Commit graph

14136 commits

Author SHA1 Message Date
Matt Caswell
6a009812b2 Check for 0 modulus in BN_MONT_CTX_set
The function BN_MONT_CTX_set was assuming that the modulus was non-zero
and therefore that |mod->top| > 0. In an error situation that may not be
the case and could cause a seg fault.

This is a follow on from CVE-2015-1794.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-11 19:57:01 +01:00
Guy Leaver (guleaver)
61e72d761c Fix seg fault with 0 p val in SKE
If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
value of p set to 0 then a seg fault can occur. This commits adds a test to
reject p, g and pub key parameters that have a 0 value (in accordance with
RFC 5246)

The security vulnerability only affects master and 1.0.2, but the fix is
additionally applied to 1.0.1 for additional confidence.

CVE-2015-1794

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-11 19:57:01 +01:00
Matt Caswell
870063c83d Normalise make errors output
make errors wants things in a different order to the way things are
currently defined in the header files. The easiest fix is to just let it
reorder it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-11 19:57:01 +01:00
Rich Salz
fd682e4cdd GH365: Missing #ifdef rename.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-10 12:17:53 -04:00
Rich Salz
fbfcb22439 RT3999: Remove sub-component version strings
Especially since after the #ifdef cleanups this is not useful.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-10 12:13:32 -04:00
Rich Salz
82c494276d Fix build break.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-08-10 12:00:23 -04:00
Ben Laurie
4b9cb35d85 Find the right indent on *BSD.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-10 13:28:26 +01:00
bluelineXY
ff4a9394a2 GH357: Update ocsp.c
Add Host Header in OCSP query if no host header is set via -header

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-08-08 18:18:03 -04:00
David Woodhouse
2bfbeb2645 RT3998: fix X509_check_host.pod release to 1.0.2
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-08-08 18:13:25 -04:00
Adam Eijdenberg
e23a3fc8e3 Fix clang uninitialized variable warning.
We could just initialize it, but to be consistent with the rest of the file
it seemed to make more sense to just drop.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-06 22:45:29 +01:00
Matt Caswell
04fe876b56 Revert "Fix uninitalised warning."
This reverts commit 704563f04a.

Reverting in favour of the next commit which removes the underlying cause
of the warning.

Reviewed-by: Ben Laurie <ben@openssl.org>
2015-08-06 22:44:29 +01:00
Ben Laurie
704563f04a Fix uninitalised warning.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-06 21:32:58 +01:00
Anton Blanchard
1125245997 RT3990: Fix #include path.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-05 22:06:01 -04:00
Adam Eijdenberg
6f136aa6fc Change error reason to match previous behaviour.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-04 15:15:38 -07:00
Adam Eijdenberg
6c3cca5793 Fix unhandled error condition in sslv2 client hello parsing.
--strict-warnings started showing warnings for this today...

Surely an error should be raised if these reads fail?

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-04 15:05:01 -07:00
Matt Caswell
e77bdc7310 Fix SRTP s_client/s_server options
The -use_srtp s_client/s_server option is supposed to take a colon
separated string as an argument. In master this was incorrectly set to
expect a filename.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-04 19:20:11 +01:00
Matt Caswell
c3fc7eeab8 PACKETise NextProto
Change NextProto message processing to use the PACKET API.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-08-04 14:05:10 +01:00
Matt Caswell
f532a35d2a PACKETise CertificateVerify processing
Modify CertificateVerify processing to use the new PACKET API.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-08-04 13:56:50 +01:00
Matt Caswell
0bc09ecd26 PACKETise ClientCertificate processing
Use the PACKET API for processing ClientCertificate messages

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-04 13:15:29 +01:00
Matt Caswell
44128847e8 Fix a bug in the new PACKET implementation
Some of the PACKET functions were returning incorrect data. An unfortunate
choice of test data in the unit test was masking the failure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-04 13:06:58 +01:00
Matt Caswell
8d11b7c7ee Fix warning when compiling with no-ec2m
EC_KEY_set_public_key_affine_coordinates was using some variables that only
apply if OPENSSL_NO_EC2M is not defined.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-08-03 20:34:40 +01:00
Matt Caswell
496dbe1855 Fix make errors for the CCS changes
The move of CCS into the state machine was causing make errors to fail. This
fixes it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:18:06 +01:00
Matt Caswell
e9f6b9a1a5 Fix ssl3_read_bytes handshake fragment bug
The move of CCS into the state machine introduced a bug in ssl3_read_bytes.
The value of |recvd_type| was not being set if we are satisfying the request
from handshake fragment storage. This can occur, for example, with
renegotiation and causes the handshake to fail.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:18:06 +01:00
Matt Caswell
c69f2adf71 Move DTLS CCS processing into the state machine
Continuing on from the previous commit this moves the processing of DTLS
CCS messages out of the record layer and into the state machine.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:18:05 +01:00
Matt Caswell
657da85eea Move TLS CCS processing into the state machine
The handling of incoming CCS records is a little strange. Since CCS is not
a handshake message it is handled differently to normal handshake messages.
Unfortunately whilst technically it is not a handhshake message the reality
is that it must be processed in accordance with the state of the handshake.
Currently CCS records are processed entirely within the record layer. In
order to ensure that it is handled in accordance with the handshake state
a flag is used to indicate that it is an acceptable time to receive a CCS.

