- May 13, 2015
-
-
Matt Caswell authored
Currently we set change_cipher_spec_ok to 1 before calling ssl3_get_cert_verify(). This is because this message is optional and if it is not sent then the next thing we would expect to get is the CCS. However, although it is optional, we do actually know whether we should be receiving one in advance. If we have received a client cert then we should expect a CertificateVerify message. By the time we get to this point we will already have bombed out if we didn't get a Certificate when we should have done, so it is safe just to check whether |peer| is NULL or not. If it is we won't get a CertificateVerify, otherwise we will. Therefore we should change the logic so that we only attempt to get the CertificateVerify if we are expecting one, and not allow a CCS in this scenario. Whilst this is good practice for TLS it is even more important for DTLS. In DTLS messages can be lost. Therefore we may be in a situation where a CertificateVerify message does not arrive even though one was sent. In that case the next message the server will receive will be the CCS. This could also happen if messages get re-ordered in-flight. In DTLS if |change_cipher_spec_ok| is not set and a CCS is received it is ignored. However if |change_cipher_spec_ok| *is* set then a CCS arrival will immediately move the server into the next epoch. Any messages arriving for the previous epoch will be ignored. This means that, in this scenario, the handshake can never complete. The client will attempt to retransmit missing messages, but the server will ignore them because they are the wrong epoch. The server meanwhile will still be waiting for the CertificateVerify which is never going to arrive. RT#2958 Reviewed-by:Emilia Käsper <emilia@openssl.org>
-
Gunnar Kudrjavets authored
Original 'sizeof(ADDED_OBJ)' was replaced with 'sizeof(*ao)'. However, they return different sizes. Therefore as the result heap gets corrupted and at some point later debug version of malloc() detects the corruption. On x86 we can observe that as follows: sizeof(*ao) == 4 sizeof(*ao[0]) == sizeof(ADDED_OBJ) == 8 Issue reproduces with either enabling CRT debug heap or Application Verifier's full-page heap. Basic debugging data from the moment the corruption is first detected: 0:000:x86> | . 0 id: 283c create name: openssl.exe 0:000:x86> kcn # 00 MSVCR120D!_heap_alloc_dbg_impl 01 MSVCR120D!_nh_malloc_dbg_impl 02 MSVCR120D!_nh_malloc_dbg 03 MSVCR120D!malloc 04 LIBEAY32!default_malloc_ex 05 LIBEAY32!CRYPTO_malloc 06 LIBEAY32!lh_insert 07 LIBEAY32!OBJ_add_object 08 LIBEAY32!OBJ_create 09 openssl!add_oid_section 0a openssl!req_main 0b openssl!do_cmd 0c openssl!main 0d openssl!__tmainCRTStartup 0e openssl!mainCRTStartup 0f KERNEL32!BaseThreadInitThunk 10 ntdll_77d60000!__RtlUserThreadStart 11 ntdll_77d60000!_RtlUserThreadStart Signed-off-by:
Matt Caswell <matt@openssl.org> Reviewed-by:
Richard Levitte <levitte@openssl.org>
-
- May 12, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by:Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Since COMP_METHOD is now defined in comp_lcl.h, it is no longer possible to create new TLS compression methods without using the OpenSSL source. Only ZLIB is supported by default. Also, since the types are opaque, #ifdef guards to use "char *" instead of the real type aren't necessary. The changes are actually minor. Adding missing copyright to some files makes the diff misleadingly big. Reviewed-by: -
Dr. Stephen Henson authored
Reviewed-by:Tim Hudson <tjh@openssl.org>
-
- May 11, 2015
-
-
Rich Salz authored
Reviewed-by: -
Kurt Cancemi authored
Matt's note: I added a call to X509V3err to Kurt's original patch. RT#3840 Signed-off-by:
-
Kurt Cancemi authored
This would cause memory corruption in opt_init() because it relies on the terminating NULL. RT#3842 Reviewed-by: -
Bjoern D. Rasmussen authored
clang says: "s_cb.c:958:9: error: implicitly declaring library function 'memcpy'" Reviewed-by:
-
Matt Caswell authored
If sk_SSL_CIPHER_new_null() returns NULL then ssl_bytes_to_cipher_list() should also return NULL. Based on an original patch by mrpre <mrpre@163.com>. Reviewed-by:
-
- May 08, 2015
-
-
Dr. Stephen Henson authored
Add SSL_use_certiicate_chain file functions: this is works the same way as SSL_CTX_use_certificate_chain_file but for an SSL structure. Update SSL_CONF code to use the new function. Update docs. Update ordinals. Reviewed-by:
-
- May 07, 2015
-
-
Viktor Dukhovni authored
