From matt at openssl.org Tue Jun 2 08:18:56 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 08:18:56 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433233136.454080.26941.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615 (commit) from f3e85f43598a1511b72c3813a71e403f19ddf458 (commit) - Log ----------------------------------------------------------------- commit cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615 Author: Matt Caswell Date: Mon Mar 9 16:09:04 2015 +0000 Clear state in DTLSv1_listen This is a backport of commit e83ee04bb7de800cdb71d522fa562e99328003a3 from the master branch (and this has also been applied to 1.0.2). In 1.0.2 this was CVE-2015-0207. For other branches there is no known security issue, but this is being backported as a precautionary measure. The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invokation to the next. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/d1_lib.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 94acb15..011d7b7 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -496,6 +496,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client) { int ret; + /* Ensure there is no state left over from a previous invocation */ + SSL_clear(s); + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); s->d1->listen = 1; From matt at openssl.org Tue Jun 2 08:19:07 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 08:19:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1433233147.461343.27180.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 98377858d14e6582c6dbca4a8bee8c9972ec0a7c (commit) from aaa654d607f85cbab320e712377a8a345fa1158c (commit) - Log ----------------------------------------------------------------- commit 98377858d14e6582c6dbca4a8bee8c9972ec0a7c Author: Matt Caswell Date: Mon Mar 9 16:09:04 2015 +0000 Clear state in DTLSv1_listen This is a backport of commit e83ee04bb7de800cdb71d522fa562e99328003a3 from the master branch (and this has also been applied to 1.0.2). In 1.0.2 this was CVE-2015-0207. For other branches there is no known security issue, but this is being backported as a precautionary measure. The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invokation to the next. Reviewed-by: Richard Levitte (cherry picked from commit cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615) ----------------------------------------------------------------------- Summary of changes: ssl/d1_lib.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index f494e04..6e8b7d4 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -481,6 +481,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client) { int ret; + /* Ensure there is no state left over from a previous invocation */ + SSL_clear(s); + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); s->d1->listen = 1; From matt at openssl.org Tue Jun 2 08:19:19 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 08:19:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1433233159.451256.27433.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 113d36a3fb4c157242fa995d0cdfe7e36107fba6 (commit) from f16093d2d6a61ae8b14e4b337b3c33e1900791f1 (commit) - Log ----------------------------------------------------------------- commit 113d36a3fb4c157242fa995d0cdfe7e36107fba6 Author: Matt Caswell Date: Mon Mar 9 16:09:04 2015 +0000 Clear state in DTLSv1_listen This is a backport of commit e83ee04bb7de800cdb71d522fa562e99328003a3 from the master branch (and this has also been applied to 1.0.2). In 1.0.2 this was CVE-2015-0207. For other branches there is no known security issue, but this is being backported as a precautionary measure. The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invokation to the next. Reviewed-by: Richard Levitte (cherry picked from commit cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615) ----------------------------------------------------------------------- Summary of changes: ssl/d1_lib.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 41daf4a..b4f5fcd 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -496,6 +496,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client) { int ret; + /* Ensure there is no state left over from a previous invocation */ + SSL_clear(s); + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); s->d1->listen = 1; From matt at openssl.org Tue Jun 2 11:52:03 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 11:52:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433245923.796723.6537.nullmailer@dev.openssl.org> The branch master has been updated via 98ece4eebfb6cd45cc8d550c6ac0022965071afc (commit) from 8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6 (commit) - Log ----------------------------------------------------------------- commit 98ece4eebfb6cd45cc8d550c6ac0022965071afc Author: Matt Caswell Date: Mon May 18 16:27:48 2015 +0100 Fix race condition in NewSessionTicket If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: include/openssl/ssl.h | 1 + ssl/s3_clnt.c | 32 ++++++++++++++ ssl/ssl_err.c | 1 + ssl/ssl_locl.h | 1 + ssl/ssl_sess.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 151 insertions(+) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 3e2dac6..4e18b65 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2048,6 +2048,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_READ 223 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 # define SSL_F_SSL_SESSION_NEW 189 # define SSL_F_SSL_SESSION_PRINT_FP 190 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f70dce4..d6f53b0 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2238,6 +2238,38 @@ int ssl3_get_new_session_ticket(SSL *s) } p = d = (unsigned char *)s->init_msg; + + if (s->session->session_id_length > 0) { + int i = s->session_ctx->session_cache_mode; + SSL_SESSION *new_sess; + /* + * We reused an existing session, so we need to replace it with a new + * one + */ + if (i & SSL_SESS_CACHE_CLIENT) { + /* + * Remove the old session from the cache + */ + if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { + if (s->session_ctx->remove_session_cb != NULL) + s->session_ctx->remove_session_cb(s->session_ctx, + s->session); + } else { + /* We carry on if this fails */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + } + + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); /* ticket_lifetime_hint + ticket_length + ticket */ diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 86f8fa8..4b4d89c 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -274,6 +274,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { "SSL_SCAN_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT), "SSL_SCAN_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"}, {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 9d1f80a..3252631 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1860,6 +1860,7 @@ __owur int ssl_set_peer_cert_type(SESS_CERT *c, int type); __owur int ssl_get_new_session(SSL *s, int session); __owur int ssl_get_prev_session(SSL *s, unsigned char *session, int len, const unsigned char *limit); +__owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index f1c2095..fd94054 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -225,6 +225,122 @@ SSL_SESSION *SSL_SESSION_new(void) return (ss); } +/* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) +{ + SSL_SESSION *dest; + + dest = OPENSSL_malloc(sizeof(*src)); + if (dest == NULL) { + goto err; + } + memcpy(dest, src, sizeof(*dest)); + +#ifndef OPENSSL_NO_PSK + if (src->psk_identity_hint) { + dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint); + if (dest->psk_identity_hint == NULL) { + goto err; + } + } else { + dest->psk_identity_hint = NULL; + } + if (src->psk_identity) { + dest->psk_identity = BUF_strdup(src->psk_identity); + if (dest->psk_identity == NULL) { + goto err; + } + } else { + dest->psk_identity = NULL; + } +#endif + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + + dest->references = 1; + + if(src->ciphers != NULL) { + dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); + if (dest->ciphers == NULL) + goto err; + } else { + dest->ciphers = NULL; + } + + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, + &dest->ex_data, &src->ex_data)) { + goto err; + } + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + +#ifndef OPENSSL_NO_TLSEXT + if (src->tlsext_hostname) { + dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); + if (dest->tlsext_hostname == NULL) { + goto err; + } + } else { + dest->tlsext_hostname = NULL; + } +# ifndef OPENSSL_NO_EC + if (src->tlsext_ecpointformatlist) { + dest->tlsext_ecpointformatlist = + BUF_memdup(src->tlsext_ecpointformatlist, + src->tlsext_ecpointformatlist_length); + if (dest->tlsext_ecpointformatlist == NULL) + goto err; + dest->tlsext_ecpointformatlist_length = + src->tlsext_ecpointformatlist_length; + } + if (src->tlsext_ellipticcurvelist) { + dest->tlsext_ellipticcurvelist = + BUF_memdup(src->tlsext_ellipticcurvelist, + src->tlsext_ellipticcurvelist_length); + if (dest->tlsext_ellipticcurvelist == NULL) + goto err; + dest->tlsext_ellipticcurvelist_length = + src->tlsext_ellipticcurvelist_length; + } +# endif +#endif + + if (ticket != 0) { + dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; + dest->tlsext_ticklen = src->tlsext_ticklen; + if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + goto err; + } + } + +#ifndef OPENSSL_NO_SRP + dest->srp_username = NULL; + if (src->srp_username) { + dest->srp_username = BUF_strdup(src->srp_username); + if (dest->srp_username == NULL) { + goto err; + } + } else { + dest->srp_username = NULL; + } +#endif + + return dest; +err: + SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); + SSL_SESSION_free(dest); + return NULL; +} + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { From matt at openssl.org Tue Jun 2 11:52:14 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 11:52:14 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433245934.626206.7360.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 27c76b9b8010b536687318739c6f631ce4194688 (commit) from 8744ba5e4260ccb47daae3c45bb8e7b5bac42cd3 (commit) - Log ----------------------------------------------------------------- commit 27c76b9b8010b536687318739c6f631ce4194688 Author: Matt Caswell Date: Mon May 18 16:27:48 2015 +0100 Fix race condition in NewSessionTicket If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 32 +++++++++++++++ ssl/ssl.h | 1 + ssl/ssl_err.c | 1 + ssl/ssl_locl.h | 1 + ssl/ssl_sess.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 158 insertions(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 98c7b9e..feb1e3b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2229,6 +2229,38 @@ int ssl3_get_new_session_ticket(SSL *s) } p = d = (unsigned char *)s->init_msg; + + if (s->session->session_id_length > 0) { + int i = s->session_ctx->session_cache_mode; + SSL_SESSION *new_sess; + /* + * We reused an existing session, so we need to replace it with a new + * one + */ + if (i & SSL_SESS_CACHE_CLIENT) { + /* + * Remove the old session from the cache + */ + if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { + if (s->session_ctx->remove_session_cb != NULL) + s->session_ctx->remove_session_cb(s->session_ctx, + s->session); + } else { + /* We carry on if this fails */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + } + + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); /* ticket_lifetime_hint + ticket_length + ticket */ diff --git a/ssl/ssl.h b/ssl/ssl.h index 8eb852a..6fe1a24 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2787,6 +2787,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 +# define SSL_F_SSL_SESSION_DUP 348 # define SSL_F_SSL_SESSION_NEW 189 # define SSL_F_SSL_SESSION_PRINT_FP 190 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index fc0fb8f..1a6030e 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -312,6 +312,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { "SSL_SCAN_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT), "SSL_SCAN_SERVERHELLO_TLSEXT"}, + {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"}, {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index fb65fed..6c2c551 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1058,6 +1058,7 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session, int len, const unsigned char *limit); +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 8b9945b..ca5d2d6 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -227,6 +227,129 @@ SSL_SESSION *SSL_SESSION_new(void) return (ss); } +/* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) +{ + SSL_SESSION *dest; + + dest = OPENSSL_malloc(sizeof(*src)); + if (dest == NULL) { + goto err; + } + memcpy(dest, src, sizeof(*dest)); + +#ifndef OPENSSL_NO_KRB5 + dest->krb5_client_princ_len = dest->krb5_client_princ_len; + if (src->krb5_client_princ_len > 0) + memcpy(dest->krb5_client_princ, src->krb5_client_princ, + src->krb5_client_princ_len); +#endif + +#ifndef OPENSSL_NO_PSK + if (src->psk_identity_hint) { + dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint); + if (dest->psk_identity_hint == NULL) { + goto err; + } + } else { + dest->psk_identity_hint = NULL; + } + if (src->psk_identity) { + dest->psk_identity = BUF_strdup(src->psk_identity); + if (dest->psk_identity == NULL) { + goto err; + } + } else { + dest->psk_identity = NULL; + } +#endif + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + + dest->references = 1; + + if(src->ciphers != NULL) { + dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); + if (dest->ciphers == NULL) + goto err; + } else { + dest->ciphers = NULL; + } + + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, + &dest->ex_data, &src->ex_data)) { + goto err; + } + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + +#ifndef OPENSSL_NO_TLSEXT + if (src->tlsext_hostname) { + dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); + if (dest->tlsext_hostname == NULL) { + goto err; + } + } else { + dest->tlsext_hostname = NULL; + } +# ifndef OPENSSL_NO_EC + if (src->tlsext_ecpointformatlist) { + dest->tlsext_ecpointformatlist = + BUF_memdup(src->tlsext_ecpointformatlist, + src->tlsext_ecpointformatlist_length); + if (dest->tlsext_ecpointformatlist == NULL) + goto err; + dest->tlsext_ecpointformatlist_length = + src->tlsext_ecpointformatlist_length; + } + if (src->tlsext_ellipticcurvelist) { + dest->tlsext_ellipticcurvelist = + BUF_memdup(src->tlsext_ellipticcurvelist, + src->tlsext_ellipticcurvelist_length); + if (dest->tlsext_ellipticcurvelist == NULL) + goto err; + dest->tlsext_ellipticcurvelist_length = + src->tlsext_ellipticcurvelist_length; + } +# endif +#endif + + if (ticket != 0) { + dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; + dest->tlsext_ticklen = src->tlsext_ticklen; + if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + goto err; + } + } + +#ifndef OPENSSL_NO_SRP + dest->srp_username = NULL; + if (src->srp_username) { + dest->srp_username = BUF_strdup(src->srp_username); + if (dest->srp_username == NULL) { + goto err; + } + } else { + dest->srp_username = NULL; + } +#endif + + return dest; +err: + SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); + SSL_SESSION_free(dest); + return NULL; +} + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { From matt at openssl.org Tue Jun 2 11:52:26 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 11:52:26 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433245946.375899.7659.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 939b4960276b040fc0ed52232238fcc9e2e9ec21 (commit) from cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615 (commit) - Log ----------------------------------------------------------------- commit 939b4960276b040fc0ed52232238fcc9e2e9ec21 Author: Matt Caswell Date: Mon May 18 16:27:48 2015 +0100 Fix race condition in NewSessionTicket If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz (cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688) Conflicts: ssl/ssl.h ssl/ssl_err.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 32 +++++++++++++++ ssl/ssl.h | 1 + ssl/ssl_err.c | 1 + ssl/ssl_locl.h | 1 + ssl/ssl_sess.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 158 insertions(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 012905b..eb7b94e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2139,6 +2139,38 @@ int ssl3_get_new_session_ticket(SSL *s) } p = d = (unsigned char *)s->init_msg; + + if (s->session->session_id_length > 0) { + int i = s->session_ctx->session_cache_mode; + SSL_SESSION *new_sess; + /* + * We reused an existing session, so we need to replace it with a new + * one + */ + if (i & SSL_SESS_CACHE_CLIENT) { + /* + * Remove the old session from the cache + */ + if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { + if (s->session_ctx->remove_session_cb != NULL) + s->session_ctx->remove_session_cb(s->session_ctx, + s->session); + } else { + /* We carry on if this fails */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + } + + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); /* ticket_lifetime_hint + ticket_length + ticket */ diff --git a/ssl/ssl.h b/ssl/ssl.h index 32e27c6..d2ab0c0 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2410,6 +2410,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_READ 223 # define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +# define SSL_F_SSL_SESSION_DUP 348 # define SSL_F_SSL_SESSION_NEW 189 # define SSL_F_SSL_SESSION_PRINT_FP 190 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index fef324d..88621b7 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -299,6 +299,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, + {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"}, {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index aff3b65..a7f3f8d 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -865,6 +865,7 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session, int len, const unsigned char *limit); +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index eb7936b..e673f9c 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -227,6 +227,129 @@ SSL_SESSION *SSL_SESSION_new(void) return (ss); } +/* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) +{ + SSL_SESSION *dest; + + dest = OPENSSL_malloc(sizeof(*src)); + if (dest == NULL) { + goto err; + } + memcpy(dest, src, sizeof(*dest)); + +#ifndef OPENSSL_NO_KRB5 + dest->krb5_client_princ_len = dest->krb5_client_princ_len; + if (src->krb5_client_princ_len > 0) + memcpy(dest->krb5_client_princ, src->krb5_client_princ, + src->krb5_client_princ_len); +#endif + +#ifndef OPENSSL_NO_PSK + if (src->psk_identity_hint) { + dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint); + if (dest->psk_identity_hint == NULL) { + goto err; + } + } else { + dest->psk_identity_hint = NULL; + } + if (src->psk_identity) { + dest->psk_identity = BUF_strdup(src->psk_identity); + if (dest->psk_identity == NULL) { + goto err; + } + } else { + dest->psk_identity = NULL; + } +#endif + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + + dest->references = 1; + + if(src->ciphers != NULL) { + dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); + if (dest->ciphers == NULL) + goto err; + } else { + dest->ciphers = NULL; + } + + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, + &dest->ex_data, &src->ex_data)) { + goto err; + } + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + +#ifndef OPENSSL_NO_TLSEXT + if (src->tlsext_hostname) { + dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); + if (dest->tlsext_hostname == NULL) { + goto err; + } + } else { + dest->tlsext_hostname = NULL; + } +# ifndef OPENSSL_NO_EC + if (src->tlsext_ecpointformatlist) { + dest->tlsext_ecpointformatlist = + BUF_memdup(src->tlsext_ecpointformatlist, + src->tlsext_ecpointformatlist_length); + if (dest->tlsext_ecpointformatlist == NULL) + goto err; + dest->tlsext_ecpointformatlist_length = + src->tlsext_ecpointformatlist_length; + } + if (src->tlsext_ellipticcurvelist) { + dest->tlsext_ellipticcurvelist = + BUF_memdup(src->tlsext_ellipticcurvelist, + src->tlsext_ellipticcurvelist_length); + if (dest->tlsext_ellipticcurvelist == NULL) + goto err; + dest->tlsext_ellipticcurvelist_length = + src->tlsext_ellipticcurvelist_length; + } +# endif +#endif + + if (ticket != 0) { + dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; + dest->tlsext_ticklen = src->tlsext_ticklen; + if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + goto err; + } + } + +#ifndef OPENSSL_NO_SRP + dest->srp_username = NULL; + if (src->srp_username) { + dest->srp_username = BUF_strdup(src->srp_username); + if (dest->srp_username == NULL) { + goto err; + } + } else { + dest->srp_username = NULL; + } +#endif + + return dest; +err: + SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); + SSL_SESSION_free(dest); + return NULL; +} + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { From matt at openssl.org Tue Jun 2 11:52:42 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 11:52:42 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1433245962.194854.7950.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 0ae3473e8578b547100389bd029873af0cd9a22e (commit) from 98377858d14e6582c6dbca4a8bee8c9972ec0a7c (commit) - Log ----------------------------------------------------------------- commit 0ae3473e8578b547100389bd029873af0cd9a22e Author: Matt Caswell Date: Mon May 18 16:27:48 2015 +0100 Fix race condition in NewSessionTicket If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz (cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688) Conflicts: ssl/ssl.h ssl/ssl_err.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 32 +++++++++++++++++ ssl/ssl.h | 1 + ssl/ssl_err.c | 1 + ssl/ssl_locl.h | 1 + ssl/ssl_sess.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 146 insertions(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index ce7269a..f906389 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1855,6 +1855,38 @@ int ssl3_get_new_session_ticket(SSL *s) } p = d = (unsigned char *)s->init_msg; + + if (s->session->session_id_length > 0) { + int i = s->session_ctx->session_cache_mode; + SSL_SESSION *new_sess; + /* + * We reused an existing session, so we need to replace it with a new + * one + */ + if (i & SSL_SESS_CACHE_CLIENT) { + /* + * Remove the old session from the cache + */ + if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { + if (s->session_ctx->remove_session_cb != NULL) + s->session_ctx->remove_session_cb(s->session_ctx, + s->session); + } else { + /* We carry on if this fails */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + } + + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); /* ticket_lifetime_hint + ticket_length + ticket */ diff --git a/ssl/ssl.h b/ssl/ssl.h index 3f4d0ac..ca341b4 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2144,6 +2144,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_READ 223 # define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +# define SSL_F_SSL_SESSION_DUP 348 # define SSL_F_SSL_SESSION_NEW 189 # define SSL_F_SSL_SESSION_PRINT_FP 190 # define SSL_F_SSL_SESS_CERT_NEW 225 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index f2ef076..967448f 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -287,6 +287,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, + {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"}, {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 60ad58d..da2b19b 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -831,6 +831,7 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session, int len, const unsigned char *limit); +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index b9432fd..98b9107 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -224,6 +224,117 @@ SSL_SESSION *SSL_SESSION_new(void) return (ss); } +/* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) +{ + SSL_SESSION *dest; + + dest = OPENSSL_malloc(sizeof(*src)); + if (dest == NULL) { + goto err; + } + memcpy(dest, src, sizeof(*dest)); + +#ifndef OPENSSL_NO_KRB5 + dest->krb5_client_princ_len = dest->krb5_client_princ_len; + if (src->krb5_client_princ_len > 0) + memcpy(dest->krb5_client_princ, src->krb5_client_princ, + src->krb5_client_princ_len); +#endif + +#ifndef OPENSSL_NO_PSK + if (src->psk_identity_hint) { + dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint); + if (dest->psk_identity_hint == NULL) { + goto err; + } + } else { + dest->psk_identity_hint = NULL; + } + if (src->psk_identity) { + dest->psk_identity = BUF_strdup(src->psk_identity); + if (dest->psk_identity == NULL) { + goto err; + } + } else { + dest->psk_identity = NULL; + } +#endif + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + + dest->references = 1; + + if(src->ciphers != NULL) { + dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); + if (dest->ciphers == NULL) + goto err; + } else { + dest->ciphers = NULL; + } + + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, + &dest->ex_data, &src->ex_data)) { + goto err; + } + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + +#ifndef OPENSSL_NO_TLSEXT + if (src->tlsext_hostname) { + dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); + if (dest->tlsext_hostname == NULL) { + goto err; + } + } else { + dest->tlsext_hostname = NULL; + } +# ifndef OPENSSL_NO_EC + if (src->tlsext_ecpointformatlist) { + dest->tlsext_ecpointformatlist = + BUF_memdup(src->tlsext_ecpointformatlist, + src->tlsext_ecpointformatlist_length); + if (dest->tlsext_ecpointformatlist == NULL) + goto err; + dest->tlsext_ecpointformatlist_length = + src->tlsext_ecpointformatlist_length; + } + if (src->tlsext_ellipticcurvelist) { + dest->tlsext_ellipticcurvelist = + BUF_memdup(src->tlsext_ellipticcurvelist, + src->tlsext_ellipticcurvelist_length); + if (dest->tlsext_ellipticcurvelist == NULL) + goto err; + dest->tlsext_ellipticcurvelist_length = + src->tlsext_ellipticcurvelist_length; + } +# endif +#endif + + if (ticket != 0) { + dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; + dest->tlsext_ticklen = src->tlsext_ticklen; + if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + goto err; + } + } + + return dest; +err: + SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); + SSL_SESSION_free(dest); + return NULL; +} + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { From matt at openssl.org Tue Jun 2 11:52:53 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 11:52:53 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1433245973.110235.8191.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 467daf6b6ef0753ccfc5c024c2f63c948354d698 (commit) from 113d36a3fb4c157242fa995d0cdfe7e36107fba6 (commit) - Log ----------------------------------------------------------------- commit 467daf6b6ef0753ccfc5c024c2f63c948354d698 Author: Matt Caswell Date: Mon May 18 16:27:48 2015 +0100 Fix race condition in NewSessionTicket If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz (cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688) Conflicts: ssl/ssl.h ssl/ssl_err.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 32 ++++++++++++++++++++++++++ ssl/ssl.h | 1 + ssl/ssl_err.c | 1 + ssl/ssl_locl.h | 1 + ssl/ssl_sess.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 107 insertions(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 118856f..8d035f7 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1722,6 +1722,38 @@ int ssl3_get_new_session_ticket(SSL *s) } p = d = (unsigned char *)s->init_msg; + + if (s->session->session_id_length > 0) { + int i = s->session_ctx->session_cache_mode; + SSL_SESSION *new_sess; + /* + * We reused an existing session, so we need to replace it with a new + * one + */ + if (i & SSL_SESS_CACHE_CLIENT) { + /* + * Remove the old session from the cache + */ + if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { + if (s->session_ctx->remove_session_cb != NULL) + s->session_ctx->remove_session_cb(s->session_ctx, + s->session); + } else { + /* We carry on if this fails */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + } + + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); /* ticket_lifetime_hint + ticket_length + ticket */ diff --git a/ssl/ssl.h b/ssl/ssl.h index ee9944f..2dcc3b8 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1945,6 +1945,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_READ 223 # define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +# define SSL_F_SSL_SESSION_DUP 348 # define SSL_F_SSL_SESSION_NEW 189 # define SSL_F_SSL_SESSION_PRINT_FP 190 # define SSL_F_SSL_SESS_CERT_NEW 225 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index c874591..65c8f61 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -279,6 +279,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, + {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"}, {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"}, diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 9fa209d..038554f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -760,6 +760,7 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session, int len, const unsigned char *limit); +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index fc31296..9baa090 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -135,6 +135,78 @@ SSL_SESSION *SSL_SESSION_new(void) return (ss); } +/* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) +{ + SSL_SESSION *dest; + + dest = OPENSSL_malloc(sizeof(*src)); + if (dest == NULL) { + goto err; + } + memcpy(dest, src, sizeof(*dest)); + +#ifndef OPENSSL_NO_KRB5 + dest->krb5_client_princ_len = dest->krb5_client_princ_len; + if (src->krb5_client_princ_len > 0) + memcpy(dest->krb5_client_princ, src->krb5_client_princ, + src->krb5_client_princ_len); +#endif + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + + dest->references = 1; + + if(src->ciphers != NULL) { + dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); + if (dest->ciphers == NULL) + goto err; + } else { + dest->ciphers = NULL; + } + + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, + &dest->ex_data, &src->ex_data)) { + goto err; + } + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + +#ifndef OPENSSL_NO_TLSEXT + if (src->tlsext_hostname) { + dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); + if (dest->tlsext_hostname == NULL) { + goto err; + } + } else { + dest->tlsext_hostname = NULL; + } +#endif + + if (ticket != 0) { + dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; + dest->tlsext_ticklen = src->tlsext_ticklen; + if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + goto err; + } + } + + return dest; +err: + SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); + SSL_SESSION_free(dest); + return NULL; +} + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { From matt at openssl.org Tue Jun 2 12:01:20 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 12:01:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433246480.938848.10867.nullmailer@dev.openssl.org> The branch master has been updated via 0baaff1a76d4c91b9c1121059be63175454d7b03 (commit) from 98ece4eebfb6cd45cc8d550c6ac0022965071afc (commit) - Log ----------------------------------------------------------------- commit 0baaff1a76d4c91b9c1121059be63175454d7b03 Author: Per Allansson Date: Tue Jun 2 09:38:28 2015 +0100 Fix IP_MTU_DISCOVER typo The code in bss_dgram.c checks if IP_MTUDISCOVER is defined, where it should test for IP_MTU_DISCOVER RT#3888 Reviewed-by: Rich Salz Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 5eade50..7cd57bf 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -882,7 +882,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) perror("setsockopt"); ret = -1; } -# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTUDISCOVER) +# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, &sockopt_val, sizeof(sockopt_val))) < 0) { From matt at openssl.org Tue Jun 2 12:01:40 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 12:01:40 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433246500.664919.11570.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 188f3f976764f2b0d486448a5054ea711f9b8abe (commit) from 27c76b9b8010b536687318739c6f631ce4194688 (commit) - Log ----------------------------------------------------------------- commit 188f3f976764f2b0d486448a5054ea711f9b8abe Author: Per Allansson Date: Tue Jun 2 09:38:28 2015 +0100 Fix IP_MTU_DISCOVER typo The code in bss_dgram.c checks if IP_MTUDISCOVER is defined, where it should test for IP_MTU_DISCOVER RT#3888 Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit 0baaff1a76d4c91b9c1121059be63175454d7b03) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index dc4479f..6493a38 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -897,7 +897,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) perror("setsockopt"); ret = -1; } -# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTUDISCOVER) +# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, &sockopt_val, sizeof(sockopt_val))) < 0) { From rsalz at openssl.org Tue Jun 2 15:24:55 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 02 Jun 2015 15:24:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433258695.464549.32147.nullmailer@dev.openssl.org> The branch master has been updated via 8846adbd36c1de2b0d38a73ca32e28fde50083b8 (commit) from 0baaff1a76d4c91b9c1121059be63175454d7b03 (commit) - Log ----------------------------------------------------------------- commit 8846adbd36c1de2b0d38a73ca32e28fde50083b8 Author: Olaf Johansson Date: Tue Jun 2 07:41:35 2015 -0400 GH249: Fix bad regexp in arg parsing. Signed-off-by: Rich Salz Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: tools/c_rehash.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/c_rehash.in b/tools/c_rehash.in index 887e927..b086ff9 100644 --- a/tools/c_rehash.in +++ b/tools/c_rehash.in @@ -15,13 +15,13 @@ my $symlink_exists=eval {symlink("",""); 1}; my $removelinks = 1; ## Parse flags. -while ( $ARGV[0] =~ '-.*' ) { +while ( $ARGV[0] =~ /^-/ ) { my $flag = shift @ARGV; last if ( $flag eq '--'); - if ( $flag =~ /-old/) { + if ( $flag eq '-old') { $x509hash = "-subject_hash_old"; $crlhash = "-hash_old"; - } elsif ( $flag =~ /-h/) { + } elsif ( $flag eq '-h') { help(); } elsif ( $flag eq '-n' ) { $removelinks = 0; From rsalz at openssl.org Tue Jun 2 15:25:31 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 02 Jun 2015 15:25:31 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433258731.140185.498.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via bd5b5b4c4bda92399bf2b96cf399d6fef107856e (commit) from 188f3f976764f2b0d486448a5054ea711f9b8abe (commit) - Log ----------------------------------------------------------------- commit bd5b5b4c4bda92399bf2b96cf399d6fef107856e Author: Olaf Johansson Date: Tue Jun 2 07:41:35 2015 -0400 GH249: Fix bad regexp in arg parsing. Signed-off-by: Rich Salz Reviewed-by: Richard Levitte (cherry picked from commit 8846adbd36c1de2b0d38a73ca32e28fde50083b8) ----------------------------------------------------------------------- Summary of changes: tools/c_rehash.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/c_rehash.in b/tools/c_rehash.in index 887e927..b086ff9 100644 --- a/tools/c_rehash.in +++ b/tools/c_rehash.in @@ -15,13 +15,13 @@ my $symlink_exists=eval {symlink("",""); 1}; my $removelinks = 1; ## Parse flags. -while ( $ARGV[0] =~ '-.*' ) { +while ( $ARGV[0] =~ /^-/ ) { my $flag = shift @ARGV; last if ( $flag eq '--'); - if ( $flag =~ /-old/) { + if ( $flag eq '-old') { $x509hash = "-subject_hash_old"; $crlhash = "-hash_old"; - } elsif ( $flag =~ /-h/) { + } elsif ( $flag eq '-h') { help(); } elsif ( $flag eq '-n' ) { $removelinks = 0; From rsalz at openssl.org Tue Jun 2 15:53:31 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 02 Jun 2015 15:53:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433260411.080944.7157.nullmailer@dev.openssl.org> The branch master has been updated via 45d051c82563a75b07ec54b63e3a5bbad388ab67 (commit) from 8846adbd36c1de2b0d38a73ca32e28fde50083b8 (commit) - Log ----------------------------------------------------------------- commit 45d051c82563a75b07ec54b63e3a5bbad388ab67 Author: Gunnar Kudrjavets Date: Wed May 13 15:13:55 2015 -0400 RT3848: Call SSL_COMP_free_compression_methods Signed-off-by: Rich Salz Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/openssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/openssl.c b/apps/openssl.c index e04ddce..9a152f5 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -189,6 +189,7 @@ static void apps_shutdown() CONF_modules_unload(1); #ifndef OPENSSL_NO_COMP COMP_zlib_cleanup(); + SSL_COMP_free_compression_methods(); #endif OBJ_cleanup(); EVP_cleanup(); From levitte at openssl.org Tue Jun 2 15:57:19 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jun 2015 15:57:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433260639.429631.8718.nullmailer@dev.openssl.org> The branch master has been updated via 3f131556d6678bc3754f1e6d98a9a5bfc24e368c (commit) from 45d051c82563a75b07ec54b63e3a5bbad388ab67 (commit) - Log ----------------------------------------------------------------- commit 3f131556d6678bc3754f1e6d98a9a5bfc24e368c Author: Richard Levitte Date: Sun May 31 17:47:31 2015 +0200 Add the macro OPENSSL_SYS_WIN64 This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: include/openssl/e_os2.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index eef2a0b..177b098 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -104,6 +104,12 @@ extern "C" { # define OPENSSL_SYS_WIN32 # endif # endif +# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYS_WINNT) # undef OPENSSL_SYS_UNIX # endif @@ -114,7 +120,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS From rsalz at openssl.org Tue Jun 2 15:58:13 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 02 Jun 2015 15:58:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433260693.308630.10152.nullmailer@dev.openssl.org> The branch master has been updated via f20bb4eb18b01979cb23b2ae4a60675c83c4ba91 (commit) from 3f131556d6678bc3754f1e6d98a9a5bfc24e368c (commit) - Log ----------------------------------------------------------------- commit f20bb4eb18b01979cb23b2ae4a60675c83c4ba91 Author: Jeffrey Walton Date: Wed May 13 15:27:57 2015 -0400 RT3472: Doc pkcs8 -iter flag is in OpenSSL 1.1 Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: doc/apps/pkcs8.pod | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod index 44c27f1..433e55c 100644 --- a/doc/apps/pkcs8.pod +++ b/doc/apps/pkcs8.pod @@ -83,9 +83,9 @@ see the B section in L. =item B<-iter count> -When creating new PKCS#8 containers, use a given number of iterations on the password -in deriving the encryption key for the PKCS#8 output. High values increase the time -required to brute-force a PKCS#8 container. +When creating new PKCS#8 containers, use a given number of iterations on +the password in deriving the encryption key for the PKCS#8 output. +High values increase the time required to brute-force a PKCS#8 container. =item B<-nocrypt> @@ -279,4 +279,8 @@ the old format at present. L, L, L, L +=head1 HISTORY + +The B<-iter> option was added to OpenSSL 1.1.0. + =cut From levitte at openssl.org Tue Jun 2 16:08:07 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jun 2015 16:08:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1433261287.419646.19812.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via f9603f2673154bfba52d24654bc6e5f5dd19a88a (commit) from 467daf6b6ef0753ccfc5c024c2f63c948354d698 (commit) - Log ----------------------------------------------------------------- commit f9603f2673154bfba52d24654bc6e5f5dd19a88a Author: Richard Levitte Date: Sun May 31 17:47:31 2015 +0200 Add the macro OPENSSL_SYS_WIN64 This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: Matt Caswell (cherry picked from commit 3f131556d6678bc3754f1e6d98a9a5bfc24e368c) Conflicts: e_os2.h ----------------------------------------------------------------------- Summary of changes: e_os2.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/e_os2.h b/e_os2.h index c9f2543..9d691e2 100644 --- a/e_os2.h +++ b/e_os2.h @@ -109,6 +109,12 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32 # endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYSNAME_WINNT) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINNT @@ -121,7 +127,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS From levitte at openssl.org Tue Jun 2 16:08:11 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jun 2015 16:08:11 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1433261291.334426.20016.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via a85eef72f5c12b1efbcf7abcbbabf0140fb997bf (commit) from 0ae3473e8578b547100389bd029873af0cd9a22e (commit) - Log ----------------------------------------------------------------- commit a85eef72f5c12b1efbcf7abcbbabf0140fb997bf Author: Richard Levitte Date: Sun May 31 17:47:31 2015 +0200 Add the macro OPENSSL_SYS_WIN64 This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: Matt Caswell (cherry picked from commit 3f131556d6678bc3754f1e6d98a9a5bfc24e368c) Conflicts: e_os2.h ----------------------------------------------------------------------- Summary of changes: e_os2.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/e_os2.h b/e_os2.h index ad61e72..cc2ae39 100644 --- a/e_os2.h +++ b/e_os2.h @@ -109,6 +109,12 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32 # endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYSNAME_WINNT) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINNT @@ -121,7 +127,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS From levitte at openssl.org Tue Jun 2 16:08:16 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jun 2015 16:08:16 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433261296.971146.20275.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 1977240204fbb85087d15a75c4a2169820eff787 (commit) from 939b4960276b040fc0ed52232238fcc9e2e9ec21 (commit) - Log ----------------------------------------------------------------- commit 1977240204fbb85087d15a75c4a2169820eff787 Author: Richard Levitte Date: Sun May 31 17:47:31 2015 +0200 Add the macro OPENSSL_SYS_WIN64 This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: Matt Caswell (cherry picked from commit 3f131556d6678bc3754f1e6d98a9a5bfc24e368c) Conflicts: e_os2.h ----------------------------------------------------------------------- Summary of changes: e_os2.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/e_os2.h b/e_os2.h index d400ac7..2b1b78f 100644 --- a/e_os2.h +++ b/e_os2.h @@ -109,6 +109,12 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32 # endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYSNAME_WINNT) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINNT @@ -121,7 +127,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS From levitte at openssl.org Tue Jun 2 16:08:19 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jun 2015 16:08:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433261299.395080.20450.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 858de8718f3125fe1e5dc30b289e8e00fff47357 (commit) from bd5b5b4c4bda92399bf2b96cf399d6fef107856e (commit) - Log ----------------------------------------------------------------- commit 858de8718f3125fe1e5dc30b289e8e00fff47357 Author: Richard Levitte Date: Sun May 31 17:47:31 2015 +0200 Add the macro OPENSSL_SYS_WIN64 This is for consistency. Additionally, have its presence define OPENSSL_SYS_WINDOWS as well. Reviewed-by: Matt Caswell (cherry picked from commit 3f131556d6678bc3754f1e6d98a9a5bfc24e368c) Conflicts: e_os2.h ----------------------------------------------------------------------- Summary of changes: e_os2.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/e_os2.h b/e_os2.h index 613607f..7be9989 100644 --- a/e_os2.h +++ b/e_os2.h @@ -109,6 +109,12 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32 # endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYSNAME_WINNT) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINNT @@ -121,7 +127,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS From rsalz at openssl.org Tue Jun 2 16:22:48 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 02 Jun 2015 16:22:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433262168.660896.24300.nullmailer@dev.openssl.org> The branch master has been updated via 366e2a60b2fcc727b061f1459343245476ad6c3b (commit) from f20bb4eb18b01979cb23b2ae4a60675c83c4ba91 (commit) - Log ----------------------------------------------------------------- commit 366e2a60b2fcc727b061f1459343245476ad6c3b Author: Rich Salz Date: Sat May 2 10:44:31 2015 -0400 RT832: Use REUSEADDR in ocsp responder I also re-ordered some of #ifdef's. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/ocsp.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 4c3aa39..5d3e646 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1010,22 +1010,27 @@ static BIO *init_responder(const char *port) { BIO *acbio = NULL, *bufbio = NULL; - bufbio = BIO_new(BIO_f_buffer()); - if (!bufbio) - goto err; -# ifndef OPENSSL_NO_SOCK - acbio = BIO_new_accept(port); -# else +# ifdef OPENSSL_NO_SOCK BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n"); + return NULL; # endif - if (!acbio) + bufbio = BIO_new(BIO_f_buffer()); + if (!bufbio) goto err; + acbio = BIO_new(BIO_s_accept()); + if (acbio == NULL + || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0 + || BIO_set_accept_port(acbio, port) < 0) { + BIO_printf(bio_err, "Error setting up accept BIO\n"); + ERR_print_errors(bio_err); + goto err; + } + BIO_set_accept_bios(acbio, bufbio); bufbio = NULL; - if (BIO_do_accept(acbio) <= 0) { - BIO_printf(bio_err, "Error setting up accept BIO\n"); + BIO_printf(bio_err, "Error starting accept\n"); ERR_print_errors(bio_err); goto err; } From rsalz at openssl.org Tue Jun 2 16:40:50 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 02 Jun 2015 16:40:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433263250.447920.28908.nullmailer@dev.openssl.org> The branch master has been updated via 9c3bcfa027cb32421ed20ab77553860b922b82fc (commit) from 366e2a60b2fcc727b061f1459343245476ad6c3b (commit) - Log ----------------------------------------------------------------- commit 9c3bcfa027cb32421ed20ab77553860b922b82fc Author: Rich Salz Date: Fri May 15 13:50:38 2015 -0400 Standardize handling of #ifdef'd options. Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/ciphers.c | 14 +++--- apps/cms.c | 15 ++++--- apps/crl.c | 16 +++---- apps/dgst.c | 2 +- apps/dhparam.c | 6 +-- apps/dsa.c | 24 ++++++----- apps/dsaparam.c | 6 +-- apps/ec.c | 6 +-- apps/enc.c | 12 +++--- apps/gendsa.c | 2 +- apps/genpkey.c | 1 + apps/passwd.c | 4 +- apps/pkcs12.c | 2 +- apps/req.c | 2 +- apps/rsa.c | 18 ++++---- apps/s_client.c | 130 ++++++++++++++++++++++++++------------------------------ apps/s_server.c | 127 +++++++++++++++++++++++++++++------------------------- apps/s_time.c | 6 +-- apps/speed.c | 16 +++---- apps/ts.c | 2 +- apps/verify.c | 2 +- apps/x509.c | 28 ++++++------ 22 files changed, 222 insertions(+), 219 deletions(-) diff --git a/apps/ciphers.c b/apps/ciphers.c index b1b3bdd..a2ccf28 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -64,12 +64,8 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, -#ifndef OPENSSL_NO_SSL_TRACE OPT_STDNAME, -#endif -#ifndef OPENSSL_NO_SSL3 OPT_SSL3, -#endif OPT_TLS1, OPT_V, OPT_UPPER_V, OPT_S } OPTION_CHOICE; @@ -79,13 +75,13 @@ OPTIONS ciphers_options[] = { {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, {"V", OPT_UPPER_V, '-', "Even more verbose"}, {"s", OPT_S, '-', "Only supported ciphers"}, + {"tls1", OPT_TLS1, '-', "TLS1 mode"}, #ifndef OPENSSL_NO_SSL_TRACE {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, #endif #ifndef OPENSSL_NO_SSL3 {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, #endif - {"tls1", OPT_TLS1, '-', "TLS1 mode"}, {NULL} }; @@ -125,16 +121,16 @@ int ciphers_main(int argc, char **argv) case OPT_S: use_supported = 1; break; -#ifndef OPENSSL_NO_SSL_TRACE case OPT_STDNAME: +#ifndef OPENSSL_NO_SSL_TRACE stdname = verbose = 1; - break; #endif -#ifndef OPENSSL_NO_SSL3 + break; case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_client_method(); - break; #endif + break; case OPT_TLS1: meth = TLSv1_client_method(); break; diff --git a/apps/cms.c b/apps/cms.c index 7ccca5b..e40686b 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -208,6 +208,8 @@ OPTIONS cms_options[] = { {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, {"receipt_request_from", OPT_RR_FROM, 's'}, {"receipt_request_to", OPT_RR_TO, 's'}, + {"", OPT_CIPHER, '-', "Any supported cipher"}, + OPT_V_OPTIONS, # ifndef OPENSSL_NO_AES {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"}, {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"}, @@ -219,9 +221,7 @@ OPTIONS cms_options[] = { # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, # endif - {"", OPT_CIPHER, '-', "Any supported cipher"}, - OPT_V_OPTIONS, - {NULL}, + {NULL} }; int cms_main(int argc, char **argv) @@ -588,11 +588,11 @@ int cms_main(int argc, char **argv) goto end; vpmtouched++; break; -# ifndef OPENSSL_NO_DES case OPT_3DES_WRAP: +# ifndef OPENSSL_NO_DES wrap_cipher = EVP_des_ede3_wrap(); - break; # endif + break; # ifndef OPENSSL_NO_AES case OPT_AES128_WRAP: wrap_cipher = EVP_aes_128_wrap(); @@ -603,6 +603,11 @@ int cms_main(int argc, char **argv) case OPT_AES256_WRAP: wrap_cipher = EVP_aes_256_wrap(); break; +# else + case OPT_AES128_WRAP: + case OPT_AES192_WRAP: + case OPT_AES256_WRAP: + break; # endif } } diff --git a/apps/crl.c b/apps/crl.c index 17391e2..c897335 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -95,11 +95,11 @@ OPTIONS crl_options[] = { {"verify", OPT_VERIFY, '-'}, {"text", OPT_TEXT, '-', "Print out a text format version"}, {"hash", OPT_HASH, '-', "Print hash value"}, + {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, + {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_MD5 {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"}, #endif - {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, - {"", OPT_MD, '-', "Any supported digest"}, {NULL} }; @@ -117,11 +117,11 @@ int crl_main(int argc, char **argv) char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; char *CAfile = NULL, *CApath = NULL, *prog; OPTION_CHOICE o; - int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = - 0, text = 0; + int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; - int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = - 0, i, do_ver = 0; + int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0; + int text = 0, do_ver = 0; + int i; #ifndef OPENSSL_NO_MD5 int hash_old = 0; #endif @@ -170,11 +170,11 @@ int crl_main(int argc, char **argv) CAfile = opt_arg(); do_ver = 1; break; -#ifndef OPENSSL_NO_MD5 case OPT_HASH_OLD: +#ifndef OPENSSL_NO_MD5 hash_old = ++num; - break; #endif + break; case OPT_VERIFY: do_ver = 1; break; diff --git a/apps/dgst.c b/apps/dgst.c index 308555c..e6142ca 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -111,11 +111,11 @@ OPTIONS dgst_options[] = { {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"}, {"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"}, + {"", OPT_DIGEST, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, {"engine_impl", OPT_ENGINE_IMPL, '-'}, #endif - {"", OPT_DIGEST, '-', "Any supported digest"}, {NULL} }; diff --git a/apps/dhparam.c b/apps/dhparam.c index 931bf10..2e5ce2c 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -153,13 +153,13 @@ OPTIONS dhparam_options[] = { {"C", OPT_C, '-', "Print C code"}, {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif # ifndef OPENSSL_NO_DSA {"dsaparam", OPT_DSAPARAM, '-', "Read or generate DSA parameters, convert to DH"}, # endif +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, +# endif {NULL} }; diff --git a/apps/dsa.c b/apps/dsa.c index f02f293..f61e151 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -82,14 +82,8 @@ OPTIONS dsa_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"}, {"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, - {"pvk-strong", OPT_PVK_STRONG, '-'}, - {"pvk-weak", OPT_PVK_WEAK, '-'}, - {"pvk-none", OPT_PVK_NONE, '-'}, {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key in text"}, {"modulus", OPT_MODULUS, '-', "Print the DSA public value"}, @@ -98,6 +92,14 @@ OPTIONS dsa_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +# ifndef OPENSSL_NO_RC4 + {"pvk-strong", OPT_PVK_STRONG, '-'}, + {"pvk-weak", OPT_PVK_WEAK, '-'}, + {"pvk-none", OPT_PVK_NONE, '-'}, +# endif +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, +# endif {NULL} }; @@ -118,11 +120,6 @@ int dsa_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: -#ifdef OPENSSL_NO_RC4 - case OPT_PVK_STRONG: - case OPT_PVK_WEAK: - case OPT_PVK_NONE: -#endif opthelp: ret = 0; BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); @@ -166,6 +163,11 @@ int dsa_main(int argc, char **argv) case OPT_PVK_NONE: pvk_encr = 0; break; +#else + case OPT_PVK_STRONG: + case OPT_PVK_WEAK: + case OPT_PVK_NONE: + break; #endif case OPT_NOOUT: noout = 1; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index ffd81ff..27170a2 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -103,12 +103,12 @@ OPTIONS dsaparam_options[] = { {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, {"rand", OPT_RAND, 's', "Files to use for random number input"}, {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif # ifdef GENCB_TEST {"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"}, # endif +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, +# endif {NULL} }; diff --git a/apps/ec.c b/apps/ec.c index 83a6aa4..341243f 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -92,9 +92,6 @@ OPTIONS ec_options[] = { {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, {"out", OPT_OUT, '>', "Output file"}, {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key"}, {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"}, @@ -106,6 +103,9 @@ OPTIONS ec_options[] = { "Specifies the way the ec parameters are encoded"}, {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +# endif {NULL} }; diff --git a/apps/enc.c b/apps/enc.c index d045d15..628142a 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -92,9 +92,6 @@ OPTIONS enc_options[] = { {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"pass", OPT_PASS, 's', "Passphrase source"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif {"e", OPT_E, '-', "Encrypt"}, {"d", OPT_D, '-', "Decrypt"}, {"p", OPT_P, '-', "Print the iv/key"}, @@ -107,9 +104,6 @@ OPTIONS enc_options[] = { {"A", OPT_UPPER_A, '-'}, {"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"}, {"base64", OPT_A, '-', "Base64 output as a single line"}, -#ifdef ZLIB - {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, -#endif {"bufsize", OPT_BUFSIZE, 's', "Buffer size"}, {"k", OPT_K, 's', "Passphrase"}, {"kfile", OPT_KFILE, '<', "Fead passphrase from file"}, @@ -120,6 +114,12 @@ OPTIONS enc_options[] = { {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, {"none", OPT_NONE, '-', "Don't encrypt"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +#ifdef ZLIB + {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, +#endif +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif {NULL} }; diff --git a/apps/gendsa.c b/apps/gendsa.c index a832ec3..01bbceb 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -84,10 +84,10 @@ OPTIONS gendsa_options[] = { {"passout", OPT_PASSOUT, 's'}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, + {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif - {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, {NULL} }; diff --git a/apps/genpkey.c b/apps/genpkey.c index b9843cf..7c8d551 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -89,6 +89,7 @@ OPTIONS genpkey_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + /* This is deliberately last. */ {OPT_HELP_STR, 1, 1, "Order of options may be important! See the documentation.\n"}, {NULL} diff --git a/apps/passwd.c b/apps/passwd.c index f34ef9f..2e37629 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -101,6 +101,8 @@ OPTIONS passwd_options[] = { {"quiet", OPT_QUIET, '-', "No warnings"}, {"table", OPT_TABLE, '-', "Format output as table"}, {"reverse", OPT_REVERSE, '-', "Switch table columns"}, + {"salt", OPT_SALT, 's', "Use provided salt"}, + {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, # ifndef NO_MD5CRYPT_1 {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, {"1", OPT_1, '-', "MD5-based password algorithm"}, @@ -108,8 +110,6 @@ OPTIONS passwd_options[] = { # ifndef OPENSSL_NO_DES {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"}, # endif - {"salt", OPT_SALT, 's', "Use provided salt"}, - {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, {NULL} }; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 82131e8..9ab7f69 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -149,10 +149,10 @@ OPTIONS pkcs12_options[] = { {"password", OPT_PASSWORD, 's', "Set import/export password source"}, {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"}, {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"}, + {"", OPT_CIPHER, '-', "Any supported cipher"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif - {"", OPT_CIPHER, '-', "Any supported cipher"}, {NULL} }; diff --git a/apps/req.c b/apps/req.c index 3bae59e..00d7c4a 100644 --- a/apps/req.c +++ b/apps/req.c @@ -176,11 +176,11 @@ OPTIONS req_options[] = { "Cert extension section (override value in config file)"}, {"reqexts", OPT_REQEXTS, 's', "Request extension section (override value in config file)"}, + {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"keygen_engine", OPT_KEYGEN_ENGINE, 's'}, #endif - {"", OPT_MD, '-', "Any supported digest"}, {NULL} }; diff --git a/apps/rsa.c b/apps/rsa.c index 87cb702..51581ae 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -138,14 +138,16 @@ OPTIONS rsa_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"}, {"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"}, - {"pvk-strong", OPT_PVK_STRONG, '-'}, - {"pvk-weak", OPT_PVK_WEAK, '-'}, - {"pvk-none", OPT_PVK_NONE, '-'}, {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key in text"}, {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"}, {"check", OPT_CHECK, '-', "Verify key consistency"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +# ifdef OPENSSL_NO_RC4 + {"pvk-strong", OPT_PVK_STRONG, '-'}, + {"pvk-weak", OPT_PVK_WEAK, '-'}, + {"pvk-none", OPT_PVK_NONE, '-'}, +# endif # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif @@ -170,11 +172,6 @@ int rsa_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: -#ifdef OPENSSL_NO_RC4 - case OPT_PVK_STRONG: - case OPT_PVK_WEAK: - case OPT_PVK_NONE: -#endif opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; @@ -227,6 +224,11 @@ int rsa_main(int argc, char **argv) case OPT_PVK_NONE: pvk_encr = 0; break; +#else + case OPT_PVK_STRONG: + case OPT_PVK_WEAK: + case OPT_PVK_NONE: + break; #endif case OPT_NOOUT: noout = 1; diff --git a/apps/s_client.c b/apps/s_client.c index 009e5fe..22aa270 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -509,17 +509,9 @@ OPTIONS s_client_options[] = { {"quiet", OPT_QUIET, '-', "No s_client output"}, {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"}, {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"}, -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, -#endif {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just use TLSv1"}, - {"dtls", OPT_DTLS, '-'}, - {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, - {"dtls1_2", OPT_DTLS1_2, '-'}, - {"timeout", OPT_TIMEOUT, '-'}, - {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, {"starttls", OPT_STARTTLS, 's', "Use the STARTTLS command before starting TLS"}, {"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""}, @@ -534,6 +526,48 @@ OPTIONS s_client_options[] = { {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', "Export len bytes of keying material (default 20)"}, {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"}, + {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, + {"CRL", OPT_CRL, '<'}, + {"crl_download", OPT_CRL_DOWNLOAD, '-'}, + {"CRLform", OPT_CRLFORM, 'F'}, + {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'}, + {"verify_quiet", OPT_VERIFY_QUIET, '-'}, + {"brief", OPT_BRIEF, '-'}, + {"prexit", OPT_PREXIT, '-'}, + {"security_debug", OPT_SECURITY_DEBUG, '-'}, + {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, + {"cert_chain", OPT_CERT_CHAIN, '<'}, + {"chainCApath", OPT_CHAINCAPATH, '/'}, + {"verifyCApath", OPT_VERIFYCAPATH, '/'}, + {"build_chain", OPT_BUILD_CHAIN, '-'}, + {"chainCAfile", OPT_CHAINCAFILE, '<'}, + {"verifyCAfile", OPT_VERIFYCAFILE, '<'}, + {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, + {"servername", OPT_SERVERNAME, 's', + "Set TLS extension servername in ClientHello"}, + {"tlsextdebug", OPT_TLSEXTDEBUG, '-', + "Hex dump of all TLS extensions received"}, + {"status", OPT_STATUS, '-', "Request certificate status from server"}, + {"serverinfo", OPT_SERVERINFO, 's', + "types Send empty ClientHello extensions (comma-separated numbers)"}, + {"alpn", OPT_ALPN, 's', + "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, + OPT_S_OPTIONS, + OPT_V_OPTIONS, + OPT_X_OPTIONS, +#ifndef OPENSSL_NO_SSL3 + {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, +#endif +#ifndef OPENSSL_NO_DTLS1 + {"dtls", OPT_DTLS, '-'}, + {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, + {"dtls1_2", OPT_DTLS1_2, '-'}, + {"timeout", OPT_TIMEOUT, '-'}, + {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, +#endif +#ifndef OPENSSL_NO_SSL_TRACE + {"trace", OPT_TRACE, '-'}, +#endif #ifdef WATT32 {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"}, #endif @@ -556,44 +590,14 @@ OPTIONS s_client_options[] = { "Tolerate other than the known g N values."}, {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"}, #endif - {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, - {"servername", OPT_SERVERNAME, 's', - "Set TLS extension servername in ClientHello"}, - {"tlsextdebug", OPT_TLSEXTDEBUG, '-', - "Hex dump of all TLS extensions received"}, - {"status", OPT_STATUS, '-', "Request certificate status from server"}, - {"serverinfo", OPT_SERVERINFO, 's', - "types Send empty ClientHello extensions (comma-separated numbers)"}, - {"alpn", OPT_ALPN, 's', - "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, #ifndef OPENSSL_NO_NEXTPROTONEG {"nextprotoneg", OPT_NEXTPROTONEG, 's', "Enable NPN extension, considering named protocols supported (comma-separated list)"}, #endif - {"CRL", OPT_CRL, '<'}, - {"crl_download", OPT_CRL_DOWNLOAD, '-'}, - {"CRLform", OPT_CRLFORM, 'F'}, - {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'}, - {"verify_quiet", OPT_VERIFY_QUIET, '-'}, - {"brief", OPT_BRIEF, '-'}, - {"prexit", OPT_PREXIT, '-'}, - {"trace", OPT_TRACE, '-'}, - {"security_debug", OPT_SECURITY_DEBUG, '-'}, - {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, - {"cert_chain", OPT_CERT_CHAIN, '<'}, - {"chainCApath", OPT_CHAINCAPATH, '/'}, - {"verifyCApath", OPT_VERIFYCAPATH, '/'}, - {"build_chain", OPT_BUILD_CHAIN, '-'}, - {"chainCAfile", OPT_CHAINCAFILE, '<'}, - {"verifyCAfile", OPT_VERIFYCAFILE, '<'}, - {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'}, #endif - OPT_S_OPTIONS, - OPT_V_OPTIONS, - OPT_X_OPTIONS, {NULL} }; @@ -706,29 +710,6 @@ int s_client_main(int argc, char **argv) prog = opt_init(argc, argv, s_client_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { -#ifndef WATT32 - case OPT_WDEBUG: -#endif -#ifdef OPENSSL_NO_JPAKE - case OPT_JPAKE: -#endif -#ifdef OPENSSL_NO_SSL_TRACE - case OPT_TRACE: -#endif -#ifdef OPENSSL_NO_PSK - case OPT_PSK_IDENTITY: - case OPT_PSK: -#endif -#ifdef OPENSSL_NO_SSL3 - case OPT_SSL3: -#endif -#ifdef OPENSSL_NO_DTLS1 - case OPT_DTLS: - case OPT_DTLS1: - case OPT_DTLS1_2: - case OPT_TIMEOUT: - case OPT_MTU: -#endif case OPT_EOF: case OPT_ERR: opthelp: @@ -866,22 +847,22 @@ int s_client_main(int argc, char **argv) case OPT_STATUS: c_status_req = 1; break; -#ifdef WATT32 case OPT_WDEBUG: +#ifdef WATT32 dbug_init(); - break; #endif + break; case OPT_MSG: c_msg = 1; break; case OPT_MSGFILE: bio_c_msg = BIO_new_file(opt_arg(), "w"); break; -#ifndef OPENSSL_NO_SSL_TRACE case OPT_TRACE: +#ifndef OPENSSL_NO_SSL_TRACE c_msg = 2; - break; #endif + break; case OPT_SECURITY_DEBUG: sdebug = 1; break; @@ -908,6 +889,9 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key); goto end; } +#else + case OPT_PSK_IDENTITY: + case OPT_PSK: break; #endif #ifndef OPENSSL_NO_SRP @@ -941,11 +925,11 @@ int s_client_main(int argc, char **argv) case OPT_SRP_MOREGROUPS: break; #endif -#ifndef OPENSSL_NO_SSL3 case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_client_method(); - break; #endif + break; case OPT_TLS1_2: meth = TLSv1_2_client_method(); break; @@ -974,6 +958,13 @@ int s_client_main(int argc, char **argv) case OPT_MTU: socket_mtu = atol(opt_arg()); break; +#else + case OPT_DTLS: + case OPT_DTLS1: + case OPT_DTLS1_2: + case OPT_TIMEOUT: + case OPT_MTU: + break; #endif case OPT_FALLBACKSCSV: fallback_scsv = 1; @@ -1038,13 +1029,12 @@ int s_client_main(int argc, char **argv) goto end; case OPT_SERVERNAME: servername = opt_arg(); - /* meth=TLSv1_client_method(); */ break; -#ifndef OPENSSL_NO_JPAKE case OPT_JPAKE: +#ifndef OPENSSL_NO_JPAKE jpake_secret = opt_arg(); - break; #endif + break; case OPT_USE_SRTP: srtp_profiles = opt_arg(); break; diff --git a/apps/s_server.c b/apps/s_server.c index 189019d..6bd0257 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -806,9 +806,7 @@ typedef enum OPTION_choice { OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE, OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, -#ifndef OPENSSL_NO_SSL3 OPT_SSL3, -#endif OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, @@ -821,7 +819,6 @@ typedef enum OPTION_choice { OPTIONS s_server_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"port", OPT_PORT, 'p'}, {"accept", OPT_PORT, 'p', "TCP/IP port to accept on (default is " PORT_STR ")"}, @@ -851,9 +848,6 @@ OPTIONS s_server_options[] = { {"dkeyform", OPT_DKEYFORM, 'F', "Second key format (PEM, DER or ENGINE) PEM default"}, {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"}, -#ifdef FIONBIO - {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, -#endif {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"}, {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, {"debug", OPT_DEBUG, '-', "Print more output"}, @@ -865,47 +859,13 @@ OPTIONS s_server_options[] = { {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, {"quiet", OPT_QUIET, '-', "No server output"}, {"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"}, -#ifndef OPENSSL_NO_PSK - {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, - {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, -# ifndef OPENSSL_NO_JPAKE - {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, -# endif -#endif -#ifndef OPENSSL_NO_SRP - {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, - {"srpuserseed", OPT_SRPUSERSEED, 's', - "A seed string for a default user salt"}, -#endif -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, -#endif {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, -#ifndef OPENSSL_NO_DTLS1 - {"dtls", OPT_DTLS, '-'}, - {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, - {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, - {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, - {"mtu", OPT_MTU, 'p', "Set link layer MTU"}, - {"chain", OPT_CHAIN, '-', "Read a certificate chain"}, -#endif -#ifndef OPENSSL_NO_DH - {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, -#endif -#ifndef OPENSSL_NO_EC - {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"}, -#endif {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-', "Disable caching and tickets if ephemeral (EC)DH is used"}, {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"}, {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"}, - {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"}, - {"id_prefix", OPT_ID_PREFIX, 's', - "Generate SSL/TLS session IDs prefixed by arg"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, {"servername", OPT_SERVERNAME, 's', "Servername for HostName TLS extension"}, {"servername_fatal", OPT_SERVERNAME_FATAL, '-', @@ -916,14 +876,11 @@ OPTIONS s_server_options[] = { "-Private Key file to use for servername if not in -cert2"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, -#ifndef OPENSSL_NO_NEXTPROTONEG - {"nextprotoneg", OPT_NEXTPROTONEG, 's', - "Set the advertised protocols for the NPN extension (comma-separated list)"}, -#endif - {"use_srtp", OPT_SRTP_PROFILES, '<', - "Offer SRTP key management with a colon-separated profile list"}, - {"alpn", OPT_ALPN, 's', - "Set the advertised protocols for the ALPN extension (comma-separated list)"}, + {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"}, + {"id_prefix", OPT_ID_PREFIX, 's', + "Generate SSL/TLS session IDs prefixed by arg"}, + {"rand", OPT_RAND, 's', + "Load the file(s) into the random number generator"}, {"keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label"}, {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', @@ -953,12 +910,54 @@ OPTIONS s_server_options[] = { {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, {"brief", OPT_BRIEF, '-'}, {"rev", OPT_REV, '-'}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's'}, -#endif OPT_S_OPTIONS, OPT_V_OPTIONS, OPT_X_OPTIONS, +#ifdef FIONBIO + {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, +#endif +#ifndef OPENSSL_NO_PSK + {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, + {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, +# ifndef OPENSSL_NO_JPAKE + {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, +# endif +#endif +#ifndef OPENSSL_NO_SRP + {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, + {"srpuserseed", OPT_SRPUSERSEED, 's', + "A seed string for a default user salt"}, +#endif +#ifndef OPENSSL_NO_SSL3 + {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, +#endif +#ifndef OPENSSL_NO_DTLS1 + {"dtls", OPT_DTLS, '-'}, + {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, + {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, + {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, + {"mtu", OPT_MTU, 'p', "Set link layer MTU"}, + {"chain", OPT_CHAIN, '-', "Read a certificate chain"}, +#endif +#ifndef OPENSSL_NO_DH + {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, +#endif +#ifndef OPENSSL_NO_EC + {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"}, +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG + {"nextprotoneg", OPT_NEXTPROTONEG, 's', + "Set the advertised protocols for the NPN extension (comma-separated list)"}, +#endif +#ifndef OPENSSL_NO_SRTP + {"use_srtp", OPT_SRTP_PROFILES, '<', + "Offer SRTP key management with a colon-separated profile list"}, + {"alpn", OPT_ALPN, 's', + "Set the advertised protocols for the ALPN extension (comma-separated list)"}, +#endif +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's'}, +#endif {NULL} }; @@ -1246,13 +1245,11 @@ int s_server_main(int argc, char *argv[]) case OPT_MSGFILE: bio_s_msg = BIO_new_file(opt_arg(), "w"); break; -#ifndef OPENSSL_NO_SSL_TRACE case OPT_TRACE: +#ifndef OPENSSL_NO_SSL_TRACE s_msg = 2; - break; #else - case OPT_TRACE: - goto opthelp; + break; #endif case OPT_SECURITY_DEBUG: sdebug = 1; @@ -1296,6 +1293,10 @@ int s_server_main(int argc, char *argv[]) goto end; } break; +#else + case OPT_PSK_HINT: + case OPT_PSK: + break; #endif #ifndef OPENSSL_NO_SRP case OPT_SRPVFILE: @@ -1323,11 +1324,11 @@ int s_server_main(int argc, char *argv[]) case OPT_HTTP: www = 3; break; -#ifndef OPENSSL_NO_SSL3 case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_server_method(); - break; #endif + break; case OPT_TLS1_2: meth = TLSv1_2_server_method(); break; @@ -1359,6 +1360,14 @@ int s_server_main(int argc, char *argv[]) case OPT_CHAIN: cert_chain = 1; break; +#else + case OPT_DTLS: + case OPT_DTLS1: + case OPT_DTLS1_2: + case OPT_TIMEOUT: + case OPT_MTU: + case OPT_CHAIN: + break; #endif case OPT_ID_PREFIX: session_id_prefix = opt_arg(); @@ -1381,11 +1390,11 @@ int s_server_main(int argc, char *argv[]) case OPT_KEY2: s_key_file2 = opt_arg(); break; -#ifndef OPENSSL_NO_NEXTPROTONEG case OPT_NEXTPROTONEG: +# ifndef OPENSSL_NO_NEXTPROTONEG next_proto_neg_in = opt_arg(); - break; #endif + break; case OPT_ALPN: alpn_in = opt_arg(); break; diff --git a/apps/s_time.c b/apps/s_time.c index 74decd2..4f56174 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -114,9 +114,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH, OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME, -#ifndef OPENSSL_NO_SSL3 OPT_SSL3, -#endif OPT_WWW } OPTION_CHOICE; @@ -227,11 +225,11 @@ int s_time_main(int argc, char **argv) goto end; } break; -#ifndef OPENSSL_NO_SSL3 case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_client_method(); - break; #endif + break; } } argc = opt_num_rest(); diff --git a/apps/speed.c b/apps/speed.c index b93237e..45a060f 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -358,19 +358,19 @@ OPTIONS speed_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, + {"evp", OPT_EVP, 's', "Use specified EVP cipher"}, + {"decrypt", OPT_DECRYPT, '-', + "Time decryption instead of encryption (only EVP)"}, + {"mr", OPT_MR, '-', "Produce machine readable output"}, + {"mb", OPT_MB, '-'}, + {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"}, #if defined(TIMES) || defined(USE_TOD) {"elapsed", OPT_ELAPSED, '-', "Measure time in real time instead of CPU user time"}, #endif - {"evp", OPT_EVP, 's', "Use specified EVP cipher"}, - {"decrypt", OPT_DECRYPT, '-', - "Time decryption instead of encryption (only EVP)"}, #ifndef NO_FORK {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"}, #endif - {"mr", OPT_MR, '-', "Produce machine readable output"}, - {"mb", OPT_MB, '-'}, - {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif @@ -829,11 +829,11 @@ int speed_main(int argc, char **argv) case OPT_ENGINE: (void)setup_engine(opt_arg(), 0); break; -#ifndef NO_FORK case OPT_MULTI: +#ifndef NO_FORK multi = atoi(opt_arg()); - break; #endif + break; case OPT_MISALIGN: if (!opt_int(opt_arg(), &misalign)) goto end; diff --git a/apps/ts.c b/apps/ts.c index dfbf7ea..feec34b 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -151,10 +151,10 @@ OPTIONS ts_options[] = { {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"}, {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"}, {"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"}, + {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif - {"", OPT_MD, '-', "Any supported digest"}, {NULL} }; diff --git a/apps/verify.c b/apps/verify.c index 0235194..227b85b 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -91,10 +91,10 @@ OPTIONS verify_options[] = { {"CRLfile", OPT_CRLFILE, '<'}, {"crl_download", OPT_CRL_DOWNLOAD, '-'}, {"show_chain", OPT_SHOW_CHAIN, '-'}, + OPT_V_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif - OPT_V_OPTIONS, {NULL} }; diff --git a/apps/x509.c b/apps/x509.c index 77a2a6b..0345cf0 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -107,13 +107,9 @@ typedef enum OPTION_choice { OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST, OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST, OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID, -#ifndef OPENSSL_NO_MD5 OPT_SUBJECT_HASH_OLD, OPT_ISSUER_HASH_OLD, -#endif -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL OPT_FORCE_VERSION, -#endif OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT } OPTION_CHOICE; @@ -130,12 +126,6 @@ OPTIONS x509_options[] = { {"serial", OPT_SERIAL, '-', "Print serial number value"}, {"subject_hash", OPT_HASH, '-', "Print subject hash value"}, {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"}, -#ifndef OPENSSL_NO_MD5 - {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', - "Print old-style (MD5) subject hash value"}, -#endif {"hash", OPT_HASH, '-', "Synonym for -subject_hash"}, {"subject", OPT_SUBJECT, '-', "Print subject DN"}, {"issuer", OPT_ISSUER, '-', "Print issuer DN"}, @@ -194,12 +184,18 @@ OPTIONS x509_options[] = { {"clrreject", OPT_CLRREJECT, '-'}, {"badsig", OPT_BADSIG, '-'}, {"", OPT_MD, '-', "Any supported digest"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#ifndef OPENSSL_NO_MD5 + {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', + "Print old-style (MD5) issuer hash value"}, + {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', + "Print old-style (MD5) subject hash value"}, #endif #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL {"force_version", OPT_FORCE_VERSION, 'p'}, #endif +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif {NULL} }; @@ -291,11 +287,11 @@ int x509_main(int argc, char **argv) if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) goto opthelp; break; -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL case OPT_FORCE_VERSION: +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL force_version = atoi(opt_arg()) - 1; - break; #endif + break; case OPT_DAYS: days = atoi(opt_arg()); break; @@ -459,6 +455,10 @@ int x509_main(int argc, char **argv) case OPT_ISSUER_HASH_OLD: issuer_hash_old = ++num; break; +#else + case OPT_SUBJECT_HASH_OLD: + case OPT_ISSUER_HASH_OLD: + break; #endif case OPT_DATES: startdate = ++num; From rsalz at openssl.org Tue Jun 2 21:17:07 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 02 Jun 2015 21:17:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433279827.031331.16630.nullmailer@dev.openssl.org> The branch master has been updated via 591b7aef05b22cba09b179e5787a9bf40dfc9508 (commit) from 9c3bcfa027cb32421ed20ab77553860b922b82fc (commit) - Log ----------------------------------------------------------------- commit 591b7aef05b22cba09b179e5787a9bf40dfc9508 Author: Annie Yousar Date: Sun May 3 09:05:47 2015 -0400 RT3230: Better test for C identifier objects.pl only looked for a space to see if the name could be used as a C identifier. Improve the test to match the real C rules. Signed-off-by: Rich Salz Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.README | 8 ++++---- crypto/objects/objects.pl | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/objects/objects.README b/crypto/objects/objects.README index 4d74550..cb1d216 100644 --- a/crypto/objects/objects.README +++ b/crypto/objects/objects.README @@ -8,9 +8,9 @@ The basic syntax for adding an object is as follows: 1 2 3 4 : shortName : Long Name - If the long name doesn't contain spaces, or no short name - exists, the long name is used as basis for the base name - in C. Otherwise, the short name is used. + If Long Name contains only word characters and hyphen-minus + (0x2D) or full stop (0x2E) then Long Name is used as basis + for the base name in C. Otherwise, the shortName is used. The base name (let's call it 'base') will then be used to create the C macros SN_base, LN_base, NID_base and OBJ_base. @@ -22,7 +22,7 @@ Then there are some extra commands: !Alias foo 1 2 3 4 - This juts makes a name foo for an OID. The C macro + This just makes a name foo for an OID. The C macro OBJ_foo will be created as a result. !Cname foo diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index d0ed459..389dc34 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -67,7 +67,7 @@ while () $myoid = &process_oid($myoid); } - if ($Cname eq "" && !($myln =~ / /)) + if ($Cname eq "" && ($myln =~ /^[_A-Za-z][\w.-]*$/ )) { $Cname = $myln; $Cname =~ s/\./_/g; From rsalz at openssl.org Tue Jun 2 21:17:50 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 02 Jun 2015 21:17:50 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433279870.025032.17496.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via fb22f7406485f1c4e08dbf065d75146c2336b345 (commit) from 858de8718f3125fe1e5dc30b289e8e00fff47357 (commit) - Log ----------------------------------------------------------------- commit fb22f7406485f1c4e08dbf065d75146c2336b345 Author: Annie Yousar Date: Sun May 3 09:05:47 2015 -0400 RT3230: Better test for C identifier objects.pl only looked for a space to see if the name could be used as a C identifier. Improve the test to match the real C rules. Signed-off-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit 591b7aef05b22cba09b179e5787a9bf40dfc9508) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.README | 8 ++++---- crypto/objects/objects.pl | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/objects/objects.README b/crypto/objects/objects.README index 4d74550..cb1d216 100644 --- a/crypto/objects/objects.README +++ b/crypto/objects/objects.README @@ -8,9 +8,9 @@ The basic syntax for adding an object is as follows: 1 2 3 4 : shortName : Long Name - If the long name doesn't contain spaces, or no short name - exists, the long name is used as basis for the base name - in C. Otherwise, the short name is used. + If Long Name contains only word characters and hyphen-minus + (0x2D) or full stop (0x2E) then Long Name is used as basis + for the base name in C. Otherwise, the shortName is used. The base name (let's call it 'base') will then be used to create the C macros SN_base, LN_base, NID_base and OBJ_base. @@ -22,7 +22,7 @@ Then there are some extra commands: !Alias foo 1 2 3 4 - This juts makes a name foo for an OID. The C macro + This just makes a name foo for an OID. The C macro OBJ_foo will be created as a result. !Cname foo diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index d0ed459..389dc34 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -67,7 +67,7 @@ while () $myoid = &process_oid($myoid); } - if ($Cname eq "" && !($myln =~ / /)) + if ($Cname eq "" && ($myln =~ /^[_A-Za-z][\w.-]*$/ )) { $Cname = $myln; $Cname =~ s/\./_/g; From rsalz at openssl.org Tue Jun 2 21:18:00 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 02 Jun 2015 21:18:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433279880.771099.17748.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 32b2ad7e071d0e766da6956f5b0c9cf2ccb18388 (commit) from 1977240204fbb85087d15a75c4a2169820eff787 (commit) - Log ----------------------------------------------------------------- commit 32b2ad7e071d0e766da6956f5b0c9cf2ccb18388 Author: Annie Yousar Date: Sun May 3 09:05:47 2015 -0400 RT3230: Better test for C identifier objects.pl only looked for a space to see if the name could be used as a C identifier. Improve the test to match the real C rules. Signed-off-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit 591b7aef05b22cba09b179e5787a9bf40dfc9508) ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.README | 8 ++++---- crypto/objects/objects.pl | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/objects/objects.README b/crypto/objects/objects.README index 4d74550..cb1d216 100644 --- a/crypto/objects/objects.README +++ b/crypto/objects/objects.README @@ -8,9 +8,9 @@ The basic syntax for adding an object is as follows: 1 2 3 4 : shortName : Long Name - If the long name doesn't contain spaces, or no short name - exists, the long name is used as basis for the base name - in C. Otherwise, the short name is used. + If Long Name contains only word characters and hyphen-minus + (0x2D) or full stop (0x2E) then Long Name is used as basis + for the base name in C. Otherwise, the shortName is used. The base name (let's call it 'base') will then be used to create the C macros SN_base, LN_base, NID_base and OBJ_base. @@ -22,7 +22,7 @@ Then there are some extra commands: !Alias foo 1 2 3 4 - This juts makes a name foo for an OID. The C macro + This just makes a name foo for an OID. The C macro OBJ_foo will be created as a result. !Cname foo diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl index d0ed459..389dc34 100644 --- a/crypto/objects/objects.pl +++ b/crypto/objects/objects.pl @@ -67,7 +67,7 @@ while () $myoid = &process_oid($myoid); } - if ($Cname eq "" && !($myln =~ / /)) + if ($Cname eq "" && ($myln =~ /^[_A-Za-z][\w.-]*$/ )) { $Cname = $myln; $Cname =~ s/\./_/g; From matt at openssl.org Tue Jun 2 22:40:18 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 22:40:18 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433284818.291151.30343.nullmailer@dev.openssl.org> The branch master has been updated via 133dce447b259e0bb93076bf5fd0ce475d16910a (commit) from 591b7aef05b22cba09b179e5787a9bf40dfc9508 (commit) - Log ----------------------------------------------------------------- commit 133dce447b259e0bb93076bf5fd0ce475d16910a Author: Matt Caswell Date: Tue Jun 2 20:18:05 2015 +0100 Fix compilation failure for some tool chains Some tool chains (e.g. android) do not define IP_PMTUDISC_PROBE, and so this build breaks. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 7cd57bf..3f6cd50 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -882,7 +882,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) perror("setsockopt"); ret = -1; } -# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) +# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE) if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, &sockopt_val, sizeof(sockopt_val))) < 0) { From matt at openssl.org Tue Jun 2 22:40:39 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 02 Jun 2015 22:40:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433284839.117050.31048.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via b1d5b8a4a47f0f3c0e10c904b3b0fdc53a235fd0 (commit) from fb22f7406485f1c4e08dbf065d75146c2336b345 (commit) - Log ----------------------------------------------------------------- commit b1d5b8a4a47f0f3c0e10c904b3b0fdc53a235fd0 Author: Matt Caswell Date: Tue Jun 2 20:18:05 2015 +0100 Fix compilation failure for some tool chains Some tool chains (e.g. android) do not define IP_PMTUDISC_PROBE, and so this build breaks. Reviewed-by: Tim Hudson (cherry picked from commit 133dce447b259e0bb93076bf5fd0ce475d16910a) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 6493a38..7fcd831 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -897,7 +897,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) perror("setsockopt"); ret = -1; } -# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) +# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE) if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, &sockopt_val, sizeof(sockopt_val))) < 0) { From steve at openssl.org Wed Jun 3 14:32:15 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 03 Jun 2015 14:32:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433341935.436421.1019.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via adba3b3bf1e82b9fe38c986baa7d3c9366a81fab (commit) via ad0fb7f4988c8a717fe6bcb035304385fbdaef41 (commit) from b1d5b8a4a47f0f3c0e10c904b3b0fdc53a235fd0 (commit) - Log ----------------------------------------------------------------- commit adba3b3bf1e82b9fe38c986baa7d3c9366a81fab Author: Dr. Stephen Henson Date: Mon Jun 1 12:50:47 2015 +0100 make update Reviewed-by: Matt Caswell commit ad0fb7f4988c8a717fe6bcb035304385fbdaef41 Author: Sergey Agievich Date: Mon Jun 1 12:48:27 2015 +0100 Add funtions to set item_sign and item_verify PR#3872 Reviewed-by: Matt Caswell Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: apps/Makefile | 22 ---------------------- crypto/asn1/ameth_lib.c | 18 ++++++++++++++++++ crypto/evp/evp.h | 13 +++++++++++++ crypto/x509v3/Makefile | 32 ++++++++++++-------------------- util/libeay.num | 1 + 5 files changed, 44 insertions(+), 42 deletions(-) diff --git a/apps/Makefile b/apps/Makefile index 963780f..a6c9d54 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -567,28 +567,6 @@ ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c -openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h -openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h -openssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -openssl.o: ../include/openssl/err.h ../include/openssl/evp.h -openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -openssl.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -openssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -openssl.o: openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 02300df..5389c04 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -464,3 +464,21 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, { ameth->pkey_ctrl = pkey_ctrl; } + +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)) +{ + ameth->item_sign = item_sign; + ameth->item_verify = item_verify; +} diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 1d705cd..39ab793 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -1123,6 +1123,19 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); # define EVP_PKEY_OP_UNDEFINED 0 # define EVP_PKEY_OP_PARAMGEN (1<<1) diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile index 8cae749..9791b77 100644 --- a/crypto/x509v3/Makefile +++ b/crypto/x509v3/Makefile @@ -537,26 +537,18 @@ v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h v3_purp.o: ../cryptlib.h v3_purp.c v3_scts.o: ../../e_os.h ../../include/openssl/asn1.h v3_scts.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -v3_scts.o: ../../include/openssl/comp.h ../../include/openssl/conf.h -v3_scts.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -v3_scts.o: ../../include/openssl/dtls1.h ../../include/openssl/e_os2.h -v3_scts.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -v3_scts.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_scts.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -v3_scts.o: ../../include/openssl/kssl.h ../../include/openssl/lhash.h -v3_scts.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_scts.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_scts.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -v3_scts.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -v3_scts.o: ../../include/openssl/pqueue.h ../../include/openssl/rsa.h -v3_scts.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_scts.o: ../../include/openssl/srtp.h ../../include/openssl/ssl.h -v3_scts.o: ../../include/openssl/ssl2.h ../../include/openssl/ssl23.h -v3_scts.o: ../../include/openssl/ssl3.h ../../include/openssl/stack.h -v3_scts.o: ../../include/openssl/symhacks.h ../../include/openssl/tls1.h -v3_scts.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_scts.o: ../../include/openssl/x509v3.h ../../ssl/ssl_locl.h ../cryptlib.h -v3_scts.o: v3_scts.c +v3_scts.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_scts.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_scts.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_scts.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_scts.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_scts.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_scts.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_scts.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_scts.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_scts.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_scts.