openssl.git
5 years agoExplicitly check for empty ASN.1 strings in d2i_ECPrivateKey
Emilia Kasper [Mon, 25 Aug 2014 10:38:16 +0000 (12:38 +0200)]
Explicitly check for empty ASN.1 strings in d2i_ECPrivateKey

The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer
when the buffer length is 0. Change this to verify explicitly that the ASN.1 string
has positive length.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)

5 years agoRT3065: automatically generate a missing EC public key
Matt Caswell [Fri, 22 Aug 2014 16:04:19 +0000 (18:04 +0200)]
RT3065: automatically generate a missing EC public key

When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit ed383f847156940e93f256fed78599873a4a9b28)

5 years agoRT3065: ec_private_key_dont_crash
Adam Langley [Tue, 23 Apr 2013 19:12:36 +0000 (15:12 -0400)]
RT3065: ec_private_key_dont_crash

This change saves several EC routines from crashing when an EC_KEY is
missing a public key. The public key is optional in the EC private key
format and, without this patch, running the following through `openssl
ec` causes a crash:

-----BEGIN EC PRIVATE KEY-----
MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH
-----END EC PRIVATE KEY-----

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit b391570bdeb386d4fd325917c248d593d3c43930)

5 years agoRT2210: Add missing EVP_cleanup to example
Mihai Militaru [Tue, 26 Aug 2014 16:35:54 +0000 (12:35 -0400)]
RT2210: Add missing EVP_cleanup to example

I also removed some trailing whitespace and cleaned
up the "see also" list.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 7b3e11c54466f1da8b707c932e308d345fd61101)

5 years agoRT2724: Remove extra declaration
John Fitzgibbon [Mon, 18 Aug 2014 21:55:19 +0000 (17:55 -0400)]
RT2724: Remove extra declaration

Extra SSL_get_selected_srtp_profile() declaration in ssl/srtp.h
causes -Werror builds to fail.

Cherry-picked from 3609b02305c3678525930ff9bacb566c0122ea2a

Reviewed-by: Tim Hudson <tjh@openssl.org>
5 years agoRT1744: SSL_CTX_set_dump_dh() doc feedback
David Gatwood [Tue, 26 Aug 2014 17:02:03 +0000 (13:02 -0400)]
RT1744: SSL_CTX_set_dump_dh() doc feedback

The description of when the server creates a DH key is
confusing.  This cleans it up.
(rsalz: also removed trailing whitespace.)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
5 years agoRT1804: fix EXAMPLE in EVP_EncryptInit.pod
Jan Schaumann [Fri, 15 Aug 2014 03:00:44 +0000 (23:00 -0400)]
RT1804: fix EXAMPLE in EVP_EncryptInit.pod

The EXAMPLE that used FILE and RC2 doesn't compile due to a
few minor errors.  Tweak to use IDEA and AES-128. Remove
examples about RC2 and RC5.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
5 years agoTypo fixes to evp documentation.
Matt Caswell [Thu, 24 Jul 2014 05:00:11 +0000 (01:00 -0400)]
Typo fixes to evp documentation.

This patch was submitted by user "Kox" via the wiki

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 2dd8cb3b9593f528d9537aa6a003d5c93df1e3c5)

5 years agoRT3060: Limit the number of empty records.
Adam Langley [Tue, 19 Aug 2014 15:57:53 +0000 (17:57 +0200)]
RT3060: Limit the number of empty records.

Limit the number of empty records that will be processed consecutively
in order to prevent ssl3_get_record from never returning.

Reported by "oftc_must_be_destroyed" and George Kadianakis.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
5 years agoRT3061: Don't SEGFAULT when trying to export a public DSA key as a private key.
Adam Langley [Thu, 21 Feb 2013 22:11:55 +0000 (17:11 -0500)]
RT3061: Don't SEGFAULT when trying to export a public DSA key as a private key.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
5 years agoImprove EVP_PKEY_sign documentation
Emilia Kasper [Fri, 22 Aug 2014 11:16:55 +0000 (13:16 +0200)]
Improve EVP_PKEY_sign documentation

Clarify the intended use of EVP_PKEY_sign. Make the code example compile.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit d64c533a207f7b6d86c3bc8ffb053e5f4d0c1ca0)