Previously this flag did not exist (see CVE-2014-0224), but the flag should
only really be considered a workaround for the problem that CCS is not
visible to the state machine.

Outgoing CCS messages are already handled within the state machine.

This patch makes CCS visible to the TLS state machine. A separate commit
will handle DTLS.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:18:05 +01:00
Matt Caswell
9ceb2426b0 PACKETise ClientHello processing
Uses the new PACKET code to process the incoming ClientHello including all
extensions etc.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:01:42 +01:00
Matt Caswell
6fc2ef20a9 PACKET unit tests
Add some unit tests for the new PACKET API

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:01:42 +01:00
Matt Caswell
7e729bb5a3 Add initial packet parsing code
Provide more robust (inline) functions to replace n2s, n2l, etc. These
functions do the same thing as the previous macros, but also keep track
of the amount of data remaining and return an error if we try to read more
data than we've got.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:01:42 +01:00
Ben Laurie
bb484020c3 Fix refactoring breakage.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 16:11:16 +01:00
Dr. Stephen Henson
5a168057bc don't reset return value to 0
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-02 14:28:50 +01:00
Ben Laurie
480405e4a9 Add -Wconditional-uninitialized to clang strict warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 02:45:44 +01:00
Ben Laurie
d237a2739c Build with --strict-warnings on FreeBSD.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 02:21:46 +01:00
Ben Laurie
9e83e6cda9 Make BSD make happy with subdirectories.
Reviewed-by: Richard Levitte
2015-08-01 22:09:25 +01:00
Dirk Wetter
e36ce2d986 GH336: Return an exit code if report fails
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-01 14:32:32 -04:00
Ben Laurie
34750dc25d Only define PAGE_SIZE if not already defined.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-31 20:50:07 +01:00
Matt Caswell
e1e088ec7f Remove erroneous server_random filling
Commit e481f9b90b removed OPENSSL_NO_TLSEXT from the code.

Previously if OPENSSL_NO_TLSEXT *was not* defined then the server random was
filled during getting of the ClientHello. If it *was* defined then the
server random would be filled in ssl3_send_server_hello(). Unfortunately in
commit e481f9b90b the OPENSSL_NO_TLSEXT guards were removed but *both*
server random fillings were left in. This could cause problems for session
ticket callbacks.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-07-31 20:30:35 +01:00
Loganaden Velvindron
1a586b3942 Clear BN-mont values when free'ing it.
From a CloudFlare patch.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-07-31 13:38:15 -04:00
Rich Salz
740ceb5b0c Various doc fixes from GH pull requests
Thanks folks:
        348 Benjamin Kaduk
        317 Christian Brueffer
        254 Erik Tews
        253 Erik Tews
        219 Carl Mehner
        155 (ghost)
        95 mancha
        51 DominikNeubauer

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-07-31 12:27:27 -04:00
Kai Engert
898ea7b855 RT3742: Add xmpp_server to s_client.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:19:45 -04:00
Adam Eijdenberg
be0c03618a RT3963: Allow OCSP stapling with -rev and -www
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:15:42 -04:00
Adam Eijdenberg
e46bcca25e RT3962: Check accept_count only if not unlimited
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:13:58 -04:00
Adam Eijdenberg
902c6b95a3 RT3961: Fix switch/case errors in flag parsing
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:11:55 -04:00
Nicholas Cooper
119ab03aea RT3959: Fix misleading comment
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:07:11 -04:00
Dr. Stephen Henson
3df16cc2e2 cleanse psk_identity on error
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:34 +01:00
Dr. Stephen Henson
a784665e52 Free and cleanse pms on error
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
a3f7ff2b2d Don't request certificates for any PSK ciphersuite
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
69a3a9f5d9 CAMELLIA PSK ciphersuites from RFC6367
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
b2f8ab8681 Add PSK ciphersuites to docs
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
23237159f7 Update CHANGES
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
5516fcc0c9 Add RFC4785 ciphersuites
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:36 +01:00