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_scts.o: ../cryptlib.h v3_scts.c v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h diff --git a/util/libeay.num b/util/libeay.num index b977e4e..7f7487d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4413,3 +4413,4 @@ ECDSA_METHOD_get_app_data 4770 EXIST::FUNCTION:ECDSA X509_VERIFY_PARAM_add1_host 4771 EXIST::FUNCTION: EC_GROUP_get_mont_data 4772 EXIST::FUNCTION:EC i2d_re_X509_tbs 4773 EXIST::FUNCTION: +EVP_PKEY_asn1_set_item 4774 EXIST::FUNCTION: From steve at openssl.org Wed Jun 3 14:40:29 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 03 Jun 2015 14:40:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433342429.510773.2909.nullmailer@dev.openssl.org> The branch master has been updated via 97cacc537eba474d27dea0f96796b3b754e60034 (commit) via 3418f7b7b01139dbf4a72d2bc71135d918d4cf11 (commit) from 133dce447b259e0bb93076bf5fd0ce475d16910a (commit) - Log ----------------------------------------------------------------- commit 97cacc537eba474d27dea0f96796b3b754e60034 Author: Dr. Stephen Henson Date: Wed Jun 3 15:37:39 2015 +0100 make update. Make update with manual edit so EVP_PKEY_asn1_set_item uses the same ordinal as 1.0.2. Reviewed-by: Matt Caswell commit 3418f7b7b01139dbf4a72d2bc71135d918d4cf11 Author: Sergey Agievich Date: Mon Jun 1 12:48:27 2015 +0100 Add funtions to set item_sign and item_verify PR#3872 Reviewed-by: Matt Caswell Reviewed-by: Stephen Henson (cherry picked from commit ad0fb7f4988c8a717fe6bcb035304385fbdaef41) Conflicts: crypto/asn1/ameth_lib.c ----------------------------------------------------------------------- Summary of changes: crypto/asn1/ameth_lib.c | 18 ++++++++++++++++++ crypto/bn/Makefile | 2 +- include/openssl/evp.h | 13 +++++++++++++ util/libeay.num | 4 ++-- 4 files changed, 34 insertions(+), 3 deletions(-) diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 1a61543..8060c18 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -466,3 +466,21 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, { ameth->pkey_security_bits = pkey_security_bits; } + +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)) +{ + ameth->item_sign = item_sign; + ameth->item_verify = item_verify; +} diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 7d55778..8875c41 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -247,7 +247,7 @@ bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_exp.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h -bn_exp.o: ../include/internal/cryptlib.h bn_exp.c bn_lcl.h rsaz_exp.h +bn_exp.o: ../include/internal/cryptlib.h bn_exp.c bn_lcl.h bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/include/openssl/evp.h b/include/openssl/evp.h index dd4d701..dff81b0 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1171,6 +1171,19 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2)); +void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *a, + ASN1_BIT_STRING *sig, + EVP_PKEY *pkey), + int (*item_sign) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, + void *asn, + X509_ALGOR *alg1, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_security_bits) (const EVP_PKEY diff --git a/util/libeay.num b/util/libeay.num index 27460f0..c297ef7 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4414,8 +4414,8 @@ ECDSA_METHOD_get_app_data 4770 EXIST::FUNCTION:EC X509_VERIFY_PARAM_add1_host 4771 EXIST::FUNCTION: EC_GROUP_get_mont_data 4772 EXIST::FUNCTION:EC i2d_re_X509_tbs 4773 EXIST::FUNCTION: -RSA_security_bits 4774 EXIST::FUNCTION:RSA -FIPS_ecdsa_verify_digest 4775 NOEXIST::FUNCTION: +EVP_PKEY_asn1_set_item 4774 EXIST::FUNCTION: +RSA_security_bits 4775 EXIST::FUNCTION:RSA FIPS_ecdsa_verify 4776 NOEXIST::FUNCTION: BN_security_bits 4777 EXIST::FUNCTION: FIPS_ecdsa_verify_ctx 4778 NOEXIST::FUNCTION: From matt at openssl.org Thu Jun 4 08:19:15 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 08:19:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433405955.756383.18102.nullmailer@dev.openssl.org> The branch master has been updated via 7322abf5cefdeb47c7d61f3b916c428bf2cd69b6 (commit) from 97cacc537eba474d27dea0f96796b3b754e60034 (commit) - Log ----------------------------------------------------------------- commit 7322abf5cefdeb47c7d61f3b916c428bf2cd69b6 Author: Matt Caswell Date: Wed May 6 11:40:06 2015 +0100 Fix DTLS session resumption The session object on the client side is initially created during construction of the ClientHello. If the client is DTLS1.2 capable then it will store 1.2 as the version for the session. However if the server is only DTLS1.0 capable then when the ServerHello comes back the client switches to using DTLS1.0 from then on. However the session version does not get updated. Therefore when the client attempts to resume that session the server throws an alert because of an incorrect protocol version. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index d6f53b0..888fe4f 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1036,7 +1036,7 @@ int ssl3_get_server_hello(SSL *s) al = SSL_AD_PROTOCOL_VERSION; goto f_err; } - s->version = s->method->version; + s->session->ssl_version = s->version = s->method->version; } else if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); s->version = (s->version & 0xff00) | p[1]; From matt at openssl.org Thu Jun 4 08:19:26 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 08:19:26 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433405966.627653.18814.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via af3aa2b5ef741a35394c92872cbdbab4d46b9c90 (commit) from adba3b3bf1e82b9fe38c986baa7d3c9366a81fab (commit) - Log ----------------------------------------------------------------- commit af3aa2b5ef741a35394c92872cbdbab4d46b9c90 Author: Matt Caswell Date: Wed May 6 11:40:06 2015 +0100 Fix DTLS session resumption The session object on the client side is initially created during construction of the ClientHello. If the client is DTLS1.2 capable then it will store 1.2 as the version for the session. However if the server is only DTLS1.0 capable then when the ServerHello comes back the client switches to using DTLS1.0 from then on. However the session version does not get updated. Therefore when the client attempts to resume that session the server throws an alert because of an incorrect protocol version. Reviewed-by: Tim Hudson (cherry picked from commit 7322abf5cefdeb47c7d61f3b916c428bf2cd69b6) Conflicts: ssl/s3_clnt.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index feb1e3b..609b005 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -958,7 +958,7 @@ int ssl3_get_server_hello(SSL *s) al = SSL_AD_PROTOCOL_VERSION; goto f_err; } - s->version = s->method->version; + s->session->ssl_version = s->version = s->method->version; } if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { From matt at openssl.org Thu Jun 4 08:34:19 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 08:34:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433406859.092783.22164.nullmailer@dev.openssl.org> The branch master has been updated via c56353071d9849220714d8a556806703771b9269 (commit) from 7322abf5cefdeb47c7d61f3b916c428bf2cd69b6 (commit) - Log ----------------------------------------------------------------- commit c56353071d9849220714d8a556806703771b9269 Author: Matt Caswell Date: Tue May 19 13:59:47 2015 +0100 Fix off-by-one error in BN_bn2hex A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_print.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index b0b70b5..f528a36 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + if (a->neg && BN_is_zero(a)) { + /* "-0" == 3 bytes including NULL terminator */ + buf = OPENSSL_malloc(3); + } else { + buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + } if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; From matt at openssl.org Thu Jun 4 08:34:29 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 08:34:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433406869.217266.22884.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 361071993182c0a37d421e2ea9a1f84ec4f1ac4f (commit) from af3aa2b5ef741a35394c92872cbdbab4d46b9c90 (commit) - Log ----------------------------------------------------------------- commit 361071993182c0a37d421e2ea9a1f84ec4f1ac4f Author: Matt Caswell Date: Tue May 19 13:59:47 2015 +0100 Fix off-by-one error in BN_bn2hex A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Tim Hudson (cherry picked from commit c56353071d9849220714d8a556806703771b9269) Conflicts: crypto/bn/bn_print.c ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_print.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 4dcaae3..ab10b95 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + if (a->neg && BN_is_zero(a)) { + /* "-0" == 3 bytes including NULL terminator */ + buf = OPENSSL_malloc(3); + } else { + buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + } if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; From matt at openssl.org Thu Jun 4 08:34:44 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 08:34:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433406884.774064.23129.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 05bdebb6e011459555795bab20f2e95786153dcc (commit) from 32b2ad7e071d0e766da6956f5b0c9cf2ccb18388 (commit) - Log ----------------------------------------------------------------- commit 05bdebb6e011459555795bab20f2e95786153dcc Author: Matt Caswell Date: Tue May 19 13:59:47 2015 +0100 Fix off-by-one error in BN_bn2hex A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Tim Hudson (cherry picked from commit c56353071d9849220714d8a556806703771b9269) Conflicts: crypto/bn/bn_print.c ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_print.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 4dcaae3..ab10b95 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + if (a->neg && BN_is_zero(a)) { + /* "-0" == 3 bytes including NULL terminator */ + buf = OPENSSL_malloc(3); + } else { + buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + } if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; From matt at openssl.org Thu Jun 4 08:35:12 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 08:35:12 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1433406912.143202.23421.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 0d3a7e7c9147357ca69993944a279cd0931963d5 (commit) from a85eef72f5c12b1efbcf7abcbbabf0140fb997bf (commit) - Log ----------------------------------------------------------------- commit 0d3a7e7c9147357ca69993944a279cd0931963d5 Author: Matt Caswell Date: Tue May 19 13:59:47 2015 +0100 Fix off-by-one error in BN_bn2hex A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Tim Hudson (cherry picked from commit c56353071d9849220714d8a556806703771b9269) Conflicts: crypto/bn/bn_print.c ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_print.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index a55836f..937d513 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + if (a->neg && BN_is_zero(a)) { + /* "-0" == 3 bytes including NULL terminator */ + buf = OPENSSL_malloc(3); + } else { + buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + } if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; From matt at openssl.org Thu Jun 4 08:35:27 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 08:35:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1433406927.317176.23681.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 9759ff0cd908270fad328ba7f35fed021e619868 (commit) from f9603f2673154bfba52d24654bc6e5f5dd19a88a (commit) - Log ----------------------------------------------------------------- commit 9759ff0cd908270fad328ba7f35fed021e619868 Author: Matt Caswell Date: Tue May 19 13:59:47 2015 +0100 Fix off-by-one error in BN_bn2hex A BIGNUM can have the value of -0. The function BN_bn2hex fails to account for this and can allocate a buffer one byte too short in the event of -0 being used, leading to a one byte buffer overrun. All usage within the OpenSSL library is considered safe. Any security risk is considered negligible. With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Tim Hudson (cherry picked from commit c56353071d9849220714d8a556806703771b9269) Conflicts: crypto/bn/bn_print.c ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_print.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 15bc51a..6117653 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + if (a->neg && BN_is_zero(a)) { + /* "-0" == 3 bytes including NULL terminator */ + buf = OPENSSL_malloc(3); + } else { + buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + } if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; From matt at openssl.org Thu Jun 4 11:48:15 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 11:48:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433418495.740514.20624.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e (commit) from 361071993182c0a37d421e2ea9a1f84ec4f1ac4f (commit) - Log ----------------------------------------------------------------- commit 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e Author: Matt Caswell Date: Thu Jun 4 11:41:30 2015 +0100 Clean Kerberos pre-master secret Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index f0a16c4..de984c8 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2411,6 +2411,7 @@ int ssl3_get_client_key_exchange(SSL *s) int padl, outl; krb5_timestamp authtime = 0; krb5_ticket_times ttimes; + int kerr = 0; EVP_CIPHER_CTX_init(&ciph_ctx); @@ -2514,23 +2515,27 @@ int ssl3_get_client_key_exchange(SSL *s) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } outl += padl; if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) { @@ -2547,7 +2552,8 @@ int ssl3_get_client_key_exchange(SSL *s) if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_AD_DECODE_ERROR); - goto err; + kerr = 1; + goto kclean; } } @@ -2573,6 +2579,11 @@ int ssl3_get_client_key_exchange(SSL *s) * kssl_ctx = kssl_ctx_free(kssl_ctx); * if (s->kssl_ctx) s->kssl_ctx = NULL; */ + + kclean: + OPENSSL_cleanse(pms, sizeof(pms)); + if (kerr) + goto err; } else #endif /* OPENSSL_NO_KRB5 */ From matt at openssl.org Thu Jun 4 11:48:38 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 11:48:38 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1433418518.847212.21241.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 91e64e142770bc13145346a5e89e9d95bc3e22dd (commit) from 0d3a7e7c9147357ca69993944a279cd0931963d5 (commit) - Log ----------------------------------------------------------------- commit 91e64e142770bc13145346a5e89e9d95bc3e22dd Author: Matt Caswell Date: Thu Jun 4 11:41:30 2015 +0100 Clean Kerberos pre-master secret Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e) ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8e30083..8d3244f 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2215,6 +2215,7 @@ int ssl3_get_client_key_exchange(SSL *s) int padl, outl; krb5_timestamp authtime = 0; krb5_ticket_times ttimes; + int kerr = 0; EVP_CIPHER_CTX_init(&ciph_ctx); @@ -2317,23 +2318,27 @@ int ssl3_get_client_key_exchange(SSL *s) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } outl += padl; if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) { @@ -2350,7 +2355,8 @@ int ssl3_get_client_key_exchange(SSL *s) if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_AD_DECODE_ERROR); - goto err; + kerr = 1; + goto kclean; } } @@ -2376,6 +2382,11 @@ int ssl3_get_client_key_exchange(SSL *s) * kssl_ctx = kssl_ctx_free(kssl_ctx); * if (s->kssl_ctx) s->kssl_ctx = NULL; */ + + kclean: + OPENSSL_cleanse(pms, sizeof(pms)); + if (kerr) + goto err; } else #endif /* OPENSSL_NO_KRB5 */ From matt at openssl.org Thu Jun 4 11:48:28 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 11:48:28 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433418508.228329.20950.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via c36d3840ff45a290ea7fe6fbaf1520fe3124b3cd (commit) from 05bdebb6e011459555795bab20f2e95786153dcc (commit) - Log ----------------------------------------------------------------- commit c36d3840ff45a290ea7fe6fbaf1520fe3124b3cd Author: Matt Caswell Date: Thu Jun 4 11:41:30 2015 +0100 Clean Kerberos pre-master secret Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e) ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index cb6ef0a..d07f768 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2423,6 +2423,7 @@ int ssl3_get_client_key_exchange(SSL *s) int padl, outl; krb5_timestamp authtime = 0; krb5_ticket_times ttimes; + int kerr = 0; EVP_CIPHER_CTX_init(&ciph_ctx); @@ -2526,23 +2527,27 @@ int ssl3_get_client_key_exchange(SSL *s) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } outl += padl; if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) { @@ -2559,7 +2564,8 @@ int ssl3_get_client_key_exchange(SSL *s) if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_AD_DECODE_ERROR); - goto err; + kerr = 1; + goto kclean; } } @@ -2585,6 +2591,11 @@ int ssl3_get_client_key_exchange(SSL *s) * kssl_ctx = kssl_ctx_free(kssl_ctx); * if (s->kssl_ctx) s->kssl_ctx = NULL; */ + + kclean: + OPENSSL_cleanse(pms, sizeof(pms)); + if (kerr) + goto err; } else #endif /* OPENSSL_NO_KRB5 */ From matt at openssl.org Thu Jun 4 11:48:53 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 11:48:53 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1433418533.179108.21513.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via f803a417f7ad13a22d250aeba44ba85911a2b593 (commit) from 9759ff0cd908270fad328ba7f35fed021e619868 (commit) - Log ----------------------------------------------------------------- commit f803a417f7ad13a22d250aeba44ba85911a2b593 Author: Matt Caswell Date: Thu Jun 4 11:41:30 2015 +0100 Clean Kerberos pre-master secret Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e) ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index fe7f685..8749ea2 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2009,6 +2009,7 @@ int ssl3_get_client_key_exchange(SSL *s) int padl, outl; krb5_timestamp authtime = 0; krb5_ticket_times ttimes; + int kerr = 0; EVP_CIPHER_CTX_init(&ciph_ctx); @@ -2111,23 +2112,27 @@ int ssl3_get_client_key_exchange(SSL *s) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } outl += padl; if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) { @@ -2144,7 +2149,8 @@ int ssl3_get_client_key_exchange(SSL *s) if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_AD_DECODE_ERROR); - goto err; + kerr = 1; + goto kclean; } } @@ -2170,6 +2176,11 @@ int ssl3_get_client_key_exchange(SSL *s) * kssl_ctx = kssl_ctx_free(kssl_ctx); * if (s->kssl_ctx) s->kssl_ctx = NULL; */ + + kclean: + OPENSSL_cleanse(pms, sizeof(pms)); + if (kerr) + goto err; } else #endif /* OPENSSL_NO_KRB5 */ From matt at openssl.org Thu Jun 4 11:59:47 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 11:59:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433419187.402019.23070.nullmailer@dev.openssl.org> The branch master has been updated via f3d889523ee84f1e87e4da0d59e2702a4bee7907 (commit) via b7ee4815f2452c854cc859e8dda88f2673cdddea (commit) from c56353071d9849220714d8a556806703771b9269 (commit) - Log ----------------------------------------------------------------- commit f3d889523ee84f1e87e4da0d59e2702a4bee7907 Author: Matt Caswell Date: Thu Jun 4 11:18:55 2015 +0100 Remove misleading comment Remove a comment that suggested further clean up was required. DH_free() performs the necessary cleanup. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz commit b7ee4815f2452c854cc859e8dda88f2673cdddea Author: Matt Caswell Date: Thu Jun 4 11:16:16 2015 +0100 Clean premaster_secret for GOST Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 2 -- ssl/s3_srvr.c | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 888fe4f..632d743 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2572,8 +2572,6 @@ int ssl3_send_client_key_exchange(SSL *s) } DH_free(dh_clnt); - - /* perhaps clean things up a bit EAY EAY EAY EAY */ } #endif diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 88e649d..90a67d1 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2825,6 +2825,7 @@ int ssl3_get_client_key_exchange(SSL *s) s-> session->master_key, premaster_secret, 32); + OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret)); if (s->session->master_key_length < 0) { al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); From matt at openssl.org Thu Jun 4 12:00:10 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 12:00:10 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433419210.867889.24269.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via c22ed559bbb6e75d03ce4e8cb3655988fc123d4f (commit) via 4b6f33a5c284168ef3aa49d1a37cbcc6565bc0e5 (commit) from c36d3840ff45a290ea7fe6fbaf1520fe3124b3cd (commit) - Log ----------------------------------------------------------------- commit c22ed559bbb6e75d03ce4e8cb3655988fc123d4f Author: Matt Caswell Date: Thu Jun 4 11:18:55 2015 +0100 Remove misleading comment Remove a comment that suggested further clean up was required. DH_free() performs the necessary cleanup. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit f3d889523ee84f1e87e4da0d59e2702a4bee7907) commit 4b6f33a5c284168ef3aa49d1a37cbcc6565bc0e5 Author: Matt Caswell Date: Thu Jun 4 11:16:16 2015 +0100 Clean premaster_secret for GOST Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit b7ee4815f2452c854cc859e8dda88f2673cdddea) Conflicts: ssl/s3_srvr.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 2 -- ssl/s3_srvr.c | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index eb7b94e..f435899 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2595,8 +2595,6 @@ int ssl3_send_client_key_exchange(SSL *s) n += 2; DH_free(dh_clnt); - - /* perhaps clean things up a bit EAY EAY EAY EAY */ } #endif diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index d07f768..9aa3292 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2914,6 +2914,7 @@ int ssl3_get_client_key_exchange(SSL *s) s-> session->master_key, premaster_secret, 32); + OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret)); /* Check if pubkey from client certificate was used */ if (EVP_PKEY_CTX_ctrl (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) From matt at openssl.org Thu Jun 4 11:59:58 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 11:59:58 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433419198.393522.23907.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via da5fab73255c24e0b6ce8717df2441a03f504939 (commit) via efd89aa9cc7ed1142be8a4baa49567170bc4626e (commit) from 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e (commit) - Log ----------------------------------------------------------------- commit da5fab73255c24e0b6ce8717df2441a03f504939 Author: Matt Caswell Date: Thu Jun 4 11:18:55 2015 +0100 Remove misleading comment Remove a comment that suggested further clean up was required. DH_free() performs the necessary cleanup. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit f3d889523ee84f1e87e4da0d59e2702a4bee7907) commit efd89aa9cc7ed1142be8a4baa49567170bc4626e Author: Matt Caswell Date: Thu Jun 4 11:16:16 2015 +0100 Clean premaster_secret for GOST Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit b7ee4815f2452c854cc859e8dda88f2673cdddea) Conflicts: ssl/s3_srvr.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 2 -- ssl/s3_srvr.c | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 609b005..c495641 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2721,8 +2721,6 @@ int ssl3_send_client_key_exchange(SSL *s) } DH_free(dh_clnt); - - /* perhaps clean things up a bit EAY EAY EAY EAY */ } #endif diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index de984c8..8885694 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2902,6 +2902,7 @@ int ssl3_get_client_key_exchange(SSL *s) s-> session->master_key, premaster_secret, 32); + OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret)); /* Check if pubkey from client certificate was used */ if (EVP_PKEY_CTX_ctrl (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) From matt at openssl.org Thu Jun 4 12:00:21 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2015 12:00:21 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1433419221.250970.24536.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via bb82db1c776ec85b9a63f79fa04b001fb7d46fc7 (commit) via 470446db9a0861b01cba33dd42062ecc5734df53 (commit) from 91e64e142770bc13145346a5e89e9d95bc3e22dd (commit) - Log ----------------------------------------------------------------- commit bb82db1c776ec85b9a63f79fa04b001fb7d46fc7 Author: Matt Caswell Date: Thu Jun 4 11:18:55 2015 +0100 Remove misleading comment Remove a comment that suggested further clean up was required. DH_free() performs the necessary cleanup. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit f3d889523ee84f1e87e4da0d59e2702a4bee7907) commit 470446db9a0861b01cba33dd42062ecc5734df53 Author: Matt Caswell Date: Thu Jun 4 11:16:16 2015 +0100 Clean premaster_secret for GOST Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Rich Salz (cherry picked from commit b7ee4815f2452c854cc859e8dda88f2673cdddea) Conflicts: ssl/s3_srvr.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 2 -- ssl/s3_srvr.c | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f906389..980c74c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2307,8 +2307,6 @@ int ssl3_send_client_key_exchange(SSL *s) n += 2; DH_free(dh_clnt); - - /* perhaps clean things up a bit EAY EAY EAY EAY */ } #endif diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8d3244f..7ebcca6 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2664,6 +2664,7 @@ int ssl3_get_client_key_exchange(SSL *s) s-> session->master_key, premaster_secret, 32); + OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret)); /* Check if pubkey from client certificate was used */ if (EVP_PKEY_CTX_ctrl (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) From rsalz at openssl.org Thu Jun 4 13:47:31 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 04 Jun 2015 13:47:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433425651.474492.9249.nullmailer@dev.openssl.org> The branch master has been updated via 9c422b5b1ebc9871a7306f66648aa16c8769082a (commit) from f3d889523ee84f1e87e4da0d59e2702a4bee7907 (commit) - Log ----------------------------------------------------------------- commit 9c422b5b1ebc9871a7306f66648aa16c8769082a Author: Rich Salz Date: Wed Jun 3 22:04:48 2015 -0400 Rename all static TS_xxx to ts_xxx Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/ts/ts_conf.c | 46 +++++++-------- crypto/ts/ts_rsp_print.c | 12 ++-- crypto/ts/ts_rsp_sign.c | 62 ++++++++++----------- crypto/ts/ts_rsp_verify.c | 139 ++++++++++++++++++++-------------------------- 4 files changed, 121 insertions(+), 138 deletions(-) diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 1e511be..4d303f7 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -152,12 +152,12 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) /* Function definitions for handling configuration options. */ -static void TS_CONF_lookup_fail(const char *name, const char *tag) +static void ts_CONF_lookup_fail(const char *name, const char *tag) { fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag); } -static void TS_CONF_invalid(const char *name, const char *tag) +static void ts_CONF_invalid(const char *name, const char *tag) { fprintf(stderr, "invalid variable value for %s::%s\n", name, tag); } @@ -167,7 +167,7 @@ const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) if (!section) { section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); if (!section) - TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); + ts_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); } return section; } @@ -178,7 +178,7 @@ int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, int ret = 0; char *serial = NCONF_get_string(conf, section, ENV_SERIAL); if (!serial) { - TS_CONF_lookup_fail(section, ENV_SERIAL); + ts_CONF_lookup_fail(section, ENV_SERIAL); goto err; } TS_RESP_CTX_set_serial_cb(ctx, cb, serial); @@ -199,7 +199,7 @@ int TS_CONF_set_crypto_device(CONF *conf, const char *section, device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); if (device && !TS_CONF_set_default_engine(device)) { - TS_CONF_invalid(section, ENV_CRYPTO_DEVICE); + ts_CONF_invalid(section, ENV_CRYPTO_DEVICE); goto err; } ret = 1; @@ -246,7 +246,7 @@ int TS_CONF_set_signer_cert(CONF *conf, const char *section, if (cert == NULL) { cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); if (cert == NULL) { - TS_CONF_lookup_fail(section, ENV_SIGNER_CERT); + ts_CONF_lookup_fail(section, ENV_SIGNER_CERT); goto err; } } @@ -292,7 +292,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section, if (!key) key = NCONF_get_string(conf, section, ENV_SIGNER_KEY); if (!key) { - TS_CONF_lookup_fail(section, ENV_SIGNER_KEY); + ts_CONF_lookup_fail(section, ENV_SIGNER_KEY); goto err; } if ((key_obj = TS_CONF_load_key(key, pass)) == NULL) @@ -314,11 +314,11 @@ int TS_CONF_set_def_policy(CONF *conf, const char *section, if (!policy) policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY); if (!policy) { - TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); + ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); goto err; } if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) { - TS_CONF_invalid(section, ENV_DEFAULT_POLICY); + ts_CONF_invalid(section, ENV_DEFAULT_POLICY); goto err; } if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) @@ -339,7 +339,7 @@ int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) /* If no other policy is specified, that's fine. */ if (policies && (list = X509V3_parse_list(policies)) == NULL) { - TS_CONF_invalid(section, ENV_OTHER_POLICIES); + ts_CONF_invalid(section, ENV_OTHER_POLICIES); goto err; } for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { @@ -348,7 +348,7 @@ int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) ASN1_OBJECT *objtmp; if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { - TS_CONF_invalid(section, ENV_OTHER_POLICIES); + ts_CONF_invalid(section, ENV_OTHER_POLICIES); goto err; } if (!TS_RESP_CTX_add_policy(ctx, objtmp)) @@ -370,15 +370,15 @@ int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); if (digests == NULL) { - TS_CONF_lookup_fail(section, ENV_DIGESTS); + ts_CONF_lookup_fail(section, ENV_DIGESTS); goto err; } if ((list = X509V3_parse_list(digests)) == NULL) { - TS_CONF_invalid(section, ENV_DIGESTS); + ts_CONF_invalid(section, ENV_DIGESTS); goto err; } if (sk_CONF_VALUE_num(list) == 0) { - TS_CONF_invalid(section, ENV_DIGESTS); + ts_CONF_invalid(section, ENV_DIGESTS); goto err; } for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { @@ -387,7 +387,7 @@ int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) const EVP_MD *md; if ((md = EVP_get_digestbyname(extval)) == NULL) { - TS_CONF_invalid(section, ENV_DIGESTS); + ts_CONF_invalid(section, ENV_DIGESTS); goto err; } if (!TS_RESP_CTX_add_md(ctx, md)) @@ -409,7 +409,7 @@ int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) { - TS_CONF_invalid(section, ENV_ACCURACY); + ts_CONF_invalid(section, ENV_ACCURACY); goto err; } for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { @@ -424,7 +424,7 @@ int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) if (val->value) micros = atoi(val->value); } else { - TS_CONF_invalid(section, ENV_ACCURACY); + ts_CONF_invalid(section, ENV_ACCURACY); goto err; } } @@ -450,7 +450,7 @@ int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, &digits)) digits = 0; if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) { - TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); + ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); goto err; } @@ -462,7 +462,7 @@ int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, return ret; } -static int TS_CONF_add_flag(CONF *conf, const char *section, +static int ts_CONF_add_flag(CONF *conf, const char *section, const char *field, int flag, TS_RESP_CTX *ctx) { /* Default is false. */ @@ -471,7 +471,7 @@ static int TS_CONF_add_flag(CONF *conf, const char *section, if (strcmp(value, ENV_VALUE_YES) == 0) TS_RESP_CTX_add_flags(ctx, flag); else if (strcmp(value, ENV_VALUE_NO) != 0) { - TS_CONF_invalid(section, field); + ts_CONF_invalid(section, field); return 0; } } @@ -481,17 +481,17 @@ static int TS_CONF_add_flag(CONF *conf, const char *section, int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) { - return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); + return ts_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); } int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) { - return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); + return ts_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); } int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, TS_RESP_CTX *ctx) { - return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, + return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, TS_ESS_CERT_ID_CHAIN, ctx); } diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c index 108cd2f..b71985f 100644 --- a/crypto/ts/ts_rsp_print.c +++ b/crypto/ts/ts_rsp_print.c @@ -71,9 +71,9 @@ struct status_map_st { /* Local function declarations. */ -static int TS_status_map_print(BIO *bio, const struct status_map_st *a, +static int ts_status_map_print(BIO *bio, const struct status_map_st *a, const ASN1_BIT_STRING *v); -static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); +static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); /* Function definitions. */ @@ -149,7 +149,7 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a) /* Printing failure information. */ BIO_printf(bio, "Failure info: "); if (a->failure_info != NULL) - lines = TS_status_map_print(bio, failure_map, a->failure_info); + lines = ts_status_map_print(bio, failure_map, a->failure_info); if (lines == 0) BIO_printf(bio, "unspecified"); BIO_printf(bio, "\n"); @@ -157,7 +157,7 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a) return 1; } -static int TS_status_map_print(BIO *bio, const struct status_map_st *a, +static int ts_status_map_print(BIO *bio, const struct status_map_st *a, const ASN1_BIT_STRING *v) { int lines = 0; @@ -219,7 +219,7 @@ int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) if (accuracy == NULL) BIO_printf(bio, "unspecified"); else - TS_ACCURACY_print_bio(bio, accuracy); + ts_ACCURACY_print_bio(bio, accuracy); BIO_write(bio, "\n", 1); /* Print ordering. */ @@ -254,7 +254,7 @@ int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) return 1; } -static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy) +static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy) { const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy); const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy); diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index c28d936..d90d33f 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -73,19 +73,19 @@ static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); -static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); -static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx); -static int TS_RESP_check_request(TS_RESP_CTX *ctx); -static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx); -static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, +static void ts_RESP_CTX_init(TS_RESP_CTX *ctx); +static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx); +static int ts_RESP_check_request(TS_RESP_CTX *ctx); +static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx); +static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); -static int TS_RESP_process_extensions(TS_RESP_CTX *ctx); -static int TS_RESP_sign(TS_RESP_CTX *ctx); +static int ts_RESP_process_extensions(TS_RESP_CTX *ctx); +static int ts_RESP_sign(TS_RESP_CTX *ctx); -static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, +static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs); -static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed); -static int TS_TST_INFO_content_new(PKCS7 *p7); +static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed); +static int ts_TST_INFO_content_new(PKCS7 *p7); static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); static ASN1_GENERALIZEDTIME @@ -427,7 +427,7 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) TS_RESP *response; int result = 0; - TS_RESP_CTX_init(ctx); + ts_RESP_CTX_init(ctx); /* Creating the response object. */ if ((ctx->response = TS_RESP_new()) == NULL) { @@ -448,23 +448,23 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) goto end; /* Checking the request format. */ - if (!TS_RESP_check_request(ctx)) + if (!ts_RESP_check_request(ctx)) goto end; /* Checking acceptable policies. */ - if ((policy = TS_RESP_get_policy(ctx)) == NULL) + if ((policy = ts_RESP_get_policy(ctx)) == NULL) goto end; /* Creating the TS_TST_INFO object. */ - if ((ctx->tst_info = TS_RESP_create_tst_info(ctx, policy)) == NULL) + if ((ctx->tst_info = ts_RESP_create_tst_info(ctx, policy)) == NULL) goto end; /* Processing extensions. */ - if (!TS_RESP_process_extensions(ctx)) + if (!ts_RESP_process_extensions(ctx)) goto end; /* Generating the signature. */ - if (!TS_RESP_sign(ctx)) + if (!ts_RESP_sign(ctx)) goto end; /* Everything was successful. */ @@ -484,12 +484,12 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) } response = ctx->response; ctx->response = NULL; /* Ownership will be returned to caller. */ - TS_RESP_CTX_cleanup(ctx); + ts_RESP_CTX_cleanup(ctx); return response; } /* Initializes the variable part of the context. */ -static void TS_RESP_CTX_init(TS_RESP_CTX *ctx) +static void ts_RESP_CTX_init(TS_RESP_CTX *ctx) { ctx->request = NULL; ctx->response = NULL; @@ -497,7 +497,7 @@ static void TS_RESP_CTX_init(TS_RESP_CTX *ctx) } /* Cleans up the variable part of the context. */ -static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx) +static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx) { TS_REQ_free(ctx->request); ctx->request = NULL; @@ -508,7 +508,7 @@ static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx) } /* Checks the format and content of the request. */ -static int TS_RESP_check_request(TS_RESP_CTX *ctx) +static int ts_RESP_check_request(TS_RESP_CTX *ctx) { TS_REQ *request = ctx->request; TS_MSG_IMPRINT *msg_imprint; @@ -564,7 +564,7 @@ static int TS_RESP_check_request(TS_RESP_CTX *ctx) } /* Returns the TSA policy based on the requested and acceptable policies. */ -static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx) +static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx) { ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request); ASN1_OBJECT *policy = NULL; @@ -597,7 +597,7 @@ static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx) } /* Creates the TS_TST_INFO object based on the settings of the context. */ -static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, +static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) { int result = 0; @@ -683,7 +683,7 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, } /* Processing the extensions of the request. */ -static int TS_RESP_process_extensions(TS_RESP_CTX *ctx) +static int ts_RESP_process_extensions(TS_RESP_CTX *ctx) { STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request); int i; @@ -704,7 +704,7 @@ static int TS_RESP_process_extensions(TS_RESP_CTX *ctx) } /* Functions for signing the TS_TST_INFO structure of the context. */ -static int TS_RESP_sign(TS_RESP_CTX *ctx) +static int ts_RESP_sign(TS_RESP_CTX *ctx) { int ret = 0; PKCS7 *p7 = NULL; @@ -764,7 +764,7 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx) * certificate id and optionally the certificate chain. */ certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; - if ((sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL) + if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL) goto err; /* Add SigningCertificate signed attribute to the signer info. */ @@ -774,7 +774,7 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx) } /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */ - if (!TS_TST_INFO_content_new(p7)) + if (!ts_TST_INFO_content_new(p7)) goto err; /* Add the DER encoded tst_info to the PKCS7 structure. */ @@ -812,7 +812,7 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx) return ret; } -static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, +static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs) { ESS_CERT_ID *cid; @@ -827,13 +827,13 @@ static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, goto err; /* Adding the signing certificate id. */ - if ((cid = ESS_CERT_ID_new_init(signcert, 0)) == NULL + if ((cid = ess_CERT_ID_new_init(signcert, 0)) == NULL || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) goto err; /* Adding the certificate chain ids. */ for (i = 0; i < sk_X509_num(certs); ++i) { X509 *cert = sk_X509_value(certs, i); - if ((cid = ESS_CERT_ID_new_init(cert, 1)) == NULL + if ((cid = ess_CERT_ID_new_init(cert, 1)) == NULL || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) goto err; } @@ -845,7 +845,7 @@ static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, return NULL; } -static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) +static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed) { ESS_CERT_ID *cid = NULL; GENERAL_NAME *name = NULL; @@ -889,7 +889,7 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) return NULL; } -static int TS_TST_INFO_content_new(PKCS7 *p7) +static int ts_TST_INFO_content_new(PKCS7 *p7) { PKCS7 *ret = NULL; ASN1_OCTET_STRING *octet_string = NULL; diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 116e116..342c524 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -65,27 +65,27 @@ /* Private function declarations. */ -static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, +static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, STACK_OF(X509) **chain); -static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, +static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain); -static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si); -static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); -static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); -static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, +static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si); +static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); +static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); +static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, TS_TST_INFO *tst_info); -static int TS_check_status_info(TS_RESP *response); -static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); -static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); -static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, +static int ts_check_status_info(TS_RESP *response); +static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); +static int ts_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); +static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, unsigned char **imprint, unsigned *imprint_len); -static int TS_check_imprints(X509_ALGOR *algor_a, +static int ts_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a, TS_TST_INFO *tst_info); -static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); -static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); -static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, +static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); +static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); +static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name); /* @@ -93,7 +93,7 @@ static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, * Don't forget to change TS_STATUS_BUF_SIZE when modifying * the elements of this array. */ -static const char *TS_status_text[] = { "granted", +static const char *ts_status_text[] = { "granted", "grantedWithMods", "rejection", "waiting", @@ -101,7 +101,7 @@ static const char *TS_status_text[] = { "granted", "revocationNotification" }; -#define TS_STATUS_TEXT_SIZE OSSL_NELEM(TS_status_text) +#define TS_STATUS_TEXT_SIZE OSSL_NELEM(ts_status_text) /* * This must be greater or equal to the sum of the strings in TS_status_text @@ -112,35 +112,18 @@ static const char *TS_status_text[] = { "granted", static struct { int code; const char *text; -} TS_failure_info[] = { - { - TS_INFO_BAD_ALG, "badAlg" - }, - { - TS_INFO_BAD_REQUEST, "badRequest" - }, - { - TS_INFO_BAD_DATA_FORMAT, "badDataFormat" - }, - { - TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" - }, - { - TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" - }, - { - TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" - }, - { - TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" - }, - { - TS_INFO_SYSTEM_FAILURE, "systemFailure" - } +} ts_failure_info[] = { + {TS_INFO_BAD_ALG, "badAlg"}, + {TS_INFO_BAD_REQUEST, "badRequest"}, + {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"}, + {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"}, + {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"}, + {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"}, + {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"}, + {TS_INFO_SYSTEM_FAILURE, "systemFailure"} }; -#define TS_FAILURE_INFO_SIZE (sizeof(TS_failure_info) / \ - sizeof(*TS_failure_info)) +#define TS_FAILURE_INFO_SIZE OSSL_NELEM(ts_failure_info) /* Functions for verifying a signed TS_TST_INFO structure. */ @@ -204,13 +187,13 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, signer = sk_X509_value(signers, 0); /* Now verify the certificate. */ - if (!TS_verify_cert(store, certs, signer, &chain)) + if (!ts_verify_cert(store, certs, signer, &chain)) goto err; /* * Check if the signer certificate is consistent with the ESS extension. */ - if (!TS_check_signing_certs(si, chain)) + if (!ts_check_signing_certs(si, chain)) goto err; /* Creating the message digest. */ @@ -246,7 +229,7 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, * The certificate chain is returned in chain. Caller is responsible for * freeing the vector. */ -static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, +static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, STACK_OF(X509) **chain) { X509_STORE_CTX cert_ctx; @@ -274,10 +257,10 @@ static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, return ret; } -static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, +static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain) { - ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si); + ESS_SIGNING_CERT *ss = ess_get_signing_cert(si); STACK_OF(ESS_CERT_ID) *cert_ids = NULL; X509 *cert; int i = 0; @@ -288,7 +271,7 @@ static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, cert_ids = ss->cert_ids; /* The signer certificate must be the first in cert_ids. */ cert = sk_X509_value(chain, 0); - if (TS_find_cert(cert_ids, cert) != 0) + if (ts_find_cert(cert_ids, cert) != 0) goto err; /* @@ -299,7 +282,7 @@ static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, /* All the certificates of the chain must be in cert_ids. */ for (i = 1; i < sk_X509_num(chain); ++i) { cert = sk_X509_value(chain, i); - if (TS_find_cert(cert_ids, cert) < 0) + if (ts_find_cert(cert_ids, cert) < 0) goto err; } } @@ -312,7 +295,7 @@ static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, return ret; } -static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) +static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si) { ASN1_TYPE *attr; const unsigned char *p; @@ -324,7 +307,7 @@ static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) } /* Returns < 0 if certificate is not found, certificate index otherwise. */ -static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) +static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) { int i; @@ -344,7 +327,7 @@ static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) sizeof(cert->sha1_hash))) { /* Check the issuer/serial as well if specified. */ ESS_ISSUER_SERIAL *is = cid->issuer_serial; - if (!is || !TS_issuer_serial_cmp(is, cert->cert_info)) + if (!is || !ts_issuer_serial_cmp(is, cert->cert_info)) return i; } } @@ -352,7 +335,7 @@ static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) return -1; } -static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) +static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) { GENERAL_NAME *issuer; @@ -385,11 +368,11 @@ int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) int ret = 0; /* Check if we have a successful TS_TST_INFO object in place. */ - if (!TS_check_status_info(response)) + if (!ts_check_status_info(response)) goto err; /* Check the contents of the time stamp token. */ - if (!int_TS_RESP_verify_token(ctx, token, tst_info)) + if (!int_ts_RESP_verify_token(ctx, token, tst_info)) goto err; ret = 1; @@ -406,7 +389,7 @@ int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token); int ret = 0; if (tst_info) { - ret = int_TS_RESP_verify_token(ctx, token, tst_info); + ret = int_ts_RESP_verify_token(ctx, token, tst_info); TS_TST_INFO_free(tst_info); } return ret; @@ -424,7 +407,7 @@ int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) * - Check if the TSA name matches the signer. * - Check if the TSA name is the expected TSA. */ -static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, +static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, TS_TST_INFO *tst_info) { X509 *signer = NULL; @@ -448,37 +431,37 @@ static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, /* Check policies. */ if ((ctx->flags & TS_VFY_POLICY) - && !TS_check_policy(ctx->policy, tst_info)) + && !ts_check_policy(ctx->policy, tst_info)) goto err; /* Check message imprints. */ if ((ctx->flags & TS_VFY_IMPRINT) - && !