5 years agodefine inline for Visual Studio
Emilia Kasper [Tue, 19 Aug 2014 11:18:07 +0000 (13:18 +0200)]
define inline for Visual Studio

In Visual Studio, inline is available in C++ only, however __inline is available for C, see
http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit f511b25a7370c775dc9fd6198dbacd1706cf242b)

5 years agoFix build when BSAES_ASM is defined but VPAES_ASM is not
Emilia Kasper [Tue, 19 Aug 2014 14:28:07 +0000 (16:28 +0200)]
Fix build when BSAES_ASM is defined but VPAES_ASM is not

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit da92be4d68bec81030838e3228ef0238c565af85)

5 years agobn/asm/rsaz-*.pl: allow spaces in Perl path name.
Andy Polyakov [Wed, 20 Aug 2014 22:17:45 +0000 (00:17 +0200)]
bn/asm/rsaz-*.pl: allow spaces in Perl path name.

RT: 2835

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 15735e4f0e81d535cda0ad7ab52a0ed64b644cd0)

5 years agosha1-mb-x86_64.pl: add commentary.
Andy Polyakov [Wed, 20 Aug 2014 22:13:55 +0000 (00:13 +0200)]
sha1-mb-x86_64.pl: add commentary.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit e608273a8094a95a5703c26a428a007497e74392)

5 years agocrypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings.
Andy Polyakov [Wed, 20 Aug 2014 20:18:14 +0000 (22:18 +0200)]
crypto/evp/e_aes_cbc_hmac_sha[1|256].c: fix compiler warnings.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 2893a302a9b6a70161d1859d985a52af11b2195d)

5 years agosha1-mb-x86_64.pl: fix typo.
Andy Polyakov [Wed, 20 Aug 2014 20:10:20 +0000 (22:10 +0200)]
sha1-mb-x86_64.pl: fix typo.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 55eb14da201cc35fe744a08718f5c2efb97f6155)

5 years agoFixed out-of-bounds read errors in ssl3_get_key_exchange.
Matt Caswell [Sat, 26 Jul 2014 22:47:40 +0000 (23:47 +0100)]
Fixed out-of-bounds read errors in ssl3_get_key_exchange.

PR#3450

Reviewed-by: Emilia Käsper <emilia@openssl.org>
5 years agoFix use after free bug.
Istvan Noszticzius [Fri, 15 Aug 2014 15:43:28 +0000 (16:43 +0100)]
Fix use after free bug.

Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 5afa57fb7b17aa51cfba1ffa94e900fc7a5f0e04)

5 years agoFurther improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
Bodo Moeller [Wed, 13 Aug 2014 15:37:19 +0000 (17:37 +0200)]
Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
group_order_tests (ectest.c).  Also fix the EC_POINTs_mul documentation (ec.h).

Reviewed-by: emilia@openssl.org
5 years agoFix SRP authentication ciphersuites.
Dr. Stephen Henson [Fri, 8 Aug 2014 10:24:25 +0000 (11:24 +0100)]
Fix SRP authentication ciphersuites.

The addition of SRP authentication needs to be checked in various places
to work properly. Specifically:

A certificate is not sent.
A certificate request must not be sent.
Server key exchange message must not contain a signature.
If appropriate SRP authentication ciphersuites should be chosen.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 8f5a8805b82d1ae81168b11b7f1506db9e047dec)

5 years agoTest SRP authentication ciphersuites.
Dr. Stephen Henson [Fri, 8 Aug 2014 10:19:39 +0000 (11:19 +0100)]
Test SRP authentication ciphersuites.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 193c1c07165b0042abd217274a084b49459d4443)

5 years agoOnly use FIPS EC methods in FIPS mode.
Dr. Stephen Henson [Thu, 7 Aug 2014 00:08:14 +0000 (01:08 +0100)]
Only use FIPS EC methods in FIPS mode.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 1433cac53c93f9f109290389f60b17078a572d3d)

5 years agoCheck SRP parameters early.
Dr. Stephen Henson [Fri, 1 Aug 2014 13:56:56 +0000 (14:56 +0100)]
Check SRP parameters early.

Check SRP parameters when they are received so we can send back an
appropriate alert.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
5 years agoFix SRP buffer overrun vulnerability.
Dr. Stephen Henson [Thu, 31 Jul 2014 19:56:22 +0000 (20:56 +0100)]
Fix SRP buffer overrun vulnerability.

