[openssl-commits] [openssl] master update
The branch master has been updated via 3188c9509e1775f15ffd42ccfffd0e6ea1929923 (commit) from d3034d31e7c04b334dd245504dd4f56e513ca115 (commit) - Log - commit 3188c9509e1775f15ffd42ccfffd0e6ea1929923 Author: Andy PolyakovDate: Wed Aug 24 17:05:05 2016 +0200 Configurations/10-main.conf: fix solaris64-*-cc link problems. Reviewed-by: Richard Levitte --- Summary of changes: Configurations/10-main.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 4a2abae..2838c3d 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -231,7 +231,7 @@ sub vms_info { release => "-xO5 -xdepend -xbuiltin"), threads("-D_REENTRANT")), thread_scheme=> "pthreads", -lflags => add(threads("-mt")), +lflags => add("-xarch=generic64",threads("-mt")), ex_libs => add(threads("-lpthread")), bn_ops => "SIXTY_FOUR_BIT_LONG", perlasm_scheme => "elf", @@ -299,6 +299,7 @@ sub vms_info { "solaris64-sparcv9-cc" => { inherit_from => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ], cflags => add_before("-xarch=v9 -xtarget=ultra"), +lflags => add_before("-xarch=v9"), bn_ops => "BN_LLONG RC4_CHAR", shared_ldflag=> "-xarch=v9 -G -dy -z text", multilib => "/64", _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via cfd20f64cc4bd440cfc8fe59f2daaa575015af3d (commit) via ea4b7ded521134492a323b6b0c27e671cadca979 (commit) via 513a3cb16b256a5289f8441c21eebbc7f5feef9a (commit) via e12981019aa44d162a5ec553a1cfadf3b5754c9a (commit) via a0a9f36ebf70c4705d08eb93e23ae64bd28a0bbd (commit) via 76bfd2ccc37e65d33e6c14aac9c1174bc43059eb (commit) via 5edcadb12770744f912512054c9458c096aab6b7 (commit) via 0e74d7ca440a3a7fbb7ddd6873e2f494d87f8d0e (commit) via a8d5d13a5f19cde07c189f5ca05d673a4e0c7653 (commit) via 4cfdabbb09273aa9abeb8e51d8771f41196e5d75 (commit) via 882babda464ace7ec0d6dc9e68f6da29be86c1c1 (commit) via 4a388d1e05530fd922d8dce2d04d976468523106 (commit) via 32fa3da8b1333043632962de9eb0b13a12ce36a1 (commit) via e469945f2c884428b448a32154dc99f8b61d92fc (commit) via 4eabbe9d595451f40d85588ab1c8c98c1f67b1f9 (commit) via 7a2c739c0066f0ad41f1fd8ee2d0670724032c1b (commit) via 6c3e9a71ab5814ed3e603f92450041e9182d89b9 (commit) via cb8145ff4a9e2bc629cbb3b5beb01620d5b7053d (commit) via ae97a654cadef86d063b4917fdf67f81f5e71f19 (commit) via 8b12a3e75b5f41d5dee3613ce083b0acd0944124 (commit) via b4a986163cca7cf3abc30f178ce6c61ad79e3002 (commit) via efa00a46c5cac115654a4e00b8e2ec3533ebe739 (commit) via 0620ecdcd2f4e5dabb4b0d0380d4f11ef519d96c (commit) via 6b13bd1dc236126644ee91b0b52ee00d1e6347ea (commit) via 56f3f714ef3f347898706826daae56eb4b2682ed (commit) from c42b8a6e4bced8f6ecf0a0d9a0107e6e989da0c2 (commit) - Log - commit cfd20f64cc4bd440cfc8fe59f2daaa575015af3d Author: Rob Percival <robperci...@google.com> Date: Wed Aug 24 10:11:15 2016 +0100 Typo fixes Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit ea4b7ded521134492a323b6b0c27e671cadca979 Author: Rob Percival <robperci...@google.com> Date: Tue Aug 23 18:41:18 2016 +0100 Updates the CT_POLICY_EVAL_CTX POD Ownership semantics and function names have changed. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit 513a3cb16b256a5289f8441c21eebbc7f5feef9a Author: Rob Percival <robperci...@google.com> Date: Tue Aug 23 18:30:18 2016 +0100 Correct documentation about SCT setters resetting validation status Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit e12981019aa44d162a5ec553a1cfadf3b5754c9a Author: Rob Percival <robperci...@google.com> Date: Tue Aug 23 18:11:13 2016 +0100 Removes the SCT_verify* POD SCT_verify_v1 has been removed and SCT_verify is no longer part of the public API. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit a0a9f36ebf70c4705d08eb93e23ae64bd28a0bbd Author: Rob Percival <robperci...@google.com> Date: Tue Aug 23 18:05:28 2016 +0100 Documents the SCT validation functions Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit 76bfd2ccc37e65d33e6c14aac9c1174bc43059eb Author: Rob Percival <robperci...@google.com> Date: Tue Aug 23 17:39:53 2016 +0100 Removes {o2i,i2o}_SCT_signature from PODs These functions have been removed from the public API. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit 5edcadb12770744f912512054c9458c096aab6b7 Author: Rob Percival <robperci...@google.com> Date: Tue Aug 23 16:51:57 2016 +0100 Documents the CTLOG functions CTLOG_new_null() has been removed from the code, so it has also been removed from this POD. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit 0e74d7ca440a3a7fbb7ddd6873e2f494d87f8d0e Author: Rob Percival <robperci...@google.com> Date: Tue Aug 23 16:17:09 2016 +0100 Document the i2o and o2i SCT functions Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit a8d5d13a5f19cde07c189f5ca05d673a4e0c7653 Author: Rob Percival <robperci...@google.com> Date: Tue Aug 23 16:16:32 2016 +0100 Removes d2i_SCT_LIST.pod This is covered by d2i_X509.pod. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit 4cfdabbb09273aa9abeb8e51d8771f41196e5d75 Author: Rob Percival <robperci...@google.com> Date: Fri Aug 5 13:40:05 2016 +0100 Document that SCT_set_source returns 0 on failure. Reviewed-by: Rich Salz <rs...@openssl.org> Rev
[openssl-commits] [openssl] master update
The branch master has been updated via 0a307450bfdd570a09235a7ba16d6c8243bbe275 (commit) from 1beca67688189f6542c7d08233c28e8fab73dba7 (commit) - Log - commit 0a307450bfdd570a09235a7ba16d6c8243bbe275 Author: Matt Caswell <m...@openssl.org> Date: Wed Aug 24 13:54:05 2016 +0100 Fix no-ec2m The new curves test did not take into account no-ec2m Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: test/recipes/80-test_ssl_new.t | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 29e490d..175b3b2 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -43,6 +43,7 @@ my $no_dtls = alldisabled(available_protocols("dtls")); my $no_npn = disabled("nextprotoneg"); my $no_ct = disabled("ct"); my $no_ec = disabled("ec"); +my $no_ec2m = disabled("ec2m"); # Add your test here if the test conf.in generates test cases and/or # expectations dynamically based on the OpenSSL compile-time config. @@ -68,7 +69,7 @@ my %skip = ( # special-casing for. # We should review this once we have TLS 1.3. "13-fragmentation.conf" => disabled("tls1_2"), - "14-curves.conf" => disabled("tls1_2") || $no_ec + "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m ); foreach my $conf (@conf_files) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