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, + && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, tst_info)) goto err; /* Compute and check message imprints. */ if ((ctx->flags & TS_VFY_DATA) - && (!TS_compute_imprint(ctx->data, tst_info, + && (!ts_compute_imprint(ctx->data, tst_info, &md_alg, &imprint, &imprint_len) - || !TS_check_imprints(md_alg, imprint, imprint_len, tst_info))) + || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info))) goto err; /* Check nonces. */ if ((ctx->flags & TS_VFY_NONCE) - && !TS_check_nonces(ctx->nonce, tst_info)) + && !ts_check_nonces(ctx->nonce, tst_info)) goto err; /* Check whether TSA name and signer certificate match. */ if ((ctx->flags & TS_VFY_SIGNER) - && tsa_name && !TS_check_signer_name(tsa_name, signer)) { + && tsa_name && !ts_check_signer_name(tsa_name, signer)) { TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH); goto err; } /* Check whether the TSA is the expected one. */ if ((ctx->flags & TS_VFY_TSA_NAME) - && !TS_check_signer_name(ctx->tsa_name, signer)) { + && !ts_check_signer_name(ctx->tsa_name, signer)) { TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED); goto err; } @@ -491,7 +474,7 @@ static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, return ret; } -static int TS_check_status_info(TS_RESP *response) +static int ts_check_status_info(TS_RESP *response) { TS_STATUS_INFO *info = TS_RESP_get_status_info(response); long status = ASN1_INTEGER_get(info->status); @@ -505,13 +488,13 @@ static int TS_check_status_info(TS_RESP *response) /* There was an error, get the description in status_text. */ if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE) - status_text = TS_status_text[status]; + status_text = ts_status_text[status]; else status_text = "unknown code"; /* Set the embedded_status_text to the returned description. */ if (sk_ASN1_UTF8STRING_num(info->text) > 0 - && (embedded_status_text = TS_get_status_text(info->text)) == NULL) + && (embedded_status_text = ts_get_status_text(info->text)) == NULL) return 0; /* Filling in failure_text with the failure information. */ @@ -520,12 +503,12 @@ static int TS_check_status_info(TS_RESP *response) int first = 1; for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) { if (ASN1_BIT_STRING_get_bit(info->failure_info, - TS_failure_info[i].code)) { + ts_failure_info[i].code)) { if (!first) strcpy(failure_text, ","); else first = 0; - strcat(failure_text, TS_failure_info[i].text); + strcat(failure_text, ts_failure_info[i].text); } } } @@ -544,7 +527,7 @@ static int TS_check_status_info(TS_RESP *response) return 0; } -static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) +static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) { int i; unsigned int length = 0; @@ -577,7 +560,7 @@ static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) return result; } -static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) +static int ts_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) { ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); @@ -589,7 +572,7 @@ static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) return 1; } -static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, +static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, unsigned char **imprint, unsigned *imprint_len) { @@ -641,7 +624,7 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, return 0; } -static int TS_check_imprints(X509_ALGOR *algor_a, +static int ts_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a, TS_TST_INFO *tst_info) { @@ -672,7 +655,7 @@ static int TS_check_imprints(X509_ALGOR *algor_a, return ret; } -static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) +static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) { const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); @@ -695,7 +678,7 @@ static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) * Check if the specified TSA name matches either the subject or one of the * subject alternative names of the TSA certificate. */ -static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) +static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) { STACK_OF(GENERAL_NAME) *gen_names = NULL; int idx = -1; @@ -709,7 +692,7 @@ static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) /* Check all the alternative names. */ gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx); while (gen_names != NULL) { - found = TS_find_name(gen_names, tsa_name) >= 0; + found = ts_find_name(gen_names, tsa_name) >= 0; if (found) break; /* @@ -725,7 +708,7 @@ static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) } /* Returns 1 if name is in gen_names, 0 otherwise. */ -static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) +static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) { int i, found; for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) { From kurt at openssl.org Thu Jun 4 19:11:52 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 04 Jun 2015 19:11:52 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433445112.076707.24976.nullmailer@dev.openssl.org> The branch master has been updated via 3c06513f3833d4692f620e2c03d7a840871c08a7 (commit) from 9c422b5b1ebc9871a7306f66648aa16c8769082a (commit) - Log ----------------------------------------------------------------- commit 3c06513f3833d4692f620e2c03d7a840871c08a7 Author: Kurt Roeckx Date: Sat May 30 19:20:12 2015 +0200 Allow all curves when the client doesn't send an supported elliptic curves extension At least in the case of SSLv3 we can't send an extention. Reviewed-by: Matt Caswell MR #811 ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a161dcc..0420fe3 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -555,6 +555,20 @@ int tls1_shared_curve(SSL *s, int nmatch) (s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref, &num_pref)) return nmatch == -1 ? 0 : NID_undef; + + /* + * If the client didn't send the elliptic_curves extension all of them + * are allowed. + */ + if (num_supp == 0 && (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0) { + supp = eccurves_all; + num_supp = sizeof(eccurves_all) / 2; + } else if (num_pref == 0 && + (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) == 0) { + pref = eccurves_all; + num_pref = sizeof(eccurves_all) / 2; + } + k = 0; for (i = 0; i < num_pref; i++, pref += 2) { const unsigned char *tsupp = supp; From kurt at openssl.org Thu Jun 4 19:25:33 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 04 Jun 2015 19:25:33 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433445933.307448.27254.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via ba9d44b28d312138fefcdc5fc0d499d49a4dca41 (commit) from da5fab73255c24e0b6ce8717df2441a03f504939 (commit) - Log ----------------------------------------------------------------- commit ba9d44b28d312138fefcdc5fc0d499d49a4dca41 Author: Kurt Roeckx Date: Sat May 30 19:20:12 2015 +0200 Allow all curves when the client doesn't send an supported elliptic curves extension At least in the case of SSLv3 we can't send an extention. Reviewed-by: Matt Caswell MR #811 (cherry picked from commit 3c06513f3833d4692f620e2c03d7a840871c08a7) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index bf11f93..a398501 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -593,6 +593,20 @@ int tls1_shared_curve(SSL *s, int nmatch) (s, !(s->options & SSL_OP_CIPHER_SERVER_PREFERENCE), &pref, &num_pref)) return nmatch == -1 ? 0 : NID_undef; + + /* + * If the client didn't send the elliptic_curves extension all of them + * are allowed. + */ + if (num_supp == 0 && (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) != 0) { + supp = eccurves_all; + num_supp = sizeof(eccurves_all) / 2; + } else if (num_pref == 0 && + (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) == 0) { + pref = eccurves_all; + num_pref = sizeof(eccurves_all) / 2; + } + k = 0; for (i = 0; i < num_pref; i++, pref += 2) { const unsigned char *tsupp = supp; From rsalz at openssl.org Thu Jun 4 22:00:12 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 04 Jun 2015 22:00:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433455212.342320.18455.nullmailer@dev.openssl.org> The branch master has been updated via 6c40d469b7eb49f17af24d5ec7cee28f2310c26f (commit) from 3c06513f3833d4692f620e2c03d7a840871c08a7 (commit) - Log ----------------------------------------------------------------- commit 6c40d469b7eb49f17af24d5ec7cee28f2310c26f Author: Github User Date: Wed Jun 3 10:29:10 2015 -0400 GH293: Typo in CHANGES file. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 6016151..3b0d0b5 100644 --- a/CHANGES +++ b/CHANGES @@ -5027,7 +5027,7 @@ done To be absolutely sure not to disturb the source tree, a "make clean" - is a good thing. If it isn't successfull, don't worry about it, + is a good thing. If it isn't successful, don't worry about it, it probably means the source directory is very clean. [Richard Levitte] From rsalz at openssl.org Thu Jun 4 22:03:40 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 04 Jun 2015 22:03:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433455420.288926.26657.nullmailer@dev.openssl.org> The branch master has been updated via c0cf5b84dd32480965da7ff1e11d11a1ec9c4662 (commit) from 6c40d469b7eb49f17af24d5ec7cee28f2310c26f (commit) - Log ----------------------------------------------------------------- commit c0cf5b84dd32480965da7ff1e11d11a1ec9c4662 Author: Rich Salz Date: Thu Jun 4 10:14:28 2015 -0400 Set error code, no fprintf stderr, on errors. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/ts/ts_conf.c | 12 +++++++----- crypto/ts/ts_err.c | 11 ++++++++++- include/openssl/ts.h | 9 +++++++++ 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 4d303f7..27b3df2 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -102,7 +102,7 @@ X509 *TS_CONF_load_cert(const char *file) x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); end: if (x == NULL) - fprintf(stderr, "unable to load certificate: %s\n", file); + TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT); BIO_free(cert); return x; } @@ -129,7 +129,7 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file) } end: if (othercerts == NULL) - fprintf(stderr, "unable to load certificates: %s\n", file); + TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT); sk_X509_INFO_pop_free(allcerts, X509_INFO_free); BIO_free(certs); return othercerts; @@ -145,7 +145,7 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass); end: if (pkey == NULL) - fprintf(stderr, "unable to load private key: %s\n", file); + TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY); BIO_free(key); return pkey; } @@ -154,12 +154,14 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) static void ts_CONF_lookup_fail(const char *name, const char *tag) { - fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag); + TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE); + ERR_add_error_data(3, name, "::", tag); } static void ts_CONF_invalid(const char *name, const char *tag) { - fprintf(stderr, "invalid variable value for %s::%s\n", name, tag); + TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE); + ERR_add_error_data(3, name, "::", tag); } const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c index ff1abf4..3f5b78f 100644 --- a/crypto/ts/ts_err.c +++ b/crypto/ts/ts_err.c @@ -1,6 +1,6 @@ /* crypto/ts/ts_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -87,6 +87,11 @@ static ERR_STRING_DATA TS_str_functs[] = { {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"}, {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"}, {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"}, + {ERR_FUNC(TS_F_TS_CONF_INVALID), "ts_CONF_invalid"}, + {ERR_FUNC(TS_F_TS_CONF_LOAD_CERT), "TS_CONF_load_cert"}, + {ERR_FUNC(TS_F_TS_CONF_LOAD_CERTS), "TS_CONF_load_certs"}, + {ERR_FUNC(TS_F_TS_CONF_LOAD_KEY), "TS_CONF_load_key"}, + {ERR_FUNC(TS_F_TS_CONF_LOOKUP_FAIL), "ts_CONF_lookup_fail"}, {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"}, {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"}, {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"}, @@ -132,6 +137,8 @@ static ERR_STRING_DATA TS_str_functs[] = { static ERR_STRING_DATA TS_str_reasons[] = { {ERR_REASON(TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"}, {ERR_REASON(TS_R_BAD_TYPE), "bad type"}, + {ERR_REASON(TS_R_CANNOT_LOAD_CERT), "cannot load certificate"}, + {ERR_REASON(TS_R_CANNOT_LOAD_KEY), "cannot load private key"}, {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE), "could not set engine"}, {ERR_REASON(TS_R_COULD_NOT_SET_TIME), "could not set time"}, @@ -170,6 +177,8 @@ static ERR_STRING_DATA TS_str_reasons[] = { {ERR_REASON(TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"}, {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"}, {ERR_REASON(TS_R_UNSUPPORTED_VERSION), "unsupported version"}, + {ERR_REASON(TS_R_VAR_BAD_VALUE), "var bad value"}, + {ERR_REASON(TS_R_VAR_LOOKUP_FAILURE), "cannot find config variable"}, {ERR_REASON(TS_R_WRONG_CONTENT_TYPE), "wrong content type"}, {0, NULL} }; diff --git a/include/openssl/ts.h b/include/openssl/ts.h index c6daed2..b983abc 100644 --- a/include/openssl/ts.h +++ b/include/openssl/ts.h @@ -775,6 +775,11 @@ void ERR_load_TS_strings(void); # define TS_F_TS_CHECK_SIGNING_CERTS 103 # define TS_F_TS_CHECK_STATUS_INFO 104 # define TS_F_TS_COMPUTE_IMPRINT 145 +# define TS_F_TS_CONF_INVALID 151 +# define TS_F_TS_CONF_LOAD_CERT 153 +# define TS_F_TS_CONF_LOAD_CERTS 154 +# define TS_F_TS_CONF_LOAD_KEY 155 +# define TS_F_TS_CONF_LOOKUP_FAIL 152 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 # define TS_F_TS_GET_STATUS_TEXT 105 # define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 @@ -813,6 +818,8 @@ void ERR_load_TS_strings(void); /* Reason codes. */ # define TS_R_BAD_PKCS7_TYPE 132 # define TS_R_BAD_TYPE 133 +# define TS_R_CANNOT_LOAD_CERT 137 +# define TS_R_CANNOT_LOAD_KEY 138 # define TS_R_CERTIFICATE_VERIFY_ERROR 100 # define TS_R_COULD_NOT_SET_ENGINE 127 # define TS_R_COULD_NOT_SET_TIME 115 @@ -845,6 +852,8 @@ void ERR_load_TS_strings(void); # define TS_R_UNACCEPTABLE_POLICY 125 # define TS_R_UNSUPPORTED_MD_ALGORITHM 126 # define TS_R_UNSUPPORTED_VERSION 113 +# define TS_R_VAR_BAD_VALUE 135 +# define TS_R_VAR_LOOKUP_FAILURE 136 # define TS_R_WRONG_CONTENT_TYPE 114 #ifdef __cplusplus From ben at openssl.org Fri Jun 5 10:15:22 2015 From: ben at openssl.org (Ben Laurie) Date: Fri, 05 Jun 2015 10:15:22 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433499322.595547.4030.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via f877da9cedb95df94105d7292f8e0963175e58dc (commit) from ba9d44b28d312138fefcdc5fc0d499d49a4dca41 (commit) - Log ----------------------------------------------------------------- commit f877da9cedb95df94105d7292f8e0963175e58dc Author: Ben Laurie Date: Fri May 1 15:53:46 2015 +0100 Use cc instead of gcc so either clang or gcc is used as appropriate. Add clang flags needed to keep it happy. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: Configure | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/Configure b/Configure index 7192677..d99eed7 100755 --- a/Configure +++ b/Configure @@ -114,6 +114,16 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare # -Wextended-offsetof my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof"; +# These are used in addition to $gcc_devteam_warn when the compiler is clang. +# TODO(openssl-team): fix problems and investigate if (at least) the +# following warnings can also be enabled: -Wconditional-uninitialized, +# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, +# -Wmissing-variable-declarations, +# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, +# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token +# -Wextended-offsetof +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; + my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; @@ -469,7 +479,7 @@ my %table=( # triggered by RIPEMD160 code. "BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -1202,6 +1212,7 @@ my $cc = $fields[$idx_cc]; if($ENV{CC}) { $cc = $ENV{CC}; } + my $cflags = $fields[$idx_cflags]; my $unistd = $fields[$idx_unistd]; my $thread_cflag = $fields[$idx_thread_cflag]; @@ -1637,12 +1648,21 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) if ($strict_warnings) { + my $ecc = $cc; + $ecc = "clang" if `$cc --version 2>&1` =~ /clang/; my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { $cflags .= " $wopt" unless ($cflags =~ /$wopt/) } + if ($ecc eq "clang") + { + foreach $wopt (split /\s+/, $clang_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + } + } } open(IN,' The branch master has been updated via 4336de0c6392d98c32bc27717173130d5e7389aa (commit) from c0cf5b84dd32480965da7ff1e11d11a1ec9c4662 (commit) - Log ----------------------------------------------------------------- commit 4336de0c6392d98c32bc27717173130d5e7389aa Author: Dr. Stephen Henson Date: Fri Jun 5 14:23:27 2015 +0100 Check ASN1_INTEGER_get for errors. Check return value when calling ASN1_INTEGER_get to retrieve a certificate serial number. If an error occurs (which will be caused by the value being out of range) revert to hex dump of serial number. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/asn1/t_x509.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 377be39..12a9ed4 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -141,7 +141,13 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, bs = X509_get_serialNumber(x); if (bs->length <= (int)sizeof(long)) { - l = ASN1_INTEGER_get(bs); + ERR_set_mark(); + l = ASN1_INTEGER_get(bs); + ERR_pop_to_mark(); + } else { + l = -1; + } + if (l != -1) { if (bs->type == V_ASN1_NEG_INTEGER) { l = -l; neg = "-"; From steve at openssl.org Sat Jun 6 13:04:52 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sat, 06 Jun 2015 13:04:52 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433595892.187687.16775.nullmailer@dev.openssl.org> The branch master has been updated via 9d3356b1186c8449820273aa9ed5d0066f698307 (commit) from 4336de0c6392d98c32bc27717173130d5e7389aa (commit) - Log ----------------------------------------------------------------- commit 9d3356b1186c8449820273aa9ed5d0066f698307 Author: Dr. Stephen Henson Date: Sat Jun 6 12:51:19 2015 +0100 Update trace code. Add extension and ciphersuites to trace code. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/t1_trce.c | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 6596c87..97170cd 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -184,6 +184,9 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"}, {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"}, {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"}, + {0x002C, "TLS_PSK_WITH_NULL_SHA"}, + {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"}, + {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"}, {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"}, {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"}, {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"}, @@ -282,6 +285,7 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"}, {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"}, {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"}, + {0x5600, "TLS_FALLBACK_SCSV"}, {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"}, {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"}, {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"}, @@ -332,6 +336,131 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}, {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"}, {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"}, + {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"}, + {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"}, + {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"}, + {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"}, + {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"}, + {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"}, + {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"}, + {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"}, + {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"}, + {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"}, + {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"}, + {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"}, + {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"}, + {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"}, + {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"}, + {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"}, + {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"}, + {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"}, + {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"}, + {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"}, + {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"}, + {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"}, + {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"}, + {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"}, + {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"}, + {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"}, + {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"}, + {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"}, + {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"}, + {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"}, + {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"}, + {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"}, + {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"}, + {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"}, + {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"}, + {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"}, + {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"}, + {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"}, + {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"}, + {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"}, + {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"}, + {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"}, + {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"}, + {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"}, + {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"}, + {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"}, + {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"}, + {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"}, + {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"}, + {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"}, + {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"}, + {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"}, + {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"}, + {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"}, + {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"}, + {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"}, + {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"}, + {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"}, + {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"}, + {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"}, + {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"}, + {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"}, + {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"}, + {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, + {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, + {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"}, + {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"}, + {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, + {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, + {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"}, + {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"}, + {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"}, + {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"}, + {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, + {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, + {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, + {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, + {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, + {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, + {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"}, + {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"}, + {0xC09C, "TLS_RSA_WITH_AES_128_CCM"}, + {0xC09D, "TLS_RSA_WITH_AES_256_CCM"}, + {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"}, + {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"}, + {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"}, + {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"}, + {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"}, + {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"}, + {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"}, + {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"}, + {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"}, + {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"}, + {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"}, + {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"}, + {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"}, + {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"}, + {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"}, + {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"}, + {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"}, + {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"}, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, }; @@ -364,6 +493,7 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_renegotiate, "renegotiate"}, {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, {TLSEXT_TYPE_padding, "padding"}, + {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"}, {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"} }; From rsalz at openssl.org Sun Jun 7 02:24:15 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 07 Jun 2015 02:24:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433643855.874915.10119.nullmailer@dev.openssl.org> The branch master has been updated via 65d3941f4aa199d0fcd615b074876f8ff2886d11 (commit) from 9d3356b1186c8449820273aa9ed5d0066f698307 (commit) - Log ----------------------------------------------------------------- commit 65d3941f4aa199d0fcd615b074876f8ff2886d11 Author: Rodger Combs Date: Sat Jun 6 21:55:01 2015 -0400 Increase buffer size for passwords in pkcs12 CLI Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/pkcs12.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 9ab7f69..05bb1ad 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -160,7 +160,7 @@ int pkcs12_main(int argc, char **argv) { char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL; char *name = NULL, *csp_name = NULL; - char pass[50], macpass[50]; + char pass[2048], macpass[2048]; int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0; int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER; # ifndef OPENSSL_NO_RC2 From emilia at openssl.org Mon Jun 8 13:30:39 2015 From: emilia at openssl.org (Emilia Kasper) Date: Mon, 08 Jun 2015 13:30:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433770239.889857.10894.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via ba5693686e7bc408c2fcdb4d258e9410028dcfb4 (commit) via 59b5ab4aa72527ce74dbe1a83988f194053293de (commit) from c22ed559bbb6e75d03ce4e8cb3655988fc123d4f (commit) - Log ----------------------------------------------------------------- commit ba5693686e7bc408c2fcdb4d258e9410028dcfb4 Author: Emilia Kasper Date: Mon Jun 8 15:04:28 2015 +0200 Use CRYPTO_memcmp in s3_cbc.c Reviewed-by: Rich Salz (cherry picked from commit 05627d57e55517eae21c251fe287760bd1137218) commit 59b5ab4aa72527ce74dbe1a83988f194053293de Author: Emilia Kasper Date: Wed May 27 17:12:13 2015 +0200 Use CRYPTO_memcmp when comparing authenticators Pointed out by Victor Vasiliev (vasilvv at mit.edu) via Adam Langley (Google). Reviewed-by: Rich Salz (cherry picked from commit 1e4a355dcabe2f75df5bb8b41b394d37037169d2) (cherry picked from commit ac32a77cd69784568090e934a31622ddfee49ca7) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 5 +++-- crypto/evp/e_rc4_hmac_md5.c | 3 ++- crypto/modes/gcm128.c | 2 +- crypto/pkcs12/p12_mutl.c | 3 ++- ssl/s3_cbc.c | 2 +- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index bde4804..1ede7bd 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -50,6 +50,7 @@ #include #ifndef OPENSSL_NO_AES +#include # include # include # include @@ -914,7 +915,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Retrieve tag */ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); /* If tag mismatch wipe buffer */ - if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { + if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } @@ -1259,7 +1260,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!memcmp(tag, ctx->buf, cctx->M)) + if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M)) rv = len; } } diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index e6b0cdf..2da1117 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -54,6 +54,7 @@ #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) +# include # include # include # include @@ -210,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); MD5_Final(mac, &key->md); - if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) + if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) return 0; } else { MD5_Update(&key->md, out + md5_off, len - md5_off); diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index f69f2c9..0ee569f 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1622,7 +1622,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, ctx->Xi.u[1] ^= ctx->EK0.u[1]; if (tag && len <= sizeof(ctx->Xi)) - return memcmp(ctx->Xi.c, tag, len); + return CRYPTO_memcmp(ctx->Xi.c, tag, len); else return -1; } diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 256b210..5ab4bf2 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -60,6 +60,7 @@ #ifndef OPENSSL_NO_HMAC # include # include "cryptlib.h" +# include # include # include # include @@ -123,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) return 0; } if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) - || memcmp(mac, p12->mac->dinfo->digest->data, maclen)) + || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) return 0; return 1; } diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 00b534f..2fb71f2 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -149,7 +149,7 @@ int tls1_cbc_remove_padding(const SSL *s, */ if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && + if ((CRYPTO_memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && !(padding_length & 1)) { s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG; } From emilia at openssl.org Mon Jun 8 13:30:40 2015 From: emilia at openssl.org (Emilia Kasper) Date: Mon, 08 Jun 2015 13:30:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433770240.142080.10939.nullmailer@dev.openssl.org> The branch master has been updated via 2974e3d4641b80c76197e653a016e7c010eaf3a2 (commit) via 1e4a355dcabe2f75df5bb8b41b394d37037169d2 (commit) from 65d3941f4aa199d0fcd615b074876f8ff2886d11 (commit) - Log ----------------------------------------------------------------- commit 2974e3d4641b80c76197e653a016e7c010eaf3a2 Author: Emilia Kasper Date: Fri May 29 13:14:08 2015 +0200 Use CRYPTO_memcmp in ssl3_record.c Reviewed-by: Rich Salz commit 1e4a355dcabe2f75df5bb8b41b394d37037169d2 Author: Emilia Kasper Date: Wed May 27 17:12:13 2015 +0200 Use CRYPTO_memcmp when comparing authenticators Pointed out by Victor Vasiliev (vasilvv at mit.edu) via Adam Langley (Google). Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 5 +++-- crypto/evp/e_rc4_hmac_md5.c | 3 ++- crypto/modes/gcm128.c | 2 +- crypto/pkcs12/p12_mutl.c | 3 ++- ssl/record/ssl3_record.c | 3 +-- 5 files changed, 9 insertions(+), 7 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 0b7838e..895e8ee 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -50,6 +50,7 @@ #include #ifndef OPENSSL_NO_AES +#include # include # include # include @@ -1555,7 +1556,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Retrieve tag */ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); /* If tag mismatch wipe buffer */ - if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { + if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } @@ -1990,7 +1991,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!memcmp(tag, ctx->buf, cctx->M)) + if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M)) rv = len; } } diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index 1ba690d..e3fe918 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -54,6 +54,7 @@ #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) +# include # include # include # include @@ -209,7 +210,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); MD5_Final(mac, &key->md); - if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) + if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) return 0; } else { MD5_Update(&key->md, out + md5_off, len - md5_off); diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index b39cd06..02e8f2e 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1685,7 +1685,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, ctx->Xi.u[1] ^= ctx->EK0.u[1]; if (tag && len <= sizeof(ctx->Xi)) - return memcmp(ctx->Xi.c, tag, len); + return CRYPTO_memcmp(ctx->Xi.c, tag, len); else return -1; } diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 4025e3f..9382b39 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -59,6 +59,7 @@ # include # include "internal/cryptlib.h" +#include # include # include # include @@ -123,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) return 0; } if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) - || memcmp(mac, p12->mac->dinfo->digest->data, maclen)) + || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) return 0; return 1; } diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index bae9490..dbec5f1 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1072,7 +1072,7 @@ int tls1_cbc_remove_padding(const SSL *s, */ if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { /* First packet is even in size, so check */ - if ((memcmp(RECORD_LAYER_get_read_sequence(&s->rlayer), + if ((CRYPTO_memcmp(RECORD_LAYER_get_read_sequence(&s->rlayer), "\0\0\0\0\0\0\0\0", 8) == 0) && !(padding_length & 1)) { s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG; @@ -1578,4 +1578,3 @@ int dtls1_get_record(SSL *s) return (1); } - From emilia at openssl.org Mon Jun 8 13:30:39 2015 From: emilia at openssl.org (Emilia Kasper) Date: Mon, 08 Jun 2015 13:30:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433770239.996623.10917.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 05627d57e55517eae21c251fe287760bd1137218 (commit) via ac32a77cd69784568090e934a31622ddfee49ca7 (commit) from f877da9cedb95df94105d7292f8e0963175e58dc (commit) - Log ----------------------------------------------------------------- commit 05627d57e55517eae21c251fe287760bd1137218 Author: Emilia Kasper Date: Mon Jun 8 15:04:28 2015 +0200 Use CRYPTO_memcmp in s3_cbc.c Reviewed-by: Rich Salz commit ac32a77cd69784568090e934a31622ddfee49ca7 Author: Emilia Kasper Date: Wed May 27 17:12:13 2015 +0200 Use CRYPTO_memcmp when comparing authenticators Pointed out by Victor Vasiliev (vasilvv at mit.edu) via Adam Langley (Google). Reviewed-by: Rich Salz (cherry picked from commit 1e4a355dcabe2f75df5bb8b41b394d37037169d2) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 5 +++-- crypto/evp/e_rc4_hmac_md5.c | 3 ++- crypto/modes/gcm128.c | 2 +- crypto/pkcs12/p12_mutl.c | 3 ++- ssl/s3_cbc.c | 2 +- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index af4aa18..33cbed8 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -50,6 +50,7 @@ #include #ifndef OPENSSL_NO_AES +#include # include # include # include @@ -1455,7 +1456,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Retrieve tag */ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); /* If tag mismatch wipe buffer */ - if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { + if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } @@ -1895,7 +1896,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!memcmp(tag, ctx->buf, cctx->M)) + if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M)) rv = len; } } diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index e6b0cdf..2da1117 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -54,6 +54,7 @@ #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) +# include # include # include # include @@ -210,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); MD5_Final(mac, &key->md); - if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) + if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) return 0; } else { MD5_Update(&key->md, out + md5_off, len - md5_off); diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 24a84a7..881b223 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1704,7 +1704,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, ctx->Xi.u[1] ^= ctx->EK0.u[1]; if (tag && len <= sizeof(ctx->Xi)) - return memcmp(ctx->Xi.c, tag, len); + return CRYPTO_memcmp(ctx->Xi.c, tag, len); else return -1; } diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 256b210..5ab4bf2 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -60,6 +60,7 @@ #ifndef OPENSSL_NO_HMAC # include # include "cryptlib.h" +# include # include # include # include @@ -123,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) return 0; } if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) - || memcmp(mac, p12->mac->dinfo->digest->data, maclen)) + || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) return 0; return 1; } diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index c43402d..a0edcef 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -149,7 +149,7 @@ int tls1_cbc_remove_padding(const SSL *s, */ if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && + if ((CRYPTO_memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && !(padding_length & 1)) { s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG; } From steve at openssl.org Mon Jun 8 20:46:10 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 08 Jun 2015 20:46:10 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433796370.341328.28569.nullmailer@dev.openssl.org> The branch master has been updated via 0fb9990480919163cc375a2b6c0df1d8d901a77b (commit) from 2974e3d4641b80c76197e653a016e7c010eaf3a2 (commit) - Log ----------------------------------------------------------------- commit 0fb9990480919163cc375a2b6c0df1d8d901a77b Author: Dr. Stephen Henson Date: Mon Jun 8 13:23:00 2015 +0100 return correct NID for undefined object Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 27d61b3..e8a6b13 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -397,6 +397,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) if (a->nid != 0) return (a->nid); + if (a->length == 0) + return NID_undef; + if (added != NULL) { ad.type = ADDED_DATA; ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ From steve at openssl.org Mon Jun 8 20:48:10 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 08 Jun 2015 20:48:10 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1433796490.055568.29872.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 17689e7dc6eb006990c205083c5b07a202f50f7e (commit) from f803a417f7ad13a22d250aeba44ba85911a2b593 (commit) - Log ----------------------------------------------------------------- commit 17689e7dc6eb006990c205083c5b07a202f50f7e Author: Dr. Stephen Henson Date: Mon Jun 8 13:23:00 2015 +0100 return correct NID for undefined object Reviewed-by: Tim Hudson (cherry picked from commit 0fb9990480919163cc375a2b6c0df1d8d901a77b) ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 9654775..b7d1b83 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -382,6 +382,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) if (a->nid != 0) return (a->nid); + if (a->length == 0) + return NID_undef; + if (added != NULL) { ad.type = ADDED_DATA; ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ From steve at openssl.org Mon Jun 8 20:48:10 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 08 Jun 2015 20:48:10 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433796490.356787.29936.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 34cdff92e97b3d65e8f1b6d60779107c99d3a931 (commit) from 05627d57e55517eae21c251fe287760bd1137218 (commit) - Log ----------------------------------------------------------------- commit 34cdff92e97b3d65e8f1b6d60779107c99d3a931 Author: Dr. Stephen Henson Date: Mon Jun 8 13:23:00 2015 +0100 return correct NID for undefined object Reviewed-by: Tim Hudson (cherry picked from commit 0fb9990480919163cc375a2b6c0df1d8d901a77b) ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 5ff1294..aca382a 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -417,6 +417,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) if (a->nid != 0) return (a->nid); + if (a->length == 0) + return NID_undef; + if (added != NULL) { ad.type = ADDED_DATA; ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ From steve at openssl.org Mon Jun 8 20:48:10 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 08 Jun 2015 20:48:10 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1433796490.135938.29894.