Invalid parameters passed to the SRP code can be overrun an internal
buffer. Add sanity check that g, A, B < N to SRP code.

Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
Group for reporting this issue.

5 years agoFix SRP ciphersuite DoS vulnerability.
Dr. Stephen Henson [Thu, 24 Jul 2014 23:50:06 +0000 (00:50 +0100)]
Fix SRP ciphersuite DoS vulnerability.

If a client attempted to use an SRP ciphersuite and it had not been
set up correctly it would crash with a null pointer read. A malicious
server could exploit this in a DoS attack.

Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon
for reporting this issue.

CVE-2014-2970
Reviewed-by: Tim Hudson <tjh@openssl.org>
5 years agoFix race condition in ssl_parse_serverhello_tlsext
Gabor Tyukasz [Wed, 23 Jul 2014 21:42:06 +0000 (23:42 +0200)]
Fix race condition in ssl_parse_serverhello_tlsext

CVE-2014-3509
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
5 years agoFix OID handling:
Emilia Kasper [Wed, 2 Jul 2014 17:02:33 +0000 (19:02 +0200)]
Fix OID handling:

- Upon parsing, reject OIDs with invalid base-128 encoding.
- Always NUL-terminate the destination buffer in OBJ_obj2txt printing function.

CVE-2014-3508

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
5 years agoFix DTLS anonymous EC(DH) denial of service
Emilia Käsper [Thu, 24 Jul 2014 20:15:29 +0000 (22:15 +0200)]
Fix DTLS anonymous EC(DH) denial of service

CVE-2014-3510

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
5 years agoFix protocol downgrade bug in case of fragmented packets
David Benjamin [Wed, 23 Jul 2014 20:32:21 +0000 (22:32 +0200)]
Fix protocol downgrade bug in case of fragmented packets

CVE-2014-3511

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Bodo Möller <bodo@openssl.org>
5 years agoRemove some duplicate DTLS code.
Adam Langley [Fri, 6 Jun 2014 21:47:07 +0000 (14:47 -0700)]
Remove some duplicate DTLS code.

In a couple of functions, a sequence number would be calculated twice.

Additionally, in |dtls1_process_out_of_seq_message|, we know that
|frag_len| <= |msg_hdr->msg_len| so the later tests for |frag_len <
msg_hdr->msg_len| can be more clearly written as |frag_len !=
msg_hdr->msg_len|, since that's the only remaining case.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
5 years agoApplying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment...
Matt Caswell [Thu, 24 Jul 2014 22:54:28 +0000 (23:54 +0100)]
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read.

Problem identified by Emilia Käsper, based on previous issue/patch by Adam
Langley.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
5 years agoFix return code for truncated DTLS fragment.
Adam Langley [Fri, 6 Jun 2014 21:44:20 +0000 (14:44 -0700)]
Fix return code for truncated DTLS fragment.

Previously, a truncated DTLS fragment in
|dtls1_process_out_of_seq_message| would cause *ok to be cleared, but
the return value would still be the number of bytes read. This would
cause |dtls1_get_message| not to consider it an error and it would
continue processing as normal until the calling function noticed that
*ok was zero.

I can't see an exploit here because |dtls1_get_message| uses
|s->init_num| as the length, which will always be zero from what I can
see.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
5 years agoFix memory leak from zero-length DTLS fragments.
Adam Langley [Fri, 6 Jun 2014 21:30:33 +0000 (14:30 -0700)]
Fix memory leak from zero-length DTLS fragments.

The |pqueue_insert| function can fail if one attempts to insert a
duplicate sequence number. When handling a fragment of an out of
sequence message, |dtls1_process_out_of_seq_message| would not call
|dtls1_reassemble_fragment| if the fragment's length was zero. It would
then allocate a fresh fragment and attempt to insert it, but ignore the
return value, leaking the fragment.

This allows an attacker to exhaust the memory of a DTLS peer.

Fixes CVE-2014-3507

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
5 years agoFix DTLS handshake message size checks.
Matt Caswell [Fri, 6 Jun 2014 21:25:52 +0000 (14:25 -0700)]
Fix DTLS handshake message size checks.

