[openssl] master update
The branch master has been updated via 3465ec99eab5803507b577d50dd0d598b852d825 (commit) via 73dadb9300bc54ac871209843faf797721f7ab88 (commit) from 0f70d6013435308ada5d0eb662b31f370b07ebd7 (commit) - Log - commit 3465ec99eab5803507b577d50dd0d598b852d825 Author: Todd Short Date: Thu Aug 5 16:38:47 2021 -0400 Sort SSL_OP names in documentation Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16236) commit 73dadb9300bc54ac871209843faf797721f7ab88 Author: Todd Short Date: Thu Aug 5 16:29:37 2021 -0400 Add missing SSL_OP flags Add missing SSL_OP flags. Correct the list of flags set by SSL_OP_ALL. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16236) --- Summary of changes: doc/man3/SSL_CTX_set_options.pod | 289 +-- 1 file changed, 153 insertions(+), 136 deletions(-) diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index df47e4dd03..dfd0c83afc 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -62,16 +62,11 @@ The following B options are available: =over 4 -=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG +=item SSL_OP_CRYPTOPRO_TLSEXT_BUG -Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. -OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. - -=item SSL_OP_DISABLE_TLSEXT_CA_NAMES - -Disable TLS Extension CA Names. You may want to disable it for security reasons -or for compatibility with some Windows TLS implementations crashing when this -extension is larger than 1024 bytes. +Add server-hello extension from the early version of cryptopro draft +when GOST ciphersuite is negotiated. Required for interoperability with CryptoPro +CSP 3.x. =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS @@ -80,6 +75,11 @@ vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL implementations. This option has no effect for connections using other ciphers. +=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG + +Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. +OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. + =item SSL_OP_TLSEXT_PADDING Adds a padding extension to ensure the ClientHello size is never between @@ -100,17 +100,20 @@ The following B options are available: =over 4 -=item SSL_OP_TLS_ROLLBACK_BUG +=item SSL_OP_ALLOW_CLIENT_RENEGOTIATION -Disable version rollback attack detection. +Client-initiated renegotiation is disabled by default. Use +this option to enable it. -During the client key exchange, the client must send the same information -about acceptable SSL/TLS protocol levels as during the first hello. Some -clients violate this rule by adapting to the server's answer. (Example: -the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server -only understands up to SSLv3. In this case the client must still use the -same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect -to the server's answer and violate the version rollback protection.) +=item SSL_OP_ALLOW_NO_DHE_KEX + +In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. + +=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + +Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the B section for more details. =item SSL_OP_CIPHER_SERVER_PREFERENCE @@ -119,81 +122,103 @@ preferences. When not set, the SSL server will always follow the clients preferences. When set, the SSL/TLS server will choose following its own preferences. -=item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, -SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 +=item SSL_OP_CISCO_ANYCONNECT -These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol -versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, -respectively. -As of OpenSSL 1.1.0, these options are deprecated, use -L and -L instead. +Use Cisco's version identifier of DTLS_BAD_VER when establishing a DTLSv1 +connection. Only available when using the deprecated DTLSv1_client_method() API. -=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION - -When performing renegotiation as a server, always start a new session -(i.e., session resumption requests are only accepted in the initial -handshake). This option is not needed for clients. - -=item SSL_OP_NO_COMPRESSION - -Do not use compression even if it is supported. +=item SSL_OP_CLEANSE_PLAINTEXT -=item SSL_OP_NO_QUERY_MTU +By default TLS connections keep a copy of received plaintext +application data in a static buffer until it
[openssl] master update
The branch master has been updated via 0f70d6013435308ada5d0eb662b31f370b07ebd7 (commit) from 12e055991e9d755c8a395f60abf97783795be626 (commit) - Log - commit 0f70d6013435308ada5d0eb662b31f370b07ebd7 Author: Tomas Mraz Date: Tue Aug 10 14:51:21 2021 +0200 EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable If key length is different from the existing key length and it is not a settable parameter, raise an error. Fixes #16277 Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16279) --- Summary of changes: crypto/evp/evp_enc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index e0f411aa06..519cab3f2b 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -986,8 +986,10 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) /* Check the cipher actually understands this parameter */ if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher), -OSSL_CIPHER_PARAM_KEYLEN) == NULL) +OSSL_CIPHER_PARAM_KEYLEN) == NULL) { +ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); return 0; +} params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, ); ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);
[openssl] master update
