generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
12,691 Commits 16 Branches 258 Tags
Commit Graph

1742 Commits

Author SHA1 Message Date
Dr. Stephen Henson
b15f876964 ECDH downgrade bug fix. 
Fix bug where an OpenSSL client would accept a handshake using an
ephemeral ECDH ciphersuites with the server key exchange message omitted.

Thanks to Karthikeyan Bhargavan for reporting this issue.

CVE-2014-3572
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-01-05 22:59:32 +00:00
Adam Langley
61aa44ca99 Ensure that the session ID context of an SSL* is updated 
when its SSL_CTX is updated.

From BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2015-01-05 17:31:56 +01:00
Matt Caswell
32b07f5a80 Additional fix required for no-srtp to work 
RT3638

Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2015-01-05 14:17:51 +00:00
Piotr Sikora
e783bae26a Fix building with no-srtp 
RT3638

Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2015-01-05 14:17:22 +00:00
Dr. Stephen Henson
9527559939 Remove SGC restart flag. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-01-02 22:56:54 +00:00
Dr. Stephen Henson
63eab8a620 Remove MS SGC 
MS Server gated cryptography is obsolete and dates from the time of export
restrictions on strong encryption and is only used by ancient versions of
MSIE.
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-01-02 22:56:54 +00:00
Dr. Stephen Henson
4f605ccb77 Clear existing extension state. 
When parsing ClientHello clear any existing extension state from
SRP login and SRTP profile.

Thanks to Karthikeyan Bhargavan for reporting this issue.
Reviewed-by: Matt Caswell <matt@openssl.org>
 2015-01-02 22:25:52 +00:00
Martin Nowak
b17dcb0d63 remove duplicate defines 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
 2014-12-31 11:13:48 +01:00
Cristian Rodríguez
d97ed21986 constify tls 1.2 lookup tables. 
None of this should live in writable memory

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
 2014-12-31 11:13:48 +01:00
Tim Hudson
1d97c84351 mark all block comments that need format preserving so that 
indent will not alter them when reformatting comments

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-30 22:10:26 +00:00
Rich Salz
e03b29871b RT3548: Remove outdated platforms 
This commit removes all mention of NeXT and NextStep.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-19 21:11:09 -05:00
Matt Caswell
53e95716f5 Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED 
Introduce use of DECLARE_DEPRECATED

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-12-18 19:57:14 +00:00
Adam Langley
4aecfd4d9f Premaster secret handling fixes 
From BoringSSL
- Send an alert when the client key exchange isn't correctly formatted.
- Reject overly short RSA ciphertexts to avoid a (benign) out-of-bounds memory access.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2014-12-17 14:01:19 +01:00
Richard Levitte
6dec5e1ca9 Clear warnings/errors within TLS_DEBUG code sections 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-17 10:15:09 +01:00
Richard Levitte
3ddb2914b5 Clear warnings/errors within KSSL_DEBUG code sections 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-17 10:15:09 +01:00
Richard Levitte
a501f647aa Clear warnings/errors within CIPHER_DEBUG code sections 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-17 10:15:09 +01:00
Richard Levitte
72b5d03b5b Clear warnings/errors within CIPHER_DEBUG code sections 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-17 10:15:09 +01:00
Matt Caswell
789da2c73d The dtls1_output_cert_chain function no longer exists so remove it from 
ssl_locl.h

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-16 15:02:03 +00:00
Adam Langley
ec1af3c419 Don't set client_version to the ServerHello version. 
The client_version needs to be preserved for the RSA key exchange.

This change also means that renegotiation will, like TLS, repeat the old
client_version rather than advertise only the final version. (Either way,
version change on renego is not allowed.) This is necessary in TLS to work
around an SChannel bug, but it's not strictly necessary in DTLS.

