Commit graph

13767 commits

Author SHA1 Message Date
Matt Caswell
44128847e8 Fix a bug in the new PACKET implementation
Some of the PACKET functions were returning incorrect data. An unfortunate
choice of test data in the unit test was masking the failure.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-04 13:06:58 +01:00
Matt Caswell
8d11b7c7ee Fix warning when compiling with no-ec2m
EC_KEY_set_public_key_affine_coordinates was using some variables that only
apply if OPENSSL_NO_EC2M is not defined.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-08-03 20:34:40 +01:00
Matt Caswell
496dbe1855 Fix make errors for the CCS changes
The move of CCS into the state machine was causing make errors to fail. This
fixes it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:18:06 +01:00
Matt Caswell
e9f6b9a1a5 Fix ssl3_read_bytes handshake fragment bug
The move of CCS into the state machine introduced a bug in ssl3_read_bytes.
The value of |recvd_type| was not being set if we are satisfying the request
from handshake fragment storage. This can occur, for example, with
renegotiation and causes the handshake to fail.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:18:06 +01:00
Matt Caswell
c69f2adf71 Move DTLS CCS processing into the state machine
Continuing on from the previous commit this moves the processing of DTLS
CCS messages out of the record layer and into the state machine.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:18:05 +01:00
Matt Caswell
657da85eea Move TLS CCS processing into the state machine
The handling of incoming CCS records is a little strange. Since CCS is not
a handshake message it is handled differently to normal handshake messages.
Unfortunately whilst technically it is not a handhshake message the reality
is that it must be processed in accordance with the state of the handshake.
Currently CCS records are processed entirely within the record layer. In
order to ensure that it is handled in accordance with the handshake state
a flag is used to indicate that it is an acceptable time to receive a CCS.

Previously this flag did not exist (see CVE-2014-0224), but the flag should
only really be considered a workaround for the problem that CCS is not
visible to the state machine.

Outgoing CCS messages are already handled within the state machine.

This patch makes CCS visible to the TLS state machine. A separate commit
will handle DTLS.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:18:05 +01:00
Matt Caswell
9ceb2426b0 PACKETise ClientHello processing
Uses the new PACKET code to process the incoming ClientHello including all
extensions etc.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:01:42 +01:00
Matt Caswell
6fc2ef20a9 PACKET unit tests
Add some unit tests for the new PACKET API

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:01:42 +01:00
Matt Caswell
7e729bb5a3 Add initial packet parsing code
Provide more robust (inline) functions to replace n2s, n2l, etc. These
functions do the same thing as the previous macros, but also keep track
of the amount of data remaining and return an error if we try to read more
data than we've got.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-03 11:01:42 +01:00
Ben Laurie
bb484020c3 Fix refactoring breakage.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 16:11:16 +01:00
Dr. Stephen Henson
5a168057bc don't reset return value to 0
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-02 14:28:50 +01:00
Ben Laurie
480405e4a9 Add -Wconditional-uninitialized to clang strict warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 02:45:44 +01:00
Ben Laurie
d237a2739c Build with --strict-warnings on FreeBSD.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 02:21:46 +01:00
Ben Laurie
9e83e6cda9 Make BSD make happy with subdirectories.
Reviewed-by: Richard Levitte
2015-08-01 22:09:25 +01:00
Dirk Wetter
e36ce2d986 GH336: Return an exit code if report fails
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-01 14:32:32 -04:00
Ben Laurie
34750dc25d Only define PAGE_SIZE if not already defined.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-31 20:50:07 +01:00
Matt Caswell
e1e088ec7f Remove erroneous server_random filling
Commit e481f9b90b removed OPENSSL_NO_TLSEXT from the code.

Previously if OPENSSL_NO_TLSEXT *was not* defined then the server random was
filled during getting of the ClientHello. If it *was* defined then the
server random would be filled in ssl3_send_server_hello(). Unfortunately in
commit e481f9b90b the OPENSSL_NO_TLSEXT guards were removed but *both*
server random fillings were left in. This could cause problems for session
ticket callbacks.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-07-31 20:30:35 +01:00
Loganaden Velvindron
1a586b3942 Clear BN-mont values when free'ing it.
From a CloudFlare patch.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-07-31 13:38:15 -04:00
Rich Salz
740ceb5b0c Various doc fixes from GH pull requests
Thanks folks:
        348 Benjamin Kaduk
        317 Christian Brueffer
        254 Erik Tews
        253 Erik Tews
        219 Carl Mehner
        155 (ghost)
        95 mancha
        51 DominikNeubauer

