Commit graph

11587 commits

Author SHA1 Message Date
Matt Caswell
9c5c18500b Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit ac5a110621)
2015-03-11 11:21:09 +00:00
Matt Caswell
35fafc4dbc Cleanse buffers
Cleanse various intermediate buffers used by the PRF (backported version
from master).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-11 10:45:23 +00:00
Emilia Kasper
0c14565c5b Harmonize return values in dtls1_buffer_record
Ensure all malloc failures return -1.

Reported by Adam Langley (Google).

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 06c6a2b4a3)
2015-03-10 13:52:32 -07:00
Richard Godbee
5a9e9669d8 BIO_debug_callback: Fix output on 64-bit machines
BIO_debug_callback() no longer assumes the hexadecimal representation of
a pointer fits in 8 characters.

Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 460e920d8a)
2015-03-10 12:34:21 +01:00
Matt Caswell
2b31fcc0b5 Prevent handshake with unseeded PRNG
Fix security issue where under certain conditions a client can complete a
handshake with an unseeded PRNG. The conditions are:
- Client is on a platform where the PRNG has not been seeded, and the
user has not seeded manually
- A protocol specific client method version has been used (i.e. not
SSL_client_methodv23)
- A ciphersuite is used that does not require additional random data
from the PRNG beyond the initial ClientHello client random
(e.g. PSK-RC4-SHA)

If the handshake succeeds then the client random that has been used will
have been generated from a PRNG with insufficient entropy and therefore
the output may be predictable.

For example using the following command with an unseeded openssl will
succeed on an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

CVE-2015-0285

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e1b568dd24)
2015-03-10 10:45:52 +00:00
Dmitry-Me
b65b4c3481 Fix wrong numbers being passed as string lengths
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0b142f022e)
2015-03-09 21:05:39 +01:00
Dr. Stephen Henson
ef116b0003 update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-09 16:57:24 +00:00
David Woodhouse
0d691e0e27 Wrong SSL version in DTLS1_BAD_VER ClientHello
Since commit 741c9959 ("DTLS revision."), we put the wrong protocol
version into our ClientHello for DTLS1_BAD_VER. The old DTLS
code which used ssl->version was replaced by the more generic SSL3 code
which uses ssl->client_version. The Cisco ASA no longer likes our
ClientHello.

RT#3711

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f7683aaf36)
2015-03-09 11:07:47 +00:00
Matt Caswell
ae3fcdf1e5 Fix DTLS1_BAD_VER regression
Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check
from dtls1_buffer_message() which was needed to distinguish between DTLS
1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER).

Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3703

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 5178a16c43)
2015-03-09 10:54:06 +00:00
Dr. Stephen Henson
d6ca1cee8b fix warning
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-08 17:31:48 +00:00
Dr. Stephen Henson
bfa34f551c Cleanse PKCS#8 private key components.
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a8ae0891d4)
2015-03-08 16:29:28 +00:00
Dr. Stephen Henson
f9aa27dc78 Additional CMS documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e3013932df)
2015-03-08 16:19:24 +00:00
Kurt Roeckx
f417997a32 Remove export ciphers from the DEFAULT cipher list
They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-07 23:02:19 +01:00
Matt Caswell
6ee3997134 Update mkerr.pl for new format
Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-06 14:07:05 +00:00
Kurt Cancemi
f9a21ed069 Use constants not numbers
This patch uses warning/fatal constants instead of numbers with comments for
warning/alerts in d1_pkt.c and s3_pkt.c

RT#3725

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit fd865cadcb)
2015-03-05 09:28:37 +00:00
Matt Caswell
d6b4a41d10 Unchecked malloc fixes
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 918bb86529)

Conflicts:
	crypto/bio/bss_dgram.c
2015-03-05 09:15:08 +00:00
Dr. Stephen Henson
9fdbaf3a32 Check public key is not NULL.
CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 28a00bcd8e)
2015-03-02 15:26:41 +00:00
Dr. Stephen Henson
6fff54b0ce Fix format script.
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 437b14b533)
2015-03-02 13:43:17 +00:00
Matt Caswell
6e20f55646 Fix d2i_SSL_SESSION for DTLS1_BAD_VER
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.

This change fixes d2i_SSL_SESSION for that DTLS version.