In |dtls1_reassemble_fragment|, the value of
|msg_hdr->frag_off+frag_len| was being checked against the maximum
handshake message size, but then |msg_len| bytes were allocated for the
fragment buffer. This means that so long as the fragment was within the
allowed size, the pending handshake message could consume 16MB + 2MB
(for the reassembly bitmap). Approx 10 outstanding handshake messages
are allowed, meaning that an attacker could consume ~180MB per DTLS
connection.

In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no
check was applied.

Fixes CVE-2014-3506

Wholly based on patch by Adam Langley with one minor amendment.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
5 years agoAdded comment for the frag->reassembly == NULL case as per feedback from Emilia
Matt Caswell [Thu, 24 Jul 2014 22:33:34 +0000 (23:33 +0100)]
Added comment for the frag->reassembly == NULL case as per feedback from Emilia

Reviewed-by: Emilia Käsper <emilia@openssl.org>
5 years agoAvoid double free when processing DTLS packets.
Adam Langley [Fri, 6 Jun 2014 21:19:21 +0000 (14:19 -0700)]
Avoid double free when processing DTLS packets.

The |item| variable, in both of these cases, may contain a pointer to a
|pitem| structure within |s->d1->buffered_messages|. It was being freed
in the error case while still being in |buffered_messages|. When the
error later caused the |SSL*| to be destroyed, the item would be double
freed.

Thanks to Wah-Teh Chang for spotting that the fix in 1632ef74 was
inconsistent with the other error paths (but correct).

Fixes CVE-2014-3505

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
5 years agomake update
Dr. Stephen Henson [Fri, 1 Aug 2014 19:15:48 +0000 (20:15 +0100)]
make update

Reviewed-by: Tim Hudson <tjh@openssl.org>
5 years agoFix error discrepancy.
Dr. Stephen Henson [Thu, 31 Jul 2014 20:22:23 +0000 (21:22 +0100)]
Fix error discrepancy.

We can't rename ssleay_rand_bytes to md_rand_bytes_lock as this will cause
an error code discrepancy. Instead keep ssleay_rand_bytes and add an
extra parameter: since ssleay_rand_bytes is not part of the public API
this wont cause any binary compatibility issues.
Reviewed-by: Kurt Roeckx <kurt@openssl.org >
5 years agoUpdate $default_depflags to match current defaults.
Bodo Moeller [Fri, 1 Aug 2014 17:03:03 +0000 (19:03 +0200)]
Update $default_depflags to match current defaults.

5 years agoClean up CHANGES files: If a change is already present in 1.0.1f or 1.0.1h,
Bodo Moeller [Fri, 1 Aug 2014 16:38:56 +0000 (18:38 +0200)]
Clean up CHANGES files: If a change is already present in 1.0.1f or 1.0.1h,
don't list it again under changes between 1.0.1h and 1.0.2.

5 years agoSimplify and fix ec_GFp_simple_points_make_affine
Bodo Moeller [Fri, 1 Aug 2014 15:18:14 +0000 (17:18 +0200)]
Simplify and fix ec_GFp_simple_points_make_affine
(which didn't always handle value 0 correctly).

Reviewed-by: emilia@openssl.org
5 years agoAvoid multiple lock using FIPS DRBG.
Dr. Stephen Henson [Wed, 30 Jul 2014 14:13:08 +0000 (15:13 +0100)]
Avoid multiple lock using FIPS DRBG.

Don't use multiple locks when SP800-90 DRBG is used outside FIPS mode.

PR#3176
Reviewed-by: Rich Salz <rsalz@openssl.org>
5 years agoAdd conditional unit testing interface.
Dr. Stephen Henson [Wed, 23 Jul 2014 12:18:06 +0000 (13:18 +0100)]
Add conditional unit testing interface.

Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit e0fc7961c4fbd27577fb519d9aea2dc788742715)

Conflicts:

ssl/heartbeat_test.c
ssl/ssl.h
util/mkdef.pl

5 years agoPrepare for 1.0.2-beta3-dev
Matt Caswell [Tue, 22 Jul 2014 20:31:04 +0000 (21:31 +0100)]
Prepare for 1.0.2-beta3-dev

Reviewed-by: Stephen Henson <steve@openssl.org>
5 years agoPrepare for 1.0.2-beta2 release OpenSSL_1_0_2-beta2
Matt Caswell [Tue, 22 Jul 2014 20:30:33 +0000 (21:30 +0100)]
Prepare for 1.0.2-beta2 release

