1386 Commits

Author SHA1 Message Date
Dr. Stephen Henson
67bde7d465 Fix DTLS certificate requesting code.
Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65)
2014-07-15 18:23:44 +01:00
Dr. Stephen Henson
2054eb771e Add ECC extensions with DTLS.
PR#3449
2014-07-15 12:20:30 +01:00
Dr. Stephen Henson
ee5a8d3e31 Use more common name for GOST key exchange.
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)
2014-07-14 18:31:54 +01:00
Peter Mosmans
704422ce1e Add names of GOST algorithms.
PR#3440
(cherry picked from commit 924e5eda2c82d737cc5a1b9c37918aa6e34825da)
2014-07-13 18:31:36 +01:00
Dr. Stephen Henson
c923132e9d Don't limit message sizes in ssl3_get_cert_verify.
PR#319 (reoponed version).
(cherry picked from commit 7f6e9578648728478e84246fd3e64026b8b6a48e)
2014-07-05 13:30:55 +01:00
Thijs Alkemade
b2cb6dc1ef Make disabling last cipher work.
(cherry picked from commit 7cb472bd0d0fd9da3d42bed1acc56c3a79fc5328)
2014-07-02 03:32:50 +01:00
Ben Laurie
2db3ea2929 Fix possible buffer overrun. 2014-07-01 23:39:17 +01:00
Dr. Stephen Henson
295befec25 Fix memory leak.
PR#2531
(cherry picked from commit 44724beeadf95712a42a8b21dc71bf110e89a262)
2014-06-29 13:52:03 +01:00
Dr. Stephen Henson
d8b11e75cb Don't disable state strings with no-ssl2
Some state strings were erronously not compiled when no-ssl2
was set.

PR#3295
(cherry picked from commit 0518a3e19e18cfc441cab261b28441b8c8bd77bf)
2014-06-28 00:56:42 +01:00
yogesh nagarkar
0df7959d43 Fix compilation with -DSSL_DEBUG -DTLS_DEBUG -DKSSL_DEBUG
PR#3141
(cherry picked from commit d183545d4589f1e7a40190400b8b99ea3d1f7f97)
2014-06-28 00:41:49 +01:00
Ken Ballou
6daba1dc6a Remove redundant check.
PR#3174
(cherry picked from commit fd331c0bb9b557903dd2ce88398570a3327b5ef0)
2014-06-27 23:18:21 +01:00
Tomas Mraz
cf0156622a Don't advertise ECC ciphersuits in SSLv2 compatible client hello.
PR#3374
(cherry picked from commit 0436369fccd128cb7f6a8538d5fed1c876c437af)
2014-06-27 16:52:05 +01:00
Miod Vallat
ad212c1ed1 Fix off-by-one errors in ssl_cipher_get_evp()
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

Bug discovered and fixed by Miod Vallat from the OpenBSD team.

PR#3375
2014-06-22 23:20:39 +01:00
Matt Caswell
e1bce59fd3 Revert "Fix off-by-one errors in ssl_cipher_get_evp()"
This reverts commit 29411a0c7a00a73e4ca42be8b5a7401d3bb5107a.

Incorrect attribution.
2014-06-22 23:20:19 +01:00
Dr. Stephen Henson
9beb75d3c4 Accept CCS after sending finished.
Allow CCS after finished has been sent by client: at this point
keys have been correctly set up so it is OK to accept CCS from
server. Without this renegotiation can sometimes fail.

PR#3400
(cherry picked from commit 99cd6a91fcb0931feaebbb4832681d40a66fad41)
2014-06-14 22:26:10 +01:00
Matt Caswell
042ef467ee Fixed incorrect return code handling in ssl3_final_finish_mac.
Based on an original patch by Joel Sing (OpenBSD) who also originally identified the issue.
2014-06-13 15:53:29 +01:00
Matt Caswell
01736e6c41 Revert "Fixed incorrect return code handling in ssl3_final_finish_mac"
This reverts commit 9ab788aa23feaa0e3b9efc2213e0c27913f8d987.

Missing attribution
2014-06-13 15:53:08 +01:00
Kurt Cancemi
29411a0c7a Fix off-by-one errors in ssl_cipher_get_evp()
In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

PR#3375
2014-06-12 21:15:54 +01:00
Matt Caswell
9ab788aa23 Fixed incorrect return code handling in ssl3_final_finish_mac 2014-06-10 23:28:10 +01:00
Mike Bland
5a0d057e49 Create test/testutil.h for unit test helper macros
Defines SETUP_TEST_FIXTURE and EXECUTE_TEST, and updates ssl/heartbeat_test.c
using these macros. SETUP_TEST_FIXTURE makes use of the new TEST_CASE_NAME
macro, defined to use __func__ or __FUNCTION__ on platforms that support those
symbols, or to use the file name and line number otherwise. This should fix
several reported build problems related to lack of C99 support.
2014-06-10 19:27:45 +01:00
Dr. Stephen Henson
aa59369b4c Fix null pointer errors.
PR#3394
(cherry picked from commit 7a9d59c148b773f59a41f8697eeecf369a0974c2)
2014-06-10 14:48:07 +01:00
Dr. Stephen Henson
18c7f2fce8 SRP ciphersuite correction.
SRP ciphersuites do not have no authentication. They have authentication
based on SRP. Add new SRP authentication flag and cipher string.
(cherry picked from commit a86b88acc373ac1fb0ca709a5fb8a8fa74683f67)
2014-06-09 12:09:49 +01:00
Dr. Stephen Henson
6a8d6f039a Update strength_bits for 3DES.
Fix strength_bits to 112 for 3DES.
(cherry picked from commit 837c203719205ab19b5609b2df7151be8df05687)
2014-06-09 12:09:49 +01:00
Dr. Stephen Henson
0d4d2e02eb Make tls_session_secret_cb work with CVE-2014-0224 fix.
If application uses tls_session_secret_cb for session resumption
set the CCS_OK flag.
(cherry picked from commit 953c592572e8811b7956cc09fbd8e98037068b58)
2014-06-07 15:27:21 +01:00
Dr. Stephen Henson
8011cd56e3 Fix CVE-2014-3470
Check session_cert is not NULL before dereferencing it.
2014-06-05 09:04:27 +01:00
Dr. Stephen Henson
d3152655d5 Fix CVE-2014-0221
Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.

Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
2014-06-05 09:04:27 +01:00
Dr. Stephen Henson
006cd7083f Additional CVE-2014-0224 protection.
Return a fatal error if an attempt is made to use a zero length
master secret.
2014-06-05 09:04:27 +01:00
Dr. Stephen Henson
bc8923b1ec Fix for CVE-2014-0224
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.

Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
2014-06-05 09:04:27 +01:00
Dr. Stephen Henson
1632ef7448 Fix for CVE-2014-0195
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.
2014-06-05 09:04:27 +01:00
David Benjamin
ebda73f867 Check there is enough room for extension.
(cherry picked from commit 7d89b3bf42e4b4067371ab33ef7631434e41d1e4)
2014-06-02 19:00:02 +01:00
zhu qun-ying
bcc311668e Free up s->d1->buffered_app_data.q properly.
PR#3286
(cherry picked from commit 71e95000afb2227fe5cac1c79ae884338bcd8d0b)
2014-06-02 14:40:18 +01:00
Sami Farin
1dd26414df Typo: set i to -1 before goto.
PR#3302
(cherry picked from commit 9717f01951f976f76dd40a38d9fc7307057fa4c4)
2014-06-02 14:22:06 +01:00
Matt Caswell
056389eb1c Added SSLErr call for internal error in dtls1_buffer_record 2014-06-01 21:38:01 +01:00
David Ramos
a07856a08d Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362 2014-06-01 21:37:47 +01:00
Dr. Stephen Henson
aaed77c55e Option to disable padding extension.
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
2014-06-01 16:50:37 +01:00
David Ramos
673c42b238 Allocate extra space when NETSCAPE_HANG_BUG defined.
Make sure there is an extra 4 bytes for server done message when
NETSCAPE_HANG_BUG is defined.

PR#3361
2014-06-01 14:30:10 +01:00
Dr. Stephen Henson
28e117f49f Use correct digest when exporting keying material.
PR#3319
(cherry picked from commit 84691390eae86befd33c83721dacedb539ae34e6)
2014-05-31 13:43:01 +01:00
Dr. Stephen Henson
46bfc05480 Don't compile heartbeat test code on Windows (for now).
(cherry picked from commit 2c575907d2c8601a18716f718ce309ed4e1f1783)
2014-05-31 13:43:01 +01:00
Matt Caswell
8ca7d12430 Fixed Windows compilation failure 2014-05-27 00:26:55 +01:00
Matt Caswell
a6f5b991eb Fix for non compilation with TLS_DEBUG defined 2014-05-24 23:56:58 +01:00
Mike Bland
756587dcb9 Fix heartbeat_test for -DOPENSSL_NO_HEARTBEATS
Replaces the entire test with a trivial implementation when
OPENSSL_NO_HEARTBEATS is defined.
2014-05-22 22:05:26 +01:00
Dr. Stephen Henson
4519e7b839 For portability use BUF_strndup instead of strndup.
(cherry picked from commit dcca7b13e9066443237dd3001ae52fd103151c98)
2014-05-20 11:23:23 +01:00
Mike Bland
ab0d964259 Unit/regression test for TLS heartbeats.
Regression test against CVE-2014-0160 (Heartbleed).

More info: http://mike-bland.com/tags/heartbleed.html

(based on commit 35cb55988b75573105eefd00d27d0138eebe40b1)
2014-05-19 18:23:24 +01:00
Ben Laurie
dac3654e2d Allow the maximum value. 2014-05-19 18:21:39 +01:00
Ben Laurie
989d87cb1a Fix signed/unsigned warning. 2014-05-19 18:20:54 +01:00
Kurt Roeckx
69526a354d Check sk_SSL_CIPHER_num() after assigning sk. 2014-05-12 23:01:06 +01:00
Serguei E. Leontiev
2223317bef Replace manual ASN1 decoder with ASN1_get_object
Replace manual ASN.1 decoder with ASN1_get object. This
will decode the tag and length properly and check against
it does not exceed the supplied buffer length.

PR#3335
(cherry picked from commit b0308dddd1cc6a8e1de803ef29ba6da25ee072c2)
2014-05-12 18:41:50 +01:00
Matt Caswell
b107586c0c Fixed NULL pointer dereference. See PR#3321 2014-05-12 00:43:33 +01:00
Günther Noack
15c1ac03c8 Avoid out-of-bounds write in SSL_get_shared_ciphers
PR: 3317
2014-05-11 23:57:14 +01:00
Tim Hudson
4d8cca8a7e safety check to ensure we dont send out beyond the users buffer 2014-05-11 13:29:59 +01:00