Commit graph

13108 commits

Author SHA1 Message Date
Rich Salz
10bf4fc2c3 Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC
Suggested by John Foley <foleyj@cisco.com>.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-11 09:29:37 -04:00
Matt Caswell
ac5a110621 Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-03-11 11:18:15 +00:00
Richard Levitte
97a0cc5281 Move Configurations* out of the way and rename them.
Configure would load the glob "Configurations*".  The problem with
this is that it also loads all kinds of backups of those
configurations that some editors do, like emacs' classic
'Configurations~'.  The solution is to give them an extension, such as
'.conf', and make sure to end the glob with that.

Also, because 'Configurations.conf' makes for a silly name, and
because a possibly large number of configurations will become clutter,
move them to a subdirectory 'Configurations/', and rename them to
something more expressive, as well as something that sets up some form
of sorting order.  Thus:

    Configurations	->	Configurations/10-main.conf
    Configurations.team	->	Configurations/90-team.conf

Finally, make sure that Configure sorts the list of files that 'glob'
produces, and adapt Makefile.org.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-11 12:07:25 +01:00
Matt Caswell
c9dd49a751 Cleanse buffers
Cleanse various intermediate buffers used by the PRF.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-11 10:40:44 +00:00
Emilia Kasper
06c6a2b4a3 Harmonize return values in dtls1_buffer_record
Ensure all malloc failures return -1.

Reported by Adam Langley (Google).

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-10 12:18:18 -07:00
Richard Godbee
460e920d8a BIO_debug_callback: Fix output on 64-bit machines
BIO_debug_callback() no longer assumes the hexadecimal representation of
a pointer fits in 8 characters.

Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-10 12:32:39 +01:00
Matt Caswell
e1b568dd24 Prevent handshake with unseeded PRNG
Fix security issue where under certain conditions a client can complete a
handshake with an unseeded PRNG. The conditions are:
- Client is on a platform where the PRNG has not been seeded, and the
user has not seeded manually
- A protocol specific client method version has been used (i.e. not
SSL_client_methodv23)
- A ciphersuite is used that does not require additional random data
from the PRNG beyond the initial ClientHello client random
(e.g. PSK-RC4-SHA)

If the handshake succeeds then the client random that has been used will
have been generated from a PRNG with insufficient entropy and therefore
the output may be predictable.

For example using the following command with an unseeded openssl will
succeed on an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

CVE-2015-0285

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-10 10:42:42 +00:00
Dmitry-Me
0b142f022e Fix wrong numbers being passed as string lengths
Signed-off-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-09 21:02:41 +01:00
Dr. Stephen Henson
99e1ad3c4b update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-09 16:55:18 +00:00
David Woodhouse
f7683aaf36 Wrong SSL version in DTLS1_BAD_VER ClientHello
Since commit 741c9959 ("DTLS revision."), we put the wrong protocol
version into our ClientHello for DTLS1_BAD_VER. The old DTLS
code which used ssl->version was replaced by the more generic SSL3 code
which uses ssl->client_version. The Cisco ASA no longer likes our
ClientHello.

RT#3711

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-09 11:04:39 +00:00
Matt Caswell
5178a16c43 Fix DTLS1_BAD_VER regression
Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check
from dtls1_buffer_message() which was needed to distinguish between DTLS
1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER).

Based on an original patch by David Woodhouse <dwmw2@infradead.org>
RT#3703

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-09 10:51:57 +00:00
Dr. Stephen Henson
a8ae0891d4 Cleanse PKCS#8 private key components.
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.

Call ASN1_STRING_clear_free on PKCS#8 private key components.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-08 16:27:55 +00:00
Dr. Stephen Henson
e3013932df Additional CMS documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-08 16:18:21 +00:00
Andy Polyakov
e390ae50e0 ARMv4 assembly pack: add Cortex-A15 performance data.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-08 14:09:32 +01:00
Viktor Szakats
63a3c45582 GitHub 237: Use https for IETF links
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-07 21:24:40 -05:00
Matt Caswell
f3b9ce90bb make errors
Run make errors on master

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-06 14:06:17 +00:00
Matt Caswell
65aaab2fa6 Update mkerr.pl for new format
Make the output from mkerr.pl consistent with the newly reformatted code.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-06 14:06:16 +00:00
Richard Levitte
c7223a115f update TABLE
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-06 10:22:43 +01:00
Richard Levitte
4a577300c2 Cleanup spaces
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-06 10:22:43 +01:00
Richard Levitte
cdca82dcde Catch up the VMS build.
crypto/crypto-lib.com - catch up with the OCSP changes
test/maketest.com and test/tests.com - catch up with the addition of test_evp_extra

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-05 18:20:06 +01:00
Dr. Stephen Henson
31c2b6ee7a Make STACK_OF opaque.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-05 15:51:03 +00:00
Dr. Stephen Henson
d62bc5d30f update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-05 15:44:41 +00:00
Dr. Stephen Henson
6ef869d7d0 Make OCSP structures opaque.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-05 14:47:48 +00:00
Kurt Cancemi
fd865cadcb Use constants not numbers
This patch uses warning/fatal constants instead of numbers with comments for
warning/alerts in d1_pkt.c and s3_pkt.c