Reviewed-by: Stephen Henson <steve@openssl.org>
5 years agomake update
Matt Caswell [Tue, 22 Jul 2014 20:30:33 +0000 (21:30 +0100)]
make update

Reviewed-by: Stephen Henson <steve@openssl.org>
5 years agoupdate $default_depflags
Dr. Stephen Henson [Tue, 22 Jul 2014 19:55:29 +0000 (20:55 +0100)]
update $default_depflags

Reviewed-by: Matt Caswell <matt@openssl.org>
5 years agoCHANGES: mention new platforms.
Andy Polyakov [Tue, 22 Jul 2014 18:16:16 +0000 (20:16 +0200)]
CHANGES: mention new platforms.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
5 years ago"EC_POINT_invert" was checking "dbl" function pointer instead of "invert".
Billy Brumley [Mon, 21 Jul 2014 21:08:23 +0000 (22:08 +0100)]
"EC_POINT_invert" was checking "dbl" function pointer instead of "invert".

PR#2569

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit cba11f57ce161fd301a72194827327128191de7e)

5 years agoRemove old unused and unmaintained demonstration code.
Tim Hudson [Mon, 21 Jul 2014 19:26:17 +0000 (05:26 +1000)]
Remove old unused and unmaintained demonstration code.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 62352b8138018775a4c085a105fccd9cdcb6323f)

5 years agosha1-ppc.pl: shave off one cycle from BODY_20_39
Andy Polyakov [Mon, 21 Jul 2014 13:29:09 +0000 (15:29 +0200)]
sha1-ppc.pl: shave off one cycle from BODY_20_39
and improve performance by 10% on POWER[78].

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 5c3598307ebbf5a88d1c39fbb2629536e443a5dd)

5 years agoMinor documentation update removing "really" and a
Tim Hudson [Mon, 21 Jul 2014 10:03:50 +0000 (20:03 +1000)]
Minor documentation update removing "really" and a
statement of opinion rather than a fact.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit c8d133e4b6f1ed1b7ad3c1a6d2c62f460e26c050)

5 years agoAdd test header to Makefile, update ordinals
Dr. Stephen Henson [Sun, 20 Jul 2014 11:39:18 +0000 (12:39 +0100)]
Add test header to Makefile, update ordinals

Reviewed-by: Tim Hudson <tjh@openssl.org>
5 years agoInitial POWER8 support from development branch.
Andy Polyakov [Sun, 20 Jul 2014 12:36:49 +0000 (14:36 +0200)]
Initial POWER8 support from development branch.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
5 years agoFix documentation for RSA_set_method(3)
Dr. Stephen Henson [Sat, 19 Jul 2014 13:20:05 +0000 (14:20 +0100)]
Fix documentation for RSA_set_method(3)

PR#1675
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 197400c3f0d617d71ad8167b52fb73046d334320)

5 years agoMake *Final work for key wrap again.
Dr. Stephen Henson [Thu, 17 Jul 2014 21:27:50 +0000 (22:27 +0100)]
Make *Final work for key wrap again.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 58f4698f67c33b723a9e99bed1101161a59eea73)

5 years agoSanity check lengths for AES wrap algorithm.
Dr. Stephen Henson [Thu, 17 Jul 2014 01:50:48 +0000 (02:50 +0100)]
Sanity check lengths for AES wrap algorithm.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit d12eef15016e49fc09d6c96653c61624e032d1a3)

5 years agoFix typo, add reference.
Jeffrey Walton [Thu, 17 Jul 2014 10:25:02 +0000 (11:25 +0100)]
Fix typo, add reference.

PR#3456
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit d48e78f0cf22aaddb563f4bcfccf25b1a45ac8a4)

5 years agoDisabled XTS mode in enc utility as it is not supported
Matt Caswell [Sun, 13 Jul 2014 22:28:13 +0000 (23:28 +0100)]
Disabled XTS mode in enc utility as it is not supported

PR#3442

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2097a17c576f2395a10b05f14490688bc5f45a07)

5 years agoAdd Matt Caswell's fingerprint, and general update on the fingerprints file to bring...
Matt Caswell [Tue, 15 Jul 2014 21:47:29 +0000 (22:47 +0100)]
Add Matt Caswell's fingerprint, and general update on the fingerprints file to bring it up to date

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3bd548192a03142c80cf8bc68659d79dea20a738)

5 years agoClarify -Verify and PSK.
Dr. Stephen Henson [Tue, 15 Jul 2014 19:22:39 +0000 (20:22 +0100)]
Clarify -Verify and PSK.

