Replace manual ASN.1 decoder with ASN1_get object. This
will decode the tag and length properly and check against
it does not exceed the supplied buffer length.
PR#3335
(cherry picked from commit b0308dddd1cc6a8e1de803ef29ba6da25ee072c2)
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
(cherry picked from commit 96db9023b881d7cd9f379b0c154650d6c108e9a3)
Don't clear verification errors from the error queue unless
SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set.
If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR
is set return 2 so applications can issue warnings.
Although the memory allocated by compression methods is fixed and
cannot grow over time it can cause warnings in some leak checking
tools. The function SSL_COMP_free_compression_methods() will free
and zero the list of supported compression methods. This should
*only* be called in a single threaded context when an application
is shutting down to avoid interfering with existing contexts
attempting to look up compression methods.
When setting the current certificate check that it has a corresponding
private key.
(cherry picked from commit 358d352aa244b4f2ef655bccff6658d92d5ce03c)
New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.
Add verify error code when building chain.
Update docs.
(cherry picked from commit 13dc3ce9ab483cade378bcf3844c92bacd817316)
If multiple TLS extensions are expected but not received, the TLS extension and supplemental data 'generate' callbacks are the only chance for the receive-side to trigger a specific TLS alert during the handshake.
Removed logic which no-op'd TLS extension generate callbacks (as the generate callbacks need to always be called in order to trigger alerts), and updated the serverinfo-specific custom TLS extension callbacks to track which custom TLS extensions were received by the client, where no-ops for 'generate' callbacks are appropriate.
(cherry picked from commit ac20719d994729970eb3b775c7bffa81f0e9f960)
Conflicts:
ssl/t1_lib.c
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
(cherry picked from commit 36086186a9b90cdad0d2cd0a598a10f03f8f4bcc)
Conflicts:
Configure
apps/s_client.c
apps/s_server.c
ssl/ssl.h
ssl/ssl3.h
ssl/ssltest.c
