From a342cc5a7099a44cdbbd74a37d73a1a86806f779 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 25 Jan 2001 13:15:01 +0000 Subject: [PATCH 1/9] Zero the premaster secret after deriving the master secret in DH ciphersuites. --- CHANGES | 4 ++++ ssl/s3_srvr.c | 1 + 2 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index 52409a97d..31f9a6e1f 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,10 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Zero the premaster secret after deriving the master secret in + DH ciphersuites. + [Steve Henson] + *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT to data. This was previously part of the PKCS7 ASN1 code. This was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 4704dfb59..54e0a0305 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1425,6 +1425,7 @@ static int ssl3_get_client_key_exchange(SSL *s) s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key,p,i); + memset(p,0,i); } else #endif From 9020b86250a610e50a6f77e1b929457a3dd115dc Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 25 Jan 2001 14:46:00 +0000 Subject: [PATCH 2/9] Documentation language corrections, contributed by Chris Pepper --- INSTALL | 2 +- INSTALL.MacOS | 10 +++++----- README | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/INSTALL b/INSTALL index ca4d403a3..f4691454a 100644 --- a/INSTALL +++ b/INSTALL @@ -122,7 +122,7 @@ directory, and the binary will be in the "apps" directory. If "make" fails, look at the output. There may be reasons for - the failure that isn't a problem in OpenSSL itself (like missing + the failure that aren't problems in OpenSSL itself (like missing standard headers). If it is a problem with OpenSSL itself, please report the problem to (note that your message will be forwarded to a public mailing list). Include the diff --git a/INSTALL.MacOS b/INSTALL.MacOS index a8c4f7f1d..ef3479f38 100644 --- a/INSTALL.MacOS +++ b/INSTALL.MacOS @@ -32,17 +32,17 @@ Installation procedure: to 42, change appropriately. (**) If you use SUNtar, then it might have already unbinhexed the files in question. -(***) The project file was saved with CW Pro 5.3. If you have earlier +(***) The project file was saved with CW Pro 5.3. If you have an earlier version and it refuses to open it, then download http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it overwriting the original OpenSSL.mcp. -(****) Other targets are work in progress. If you feel like giving 'em a +(****) Other targets are works in progress. If you feel like giving 'em a shot, then you should know that OpenSSL* and Lib* targets are supposed to be built with the GUSI, MacOS library which mimics BSD sockets and some other POSIX APIs. The GUSI distribution is - expected to be found in the same directory as openssl source tree, - i.e. in the parent directory to the one where this very file, - namely INSTALL.MacOS. For more informations about GUSI, see + expected to be found in the same directory as the openssl source tree, + i.e., in the parent directory to the one where this very file, + namely INSTALL.MacOS, resides. For more information about GUSI, see http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html Finally some essential comments from our generous contributor:-) diff --git a/README b/README index 3364f6244..2fb1e1a7a 100644 --- a/README +++ b/README @@ -107,8 +107,8 @@ only be used with RSA Security's permission. The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, - Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should - be contacted if that algorithm is to be used, their web page is + Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They + should be contacted if that algorithm is to be used; their web page is http://www.ascom.ch/. INSTALLATION @@ -119,8 +119,8 @@ INSTALL.VMS. Read the documentation in the doc/ directory. It is quite rough, but it - lists the functions, you will probably have to look at the code to work out - how to used them. Look at the example programs. + lists the functions; you will probably have to look at the code to work out + how to use them. Look at the example programs. SUPPORT ------- From 50d5199120d2d669039e75c17499483aa7607430 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 26 Jan 2001 01:55:52 +0000 Subject: [PATCH 3/9] New OCSP response verify option OCSP_TRUSTOTHER --- CHANGES | 5 +++++ crypto/ocsp/ocsp.h | 1 + crypto/ocsp/ocsp_vfy.c | 23 ++++++++++++++++------- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 31f9a6e1f..4665120ef 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,11 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates + passed by the function are trusted implicitly. If any of them signed the + reponse then it is assumed