PR#3452
(cherry picked from commit ca2015a617842fed3d36ed4dcbbf8d5e27bc5216)

5 years agoFix DTLS certificate requesting code.
Dr. Stephen Henson [Tue, 15 Jul 2014 17:21:59 +0000 (18:21 +0100)]
Fix DTLS certificate requesting code.

Use same logic when determining when to expect a client
certificate for both TLS and DTLS.

PR#3452
(cherry picked from commit c8d710dc5f83d69d802f941a4cc5895eb5fe3d65)

5 years agoDon't allow -www etc options with DTLS.
Dr. Stephen Henson [Tue, 15 Jul 2014 11:22:49 +0000 (12:22 +0100)]
Don't allow -www etc options with DTLS.

The options which emulate a web server don't make sense when doing DTLS.
Exit with an error if an attempt is made to use them.

PR#3453
(cherry picked from commit 58a2aaeade8bdecd0f9f0df41927f7cff3012547)

5 years agoUse case insensitive compare for servername.
Dr. Stephen Henson [Mon, 14 Jul 2014 22:59:13 +0000 (23:59 +0100)]
Use case insensitive compare for servername.

PR#3445
(cherry picked from commit 1c3e9a7c67ccdc5e770829fe951e5832e600d377)

5 years agodocument -nextprotoneg option in man pages
Hubert Kario [Fri, 6 Jun 2014 14:48:43 +0000 (16:48 +0200)]
document -nextprotoneg option in man pages

Add description of the option to advertise support of
Next Protocol Negotiation extension (-nextprotoneg) to
man pages of s_client and s_server.

PR#3444
(cherry picked from commit 7efd0e777e65eaa6c60d85b1cc5c889f872f8fc4)

5 years agoUse more common name for GOST key exchange.
Dr. Stephen Henson [Mon, 14 Jul 2014 14:05:50 +0000 (15:05 +0100)]
Use more common name for GOST key exchange.
(cherry picked from commit 7aabd9c92fe6f0ea2a82869e5171dcc4518cee85)

5 years agoFixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
Matt Caswell [Thu, 10 Jul 2014 22:47:31 +0000 (23:47 +0100)]
Fixed valgrind complaint due to BN_consttime_swap reading uninitialised data.
This is actually ok for this function, but initialised to zero anyway if
PURIFY defined.

This does have the impact of masking any *real* unitialised data reads in bn though.

Patch based on approach suggested by Rich Salz.

PR#3415

(cherry picked from commit 77747e2d9a5573b1dbc15e247ce18c03374c760c)

5 years agoAdd names of GOST algorithms.
Peter Mosmans [Sun, 13 Jul 2014 17:30:07 +0000 (18:30 +0100)]
Add names of GOST algorithms.

PR#3440
(cherry picked from commit 924e5eda2c82d737cc5a1b9c37918aa6e34825da)

5 years ago* crypto/ui/ui_lib.c: misplaced brace in switch statement.
Richard Levitte [Sun, 13 Jul 2014 17:11:29 +0000 (19:11 +0200)]
* crypto/ui/ui_lib.c: misplaced brace in switch statement.
  Detected by dcruette@qualitesys.com

(cherry picked from commit 8b5dd340919e511137696792279f595a70ae2762)

5 years agoDon't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).
Ben Laurie [Thu, 10 Jul 2014 16:47:48 +0000 (17:47 +0100)]
Don't clean up uninitialised EVP_CIPHER_CTX on error (CID 483259).

