- Aug 28, 2014
-
-
Dr. Stephen Henson authored
Use the same structure for client and server custom extensions. Add utility functions in new file t1_ext.c. Use new utility functions to handle custom server and client extensions and remove a lot of code duplication. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit ecf4d660) Conflicts: ssl/ssl_lib.c ssl/ssl_locl.h ssl/t1_lib.c
-
Dr. Stephen Henson authored
Move custom extension structures from SSL_CTX to CERT structure. This change means the form can be revised in future without binary compatibility issues. Also since CERT is part of SSL structures so per-SSL custom extensions could be supported in future as well as per SSL_CTX. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit b83294fe) Conflicts: ssl/ssl.h ssl/ssl_cert.c ssl/ssl_locl.h
-
Emilia Kasper authored
Pull constant-time methods out to a separate header, add tests. Reviewed-by: Bodo Moeller <bodo@openssl.org> (cherry picked from commit 5a3d21c0) Conflicts: ssl/s3_cbc.c test/Makefile
-
Raphael Spreitzer authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit f9fb43e1)
-
Rich Salz authored
Add the wrapper to all public header files (Configure generates one). Don't bother for those that are just lists of #define's that do renaming. Reviewed-by: Tim Hudson <tjh@openssl.org> Cherry-pick of commit 17e80c6b
-
- Aug 27, 2014
-
-
Emilia Kasper authored
The old code implicitly relies on the ASN.1 code returning a \0-prefixed buffer when the buffer length is 0. Change this to verify explicitly that the ASN.1 string has positive length. Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit 82dc08de54ce443c2a9ac478faffe79e76157795)
-
Matt Caswell authored
When d2i_ECPrivateKey reads a private key with a missing (optional) public key, generate one automatically from the group and private key. Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit ed383f847156940e93f256fed78599873a4a9b28)
-
Adam Langley authored
This change saves several EC routines from crashing when an EC_KEY is missing a public key. The public key is optional in the EC private key format and, without this patch, running the following through `openssl ec` causes a crash: -----BEGIN EC PRIVATE KEY----- MBkCAQEECAECAwQFBgcIoAoGCCqGSM49AwEH -----END EC PRIVATE KEY----- Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit b391570bdeb386d4fd325917c248d593d3c43930)
-
Mihai Militaru authored
I also removed some trailing whitespace and cleaned up the "see also" list. Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 7b3e11c5)
-
- Aug 26, 2014
-
-
John Fitzgibbon authored
Extra SSL_get_selected_srtp_profile() declaration in ssl/srtp.h causes -Werror builds to fail. Cherry-picked from 3609b023 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
David Gatwood authored
The description of when the server creates a DH key is confusing. This cleans it up. (rsalz: also removed trailing whitespace.) Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Aug 25, 2014
-
-
Jan Schaumann authored
The EXAMPLE that used FILE and RC2 doesn't compile due to a few minor errors. Tweak to use IDEA and AES-128. Remove examples about RC2 and RC5. Reviewed-by: Emilia Kasper <emilia@openssl.org>
-
- Aug 24, 2014
-
-
Matt Caswell authored
This patch was submitted by user "Kox" via the wiki Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 2dd8cb3b)
-
- Aug 22, 2014
-
-
Adam Langley authored
Limit the number of empty records that will be processed consecutively in order to prevent ssl3_get_record from never returning. Reported by "oftc_must_be_destroyed" and George Kadianakis. Reviewed-by: Bodo Moeller <bodo@openssl.org>
-
Adam Langley authored
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Emilia Kasper authored
Clarify the intended use of EVP_PKEY_sign. Make the code example compile. Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit d64c533a)
-
- Aug 21, 2014
-
-
Emilia Kasper authored
In Visual Studio, inline is available in C++ only, however __inline is available for C, see http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr Stephen Henson <steve@openssl.org> (cherry picked from commit f511b25a)
-
Emilia Kasper authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit da92be4d)
-
- Aug 20, 2014
-
-
Andy Polyakov authored
RT: 2835 Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 15735e4f)
-
Andy Polyakov authored
Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit e608273a)
-
Andy Polyakov authored
Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit 2893a302)
-
Andy Polyakov authored
Reviewed-by: Emilia Kasper <emilia@openssl.org> (cherry picked from commit 55eb14da)
-
- Aug 15, 2014
-
-
Matt Caswell authored