The branch OpenSSL_1_0_1-stable has been updated via 2b4029e68fd7002d2307e6c3cde0f3784eef9c83 (commit) from e95f5e03f6f1f8d3f6cbe4b7fa48e57b4cf8fd60 (commit) - Log - commit 2b4029e68fd7002d2307e6c3cde0f3784eef9c83 Author: Dr. Stephen Henson <st...@openssl.org> Date: Fri Aug 19 23:28:29 2016 +0100 Avoid overflow in MDC2_Update() Thanks to Shi Lei for reporting this issue. CVE-2016-6303 Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07) --- Summary of changes: crypto/mdc2/mdc2dgst.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c index 6615cf8..2dce493 100644 --- a/crypto/mdc2/mdc2dgst.c +++ b/crypto/mdc2/mdc2dgst.c @@ -91,7 +91,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) i = c->num; if (i != 0) { -if (i + len < MDC2_BLOCK) { +if (len < MDC2_BLOCK - i) { /* partial block */ memcpy(&(c->data[i]), in, len); c->num += (int)len; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 1027ad4f34c30b8585592764b9a670ba36888269 (commit) from 0fff5065884d5ac61123a604bbcee30a53c808ff (commit) - Log - commit 1027ad4f34c30b8585592764b9a670ba36888269 Author: Dr. Stephen Henson <st...@openssl.org> Date: Fri Aug 19 23:28:29 2016 +0100 Avoid overflow in MDC2_Update() Thanks to Shi Lei for reporting this issue. CVE-2016-6303 Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit 55d83bf7c10c7b205fffa23fa7c3977491e56c07) --- Summary of changes: crypto/mdc2/mdc2dgst.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c index 6615cf8..2dce493 100644 --- a/crypto/mdc2/mdc2dgst.c +++ b/crypto/mdc2/mdc2dgst.c @@ -91,7 +91,7 @@ int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) i = c->num; if (i != 0) { -if (i + len < MDC2_BLOCK) { +if (len < MDC2_BLOCK - i) { /* partial block */ memcpy(&(c->data[i]), in, len); c->num += (int)len; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 1beca67688189f6542c7d08233c28e8fab73dba7 (commit) via 11fc6c761165283f5aed9aed5edd65c1bb963e79 (commit) via cb4b54c23b95e4638d643eb349d8d8dfa1cc2fd3 (commit) from 63db6b772fa264a62927f6a3584733192dc5a352 (commit) - Log - commit 1beca67688189f6542c7d08233c28e8fab73dba7 Author: Richard LevitteDate: Wed Aug 24 09:14:44 2016 +0200 CRYPTO_atomic_add(): check that the object is lock free If not, fall back to our own code, using the given mutex Reviewed-by: Andy Polyakov commit 11fc6c761165283f5aed9aed5edd65c1bb963e79 Author: Richard Levitte Date: Wed Aug 24 12:01:39 2016 +0200 CRYPTO_atomic_add(): use acquire release memory order rather than relaxed For increments, the relaxed model is fine. For decrements, it's recommended to use the acquire release model. We therefore go for the latter. Reviewed-by: Andy Polyakov commit cb4b54c23b95e4638d643eb349d8d8dfa1cc2fd3 Author: Richard Levitte Date: Wed Aug 24 13:03:20 2016 +0200 Check for __GNUC__ to use GNU C atomic buildins Note: we trust any other compiler that fully implements GNU extension to define __GNUC__ RT#4642 Reviewed-by: Andy Polyakov --- Summary of changes: crypto/threads_pthread.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index 6f5e812..5cc48af 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -109,9 +109,12 @@ int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { -#ifdef __ATOMIC_RELAXED -*ret = __atomic_add_fetch(val, amount, __ATOMIC_RELAXED); -#else +# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) +if (__atomic_is_lock_free(sizeof(*val), val)) { +*ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL); +return 1; +} +# endif if (!CRYPTO_THREAD_write_lock(lock)) return 0; @@ -120,7 +123,6 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) if (!CRYPTO_THREAD_unlock(lock)) return 0; -#endif return 1; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via efba7787cd0036d667943070265ca8aef59e9d00 (commit) from 0a307450bfdd570a09235a7ba16d6c8243bbe275 (commit) - Log - commit efba7787cd0036d667943070265ca8aef59e9d00 Author: Matt Caswell <m...@openssl.org> Date: Wed Aug 24 13:36:07 2016 +0100 Clarify the error messages in 08f6ae5b28 Ensure it is clear to the user why there has been an error. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: apps/cms.c | 12 ++-- apps/req.c | 2 +- apps/x509.c | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index 9c41a97..b9eec24 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -413,8 +413,8 @@ int cms_main(int argc, char **argv) break; case OPT_SECRETKEY: if (secret_key != NULL) { -/* Cannot be supplied twice */ -BIO_printf(bio_err, "Invalid key %s\n", opt_arg()); +BIO_printf(bio_err, "Invalid key (supplied twice) %s\n", + opt_arg()); goto opthelp; } secret_key = OPENSSL_hexstr2buf(opt_arg(), ); @@ -426,8 +426,8 @@ int cms_main(int argc, char **argv) break; case OPT_SECRETKEYID: if (secret_keyid != NULL) { -/* Cannot be supplied twice */ -BIO_printf(bio_err, "Invalid id %s\n", opt_arg()); +BIO_printf(bio_err, "Invalid id (supplied twice) %s\n", + opt_arg()); goto opthelp; } secret_keyid = OPENSSL_hexstr2buf(opt_arg(), ); @@ -442,8 +442,8 @@ int cms_main(int argc, char **argv) break; case OPT_ECONTENT_TYPE: if (econtent_type != NULL) { -/* Cannot be supplied twice */ -BIO_printf(bio_err, "Invalid OID %s\n", opt_arg()); +BIO_printf(bio_err, "Invalid OID (supplied twice) %s\n", + opt_arg()); goto opthelp; } econtent_type = OBJ_txt2obj(opt_arg(), 0); diff --git a/apps/req.c b/apps/req.c index fb37f7d..8ebe1ec 100644 --- a/apps/req.c +++ b/apps/req.c @@ -296,7 +296,7 @@ int req_main(int argc, char **argv) break; case OPT_SET_SERIAL: if (serial != NULL) { -/* Cannot be supplied twice */ +BIO_printf(bio_err, "Serial number supplied twice\n"); goto opthelp; } serial = s2i_ASN1_INTEGER(NULL, opt_arg()); diff --git a/apps/x509.c b/apps/x509.c index 9e51012..20db458 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -262,7 +262,7 @@ int x509_main(int argc, char **argv) break; case OPT_SET_SERIAL: if (sno != NULL) { -/* Cannot be supplied twice */ +BIO_printf(bio_err, "Serial number supplied twice\n"); goto opthelp; } if ((sno = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via c42b8a6e4bced8f6ecf0a0d9a0107e6e989da0c2 (commit) via fe81a1b0515bf51983150dc7c428ed4c9fd31c7a (commit) via 08f6ae5b2896a22e1e16de3e363d1ea314700b0b (commit) from c74aea8d6ccdf07ce826a9451887739b8aa64096 (commit) - Log - commit c42b8a6e4bced8f6ecf0a0d9a0107e6e989da0c2 Author: Matt Caswell <m...@openssl.org> Date: Wed Aug 24 11:28:58 2016 +0100 Remove some dead code from rec_layer_s3.c It is never valid to call ssl3_read_bytes with type == SSL3_RT_CHANGE_CIPHER_SPEC, and in fact we check for valid values for type near the beginning of the function. Therefore this check will never be true and can be removed. Reviewed-by: Tim Hudson <t...@openssl.org> commit fe81a1b0515bf51983150dc7c428ed4c9fd31c7a Author: Matt Caswell <m...@openssl.org> Date: Wed Aug 24 11:25:23 2016 +0100 Remove useless assignment The variable assignment c1 is never read before it is overwritten. Reviewed-by: Tim Hudson <t...