(cherry picked from commit c1d1b0114e9d370c30649e46182393dbfc00e20c)

5 years agoFix memory leak in BIO_free if there is no destroy function.
Matt Caswell [Wed, 9 Jul 2014 22:29:17 +0000 (23:29 +0100)]
Fix memory leak in BIO_free if there is no destroy function.
Based on an original patch by Neitrino Photonov <neitrinoph@gmail.com>

PR#3439

(cherry picked from commit 66816c53bea0ecddb9448da7ea9a51a334496127)

5 years agox86_64 assembly pack: improve masm support.
Andy Polyakov [Wed, 9 Jul 2014 18:08:01 +0000 (20:08 +0200)]
x86_64 assembly pack: improve masm support.
(cherry picked from commit 1b0fe79f3ee27ebd20510da3af9ec04c6ee0f800)

5 years agoPlease Clang's sanitizer, addendum.
Andy Polyakov [Tue, 8 Jul 2014 21:06:59 +0000 (23:06 +0200)]
Please Clang's sanitizer, addendum.
(cherry picked from commit d11c70b2c2a655d112fa72d34c6702e9aa2eff79)

5 years agoPlease Clang's sanitizer.
Andy Polyakov [Tue, 8 Jul 2014 20:24:44 +0000 (22:24 +0200)]
Please Clang's sanitizer.

PR: #3424,#3423,#3422
(cherry picked from commit 021e5043e524b1cb28a929ef902548a987c16e65)

5 years agoapps/speed.c: fix compiler warnings in multiblock_speed().
Andy Polyakov [Mon, 7 Jul 2014 15:02:26 +0000 (17:02 +0200)]
apps/speed.c: fix compiler warnings in multiblock_speed().
(cherry picked from commit c4f8efab34af95a5319bbc5b954b62614604298a)

5 years agosha[1|512]-x86_64.pl: fix logical errors with $shaext=0.
Andy Polyakov [Mon, 7 Jul 2014 15:01:07 +0000 (17:01 +0200)]
sha[1|512]-x86_64.pl: fix logical errors with $shaext=0.
(cherry picked from commit 07b635cceb60abaddba2f0e469e5f5978258f46b)

5 years agoPrevent infinite loop loading config files.
David Lloyd [Mon, 7 Jul 2014 12:11:48 +0000 (13:11 +0100)]
Prevent infinite loop loading config files.

PR#2985
(cherry picked from commit 9d23f422a32cb333a5e803199ae230706b1bf9f5)

5 years agoImprove X509_check_host() documentation.
Viktor Dukhovni [Mon, 7 Jul 2014 10:34:06 +0000 (20:34 +1000)]
Improve X509_check_host() documentation.

Based on feedback from Jeffrey Walton.

(cherry picked from commit b73ac027357da29d9e393f24cd224999c94028d1)

5 years agoUpdate API to use (char *) for email addresses and hostnames
Viktor Dukhovni [Mon, 7 Jul 2014 09:11:38 +0000 (19:11 +1000)]
Update API to use (char *) for email addresses and hostnames

Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

(cherry picked from commit 297c67fcd817ea643de2fdeff4e434b050d571e2)

5 years agoSet optional peername when X509_check_host() succeeds.
Viktor Dukhovni [Sat, 5 Jul 2014 15:47:29 +0000 (01:47 +1000)]
Set optional peername when X509_check_host() succeeds.

Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.

(cherry picked from commit ced3d9158a7a8c676be504bb6cd3b5ffb7cc7f13)

5 years agoNew peername element in X509_VERIFY_PARAM_ID
Viktor Dukhovni [Sat, 5 Jul 2014 15:44:30 +0000 (01:44 +1000)]
New peername element in X509_VERIFY_PARAM_ID

Declaration, memory management, accessor and documentation.

(cherry picked from commit 6e661d458f5aa8f52bf3d9098bd10025de5f08ea)

5 years agoOne more typo when changing !result to result <= 0
Viktor Dukhovni [Mon, 23 Jun 2014 17:06:24 +0000 (13:06 -0400)]
One more typo when changing !result to result <= 0

(cherry picked from commit eef1827f89ebb82d3bcb5391fa15e05061bab4b2)

5 years agoFix typo in last commit
Viktor Dukhovni [Mon, 23 Jun 2014 00:39:52 +0000 (20:39 -0400)]
Fix typo in last commit

(cherry picked from commit 90b70a6a6b4df267fea2724c7af37d93366a1fec)

5 years agoMultiple verifier reference identities.
Viktor Dukhovni [Sun, 22 Jun 2014 05:38:57 +0000 (01:38 -0400)]
Multiple verifier reference identities.

Implemented as STACK_OF(OPENSSL_STRING).

(cherry picked from commit 8abffa4a73fcbf6536e0a42d736ed9211a8204ea)

5 years agoImplement sk_deep_copy.
Viktor Dukhovni [Sun, 22 Jun 2014 08:24:40 +0000 (04:24 -0400)]
Implement sk_deep_copy.

