Include changes from 0.9.7-stable.

This commit is contained in:
Dr. Stephen Henson 2007-02-21 13:50:22 +00:00
parent 91588bbb6e
commit e3435a51f7
10 changed files with 68 additions and 27 deletions

14
CHANGES
View File

@ -25,6 +25,20 @@
Changes between 0.9.7l and 0.9.7m [xx XXX xxxx]
*) Cleanse PEM buffers before freeing them since they may contain
sensitive data.
[Benjamin Bennett <ben@psc.edu>]
*) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
a ciphersuite string such as "DEFAULT:RSA" cannot enable
authentication-only ciphersuites.
[Bodo Moeller]
*) Since AES128 and AES256 share a single mask bit in the logic of
ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
kludge to work properly if AES128 is available and AES256 isn't.
[Victor Duchovni]
*) Expand security boundary to match 1.1.1 module.
[Steve Henson]

View File

@ -12,7 +12,7 @@
---------------
/* ====================================================================
* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
* Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions

2
README
View File

@ -1,7 +1,7 @@
OpenSSL 0.9.7m-dev xx XXX xxxx
Copyright (c) 1998-2006 The OpenSSL Project
Copyright (c) 1998-2007 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

View File

@ -577,6 +577,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
}
EVP_EncodeFinal(&ctx,buf,&outl);
if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
OPENSSL_free(buf);
buf = NULL;
if ( (BIO_write(bp,"-----END ",9) != 9) ||
@ -585,8 +586,10 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
goto err;
return(i+outl);
err:
if (buf)
if (buf) {
OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
OPENSSL_free(buf);
}
PEMerr(PEM_F_PEM_WRITE_BIO,reason);
return(0);
}

View File

@ -122,6 +122,7 @@ p8err:
PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
err:
OPENSSL_free(nm);
OPENSSL_cleanse(data, len);
OPENSSL_free(data);
return(ret);
}

View File

@ -394,13 +394,13 @@ B<sep_comma_plus>, B<dn_rev> and B<sname>.
a oneline format which is more readable than RFC2253. It is equivalent to
specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
B<dump_der>, B<use_quote>, B<sep_comma_plus_spc>, B<spc_eq> and B<sname>
B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname>
options.
=item B<multiline>
a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
B<spc_eq>, B<lname> and B<align>.
B<space_eq>, B<lname> and B<align>.
=item B<esc_2253>
@ -500,7 +500,7 @@ diagnostic purpose.
align field values for a more readable output. Only usable with
B<sep_multiline>.
=item B<spc_eq>
=item B<space_eq>
places spaces round the B<=> character which follows the field
name.
@ -610,7 +610,7 @@ Display the certificate subject name in RFC2253 form:
Display the certificate subject name in oneline form on a terminal
supporting UTF8:
openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb
openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
Display the certificate MD5 fingerprint:

View File

@ -43,9 +43,9 @@ interprets UTF8 sequences.
Escaping takes several forms.
If the character being escaped is a 16 bit character then the form "\WXXXX" is used
If the character being escaped is a 16 bit character then the form "\UXXXX" is used
using exactly four characters for the hex representation. If it is 32 bits then
"\UXXXXXXXX" is used using eight characters of its hex representation. These forms
"\WXXXXXXXX" is used using eight characters of its hex representation. These forms
will only be used if UTF8 conversion is not set (see below).
Printable characters are normally escaped using the backslash '\' character. If

View File

@ -557,7 +557,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
0,
112,
168,
168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
@ -613,7 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
SSL_NOT_EXP|SSL_HIGH,
0,
112,
168,
168,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
@ -683,7 +683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
128,
40,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,
@ -725,7 +725,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
128,
40,
128,
SSL_ALL_CIPHERS,
SSL_ALL_STRENGTHS,

View File

@ -303,7 +303,7 @@ extern "C" {
/* The following cipher list is used by default.
* It also is substituted when an application-defined cipher list string
* starts with 'DEFAULT'. */
#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL+RC4:@STRENGTH" /* low priority for RC4 */
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
#define SSL_SENT_SHUTDOWN 1

View File

@ -415,9 +415,18 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
*tail=curr;
}
static unsigned long ssl_cipher_get_disabled(void)
struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
* where 128-bit and 256-bit algorithms simply will get
* separate bits. */
unsigned long mask; /* everything except m256 */
unsigned long m256; /* applies to 256-bit algorithms only */
};
struct disabled_masks ssl_cipher_get_disabled(void)
{
unsigned long mask;
unsigned long m256;
struct disabled_masks ret;
mask = SSL_kFZA;
#ifdef OPENSSL_NO_RSA
@ -443,17 +452,24 @@ static unsigned long ssl_cipher_get_disabled(void)
mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
return(mask);
/* finally consider algorithms where mask and m256 differ */
m256 = mask;
mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
ret.mask = mask;
ret.m256 = m256;
return ret;
}
static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
int num_of_ciphers, unsigned long mask, unsigned long m256,
CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
CIPHER_ORDER **tail_p)
{
int i, co_list_num;
SSL_CIPHER *c;
@ -471,11 +487,12 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
{
c = ssl_method->get_cipher(i);
/* drop those that use any of that is not available */
#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
#ifdef OPENSSL_FIPS
if ((c != NULL) && c->valid && !(c->algorithms & mask)
if ((c != NULL) && c->valid && !IS_MASKED(c))
&& (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
#else
if ((c != NULL) && c->valid && !(c->algorithms & mask))
if ((c != NULL) && c->valid && !IS_MASKED(c))
#endif
{
co_list[co_list_num].cipher = c;
@ -869,7 +886,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* rest of the command, if any left, until
* end or ':' is found.
*/
while ((*l != '\0') && ITEM_SEP(*l))
while ((*l != '\0') && !ITEM_SEP(*l))
l++;
}
else if (found)
@ -880,7 +897,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
}
else
{
while ((*l != '\0') && ITEM_SEP(*l))
while ((*l != '\0') && !ITEM_SEP(*l))
l++;
}
if (*l == '\0') break; /* done */
@ -896,6 +913,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mask;
unsigned long disabled_m256;
STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
@ -918,7 +936,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* To reduce the work to do we only want to process the compiled
* in algorithms, so we first get the mask of disabled ciphers.
*/
disabled_mask = ssl_cipher_get_disabled();
{
struct disabled_masks d;
d = ssl_cipher_get_disabled();
disabled_mask = d.mask;
disabled_m256 = d.m256;
}
/*
* Now we have to collect the available ciphers from the compiled
@ -937,7 +960,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
}
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
co_list, &head, &tail);
disabled_m256, co_list, &head, &tail);
/*
* We also need cipher aliases for selecting based on the rule_str.
@ -957,8 +980,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
return(NULL); /* Failure */
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,
head);
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
(disabled_mask & disabled_m256), head);
/*
* If the rule_string begins with DEFAULT, apply the default rule