +00:00
André Guerreiro
4d3df37bc7 Add documentation on -timeout option in the ocsp utility
PR#3612

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit de87dd46c1)
2014-11-27 14:14:52 +00:00
Guenter
261e64b85e NetWare compilation fix.
Workaround for NetWare CodeWarrior compiler which doesn't properly lookup
includes when in same directory as the C file which includes it.

PR#3569
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

(cherry picked from commit 333fad9f2d)
2014-11-27 14:03:57 +00:00
Matt Caswell
23cf88440c Updates to X509_NAME_get_index_by_NID.pod submitted by user Bernardh via the wiki
Minor changes made by Matt Caswell

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 6484958645)
2014-11-27 13:57:11 +00:00
Matt Caswell
bd8192604a Updates to X509_NAME_add_entry_by_txt.pod submitted by user Bernardh via the wiki
Minor changes made by Matt Caswell.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit f281b8df70)
2014-11-27 13:57:11 +00:00
Matt Caswell
8f8e7cec83 Updates to EVP_PKEY_encrypt.pod submitted by user Bernardh via the wiki
Minor changes made by Matt Caswell.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 34890ac18e)
2014-11-27 13:57:11 +00:00
Matt Caswell
14332e4331 Add include of ssl.h which is required by srtp.h
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit f67203836c)
2014-11-27 13:17:56 +00:00
Matt Caswell
60de554e4f Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask
PR#3608

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 8a35dbb6d8)
2014-11-26 10:11:25 +00:00
Matt Caswell
c57400e86c Corrected comments in ssl.h about SSLv23_method and friends
PR#3574

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 3a0765882c)
2014-11-25 22:24:34 +00:00
Dr. Stephen Henson
f90fd2b017 Print out Suite B status.
When using the -xcert option to test certificate validity print out
if we pass Suite B compliance. We print out "not tested" if we aren't
in Suite B mode.
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit 7d4cdededc)
2014-11-20 22:14:45 +00:00
Dr. Stephen Henson
8d325d1d36 Fix SuiteB chain checking logic.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 7255ca99df)
2014-11-20 22:14:29 +00:00
David Benjamin
03d14f5887 Do not resume a session if the negotiated protocol version does not match
the session's version (server).

See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 9e189b9dc1)
2014-11-20 16:31:35 +01:00
Matt Caswell
6f71d7da64 When using EVP_PKEY_derive with a KDF set, a negative error from
ECDH_compute_key is silently ignored and the KDF is run on duff data

Thanks to github user tomykaira for the suggested fix.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 8d02bebddf)
2014-11-20 15:21:37 +00:00
Emilia Kasper
0b9e82763f Clean up CHANGES
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 31832e8ff1)

Conflicts:
	CHANGES
2014-11-20 15:19:42 +01:00
Emilia Kasper
e5f261df73 Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset
once the ChangeCipherSpec message is received. Previously, the server would
set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED.
This would allow a second CCS to arrive and would corrupt the server state.

(Because the first CCS would latch the correct keys and subsequent CCS
messages would have to be encrypted, a MitM attacker cannot exploit this,
though.)

Thanks to Joeri de Ruiter for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit e94a6c0ede)
2014-11-20 15:17:36 +01:00
Emilia Kasper
9baee0216f Always require an advertised NewSessionTicket message.
The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.

An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit de2c7504eb)
2014-11-20 15:17:36 +01:00
Emilia Kasper
5d23e1303c Remove ssl3_check_finished.
The client sends a session ID with the session ticket, and uses
the returned ID to detect resumption, so we do not need to peek
at handshake messages: s->hit tells us explicitly if we're resuming.

