Commits · f07d639edf849413e24845301fd514ff4a606000 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

10 Nov, 2016 12 commits

Fix the no-tls option · f07d639e
Matt Caswell authored Nov 10, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
f07d639e
Fix no-cms (CVE-2016-7053) · 9d7ce8d4
Richard Levitte authored Nov 10, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
9d7ce8d4

test/evptests.txt: add negative tests for AEAD ciphers. · 70d8b304

Andy Polyakov authored Nov 01, 2016



This is done by taking one vector, "corrupting" last bit of the
tag value and verifying that decrypt fails.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

70d8b304

test: add TLS application data corruption test. · c5a56992
Andy Polyakov authored Oct 31, 2016
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
c5a56992
add test for CVE-2016-7053 · a378a469
Dr. Stephen Henson authored Oct 14, 2016
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
a378a469

Don't set choice selector on parse failure. · f962541d

Dr. Stephen Henson authored Oct 14, 2016



Don't set choice selector on parse failure: this can pass unexpected
values to the choice callback. Instead free up partial structure
directly.

CVE-2016-7053

Thanks to Tyler Nighswander of ForAllSecure for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>

f962541d

chacha20/poly1305: make sure to clear the buffer at correct position · bf52165b

Richard Levitte authored Nov 04, 2016



The offset to the memory to clear was incorrect, causing a heap buffer
overflow.

CVE-2016-7054

Thanks to Robert Święcki for reporting this

Reviewed-by: Rich Salz <rsalz@openssl.org>

bf52165b

aes/asm/aesp8-ppc.pl: improve [backward] portability. · a54aba53

Andy Polyakov authored Nov 08, 2016

Some of stone-age assembler can't cope with r0 in address. It's actually
sensible thing to do, because r0 is shunted to 0 in address arithmetic
and by refusing r0 assembler effectively makes you understand that.

Reviewed-by: Rich Salz <rsalz@openssl.org>

a54aba53

bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity). · 2fac86d9
Andy Polyakov authored Nov 06, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
2fac86d9
test/bntest.c: regression test for CVE-2016-7055. · dca2e0ee
Andy Polyakov authored Nov 06, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
dca2e0ee

Fix the evp_test Ctrl keyword processing · dfbdf4ab

Richard Levitte authored Nov 10, 2016



Skip the test if the value after ":" is a disabled algorithm, rather
than failing it

Reviewed-by: Matt Caswell <matt@openssl.org>

dfbdf4ab

Fix no-dso (shlibloadtest) · 586b79d8
Richard Levitte authored Nov 10, 2016
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
586b79d8

09 Nov, 2016 28 commits

Address some supported_versions review comments · f2342b7a

Matt Caswell authored Nov 09, 2016



Added some TODOs, refactored a couple of things and added a SSL_IS_TLS13()
macro.

Reviewed-by: Rich Salz <rsalz@openssl.org>

f2342b7a

Remove some redundant trace code · 60e3b3c5

Matt Caswell authored Nov 09, 2016



No need to have a supported versions table and a versions table. They
should be the same.

Reviewed-by: Rich Salz <rsalz@openssl.org>

60e3b3c5

Fix some missing checks for TLS1_3_VERSION_DRAFT · b97667ce

Matt Caswell authored Nov 07, 2016



There were a few places where we weren't checking to see if we were using
the draft TLS1.3 version or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>

b97667ce

Give the test with only TLS1.1 and TLS1.0 a better name · 54682aa3
Matt Caswell authored Nov 07, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
54682aa3

Add a TODO(TLS1.3) about renegotation · d2f42576

Matt Caswell authored Nov 02, 2016



Renegotiation does not exist in TLS1.3, so we need to disable it at some
point.

Reviewed-by: Rich Salz <rsalz@openssl.org>

d2f42576

Add some more version tests · 17d01b42

Matt Caswell authored Nov 02, 2016



Send a TLS1.4 ClientHello with supported_versions and get TLS1.3
Send a TLS1.3 ClientHello without supported_versions and get TLS1.2

Reviewed-by: Rich Salz <rsalz@openssl.org>

17d01b42

A style tweak based on feedback received · bf0ba5e7

Matt Caswell authored Nov 01, 2016



Replace a bare ";" with "continue;" for the body of a for loop.