@openssl.org> commit 08f6ae5b2896a22e1e16de3e363d1ea314700b0b Author: Matt Caswell <m...@openssl.org> Date: Wed Aug 24 11:22:47 2016 +0100 Fix some resource leaks in the apps Reviewed-by: Tim Hudson <t...@openssl.org> --- Summary of changes: apps/cms.c| 15 +++ apps/req.c| 4 apps/spkac.c | 4 +++- apps/x509.c | 4 crypto/bn/bn_mul.c| 3 +-- ssl/record/rec_layer_s3.c | 6 -- 6 files changed, 27 insertions(+), 9 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index 52186d2..9c41a97 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -412,6 +412,11 @@ int cms_main(int argc, char **argv) noout = print = 1; break; case OPT_SECRETKEY: +if (secret_key != NULL) { +/* Cannot be supplied twice */ +BIO_printf(bio_err, "Invalid key %s\n", opt_arg()); +goto opthelp; +} secret_key = OPENSSL_hexstr2buf(opt_arg(), ); if (secret_key == NULL) { BIO_printf(bio_err, "Invalid key %s\n", opt_arg()); @@ -420,6 +425,11 @@ int cms_main(int argc, char **argv) secret_keylen = (size_t)ltmp; break; case OPT_SECRETKEYID: +if (secret_keyid != NULL) { +/* Cannot be supplied twice */ +BIO_printf(bio_err, "Invalid id %s\n", opt_arg()); +goto opthelp; +} secret_keyid = OPENSSL_hexstr2buf(opt_arg(), ); if (secret_keyid == NULL) { BIO_printf(bio_err, "Invalid id %s\n", opt_arg()); @@ -431,6 +441,11 @@ int cms_main(int argc, char **argv) pwri_pass = (unsigned char *)opt_arg(); break; case OPT_ECONTENT_TYPE: +if (econtent_type != NULL) { +/* Cannot be supplied twice */ +BIO_printf(bio_err, "Invalid OID %s\n", opt_arg()); +goto opthelp; +} econtent_type = OBJ_txt2obj(opt_arg(), 0); if (econtent_type == NULL) { BIO_printf(bio_err, "Invalid OID %s\n", opt_arg()); diff --git a/apps/req.c b/apps/req.c index 2666124..fb37f7d 100644 --- a/apps/req.c +++ b/apps/req.c @@ -295,6 +295,10 @@ int req_main(int argc, char **argv) days = atoi(opt_arg()); break; case OPT_SET_SERIAL: +if (serial != NULL) { +/* Cannot be supplied twice */ +goto opthelp; +} serial = s2i_ASN1_INTEGER(NULL, opt_arg()); if (serial == NULL) goto opthelp; diff --git a/apps/spkac.c b/apps/spkac.c index b6fc46d..a365406 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -130,8 +130,10 @@ int spkac_main(int argc, char **argv) spkstr = NETSCAPE_SPKI_b64_encode(spki); out = bio_open_default(outfile, 'w', FORMAT_TEXT); -if (out == NULL) +if (out == NULL) { +OPENSSL_free(spkstr); goto end; +} BIO_printf(out, "SPKAC=%s\n", spkstr); OPENSSL_free(spkstr); ret = 0; diff --git a/apps/x509.c b/apps/x509.c index 05aa554..9e51012 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -261,6 +261,10 @@ int x509_main(int argc, char **argv) CAserial = opt_arg(); break; case OPT_SET_SERIAL: +if (sno != NULL) { +/* Cannot be supplied twice */ +goto opthelp; +} if ((sno = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) goto opthelp; break; diff --git a/cryp
[openssl-commits] [openssl] master update
The branch master has been updated via 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083 (commit) from 55386bef807c7edd0f1db036c0ed464b28a61d68 (commit) - Log - commit 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083 Author: Matt Caswell <m...@openssl.org> Date: Wed Sep 28 14:12:26 2016 +0100 Fix an Uninit read in DTLS If we have a handshake fragment waiting then dtls1_read_bytes() was not correctly setting the value of recvd_type, leading to an uninit read. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/record/rec_layer_d1.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 2455c2b..1d16319 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -359,8 +359,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* * check whether there's a handshake message (client hello?) waiting */ -if ((ret = have_handshake_fragment(s, type, buf, len))) +if ((ret = have_handshake_fragment(s, type, buf, len))) { +*recvd_type = SSL3_RT_HANDSHAKE; return ret; +} /* * Now s->rlayer.d->handshake_fragment_len == 0 if _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 61b1eb2c67542c85311843300f49d019f80afc6c (commit) from dd63da7032c655afcc80b82c38f2805b8f9476cf (commit) - Log - commit 61b1eb2c67542c85311843300f49d019f80afc6c Author: Matt Caswell <m...@openssl.org> Date: Wed Sep 28 14:12:26 2016 +0100 Fix an Uninit read in DTLS If we have a handshake fragment waiting then dtls1_read_bytes() was not correctly setting the value of recvd_type, leading to an uninit read. Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083) --- Summary of changes: ssl/record/rec_layer_d1.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 2455c2b..1d16319 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -359,8 +359,10 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* * check whether there's a handshake message (client hello?) waiting */ -if ((ret = have_handshake_fragment(s, type, buf, len))) +if ((ret = have_handshake_fragment(s, type, buf, len))) { +*recvd_type = SSL3_RT_HANDSHAKE; return ret; +} /* * Now s->rlayer.d->handshake_fragment_len == 0 if _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 55386bef807c7edd0f1db036c0ed464b28a61d68 (commit) from 49e476a5382602d0bad1139d6f1f66ddbc7959d6 (commit) - Log - commit 55386bef807c7edd0f1db036c0ed464b28a61d68 Author: Matt Caswell <m...@openssl.org> Date: Wed Sep 28 09:35:05 2016 +0100 Fix no-dtls The new large message test in sslapitest needs OPENSSL_NO_DTLS guards Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: test/sslapitest.c | 4 1 file changed, 4 insertions(+) diff --git a/test/sslapitest.c b/test/sslapitest.c index b08eb8c..4d22d8e 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -108,11 +108,13 @@ static int test_large_message_tls(void) return execute_test_large_message(TLS_server_method(), TLS_client_method()); } +#ifndef OPENSSL_NO_DTLS static int test_large_message_dtls(void) { return execute_test_large_message(DTLS_server_method(), DTLS_client_method()); } +#endif static int ocsp_server_cb(SSL *s, void *arg) { @@ -861,7 +863,9 @@ int main(int argc, char *argv[]) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ADD_TEST(test_large_message_tls); +#ifndef OPENSSL_NO_DTLS ADD_TEST(test_large_message_dtls); +#endif ADD_TEST(test_tlsext_status_type); ADD_TEST(test_session_with_only_int_cache); ADD_TEST(test_session_with_only_ext_cache); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 25849a8f8bb64956f35a8a2a160ae0de1d2990c6 (commit) via 7facdbd66f19f4a87cf2a5a335568c879772d92f (commit) via 7507e73d409b8f3046d6efcc3f4c0b6208b59b64 (commit) via 150e298551a6788baac56c0c89dc8b8342ac0079 (commit) via 8157d44b624da08142f3f9f6edc37fb5542c2573 (commit) from 2f2d6e3e3ccd1ae7bba9f1af62f97dfca986e083 (commit) - Log - commit 25849a8f8bb64956f35a8a2a160ae0de1d2990c6 Author: Matt Caswell <m...