PR#3450 Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Istvan Noszticzius authored
Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 5afa57fb7b17aa51cfba1ffa94e900fc7a5f0e04)
-
- Aug 13, 2014
-
-
Bodo Moeller authored
group_order_tests (ectest.c). Also fix the EC_POINTs_mul documentation (ec.h). Reviewed-by: <emilia@openssl.org>
-
- Aug 08, 2014
-
-
Dr. Stephen Henson authored
The addition of SRP authentication needs to be checked in various places to work properly. Specifically: A certificate is not sent. A certificate request must not be sent. Server key exchange message must not contain a signature. If appropriate SRP authentication ciphersuites should be chosen. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 8f5a8805b82d1ae81168b11b7f1506db9e047dec)
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 193c1c07165b0042abd217274a084b49459d4443)
-
- Aug 07, 2014
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 1433cac5)
-
- Aug 06, 2014
-
-
Dr. Stephen Henson authored
Check SRP parameters when they are received so we can send back an appropriate alert. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
Dr. Stephen Henson authored
Invalid parameters passed to the SRP code can be overrun an internal buffer. Add sanity check that g, A, B < N to SRP code. Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC Group for reporting this issue.
-
Dr. Stephen Henson authored
If a client attempted to use an SRP ciphersuite and it had not been set up correctly it would crash with a null pointer read. A malicious server could exploit this in a DoS attack. Thanks to Joonas Kuorilehto and Riku Hietamäki from Codenomicon for reporting this issue. CVE-2014-2970 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Gabor Tyukasz authored
CVE-2014-3509 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
Emilia Kasper authored
- Upon parsing, reject OIDs with invalid base-128 encoding. - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. CVE-2014-3508 Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Emilia Käsper authored
CVE-2014-3510 Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
David Benjamin authored
CVE-2014-3511 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Bodo Möller <bodo@openssl.org>
-
Adam Langley authored
In a couple of functions, a sequence number would be calculated twice. Additionally, in |dtls1_process_out_of_seq_message|, we know that |frag_len| <= |msg_hdr->msg_len| so the later tests for |frag_len < msg_hdr->msg_len| can be more clearly written as |frag_len != msg_hdr->msg_len|, since that's the only remaining case. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
Applying same fix as in dtls1_process_out_of_seq_message. A truncated DTLS fragment would cause *ok to be clear, but the return value would still be the number of bytes read. Problem identified by Emilia Käsper, based on previous issue/patch by Adam Langley. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
Previously, a truncated DTLS fragment in |dtls1_process_out_of_seq_message| would cause *ok to be cleared, but the return value would still be the number of bytes read. This would cause |dtls1_get_message| not to consider it an error and it would continue processing as normal until the calling function noticed that *ok was zero. I can't see an exploit here because |dtls1_get_message| uses |s->init_num| as the length, which will always be zero from what I can see. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Adam Langley authored
The |pqueue_insert| function can fail if one attempts to insert a duplicate sequence number. When handling a fragment of an out of sequence message, |dtls1_process_out_of_seq_message| would not call |dtls1_reassemble_fragment| if the fragment's length was zero. It would then allocate a fresh fragment and attempt to insert it, but ignore the return value, leaking the fragment. This allows an attacker to exhaust the memory of a DTLS peer. Fixes CVE-2014-3507 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
In |dtls1_reassemble_fragment|, the value of |msg_hdr->frag_off+frag_len| was being checked against the maximum handshake message size, but then |msg_len| bytes were allocated for the fragment buffer. This means that so long as the fragment was within the allowed size, the pending handshake message could consume 16MB + 2MB (for the reassembly bitmap). Approx 10 outstanding handshake messages are allowed, meaning that an attacker could consume ~180MB per DTLS connection. In the non-fragmented path (in |dtls1_process_out_of_seq_message|), no check was applied. Fixes CVE-2014-3506 Wholly based on patch by Adam Langley with one minor amendment. Reviewed-by: Emilia Käsper <emilia@openssl.org>
-