An equivalent change was independently made in BoringSSL, see commit
407886f589cf2dbaed82db0a44173036c3bc3317.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 980bc1ec61)

Conflicts:
	ssl/s3_clnt.c
2014-11-20 15:17:30 +01:00
Emilia Kasper
f7c7aa69f7 Set s->hit when resuming from external pre-shared secret.
The same change was independently made in BoringSSL, see commit
9eaeef81fa2d4fd6246dc02b6203fa936a5eaf67

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 7b3ba508af)
2014-11-20 15:09:45 +01:00
Emilia Kasper
ce5f32cfa7 Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext.
This ensures that it's zeroed even if the SSL object is reused
(as in ssltest.c). It also ensures that it applies to DTLS, too.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit a06cd5d056)
2014-11-20 15:09:45 +01:00
Matt Caswell
5891c226d8 Fix s_server -ssl2. Previously this reported "Error setting EC curve"
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 13d568661c)
2014-11-19 23:57:02 +00:00
Dr. Stephen Henson
017a15cbd2 New option no-ssl3-method which removes SSLv3_*method
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 3881d8106d)
2014-11-19 22:54:30 +00:00
Dr. Stephen Henson
786370b1b0 Fix excert logic.
If no keyfile has been specified use the certificate file instead.

Fix typo: we need to check the chain is not NULL, not the chain file.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-19 22:50:00 +00:00
Dr. Stephen Henson
56e8dc542b Process signature algorithms before deciding on certificate.
The supported signature algorithms extension needs to be processed before
the certificate to use is decided and before a cipher is selected (as the
set of shared signature algorithms supported may impact the choice).
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-19 14:44:42 +00:00
Matt Caswell
9ef1d283fe Added RFC 7027 references
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-18 13:10:41 +00:00
Matt Caswell
5a4a949904 Fixed cms-test.pl for no-ec2m
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-18 13:10:23 +00:00
Matt Caswell
ffa69c1ced Added OPENSSL_NO_EC2M guards around the default EC curves
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-18 13:10:01 +00:00
Jan Hykel
305e2b4111 Don't use msg on error.
Don't attempt to access msg structure if recvmsg returns an error.

PR#3483
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 012aa9ec76)
2014-11-17 12:41:47 +00:00
Dr. Stephen Henson
ba7aaa5622 Fix cross reference table generator.
If the hash or public key algorithm is "undef" the signature type
will receive special handling and shouldn't be included in the
cross reference table.
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 55f7fb8848)
2014-11-13 13:35:25 +00:00
Alok Menghrajani
2ad842b86a Fixes a minor typo in the EVP docs.
Out is the buffer which needs to contain at least inl + cipher_block_size - 1 bytes. Outl
is just an int*.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 5211e094de)
2014-11-12 21:05:01 +00:00
Michal Bozon
297a8fd4ac Correct timestamp output when clock_precision_digits > 0
PR#3535

Reviewed-by: Stephen Henson <steve@openssl.org>
2014-11-12 20:52:52 +00:00
Matt Caswell
5b3a5e3e90 Fix free of garbage pointer. PR#3595
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit e04d426bf9)
2014-11-12 20:29:27 +00:00
Kurt Roeckx
40e214a23b Fix warning about negative unsigned intergers
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-11 15:47:54 +01:00
Russell Coker
39679d858a Fix datarace reported by valgrind/helgrind
This doesn't really fix the datarace but changes it so it can only happens
once. This isn't really a problem since we always just set it to the same
value. We now just stop writing it after the first time.

PR3584, https://bugs.debian.org/534534

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-11-10 18:35:50 +01:00
Daniel Kahn Gillmor
0ec6898c67 Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH
see RT #3203

Future versions of OpenSSL use the canonical terms "ECDHE" and "DHE"
as configuration strings and compilation constants.  This patch
introduces aliases so that the stable 1.0.2 branch can be
forward-compatible with code and configuration scripts that use the
normalized terms, while avoiding changing any library output for
stable users.

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-10 10:58:49 +01:00
Andy Polyakov
1e10aee2a7 armv4cpuid.S: fix compilation error in pre-ARMv7 build.
PR: 3474
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 6696203963)
2014-10-30 20:31:50 +01:00