@openssl.org> Date: Thu Sep 29 10:06:11 2016 +0100 Address style feedback comments Merge declarations of same type together. Reviewed-by: Rich Salz <rs...@openssl.org> commit 7facdbd66f19f4a87cf2a5a335568c879772d92f Author: Matt Caswell <m...@openssl.org> Date: Wed Sep 28 13:33:41 2016 +0100 Fix a bug in the construction of the ClienHello SRTP extension Reviewed-by: Rich Salz <rs...@openssl.org> commit 7507e73d409b8f3046d6efcc3f4c0b6208b59b64 Author: Matt Caswell <m...@openssl.org> Date: Wed Sep 28 12:03:30 2016 +0100 Fix heartbeat compilation error Reviewed-by: Rich Salz <rs...@openssl.org> commit 150e298551a6788baac56c0c89dc8b8342ac0079 Author: Matt Caswell <m...@openssl.org> Date: Wed Sep 28 11:15:36 2016 +0100 Delete some unneeded code Some functions were being called from both code that used WPACKETs and code that did not. Now that more code has been converted to use WPACKETs some of that duplication can be removed. Reviewed-by: Rich Salz <rs...@openssl.org> commit 8157d44b624da08142f3f9f6edc37fb5542c2573 Author: Matt Caswell <m...@openssl.org> Date: Wed Sep 28 11:13:48 2016 +0100 Convert ServerHello construction to WPACKET Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/d1_srtp.c| 24 -- ssl/s3_lib.c | 20 - ssl/ssl_locl.h | 11 +-- ssl/statem/statem_srvr.c | 82 +++ ssl/t1_ext.c | 65 --- ssl/t1_lib.c | 209 +-- ssl/t1_reneg.c | 36 +++- 7 files changed, 138 insertions(+), 309 deletions(-) diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index b5e5ef3..bcefb9e 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -203,30 +203,6 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) return 0; } -int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, - int maxlen) -{ -if (p) { -if (maxlen < 5) { -SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, - SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG); -return 1; -} - -if (s->srtp_profile == 0) { -SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, - SSL_R_USE_SRTP_NOT_NEGOTIATED); -return 1; -} -s2n(2, p); -s2n(s->srtp_profile->id, p); -*p++ = 0; -} -*len = 5; - -return 0; -} - int ssl_parse_serverhello_use_srtp_ext(SSL *s, PACKET *pkt, int *al) { unsigned int id, ct, mki; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 2a4dc6d..2115a7e 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3571,26 +3571,6 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) return cp; } -/* - * Old version of the ssl3_put_cipher_by_char function used by code that has not - * yet been converted to WPACKET yet. It will be deleted once WPACKET conversion - * is complete. - * TODO - DELETE ME - */ -int ssl3_put_cipher_by_char_old(const SSL_CIPHER *c, unsigned char *p) -{ -long l; - -if (p != NULL) { -l = c->id; -if ((l & 0xff00) != 0x0300) -return (0); -p[0] = ((unsigned char)(l >> 8L)) & 0xFF; -p[1] = ((unsigned char)(l)) & 0xFF; -} -return (2); -} - int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) { if ((c->id & 0xff00) != 0x0300) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 630fea8..7dbff76 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1863,7 +1863,6 @@ __owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey); __owur EVP_PKEY *ssl_dh_to_pkey(DH *dh); __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); -__owur int ssl3_put_cipher_by_char_old(const SSL_CIPHER *c, unsigned char *p); __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len); int ssl3_init_finished_mac(SSL *s); @@ -2017,8 +2016,7 @@ __owur int tls1_shared_list(SSL *s, const unsigned char *l1, size_t l1len,
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via dd63da7032c655afcc80b82c38f2805b8f9476cf (commit) from a1b791225f2913ace014071bfb9099790ef468e5 (commit) - Log - commit dd63da7032c655afcc80b82c38f2805b8f9476cf Author: Matt Caswell <m...@openssl.org> Date: Wed Sep 28 09:35:05 2016 +0100 Fix no-dtls The new large message test in sslapitest needs OPENSSL_NO_DTLS guards Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit 55386bef807c7edd0f1db036c0ed464b28a61d68) --- Summary of changes: test/sslapitest.c | 4 1 file changed, 4 insertions(+) diff --git a/test/sslapitest.c b/test/sslapitest.c index b08eb8c..4d22d8e 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -108,11 +108,13 @@ static int test_large_message_tls(void) return execute_test_large_message(TLS_server_method(), TLS_client_method()); } +#ifndef OPENSSL_NO_DTLS static int test_large_message_dtls(void) { return execute_test_large_message(DTLS_server_method(), DTLS_client_method()); } +#endif static int ocsp_server_cb(SSL *s, void *arg) { @@ -861,7 +863,9 @@ int main(int argc, char *argv[]) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ADD_TEST(test_large_message_tls); +#ifndef OPENSSL_NO_DTLS ADD_TEST(test_large_message_dtls); +#endif ADD_TEST(test_tlsext_status_type); ADD_TEST(test_session_with_only_int_cache); ADD_TEST(test_session_with_only_ext_cache); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 8061fdc8d3048220a758ad1304669944810ac386 (commit) via f1522af442d4154db28928ab178c258f07ed4c5e (commit) via d17300093cfc1994891cc50909bb2bc88237de7d (commit) via cccaf5d60b5ac37c7c300199a88a46edf6fe3fb5 (commit) from a7511d72a32e13ab007f2f02fa1433965cbfe6ed (commit) - Log - commit 8061fdc8d3048220a758ad1304669944810ac386 Author: Matt Caswell <m...@openssl.org> Date: Tue Sep 27 12:24:47 2016 +0100 Add DTLS renegotiation tests Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit f9b1b6644a3a8fc6d617625ad979ee61cb67d381) commit f1522af442d4154db28928ab178c258f07ed4c5e Author: Matt Caswell <m...@openssl.org> Date: Tue Sep 27 11:50:43 2016 +0100 Extend the renegotiation tests Add the ability to test both server initiated and client initiated reneg. Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit fe7dd5534176d1b04be046fcbaad24430c8727e0) commit d17300093cfc1994891cc50909bb2bc88237de7d Author: Matt Caswell <m...@openssl.org> Date: Tue Sep 27 10:18:00 2016 +0100 Update README.ssltest.md Add update for testing renegotiation. Also change info on CTLOG_FILE environment variable - which always seems to be required. Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit 1329b952a675c3c445b73b34bf9f09483fbc759c) commit cccaf5d60b5ac37c7c300199a88a46edf6fe3fb5 Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 17:25:43 2016 +0100 Add support for testing renegotiation Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit e42c4544c88046a01c53a81aeb9d48685d708cf9) --- Summary of changes: test/README.ssltest.md | 14 ++-- test/handshake_helper.c| 116 +++-- test/recipes/80-test_ssl_new.t | 3 +- test/ssl-tests/17-renegotiate.conf | 114 test/ssl-tests/17-renegotiate.conf.in | 67 + test/ssl-tests/18-dtls-renegotiate.conf| 86 + test/ssl-tests/18-dtls-renegotiate.conf.in | 63 test/ssl_test_ctx.c| 3 +- test/ssl_test_ctx.h| 4 +- 9 files changed, 450 insertions(+), 20 deletions(-) create mode 100644 test/ssl-tests/17-renegotiate.conf create mode 100644 test/ssl-tests/17-renegotiate.conf.in create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf.in diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 8923578..e28d4b0 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -38,7 +38,8 @@ The test section supports the following options * HandshakeMode - which handshake flavour to test: - Simple - plain handshake (default) - Resume - test resumption - - (Renegotiate - test renegotiation, not yet implemented) + - RenegotiateServer - test server initiated renegotiation + - RenegotiateClient - test client initiated renegotiation When HandshakeMode is Resume or Renegotiate, the original handshake is expected to succeed. All configured test expectations are verified against the second @@ -245,20 +246,17 @@ environment variable to point to the location of the certs. E.g., from the root OpenSSL directory, do ``` -$ TEST_CERTS_DIR=test/certs test/ssl_test test/ssl-tests/01-simple.conf +$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \ + test/ssl-tests/01-simple.conf ``` or for shared builds ``` -$ TEST_CERTS_DIR=test/certs util/shlib_wrap.sh test/ssl_test \ - test/ssl-tests/01-simple.conf +$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs \ + util/shlib_wrap.sh test/ssl_test test/ssl-tests/01-simple.conf ``` -Some tests also need additional environment variables; for example, Certificate -Transparency tests need a `CTLOG_FILE`. See `test/recipes/80-test_ssl_new.t` for -details. - Note that the test expectations sometimes depend on the Configure settings. For example, the negotiated protocol depends on the set of available (enabled) protocols: a build with `enable-ssl3` has different test expectations than a diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 90e18fc..c14d8e3 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -583,6 +583,85 @@ static void do_app_data_step(PEER *peer) } } +static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) +{ +int ret; +char buf; + +TEST_check(peer->status == PEER_RETRY); +TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER +|| test_c
[openssl-commits] [openssl] master update
The branch master has been updated via f9b1b6644a3a8fc6d617625ad979ee61cb67d381 (commit) via fe7dd5534176d1b04be046fcbaad24430c8727e0 (commit) via 1329b952a675c3c445b73b34bf9f09483fbc759c (commit) via e42c4544c88046a01c53a81aeb9d48685d708cf9 (commit) via 2f97192c78928ab2b2d44ac2f4859c321f57fd1f (commit) via 0086ca4e9bcfc9b8598c81ee356f57130f5fbe5f (commit) from 243ecf19ddc0dc2366de1be5c404d66d483b196d (commit) - Log - commit f9b1b6644a3a8fc6d617625ad979ee61cb67d381 Author: Matt Caswell <m...@openssl.org> Date: Tue Sep 27 12:24:47 2016 +0100 Add DTLS renegotiation tests Reviewed-by: Rich Salz <rs...@openssl.org> commit fe7dd5534176d1b04be046fcbaad24430c8727e0 Author: Matt Caswell <m...@openssl.org> Date: Tue Sep 27 11:50:43 2016 +0100 Extend the renegotiation tests Add the ability to test both server initiated and client initiated reneg. Reviewed-by: Rich Salz <rs...@openssl.org> commit 1329b952a675c3c445b73b34bf9f09483fbc759c Author: Matt Caswell <m...@openssl.org> Date: Tue Sep 27 10:18:00 2016 +0100 Update README.ssltest.md Add update for testing renegotiation. Also change info on CTLOG_FILE environment variable - which always seems to be required. Reviewed-by: Rich Salz <rs...@openssl.org> commit e42c4544c88046a01c53a81aeb9d48685d708cf9 Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 17:25:43 2016 +0100 Add support for testing renegotiation Reviewed-by: Rich Salz <rs...@openssl.org> commit 2f97192c78928ab2b2d44ac2f4859c321f57fd1f Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 15:31:20 2016 +0100 Fix a bug in Renegotiation extension construction The conversion to WPACKET broke the construction of the renegotiation extension. Reviewed-by: Rich Salz <rs...@openssl.org> commit 0086ca4e9bcfc9b8598c81ee356f57130f5fbe5f Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 14:59:08 2016 +0100 Convert HelloRequest construction to WPACKET Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/statem/statem_srvr.c | 7 +- ssl/t1_lib.c | 6 +- test/README.ssltest.md | 14 ++-- test/handshake_helper.c| 116 +++-- test/recipes/80-test_ssl_new.t | 3 +- test/ssl-tests/17-renegotiate.conf | 114 test/ssl-tests/17-renegotiate.conf.in | 67 + test/ssl-tests/18-dtls-renegotiate.conf| 86 + test/ssl-tests/18-dtls-renegotiate.conf.in | 63 test/ssl_test_ctx.c| 3 +- test/ssl_test_ctx.h| 4 +- 11 files changed, 460 insertions(+), 23 deletions(-) create mode 100644 test/ssl-tests/17-renegotiate.conf create mode 100644 test/ssl-tests/17-renegotiate.conf.in create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf create mode 100644 test/ssl-tests/18-dtls-renegotiate.conf.in diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index fbca5a1..8a2791a 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -831,9 +831,14 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) int tls_construct_hello_request(SSL *s) { -if (!ssl_set_handshake_header(s, SSL3_MT_HELLO_REQUEST, 0)) { +WPACKET pkt; + +if (!WPACKET_init(, s->init_buf) +|| !ssl_set_handshake_header2(s, , SSL3_MT_HELLO_REQUEST) +|| !ssl_close_construct_packet(s, )) { SSLerr(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, ERR_R_INTERNAL_ERROR); ossl_statem_set_error(s); +WPACKET_cleanup(); return 0; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4733bff..40932fa 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1040,8 +1040,10 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) /* Add RI if renegotiating */ if (s->renegotiate) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate) -|| !WPACKET_sub_memcpy_u16(pkt, s->s3->previous_client_finished, - s->s3->previous_client_finished_len)) { +|| !WPACKET_start_sub_packet_u16(pkt) +|| !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished, + s->s3->previous_client_finished_len) +|| !WPACKET_close(pkt)) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return 0; } diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 8923578..e28d4b0 100644
[openssl-commits] [openssl] master update