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 228806a4f3c42cfb304b974a267a95f7a12cba87 (commit) from bb82db1c776ec85b9a63f79fa04b001fb7d46fc7 (commit) - Log ----------------------------------------------------------------- commit 228806a4f3c42cfb304b974a267a95f7a12cba87 Author: Dr. Stephen Henson Date: Mon Jun 8 13:23:00 2015 +0100 return correct NID for undefined object Reviewed-by: Tim Hudson (cherry picked from commit 0fb9990480919163cc375a2b6c0df1d8d901a77b) ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index e42a1c1..454733d 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -415,6 +415,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) if (a->nid != 0) return (a->nid); + if (a->length == 0) + return NID_undef; + if (added != NULL) { ad.type = ADDED_DATA; ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ From steve at openssl.org Mon Jun 8 20:48:10 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 08 Jun 2015 20:48:10 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433796490.249128.29915.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 3d2c3fa5fc7e1cf119b50c0baf7511d7d75254e1 (commit) from ba5693686e7bc408c2fcdb4d258e9410028dcfb4 (commit) - Log ----------------------------------------------------------------- commit 3d2c3fa5fc7e1cf119b50c0baf7511d7d75254e1 Author: Dr. Stephen Henson Date: Mon Jun 8 13:23:00 2015 +0100 return correct NID for undefined object Reviewed-by: Tim Hudson (cherry picked from commit 0fb9990480919163cc375a2b6c0df1d8d901a77b) ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 5ff1294..aca382a 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -417,6 +417,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) if (a->nid != 0) return (a->nid); + if (a->length == 0) + return NID_undef; + if (added != NULL) { ad.type = ADDED_DATA; ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ From kurt at openssl.org Mon Jun 8 22:49:48 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Mon, 08 Jun 2015 22:49:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433803788.438340.19553.nullmailer@dev.openssl.org> The branch master has been updated via 1dece95168a32fb11cc671a7571807e04b47ed11 (commit) via 26c79d5641dcc85c666e0594c11663c00ec6c195 (commit) from 0fb9990480919163cc375a2b6c0df1d8d901a77b (commit) - Log ----------------------------------------------------------------- commit 1dece95168a32fb11cc671a7571807e04b47ed11 Author: Kurt Roeckx Date: Sat Apr 18 19:15:48 2015 +0200 Only allow a temporary rsa key exchange when they key is larger than 512. Reviewed-by: Matt Caswell MR #588 commit 26c79d5641dcc85c666e0594c11663c00ec6c195 Author: Kurt Roeckx Date: Sat Apr 18 12:23:12 2015 +0200 Properly check certificate in case of export ciphers. Reviewed-by: Matt Caswell MR #588 ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_lib.c | 5 ++++ crypto/rsa/rsa_crpt.c | 5 ++++ doc/crypto/DH_size.pod | 20 +++++++++------ doc/crypto/RSA_size.pod | 19 ++++++++------ doc/crypto/dh.pod | 2 -- doc/crypto/rsa.pod | 2 -- include/openssl/dh.h | 1 + include/openssl/rsa.h | 1 + ssl/s3_clnt.c | 66 ++++++++++++++++++++++++++++++++++++++----------- util/libeay.num | 2 ++ 10 files changed, 90 insertions(+), 33 deletions(-) diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 4a37adc..cce2514 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -237,6 +237,11 @@ void *DH_get_ex_data(DH *d, int idx) return (CRYPTO_get_ex_data(&d->ex_data, idx)); } +int DH_bits(const DH *dh) +{ + return BN_num_bits(dh->p); +} + int DH_size(const DH *dh) { return (BN_num_bytes(dh->p)); diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index 5220b7d..3c4fd67 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -64,6 +64,11 @@ #include #include +int RSA_bits(const RSA *r) +{ + return (BN_num_bits(r->n)); +} + int RSA_size(const RSA *r) { return (BN_num_bytes(r->n)); diff --git a/doc/crypto/DH_size.pod b/doc/crypto/DH_size.pod index 97f26fd..e73f325 100644 --- a/doc/crypto/DH_size.pod +++ b/doc/crypto/DH_size.pod @@ -2,32 +2,38 @@ =head1 NAME -DH_size - get Diffie-Hellman prime size +DH_size, DH_bits - get Diffie-Hellman prime size =head1 SYNOPSIS - #include +#include - int DH_size(DH *dh); +int DH_size(const DH *dh); + +int DH_bits(const DH *dh); =head1 DESCRIPTION -This function returns the Diffie-Hellman size in bytes. It can be used +DH_size() returns the Diffie-Hellman prime size in bytes. It can be used to determine how much memory must be allocated for the shared secret computed by DH_compute_key(). -Bp> must not be B. +DH_bits() returns the number of significant bits. + +B and Bp> must not be B. =head1 RETURN VALUE -The size in bytes. +The size. =head1 SEE ALSO -L, L +L, L, +L =head1 HISTORY DH_size() is available in all versions of SSLeay and OpenSSL. +DH_bits() was added in OpenSSL 1.1.0. =cut diff --git a/doc/crypto/RSA_size.pod b/doc/crypto/RSA_size.pod index 5b7f835..f68d5e8 100644 --- a/doc/crypto/RSA_size.pod +++ b/doc/crypto/RSA_size.pod @@ -2,32 +2,37 @@ =head1 NAME -RSA_size - get RSA modulus size +RSA_size, RSA_bits - get RSA modulus size =head1 SYNOPSIS - #include +#include - int RSA_size(const RSA *rsa); +int RSA_size(const RSA *rsa); + +int RSA_bits(const RSA *rsa); =head1 DESCRIPTION -This function returns the RSA modulus size in bytes. It can be used to +RSA_size() returns the RSA modulus size in bytes. It can be used to determine how much memory must be allocated for an RSA encrypted value. -Bn> must not be B. +RSA_bits() returns the number of significant bits. + +B and Bn> must not be B. =head1 RETURN VALUE -The size in bytes. +The size. =head1 SEE ALSO -L +L, L =head1 HISTORY RSA_size() is available in all versions of SSLeay and OpenSSL. +RSA_bits() was added in OpenSSL 1.1.0. =cut diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod index c3ccd06..1c8a327 100644 --- a/doc/crypto/dh.pod +++ b/doc/crypto/dh.pod @@ -12,8 +12,6 @@ dh - Diffie-Hellman key agreement DH * DH_new(void); void DH_free(DH *dh); - int DH_size(const DH *dh); - DH * DH_generate_parameters(int prime_len, int generator, void (*callback)(int, int, void *), void *cb_arg); int DH_check(const DH *dh, int *codes); diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod index 45ac53f..743334f 100644 --- a/doc/crypto/rsa.pod +++ b/doc/crypto/rsa.pod @@ -26,8 +26,6 @@ rsa - RSA public key cryptosystem int RSA_verify(int type, unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa); - int RSA_size(const RSA *rsa); - RSA *RSA_generate_key(int num, unsigned long e, void (*callback)(int,int,void *), void *cb_arg); diff --git a/include/openssl/dh.h b/include/openssl/dh.h index 2d7c739..e0f4b57 100644 --- a/include/openssl/dh.h +++ b/include/openssl/dh.h @@ -200,6 +200,7 @@ DH *DH_new_method(ENGINE *engine); DH *DH_new(void); void DH_free(DH *dh); int DH_up_ref(DH *dh); +int DH_bits(const DH *dh); int DH_size(const DH *dh); int DH_security_bits(const DH *dh); int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 9ba6497..727b9df 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -319,6 +319,7 @@ struct rsa_st { RSA *RSA_new(void); RSA *RSA_new_method(ENGINE *engine); +int RSA_bits(const RSA *rsa); int RSA_size(const RSA *rsa); int RSA_security_bits(const RSA *rsa); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 632d743..935a621 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -334,7 +334,7 @@ int ssl3_connect(SSL *s) if (! (s->s3->tmp. new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) -&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; @@ -1704,6 +1704,13 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } + + if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + s->session->sess_cert->peer_rsa_tmp = rsa; rsa = NULL; } @@ -3335,6 +3342,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) #ifndef OPENSSL_NO_DH DH *dh; #endif + int al = SSL_AD_HANDSHAKE_FAILURE; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; @@ -3395,17 +3403,33 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif #ifndef OPENSSL_NO_RSA - if ((alg_k & SSL_kRSA) && - !(has_bits(i, EVP_PK_RSA | EVP_PKT_ENC) || (rsa != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; + if (alg_k & SSL_kRSA) { + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { + if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } + if (rsa != NULL) { + /* server key exchange is not allowed. */ + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); + goto f_err; + } + } + } } #endif #ifndef OPENSSL_NO_DH - if ((alg_k & SSL_kDHE) && - !(has_bits(i, EVP_PK_DH | EVP_PKT_EXCH) || (dh != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY); + if ((alg_k & SSL_kDHE) && (dh == NULL)) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto f_err; } else if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) { @@ -3427,9 +3451,14 @@ int ssl3_check_cert_and_algorithm(SSL *s) pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { - if (rsa == NULL - || RSA_size(rsa) * 8 > + if (rsa == NULL) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_RSA_KEY); + goto f_err; + } else if (RSA_bits(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + /* We have a temporary RSA key but it's too large. */ + al = SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; @@ -3437,14 +3466,21 @@ int ssl3_check_cert_and_algorithm(SSL *s) } else #endif #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { - if (dh == NULL - || DH_size(dh) * 8 > + if (alg_k & SSL_kDHE) { + if (DH_bits(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + /* We have a temporary DH key but it's too large. */ + al = SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY); goto f_err; } + } else if (alg_k & (SSL_kDHr | SSL_kDHd)) { + /* The cert should have had an export DH key. */ + al = SSL_AD_EXPORT_RESTRICTION; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_DH_KEY); + goto f_err; } else #endif { @@ -3455,7 +3491,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } return (1); f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ssl3_send_alert(s, SSL3_AL_FATAL, al); err: return (0); } diff --git a/util/libeay.num b/util/libeay.num index c297ef7..edeb50d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4571,3 +4571,5 @@ ASN1_INTEGER_get_uint64 4929 EXIST::FUNCTION: ASN1_INTEGER_set_uint64 4930 EXIST::FUNCTION: PKCS5_pbe2_set_scrypt 4931 EXIST::FUNCTION: PKCS8_set0_pbe 4932 EXIST::FUNCTION: +DH_bits 4933 EXIST::FUNCTION:DH +RSA_bits 4934 EXIST::FUNCTION:RSA From rsalz at openssl.org Tue Jun 9 00:20:33 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 09 Jun 2015 00:20:33 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433809233.350429.9550.nullmailer@dev.openssl.org> The branch master has been updated via 82c4d793181058de9fde5c9088fd400fdb7e01e3 (commit) from 1dece95168a32fb11cc671a7571807e04b47ed11 (commit) - Log ----------------------------------------------------------------- commit 82c4d793181058de9fde5c9088fd400fdb7e01e3 Author: Jeffrey Walton Date: Sat Jun 6 21:52:56 2015 -0400 Explicitly mention PKCS5_PBKDF2_HMAC in EVP doc. Signed-off-by: Rich Salz Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: doc/crypto/EVP_BytesToKey.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index e6df57d..dca5239 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -36,8 +36,8 @@ If the total key and IV length is less than the digest length and B is used then the derivation algorithm is compatible with PKCS#5 v1.5 otherwise a non standard extension is used to derive the extra data. -Newer applications should use more standard algorithms such as PBKDF2 as -defined in PKCS#5v2.1 for key derivation. +Newer applications should use a more modern algorithm such as PBKDF2 as +defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC. =head1 KEY DERIVATION ALGORITHM From rsalz at openssl.org Tue Jun 9 00:21:29 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 09 Jun 2015 00:21:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433809289.807642.17064.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 31909e796878a8f546b290916e5bb53fbbfc91f4 (commit) from 34cdff92e97b3d65e8f1b6d60779107c99d3a931 (commit) - Log ----------------------------------------------------------------- commit 31909e796878a8f546b290916e5bb53fbbfc91f4 Author: Jeffrey Walton Date: Sat Jun 6 21:52:56 2015 -0400 Explicitly mention PKCS5_PBKDF2_HMAC in EVP doc. Signed-off-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit 82c4d793181058de9fde5c9088fd400fdb7e01e3) ----------------------------------------------------------------------- Summary of changes: doc/crypto/EVP_BytesToKey.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index 5d60595..a9b6bb0 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -36,8 +36,8 @@ If the total key and IV length is less than the digest length and B is used then the derivation algorithm is compatible with PKCS#5 v1.5 otherwise a non standard extension is used to derive the extra data. -Newer applications should use more standard algorithms such as PBKDF2 as -defined in PKCS#5v2.1 for key derivation. +Newer applications should use a more modern algorithm such as PBKDF2 as +defined in PKCS#5v2.1 and provided by PKCS5_PBKDF2_HMAC. =head1 KEY DERIVATION ALGORITHM From rsalz at openssl.org Tue Jun 9 16:39:18 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 09 Jun 2015 16:39:18 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433867958.449120.23136.nullmailer@dev.openssl.org> The branch master has been updated via 51b04a6117510d8a771f619cb419985f4dec32bb (commit) from 82c4d793181058de9fde5c9088fd400fdb7e01e3 (commit) - Log ----------------------------------------------------------------- commit 51b04a6117510d8a771f619cb419985f4dec32bb Author: Rich Salz Date: Thu Jun 4 12:42:36 2015 -0400 No fprintf in the txt_db component Also removed a source file that isn't built, and moved another one to test for eventual fixing. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/conf/cnf_save.c | 104 ---------------------------------- crypto/txt_db/txt_db.c | 6 +- include/openssl/txt_db.h | 1 + crypto/conf/test.c => test/conftest.c | 6 +- 4 files changed, 6 insertions(+), 111 deletions(-) delete mode 100644 crypto/conf/cnf_save.c rename crypto/conf/test.c => test/conftest.c (98%) diff --git a/crypto/conf/cnf_save.c b/crypto/conf/cnf_save.c deleted file mode 100644 index 71c4317..0000000 --- a/crypto/conf/cnf_save.c +++ /dev/null @@ -1,104 +0,0 @@ -/* crypto/conf/cnf_save.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -static void print_conf(CONF_VALUE *cv); -static IMPLEMENT_LHASH_DOALL_FN(print_conf, CONF_VALUE *); - -main() -{ - LHASH *conf; - long l; - - conf = CONF_load(NULL, "../../apps/openssl.cnf", &l); - if (conf == NULL) { - fprintf(stderr, "error loading config, line %ld\n", l); - exit(1); - } - - lh_doall(conf, LHASH_DOALL_FN(print_conf)); -} - -static void print_conf(CONF_VALUE *cv) -{ - int i; - CONF_VALUE *v; - char *section; - char *name; - char *value; - STACK *s; - - /* If it is a single entry, return */ - - if (cv->name != NULL) - return; - - printf("[ %s ]\n", cv->section); - s = (STACK *) cv->value; - - for (i = 0; i < sk_num(s); i++) { - v = (CONF_VALUE *)sk_value(s, i); - section = (v->section == NULL) ? "None" : v->section; - name = (v->name == NULL) ? "None" : v->name; - value = (v->value == NULL) ? "None" : v->value; - printf("%s=%s\n", name, value); - } - printf("\n"); -} diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 2384917..5b1e592 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -155,11 +155,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) } *(p++) = '\0'; if ((n != num) || (*f != '\0')) { -#if !defined(OPENSSL_NO_STDIO) /* temporary fix :-( */ - fprintf(stderr, - "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n", - ln, num, n, f); -#endif + ret->error = DB_ERROR_WRONG_NUM_FIELDS; goto err; } pp[n] = p; diff --git a/include/openssl/txt_db.h b/include/openssl/txt_db.h index 54b71fc..0e49a54 100644 --- a/include/openssl/txt_db.h +++ b/include/openssl/txt_db.h @@ -70,6 +70,7 @@ # define DB_ERROR_INDEX_OUT_OF_RANGE 3 # define DB_ERROR_NO_INDEX 4 # define DB_ERROR_INSERT_INDEX_CLASH 5 +# define DB_ERROR_WRONG_NUM_FIELDS 6 #ifdef __cplusplus extern "C" { diff --git a/crypto/conf/test.c b/test/conftest.c similarity index 98% rename from crypto/conf/test.c rename to test/conftest.c index cc1efcc..c303d39 100644 --- a/crypto/conf/test.c +++ b/test/conftest.c @@ -58,14 +58,16 @@ #include #include +#include #include #include +int main() { LHASH *conf; long eline; - char *s, *s2; + char *s; #ifdef USE_WIN32 CONF_set_default_method(CONF_WIN32); @@ -93,5 +95,5 @@ main() printf("---------------------------- DUMP ------------------------\n"); CONF_dump_fp(conf, stdout); - exit(0); + return 0; } From rsalz at openssl.org Tue Jun 9 16:49:02 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 09 Jun 2015 16:49:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433868542.594725.25799.nullmailer@dev.openssl.org> The branch master has been updated via 7768e116dc0f2ad7c8d2241b887fc6c66d03e3bb (commit) from 51b04a6117510d8a771f619cb419985f4dec32bb (commit) - Log ----------------------------------------------------------------- commit 7768e116dc0f2ad7c8d2241b887fc6c66d03e3bb Author: Rich Salz Date: Thu Jun 4 14:26:55 2015 -0400 Use bio_err not stderr in apps. Except for VMS startup code. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/openssl.c | 27 +++++++++++++-------------- apps/passwd.c | 4 ++-- apps/s_cb.c | 5 +++-- apps/s_server.c | 8 ++++---- apps/s_socket.c | 6 ++---- apps/s_time.c | 4 ++-- apps/speed.c | 12 ++++++------ 7 files changed, 32 insertions(+), 34 deletions(-) diff --git a/apps/openssl.c b/apps/openssl.c index 9a152f5..9117726 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -264,10 +264,9 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) err: if (errstr) { - /* we cannot use bio_err here */ - fprintf(stderr, - "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", - errstr, mode, type, file, line); + BIO_printf(bio_err, + "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", + errstr, mode, type, file, line); } } @@ -348,6 +347,12 @@ int main(int argc, char *argv[]) arg.argv = NULL; arg.size = 0; + /* Set up some of the environment. */ + default_config_file = make_config_name(); + bio_in = dup_bio_in(); + bio_out = dup_bio_out(); + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + #if defined( OPENSSL_SYS_VMS) copied_argv = argv = copy_argv(&argc, argv); #endif @@ -369,12 +374,12 @@ int main(int argc, char *argv[]) #ifdef OPENSSL_FIPS if (!FIPS_mode_set(1)) { ERR_load_crypto_strings(); - ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); - EXIT(1); + ERR_print_errors(bio_err); + return 1; } #else - fprintf(stderr, "FIPS mode not supported.\n"); - EXIT(1); + BIO_printf(bio_err, "FIPS mode not supported.\n"); + return 1; #endif } @@ -393,12 +398,6 @@ int main(int argc, char *argv[]) prog = prog_init(); pname = opt_progname(argv[0]); - /* Lets load up our environment a little */ - default_config_file = make_config_name(); - bio_in = dup_bio_in(); - bio_out = dup_bio_out(); - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - /* first check the program name */ f.name = pname; fp = lh_FUNCTION_retrieve(prog, &f); diff --git a/apps/passwd.c b/apps/passwd.c index 2e37629..0e168c4 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -496,7 +496,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, int passwd_main(int argc, char **argv) { - fputs("Program not available.\n", stderr) - return (1); + BIO_printf(bio_err, "Program not available.\n"); + return (1); } #endif diff --git a/apps/s_cb.c b/apps/s_cb.c index 35366c5..44e70f2 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -931,8 +931,9 @@ static int set_cert_cb(SSL *ssl, void *arg) static int retry_cnt; if (retry_cnt < 5) { retry_cnt++; - fprintf(stderr, "Certificate callback retry test: count %d\n", - retry_cnt); + BIO_printf(bio_err, + "Certificate callback retry test: count %d\n", + retry_cnt); return -1; } #endif diff --git a/apps/s_server.c b/apps/s_server.c index 6bd0257..8354386 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2376,8 +2376,8 @@ static int init_ssl_connection(SSL *con) { while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP && SSL_state(con) == SSL3_ST_SR_CLNT_HELLO_C) { - fprintf(stderr, - "LOOKUP from certificate callback during accept\n"); + BIO_printf(bio_err, + "LOOKUP from certificate callback during accept\n"); i = SSL_accept(con); } } @@ -2811,10 +2811,10 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) #ifdef RENEG total_bytes += i; - fprintf(stderr, "%d\n", i); + BIO_printf(bio_err, "%d\n", i); if (total_bytes > 3 * 1024) { total_bytes = 0; - fprintf(stderr, "RENEGOTIATE\n"); + BIO_printf(bio_err, "RENEGOTIATE\n"); SSL_renegotiate(con); } #endif diff --git a/apps/s_socket.c b/apps/s_socket.c index 1ca0d3a..c1faffc 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -539,8 +539,7 @@ static int do_accept(int acc_sock, int *sock, char **host) */ goto redoit; } - fprintf(stderr, "errno=%d ", errno); - perror("accept"); + BIO_printf(bio_err, "accept errno=%d, %s\n", errno, strerror(errno)); # endif return (0); } @@ -597,8 +596,7 @@ static int do_accept_unix(int acc_sock, int *sock) */ goto redoit; } - fprintf(stderr, "errno=%d ", errno); - perror("accept"); + BIO_printf(bio_err, "accept errno=%d, %s\n", errno, strerror(errno)); return (0); } diff --git a/apps/s_time.c b/apps/s_time.c index 4f56174..ef95b5a 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -238,7 +238,7 @@ int s_time_main(int argc, char **argv) if (cipher == NULL) cipher = getenv("SSL_CIPHER"); if (cipher == NULL) { - fprintf(stderr, "No CIPHER specified\n"); + BIO_printf(bio_err, "No CIPHER specified\n"); goto end; } @@ -336,7 +336,7 @@ int s_time_main(int argc, char **argv) /* Get an SSL object so we can reuse the session id */ if ((scon = doConnection(NULL, host, ctx)) == NULL) { - fprintf(stderr, "Unable to get connection\n"); + BIO_printf(bio_err, "Unable to get connection\n"); goto end; } diff --git a/apps/speed.c b/apps/speed.c index 45a060f..1a3027b 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1649,7 +1649,7 @@ int speed_main(int argc, char **argv) if (! (EVP_CIPHER_flags(evp_cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { - fprintf(stderr, "%s is not multi-block capable\n", + BIO_printf(bio_err, "%s is not multi-block capable\n", OBJ_nid2ln(evp_cipher->nid)); goto end; } @@ -2290,11 +2290,11 @@ static int do_multi(int multi) fds = malloc(sizeof(*fds) * multi); for (n = 0; n < multi; ++n) { if (pipe(fd) == -1) { - fprintf(stderr, "pipe failure\n"); + BIO_printf(bio_err, "pipe failure\n"); exit(1); } fflush(stdout); - fflush(stderr); + (void)BIO_flush(bio_err); if (fork()) { close(fd[1]); fds[n] = fd[0]; @@ -2302,7 +2302,7 @@ static int do_multi(int multi) close(fd[0]); close(1); if (dup(fd[1]) == -1) { - fprintf(stderr, "dup failed\n"); + BIO_printf(bio_err, "dup failed\n"); exit(1); } close(fd[1]); @@ -2326,7 +2326,7 @@ static int do_multi(int multi) if (p) *p = '\0'; if (buf[0] != '+') { - fprintf(stderr, "Don't understand line '%s' from child %d\n", + BIO_printf(bio_err, "Don't understand line '%s' from child %d\n", buf, n); continue; } @@ -2428,7 +2428,7 @@ static int do_multi(int multi) else if (strncmp(buf, "+H:", 3) == 0) { ; } else - fprintf(stderr, "Unknown type '%s' from child %d\n", buf, n); + BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf, n); } fclose(f); From rsalz at openssl.org Tue Jun 9 16:50:04 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 09 Jun 2015 16:50:04 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433868604.162864.26762.nullmailer@dev.openssl.org> The branch master has been updated via 121ee399c91789b34898e25eed67802e7a888277 (commit) from 7768e116dc0f2ad7c8d2241b887fc6c66d03e3bb (commit) - Log ----------------------------------------------------------------- commit 121ee399c91789b34898e25eed67802e7a888277 Author: Rich Salz Date: Wed May 20 06:56:14 2015 -0400 Fix -DZLIB build for opaque COMP types Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/comp/c_zlib.c | 51 +++++++++----------------------------------------- crypto/comp/comp_lcl.h | 1 + 2 files changed, 10 insertions(+), 42 deletions(-) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 83773a1..6a57f70 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -109,9 +109,7 @@ static COMP_METHOD zlib_stateful_method = { zlib_stateful_init, zlib_stateful_finish, zlib_stateful_compress_block, - zlib_stateful_expand_block, - NULL, - NULL, + zlib_stateful_expand_block }; /* @@ -167,8 +165,6 @@ struct zlib_state { z_stream ostream; }; -static int zlib_stateful_ex_idx = -1; - static int zlib_stateful_init(COMP_CTX *ctx) { int err; @@ -200,8 +196,7 @@ static int zlib_stateful_init(COMP_CTX *ctx) if (err != Z_OK) goto err; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); - CRYPTO_set_ex_data(&ctx->ex_data, zlib_stateful_ex_idx, state); + ctx->data = state; return 1; err: OPENSSL_free(state); @@ -210,13 +205,10 @@ static int zlib_stateful_init(COMP_CTX *ctx) static void zlib_stateful_finish(COMP_CTX *ctx) { - struct zlib_state *state = - (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, - zlib_stateful_ex_idx); + struct zlib_state *state = ctx->data; inflateEnd(&state->istream); deflateEnd(&state->ostream); OPENSSL_free(state); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); } static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, @@ -224,9 +216,7 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int ilen) { int err = Z_OK; - struct zlib_state *state = - (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, - zlib_stateful_ex_idx); + struct zlib_state *state = ctx->data; if (state == NULL) return -1; @@ -252,10 +242,7 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, unsigned int ilen) { int err = Z_OK; - - struct zlib_state *state = - (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, - zlib_stateful_ex_idx); + struct zlib_state *state = ctx->data; if (state == NULL) return 0; @@ -307,33 +294,13 @@ COMP_METHOD *COMP_zlib(void) && p_inflateInit_ && p_deflateEnd && p_deflate && p_deflateInit_ && p_zError) zlib_loaded++; + if (zlib_loaded) + meth = &zlib_stateful_method; } } #endif -#ifdef ZLIB_SHARED - if (zlib_loaded) -#endif -#if defined(ZLIB) || defined(ZLIB_SHARED) - { - /* - * init zlib_stateful_ex_idx here so that in a multi-process - * application it's enough to intialize openssl before forking (idx - * will be inherited in all the children) - */ - if (zlib_stateful_ex_idx == -1) { - CRYPTO_w_lock(CRYPTO_LOCK_COMP); - if (zlib_stateful_ex_idx == -1) - zlib_stateful_ex_idx = - CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, - 0, NULL, NULL, NULL, NULL); - CRYPTO_w_unlock(CRYPTO_LOCK_COMP); - if (zlib_stateful_ex_idx == -1) - goto err; - } - - meth = &zlib_stateful_method; - } - err: +#if defined(ZLIB) + meth = &zlib_stateful_method; #endif return (meth); diff --git a/crypto/comp/comp_lcl.h b/crypto/comp/comp_lcl.h index f1ec8d5..613437e 100644 --- a/crypto/comp/comp_lcl.h +++ b/crypto/comp/comp_lcl.h @@ -71,4 +71,5 @@ struct comp_ctx_st { unsigned long compress_out; unsigned long expand_in; unsigned long expand_out; + void* data; }; From levitte at openssl.org Wed Jun 10 00:01:56 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 10 Jun 2015 00:01:56 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433894516.825049.10240.nullmailer@dev.openssl.org> The branch master has been updated via acaff3b797f50a0a0e17a0be45b7fafad962004e (commit) via 177b5f9c82e1152d6ce20a83556db629697fff65 (commit) from 121ee399c91789b34898e25eed67802e7a888277 (commit) - Log ----------------------------------------------------------------- commit acaff3b797f50a0a0e17a0be45b7fafad962004e Author: Richard Levitte Date: Tue Jun 9 23:06:23 2015 +0200 When making libcrypto from apps or test, make sure to include engines For librypto to be complete, the stuff in both crypto/ and engines/ have to be built. Doing 'make test' or 'make apps' from a clean source tree failed to do so. Corrected by using the new 'build_libcrypto' in the top Makefile. Reviewed-by: Tim Hudson commit 177b5f9c82e1152d6ce20a83556db629697fff65 Author: Richard Levitte Date: Wed Jun 10 01:34:26 2015 +0200 Add and rearrange building of libraries There's a need for a target that will build all of libcrypto, so let's add 'build_libcrypto' that does this. For ortogonality, let's also add 'build_libssl'. Have both also depend on 'libcrypto.pc' and 'libssl.pc' so those get built together with the libraries. This makes 'all' depend on fewer things directly. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: Makefile.org | 7 +++++-- apps/Makefile | 4 ++-- test/Makefile | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Makefile.org b/Makefile.org index 9f72cdb..e9b49d9 100644 --- a/Makefile.org +++ b/Makefile.org @@ -187,7 +187,7 @@ INSTALLDIRS= \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ $(INSTALL_PREFIX)$(OPENSSLDIR)/private -all: Makefile build_all openssl.pc libssl.pc libcrypto.pc +all: Makefile build_all # as we stick to -e, CLEARENV ensures that local variables in lower # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn @@ -272,7 +272,10 @@ sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_ssl build_engines +build_libs: build_libcrypto build_libssl openssl.pc + +build_libcrypto: build_crypto build_engines libcrypto.pc +build_libssl: build_ssl libssl.pc build_crypto: @dir=crypto; target=all; $(BUILD_ONE_CMD) diff --git a/apps/Makefile b/apps/Makefile index 90e6014..bf554ab 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -139,10 +139,10 @@ clean: rm -f req $(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) + (cd ..; $(MAKE) build_libssl) $(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) + (cd ..; $(MAKE) build_libcrypto) $(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) diff --git a/test/Makefile b/test/Makefile index d37e020..343c21a 100644 --- a/test/Makefile +++ b/test/Makefile @@ -409,10 +409,10 @@ clean: rm -f .rnd tmp.bntest tmp.bctest *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest $(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) + (cd ..; $(MAKE) build_libssl) $(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) + (cd ..; $(MAKE) build_libcrypto) BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ From levitte at openssl.org Wed Jun 10 00:03:55 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 10 Jun 2015 00:03:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433894635.259844.11251.nullmailer@dev.openssl.org> The branch master has been updated via e36c5fc4f547ce62280e5a704d1f94189742ec65 (commit) from acaff3b797f50a0a0e17a0be45b7fafad962004e (commit) - Log ----------------------------------------------------------------- commit e36c5fc4f547ce62280e5a704d1f94189742ec65 Author: Richard Levitte Date: Wed Jun 10 01:51:23 2015 +0200 Make sure test/gost2814789test.c can see configuration macros test/gost2814789test.c needs to include openssl/e_os2.h or it wouldn't see the defined OPENSSL_NO_* macros. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: test/gost2814789test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/test/gost2814789test.c b/test/gost2814789test.c index 4569249..b2cd41f 100644 --- a/test/gost2814789test.c +++ b/test/gost2814789test.c @@ -8,6 +8,7 @@ * ==================================================================== */ #include +#include #if defined(OPENSSL_NO_ENGINE) || defined(OPENSSL_NO_GOST) int main(int argc, char *argv[]) From levitte at openssl.org Wed Jun 10 00:13:09 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 10 Jun 2015 00:13:09 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433895189.681662.13572.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via cb972a4fe710c3e07300cdd3e3c3d41a42fc9672 (commit) via ee2d14be9411c46242bdbe87c10c3bd58137332a (commit) from 3d2c3fa5fc7e1cf119b50c0baf7511d7d75254e1 (commit) - Log ----------------------------------------------------------------- commit cb972a4fe710c3e07300cdd3e3c3d41a42fc9672 Author: Richard Levitte Date: Tue Jun 9 23:06:23 2015 +0200 When making libcrypto from apps or test, make sure to include engines For librypto to be complete, the stuff in both crypto/ and engines/ have to be built. Doing 'make test' or 'make apps' from a clean source tree failed to do so. Corrected by using the new 'build_libcrypto' in the top Makefile. Reviewed-by: Tim Hudson (cherry picked from commit acaff3b797f50a0a0e17a0be45b7fafad962004e) commit ee2d14be9411c46242bdbe87c10c3bd58137332a Author: Richard Levitte Date: Wed Jun 10 01:34:26 2015 +0200 Add and rearrange building of libraries There's a need for a target that will build all of libcrypto, so let's add 'build_libcrypto' that does this. For ortogonality, let's also add 'build_libssl'. Have both also depend on 'libcrypto.pc' and 'libssl.pc' so those get built together with the libraries. This makes 'all' depend on fewer things directly. Reviewed-by: Tim Hudson (cherry picked from commit 177b5f9c82e1152d6ce20a83556db629697fff65) Conflicts: Makefile.org ----------------------------------------------------------------------- Summary of changes: Makefile.org | 7 +++++-- apps/Makefile | 4 ++-- test/Makefile | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Makefile.org b/Makefile.org index 8b4de74..cf82487 100644 --- a/Makefile.org +++ b/Makefile.org @@ -184,7 +184,7 @@ WTARFILE= $(NAME)-win.tar EXHEADER= e_os2.h HEADER= e_os.h -all: Makefile build_all openssl.pc libssl.pc libcrypto.pc +all: Makefile build_all # as we stick to -e, CLEARENV ensures that local variables in lower # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn @@ -270,7 +270,10 @@ reflect: sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_ssl build_engines +build_libs: build_libcrypto build_libssl openssl.pc + +build_libcrypto: build_crypto build_engines libcrypto.pc +build_libssl: build_ssl libssl.pc build_crypto: @dir=crypto; target=all; $(BUILD_ONE_CMD) diff --git a/apps/Makefile b/apps/Makefile index 963780f..a2c1565 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -147,10 +147,10 @@ clean: rm -f req $(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) + (cd ..; $(MAKE) build_libssl) $(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) + (cd ..; $(MAKE) build_libcrypto) $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) diff --git a/test/Makefile b/test/Makefile index 6205d80..0ee4ec2 100644 --- a/test/Makefile +++ b/test/Makefile @@ -355,10 +355,10 @@ clean: rm -f .rnd tmp.bntest tmp.bctest *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest $(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) + (cd ..; $(MAKE) build_libssl) $(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) + (cd ..; $(MAKE) build_libcrypto) BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ From levitte at openssl.org Wed Jun 10 00:13:22 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 10 Jun 2015 00:13:22 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433895202.896809.13811.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 80d586d97f4e8cd80d0f0c4152617250d261948d (commit) via cbfec68a79a327e1ec177f09d960df0fa2e09529 (commit) from 31909e796878a8f546b290916e5bb53fbbfc91f4 (commit) - Log ----------------------------------------------------------------- commit 80d586d97f4e8cd80d0f0c4152617250d261948d Author: Richard Levitte Date: Tue Jun 9 23:06:23 2015 +0200 When making libcrypto from apps or test, make sure to include engines For librypto to be complete, the stuff in both crypto/ and engines/ have to be built. Doing 'make test' or 'make apps' from a clean source tree failed to do so. Corrected by using the new 'build_libcrypto' in the top Makefile. Reviewed-by: Tim Hudson (cherry picked from commit acaff3b797f50a0a0e17a0be45b7fafad962004e) commit cbfec68a79a327e1ec177f09d960df0fa2e09529 Author: Richard Levitte Date: Wed Jun 10 01:34:26 2015 +0200 Add and rearrange building of libraries There's a need for a target that will build all of libcrypto, so let's add 'build_libcrypto' that does this. For ortogonality, let's also add 'build_libssl'. Have both also depend on 'libcrypto.pc' and 'libssl.pc' so those get built together with the libraries. This makes 'all' depend on fewer things directly. Reviewed-by: Tim Hudson (cherry picked from commit 177b5f9c82e1152d6ce20a83556db629697fff65) Conflicts: Makefile.org ----------------------------------------------------------------------- Summary of changes: Makefile.org | 7 +++++-- apps/Makefile | 4 ++-- test/Makefile | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Makefile.org b/Makefile.org index 0b2b72d..9f4faae 100644 --- a/Makefile.org +++ b/Makefile.org @@ -185,7 +185,7 @@ WTARFILE= $(NAME)-win.tar EXHEADER= e_os2.h HEADER= e_os.h -all: Makefile build_all openssl.pc libssl.pc libcrypto.pc +all: Makefile build_all # as we stick to -e, CLEARENV ensures that local variables in lower # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn @@ -271,7 +271,10 @@ reflect: sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_ssl build_engines +build_libs: build_libcrypto build_libssl openssl.pc + +build_libcrypto: build_crypto build_engines libcrypto.pc +build_libssl: build_ssl libssl.pc build_crypto: @dir=crypto; target=all; $(BUILD_ONE_CMD) diff --git a/apps/Makefile b/apps/Makefile index a6c9d54..64c3baa 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -147,10 +147,10 @@ clean: rm -f req $(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) + (cd ..; $(MAKE) build_libssl) $(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) + (cd ..; $(MAKE) build_libcrypto) $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) diff --git a/test/Makefile b/test/Makefile index 1b65d4e..a570fad 100644 --- a/test/Makefile +++ b/test/Makefile @@ -369,10 +369,10 @@ clean: rm -f .rnd tmp.bntest tmp.bctest *.o *.obj *.dll lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest $(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) + (cd ..; $(MAKE) build_libssl) $(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) + (cd ..; $(MAKE) build_libcrypto) BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ From matt at openssl.org Wed Jun 10 09:06:39 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 09:06:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433927199.192994.29788.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via dcad51bc13c9b716d9a66248bcc4038c071ff158 (commit) from 80d586d97f4e8cd80d0f0c4152617250d261948d (commit) - Log ----------------------------------------------------------------- commit dcad51bc13c9b716d9a66248bcc4038c071ff158 Author: Matt Caswell Date: Wed Jun 10 09:32:34 2015 +0100 Fix Kerberos issue in ssl_session_dup The fix for CVE-2015-1791 introduced an error in ssl_session_dup for Kerberos. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index ca5d2d6..5358f4a 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -242,7 +242,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) memcpy(dest, src, sizeof(*dest)); #ifndef OPENSSL_NO_KRB5 - dest->krb5_client_princ_len = dest->krb5_client_princ_len; + dest->krb5_client_princ_len = src->krb5_client_princ_len; if (src->krb5_client_princ_len > 0) memcpy(dest->krb5_client_princ, src->krb5_client_princ, src->krb5_client_princ_len); From matt at openssl.org Wed Jun 10 09:07:03 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 09:07:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1433927223.119833.30254.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 9545eac45bc79496763d2ded02629f88a8629fb9 (commit) from 228806a4f3c42cfb304b974a267a95f7a12cba87 (commit) - Log ----------------------------------------------------------------- commit 9545eac45bc79496763d2ded02629f88a8629fb9 Author: Matt Caswell Date: Wed Jun 10 09:32:34 2015 +0100 Fix Kerberos issue in ssl_session_dup The fix for CVE-2015-1791 introduced an error in ssl_session_dup for Kerberos. Reviewed-by: Tim Hudson (cherry picked from commit dcad51bc13c9b716d9a66248bcc4038c071ff158) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 98b9107..1fb682a 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -239,7 +239,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) memcpy(dest, src, sizeof(*dest)); #ifndef OPENSSL_NO_KRB5 - dest->krb5_client_princ_len = dest->krb5_client_princ_len; + dest->krb5_client_princ_len = src->krb5_client_princ_len; if (src->krb5_client_princ_len > 0) memcpy(dest->krb5_client_princ, src->krb5_client_princ, src->krb5_client_princ_len); From matt at openssl.org Wed Jun 10 09:06:52 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 09:06:52 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433927212.529979.30018.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 106a9a5d7e26e728a654d7424849081bd988d4a5 (commit) from cb972a4fe710c3e07300cdd3e3c3d41a42fc9672 (commit) - Log ----------------------------------------------------------------- commit 106a9a5d7e26e728a654d7424849081bd988d4a5 Author: Matt Caswell Date: Wed Jun 10 09:32:34 2015 +0100 Fix Kerberos issue in ssl_session_dup The fix for CVE-2015-1791 introduced an error in ssl_session_dup for Kerberos. Reviewed-by: Tim Hudson (cherry picked from commit dcad51bc13c9b716d9a66248bcc4038c071ff158) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index e673f9c..8325cb3 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -242,7 +242,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) memcpy(dest, src, sizeof(*dest)); #ifndef OPENSSL_NO_KRB5 - dest->krb5_client_princ_len = dest->krb5_client_princ_len; + dest->krb5_client_princ_len = src->krb5_client_princ_len; if (src->krb5_client_princ_len > 0) memcpy(dest->krb5_client_princ, src->krb5_client_princ, src->krb5_client_princ_len); From matt at openssl.org Wed Jun 10 09:07:18 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 09:07:18 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1433927238.292687.30518.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 8b4fd12b0d1734d281994000752c771e8cd0a103 (commit) from 17689e7dc6eb006990c205083c5b07a202f50f7e (commit) - Log ----------------------------------------------------------------- commit 8b4fd12b0d1734d281994000752c771e8cd0a103 Author: Matt Caswell Date: Wed Jun 10 09:32:34 2015 +0100 Fix Kerberos issue in ssl_session_dup The fix for CVE-2015-1791 introduced an error in ssl_session_dup for Kerberos. Reviewed-by: Tim Hudson (cherry picked from commit dcad51bc13c9b716d9a66248bcc4038c071ff158) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 9baa090..d3bac0b 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -150,7 +150,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) memcpy(dest, src, sizeof(*dest)); #ifndef OPENSSL_NO_KRB5 - dest->krb5_client_princ_len = dest->krb5_client_princ_len; + dest->krb5_client_princ_len = src->krb5_client_princ_len; if (src->krb5_client_princ_len > 0) memcpy(dest->krb5_client_princ, src->krb5_client_princ, src->krb5_client_princ_len); From matt at openssl.org Wed Jun 10 09:38:58 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 09:38:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433929138.494950.3020.nullmailer@dev.openssl.org> The branch master has been updated via 54e3ad003bdf83f189b2bf17fb998c028d39c8eb (commit) via aec54108ef0d469964505ac1f77984f19099ec05 (commit) via 5d80fab086fe8849222613e20d7cf61839f94f5f (commit) from e36c5fc4f547ce62280e5a704d1f94189742ec65 (commit) - Log ----------------------------------------------------------------- commit 54e3ad003bdf83f189b2bf17fb998c028d39c8eb Author: Matt Caswell Date: Thu Apr 30 15:20:25 2015 +0100 Tighten extension handling This adds additional checks to the processing of extensions in a ClientHello to ensure that either no extensions are present, or if they are then they take up the exact amount of space expected. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson commit aec54108ef0d469964505ac1f77984f19099ec05 Author: Matt Caswell Date: Thu Apr 30 14:51:10 2015 +0100 Fix memory leaks in BIO_dup_chain() This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson commit 5d80fab086fe8849222613e20d7cf61839f94f5f Author: Matt Caswell Date: Thu Apr 30 14:04:30 2015 +0100 Replace memset with OPENSSL_clear_free() BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_clear_free() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: crypto/bio/bio_lib.c | 7 ++- crypto/buffer/buffer.c | 3 +- ssl/t1_lib.c | 158 ++++++++++++++++++++----------------------------- 3 files changed, 70 insertions(+), 98 deletions(-) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 19cd069..cc859da 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -535,8 +535,10 @@ BIO *BIO_dup_chain(BIO *in) /* copy app data */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, - &bio->ex_data)) + &bio->ex_data)) { + BIO_free(new_bio); goto err; + } if (ret == NULL) { eoc = new_bio; @@ -548,7 +550,8 @@ BIO *BIO_dup_chain(BIO *in) } return (ret); err: - BIO_free(ret); + BIO_free_all(ret); + return (NULL); } diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index 37e5484..2beacce 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -88,8 +88,7 @@ void BUF_MEM_free(BUF_MEM *a) return; if (a->data != NULL) { - memset(a->data, 0, (unsigned int)a->max); - OPENSSL_free(a->data); + OPENSSL_clear_free(a->data, a->max); } OPENSSL_free(a); } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 0420fe3..f0565a2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1940,19 +1940,23 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, s->srtp_profile = NULL; - if (data >= (d + n - 2)) - goto ri_check; + if (data >= (d + n - 2)) { + if (data != d + n) + goto err; + else + goto ri_check; + } n2s(data, len); if (data > (d + n - len)) - goto ri_check; + goto err; while (data <= (d + n - 4)) { n2s(data, type); n2s(data, size); if (data + size > (d + n)) - goto ri_check; + goto err; if (s->tlsext_debug_cb) s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); if (type == TLSEXT_TYPE_renegotiate) { @@ -1991,16 +1995,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, int servname_type; int dsize; - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize > size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize > size) + goto err; sdata = data; while (dsize > 3) { @@ -2008,18 +2008,16 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, n2s(sdata, len); dsize -= 3; - if (len > dsize) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (len > dsize) + goto err; + if (s->servername_done == 0) switch (servname_type) { case TLSEXT_NAMETYPE_host_name: if (!s->hit) { - if (s->session->tlsext_hostname) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (s->session->tlsext_hostname) + goto err; + if (len > TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; @@ -2053,31 +2051,23 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, dsize -= len; } - if (dsize != 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != 0) + goto err; } #ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { - if (size == 0 || ((len = data[0])) != (size - 1)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (s->srp_ctx.login != NULL) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size == 0 || ((len = data[0])) != (size - 1)) + goto err; + if (s->srp_ctx.login != NULL) + goto err; if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL) return -1; memcpy(s->srp_ctx.login, &data[1], len); s->srp_ctx.login[len] = '\0'; - if (strlen(s->srp_ctx.login) != len) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (strlen(s->srp_ctx.login) != len) + goto err; } #endif @@ -2087,10 +2077,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, int ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1 || - ecpointformatlist_length < 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + ecpointformatlist_length < 1) + goto err; if (!s->hit) { OPENSSL_free(s->session->tlsext_ecpointformatlist); s->session->tlsext_ecpointformatlist = NULL; @@ -2113,15 +2101,13 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, if (ellipticcurvelist_length != size - 2 || ellipticcurvelist_length < 1 || /* Each NamedCurve is 2 bytes. */ - ellipticcurvelist_length & 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + ellipticcurvelist_length & 1) + goto err; + if (!s->hit) { - if (s->session->tlsext_ellipticcurvelist) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + if (s->session->tlsext_ellipticcurvelist) + goto err; + s->session->tlsext_ellipticcurvelist_length = 0; if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { @@ -2145,26 +2131,18 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } } else if (type == TLSEXT_TYPE_signature_algorithms) { int dsize; - if (s->s3->tmp.peer_sigalgs || size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (s->s3->tmp.peer_sigalgs || size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize != size || dsize & 1 || !dsize) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (!tls1_save_sigalgs(s, data, dsize)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != size || dsize & 1 || !dsize) + goto err; + if (!tls1_save_sigalgs(s, data, dsize)) + goto err; } else if (type == TLSEXT_TYPE_status_request) { - if (size < 5) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 5) + goto err; s->tlsext_status_type = *data++; size--; @@ -2174,35 +2152,26 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, /* Read in responder_id_list */ n2s(data, dsize); size -= 2; - if (dsize > size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize > size) + goto err; while (dsize > 0) { OCSP_RESPID *id; int idsize; - if (dsize < 4) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize < 4) + goto err; n2s(data, idsize); dsize -= 2 + idsize; size -= 2 + idsize; - if (dsize < 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize < 0) + goto err; sdata = data; data += idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); - if (!id) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (!id) + goto err; if (data != sdata) { OCSP_RESPID_free(id); - *al = SSL_AD_DECODE_ERROR; - return 0; + goto err; } if (!s->tlsext_ocsp_ids && !(s->tlsext_ocsp_ids = @@ -2219,26 +2188,20 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } /* Read in request_extensions */ - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize != size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != size) + goto err; sdata = data; if (dsize > 0) { sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, &sdata, dsize); - if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) + goto err; } } /* @@ -2329,6 +2292,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, data += size; } + /* Spurious data on the end */ + if (data != d + n) + goto err; + *p = data; ri_check: @@ -2344,6 +2311,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } return 1; +err: + *al = SSL_AD_DECODE_ERROR; + return 0; } int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, From matt at openssl.org Wed Jun 10 09:39:20 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 09:39:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433929160.760466.4082.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 72df35acf268e21adfe5b90b89f90e35e9db29bf (commit) via f92b1967234fd7926b476768584fa5573eaadd72 (commit) via e94118ae2a6aff6427ade82e843d683d4913bcec (commit) from 106a9a5d7e26e728a654d7424849081bd988d4a5 (commit) - Log ----------------------------------------------------------------- commit 72df35acf268e21adfe5b90b89f90e35e9db29bf Author: Matt Caswell Date: Thu Apr 30 15:20:25 2015 +0100 Tighten extension handling This adds additional checks to the processing of extensions in a ClientHello to ensure that either no extensions are present, or if they are then they take up the exact amount of space expected. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson Conflicts: ssl/t1_lib.c commit f92b1967234fd7926b476768584fa5573eaadd72 Author: Matt Caswell Date: Thu Apr 30 14:51:10 2015 +0100 Fix memory leaks in BIO_dup_chain() This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson Conflicts: crypto/bio/bio_lib.c commit e94118ae2a6aff6427ade82e843d683d4913bcec Author: Matt Caswell Date: Thu Apr 30 14:04:30 2015 +0100 Replace memset with OPENSSL_cleanse() BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_cleanse() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: crypto/bio/bio_lib.c | 8 ++- crypto/buffer/buffer.c | 2 +- ssl/t1_lib.c | 158 ++++++++++++++++++++----------------------------- 3 files changed, 70 insertions(+), 98 deletions(-) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 5267010..07934f8 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in) /* copy app data */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, - &bio->ex_data)) + &bio->ex_data)) { + BIO_free(new_bio); goto err; + } if (ret == NULL) { eoc = new_bio; @@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in) } return (ret); err: - if (ret != NULL) - BIO_free(ret); + BIO_free_all(ret); + return (NULL); } diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index d287e34..eff3e08 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a) return; if (a->data != NULL) { - memset(a->data, 0, (unsigned int)a->max); + OPENSSL_cleanse(a->data, a->max); OPENSSL_free(a->data); } OPENSSL_free(a); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 36ea9b0..c2d7d72 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1016,19 +1016,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->srtp_profile = NULL; - if (data >= (d + n - 2)) - goto ri_check; + if (data >= (d + n - 2)) { + if (data != d + n) + goto err; + else + goto ri_check; + } n2s(data, len); if (data > (d + n - len)) - goto ri_check; + goto err; while (data <= (d + n - 4)) { n2s(data, type); n2s(data, size); if (data + size > (d + n)) - goto ri_check; + goto err; # if 0 fprintf(stderr, "Received extension type %d size %d\n", type, size); # endif @@ -1064,16 +1068,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int servname_type; int dsize; - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize > size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize > size) + goto err; sdata = data; while (dsize > 3) { @@ -1081,18 +1081,16 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, n2s(sdata, len); dsize -= 3; - if (len > dsize) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (len > dsize) + goto err; + if (s->servername_done == 0) switch (servname_type) { case TLSEXT_NAMETYPE_host_name: if (!s->hit) { - if (s->session->tlsext_hostname) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (s->session->tlsext_hostname) + goto err; + if (len > TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; @@ -1126,31 +1124,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, dsize -= len; } - if (dsize != 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != 0) + goto err; } # ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { - if (size == 0 || ((len = data[0])) != (size - 1)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (s->srp_ctx.login != NULL) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size == 0 || ((len = data[0])) != (size - 1)) + goto err; + if (s->srp_ctx.login != NULL) + goto err; if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL) return -1; memcpy(s->srp_ctx.login, &data[1], len); s->srp_ctx.login[len] = '\0'; - if (strlen(s->srp_ctx.login) != len) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (strlen(s->srp_ctx.login) != len) + goto err; } # endif @@ -1159,10 +1149,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); - if (ecpointformatlist_length != size - 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + if (ecpointformatlist_length != size - 1) + goto err; if (!s->hit) { if (s->session->tlsext_ecpointformatlist) { OPENSSL_free(s->session->tlsext_ecpointformatlist); @@ -1196,15 +1184,13 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, if (ellipticcurvelist_length != size - 2 || ellipticcurvelist_length < 1 || /* Each NamedCurve is 2 bytes. */ - ellipticcurvelist_length & 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + ellipticcurvelist_length & 1) + goto err; + if (!s->hit) { - if (s->session->tlsext_ellipticcurvelist) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + if (s->session->tlsext_ellipticcurvelist) + goto err; + s->session->tlsext_ellipticcurvelist_length = 0; if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { @@ -1273,28 +1259,20 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, renegotiate_seen = 1; } else if (type == TLSEXT_TYPE_signature_algorithms) { int dsize; - if (sigalg_seen || size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (sigalg_seen || size < 2) + goto err; sigalg_seen = 1; n2s(data, dsize); size -= 2; - if (dsize != size || dsize & 1) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (!tls1_process_sigalgs(s, data, dsize)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != size || dsize & 1) + goto err; + if (!tls1_process_sigalgs(s, data, dsize)) + goto err; } else if (type == TLSEXT_TYPE_status_request && s->version != DTLS1_VERSION) { - if (size < 5) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 5) + goto err; s->tlsext_status_type = *data++; size--; @@ -1304,35 +1282,26 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, /* Read in responder_id_list */ n2s(data, dsize); size -= 2; - if (dsize > size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize > size) + goto err; while (dsize > 0) { OCSP_RESPID *id; int idsize; - if (dsize < 4) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize < 4) + goto err; n2s(data, idsize); dsize -= 2 + idsize; size -= 2 + idsize; - if (dsize < 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize < 0) + goto err; sdata = data; data += idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); - if (!id) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (!id) + goto err; if (data != sdata) { OCSP_RESPID_free(id); - *al = SSL_AD_DECODE_ERROR; - return 0; + goto err; } if (!s->tlsext_ocsp_ids && !(s->tlsext_ocsp_ids = @@ -1349,16 +1318,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } /* Read in request_extensions */ - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize != size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != size) + goto err; sdata = data; if (dsize > 0) { if (s->tlsext_ocsp_exts) { @@ -1368,10 +1333,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, &sdata, dsize); - if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) + goto err; } } /* @@ -1432,6 +1395,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, data += size; } + /* Spurious data on the end */ + if (data != d + n) + goto err; + *p = data; ri_check: @@ -1447,6 +1414,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } return 1; +err: + *al = SSL_AD_DECODE_ERROR; + return 0; } # ifndef OPENSSL_NO_NEXTPROTONEG From matt at openssl.org Wed Jun 10 09:39:08 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 09:39:08 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433929148.628933.3764.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via d272599277092d6cd054417cf671453ca5fd0d9b (commit) via b3c02473f7a22b19cbf86d5012d05a9d6a2c5f4d (commit) via 23cd01ef61ff9110850ee75c42ccb365ddc8a6ab (commit) from dcad51bc13c9b716d9a66248bcc4038c071ff158 (commit) - Log ----------------------------------------------------------------- commit d272599277092d6cd054417cf671453ca5fd0d9b Author: Matt Caswell Date: Thu Apr 30 15:20:25 2015 +0100 Tighten extension handling This adds additional checks to the processing of extensions in a ClientHello to ensure that either no extensions are present, or if they are then they take up the exact amount of space expected. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson Conflicts: ssl/t1_lib.c commit b3c02473f7a22b19cbf86d5012d05a9d6a2c5f4d Author: Matt Caswell Date: Thu Apr 30 14:51:10 2015 +0100 Fix memory leaks in BIO_dup_chain() This fixes a memory leak that can occur whilst duplicating a BIO chain if the call to CRYPTO_dup_ex_data() fails. It also fixes a second memory leak where if a failure occurs after successfully creating the first BIO in the chain, then the beginning of the new chain was not freed. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson Conflicts: crypto/bio/bio_lib.c commit 23cd01ef61ff9110850ee75c42ccb365ddc8a6ab Author: Matt Caswell Date: Thu Apr 30 14:04:30 2015 +0100 Replace memset with OPENSSL_cleanse() BUF_MEM_free() attempts to cleanse memory using memset immediately prior to a free. This is at risk of being optimised away by the compiler, so replace with a call to OPENSSL_cleanse() instead. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: crypto/bio/bio_lib.c | 8 ++- crypto/buffer/buffer.c | 2 +- ssl/t1_lib.c | 158 ++++++++++++++++++++----------------------------- 3 files changed, 70 insertions(+), 98 deletions(-) diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 5267010..07934f8 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in) /* copy app data */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, - &bio->ex_data)) + &bio->ex_data)) { + BIO_free(new_bio); goto err; + } if (ret == NULL) { eoc = new_bio; @@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in) } return (ret); err: - if (ret != NULL) - BIO_free(ret); + BIO_free_all(ret); + return (NULL); } diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index d287e34..eff3e08 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a) return; if (a->data != NULL) { - memset(a->data, 0, (unsigned int)a->max); + OPENSSL_cleanse(a->data, a->max); OPENSSL_free(a->data); } OPENSSL_free(a); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a398501..d811d3f 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2016,19 +2016,23 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, s->srtp_profile = NULL; - if (data >= (d + n - 2)) - goto ri_check; + if (data >= (d + n - 2)) { + if (data != d + n) + goto err; + else + goto ri_check; + } n2s(data, len); if (data > (d + n - len)) - goto ri_check; + goto err; while (data <= (d + n - 4)) { n2s(data, type); n2s(data, size); if (data + size > (d + n)) - goto ri_check; + goto err; # if 0 fprintf(stderr, "Received extension type %d size %d\n", type, size); # endif @@ -2064,16 +2068,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, int servname_type; int dsize; - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize > size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize > size) + goto err; sdata = data; while (dsize > 3) { @@ -2081,18 +2081,16 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, n2s(sdata, len); dsize -= 3; - if (len > dsize) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (len > dsize) + goto err; + if (s->servername_done == 0) switch (servname_type) { case TLSEXT_NAMETYPE_host_name: if (!s->hit) { - if (s->session->tlsext_hostname) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (s->session->tlsext_hostname) + goto err; + if (len > TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; @@ -2126,31 +2124,23 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, dsize -= len; } - if (dsize != 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != 0) + goto err; } # ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { - if (size == 0 || ((len = data[0])) != (size - 1)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (s->srp_ctx.login != NULL) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size == 0 || ((len = data[0])) != (size - 1)) + goto err; + if (s->srp_ctx.login != NULL) + goto err; if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL) return -1; memcpy(s->srp_ctx.login, &data[1], len); s->srp_ctx.login[len] = '\0'; - if (strlen(s->srp_ctx.login) != len) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (strlen(s->srp_ctx.login) != len) + goto err; } # endif @@ -2160,10 +2150,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, int ecpointformatlist_length = *(sdata++); if (ecpointformatlist_length != size - 1 || - ecpointformatlist_length < 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + ecpointformatlist_length < 1) + goto err; if (!s->hit) { if (s->session->tlsext_ecpointformatlist) { OPENSSL_free(s->session->tlsext_ecpointformatlist); @@ -2197,15 +2185,13 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, if (ellipticcurvelist_length != size - 2 || ellipticcurvelist_length < 1 || /* Each NamedCurve is 2 bytes. */ - ellipticcurvelist_length & 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + ellipticcurvelist_length & 1) + goto err; + if (!s->hit) { - if (s->session->tlsext_ellipticcurvelist) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + if (s->session->tlsext_ellipticcurvelist) + goto err; + s->session->tlsext_ellipticcurvelist_length = 0; if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { @@ -2273,26 +2259,18 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, renegotiate_seen = 1; } else if (type == TLSEXT_TYPE_signature_algorithms) { int dsize; - if (s->cert->peer_sigalgs || size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (s->cert->peer_sigalgs || size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize != size || dsize & 1 || !dsize) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (!tls1_save_sigalgs(s, data, dsize)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != size || dsize & 1 || !dsize) + goto err; + if (!tls1_save_sigalgs(s, data, dsize)) + goto err; } else if (type == TLSEXT_TYPE_status_request) { - if (size < 5) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 5) + goto err; s->tlsext_status_type = *data++; size--; @@ -2302,35 +2280,26 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, /* Read in responder_id_list */ n2s(data, dsize); size -= 2; - if (dsize > size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize > size) + goto err; while (dsize > 0) { OCSP_RESPID *id; int idsize; - if (dsize < 4) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize < 4) + goto err; n2s(data, idsize); dsize -= 2 + idsize; size -= 2 + idsize; - if (dsize < 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize < 0) + goto err; sdata = data; data += idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); - if (!id) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (!id) + goto err; if (data != sdata) { OCSP_RESPID_free(id); - *al = SSL_AD_DECODE_ERROR; - return 0; + goto err; } if (!s->tlsext_ocsp_ids && !(s->tlsext_ocsp_ids = @@ -2347,16 +2316,12 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } /* Read in request_extensions */ - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize != size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != size) + goto err; sdata = data; if (dsize > 0) { if (s->tlsext_ocsp_exts) { @@ -2366,10 +2331,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, &sdata, dsize); - if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) + goto err; } } /* @@ -2441,6 +2404,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, data += size; } + /* Spurious data on the end */ + if (data != d + n) + goto err; + *p = data; ri_check: @@ -2456,6 +2423,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } return 1; +err: + *al = SSL_AD_DECODE_ERROR; + return 0; } /* From matt at openssl.org Wed Jun 10 09:43:09 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 09:43:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433929389.848568.5451.nullmailer@dev.openssl.org> The branch master has been updated via b8b12aadd8edfd3bd327157c8899b1cf3403177f (commit) from 54e3ad003bdf83f189b2bf17fb998c028d39c8eb (commit) - Log ----------------------------------------------------------------- commit b8b12aadd8edfd3bd327157c8899b1cf3403177f Author: Matt Caswell Date: Thu Jun 4 10:35:08 2015 +0100 Change BIO_number_read and BIO_number_written() to be 64 bit The return type of BIO_number_read() and BIO_number_written() as well as the corresponding num_read and num_write members in the BIO structure has been changed from unsigned long to uint64_t. On platforms where an unsigned long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is transferred. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++++++ crypto/bio/bio_lib.c | 10 +++++----- demos/easy_tls/easy-tls.c | 2 +- include/openssl/bio.h | 8 ++++---- 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 3b0d0b5..e1b3392 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,13 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) The return type of BIO_number_read() and BIO_number_written() as well as + the corresponding num_read and num_write members in the BIO structure has + changed from unsigned long to uint64_t. On platforms where an unsigned + long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is + transferred. + [Matt Caswell] + *) Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index cc859da..6ab471c 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -209,7 +209,7 @@ int BIO_read(BIO *b, void *out, int outl) i = b->method->bread(b, out, outl); if (i > 0) - b->num_read += (unsigned long)i; + b->num_read += (uint64_t)i; if (cb != NULL) i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i); @@ -242,7 +242,7 @@ int BIO_write(BIO *b, const void *in, int inl) i = b->method->bwrite(b, in, inl); if (i > 0) - b->num_write += (unsigned long)i; + b->num_write += (uint64_t)i; if (cb != NULL) i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i); @@ -272,7 +272,7 @@ int BIO_puts(BIO *b, const char *in) i = b->method->bputs(b, in); if (i > 0) - b->num_write += (unsigned long)i; + b->num_write += (uint64_t)i; if (cb != NULL) i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i); @@ -578,14 +578,14 @@ void *BIO_get_ex_data(BIO *bio, int idx) return (CRYPTO_get_ex_data(&(bio->ex_data), idx)); } -unsigned long BIO_number_read(BIO *bio) +uint64_t BIO_number_read(BIO *bio) { if (bio) return bio->num_read; return 0; } -unsigned long BIO_number_written(BIO *bio) +uint64_t BIO_number_written(BIO *bio) { if (bio) return bio->num_write; diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index b951290..5b65780 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -1020,7 +1020,7 @@ tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p) int clear_read_select = 0, clear_write_select = 0, tls_read_select = 0, tls_write_select = 0, progress = 0; int r; - unsigned long num_read = BIO_number_read(rbio), + uint64_t num_read = BIO_number_read(rbio), num_written = BIO_number_written(wbio); DEBUG_MSG2("loop iteration", ++tls_loop_count); diff --git a/include/openssl/bio.h b/include/openssl/bio.h index ab37c87..e224dd9 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -321,8 +321,8 @@ struct bio_st { struct bio_st *next_bio; /* used by filter BIOs */ struct bio_st *prev_bio; /* used by filter BIOs */ int references; - unsigned long num_read; - unsigned long num_write; + uint64_t num_read; + uint64_t num_write; CRYPTO_EX_DATA ex_data; }; @@ -618,8 +618,8 @@ int BIO_set_ex_data(BIO *bio, int idx, void *data); void *BIO_get_ex_data(BIO *bio, int idx); int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -unsigned long BIO_number_read(BIO *bio); -unsigned long BIO_number_written(BIO *bio); +uint64_t BIO_number_read(BIO *bio); +uint64_t BIO_number_written(BIO *bio); /* For BIO_f_asn1() */ int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, From matt at openssl.org Wed Jun 10 10:01:03 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 10:01:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433930463.537707.16643.nullmailer@dev.openssl.org> The branch master has been updated via 68886be7e2cd395a759fcd41d2cede461b68843d (commit) from b8b12aadd8edfd3bd327157c8899b1cf3403177f (commit) - Log ----------------------------------------------------------------- commit 68886be7e2cd395a759fcd41d2cede461b68843d Author: Matt Caswell Date: Thu Jun 4 14:22:00 2015 +0100 EC_POINT_is_on_curve does not return a boolean The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec2_oct.c | 2 +- crypto/ec/ec_check.c | 2 +- crypto/ec/ec_key.c | 2 +- crypto/ec/ec_lib.c | 7 +++++++ crypto/ec/ecp_oct.c | 2 +- test/ectest.c | 24 ++++++++++++------------ 6 files changed, 23 insertions(+), 16 deletions(-) diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index 821c371..33f703b 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -384,7 +384,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index 1d44ad2..bdbf91c 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); goto err; } - if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 07c33fe..620860c 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -296,7 +296,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) goto err; /* testing whether the pub_key is on the elliptic curve */ - if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { + if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 9156943..3ddaa5d 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -949,6 +949,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) return group->meth->is_at_infinity(group, point); } +/* + * Check whether an EC_POINT is on the curve or not. Note that the return + * value for this function should NOT be treated as a boolean. Return values: + * 1: The point is on the curve + * 0: The point is not on the curve + * -1: An error occurred + */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index a68b559..8bb7aa3 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -410,7 +410,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/test/ectest.c b/test/ectest.c index 977b8d9..c8893f9 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -319,7 +319,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; fprintf(stderr, "Point is not on curve: x = 0x"); @@ -439,7 +439,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; @@ -488,7 +488,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; @@ -541,7 +541,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) @@ -600,7 +600,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" "84F3B9CAC2FC632551")) @@ -656,7 +656,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) @@ -715,7 +715,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" @@ -759,7 +759,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ @@ -877,7 +877,7 @@ static void prime_field_tests(void) # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -895,7 +895,7 @@ static void prime_field_tests(void) if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1024,7 +1024,7 @@ static void char2_field_tests(void) if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; # endif - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) @@ -1245,7 +1245,7 @@ static void char2_field_tests(void) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ From matt at openssl.org Wed Jun 10 10:01:15 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 10:01:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433930475.862844.17354.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 7cb79c7afb043e80eb9a4f7ff36f5a7a80cdd8c9 (commit) from d272599277092d6cd054417cf671453ca5fd0d9b (commit) - Log ----------------------------------------------------------------- commit 7cb79c7afb043e80eb9a4f7ff36f5a7a80cdd8c9 Author: Matt Caswell Date: Thu Jun 4 14:22:00 2015 +0100 EC_POINT_is_on_curve does not return a boolean The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Kurt Roeckx (cherry picked from commit 68886be7e2cd395a759fcd41d2cede461b68843d) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec2_oct.c | 2 +- crypto/ec/ec_check.c | 2 +- crypto/ec/ec_key.c | 2 +- crypto/ec/ec_lib.c | 7 +++++++ crypto/ec/ecp_oct.c | 2 +- crypto/ec/ectest.c | 24 ++++++++++++------------ 6 files changed, 23 insertions(+), 16 deletions(-) diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index c245d88..0d04cc6 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -387,7 +387,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index d3f5349..dd6f0ac 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); goto err; } - if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index ebdffc8..55ce3fe 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -314,7 +314,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) goto err; /* testing whether the pub_key is on the elliptic curve */ - if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { + if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 6ffd9fc..3ffa112 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -970,6 +970,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) return group->meth->is_at_infinity(group, point); } +/* + * Check whether an EC_POINT is on the curve or not. Note that the return + * value for this function should NOT be treated as a boolean. Return values: + * 1: The point is on the curve + * 0: The point is not on the curve + * -1: An error occurred + */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index e5cec8b..1bc3f39 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -413,7 +413,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index a18b327..fede530 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -412,7 +412,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; fprintf(stderr, "Point is not on curve: x = 0x"); @@ -544,7 +544,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; @@ -593,7 +593,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; @@ -646,7 +646,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) @@ -705,7 +705,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" "84F3B9CAC2FC632551")) @@ -761,7 +761,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) @@ -820,7 +820,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" @@ -864,7 +864,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ @@ -1008,7 +1008,7 @@ static void prime_field_tests(void) # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1026,7 +1026,7 @@ static void prime_field_tests(void) if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1157,7 +1157,7 @@ static void char2_field_tests(void) if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; # endif - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) @@ -1378,7 +1378,7 @@ static void char2_field_tests(void) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ From matt at openssl.org Wed Jun 10 10:01:28 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 10:01:28 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433930488.132310.17594.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via d163a2cc46709ba31e91887c65d32743913d3db3 (commit) from 72df35acf268e21adfe5b90b89f90e35e9db29bf (commit) - Log ----------------------------------------------------------------- commit d163a2cc46709ba31e91887c65d32743913d3db3 Author: Matt Caswell Date: Thu Jun 4 14:22:00 2015 +0100 EC_POINT_is_on_curve does not return a boolean The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Kurt Roeckx (cherry picked from commit 68886be7e2cd395a759fcd41d2cede461b68843d) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec2_oct.c | 2 +- crypto/ec/ec_check.c | 2 +- crypto/ec/ec_key.c | 2 +- crypto/ec/ec_lib.c | 7 +++++++ crypto/ec/ecp_oct.c | 2 +- crypto/ec/ectest.c | 24 ++++++++++++------------ 6 files changed, 23 insertions(+), 16 deletions(-) diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index c245d88..0d04cc6 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -387,7 +387,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index d3f5349..dd6f0ac 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); goto err; } - if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index ebdffc8..55ce3fe 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -314,7 +314,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) goto err; /* testing whether the pub_key is on the elliptic curve */ - if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { + if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 9a54f41..e227520 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -934,6 +934,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) return group->meth->is_at_infinity(group, point); } +/* + * Check whether an EC_POINT is on the curve or not. Note that the return + * value for this function should NOT be treated as a boolean. Return values: + * 1: The point is on the curve + * 0: The point is not on the curve + * -1: An error occurred + */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index e5cec8b..1bc3f39 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -413,7 +413,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index a18b327..fede530 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -412,7 +412,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; fprintf(stderr, "Point is not on curve: x = 0x"); @@ -544,7 +544,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; @@ -593,7 +593,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; @@ -646,7 +646,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) @@ -705,7 +705,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" "84F3B9CAC2FC632551")) @@ -761,7 +761,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) @@ -820,7 +820,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" @@ -864,7 +864,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ @@ -1008,7 +1008,7 @@ static void prime_field_tests(void) # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1026,7 +1026,7 @@ static void prime_field_tests(void) if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1157,7 +1157,7 @@ static void char2_field_tests(void) if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; # endif - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) @@ -1378,7 +1378,7 @@ static void char2_field_tests(void) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ From matt at openssl.org Wed Jun 10 10:01:41 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 10:01:41 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1433930501.582771.17884.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via cb9f1bc1d118bfe17d7c3004bbf33746df1855bd (commit) from 9545eac45bc79496763d2ded02629f88a8629fb9 (commit) - Log ----------------------------------------------------------------- commit cb9f1bc1d118bfe17d7c3004bbf33746df1855bd Author: Matt Caswell Date: Thu Jun 4 14:22:00 2015 +0100 EC_POINT_is_on_curve does not return a boolean The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Kurt Roeckx (cherry picked from commit 68886be7e2cd395a759fcd41d2cede461b68843d) Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_oct.c crypto/ec/ectest.c ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec2_smpl.c | 2 +- crypto/ec/ec_check.c | 2 +- crypto/ec/ec_key.c | 2 +- crypto/ec/ec_lib.c | 7 +++++++ crypto/ec/ecp_smpl.c | 2 +- crypto/ec/ectest.c | 24 ++++++++++++------------ 6 files changed, 23 insertions(+), 16 deletions(-) diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 849d20b..5754d6f 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -755,7 +755,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index d3f5349..dd6f0ac 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); goto err; } - if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 7e48015..6104a59 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -304,7 +304,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) goto err; /* testing whether the pub_key is on the elliptic curve */ - if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { + if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index dd9f4dc..10cda17 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -993,6 +993,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) return group->meth->is_at_infinity(group, point); } +/* + * Check whether an EC_POINT is on the curve or not. Note that the return + * value for this function should NOT be treated as a boolean. Return values: + * 1: The point is on the curve + * 0: The point is not on the curve + * -1: An error occurred + */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index a0c1540..cc924bd 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -985,7 +985,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index 005b324..d5789ca 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -303,7 +303,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; fprintf(stderr, "Point is not on curve: x = 0x"); @@ -436,7 +436,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; @@ -501,7 +501,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; @@ -570,7 +570,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) @@ -645,7 +645,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" "84F3B9CAC2FC632551")) @@ -717,7 +717,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) @@ -792,7 +792,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" @@ -852,7 +852,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ @@ -994,7 +994,7 @@ void prime_field_tests() # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1012,7 +1012,7 @@ void prime_field_tests() if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1151,7 +1151,7 @@ void char2_field_tests() if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; # endif - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) @@ -1372,7 +1372,7 @@ void char2_field_tests() ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ From matt at openssl.org Wed Jun 10 10:01:52 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 10:01:52 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1433930512.995859.18244.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 50d3049930575f45df11014f6c154e0ae13aa7fe (commit) from 8b4fd12b0d1734d281994000752c771e8cd0a103 (commit) - Log ----------------------------------------------------------------- commit 50d3049930575f45df11014f6c154e0ae13aa7fe Author: Matt Caswell Date: Thu Jun 4 14:22:00 2015 +0100 EC_POINT_is_on_curve does not return a boolean The function EC_POINT_is_on_curve does not return a boolean value. It returns 1 if the point is on the curve, 0 if it is not, and -1 on error. Many usages within OpenSSL were incorrectly using this function and therefore not correctly handling error conditions. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Kurt Roeckx (cherry picked from commit 68886be7e2cd395a759fcd41d2cede461b68843d) Conflicts: crypto/ec/ec2_oct.c crypto/ec/ecp_oct.c crypto/ec/ectest.c ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec2_smpl.c | 2 +- crypto/ec/ec_check.c | 2 +- crypto/ec/ec_key.c | 2 +- crypto/ec/ec_lib.c | 7 +++++++ crypto/ec/ecp_smpl.c | 2 +- crypto/ec/ectest.c | 24 ++++++++++++------------ 6 files changed, 23 insertions(+), 16 deletions(-) diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 5df41e2..df37571 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -677,7 +677,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index d3f5349..dd6f0ac 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); goto err; } - if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 7e48015..6104a59 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -304,7 +304,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) goto err; /* testing whether the pub_key is on the elliptic curve */ - if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { + if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 8d8b807..33f397b 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -993,6 +993,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) return group->meth->is_at_infinity(group, point); } +/* + * Check whether an EC_POINT is on the curve or not. Note that the return + * value for this function should NOT be treated as a boolean. Return values: + * 1: The point is on the curve + * 0: The point is not on the curve + * -1: An error occurred + */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index a0c1540..cc924bd 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -985,7 +985,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index 2df7f33..0fa7697 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -303,7 +303,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; fprintf(stderr, "Point is not on curve: x = 0x"); @@ -436,7 +436,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; @@ -501,7 +501,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; @@ -572,7 +572,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) @@ -649,7 +649,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" "84F3B9CAC2FC632551")) @@ -723,7 +723,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) @@ -800,7 +800,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" @@ -862,7 +862,7 @@ void prime_field_tests() ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ @@ -1004,7 +1004,7 @@ void prime_field_tests() # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1022,7 +1022,7 @@ void prime_field_tests() if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1161,7 +1161,7 @@ void char2_field_tests() if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; # endif - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) @@ -1382,7 +1382,7 @@ void char2_field_tests() ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ From matt at openssl.org Wed Jun 10 10:10:28 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 10:10:28 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433931028.956895.19963.nullmailer@dev.openssl.org> The branch master has been updated via e43a13c807e42688c72c4f3d001112bf0a110464 (commit) from 68886be7e2cd395a759fcd41d2cede461b68843d (commit) - Log ----------------------------------------------------------------- commit e43a13c807e42688c72c4f3d001112bf0a110464 Author: Matt Caswell Date: Mon Jun 8 09:29:56 2015 +0100 Fix leak in HMAC error path In the event of an error in the HMAC function, leaks can occur because the HMAC_CTX does not get cleaned up. Thanks to the BoringSSL project for reporting this issue. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/hmac/hmac.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 572393e..d50fabb 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -219,6 +219,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, HMAC_CTX_cleanup(&c); return md; err: + HMAC_CTX_cleanup(&c); return NULL; } From matt at openssl.org Wed Jun 10 10:10:51 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 10:10:51 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433931051.121647.20897.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 418df5ea232811dc7339380c1aa5e07c28c6c6dc (commit) from d163a2cc46709ba31e91887c65d32743913d3db3 (commit) - Log ----------------------------------------------------------------- commit 418df5ea232811dc7339380c1aa5e07c28c6c6dc Author: Matt Caswell Date: Mon Jun 8 09:29:56 2015 +0100 Fix leak in HMAC error path In the event of an error in the HMAC function, leaks can occur because the HMAC_CTX does not get cleaned up. Thanks to the BoringSSL project for reporting this issue. Reviewed-by: Richard Levitte (cherry picked from commit e43a13c807e42688c72c4f3d001112bf0a110464) ----------------------------------------------------------------------- Summary of changes: crypto/hmac/hmac.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index b1f7317..5925467 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -251,6 +251,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, HMAC_CTX_cleanup(&c); return md; err: + HMAC_CTX_cleanup(&c); return NULL; } From matt at openssl.org Wed Jun 10 10:10:39 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 10:10:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433931039.706158.20669.