(cherry picked from commit 66d884f06770f2daaee8016299ef7e1e3b91dfd1)

5 years agoUsage for -hack and -prexit -verify_return_error
Dr. Stephen Henson [Sun, 6 Jul 2014 21:33:35 +0000 (22:33 +0100)]
Usage for -hack and -prexit -verify_return_error
(cherry picked from commit ee724df75d9ad67fd954253ac514fddb46f1e3c6)

5 years agoDocument certificate status request options.
Dr. Stephen Henson [Sun, 6 Jul 2014 21:16:21 +0000 (22:16 +0100)]
Document certificate status request options.
(cherry picked from commit cba3f1c739f012aaadb85aaefaf8de424d2695e2)

5 years agos_server usage for certificate status requests
Dr. Stephen Henson [Sun, 6 Jul 2014 21:23:01 +0000 (22:23 +0100)]
s_server usage for certificate status requests
(cherry picked from commit a44f219c009798054d6741e919cba5b2e656dbf4)

5 years agoUpdate ticket callback docs.
Dr. Stephen Henson [Thu, 3 Jul 2014 13:50:08 +0000 (14:50 +0100)]
Update ticket callback docs.
(cherry picked from commit a23a6e85d8dcd5733a343754f434201f3c9aa6f0)

5 years agoSanity check keylength in PVK files.
Dr. Stephen Henson [Sat, 5 Jul 2014 23:32:44 +0000 (00:32 +0100)]
Sanity check keylength in PVK files.

PR#2277
(cherry picked from commit 733a6c882e92f8221bd03a51643bb47f5f81bb81)

5 years agoAdded reference to platform specific cryptographic acceleration such as AES-NI
Jeffrey Walton [Sat, 5 Jul 2014 21:39:08 +0000 (22:39 +0100)]
Added reference to platform specific cryptographic acceleration such as AES-NI

5 years agoFixed error in pod files with latest versions of pod2man
Matt Caswell [Sat, 5 Jul 2014 21:31:05 +0000 (22:31 +0100)]
Fixed error in pod files with latest versions of pod2man

(cherry picked from commit 07255f0a76d9d349d915e14f969b9ff2ee0d1953)

5 years agosha512-x86_64.pl: fix typo.
Andy Polyakov [Sat, 5 Jul 2014 21:59:57 +0000 (23:59 +0200)]
sha512-x86_64.pl: fix typo.

PR: #3431
(cherry picked from commit 7eb9680ae1bf5dd9aeb61c401f2c3bd900ac9aeb)

5 years agos3_pkt.c: fix typo.
Andy Polyakov [Sat, 5 Jul 2014 21:56:54 +0000 (23:56 +0200)]
s3_pkt.c: fix typo.
(cherry picked from commit 0e7a32b55e8c5b1ec7c2bb755213d076390cc55e)

5 years agoapps/speed.c: add multi-block benchmark.
Andy Polyakov [Sat, 5 Jul 2014 21:53:55 +0000 (23:53 +0200)]
apps/speed.c: add multi-block benchmark.
(cherry picked from commit 375a64e3496c7576a7dbcfdf9a549bf2693506e8)

5 years agoReturn smaller of ret and f.
Alan Hryngle [Sat, 5 Jul 2014 21:24:03 +0000 (22:24 +0100)]
Return smaller of ret and f.

PR#3418.
(cherry picked from commit fdea4fff8fb058be928980600b24cf4c62ef3630)

5 years agoDon't limit message sizes in ssl3_get_cert_verify.
Dr. Stephen Henson [Sat, 5 Jul 2014 12:19:12 +0000 (13:19 +0100)]
Don't limit message sizes in ssl3_get_cert_verify.

PR#319 (reoponed version).
(cherry picked from commit 7f6e9578648728478e84246fd3e64026b8b6a48e)

5 years agoAdd license info.
Dr. Stephen Henson [Fri, 4 Jul 2014 17:41:45 +0000 (18:41 +0100)]
Add license info.
(cherry picked from commit 55707a36cce3584457f687ff020842c079624ee8)

5 years agotypo
Dr. Stephen Henson [Fri, 4 Jul 2014 12:50:26 +0000 (13:50 +0100)]
typo