Reviewed-by:Rich Salz <rsalz@akamai.com>
-
Rich Salz authored
For the various string-compare routines (strcmp, strcasecmp, str.*cmp) use "strcmp()==0" instead of "!strcmp()" Reviewed-by:
-
- May 06, 2015
-
-
Dr. Stephen Henson authored
If server requests a certificate, but the client doesn't send one, cache digested records. This is an optimisation and ensures the correct finished mac is used when extended master secret is used with client authentication. Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Richard Levitte authored
The file name given to -CAserial might not exist yet. The -CAcreateserial option decides if this is ok or not. Previous to this change, -CAserial was a type '<' option, and in that case, the existence of the file given as argument is tested quite early, and is a failure if it doesn't. With the type 's' option, the argument is just a string that the application can do whatever it wants with. Reviewed-by: -
Richard Levitte authored
This is just to make sure that option is tested on a Unix build. This option is already present in ms/testss.bat, so it's an easy steal. Reviewed-by: -
Dr. Stephen Henson authored
Add command line switch entries to table and return SSL_CONF_TYPE_NONE for them in SSL_CONF_cmd_value_type. Update docs. Reviewed-by: -
Gunnar Kudrjavets authored
Compiling OpenSSL code with MSVC and /W4 results in a number of warnings. One category of warnings is particularly interesting - C4701 (potentially uninitialized local variable 'name' used). This warning pretty much means that there's a code path which results in uninitialized variables being used or returned. Depending on compiler, its options, OS, values in registers and/or stack, the results can be nondeterministic. Cases like this are very hard to debug so it's rational to fix these issues. This patch contains a set of trivial fixes for all the C4701 warnings (just initializing variables to 0 or NULL or appropriate error code) to make sure that deterministic values will be returned from all the execution paths. RT#3835 Signed-off-by:
-
Matt Caswell authored
A copy&paste error as a result of the big apps cleanup broke the version specific methods in s_server. Reviewed-by: -
Rich Salz authored
Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: -
Richard Levitte authored
What could be better than to refer to the RFC that defines it? Reviewed-by:Stephen Henson <steve@openssl.org>
-
- May 05, 2015
-
-
Matt Caswell authored
Fix error in WIN32_rename() introduced by commit b4faea50 . Reviewed-by:
-
Richard Levitte authored
Reviewed-by: -
Richard Levitte authored
Reviewed-by: -
Matt Caswell authored
Ensure all fatal errors transition into the new error state for DTLS. Reviewed-by: -
Matt Caswell authored
Ensure all fatal errors transition into the new error state on the client side. Reviewed-by: -
Matt Caswell authored
Ensure all fatal errors transition into the new error state on the server side. Reviewed-by: -
Matt Caswell authored
Reusing an SSL object when it has encountered a fatal error can have bad consequences. This is a bug in application code not libssl but libssl should be more forgiving and not crash. Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Rich Salz authored
Reviewed-by: -
Matt Caswell authored
Reviewed-by: -
mancha security authored
Signed-off-by:
mancha security <mancha1@zoho.com> Signed-off-by:
-
mancha security authored
Signed-off-by:
-
Matt Caswell authored
Remove dependency on ssl_locl.h from v3_scts.c, and incidentally fix a build problem with kerberos (the dependency meant v3_scts.c was trying to include krb5.h, but without having been passed the relevanant -I flags to the compiler) Reviewed-by:
-
- May 04, 2015
-
-
Rich Salz authored
RLE is a no-op only for testing. Remove it. Reviewed-by: -
Rich Salz authored
If CA.pl is reading from /dev/null, then "chop $FILE" gives a warning. Sigh. Have to add "if $FILE". This just silences a build warning. Thanks to GitHub user andrejs-igumenovs for help with this. Reviewed-by: -
Rich Salz authored
For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: -
Richard Levitte authored
RT2943 only complains about the incorrect check of -K argument size, we might as well do the same thing with the -iv argument. Before this, we only checked that the given argument wouldn't give a bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and check against the size of the actual cipher used. Reviewed-by: -
Richard Levitte authored
Reviewed-by:
-