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-07-31 12:27:27 -04:00
Kai Engert
898ea7b855 RT3742: Add xmpp_server to s_client.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:19:45 -04:00
Adam Eijdenberg
be0c03618a RT3963: Allow OCSP stapling with -rev and -www
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:15:42 -04:00
Adam Eijdenberg
e46bcca25e RT3962: Check accept_count only if not unlimited
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:13:58 -04:00
Adam Eijdenberg
902c6b95a3 RT3961: Fix switch/case errors in flag parsing
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:11:55 -04:00
Nicholas Cooper
119ab03aea RT3959: Fix misleading comment
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:07:11 -04:00
Dr. Stephen Henson
3df16cc2e2 cleanse psk_identity on error
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:34 +01:00
Dr. Stephen Henson
a784665e52 Free and cleanse pms on error
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
a3f7ff2b2d Don't request certificates for any PSK ciphersuite
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
69a3a9f5d9 CAMELLIA PSK ciphersuites from RFC6367
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
b2f8ab8681 Add PSK ciphersuites to docs
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
23237159f7 Update CHANGES
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
5516fcc0c9 Add RFC4785 ciphersuites
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:36 +01:00
Dr. Stephen Henson
ea6114c6d0 Add RFC4279, RFC5487 and RFC5489 ciphersuites.
Note: some of the RFC4279 ciphersuites were originally part of PR#2464.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:36 +01:00
Dr. Stephen Henson
f40ecbc37c Initial new PSK ciphersuite defines
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
2a1a04e131 Add full PSK trace support
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
8a0a12e5bf PSK premaster secret derivation.
Move PSK premaster secret algorithm to ssl_generate_master secret so
existing key exchange code can be used and modified slightly to add
the PSK wrapping structure.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
85269210ff Extended PSK server support.
Add support for RSAPSK, DHEPSK and ECDHEPSK server side.

Update various checks to ensure certificate and server key exchange messages
are only sent when required.

Update message handling. PSK server key exchange parsing now include an
identity hint prefix for all PSK server key exchange messages. PSK
client key exchange message expects PSK identity and requests key for
all PSK key exchange ciphersuites.

Update flags for RSA, DH and ECDH so they are also used in PSK.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
7689082b71 Extended PSK client support.
Add support for RSAPSK, DHEPSK and ECDHEPSK client side.

Update various checks to ensure certificate and server key exchange messages
are only expected when required.

Update message handling. PSK server key exchange parsing now expects an
identity hint prefix for all PSK server key exchange messages. PSK
client key exchange message requests PSK identity and key for all PSK
key exchange ciphersuites and includes identity in message.

Update flags for RSA, DH and ECDH so they are also used in PSK.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
12053a81c8 PSK PRF correction.
For SHA384 PRF PSK ciphersuites we have to switch to default PRF for
TLS < 1.2

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
adc5506adf Make auto DH work with DHEPSK
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
13be69f3e6 Check for kECDH with extensions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
526f94ad68 Enable PSK if corresponding mask set.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
fe5eef3a3b Disable all PSK if no callback.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
332a251fd7 Disable unsupported PSK algorithms
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
8baac6a224 new PSK text constants
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
dcbd50608a New PSK aliases.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
0096d8f7e0 New PSK keyex text constants
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:35 +01:00
Dr. Stephen Henson
64651d3984 fields for PSK key, new constants
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:43:34 +01:00
Matt Caswell
5e8b24dbfb Fix write failure handling in DTLS1.2
The DTLS code is supposed to drop packets if we try to write them out but
the underlying BIO write buffers are full. ssl3_write_pending() contains
an incorrect test for DTLS that controls this. The test only checks for
DTLS1 so DTLS1.2 does not correctly clear the internal OpenSSL buffer which
can later cause an assert to be hit. This commit changes the test to cover
all DTLS versions.

RT#3967

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-07-30 10:17:53 +01:00
Martin Vejnar
fa4629b6a2 RT3774: double-free in DSA
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-29 21:21:00 -04:00
Rich Salz
5bb17d1b3c RT3639: Add -no_comp description to online help
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-07-29 16:58:55 -04:00