The branch master has been updated via b90506e995d44dee0ef4dd0324b56b59154256c2 (commit) via a15c953f77b6df4044d495252c33e42bc3c960b8 (commit) via 6392fb8e2aa810d6c0e13e00a1c848ceacee33e1 (commit) via 229185e668514e17bce9b22c38303e3cc3c9eb7a (commit) via 4a01c59f3689db930d056c84f548d525f651cc6b (commit) via 5923ad4bbe5d13c2fcc11f7849594db838ea57bd (commit) via 7cea05dcc7f6f74a18d48102008d53ea9a42c297 (commit) from b7c9aa645e4eddf5d198d2b20f1c6a74ab96f98e (commit) - Log - commit b90506e995d44dee0ef4dd0324b56b59154256c2 Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 3 15:37:47 2016 +0100 Fix linebreaks in the tls_construct_client_certificate function Reviewed-by: Rich Salz <rs...@openssl.org> commit a15c953f77b6df4044d495252c33e42bc3c960b8 Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 3 15:35:17 2016 +0100 Add a typedef for the construction function Reviewed-by: Rich Salz <rs...@openssl.org> commit 6392fb8e2aa810d6c0e13e00a1c848ceacee33e1 Author: Matt Caswell <m...@openssl.org> Date: Fri Sep 30 11:17:57 2016 +0100 Move setting of the handshake header up one more level We now set the handshake header, and close the packet directly in the write_state_machine. This is now possible because it is common for all messages. Reviewed-by: Rich Salz <rs...@openssl.org> commit 229185e668514e17bce9b22c38303e3cc3c9eb7a Author: Matt Caswell <m...@openssl.org> Date: Fri Sep 30 10:50:57 2016 +0100 Remove the special case processing for finished construction tls_construct_finished() used to have different arguments to all of the other construction functions. It doesn't anymore, so there is no neeed to treat it as a special case. Reviewed-by: Rich Salz <rs...@openssl.org> commit 4a01c59f3689db930d056c84f548d525f651cc6b Author: Matt Caswell <m...@openssl.org> Date: Fri Sep 30 10:38:32 2016 +0100 Harmonise setting the header and closing construction Ensure all message types work the same way including CCS so that the state machine doesn't need to know about special cases. Put all the special logic into ssl_set_handshake_header() and ssl_close_construct_packet(). Reviewed-by: Rich Salz <rs...@openssl.org> commit 5923ad4bbe5d13c2fcc11f7849594db838ea57bd Author: Matt Caswell <m...@openssl.org> Date: Fri Sep 30 00:27:40 2016 +0100 Don't set the handshake header in every message Move setting the handshake header up a level into the state machine code in order to reduce boilerplate. Reviewed-by: Rich Salz <rs...@openssl.org> commit 7cea05dcc7f6f74a18d48102008d53ea9a42c297 Author: Matt Caswell <m...@openssl.org> Date: Thu Sep 29 23:28:29 2016 +0100 Move init of the WPACKET into write_state_machine() Instead of initialising, finishing and cleaning up the WPACKET in every message construction function, we should do it once in write_state_machine(). Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: include/openssl/ssl.h| 2 + ssl/s3_lib.c | 4 + ssl/ssl_err.c| 4 + ssl/ssl_locl.h | 13 ++- ssl/statem/statem.c | 21 +++- ssl/statem/statem_clnt.c | 226 +--- ssl/statem/statem_dtls.c | 89 ++- ssl/statem/statem_lib.c | 72 ssl/statem/statem_locl.h | 41 +++ ssl/statem/statem_srvr.c | 291 +-- 10 files changed, 298 insertions(+), 465 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 517716f..e0d82f2 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2078,7 +2078,9 @@ int ERR_load_SSL_strings(void); # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 # define SSL_F_OPENSSL_INIT_SSL 342 +# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430 # define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 +# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE 431 # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 # define SSL_F_READ_STATE_MACHINE 352 # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 630c94d..d19b97a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2779,6 +2779,10 @@ const SSL_CIPHER *ssl3_get_cipher(unsigned int u) int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) { +/* No header in the event of a CCS */ +if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) +return 1; + /* Set the conte
[openssl-commits] [openssl] master update
The branch master has been updated via a29fa98cebdb2904dcf844d1aea7d1be3b6b913a (commit) via e2726ce64dc0762d9678fb10639b0f42d9abfc52 (commit) via 42cde22f487773d6baba4374f1f2cf5793ce0606 (commit) from bcaad8094ea07a0f895fc5ee84388bdbe25038fa (commit) - Log - commit a29fa98cebdb2904dcf844d1aea7d1be3b6b913a Author: Matt Caswell <m...@openssl.org> Date: Thu Sep 29 22:40:15 2016 +0100 Rename ssl_set_handshake_header2() ssl_set_handshake_header2() was only ever a temporary name while we had to have ssl_set_handshake_header() for code that hadn't been converted to WPACKET yet. No code remains that needed that so we can rename it. Reviewed-by: Rich Salz <rs...@openssl.org> commit e2726ce64dc0762d9678fb10639b0f42d9abfc52 Author: Matt Caswell <m...@openssl.org> Date: Thu Sep 29 22:32:36 2016 +0100 Remove ssl_set_handshake_header() Remove the old ssl_set_handshake_header() implementations. Later we will rename ssl_set_handshake_header2() to ssl_set_handshake_header(). Reviewed-by: Rich Salz <rs...@openssl.org> commit 42cde22f487773d6baba4374f1f2cf5793ce0606 Author: Matt Caswell <m...@openssl.org> Date: Thu Sep 29 18:08:34 2016 +0100 Remove the tls12_get_sigandhash_old() function This is no longer needed now that all messages use WPACKET Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/d1_lib.c | 16 ssl/s3_lib.c | 20 +--- ssl/ssl_locl.h | 17 + ssl/statem/statem_clnt.c | 8 ssl/statem/statem_dtls.c | 8 +--- ssl/statem/statem_lib.c | 4 ++-- ssl/statem/statem_srvr.c | 23 +++ ssl/t1_lib.c | 26 -- 8 files changed, 24 insertions(+), 98 deletions(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index f34818b..112c699 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -22,7 +22,6 @@ #endif static void get_current_time(struct timeval *t); -static int dtls1_set_handshake_header(SSL *s, int type, unsigned long len); static int dtls1_handshake_write(SSL *s); static unsigned int dtls1_link_min_mtu(void); @@ -44,7 +43,6 @@ const SSL3_ENC_METHOD DTLSv1_enc_data = { SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV, DTLS1_HM_HEADER_LENGTH, dtls1_set_handshake_header, -dtls1_set_handshake_header2, dtls1_close_construct_packet, dtls1_handshake_write }; @@ -65,7 +63,6 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = { | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS, DTLS1_HM_HEADER_LENGTH, dtls1_set_handshake_header, -dtls1_set_handshake_header2, dtls1_close_construct_packet, dtls1_handshake_write }; @@ -861,19 +858,6 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client) } #endif -static int dtls1_set_handshake_header(SSL *s, int htype, unsigned long len) -{ -dtls1_set_message_header(s, htype, len, 0, len); -s->init_num = (int)len + DTLS1_HM_HEADER_LENGTH; -s->init_off = 0; -/* Buffer the message to handle re-xmits */ - -if (!dtls1_buffer_message(s, 0)) -return 0; - -return 1; -} - static int dtls1_handshake_write(SSL *s) { return dtls1_do_write(s, SSL3_RT_HANDSHAKE); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ea607a5..630c94d 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2751,7 +2751,6 @@ const SSL3_ENC_METHOD SSLv3_enc_data = { 0, SSL3_HM_HEADER_LENGTH, ssl3_set_handshake_header, -ssl3_set_handshake_header2, tls_close_construct_packet, ssl3_handshake_write }; @@ -2778,24 +2777,7 @@ const SSL_CIPHER *ssl3_get_cipher(unsigned int u) return (NULL); } -int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len) -{ -unsigned char *p = (unsigned char *)s->init_buf->data; -*(p++) = htype; -l2n3(len, p); -s->init_num = (int)len + SSL3_HM_HEADER_LENGTH; -s->init_off = 0; - -return 1; -} - -/* - * Temporary name. To be renamed ssl3_set_handshake_header() once all WPACKET - * conversion is complete. The old ssl3_set_handshake_heder() can be deleted - * at that point. - * TODO - RENAME ME - */ -int ssl3_set_handshake_header2(SSL *s, WPACKET *pkt, int htype) +int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype) { /* Set the content type and 3 bytes for the message len */ if (!WPACKET_put_bytes_u8(pkt, htype) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a1b3e3d..eb29740 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1584,9 +1584,7 @@ typedef struct ssl3_enc_method { /* Handshake header length */ unsigned int hhlen; /* Set the handshake header */ -int (*set_handshake_header) (SSL *s, int type, unsigned long len); -/* Set th
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via a12778be1782bb63055e7641c814d4fce1775e57 (commit) via 16c34d4f74e16443cfdc99f2a49ebb1ba3c37db3 (commit) via 87cd6f9253580866b13729d33fdd45205485b675 (commit) via f8644220a05f75d51bbde627077cdf336e4d4592 (commit) via acacbfa7565c78d2273c0b2a2e5e803f44afefeb (commit) via df7681e46825d4a86df5dd73317d88923166a506 (commit) from 5fe5914d3068128cdc6b08fe72746bb516a30b8a (commit) - Log - commit a12778be1782bb63055e7641c814d4fce1775e57 Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 10:46:58 2016 +0100 Prepare for 1.1.0c-dev Reviewed-by: Richard Levitte <levi...@openssl.org> commit 16c34d4f74e16443cfdc99f2a49ebb1ba3c37db3 Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 10:46:03 2016 +0100 Prepare for 1.1.0b release Reviewed-by: Richard Levitte <levi...@openssl.org> commit 87cd6f9253580866b13729d33fdd45205485b675 Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 09:43:45 2016 +0100 Updates CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levi...@openssl.org> commit f8644220a05f75d51bbde627077cdf336e4d4592 Author: Robert Swiecki <swie...@google.com> Date: Sun Sep 25 16:35:56 2016 +0100 Add to fuzz corpora for CVE-2016-6309 Reviewed-by: Emilia Käsper <emi...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit 44f206aa9dfd4f226f17d9093732dbece5300aa6) commit acacbfa7565c78d2273c0b2a2e5e803f44afefeb Author: Matt Caswell <m...@openssl.org> Date: Fri Sep 23 16:58:11 2016 +0100 Fix Use After Free for large message sizes The buffer to receive messages is initialised to 16k. If a message is received that is larger than that then the buffer is "realloc'd". This can cause the location of the underlying buffer to change. Anything that is referring to the old location will be referring to free'd data. In the recent commit c1ef7c97 (master) and 4b390b6c (1.1.0) the point in the code where the message buffer is grown was changed. However s->init_msg was not updated to point at the new location. CVE-2016-6309 Reviewed-by: Emilia Käsper <emi...@openssl.org> (cherry picked from commit 0d698f6696e114a6e47f8b75ff88ec81f9e30175) commit df7681e46825d4a86df5dd73317d88923166a506 Author: Matt Caswell <m...@openssl.org> Date: Fri Sep 23 15:37:13 2016 +0100 Add a test for large messages Ensure that we send a large message during the test suite. Reviewed-by: Emilia Käsper <emi...@openssl.org> (cherry picked from commit 84d5549e692e63a16fa1b11603e4098fc31746e9) --- Summary of changes: CHANGES| 19 - NEWS | 6 +- README | 2 +- .../06d05ea3d37abe7554e610be69b743585cb0c6fe} | Bin 820 -> 921 bytes .../6b008546166c7e1d2ef100eb5ecbac7efe3b3b90 | Bin 0 -> 267 bytes .../f6b0502e2a8a63e84d7b474fad2b2dc127f12bac | Bin 0 -> 267 bytes include/openssl/opensslv.h | 6 +- ssl/statem/statem.c| 20 - test/sslapitest.c | 84 + 9 files changed, 128 insertions(+), 9 deletions(-) copy fuzz/corpora/{x509/3403363173e3b63d0b9f4e3fce6e8a734d946bfc => server/06d05ea3d37abe7554e610be69b743585cb0c6fe} (76%) create mode 100644 fuzz/corpora/server/6b008546166c7e1d2ef100eb5ecbac7efe3b3b90 create mode 100644 fuzz/corpora/server/f6b0502e2a8a63e84d7b474fad2b2dc127f12bac diff --git a/CHANGES b/CHANGES index 76b4974..3781d06 100644 --- a/CHANGES +++ b/CHANGES @@ -2,10 +2,27 @@ OpenSSL CHANGES ___ - Changes between 1.1.0a and 1.1.0b [xx XXX ] + Changes between 1.1.0b and 1.1.0c [xx XXX ] *) + Changes between 1.1.0a and 1.1.0b [26 Sep 2016] + + *) Fix Use After Free for large message sizes + + The patch applied to address CVE-2016-6307 resulted in an issue where if a + message larger than approx 16k is received then the underlying buffer to + store the incoming message is reallocated and moved. Unfortunately a + dangling pointer to the old location is left which results in an attempt to + write to the previously freed location. This is likely to result in a + crash, however it could potentially lead to execution of arbitrary code. + + This issue only affects OpenSSL 1.1.0a. + + This issue was reported to OpenSSL by Robert Święcki. + (CVE-2016-6309) + [Matt Caswell] + Changes between 1.1.0 and 1.1.0a [22 Sep 2016] *) OCSP Status Request extensi
[openssl-commits] [openssl] master update