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 3e8f9dc1a07df10dd52544efa269628744a40173 (commit) from 7cb79c7afb043e80eb9a4f7ff36f5a7a80cdd8c9 (commit) - Log ----------------------------------------------------------------- commit 3e8f9dc1a07df10dd52544efa269628744a40173 Author: Matt Caswell Date: Mon Jun 8 09:29:56 2015 +0100 Fix leak in HMAC error path In the event of an error in the HMAC function, leaks can occur because the HMAC_CTX does not get cleaned up. Thanks to the BoringSSL project for reporting this issue. Reviewed-by: Richard Levitte (cherry picked from commit e43a13c807e42688c72c4f3d001112bf0a110464) ----------------------------------------------------------------------- Summary of changes: crypto/hmac/hmac.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 5ca3894..15a9a21 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -261,6 +261,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, HMAC_CTX_cleanup(&c); return md; err: + HMAC_CTX_cleanup(&c); return NULL; } From matt at openssl.org Wed Jun 10 11:14:50 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 11:14:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433934890.498965.30578.nullmailer@dev.openssl.org> The branch master has been updated via 91d13f1a76216f7d67f7a3068bab2287831ca615 (commit) via b821df5f5b8dbb9bae109ed01076cb4b393b67e0 (commit) from e43a13c807e42688c72c4f3d001112bf0a110464 (commit) - Log ----------------------------------------------------------------- commit 91d13f1a76216f7d67f7a3068bab2287831ca615 Author: Matt Caswell Date: Mon Jun 1 17:25:29 2015 +0100 DTLS handshake message fragments musn't span packets It should not be possible for DTLS message fragments to span multiple packets. However previously if the message header fitted exactly into one packet, and the fragment body was in the next packet then this would work. Obviously this would fail if packets get re-ordered mid-flight. Reviewed-by: Tim Hudson commit b821df5f5b8dbb9bae109ed01076cb4b393b67e0 Author: Matt Caswell Date: Tue Jun 2 08:57:02 2015 +0100 Correct type of RECORD_LAYER_get_rrec_length() The underlying field returned by RECORD_LAYER_get_rrec_length() is an unsigned int. The return type of the function should match that. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 26 ++++++++++++++++++-------- ssl/record/rec_layer_s3.c | 2 +- ssl/record/record.h | 2 +- 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 569b561..155b8bf 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -868,6 +868,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) /* parse the message fragment header */ dtls1_get_message_header(wire, &msg_hdr); + len = msg_hdr.msg_len; + frag_off = msg_hdr.frag_off; + frag_len = msg_hdr.frag_len; + + /* + * We must have at least frag_len bytes left in the record to be read. + * Fragments must not span records. + */ + if (frag_len > RECORD_LAYER_get_rrec_length(&s->rlayer)) { + al = SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH); + goto f_err; + } + /* * if this is a future (or stale) message it gets buffered * (or dropped)--no further processing at this time @@ -878,10 +892,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) && !(s->d1->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - len = msg_hdr.msg_len; - frag_off = msg_hdr.frag_off; - frag_len = msg_hdr.frag_len; - if (frag_len && frag_len < len) return dtls1_reassemble_fragment(s, &msg_hdr, ok); @@ -912,17 +922,16 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) goto f_err; - /* XDTLS: ressurect this when restart is in place */ - s->state = stn; - if (frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[frag_off], frag_len, 0); + /* - * XDTLS: fix this--message fragments cannot span multiple packets + * This shouldn't ever fail due to NBIO because we already checked + * that we have enough data in the record */ if (i <= 0) { s->rwstate = SSL_READING; @@ -943,6 +952,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) } *ok = 1; + s->state = stn; /* * Note that s->init_num is *not* used as current offset in diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 47a021d..79d3c21 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1504,7 +1504,7 @@ int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl) /* * Returns the length in bytes of the current rrec */ -int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) +unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) { return SSL3_RECORD_get_length(&rl->rrec); } diff --git a/ssl/record/record.h b/ssl/record/record.h index cf1607c..6931bb4 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -326,7 +326,7 @@ void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); int RECORD_LAYER_setup_comp_buffer(RECORD_LAYER *rl); int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); -int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); +unsigned int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); __owur int ssl3_pending(const SSL *s); __owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); __owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf, From matt at openssl.org Wed Jun 10 11:15:04 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 11:15:04 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433934904.286912.31327.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 9dcab127e14467733523ff7626da8906e67eedd6 (commit) from 3e8f9dc1a07df10dd52544efa269628744a40173 (commit) - Log ----------------------------------------------------------------- commit 9dcab127e14467733523ff7626da8906e67eedd6 Author: Matt Caswell Date: Mon Jun 1 17:25:29 2015 +0100 DTLS handshake message fragments musn't span packets It should not be possible for DTLS message fragments to span multiple packets. However previously if the message header fitted exactly into one packet, and the fragment body was in the next packet then this would work. Obviously this would fail if packets get re-ordered mid-flight. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index ffd4784..b4ee7ab 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -879,6 +879,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) /* parse the message fragment header */ dtls1_get_message_header(wire, &msg_hdr); + len = msg_hdr.msg_len; + frag_off = msg_hdr.frag_off; + frag_len = msg_hdr.frag_len; + + /* + * We must have at least frag_len bytes left in the record to be read. + * Fragments must not span records. + */ + if (frag_len > s->s3->rrec.length) { + al = SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH); + goto f_err; + } + /* * if this is a future (or stale) message it gets buffered * (or dropped)--no further processing at this time @@ -889,10 +903,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) && !(s->d1->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - len = msg_hdr.msg_len; - frag_off = msg_hdr.frag_off; - frag_len = msg_hdr.frag_len; - if (frag_len && frag_len < len) return dtls1_reassemble_fragment(s, &msg_hdr, ok); @@ -923,17 +933,16 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) goto f_err; - /* XDTLS: ressurect this when restart is in place */ - s->state = stn; - if (frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[frag_off], frag_len, 0); + /* - * XDTLS: fix this--message fragments cannot span multiple packets + * This shouldn't ever fail due to NBIO because we already checked + * that we have enough data in the record */ if (i <= 0) { s->rwstate = SSL_READING; @@ -954,6 +963,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) } *ok = 1; + s->state = stn; /* * Note that s->init_num is *not* used as current offset in From matt at openssl.org Wed Jun 10 11:15:19 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2015 11:15:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433934919.153215.31636.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via d46de4ce483d684ecbec2aa967618f06865ae74a (commit) from 418df5ea232811dc7339380c1aa5e07c28c6c6dc (commit) - Log ----------------------------------------------------------------- commit d46de4ce483d684ecbec2aa967618f06865ae74a Author: Matt Caswell Date: Mon Jun 1 17:25:29 2015 +0100 DTLS handshake message fragments musn't span packets It should not be possible for DTLS message fragments to span multiple packets. However previously if the message header fitted exactly into one packet, and the fragment body was in the next packet then this would work. Obviously this would fail if packets get re-ordered mid-flight. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index c5b2e99..8dd8ea3 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -875,6 +875,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) /* parse the message fragment header */ dtls1_get_message_header(wire, &msg_hdr); + len = msg_hdr.msg_len; + frag_off = msg_hdr.frag_off; + frag_len = msg_hdr.frag_len; + + /* + * We must have at least frag_len bytes left in the record to be read. + * Fragments must not span records. + */ + if (frag_len > s->s3->rrec.length) { + al = SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH); + goto f_err; + } + /* * if this is a future (or stale) message it gets buffered * (or dropped)--no further processing at this time @@ -885,10 +899,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) && !(s->d1->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - len = msg_hdr.msg_len; - frag_off = msg_hdr.frag_off; - frag_len = msg_hdr.frag_len; - if (frag_len && frag_len < len) return dtls1_reassemble_fragment(s, &msg_hdr, ok); @@ -919,17 +929,16 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) goto f_err; - /* XDTLS: ressurect this when restart is in place */ - s->state = stn; - if (frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[frag_off], frag_len, 0); + /* - * XDTLS: fix this--message fragments cannot span multiple packets + * This shouldn't ever fail due to NBIO because we already checked + * that we have enough data in the record */ if (i <= 0) { s->rwstate = SSL_READING; @@ -950,6 +959,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) } *ok = 1; + s->state = stn; /* * Note that s->init_num is *not* used as current offset in From emilia at openssl.org Wed Jun 10 11:55:56 2015 From: emilia at openssl.org (Emilia Kasper) Date: Wed, 10 Jun 2015 11:55:56 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433937356.235120.8944.nullmailer@dev.openssl.org> The branch master has been updated via a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5 (commit) from 91d13f1a76216f7d67f7a3068bab2287831ca615 (commit) - Log ----------------------------------------------------------------- commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5 Author: Emilia Kasper Date: Tue Jun 9 14:17:50 2015 +0200 Remove SSL_OP_TLS_BLOCK_PADDING_BUG This is a workaround so old that nobody remembers what buggy clients it was for. It's also been broken in stable branches for two years and nobody noticed (see https://boringssl-review.googlesource.com/#/c/1694/). Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 +++++ apps/s_server.c | 3 --- doc/ssl/SSL_CTX_set_options.pod | 4 ---- include/openssl/ssl.h | 3 ++- include/openssl/ssl3.h | 3 ++- ssl/record/ssl3_record.c | 22 ---------------------- 6 files changed, 9 insertions(+), 31 deletions(-) diff --git a/CHANGES b/CHANGES index e1b3392..1bd9e1a 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,11 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're + not aware of clients that still exhibit this bug, and the workaround + hasn't been working properly for a while. + [Emilia K?sper] + *) The return type of BIO_number_read() and BIO_number_written() as well as the corresponding num_read and num_write members in the BIO structure has changed from unsigned long to uint64_t. On platforms where an unsigned diff --git a/apps/s_server.c b/apps/s_server.c index 8354386..072d30d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2462,9 +2462,6 @@ static int init_ssl_connection(SSL *con) #endif if (SSL_cache_hit(con)) BIO_printf(bio_s_out, "Reused session-id\n"); - if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) & - TLS1_FLAGS_TLS_PADDING_BUG) - BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n"); BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); if (keymatexportlabel != NULL) { diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 1078f09..84dde28 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -94,10 +94,6 @@ OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. ... -=item SSL_OP_TLS_BLOCK_PADDING_BUG - -... - =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 4e18b65..cd932e5 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -360,7 +360,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L # define SSL_OP_TLS_D5_BUG 0x00000100L -# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L +/* Removed from OpenSSL 1.1.0 */ +# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0L /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 66bc8c6..138b80c 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -362,7 +362,8 @@ extern "C" { # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 # define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 # define SSL3_FLAGS_POP_BUFFER 0x0004 -# define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +/* Removed from OpenSSL 1.1.0 */ +# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 # define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 # define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 /* diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index dbec5f1..1865f24 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -748,10 +748,6 @@ int tls1_enc(SSL *s, int send) /* we need to add 'i' padding bytes of value j */ j = i - 1; - if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) { - if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) - j++; - } for (k = (int)l; k < (int)(l + i); k++) rec->input[k] = j; l += i; @@ -1064,24 +1060,6 @@ int tls1_cbc_remove_padding(const SSL *s, padding_length = rec->data[rec->length - 1]; - /* - * NB: if compression is in operation the first packet may not be of even - * length so the padding bug check cannot be performed. This bug - * workaround has been around since SSLeay so hopefully it is either - * fixed now or no buggy implementation supports compression [steve] - */ - if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { - /* First packet is even in size, so check */ - if ((CRYPTO_memcmp(RECORD_LAYER_get_read_sequence(&s->rlayer), - "\0\0\0\0\0\0\0\0", 8) == 0) && - !(padding_length & 1)) { - s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG; - } - if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && padding_length > 0) { - padding_length--; - } - } - if (EVP_CIPHER_flags(s->enc_read_ctx->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { /* padding is already verified */ rec->length -= padding_length + 1; From steve at openssl.org Wed Jun 10 21:09:18 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 10 Jun 2015 21:09:18 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433970558.925514.8566.nullmailer@dev.openssl.org> The branch master has been updated via 633d49c7b486ab7cba9408fd02bcaaad3b8d8f1e (commit) via e1fa652d5ef6e505ce734ca99c8837201b880cc7 (commit) from a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5 (commit) - Log ----------------------------------------------------------------- commit 633d49c7b486ab7cba9408fd02bcaaad3b8d8f1e Author: Dr. Stephen Henson Date: Sun Jun 7 21:47:39 2015 +0100 Tidy disabled algorithm handling. Determine disabled algorithm masks when algorithms are loaded instead of recalculating them each time. Reviewed-by: Rich Salz commit e1fa652d5ef6e505ce734ca99c8837201b880cc7 Author: Dr. Stephen Henson Date: Sun Jun 7 21:46:19 2015 +0100 Restore GOST mac setup. Restore GOST mac setup which was accidentally removed during cipher refactor. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/ssl_ciph.c | 173 +++++++++++++++++++++++++-------------------------------- 1 file changed, 77 insertions(+), 96 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 39b5a71..7f932b0 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -449,27 +449,91 @@ static int get_optional_pkey_id(const char *pkey_name) #endif +/* masks of disabled algorithms */ +static unsigned long disabled_enc_mask; +static unsigned long disabled_mac_mask; +static unsigned long disabled_mkey_mask; +static unsigned long disabled_auth_mask; + void ssl_load_ciphers(void) { size_t i; const ssl_cipher_table *t; + disabled_enc_mask = 0; for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) { - if (t->nid == NID_undef) + if (t->nid == NID_undef) { ssl_cipher_methods[i] = NULL; - else - ssl_cipher_methods[i] = EVP_get_cipherbynid(t->nid); + } else { + const EVP_CIPHER *cipher = EVP_get_cipherbynid(t->nid); + ssl_cipher_methods[i] = cipher; + if (cipher == NULL) + disabled_enc_mask |= t->mask; + } } - +#ifdef SSL_FORBID_ENULL + disabled_enc_mask |= SSL_eNULL; +#endif + disabled_mac_mask = 0; for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) { - ssl_digest_methods[i] = EVP_get_digestbynid(t->nid); - if (ssl_digest_methods[i]) { - ssl_mac_secret_size[i] = EVP_MD_size(ssl_digest_methods[i]); + const EVP_MD *md = EVP_get_digestbynid(t->nid); + ssl_digest_methods[i] = md; + if (md == NULL) { + disabled_mac_mask |= t->mask; + } else { + ssl_mac_secret_size[i] = EVP_MD_size(md); OPENSSL_assert(ssl_mac_secret_size[i] >= 0); } } /* Make sure we can access MD5 and SHA1 */ OPENSSL_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL); OPENSSL_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL); + + disabled_mkey_mask = 0; + disabled_auth_mask = 0; + +#ifdef OPENSSL_NO_RSA + disabled_mkey_mask |= SSL_kRSA; + disabled_auth_mask |= SSL_aRSA; +#endif +#ifdef OPENSSL_NO_DSA + disabled_auth_mask |= SSL_aDSS; +#endif +#ifdef OPENSSL_NO_DH + disabled_mkey_mask |= SSL_kDHr | SSL_kDHd | SSL_kDHE; + disabled_auth_mask |= SSL_aDH; +#endif +#ifdef OPENSSL_NO_EC + disabled_mkey_mask |= SSL_kECDHe | SSL_kECDHr; + disabled_auth_mask |= SSL_aECDSA | SSL_aECDH; +#endif +#ifdef OPENSSL_NO_PSK + disabled_mkey_mask |= SSL_kPSK; + disabled_auth_mask |= SSL_aPSK; +#endif +#ifdef OPENSSL_NO_SRP + disabled_mkey_mask |= SSL_kSRP; +#endif + + /* + * Check for presence of GOST 34.10 algorithms, and if they are not + * present, disable appropriate auth and key exchange + */ + ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac"); + if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) { + ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32; + } else { + disabled_mac_mask |= SSL_GOST89MAC; + } + + if (!get_optional_pkey_id("gost94")) + disabled_auth_mask |= SSL_aGOST94; + if (!get_optional_pkey_id("gost2001")) + disabled_auth_mask |= SSL_aGOST01; + /* + * Disable GOST key exchange if no GOST signature algs are available * + */ + if ((disabled_auth_mask & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01)) + disabled_mkey_mask |= SSL_kGOST; } #ifndef OPENSSL_NO_COMP @@ -668,93 +732,6 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, *head = curr; } -static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, - unsigned long *enc, unsigned long *mac, - unsigned long *ssl) -{ - *mkey = 0; - *auth = 0; - *enc = 0; - *mac = 0; - *ssl = 0; - -#ifdef OPENSSL_NO_RSA - *mkey |= SSL_kRSA; - *auth |= SSL_aRSA; -#endif -#ifdef OPENSSL_NO_DSA - *auth |= SSL_aDSS; -#endif -#ifdef OPENSSL_NO_DH - *mkey |= SSL_kDHr | SSL_kDHd | SSL_kDHE; - *auth |= SSL_aDH; -#endif -#ifdef OPENSSL_NO_EC - *mkey |= SSL_kECDHe | SSL_kECDHr; - *auth |= SSL_aECDSA | SSL_aECDH; -#endif -#ifdef OPENSSL_NO_PSK - *mkey |= SSL_kPSK; - *auth |= SSL_aPSK; -#endif -#ifdef OPENSSL_NO_SRP - *mkey |= SSL_kSRP; -#endif - /* - * Check for presence of GOST 34.10 algorithms, and if they do not - * present, disable appropriate auth and key exchange - */ - if (!get_optional_pkey_id("gost94")) { - *auth |= SSL_aGOST94; - } - if (!get_optional_pkey_id("gost2001")) { - *auth |= SSL_aGOST01; - } - /* - * Disable GOST key exchange if no GOST signature algs are available * - */ - if ((*auth & (SSL_aGOST94 | SSL_aGOST01)) == (SSL_aGOST94 | SSL_aGOST01)) { - *mkey |= SSL_kGOST; - } -#ifdef SSL_FORBID_ENULL - *enc |= SSL_eNULL; -#endif - - *enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX] == NULL) ? SSL_DES : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX] == NULL) ? SSL_RC4 : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX] == NULL) ? SSL_RC2 : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128 : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256 : 0; - *enc |= - (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == - NULL) ? SSL_AES128GCM : 0; - *enc |= - (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == - NULL) ? SSL_AES256GCM : 0; - *enc |= - (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == - NULL) ? SSL_CAMELLIA128 : 0; - *enc |= - (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == - NULL) ? SSL_CAMELLIA256 : 0; - *enc |= - (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == - NULL) ? SSL_eGOST2814789CNT : 0; - *enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0; - - *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX] == NULL) ? SSL_MD5 : 0; - *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0; - *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256 : 0; - *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384 : 0; - *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94 : 0; - *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL - || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] == - NID_undef) ? SSL_GOST89MAC : 0; - -} - static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, unsigned long disabled_mkey, @@ -1425,8 +1402,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * To reduce the work to do we only want to process the compiled * in algorithms, so we first get the mask of disabled ciphers. */ - ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, - &disabled_mac, &disabled_ssl); + + disabled_mkey = disabled_mkey_mask; + disabled_auth = disabled_auth_mask; + disabled_enc = disabled_enc_mask; + disabled_mac = disabled_mac_mask; + disabled_ssl = 0; /* * Now we have to collect the available ciphers from the compiled From appro at openssl.org Wed Jun 10 21:57:36 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 10 Jun 2015 21:57:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433973456.761930.16314.nullmailer@dev.openssl.org> The branch master has been updated via 75c4827dfe6f52ccd687a283e6108a88ba3b8ec4 (commit) from 633d49c7b486ab7cba9408fd02bcaaad3b8d8f1e (commit) - Log ----------------------------------------------------------------- commit 75c4827dfe6f52ccd687a283e6108a88ba3b8ec4 Author: Andy Polyakov Date: Mon Jun 1 22:51:33 2015 +0200 gcm.c: address linker warning about OPENSSL_ia32cap_P size mismatch. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/modes/gcm128.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 02e8f2e..f28e07c 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -682,7 +682,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) # define GHASH_ASM_X86_OR_64 # define GCM_FUNCREF_4BIT -extern unsigned int OPENSSL_ia32cap_P[2]; +extern unsigned int OPENSSL_ia32cap_P[]; void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]); void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]); From appro at openssl.org Wed Jun 10 21:58:23 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 10 Jun 2015 21:58:23 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433973503.232818.17036.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 1fdf36f5116f7e31e64e4027874e01eac3f0817d (commit) from 9dcab127e14467733523ff7626da8906e67eedd6 (commit) - Log ----------------------------------------------------------------- commit 1fdf36f5116f7e31e64e4027874e01eac3f0817d Author: Andy Polyakov Date: Mon Jun 1 22:51:33 2015 +0200 gcm.c: address linker warning about OPENSSL_ia32cap_P size mismatch. Reviewed-by: Rich Salz (cherry picked from commit 75c4827dfe6f52ccd687a283e6108a88ba3b8ec4) ----------------------------------------------------------------------- Summary of changes: crypto/modes/gcm128.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 881b223..e299131 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -694,7 +694,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) # define GHASH_ASM_X86_OR_64 # define GCM_FUNCREF_4BIT -extern unsigned int OPENSSL_ia32cap_P[2]; +extern unsigned int OPENSSL_ia32cap_P[]; void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]); void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]); From kurt at openssl.org Wed Jun 10 22:09:10 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Wed, 10 Jun 2015 22:09:10 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433974150.160277.18982.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 57e477b9ec66542afc8c9c13ae7c4271209fb88f (commit) via 39a298a1c0e7a76e301b9f2ebe8d33d90ad0a3b4 (commit) from 1fdf36f5116f7e31e64e4027874e01eac3f0817d (commit) - Log ----------------------------------------------------------------- commit 57e477b9ec66542afc8c9c13ae7c4271209fb88f Author: Kurt Roeckx Date: Sat Apr 18 19:15:48 2015 +0200 Only allow a temporary rsa key exchange when they key is larger than 512. Reviewed-by: Rich Salz MR #838 commit 39a298a1c0e7a76e301b9f2ebe8d33d90ad0a3b4 Author: Kurt Roeckx Date: Sat Jun 6 13:42:34 2015 +0200 Properly check certificate in case of export ciphers. Reviewed-by: Rich Salz MR #838 ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 49 insertions(+), 12 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index c495641..2346ce5 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -341,7 +341,7 @@ int ssl3_connect(SSL *s) if (! (s->s3->tmp. new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) -&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; @@ -1671,6 +1671,13 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } + + if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + s->session->sess_cert->peer_rsa_tmp = rsa; rsa = NULL; } @@ -3436,6 +3443,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) #ifndef OPENSSL_NO_DH DH *dh; #endif + int al = SSL_AD_HANDSHAKE_FAILURE; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; @@ -3496,15 +3504,32 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif #ifndef OPENSSL_NO_RSA - if ((alg_k & SSL_kRSA) && - !(has_bits(i, EVP_PK_RSA | EVP_PKT_ENC) || (rsa != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; + if (alg_k & SSL_kRSA) { + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { + if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } + if (rsa != NULL) { + /* server key exchange is not allowed. */ + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); + goto f_err; + } + } + } } #endif #ifndef OPENSSL_NO_DH if ((alg_k & SSL_kEDH) && dh == NULL) { + al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto f_err; } @@ -3547,9 +3572,14 @@ int ssl3_check_cert_and_algorithm(SSL *s) pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { - if (rsa == NULL - || RSA_size(rsa) * 8 > + if (rsa == NULL) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_RSA_KEY); + goto f_err; + } else if (BN_num_bits(rsa->n) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + /* We have a temporary RSA key but it's too large. */ + al = SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; @@ -3557,14 +3587,21 @@ int ssl3_check_cert_and_algorithm(SSL *s) } else #endif #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) { - if (dh == NULL - || DH_size(dh) * 8 > + if (alg_k & SSL_kDHE) { + if (BN_num_bits(dh->p) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + /* We have a temporary DH key but it's too large. */ + al = SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY); goto f_err; } + } else if (alg_k & (SSL_kDHr | SSL_kDHd)) { + /* The cert should have had an export DH key. */ + al = SSL_AD_EXPORT_RESTRICTION; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_DH_KEY); + goto f_err; } else #endif { @@ -3575,7 +3612,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } return (1); f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ssl3_send_alert(s, SSL3_AL_FATAL, al); err: return (0); } From kurt at openssl.org Wed Jun 10 22:13:53 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Wed, 10 Jun 2015 22:13:53 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433974433.652161.21020.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via f3b355fec3b38e9f345a226d7defab146f446100 (commit) via c4ce10773fc4a8d055fe7643c83e5a1187597838 (commit) from d46de4ce483d684ecbec2aa967618f06865ae74a (commit) - Log ----------------------------------------------------------------- commit f3b355fec3b38e9f345a226d7defab146f446100 Author: Kurt Roeckx Date: Sat Apr 18 19:15:48 2015 +0200 Only allow a temporary rsa key exchange when they key is larger than 512. Reviewed-by: Rich Salz MR #838 (cherry picked from commit 57e477b9ec66542afc8c9c13ae7c4271209fb88f) commit c4ce10773fc4a8d055fe7643c83e5a1187597838 Author: Kurt Roeckx Date: Sat Jun 6 13:42:34 2015 +0200 Properly check certificate in case of export ciphers. Reviewed-by: Rich Salz MR #838 (cherry picked from commit 39a298a1c0e7a76e301b9f2ebe8d33d90ad0a3b4) ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 49 insertions(+), 12 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f435899..0879a0f 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -341,7 +341,7 @@ int ssl3_connect(SSL *s) if (! (s->s3->tmp. new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) -&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; @@ -1596,6 +1596,13 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } + + if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + s->session->sess_cert->peer_rsa_tmp = rsa; rsa = NULL; } @@ -3266,6 +3273,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) #ifndef OPENSSL_NO_DH DH *dh; #endif + int al = SSL_AD_HANDSHAKE_FAILURE; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; @@ -3319,15 +3327,32 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif #ifndef OPENSSL_NO_RSA - if ((alg_k & SSL_kRSA) && - !(has_bits(i, EVP_PK_RSA | EVP_PKT_ENC) || (rsa != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; + if (alg_k & SSL_kRSA) { + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { + if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } + if (rsa != NULL) { + /* server key exchange is not allowed. */ + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); + goto f_err; + } + } + } } #endif #ifndef OPENSSL_NO_DH if ((alg_k & SSL_kEDH) && dh == NULL) { + al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto f_err; } @@ -3359,9 +3384,14 @@ int ssl3_check_cert_and_algorithm(SSL *s) pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { - if (rsa == NULL - || RSA_size(rsa) * 8 > + if (rsa == NULL) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_RSA_KEY); + goto f_err; + } else if (BN_num_bits(rsa->n) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + /* We have a temporary RSA key but it's too large. */ + al = SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; @@ -3369,14 +3399,21 @@ int ssl3_check_cert_and_algorithm(SSL *s) } else #endif #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) { - if (dh == NULL - || DH_size(dh) * 8 > + if (alg_k & SSL_kEDH) { + if (BN_num_bits(dh->p) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + /* We have a temporary DH key but it's too large. */ + al = SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY); goto f_err; } + } else if (alg_k & (SSL_kDHr | SSL_kDHd)) { + /* The cert should have had an export DH key. */ + al = SSL_AD_EXPORT_RESTRICTION; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_DH_KEY); + goto f_err; } else #endif { @@ -3387,7 +3424,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } return (1); f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ssl3_send_alert(s, SSL3_AL_FATAL, al); err: return (0); } From appro at openssl.org Thu Jun 11 08:13:25 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 11 Jun 2015 08:13:25 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1434010405.004471.17953.nullmailer@dev.openssl.org> The branch master has been updated via f0fa5c8306236ce742168d664d53b1551649a47b (commit) from 75c4827dfe6f52ccd687a283e6108a88ba3b8ec4 (commit) - Log ----------------------------------------------------------------- commit f0fa5c8306236ce742168d664d53b1551649a47b Author: Andy Polyakov Date: Thu Jun 11 08:51:53 2015 +0200 e_aes_cbc_hmac_sha*.c: address linker warning about OPENSSL_ia32cap_P size mismatch. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +- crypto/evp/e_aes_cbc_hmac_sha256.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index 7f2848e..91eca15 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -94,7 +94,7 @@ typedef struct { defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) -extern unsigned int OPENSSL_ia32cap_P[3]; +extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 3b6827a..e83969d 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -94,7 +94,7 @@ typedef struct { defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) -extern unsigned int OPENSSL_ia32cap_P[3]; +extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, From appro at openssl.org Thu Jun 11 08:14:19 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 11 Jun 2015 08:14:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1434010459.763357.18886.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via c35e138a58a90bc302679dbaa0f5eaf8b28ac35a (commit) from 57e477b9ec66542afc8c9c13ae7c4271209fb88f (commit) - Log ----------------------------------------------------------------- commit c35e138a58a90bc302679dbaa0f5eaf8b28ac35a Author: Andy Polyakov Date: Thu Jun 11 08:51:53 2015 +0200 e_aes_cbc_hmac_sha*.c: address linker warning about OPENSSL_ia32cap_P size mismatch. Reviewed-by: Tim Hudson (cherry picked from commit f0fa5c8306236ce742168d664d53b1551649a47b) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +- crypto/evp/e_aes_cbc_hmac_sha256.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index a277d0f..8330964 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -94,7 +94,7 @@ typedef struct { defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) -extern unsigned int OPENSSL_ia32cap_P[3]; +extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index b74bd80..b1c586e 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -94,7 +94,7 @@ typedef struct { defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) -extern unsigned int OPENSSL_ia32cap_P[3]; +extern unsigned int OPENSSL_ia32cap_P[]; # define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, From matt at openssl.org Thu Jun 11 09:20:43 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Jun 2015 09:20:43 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1434014443.061740.28384.nullmailer@dev.openssl.org> The branch master has been updated via 708cf593587e2fda67dae9782991ff9fccc781eb (commit) from f0fa5c8306236ce742168d664d53b1551649a47b (commit) - Log ----------------------------------------------------------------- commit 708cf593587e2fda67dae9782991ff9fccc781eb Author: Matt Caswell Date: Thu Jun 11 01:30:06 2015 +0100 More ssl_session_dup fixes Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 72 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 34 deletions(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index fd94054..c639e53 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -239,39 +239,57 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } memcpy(dest, src, sizeof(*dest)); + /* + * Set the various pointers to NULL so that we can call SSL_SESSION_free in + * the case of an error whilst halfway through constructing dest + */ +#ifndef OPENSSL_NO_PSK + dest->psk_identity_hint = NULL; + dest->psk_identity = NULL; +#endif + dest->ciphers = NULL; + dest->tlsext_hostname = NULL; +#ifndef OPENSSL_NO_EC + dest->tlsext_ecpointformatlist = NULL; + dest->tlsext_ellipticcurvelist = NULL; +#endif + dest->tlsext_tick = NULL; +#ifndef OPENSSL_NO_SRP + dest->srp_username = NULL; +#endif + memset(&dest->ex_data, 0, sizeof(dest->ex_data)); + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + + dest->references = 1; + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + #ifndef OPENSSL_NO_PSK if (src->psk_identity_hint) { dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint); if (dest->psk_identity_hint == NULL) { goto err; } - } else { - dest->psk_identity_hint = NULL; } if (src->psk_identity) { dest->psk_identity = BUF_strdup(src->psk_identity); if (dest->psk_identity == NULL) { goto err; } - } else { - dest->psk_identity = NULL; } #endif - if (src->sess_cert != NULL) - CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); - - if (src->peer != NULL) - CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); - - dest->references = 1; - if(src->ciphers != NULL) { dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); if (dest->ciphers == NULL) goto err; - } else { - dest->ciphers = NULL; } if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, @@ -279,28 +297,19 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) goto err; } - /* We deliberately don't copy the prev and next pointers */ - dest->prev = NULL; - dest->next = NULL; - -#ifndef OPENSSL_NO_TLSEXT if (src->tlsext_hostname) { dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); if (dest->tlsext_hostname == NULL) { goto err; } - } else { - dest->tlsext_hostname = NULL; } -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC if (src->tlsext_ecpointformatlist) { dest->tlsext_ecpointformatlist = BUF_memdup(src->tlsext_ecpointformatlist, src->tlsext_ecpointformatlist_length); if (dest->tlsext_ecpointformatlist == NULL) goto err; - dest->tlsext_ecpointformatlist_length = - src->tlsext_ecpointformatlist_length; } if (src->tlsext_ellipticcurvelist) { dest->tlsext_ellipticcurvelist = @@ -308,29 +317,24 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) src->tlsext_ellipticcurvelist_length); if (dest->tlsext_ellipticcurvelist == NULL) goto err; - dest->tlsext_ellipticcurvelist_length = - src->tlsext_ellipticcurvelist_length; } -# endif #endif if (ticket != 0) { - dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; - dest->tlsext_ticklen = src->tlsext_ticklen; - if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); + if(dest->tlsext_tick == NULL) goto err; - } + } else { + dest->tlsext_tick_lifetime_hint = 0; + dest->tlsext_ticklen = 0; } #ifndef OPENSSL_NO_SRP - dest->srp_username = NULL; if (src->srp_username) { dest->srp_username = BUF_strdup(src->srp_username); if (dest->srp_username == NULL) { goto err; } - } else { - dest->srp_username = NULL; } #endif From matt at openssl.org Thu Jun 11 09:20:54 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Jun 2015 09:20:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1434014454.460863.29124.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via d44f89c990b4c9c41f77e9a0ffd5dc7c4ca07f84 (commit) from c35e138a58a90bc302679dbaa0f5eaf8b28ac35a (commit) - Log ----------------------------------------------------------------- commit d44f89c990b4c9c41f77e9a0ffd5dc7c4ca07f84 Author: Matt Caswell Date: Thu Jun 11 01:30:06 2015 +0100 More ssl_session_dup fixes Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Conflicts: ssl/ssl_sess.c Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 73 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 5358f4a..07e7379 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -241,12 +241,39 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } memcpy(dest, src, sizeof(*dest)); -#ifndef OPENSSL_NO_KRB5 - dest->krb5_client_princ_len = src->krb5_client_princ_len; - if (src->krb5_client_princ_len > 0) - memcpy(dest->krb5_client_princ, src->krb5_client_princ, - src->krb5_client_princ_len); + /* + * Set the various pointers to NULL so that we can call SSL_SESSION_free in + * the case of an error whilst halfway through constructing dest + */ +#ifndef OPENSSL_NO_PSK + dest->psk_identity_hint = NULL; + dest->psk_identity = NULL; +#endif + dest->ciphers = NULL; +#ifndef OPENSSL_NO_TLSEXT + dest->tlsext_hostname = NULL; +# ifndef OPENSSL_NO_EC + dest->tlsext_ecpointformatlist = NULL; + dest->tlsext_ellipticcurvelist = NULL; +# endif +#endif + dest->tlsext_tick = NULL; +#ifndef OPENSSL_NO_SRP + dest->srp_username = NULL; #endif + memset(&dest->ex_data, 0, sizeof(dest->ex_data)); + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + + dest->references = 1; + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); #ifndef OPENSSL_NO_PSK if (src->psk_identity_hint) { @@ -254,33 +281,19 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (dest->psk_identity_hint == NULL) { goto err; } - } else { - dest->psk_identity_hint = NULL; } if (src->psk_identity) { dest->psk_identity = BUF_strdup(src->psk_identity); if (dest->psk_identity == NULL) { goto err; } - } else { - dest->psk_identity = NULL; } #endif - if (src->sess_cert != NULL) - CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); - - if (src->peer != NULL) - CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); - - dest->references = 1; - if(src->ciphers != NULL) { dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); if (dest->ciphers == NULL) goto err; - } else { - dest->ciphers = NULL; } if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, @@ -288,18 +301,12 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) goto err; } - /* We deliberately don't copy the prev and next pointers */ - dest->prev = NULL; - dest->next = NULL; - #ifndef OPENSSL_NO_TLSEXT if (src->tlsext_hostname) { dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); if (dest->tlsext_hostname == NULL) { goto err; } - } else { - dest->tlsext_hostname = NULL; } # ifndef OPENSSL_NO_EC if (src->tlsext_ecpointformatlist) { @@ -308,8 +315,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) src->tlsext_ecpointformatlist_length); if (dest->tlsext_ecpointformatlist == NULL) goto err; - dest->tlsext_ecpointformatlist_length = - src->tlsext_ecpointformatlist_length; } if (src->tlsext_ellipticcurvelist) { dest->tlsext_ellipticcurvelist = @@ -317,29 +322,25 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) src->tlsext_ellipticcurvelist_length); if (dest->tlsext_ellipticcurvelist == NULL) goto err; - dest->tlsext_ellipticcurvelist_length = - src->tlsext_ellipticcurvelist_length; } # endif #endif if (ticket != 0) { - dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; - dest->tlsext_ticklen = src->tlsext_ticklen; - if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); + if(dest->tlsext_tick == NULL) goto err; - } + } else { + dest->tlsext_tick_lifetime_hint = 0; + dest->tlsext_ticklen = 0; } #ifndef OPENSSL_NO_SRP - dest->srp_username = NULL; if (src->srp_username) { dest->srp_username = BUF_strdup(src->srp_username); if (dest->srp_username == NULL) { goto err; } - } else { - dest->srp_username = NULL; } #endif From matt at openssl.org Thu Jun 11 09:21:14 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Jun 2015 09:21:14 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1434014474.987221.29658.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via db96b5ab761fb97633dde9aec62c0032743e88f8 (commit) from cb9f1bc1d118bfe17d7c3004bbf33746df1855bd (commit) - Log ----------------------------------------------------------------- commit db96b5ab761fb97633dde9aec62c0032743e88f8 Author: Matt Caswell Date: Thu Jun 11 01:30:06 2015 +0100 More ssl_session_dup fixes Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Conflicts: ssl/ssl_sess.c Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 67 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 34 insertions(+), 33 deletions(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 1fb682a..9fcb632 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -238,12 +238,36 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } memcpy(dest, src, sizeof(*dest)); -#ifndef OPENSSL_NO_KRB5 - dest->krb5_client_princ_len = src->krb5_client_princ_len; - if (src->krb5_client_princ_len > 0) - memcpy(dest->krb5_client_princ, src->krb5_client_princ, - src->krb5_client_princ_len); + /* + * Set the various pointers to NULL so that we can call SSL_SESSION_free in + * the case of an error whilst halfway through constructing dest + */ +#ifndef OPENSSL_NO_PSK + dest->psk_identity_hint = NULL; + dest->psk_identity = NULL; +#endif + dest->ciphers = NULL; +#ifndef OPENSSL_NO_TLSEXT + dest->tlsext_hostname = NULL; +# ifndef OPENSSL_NO_EC + dest->tlsext_ecpointformatlist = NULL; + dest->tlsext_ellipticcurvelist = NULL; +# endif #endif + dest->tlsext_tick = NULL; + memset(&dest->ex_data, 0, sizeof(dest->ex_data)); + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + + dest->references = 1; + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); #ifndef OPENSSL_NO_PSK if (src->psk_identity_hint) { @@ -251,33 +275,19 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (dest->psk_identity_hint == NULL) { goto err; } - } else { - dest->psk_identity_hint = NULL; } if (src->psk_identity) { dest->psk_identity = BUF_strdup(src->psk_identity); if (dest->psk_identity == NULL) { goto err; } - } else { - dest->psk_identity = NULL; } #endif - if (src->sess_cert != NULL) - CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); - - if (src->peer != NULL) - CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); - - dest->references = 1; - if(src->ciphers != NULL) { dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); if (dest->ciphers == NULL) goto err; - } else { - dest->ciphers = NULL; } if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, @@ -285,18 +295,12 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) goto err; } - /* We deliberately don't copy the prev and next pointers */ - dest->prev = NULL; - dest->next = NULL; - #ifndef OPENSSL_NO_TLSEXT if (src->tlsext_hostname) { dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); if (dest->tlsext_hostname == NULL) { goto err; } - } else { - dest->tlsext_hostname = NULL; } # ifndef OPENSSL_NO_EC if (src->tlsext_ecpointformatlist) { @@ -305,8 +309,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) src->tlsext_ecpointformatlist_length); if (dest->tlsext_ecpointformatlist == NULL) goto err; - dest->tlsext_ecpointformatlist_length = - src->tlsext_ecpointformatlist_length; } if (src->tlsext_ellipticcurvelist) { dest->tlsext_ellipticcurvelist = @@ -314,18 +316,17 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) src->tlsext_ellipticcurvelist_length); if (dest->tlsext_ellipticcurvelist == NULL) goto err; - dest->tlsext_ellipticcurvelist_length = - src->tlsext_ellipticcurvelist_length; } # endif #endif if (ticket != 0) { - dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; - dest->tlsext_ticklen = src->tlsext_ticklen; - if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); + if(dest->tlsext_tick == NULL) goto err; - } + } else { + dest->tlsext_tick_lifetime_hint = 0; + dest->tlsext_ticklen = 0; } return dest; From matt at openssl.org Thu Jun 11 09:21:04 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Jun 2015 09:21:04 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1434014464.917573.29410.