RT#3725

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-05 09:25:53 +00:00
Matt Caswell
918bb86529 Unchecked malloc fixes
Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error
paths as I spotted them along the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-05 09:09:57 +00:00
Dr. Stephen Henson
618be04e40 add RIPEMD160 whirlpool tests
Add RIPEMD160 and whirlpool test data.
Add Count keyword to repeatedly call EVP_DigestUpate.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-04 13:30:42 +00:00
Dr. Stephen Henson
28a00bcd8e Check public key is not NULL.
CVE-2015-0288
PR#3708

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-02 15:24:53 +00:00
Dr. Stephen Henson
437b14b533 Fix format script.
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-02 13:26:29 +00:00
Rich Salz
9f7f8eced5 Cleanup some doc files
ACKNOWLEDGEMENTS is now spelled correctly :)
README.ASN1 talked about 0.9.6, so it's deleted.
I turned doc/standards.txt into a set of one-line summaries of RFCs, and
also updated the pointers to original sources (to be web links)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-01 20:46:38 -05:00
Rich Salz
a258afaf7c Remove experimental 56bit export ciphers
These ciphers are removed:
    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5
    TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
    TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA
    TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA
    TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
    TLS1_CK_DHE_DSS_WITH_RC4_128_SHA
They were defined in a long-expired IETF internet-draft:
draft-ietf-tls-56-bit-ciphersuites-01.txt

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-01 16:18:16 -05:00
Matt Caswell
af674d4e20 Fix d2i_SSL_SESSION for DTLS1_BAD_VER
Some Cisco appliances use a pre-standard version number for DTLS. We support
this as DTLS1_BAD_VER within the code.

This change fixes d2i_SSL_SESSION for that DTLS version.

Based on an original patch by David Woodhouse <dwmw2@infradead.org>

RT#3704

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-27 20:29:03 +00:00
Matt Caswell
eadf70d2c8 Fixed missing return value checks.
Added various missing return value checks in tls1_change_cipher_state.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-27 15:09:28 +00:00
Matt Caswell
687eaf27a7 Fix missing return value checks.
Fixed various missing return value checks in ssl3_send_newsession_ticket.
Also a mem leak on error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-27 15:09:02 +00:00
Dr. Stephen Henson
366448ec5e reformat evp_test.c
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-27 02:50:41 +00:00
Dr. Stephen Henson
2207ba7b44 Add OCB support and test vectors for evp_test.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-27 02:48:19 +00:00
Dr. Stephen Henson
578ce42d35 Skip unsupported digests in evp_test
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-27 00:18:10 +00:00
Dr. Stephen Henson
7406e32396 add MD4 test data
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-27 00:18:10 +00:00
Dr. Stephen Henson
33a89fa66c Skip unsupported ciphers in evp_test.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-27 00:18:10 +00:00
Dr. Stephen Henson
35313768c7 Make OpenSSL compile with no-rc4
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-27 00:18:10 +00:00
Dr. Stephen Henson
7a6c979242 Add algorithm skip support.
Add support for skipping disabled algorithms: if an attempt to load a
public or private key results in an unknown algorithm error then any
test using that key is automatically skipped.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-27 00:16:39 +00:00
Matt Caswell
a988036259 Fix evp_extra_test.c with no-ec
When OpenSSL is configured with no-ec, then the new evp_extra_test fails to
pass. This change adds appropriate OPENSSL_NO_EC guards around the code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-26 23:31:03 +00:00
Matt Caswell
cf61ef75be Remove NETSCAPE_HANG_BUG
NETSCAPE_HANG_BUG is a workaround for a browser bug from many years ago
(2000).
It predates DTLS, so certainly has no place in d1_srvr.c.
In s3_srvr.c it forces the ServerDone to appear in the same record as the
CertificateRequest when doing client auth.

BoringSSL have already made the same commit:
79ae85e4f777f94d91b7be19e8a62016cb55b3c5

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-26 23:27:09 +00:00
Matt Caswell
7a4dadc3a6 Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed
the "-hack" option from s_server that set this option.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-26 23:22:46 +00:00
Matt Caswell
f7812493a0 Update the SHA* documentation
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note
the restriction on setting md to NULL with regards to thread safety.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-25 20:52:34 +00:00
Rainer Jung
64d2733176 Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using
the extract-names.pl script.

RT#3718

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-25 20:46:51 +00:00
Matt Caswell
12e0ea306a Fix some minor documentation issues
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:34 +00:00
Matt Caswell
535bc8faf6 Remove pointless free, and use preferred way of calling d2i_* functions
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:24 +00:00
Matt Caswell
09f278f925 Add dire warnings about the "reuse" capability of the d2i_* functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:19 +00:00
Matt Caswell
93b83d0626 Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:14 +00:00
Matt Caswell
9e442d4850 Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:07 +00:00