to be valid and is not verified. + [Steve Henson] + *) Zero the premaster secret after deriving the master secret in DH ciphersuites. [Steve Henson] diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index 0c643e1a8..ff8152150 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -85,6 +85,7 @@ extern "C" { #define OCSP_NOCASIGN 0x40 #define OCSP_NODELEGATED 0x80 #define OCSP_NOCHECKS 0x100 +#define OCSP_TRUSTOTHER 0x200 /* CertID ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 8868c980c..7470f1c04 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -59,7 +59,7 @@ #include #include -static X509 *ocsp_find_signer(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags); @@ -76,12 +76,14 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, STACK_OF(X509) *chain = NULL; X509_STORE_CTX ctx; int i, ret = 0; - signer = ocsp_find_signer(bs, certs, st, flags); - if (!signer) + ret = ocsp_find_signer(&signer, bs, certs, st, flags); + if (!ret) { OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); goto end; } + if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) + flags |= OCSP_NOVERIFY; if (!(flags & OCSP_NOSIGS)) { EVP_PKEY *skey; @@ -148,19 +150,26 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } -static X509 *ocsp_find_signer(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags) { X509 *signer; OCSP_RESPID *rid = bs->tbsResponseData->responderId; if ((signer = ocsp_find_signer_sk(certs, rid))) - return signer; + { + *psigner = signer; + return 2; + } if(!(flags & OCSP_NOINTERN) && (signer = ocsp_find_signer_sk(bs->certs, rid))) - return signer; + { + *psigner = signer; + return 1; + } /* Maybe lookup from store if by subject name */ - return NULL; + *psigner = NULL; + return 0; } From b847024026c4e16371bf05adc4a9d88500472336 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 28 Jan 2001 14:20:13 +0000 Subject: [PATCH 4/9] Make sk_sort tolearate a NULL argument. --- CHANGES | 3 +++ crypto/stack/stack.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 4665120ef..3a0d678ed 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,9 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Make sk_sort() tolerate a NULL argument. + [Steve Henson reported by Massimiliano Pala ] + *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates passed by the function are trusted implicitly. If any of them signed the reponse then it is assumed to be valid and is not verified. diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 02857f044..9a75e433d 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -316,7 +316,7 @@ char *sk_set(STACK *st, int i, char *value) void sk_sort(STACK *st) { - if (!st->sorted) + if (st && !st->sorted) { int (*comp_func)(const void *,const void *); From 78f3a2aad79b25fc25498f5afa6ca0bbe01bf863 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Sun, 28 Jan 2001 14:38:11 +0000 Subject: [PATCH 5/9] Comment and indentation --- crypto/x509/x509_trs.c | 8 ++++---- crypto/x509/x509_vfy.c | 7 +++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 0de252c65..7a41bc2d8 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -99,10 +99,10 @@ static int tr_cmp(const X509_TRUST * const *a, int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) { -int (*oldtrust)(int , X509 *, int); -oldtrust = default_trust; -default_trust = trust; -return oldtrust; + int (*oldtrust)(int , X509 *, int); + oldtrust = default_trust; + default_trust = trust; + return oldtrust; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 73eecd6ee..5d88efd4a 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -488,6 +488,13 @@ static int internal_verify(X509_STORE_CTX *ctx) if (!ok) goto end; } if (X509_verify(xs,pkey) <= 0) + /* XXX For the final trusted self-signed cert, + * this is a waste of time. That check should + * optional so that e.g. 'openssl x509' can be + * used to detect invalid self-signatures, but + * we don't verify again and again in SSL + * handshakes and the like once the cert has + * been declared trusted. */ { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; From 739423fceb8417a13eda24cacb8018ceb0044c83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Mon, 29 Jan 2001 11:41:12 +0000 Subject: [PATCH 6/9] Remove serial number file during 'make clean'. --- test/Makefile.ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/Makefile.ssl b/test/Makefile.ssl index 587d67d6b..9d6fca935 100644 --- a/test/Makefile.ssl +++ b/test/Makefile.ssl @@ -253,7 +253,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f .rnd tmp.bntest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log + rm -f .rnd tmp.bntest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log $(DLIBSSL): (cd ../ssl; $(MAKE)) From 16a44ae7e9e69d0f8e9c2261cc468846937cc190 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 30 Jan 2001 13:38:59 +0000 Subject: [PATCH 7/9] Increase consistency of header data (some mail readers really do not like spaces before the semicolon, and besides, other parts of this file makes the values without those spaces), and move spacing of continuation lines to support BIO's that break lines after each write. --- crypto/pkcs7/pk7_mime.