Based on an original patch by David Woodhouse <dwmw2@infradead.org>

RT#3704

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	ssl/ssl_asn1.c
2015-02-27 20:31:28 +00:00
Matt Caswell
87cd297d14 Fixed missing return value checks.
Added various missing return value checks in tls1_change_cipher_state.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-27 15:18:21 +00:00
Matt Caswell
195f6302bb Fix missing return value checks.
Fixed various missing return value checks in ssl3_send_newsession_ticket.
Also a mem leak on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>

Conflicts:
	ssl/s3_srvr.c
2015-02-27 15:18:20 +00:00
Matt Caswell
8f51c206b3 Fix evp_extra_test.c with no-ec
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit a988036259)
2015-02-26 23:34:54 +00:00
Matt Caswell
f2aff60f6f Update the SHA* documentation
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note
the restriction on setting md to NULL with regards to thread safety.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit f7812493a0)
2015-02-25 22:57:19 +00:00
Rainer Jung
fbabc6c06e Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using
the extract-names.pl script.

RT#3718

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-25 20:47:42 +00:00
Matt Caswell
bfb14d724b Fix some minor documentation issues
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
4d2207f097 Remove pointless free, and use preferred way of calling d2i_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
b42e4a9f6b Add dire warnings about the "reuse" capability of the d2i_* functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
78a6b77976 Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
ba5d0113e8 Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:22:01 +00:00
Matt Caswell
f747572547 Import evp_test.c from BoringSSL. Unfortunately we already have a file
called evp_test.c, so I have called this one evp_extra_test.c

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Conflicts:
	crypto/evp/Makefile
	test/Makefile
2015-02-25 17:21:58 +00:00
Dr. Stephen Henson
36b619a06e Document -no_explicit
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 384dee5124)
2015-02-24 15:28:38 +00:00
Andy Polyakov
13c1807041 Fix crash in SPARC T4 XTS.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 775b669de3)
2015-02-24 10:12:57 +01:00
Andy Polyakov
f243def213 sha/asm/sha1-586.pl: fix typo.
The typo doesn't affect supported configuration, only unsupported masm.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 3372c4fffa)
2015-02-22 19:22:09 +01:00
Dr. Stephen Henson
1f956f9cda typo
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 15b5d6585d)
2015-02-22 14:44:21 +00:00
Edgar Pek
98e6f07901 Fix null-pointer dereference
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit bcfa19a8d1)
2015-02-22 13:23:53 +01:00
Kurt Roeckx
f95519538a Fix memory leak
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit edac5dc220)
2015-02-22 13:23:53 +01:00
Doug Hogan
79e2e927e6 Avoid a double-free in an error path.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 1549a26520)
2015-02-22 13:23:52 +01:00
Richard Levitte
7f3563b576 Restore -DTERMIO/-DTERMIOS on Windows platforms.
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically.  Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration.  The answer is to restore those macro definitions for
the affected configuration targets.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ba4bdee718)

Conflicts:
	Configure
2015-02-22 09:38:20 +01:00
Richard Levitte
458a55af16 Assume TERMIOS is default, remove TERMIO on all Linux.
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux.  For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.

crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit 64e6bf64b3)

Conflicts:
	Configure
	crypto/ui/ui_openssl.c
2015-02-22 08:10:29 +01:00
Richard Levitte
681da86ebb Transfer a fix from 1.0.1
manually picked from e7b85bc402
Reviewed-by: Stephen Henson <steve@openssl.org>

(cherry picked from commit 774ccae63c)
2015-02-13 13:40:47 +01:00
Rich Salz
872f91c403 RT3684: rand_egd needs stddef.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-02-12 14:23:28 -05:00
Graeme Perrow
ee1ccd0a41 RT3670: Check return from BUF_MEM_grow_clean
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b0333e697c)
2015-02-12 13:01:33 -05:00
Eric Dequin
62bfff2d99 Missing OPENSSL_free on error path.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 1d2932de4c)
2015-02-12 11:15:29 -05:00
Emilia Kasper
95929797a0 Fix hostname validation in the command-line tool to honour negative return values.
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 0923e7df9e)
2015-02-10 15:36:03 +01:00
Andy Polyakov
bcfaa4eeee objects/obj_xref.h: revert reformat.
obj_xref.h was erroneously restored to pre-reformat state.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 08:55:30 +01:00
Andy Polyakov
cb43fd0467 Bring objects.pl output even closer to new format.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 849037169d)
2015-02-09 16:00:25 +01:00
Dr. Stephen Henson
ba25221226 Fix memory leak reporting.
Free up bio_err after memory leak data has been printed to it.

In int_free_ex_data if ex_data is NULL there is nothing to free up
so return immediately and don't reallocate it.
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 9c7a780bbe)
2015-02-09 13:01:15 +00:00
Andy Polyakov
506805e708 Harmonize objects.pl output with new format.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 7ce3862319)
2015-02-09 09:57:23 +01:00
Matt Caswell
04222b630e Fix error handling in ssltest
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit ae632974f9)
2015-02-06 10:08:58 +00:00
Rich Salz
16064539ad Fixed bad formatting in crypto/des/spr.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 7e35f06ea9)
2015-02-05 09:45:25 -05:00