Reviewed-by: Rich Salz <rsalz@openssl.org>

bf0ba5e7

Look at the supported_versions extension even if the server <TLS1.3 · 7b21c00e
Matt Caswell authored Oct 31, 2016
```
If supported_versions is present it takes precedence.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
7b21c00e

Ensure that vent->smeth != NULL before we call vent->smeth() · bf85ef1b

Matt Caswell authored Nov 02, 2016



We can end up with a NULL SSL_METHOD function if a method has been
disabled. If that happens then we shouldn't call vent->smeth().

Reviewed-by: Rich Salz <rsalz@openssl.org>

bf85ef1b

Address some review feedback comments for supported_versions · 16bce0e0
Matt Caswell authored Oct 31, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
16bce0e0
Add a test for the supported_versions extension · 203b1cdf
Matt Caswell authored Oct 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
203b1cdf
Update TLS1.3 draft version numbers for latest draft · 619d8336
Matt Caswell authored Oct 27, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
619d8336
Add server side support for supported_versions extension · cd998837
Matt Caswell authored Oct 23, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
cd998837
Ensure that the -trace option can interpret the supported_versions extension · 5506e835
Matt Caswell authored Oct 21, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
5506e835
Add the ability to send the supported_versions extension · b5b253b1
Matt Caswell authored Oct 21, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
b5b253b1

When no SRP identity is found, no error was reported server side · 7bb37cb5

EasySec authored Nov 05, 2016



Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1859)

7bb37cb5

Add main() test methods to reduce test boilerplate. · e364c3b2

Emilia Kasper authored Nov 07, 2016



Simple tests only need to implement register_tests().
Tests that need a custom main() should implement test_main(). This will
be wrapped in a main() that performs common setup/teardown (currently
crypto-mdebug).

Note that for normal development, enable-asan is usually
sufficient for detecting leaks, and more versatile.

enable-crypto-mdebug is stricter as it will also
insist that all static variables be freed. This is useful for debugging
library init/deinit; however, it also means that test_main() must free
everything it allocates.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

e364c3b2

dtl_mtu_test doesn't follow BIO_* conventions and make Windows build fail · 7380737d
EasySec authored Nov 03, 2016
```
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
7380737d
Ensure the key and iv labels are declared as static · 6925a948
Matt Caswell authored Nov 08, 2016
```
Fixes a travis failure

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
6925a948
Add a test for the TLS1.3 secret generation · 134bfe56
Matt Caswell authored Nov 07, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
134bfe56

Add support for TLS1.3 secret generation · 34574f19

Matt Caswell authored Nov 08, 2016



Nothing is using this yet, it just adds the underlying functions necesary
for generating the TLS1.3 secrets.

Reviewed-by: Rich Salz <rsalz@openssl.org>

34574f19

Add support for initialising WPACKETs from a static buffer · 9b36b7d9

Matt Caswell authored Nov 08, 2016



Normally WPACKETs will use a BUF_MEM which can grow as required. Sometimes
though that may be overkill for what is needed - a static buffer may be
sufficient. This adds that capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>

9b36b7d9

Add some documentation for the new HKDF modes · 327c1627
Matt Caswell authored Nov 08, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
327c1627
Following the changes to HKDF to accept a mode, add some tests for this · ddd2c389
Matt Caswell authored Nov 08, 2016
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
ddd2c389

Update HKDF to support separte Extract and Expand steps · d2139cf8

Matt Caswell authored Nov 07, 2016



At the moment you can only do an HKDF Extract and Expand in one go. For
TLS1.3 we need to be able to do an Extract first, and the subsequently do
a number of Expand steps on the same PRK.

Reviewed-by: Rich Salz <rsalz@openssl.org>

d2139cf8

Simplify and clean X509_VERIFY_PARAM new/free code. · 234b8af4

FdaSilvaYY authored Sep 15, 2016



Split x509_verify_param_zero code to the right place

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

234b8af4

Make some CLIENTHELLO_MSG function arguments const · 902aca09

Matt Caswell authored Nov 08, 2016



There were a few places where they could be declared const so this commit
does that.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

902aca09

Update a comment · 3d33f3bb

Matt Caswell authored Nov 07, 2016



The name and type of the argument to ssl_check_for_safari() has changed.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

3d33f3bb