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 994473c0b..086d39427 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -165,9 +165,9 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) } bound[32] = 0; BIO_printf(bio, "MIME-Version: 1.0\n"); - BIO_printf(bio, "Content-Type: multipart/signed ; "); - BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; "); - BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound); + BIO_printf(bio, "Content-Type: multipart/signed;"); + BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";"); + BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound); BIO_printf(bio, "This is an S/MIME signed message\n\n"); /* Now write out the first part */ BIO_printf(bio, "------%s\n", bound); From 903872d65e9df3ecc844fdea0dadf5a053f0e362 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 30 Jan 2001 13:47:59 +0000 Subject: [PATCH 8/9] Document the change. --- CHANGES | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGES b/CHANGES index 3a0d678ed..d88fe9ffd 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,13 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Make SMIME_write_PKCS7() write mail header values with a format that + is more generally accepted (no spaces before the semicolon), since + some programs can't parse those values properly otherwise. Also make + sure BIO's that break lines after each write do not create invalid + headers. + [Richard Levitte] + *) Make sk_sort() tolerate a NULL argument. [Steve Henson reported by Massimiliano Pala ] From cd6aa710b5f4df1959b9bb3f78928619502b39af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= Date: Wed, 31 Jan 2001 14:14:20 +0000 Subject: [PATCH 9/9] New manual page for a hardly known but important item :-) --- doc/ssl/SSL_CTX_set_session_id_context.pod | 82 ++++++++++++++++++++++ doc/ssl/ssl.pod | 1 + 2 files changed, 83 insertions(+) create mode 100644 doc/ssl/SSL_CTX_set_session_id_context.pod diff --git a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod new file mode 100644 index 000000000..594939515 --- /dev/null +++ b/doc/ssl/SSL_CTX_set_session_id_context.pod @@ -0,0 +1,82 @@ +=pod + +=head1 NAME + +SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only) + +=head1 SYNOPSIS + + #include + + int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +=head1 DESCRIPTION + +SSL_CTX_set_session_id_context() sets the context B of length +B within which a session can be reused for the B object. + +SSL_set_session_id_context() sets the context B of length +B within which a session can be reused for the B object. + +=head1 NOTES + +Sessions are generated within a certain context. When exporting/importing +sessions with B/B it would be possible, +to re-import a session generated from another context (e.g. another +application), which might lead to malfunctions. Therefore each application +must set its own session id context B which is used to distinguish +the contexts and is stored in exported sessions. The B can be +any kind of binary data with a given length, it is therefore possible +to use e.g. the name of the application and/or the hostname and/or service +name ... + +The session id context becomes part of the session. The session id context +is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and +SSL_set_session_id_context() functions are therefore only useful on the +server side. + +OpenSSL clients will check the session id context returned by the server +when reusing a session. + +The maximum length of the B is limited to +B. + +=head1 WARNINGS + +If the session id context is not set on an SSL/TLS server, stored sessions +will not be reused but a fatal error will be flagged and the handshake +will fail. + +If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above. + +=head1 RETURN VALUES + +SSL_CTX_set_session_id_context() and SSL_set_session_id_context() +return the following values: + +=over 4 + +=item 0 + +The length B of the session id context B exceeded +the maximum allowed length of B. The error +is logged to the error stack. + +=item 1 + +The operation succeeded. + +=back + +=head1 SEE ALSO + +L + +=cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index c0eb40031..00e27ea8d 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -657,6 +657,7 @@ L L, L, L, +L, L, L, L,