(From BoringSSL)

Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-12-16 14:44:17 +00:00
Matt Caswell
db812f2d70 Add more meaningful OPENSSL_NO_ECDH error message for suite b mode 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-12-16 14:14:09 +00:00
Matt Caswell
af6e2d51bf Add OPENSSL_NO_ECDH guards 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-12-16 14:13:45 +00:00
Matt Caswell
55e530265a Remove extraneous white space, and add some braces 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-12-16 00:00:25 +00:00
Matt Caswell
1904d21123 DTLS fixes for signed/unsigned issues 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-12-15 23:59:50 +00:00
Kurt Roeckx
995207bedc Allow using -SSLv2 again when setting Protocol in the config. 
RT#3625

Reviewed-by: Emilia Käsper <emilia@openssl.org>
 2014-12-15 18:09:53 +01:00
Matt Caswell
24097938ad Fixed memory leak if BUF_MEM_grow fails 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
 2014-12-13 00:02:20 +00:00
Matt Caswell
fd0ba77717 make update 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-11 23:52:47 +00:00
Jonas Maebe
288b4e4f8f tls1_heartbeat: check for NULL after allocating buf 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-10 18:35:18 +01:00
Jonas Maebe
c27dc3981c tls1_process_heartbeat: check for NULL after allocating buffer 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-10 18:35:18 +01:00
Jonas Maebe
fed5b55252 SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princ 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-10 18:35:18 +01:00
Jonas Maebe
e9e688effb serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-10 18:35:17 +01:00
Jonas Maebe
bf8e7047aa ssl3_digest_cached_records: check for NULL after allocating s->s3->handshake_dgst 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-10 18:35:17 +01:00
Jonas Maebe
9052ffda91 ssl3_get_certificate_request: check for NULL after allocating s->cert->ctypes 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-10 18:35:17 +01:00
Jonas Maebe
d00b1d62d6 SSL_COMP_add_compression_method: exit if allocating the new compression method struct fails 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-10 18:35:17 +01:00
Geoff Thorpe
e52a3c3d14 Include <openssl/foo.h> instead of "foo.h" 
Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.

Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2014-12-08 14:21:35 -05:00
Matt Caswell
41bf250130 Fixed memory leak in the event of a failure of BUF_MEM_grow 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-08 16:43:25 +00:00
Matt Caswell
76e6509085 Fix memory leak in SSL_new if errors occur. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-08 16:42:59 +00:00
Dr. Stephen Henson
00b4ee7664 Remove some unnecessary OPENSSL_FIPS references 
FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-08 13:18:43 +00:00
Emilia Kasper
376e2ca3e3 Clarify the return values for SSL_get_shared_curve. 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-05 18:31:21 +01:00
Emilia Kasper
740580c2b2 Add extra checks for odd-length EC curve lists. 
Odd-length lists should be rejected everywhere upon parsing. Nevertheless,
be extra careful and add guards against off-by-one reads.

Also, drive-by replace inexplicable double-negation with an explicit comparison.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-05 16:57:58 +01:00
Emilia Kasper
33d5ba8629 Reject elliptic curve lists of odd lengths. 
The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.

Thanks to Felix Groebert of the Google Security Team for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2014-12-05 16:32:39 +01:00
Jonas Maebe
f5905ba341 ssl_create_cipher_list: check whether push onto cipherstack succeeds 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
b3b966fb87 ssl_cert_dup: Fix memory leak 
Always use goto err on failure and call ssl_cert_free() on the error path so all
fields and "ret" itself are freed

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Kurt Roeckx
6c42b39c95 dtls1_new: free s on error path 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
241e2dc936 dtls1_heartbeat: check for NULL after allocating s->cert->ctypes 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Jonas Maebe
d15f5df70d dtls1_process_heartbeat: check for NULL after allocating buffer 
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 23:48:44 +01:00
Matt Caswell
71c16698fa Remove incorrect code inadvertently introduced through commit 59669b6ab. 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-04 14:17:50 +00:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support 
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2014-12-04 11:55:03 +01:00
Matt Caswell
4bb8eb9ce4 Remove "#if 0" code 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-03 09:25:00 +00:00
Matt Caswell
047f21593e Only use the fallback mtu after 2 unsuccessful retransmissions if it is less 
than the mtu we are already using

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-03 09:24:53 +00:00
Matt Caswell
d3d9eef316 If we really get a situation where the underlying mtu is less than the minimum 
we will support then dtls1_do_write can go into an infinite loop. This commit
fixes that.

Reviewed-by: Tim Hudson <tjh@openssl.org>
 2014-12-03 09:24:28 +00:00