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 907f04a30354615e54beaa2bc0b986083f7793ee (commit) from f3b355fec3b38e9f345a226d7defab146f446100 (commit) - Log ----------------------------------------------------------------- commit 907f04a30354615e54beaa2bc0b986083f7793ee Author: Matt Caswell Date: Thu Jun 11 01:30:06 2015 +0100 More ssl_session_dup fixes Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Conflicts: ssl/ssl_sess.c Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 73 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 8325cb3..1ad9dc7 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -241,12 +241,39 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } memcpy(dest, src, sizeof(*dest)); -#ifndef OPENSSL_NO_KRB5 - dest->krb5_client_princ_len = src->krb5_client_princ_len; - if (src->krb5_client_princ_len > 0) - memcpy(dest->krb5_client_princ, src->krb5_client_princ, - src->krb5_client_princ_len); + /* + * Set the various pointers to NULL so that we can call SSL_SESSION_free in + * the case of an error whilst halfway through constructing dest + */ +#ifndef OPENSSL_NO_PSK + dest->psk_identity_hint = NULL; + dest->psk_identity = NULL; +#endif + dest->ciphers = NULL; +#ifndef OPENSSL_NO_TLSEXT + dest->tlsext_hostname = NULL; +# ifndef OPENSSL_NO_EC + dest->tlsext_ecpointformatlist = NULL; + dest->tlsext_ellipticcurvelist = NULL; +# endif +#endif + dest->tlsext_tick = NULL; +#ifndef OPENSSL_NO_SRP + dest->srp_username = NULL; #endif + memset(&dest->ex_data, 0, sizeof(dest->ex_data)); + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + + dest->references = 1; + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); #ifndef OPENSSL_NO_PSK if (src->psk_identity_hint) { @@ -254,33 +281,19 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (dest->psk_identity_hint == NULL) { goto err; } - } else { - dest->psk_identity_hint = NULL; } if (src->psk_identity) { dest->psk_identity = BUF_strdup(src->psk_identity); if (dest->psk_identity == NULL) { goto err; } - } else { - dest->psk_identity = NULL; } #endif - if (src->sess_cert != NULL) - CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); - - if (src->peer != NULL) - CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); - - dest->references = 1; - if(src->ciphers != NULL) { dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); if (dest->ciphers == NULL) goto err; - } else { - dest->ciphers = NULL; } if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, @@ -288,18 +301,12 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) goto err; } - /* We deliberately don't copy the prev and next pointers */ - dest->prev = NULL; - dest->next = NULL; - #ifndef OPENSSL_NO_TLSEXT if (src->tlsext_hostname) { dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); if (dest->tlsext_hostname == NULL) { goto err; } - } else { - dest->tlsext_hostname = NULL; } # ifndef OPENSSL_NO_EC if (src->tlsext_ecpointformatlist) { @@ -308,8 +315,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) src->tlsext_ecpointformatlist_length); if (dest->tlsext_ecpointformatlist == NULL) goto err; - dest->tlsext_ecpointformatlist_length = - src->tlsext_ecpointformatlist_length; } if (src->tlsext_ellipticcurvelist) { dest->tlsext_ellipticcurvelist = @@ -317,29 +322,25 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) src->tlsext_ellipticcurvelist_length); if (dest->tlsext_ellipticcurvelist == NULL) goto err; - dest->tlsext_ellipticcurvelist_length = - src->tlsext_ellipticcurvelist_length; } # endif #endif if (ticket != 0) { - dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; - dest->tlsext_ticklen = src->tlsext_ticklen; - if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); + if(dest->tlsext_tick == NULL) goto err; - } + } else { + dest->tlsext_tick_lifetime_hint = 0; + dest->tlsext_ticklen = 0; } #ifndef OPENSSL_NO_SRP - dest->srp_username = NULL; if (src->srp_username) { dest->srp_username = BUF_strdup(src->srp_username); if (dest->srp_username == NULL) { goto err; } - } else { - dest->srp_username = NULL; } #endif From matt at openssl.org Thu Jun 11 09:21:27 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Jun 2015 09:21:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1434014487.732016.29917.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 39bcfb129e816de00bf2170c3497e8104767beb7 (commit) from 50d3049930575f45df11014f6c154e0ae13aa7fe (commit) - Log ----------------------------------------------------------------- commit 39bcfb129e816de00bf2170c3497e8104767beb7 Author: Matt Caswell Date: Thu Jun 11 01:30:06 2015 +0100 More ssl_session_dup fixes Fix error handling in ssl_session_dup, as well as incorrect setting up of the session ticket. Follow on from CVE-2015-1791. Thanks to LibreSSL project for reporting these issues. Conflicts: ssl/ssl_sess.c Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/ssl_sess.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index d3bac0b..e1695ab 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -149,12 +149,22 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) } memcpy(dest, src, sizeof(*dest)); -#ifndef OPENSSL_NO_KRB5 - dest->krb5_client_princ_len = src->krb5_client_princ_len; - if (src->krb5_client_princ_len > 0) - memcpy(dest->krb5_client_princ, src->krb5_client_princ, - src->krb5_client_princ_len); + /* + * Set the various pointers to NULL so that we can call SSL_SESSION_free in + * the case of an error whilst halfway through constructing dest + */ + dest->ciphers = NULL; +#ifndef OPENSSL_NO_TLSEXT + dest->tlsext_hostname = NULL; #endif + dest->tlsext_tick = NULL; + memset(&dest->ex_data, 0, sizeof(dest->ex_data)); + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + + dest->references = 1; if (src->sess_cert != NULL) CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); @@ -162,14 +172,10 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) if (src->peer != NULL) CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); - dest->references = 1; - if(src->ciphers != NULL) { dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); if (dest->ciphers == NULL) goto err; - } else { - dest->ciphers = NULL; } if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, @@ -177,27 +183,22 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) goto err; } - /* We deliberately don't copy the prev and next pointers */ - dest->prev = NULL; - dest->next = NULL; - #ifndef OPENSSL_NO_TLSEXT if (src->tlsext_hostname) { dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); if (dest->tlsext_hostname == NULL) { goto err; } - } else { - dest->tlsext_hostname = NULL; } #endif if (ticket != 0) { - dest->tlsext_tick_lifetime_hint = src->tlsext_tick_lifetime_hint; - dest->tlsext_ticklen = src->tlsext_ticklen; - if((dest->tlsext_tick = OPENSSL_malloc(src->tlsext_ticklen)) == NULL) { + dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); + if(dest->tlsext_tick == NULL) goto err; - } + } else { + dest->tlsext_tick_lifetime_hint = 0; + dest->tlsext_ticklen = 0; } return dest; From levitte at openssl.org Thu Jun 11 13:51:26 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 11 Jun 2015 13:51:26 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1434030686.708201.17153.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8aa556e1c3b49274ccae579cb584eb5b702a3b0e (commit) via 5ef5b9ffa91ad6061c42291564a1dc786300ebdd (commit) from d44f89c990b4c9c41f77e9a0ffd5dc7c4ca07f84 (commit) - Log ----------------------------------------------------------------- commit 8aa556e1c3b49274ccae579cb584eb5b702a3b0e Author: Richard Levitte Date: Thu Jun 11 15:42:42 2015 +0200 make update Reviewed-by: Matt Caswell commit 5ef5b9ffa91ad6061c42291564a1dc786300ebdd Author: Richard Levitte Date: Thu Jun 11 15:41:25 2015 +0200 Correction of make depend merge error $(PROGS) was mistakenly removed, adding it back. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/Makefile | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/apps/Makefile b/apps/Makefile index 64c3baa..cafe554 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC); \ + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -567,6 +567,28 @@ ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c +openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h +openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h +openssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +openssl.o: ../include/openssl/err.h ../include/openssl/evp.h +openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +openssl.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +openssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +openssl.o: openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h From levitte at openssl.org Thu Jun 11 13:53:19 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 11 Jun 2015 13:53:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1434030799.205516.17749.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 176b59d157d1cbfd0b10f9f7be12eaf9896410f2 (commit) from 907f04a30354615e54beaa2bc0b986083f7793ee (commit) - Log ----------------------------------------------------------------- commit 176b59d157d1cbfd0b10f9f7be12eaf9896410f2 Author: Richard Levitte Date: Thu Jun 11 15:41:25 2015 +0200 Correction of make depend merge error $(PROGS) was mistakenly removed, adding it back. Reviewed-by: Matt Caswell (cherry picked from commit 5ef5b9ffa91ad6061c42291564a1dc786300ebdd) ----------------------------------------------------------------------- Summary of changes: apps/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/Makefile b/apps/Makefile index a2c1565..cafe554 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC); \ + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new From levitte at openssl.org Thu Jun 11 13:55:02 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 11 Jun 2015 13:55:02 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1434030902.153099.18057.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 809bf2eab7b46e2fd768fec0c28127991c927b19 (commit) from db96b5ab761fb97633dde9aec62c0032743e88f8 (commit) - Log ----------------------------------------------------------------- commit 809bf2eab7b46e2fd768fec0c28127991c927b19 Author: Richard Levitte Date: Thu Jun 11 15:41:25 2015 +0200 Correction of make depend merge error $(PROGS) was mistakenly removed, adding it back. Reviewed-by: Matt Caswell (cherry picked from commit 5ef5b9ffa91ad6061c42291564a1dc786300ebdd) ----------------------------------------------------------------------- Summary of changes: apps/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/Makefile b/apps/Makefile index 863144c..636f2eb 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -135,7 +135,7 @@ update: openssl-vms.cnf local_depend depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC); \ + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new From matt at openssl.org Thu Jun 11 14:39:07 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Jun 2015 14:39:07 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1434033547.695143.29945.nullmailer@dev.openssl.org> The branch master has been updated via ad1b4eeeeb7c92e089bb0e7db0ef9041433f5a28 (commit) from f7dd814fc51f0d7968805efb5f0df4ffbe546ab3 (commit) - Log ----------------------------------------------------------------- commit ad1b4eeeeb7c92e089bb0e7db0ef9041433f5a28 Author: Matt Caswell Date: Thu Jun 11 15:33:28 2015 +0100 Updates for new release ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 5 + news/secadv_20150611.txt | 186 +++++++++++++++++++ news/vulnerabilities.xml | 467 ++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 657 insertions(+), 1 deletion(-) create mode 100644 news/secadv_20150611.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 889b480..72c9804 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -1,3 +1,8 @@ +11-Jun-2015: Security Advisory: five security fixes +11-Jun-2015: OpenSSL 1.0.2b is now available, including bug and security fixes +11-Jun-2015: OpenSSL 1.0.1n is now available, including bug and security fixes +11-Jun-2015: OpenSSL 1.0.0s is now available, including bug and security fixes +11-Jun-2015: OpenSSL 0.9.8zg is now available, including bug and security fixes 19-Mar-2015: Security Advisory: twelve security fixes 19-Mar-2015: OpenSSL 1.0.2a is now available, including bug and security fixes 19-Mar-2015: OpenSSL 1.0.1m is now available, including bug and security fixes diff --git a/news/secadv_20150611.txt b/news/secadv_20150611.txt new file mode 100644 index 0000000..2b23648 --- /dev/null +++ b/news/secadv_20150611.txt @@ -0,0 +1,186 @@ +OpenSSL Security Advisory [11 Jun 2015] +======================================= + +DHE man-in-the-middle protection (Logjam) +==================================================================== + +A vulnerability in the TLS protocol allows a man-in-the-middle +attacker to downgrade vulnerable TLS connections using ephemeral +Diffie-Hellman key exchange to 512-bit export-grade cryptography. This +vulnerability is known as Logjam (CVE-2015-4000). + +OpenSSL has added protection for TLS clients by rejecting handshakes +with DH parameters shorter than 768 bits. This limit will be increased +to 1024 bits in a future release. + +OpenSSL 1.0.2 users should upgrade to 1.0.2b +OpenSSL 1.0.1 users should upgrade to 1.0.1n + +Fixes for this issue were developed by Emilia K?sper and Kurt Roeckx +of the OpenSSL development team. + +Malformed ECParameters causes infinite loop (CVE-2015-1788) +=========================================================== + +Severity: Moderate + +When processing an ECParameters structure OpenSSL enters an infinite loop if +the curve specified is over a specially malformed binary polynomial field. + +This can be used to perform denial of service against any +system which processes public keys, certificate requests or +certificates. This includes TLS clients and TLS servers with +client authentication enabled. + +This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent +1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are +affected. + +OpenSSL 1.0.2 users should upgrade to 1.0.2b +OpenSSL 1.0.1 users should upgrade to 1.0.1n +OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s +OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg + +This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The +fix was developed by Andy Polyakov of the OpenSSL development team. + +Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) +=============================================================== + +Severity: Moderate + +X509_cmp_time does not properly check the length of the ASN1_TIME +string and can read a few bytes out of bounds. In addition, +X509_cmp_time accepts an arbitrary number of fractional seconds in the +time string. + +An attacker can use this to craft malformed certificates and CRLs of +various sizes and potentially cause a segmentation fault, resulting in +a DoS on applications that verify certificates or CRLs. TLS clients +that verify CRLs are affected. TLS clients and servers with client +authentication enabled may be affected if they use custom verification +callbacks. + +This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2b +OpenSSL 1.0.1 users should upgrade to 1.0.1n +OpenSSL 1.0.0 users should upgrade to 1.0.0s +OpenSSL 0.9.8 users should upgrade to 0.9.8zg + +This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki +(Google), and independently on 11th April 2015 by Hanno B?ck. The fix +was developed by Emilia K?sper of the OpenSSL development team. + +PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) +========================================================= + +Severity: Moderate + +The PKCS#7 parsing code does not handle missing inner EncryptedContent +correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs +with missing content and trigger a NULL pointer dereference on parsing. + +Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 +structures from untrusted sources are affected. OpenSSL clients and +servers are not affected. + +This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2b +OpenSSL 1.0.1 users should upgrade to 1.0.1n +OpenSSL 1.0.0 users should upgrade to 1.0.0s +OpenSSL 0.9.8 users should upgrade to 0.9.8zg + +This issue was reported to OpenSSL on 18th April 2015 by Michal +Zalewski (Google). The fix was developed by Emilia K?sper of the +OpenSSL development team. + +CMS verify infinite loop with unknown hash function (CVE-2015-1792) +=================================================================== + +Severity: Moderate + +When verifying a signedData message the CMS code can enter an infinite loop +if presented with an unknown hash function OID. + +This can be used to perform denial of service against any system which +verifies signedData messages using the CMS code. + +This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2b +OpenSSL 1.0.1 users should upgrade to 1.0.1n +OpenSSL 1.0.0 users should upgrade to 1.0.0s +OpenSSL 0.9.8 users should upgrade to 0.9.8zg + +This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The +fix was developed by Dr. Stephen Henson of the OpenSSL development team. + +Race condition handling NewSessionTicket (CVE-2015-1791) +======================================================== + +Severity: Low + +If a NewSessionTicket is received by a multi-threaded client when attempting to +reuse a previous ticket then a race condition can occur potentially leading to +a double free of the ticket data. + +This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2b +OpenSSL 1.0.1 users should upgrade to 1.0.1n +OpenSSL 1.0.0 users should upgrade to 1.0.0s +OpenSSL 0.9.8 users should upgrade to 0.9.8zg + +This issue was discovered by Emilia K?sper of the OpenSSL development team. The +fix was developed by Matt Caswell of the OpenSSL development team. + +Invalid free in DTLS (CVE-2014-8176) +==================================== + +Severity: Moderate + +This vulnerability does not affect current versions of OpenSSL. It +existed in previous OpenSSL versions and was fixed in June 2014. + +If a DTLS peer receives application data between the ChangeCipherSpec +and Finished messages, buffering of such data may cause an invalid +free, resulting in a segmentation fault or potentially, memory +corruption. + +This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za +OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. +OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. + +This issue was originally reported on March 28th 2014 in +https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen +Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert +(Google). A fix was developed by zhu qun-ying. + +The fix for this issue can be identified by commits bcc31166 (1.0.1), +b79e6e3a (1.0.0) and 4b258e73 (0.9.8). + +Note +==== + +As per our previous announcements and our Release Strategy +(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions +1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these +releases will be provided after that date. Users of these releases are advised +to upgrade. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv_20150611.txt + +Note: the online version of the advisory may be updated with additional +details over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/about/secpolicy.html + diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 2c907c9..a222fba 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -5,7 +5,472 @@ 1.0.0 on 20100329 --> - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From matt at openssl.org Thu Jun 11 14:43:35 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Jun 2015 14:43:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1434033815.948998.6926.nullmailer@dev.openssl.org> The branch master has been updated via 063dccd027033401912d8c5e3f0f25b1f13de64b (commit) via 4924b37ee01f71ae19c94a8934b80eeb2f677932 (commit) via 59302b600e8d5b77ef144e447bb046fd7ab72686 (commit) via f48b83b4fb7d6689584cf25f61ca63a4891f5b11 (commit) from 708cf593587e2fda67dae9782991ff9fccc781eb (commit) - Log ----------------------------------------------------------------- commit 063dccd027033401912d8c5e3f0f25b1f13de64b Author: Matt Caswell Date: Wed Jun 10 11:49:31 2015 +0100 Update CHANGES and NEWS Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: Rich Salz commit 4924b37ee01f71ae19c94a8934b80eeb2f677932 Author: Andy Polyakov Date: Thu Jun 11 00:18:01 2015 +0200 bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters. CVE-2015-1788 Reviewed-by: Matt Caswell commit 59302b600e8d5b77ef144e447bb046fd7ab72686 Author: Emilia Kasper Date: Tue May 12 19:00:30 2015 +0200 PKCS#7: Fix NULL dereference with missing EncryptedContent. CVE-2015-1790 Reviewed-by: Rich Salz commit f48b83b4fb7d6689584cf25f61ca63a4891f5b11 Author: Emilia Kasper Date: Wed Apr 8 16:56:43 2015 +0200 Fix length checks in X509_cmp_time to avoid out-of-bounds reads. Also tighten X509_cmp_time to reject more than three fractional seconds in the time; and to reject trailing garbage after the offset. CVE-2015-1789 Reviewed-by: Viktor Dukhovni Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 66 +++++++++++++++++++++++++++++++++++++++++++++++++ NEWS | 10 +++++++- crypto/bn/bn_gf2m.c | 15 +++++++---- crypto/pkcs7/pk7_doit.c | 16 +++++++++++- crypto/x509/x509_vfy.c | 57 ++++++++++++++++++++++++++++++++++-------- 5 files changed, 147 insertions(+), 17 deletions(-) diff --git a/CHANGES b/CHANGES index 1bd9e1a..6faf644 100644 --- a/CHANGES +++ b/CHANGES @@ -423,6 +423,72 @@ Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] + *) Malformed ECParameters causes infinite loop + + When processing an ECParameters structure OpenSSL enters an infinite loop + if the curve specified is over a specially malformed binary polynomial + field. + + This can be used to perform denial of service against any + system which processes public keys, certificate requests or + certificates. This includes TLS clients and TLS servers with + client authentication enabled. + + This issue was reported to OpenSSL by Joseph Barr-Pixton. + (CVE-2015-1788) + [Andy Polyakov] + + *) Exploitable out-of-bounds read in X509_cmp_time + + X509_cmp_time does not properly check the length of the ASN1_TIME + string and can read a few bytes out of bounds. In addition, + X509_cmp_time accepts an arbitrary number of fractional seconds in the + time string. + + An attacker can use this to craft malformed certificates and CRLs of + various sizes and potentially cause a segmentation fault, resulting in + a DoS on applications that verify certificates or CRLs. TLS clients + that verify CRLs are affected. TLS clients and servers with client + authentication enabled may be affected if they use custom verification + callbacks. + + This issue was reported to OpenSSL by Robert Swiecki (Google), and + independently by Hanno B?ck. + (CVE-2015-1789) + [Emilia K?sper] + + *) PKCS7 crash with missing EnvelopedContent + + The PKCS#7 parsing code does not handle missing inner EncryptedContent + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs + with missing content and trigger a NULL pointer dereference on parsing. + + Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 + structures from untrusted sources are affected. OpenSSL clients and + servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-1790) + [Emilia K?sper] + + *) CMS verify infinite loop with unknown hash function + + When verifying a signedData message the CMS code can enter an infinite loop + if presented with an unknown hash function OID. This can be used to perform + denial of service against any system which verifies signedData messages using + the CMS code. + This issue was reported to OpenSSL by Johannes Bauer. + (CVE-2015-1792) + [Stephen Henson] + + *) Race condition handling NewSessionTicket + + If a NewSessionTicket is received by a multi-threaded client when attempting to + reuse a previous ticket then a race condition can occur potentially leading to + a double free of the ticket data. + (CVE-2015-1791) + [Matt Caswell] + *) Only support 256-bit or stronger elliptic curves with the 'ecdh_auto' setting (server) or by default (client). Of supported curves, prefer P-256 (both). diff --git a/NEWS b/NEWS index cbf847a..beb2dd3 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [under development] + Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [under development] + + o Malformed ECParameters causes infinite loop (CVE-2015-1788) + o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) + o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) + o CMS verify infinite loop with unknown hash function (CVE-2015-1792) + o Race condition handling NewSessionTicket (CVE-2015-1791) + + Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291) o Multiblock corrupted pointer fix (CVE-2015-0290) diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 73e1e8f..cd137c3 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -691,9 +691,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } # else { - int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy - * of p */ - top = p->top; + int i; + int ubits = BN_num_bits(u); + int vbits = BN_num_bits(v); /* v is copy of p */ + int top = p->top; BN_ULONG *udp, *bdp, *vdp, *cdp; bn_wexpand(u, top); @@ -737,8 +738,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ubits--; } - if (ubits <= BN_BITS2 && udp[0] == 1) - break; + if (ubits <= BN_BITS2) { + if (udp[0] == 0) /* poly was reducible */ + goto err; + if (udp[0] == 1) + break; + } if (ubits < vbits) { i = ubits; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 2c8dd87..cc2f3be 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -432,6 +432,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) switch (i) { case NID_pkcs7_signed: + /* + * p7->d.sign->contents is a PKCS7 structure consisting of a contentType + * field and optional content. + * data_body is NULL if that structure has no (=detached) content + * or if the contentType is wrong (i.e., not "data"). + */ data_body = PKCS7_get_octet_string(p7->d.sign->contents); if (!PKCS7_is_detached(p7) && data_body == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE, @@ -443,6 +449,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) case NID_pkcs7_signedAndEnveloped: rsk = p7->d.signed_and_enveloped->recipientinfo; md_sk = p7->d.signed_and_enveloped->md_algs; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); @@ -455,6 +462,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) case NID_pkcs7_enveloped: rsk = p7->d.enveloped->recipientinfo; enc_alg = p7->d.enveloped->enc_data->algorithm; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.enveloped->enc_data->enc_data; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { @@ -468,6 +476,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } + /* Detached content must be supplied via in_bio instead. */ + if (data_body == NULL && in_bio == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + goto err; + } + /* We will be checking the signature */ if (md_sk != NULL) { for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { @@ -593,7 +607,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) BIO_push(out, etmp); etmp = NULL; } - if (PKCS7_is_detached(p7) || (in_bio != NULL)) { + if (in_bio != NULL) { bio = in_bio; } else { if (data_body->length > 0) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 7e00436..a920ea7 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1808,47 +1808,84 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) ASN1_TIME atm; long offset; char buff1[24], buff2[24], *p; - int i, j; + int i, j, remaining; p = buff1; - i = ctm->length; + remaining = ctm->length; str = (char *)ctm->data; + /* + * Note that the following (historical) code allows much more slack in the + * time format than RFC5280. In RFC5280, the representation is fixed: + * UTCTime: YYMMDDHHMMSSZ + * GeneralizedTime: YYYYMMDDHHMMSSZ + */ if (ctm->type == V_ASN1_UTCTIME) { - if ((i < 11) || (i > 17)) + /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ + int min_length = sizeof("YYMMDDHHMMZ") - 1; + int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 10); p += 10; str += 10; + remaining -= 10; } else { - if (i < 13) + /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ + int min_length = sizeof("YYYYMMDDHHMMZ") - 1; + int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 12); p += 12; str += 12; + remaining -= 12; } if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++) = '0'; *(p++) = '0'; } else { + /* SS (seconds) */ + if (remaining < 2) + return 0; *(p++) = *(str++); *(p++) = *(str++); - /* Skip any fractional seconds... */ - if (*str == '.') { + remaining -= 2; + /* + * Skip any (up to three) fractional seconds... + * TODO(emilia): in RFC5280, fractional seconds are forbidden. + * Can we just kill them altogether? + */ + if (remaining && *str == '.') { str++; - while ((*str >= '0') && (*str <= '9')) - str++; + remaining--; + for (i = 0; i < 3 && remaining; i++, str++, remaining--) { + if (*str < '0' || *str > '9') + break; + } } } *(p++) = 'Z'; *(p++) = '\0'; - if (*str == 'Z') + /* We now need either a terminating 'Z' or an offset. */ + if (!remaining) + return 0; + if (*str == 'Z') { + if (remaining != 1) + return 0; offset = 0; - else { + } else { + /* (+-)HHMM */ if ((*str != '+') && (*str != '-')) return 0; + /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ + if (remaining != 5) + return 0; + if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || + str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') + return 0; offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; offset += (str[3] - '0') * 10 + (str[4] - '0'); if (*str == '-') From matt at openssl.org Thu Jun 11 14:43:48 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Jun 2015 14:43:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1434033828.752388.8513.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via b6ed9917314145d1133a3d571daa06f7d2fb66d2 (commit) via 7b560c174dcd569795f5be66e0c091d1be440614 (commit) via c26bfada81c7c884bda409ce191e687c1760aa89 (commit) via 40b8eb792d591d19751afc4d056c8e84260bdeb8 (commit) via ab17f6b746b99bab3d9d3728a2ad067b2cf4970e (commit) via 7bc2aee4f196f9b049416dfb08fc3a271755c0d8 (commit) via 9bc3665ac9e3c36f7762acd3691e1115d250b030 (commit) via aa5ab40860deb3dc6d4d4c98a4efea99f7040a46 (commit) from 8aa556e1c3b49274ccae579cb584eb5b702a3b0e (commit) - Log ----------------------------------------------------------------- commit b6ed9917314145d1133a3d571daa06f7d2fb66d2 Author: Matt Caswell Date: Thu Jun 11 14:59:37 2015 +0100 Prepare for 1.0.2c-dev Reviewed-by: Stephen Henson commit 7b560c174dcd569795f5be66e0c091d1be440614 Author: Matt Caswell Date: Thu Jun 11 14:55:38 2015 +0100 Prepare for 1.0.2b release Reviewed-by: Stephen Henson commit c26bfada81c7c884bda409ce191e687c1760aa89 Author: Matt Caswell Date: Thu Jun 11 14:55:38 2015 +0100 make update Reviewed-by: Stephen Henson commit 40b8eb792d591d19751afc4d056c8e84260bdeb8 Author: Andy Polyakov Date: Thu Jun 11 00:18:01 2015 +0200 bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters. CVE-2015-1788 Reviewed-by: Matt Caswell (cherry picked from commit 4924b37ee01f71ae19c94a8934b80eeb2f677932) commit ab17f6b746b99bab3d9d3728a2ad067b2cf4970e Author: Matt Caswell Date: Wed Jun 10 11:49:31 2015 +0100 Update CHANGES and NEWS Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: Rich Salz commit 7bc2aee4f196f9b049416dfb08fc3a271755c0d8 Author: Emilia Kasper Date: Tue May 12 19:00:30 2015 +0200 PKCS#7: Fix NULL dereference with missing EncryptedContent. CVE-2015-1790 Reviewed-by: Rich Salz commit 9bc3665ac9e3c36f7762acd3691e1115d250b030 Author: Emilia Kasper Date: Wed Apr 8 16:56:43 2015 +0200 Fix length checks in X509_cmp_time to avoid out-of-bounds reads. Also tighten X509_cmp_time to reject more than three fractional seconds in the time; and to reject trailing garbage after the offset. CVE-2015-1789 Reviewed-by: Viktor Dukhovni Reviewed-by: Richard Levitte commit aa5ab40860deb3dc6d4d4c98a4efea99f7040a46 Author: Dr. Stephen Henson Date: Fri Jun 5 12:11:25 2015 +0100 Fix infinite loop in CMS Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting to verify and a digest is not recognised. Reported by Johannes Bauer. CVE-2015-1792 Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 72 ++++++++++++++++++++++++++++++++++++++++++++++++- NEWS | 10 ++++++- README | 2 +- crypto/bn/Makefile | 1 - crypto/bn/bn_gf2m.c | 15 +++++++---- crypto/cms/cms_smime.c | 2 +- crypto/opensslv.h | 6 ++--- crypto/pkcs7/pk7_doit.c | 16 ++++++++++- crypto/x509/x509_vfy.c | 57 ++++++++++++++++++++++++++++++++------- openssl.spec | 2 +- 10 files changed, 158 insertions(+), 25 deletions(-) diff --git a/CHANGES b/CHANGES index c65ce82..2ec8b7b 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,77 @@ OpenSSL CHANGES _______________ - Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] + Changes between 1.0.2b and 1.0.2c [xx XXX xxxx] + + *) + + Changes between 1.0.2a and 1.0.2b [11 Jun 2015] + + *) Malformed ECParameters causes infinite loop + + When processing an ECParameters structure OpenSSL enters an infinite loop + if the curve specified is over a specially malformed binary polynomial + field. + + This can be used to perform denial of service against any + system which processes public keys, certificate requests or + certificates. This includes TLS clients and TLS servers with + client authentication enabled. + + This issue was reported to OpenSSL by Joseph Barr-Pixton. + (CVE-2015-1788) + [Andy Polyakov] + + *) Exploitable out-of-bounds read in X509_cmp_time + + X509_cmp_time does not properly check the length of the ASN1_TIME + string and can read a few bytes out of bounds. In addition, + X509_cmp_time accepts an arbitrary number of fractional seconds in the + time string. + + An attacker can use this to craft malformed certificates and CRLs of + various sizes and potentially cause a segmentation fault, resulting in + a DoS on applications that verify certificates or CRLs. TLS clients + that verify CRLs are affected. TLS clients and servers with client + authentication enabled may be affected if they use custom verification + callbacks. + + This issue was reported to OpenSSL by Robert Swiecki (Google), and + independently by Hanno B?ck. + (CVE-2015-1789) + [Emilia K?sper] + + *) PKCS7 crash with missing EnvelopedContent + + The PKCS#7 parsing code does not handle missing inner EncryptedContent + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs + with missing content and trigger a NULL pointer dereference on parsing. + + Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 + structures from untrusted sources are affected. OpenSSL clients and + servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-1790) + [Emilia K?sper] + + *) CMS verify infinite loop with unknown hash function + + When verifying a signedData message the CMS code can enter an infinite loop + if presented with an unknown hash function OID. This can be used to perform + denial of service against any system which verifies signedData messages using + the CMS code. + This issue was reported to OpenSSL by Johannes Bauer. + (CVE-2015-1792) + [Stephen Henson] + + *) Race condition handling NewSessionTicket + + If a NewSessionTicket is received by a multi-threaded client when attempting to + reuse a previous ticket then a race condition can occur potentially leading to + a double free of the ticket data. + (CVE-2015-1791) + [Matt Caswell] *) Removed support for the two export grade static DH ciphersuites EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites diff --git a/NEWS b/NEWS index 6eefc32..8750b03 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,18 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [under development] + Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [under development] o + Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015] + + o Malformed ECParameters causes infinite loop (CVE-2015-1788) + o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) + o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) + o CMS verify infinite loop with unknown hash function (CVE-2015-1792) + o Race condition handling NewSessionTicket (CVE-2015-1791) + Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291) diff --git a/README b/README index ad27d98..0bd70de 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2b-dev + OpenSSL 1.0.2c-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 215855e..61dce05 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -253,7 +253,6 @@ bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h -bn_exp.o: rsaz_exp.h bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 1981f16..cfa1c7c 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -693,9 +693,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } # else { - int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy - * of p */ - top = p->top; + int i; + int ubits = BN_num_bits(u); + int vbits = BN_num_bits(v); /* v is copy of p */ + int top = p->top; BN_ULONG *udp, *bdp, *vdp, *cdp; bn_wexpand(u, top); @@ -739,8 +740,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ubits--; } - if (ubits <= BN_BITS2 && udp[0] == 1) - break; + if (ubits <= BN_BITS2) { + if (udp[0] == 0) /* poly was reducible */ + goto err; + if (udp[0] == 1) + break; + } if (ubits < vbits) { i = ubits; diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 8729e3f..b39ed48 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -132,7 +132,7 @@ static void do_free_upto(BIO *f, BIO *upto) BIO_free(f); f = tbio; } - while (f != upto); + while (f && f != upto); } else BIO_free_all(f); } diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 654f72d..d6df194 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10002020L +# define OPENSSL_VERSION_NUMBER 0x10002030L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2b-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2b-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2c-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 31a1b98..c8d7db0 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -445,6 +445,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) switch (i) { case NID_pkcs7_signed: + /* + * p7->d.sign->contents is a PKCS7 structure consisting of a contentType + * field and optional content. + * data_body is NULL if that structure has no (=detached) content + * or if the contentType is wrong (i.e., not "data"). + */ data_body = PKCS7_get_octet_string(p7->d.sign->contents); if (!PKCS7_is_detached(p7) && data_body == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE, @@ -456,6 +462,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) case NID_pkcs7_signedAndEnveloped: rsk = p7->d.signed_and_enveloped->recipientinfo; md_sk = p7->d.signed_and_enveloped->md_algs; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); @@ -468,6 +475,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) case NID_pkcs7_enveloped: rsk = p7->d.enveloped->recipientinfo; enc_alg = p7->d.enveloped->enc_data->algorithm; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.enveloped->enc_data->enc_data; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { @@ -481,6 +489,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } + /* Detached content must be supplied via in_bio instead. */ + if (data_body == NULL && in_bio == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + goto err; + } + /* We will be checking the signature */ if (md_sk != NULL) { for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { @@ -623,7 +637,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) etmp = NULL; } #if 1 - if (PKCS7_is_detached(p7) || (in_bio != NULL)) { + if (in_bio != NULL) { bio = in_bio; } else { # if 0 diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index b4e7983..8ce41f9 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1788,47 +1788,84 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) ASN1_TIME atm; long offset; char buff1[24], buff2[24], *p; - int i, j; + int i, j, remaining; p = buff1; - i = ctm->length; + remaining = ctm->length; str = (char *)ctm->data; + /* + * Note that the following (historical) code allows much more slack in the + * time format than RFC5280. In RFC5280, the representation is fixed: + * UTCTime: YYMMDDHHMMSSZ + * GeneralizedTime: YYYYMMDDHHMMSSZ + */ if (ctm->type == V_ASN1_UTCTIME) { - if ((i < 11) || (i > 17)) + /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ + int min_length = sizeof("YYMMDDHHMMZ") - 1; + int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 10); p += 10; str += 10; + remaining -= 10; } else { - if (i < 13) + /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ + int min_length = sizeof("YYYYMMDDHHMMZ") - 1; + int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 12); p += 12; str += 12; + remaining -= 12; } if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++) = '0'; *(p++) = '0'; } else { + /* SS (seconds) */ + if (remaining < 2) + return 0; *(p++) = *(str++); *(p++) = *(str++); - /* Skip any fractional seconds... */ - if (*str == '.') { + remaining -= 2; + /* + * Skip any (up to three) fractional seconds... + * TODO(emilia): in RFC5280, fractional seconds are forbidden. + * Can we just kill them altogether? + */ + if (remaining && *str == '.') { str++; - while ((*str >= '0') && (*str <= '9')) - str++; + remaining--; + for (i = 0; i < 3 && remaining; i++, str++, remaining--) { + if (*str < '0' || *str > '9') + break; + } } } *(p++) = 'Z'; *(p++) = '\0'; - if (*str == 'Z') + /* We now need either a terminating 'Z' or an offset. */ + if (!remaining) + return 0; + if (*str == 'Z') { + if (remaining != 1) + return 0; offset = 0; - else { + } else { + /* (+-)HHMM */ if ((*str != '+') && (*str != '-')) return 0; + /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ + if (remaining != 5) + return 0; + if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || + str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') + return 0; offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; offset += (str[3] - '0') * 10 + (str[4] - '0'); if (*str == '-') diff --git a/openssl.spec b/openssl.spec index 01f0617..e6c7584 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2b +Version: 1.0.2c Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries From matt at openssl.org Thu Jun 11 14:43:59 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 11 Jun 2015 14:43:59 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1434033839.852375.9737.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 3adca975dc1175e76bc079306896a09692ed4c15 (commit) via 517899e6c8af47d4972dcf9b375386631f6c93f1 (commit) via f61bbf8da532038ed0eae16a9a11771f3da22d30 (commit) via 1f31458a77c1e35e9ac80a43c55e7ed78ac248c2 (commit) via 5fbc59cac60db4d7c3172152b8bdafe0c675fabd (commit) via 370ac320301e28bb615cee80124c042649c95d14 (commit) via dd90a91d8771fd1ad5083fd46a2b3da16a587757 (commit) from 176b59d157d1cbfd0b10f9f7be12eaf9896410f2 (commit) - Log ----------------------------------------------------------------- commit 3adca975dc1175e76bc079306896a09692ed4c15 Author: Matt Caswell Date: Thu Jun 11 15:08:34 2015 +0100 Prepare for 1.0.1o-dev Reviewed-by: Stephen Henson commit 517899e6c8af47d4972dcf9b375386631f6c93f1 Author: Matt Caswell Date: Thu Jun 11 15:05:11 2015 +0100 Prepare for 1.0.1n release Reviewed-by: Stephen Henson commit f61bbf8da532038ed0eae16a9a11771f3da22d30 Author: Andy Polyakov Date: Thu Jun 11 00:18:01 2015 +0200 bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters. CVE-2015-1788 Reviewed-by: Matt Caswell (cherry picked from commit 4924b37ee01f71ae19c94a8934b80eeb2f677932) commit 1f31458a77c1e35e9ac80a43c55e7ed78ac248c2 Author: Matt Caswell Date: Wed Jun 10 11:49:31 2015 +0100 Update CHANGES and NEWS Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: Rich Salz commit 5fbc59cac60db4d7c3172152b8bdafe0c675fabd Author: Emilia Kasper Date: Tue May 12 19:00:30 2015 +0200 PKCS#7: Fix NULL dereference with missing EncryptedContent. CVE-2015-1790 Reviewed-by: Rich Salz commit 370ac320301e28bb615cee80124c042649c95d14 Author: Emilia Kasper Date: Wed Apr 8 16:56:43 2015 +0200 Fix length checks in X509_cmp_time to avoid out-of-bounds reads. Also tighten X509_cmp_time to reject more than three fractional seconds in the time; and to reject trailing garbage after the offset. CVE-2015-1789 Reviewed-by: Viktor Dukhovni