The branch master has been updated via 12e055991e9d755c8a395f60abf97783795be626 (commit) via aa5098021be2df0fd33bd5e8b1325c49dc519433 (commit) from c96670e59a702de71d572958ff60fda5f78637c2 (commit) - Log - commit 12e055991e9d755c8a395f60abf97783795be626 Author: Tomas Mraz Date: Tue Aug 10 09:18:19 2021 +0200 dsatest: Properly detect failure in generate/sign/verify Reviewed-by: Dmitry Belyavskiy Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16268) commit aa5098021be2df0fd33bd5e8b1325c49dc519433 Author: Tomas Mraz Date: Mon Aug 9 10:42:46 2021 +0200 Set FFC_PARAM_FLAG_VALIDATE_LEGACY on params generated with FIPS 186-2 gen Fixes #16261 Reviewed-by: Dmitry Belyavskiy Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16268) --- Summary of changes: crypto/ffc/ffc_params_generate.c | 10 +++--- test/dsatest.c | 8 +--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 36b5a873a7..f0601e1644 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -1047,7 +1047,11 @@ int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, int type, size_t L, size_t N, int *res, BN_GENCB *cb) { -return ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, -FFC_PARAM_MODE_GENERATE, -type, L, N, res, cb); +if (!ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, + FFC_PARAM_MODE_GENERATE, + type, L, N, res, cb)) +return 0; + +ossl_ffc_params_enable_flags(params, FFC_PARAM_FLAG_VALIDATE_LEGACY, 1); +return 1; } diff --git a/test/dsatest.c b/test/dsatest.c index 533fba1cbc..2d34ca4261 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -108,9 +108,11 @@ static int dsa_test(void) if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i)) goto end; -DSA_generate_key(dsa); -DSA_sign(0, str1, 20, sig, , dsa); -if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa))) +if (!TEST_true(DSA_generate_key(dsa))) +goto end; +if (!TEST_true(DSA_sign(0, str1, 20, sig, , dsa))) +goto end; +if (TEST_int_gt(DSA_verify(0, str1, 20, sig, siglen, dsa), 0)) ret = 1; end:
[openssl] master update
The branch master has been updated via c96670e59a702de71d572958ff60fda5f78637c2 (commit) from b4f1b7b65871de8f44228e77fc9ab2ac8b6d7918 (commit) - Log - commit c96670e59a702de71d572958ff60fda5f78637c2 Author: Tomas Mraz Date: Tue Aug 10 09:00:22 2021 +0200 aes_v8_xts_encrypt is present only on 64bit arm builds Fixes #16273 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/16275) --- Summary of changes: include/crypto/aes_platform.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h index f1b1d62549..015c3bd4ab 100644 --- a/include/crypto/aes_platform.h +++ b/include/crypto/aes_platform.h @@ -92,7 +92,7 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, #define HWAES_decrypt aes_v8_decrypt #define HWAES_cbc_encrypt aes_v8_cbc_encrypt #define HWAES_ecb_encrypt aes_v8_ecb_encrypt -#if __ARM_MAX_ARCH__>=8 +#if __ARM_MAX_ARCH__>=8 && defined(__aarch64__) # define HWAES_xts_encrypt aes_v8_xts_encrypt # define HWAES_xts_decrypt aes_v8_xts_decrypt #endif
Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3D6u0m_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeG7DdGzAT35MBHM6lO23Zo6gafVLJ90OZ9-2F70KXAoWEoLSRmk5OWJOJ8b1gRZVd5gufUDe2I3tF7mp48f30dEgjqurjE4rKMh4FE2vz6DajGTMHWPh0KujIFryZ-2BttxPm-2BxZZxr73vMIYQBDZxaijAaV-2Fm-2FDw92m1qgPXWJGwsrUgbqX8aHvtjKDLuv0xaP0Cg-3D Build ID: 401815 Analysis Summary: New defects found: 0 Defects eliminated: 0
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DWior_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHPIjnVeCokGFnWJBu3Nq5P-2BDwIQivRjS79Dg74KbZ9f-2FxmkVjGoeFTap1935c9vp-2F21n778nxJuWLN3beEQnXk2TvQTYvpfZwGRTCHPOFMdxZ-2BNUOhxPWOeIoM4fRT3B26ATk4YbAWT9Bv8-2FukqgTVnnuA-2FhEZu-2F66gwZgagWlVJurwE-2BUSNSqgkNJPGOUcOY-3D Build ID: 401814 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] master update
The branch master has been updated via b4f1b7b65871de8f44228e77fc9ab2ac8b6d7918 (commit) from ad2fc0bed4a111a5ff6803ee2ed0fee98db9d2f2 (commit) - Log - commit b4f1b7b65871de8f44228e77fc9ab2ac8b6d7918 Author: Dmitry Belyavskiy Date: Wed Aug 4 15:40:24 2021 +0200 Omitted signature_algorithms extension alerts updated Fixes #15484 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16217) --- Summary of changes: ssl/t1_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3579202c22..9345838f6a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3302,7 +3302,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) { if (!fatalerrs) return 1; -SSLfatal(s, SSL_AD_INTERNAL_ERROR, +SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM); return 0; } @@ -3317,7 +3317,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) if (i == sent_sigslen) { if (!fatalerrs) return 1; -SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, +SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); return 0; }
[openssl] master update
The branch master has been updated via ad2fc0bed4a111a5ff6803ee2ed0fee98db9d2f2 (commit) from 474294cb664c5ac5184b7fc1a3ef37214f1f2250 (commit) - Log - commit ad2fc0bed4a111a5ff6803ee2ed0fee98db9d2f2 Author: David Bohman Date: Fri Aug 6 15:23:00 2021 -0700 MacOS: Add an include of The include is added before , as required by older releases of the macOS developer tools. Fixes #16248 CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16258) --- Summary of changes: providers/implementations/rands/seeding/rand_unix.c | 1 + 1 file changed, 1 insertion(+) diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c index eab08a8150..5048383077 100644 --- a/providers/implementations/rands/seeding/rand_unix.c +++ b/providers/implementations/rands/seeding/rand_unix.c @@ -41,6 +41,7 @@ # include #endif #if defined(__APPLE__) +# include # include #endif