The branch master has been updated via 3133c2d3067c6add91cf370b0b8342d891b8e97a (commit) via 44f206aa9dfd4f226f17d9093732dbece5300aa6 (commit) via 0d698f6696e114a6e47f8b75ff88ec81f9e30175 (commit) via f789b04f407c2003da62d2b91b587629f1a781d0 (commit) via 84d5549e692e63a16fa1b11603e4098fc31746e9 (commit) from c536b6be1a72aefd632d5530106a67c516cb9f4b (commit) - Log - commit 3133c2d3067c6add91cf370b0b8342d891b8e97a Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 09:43:45 2016 +0100 Updates CHANGES and NEWS for new release Reviewed-by: Richard Levitte <levi...@openssl.org> commit 44f206aa9dfd4f226f17d9093732dbece5300aa6 Author: Robert Swiecki <swie...@google.com> Date: Sun Sep 25 16:35:56 2016 +0100 Add to fuzz corpora for CVE-2016-6309 Reviewed-by: Emilia Käsper <emi...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit 0d698f6696e114a6e47f8b75ff88ec81f9e30175 Author: Matt Caswell <m...@openssl.org> Date: Fri Sep 23 16:58:11 2016 +0100 Fix Use After Free for large message sizes The buffer to receive messages is initialised to 16k. If a message is received that is larger than that then the buffer is "realloc'd". This can cause the location of the underlying buffer to change. Anything that is referring to the old location will be referring to free'd data. In the recent commit c1ef7c97 (master) and 4b390b6c (1.1.0) the point in the code where the message buffer is grown was changed. However s->init_msg was not updated to point at the new location. CVE-2016-6309 Reviewed-by: Emilia Käsper <emi...@openssl.org> commit f789b04f407c2003da62d2b91b587629f1a781d0 Author: Matt Caswell <m...@openssl.org> Date: Fri Sep 23 16:41:50 2016 +0100 Fix a WPACKET bug If we request more bytes to be allocated than double what we have already written, then we grow the buffer by the wrong amount. Reviewed-by: Emilia Käsper <emi...@openssl.org> commit 84d5549e692e63a16fa1b11603e4098fc31746e9 Author: Matt Caswell <m...@openssl.org> Date: Fri Sep 23 15:37:13 2016 +0100 Add a test for large messages Ensure that we send a large message during the test suite. Reviewed-by: Emilia Käsper <emi...@openssl.org> --- Summary of changes: CHANGES| 17 + NEWS | 4 + .../06d05ea3d37abe7554e610be69b743585cb0c6fe} | Bin 820 -> 921 bytes .../6b008546166c7e1d2ef100eb5ecbac7efe3b3b90 | Bin 0 -> 267 bytes .../f6b0502e2a8a63e84d7b474fad2b2dc127f12bac | Bin 0 -> 267 bytes ssl/packet.c | 10 ++- ssl/statem/statem.c| 20 - test/sslapitest.c | 84 + 8 files changed, 129 insertions(+), 6 deletions(-) copy fuzz/corpora/{x509/3403363173e3b63d0b9f4e3fce6e8a734d946bfc => server/06d05ea3d37abe7554e610be69b743585cb0c6fe} (76%) create mode 100644 fuzz/corpora/server/6b008546166c7e1d2ef100eb5ecbac7efe3b3b90 create mode 100644 fuzz/corpora/server/f6b0502e2a8a63e84d7b474fad2b2dc127f12bac diff --git a/CHANGES b/CHANGES index 97e70ac..eb18673 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,23 @@ https://www.akkadia.org/drepper/SHA-crypt.txt [Richard Levitte] + Changes between 1.1.0a and 1.1.0b [26 Sep 2016] + + *) Fix Use After Free for large message sizes + + The patch applied to address CVE-2016-6307 resulted in an issue where if a + message larger than approx 16k is received then the underlying buffer to + store the incoming message is reallocated and moved. Unfortunately a + dangling pointer to the old location is left which results in an attempt to + write to the previously freed location. This is likely to result in a + crash, however it could potentially lead to execution of arbitrary code. + + This issue only affects OpenSSL 1.1.0a. + + This issue was reported to OpenSSL by Robert Święcki. + (CVE-2016-6309) + [Matt Caswell] + Changes between 1.1.0 and 1.1.0a [22 Sep 2016] *) OCSP Status Request extension unbounded memory growth diff --git a/NEWS b/NEWS index bdb7a4f..82d1cb1 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,10 @@ o + Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016] + + o Fix Use After Free for large message sizes (CVE-2016-6309) + Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016] o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) diff --git a/fuzz/corpora/x509/3403363173e3b63d0b9f4e3fce6e8a734d946bfc b/fuzz/corpora/
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via f6e43fee7060ec5c335724fea8097060a4359f2f (commit) via e216bf9d7ca761718f34e8b3094fcb32c7a143e4 (commit) via ca430ece0d5cf5820d9e580252f3118602e40332 (commit) via 6e629b5be45face20b4ca71c4fcbfed78b864a2e (commit) from f15a7e39a1f7d41716ca5f07faef74f55147d2cf (commit) - Log - commit f6e43fee7060ec5c335724fea8097060a4359f2f Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 10:50:48 2016 +0100 Prepare for 1.0.2k-dev Reviewed-by: Richard Levitte <levi...@openssl.org> commit e216bf9d7ca761718f34e8b3094fcb32c7a143e4 Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 10:49:49 2016 +0100 Prepare for 1.0.2j release Reviewed-by: Richard Levitte <levi...@openssl.org> commit ca430ece0d5cf5820d9e580252f3118602e40332 Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 09:51:30 2016 +0100 Update CHANGES and NEWS for the new release Reviewed-by: Richard Levitte <levi...@openssl.org> commit 6e629b5be45face20b4ca71c4fcbfed78b864a2e Author: Matt Caswell <m...@openssl.org> Date: Tue Aug 23 00:01:57 2016 +0100 Add some sanity checks when checking CRL scores Note: this was accidentally omitted from OpenSSL 1.0.2 branch. Without this fix any attempt to use CRLs will crash. CVE-2016-7052 Thanks to Bruce Stephens and Thomas Jakobi for reporting this issue. Reviewed-by: Stephen Henson <st...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: CHANGES| 14 +- NEWS | 6 +- README | 2 +- crypto/opensslv.h | 6 +++--- crypto/x509/x509_vfy.c | 4 ++-- openssl.spec | 2 +- 6 files changed, 25 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index c072379..009b7ef 100644 --- a/CHANGES +++ b/CHANGES @@ -2,10 +2,22 @@ OpenSSL CHANGES ___ - Changes between 1.0.2i and 1.0.2j [xx XXX ] + Changes between 1.0.2j and 1.0.2k [xx XXX ] *) + Changes between 1.0.2i and 1.0.2j [26 Sep 2016] + + *) Missing CRL sanity check + + A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 + but was omitted from OpenSSL 1.0.2i. As a result any attempt to use + CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. + + This issue only affects the OpenSSL 1.0.2i + (CVE-2016-7052) + [Matt Caswell] + Changes between 1.0.2h and 1.0.2i [22 Sep 2016] *) OCSP Status Request extension unbounded memory growth diff --git a/NEWS b/NEWS index 6a787e6..24a1317 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [under development] + Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [under development] o + Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] + + o Fix Use After Free for large message sizes (CVE-2016-6309) + Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] o OCSP Status Request extension unbounded memory growth (CVE-2016-6304) diff --git a/README b/README index 9cba523..dece269 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2j-dev + OpenSSL 1.0.2k-dev Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/opensslv.h b/crypto/opensslv.h index c40160b..0f4251f 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100020a0L +# define OPENSSL_VERSION_NUMBER 0x100020b0L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT"OpenSSL 1.0.2j-fips-dev xx XXX " +# define OPENSSL_VERSION_TEXT"OpenSSL 1.0.2k-fips-dev xx XXX " # else -# define OPENSSL_VERSION_TEXT"OpenSSL 1.0.2j-dev xx XXX " +# define OPENSSL_VERSION_TEXT"OpenSSL 1.0.2k-dev xx XXX " # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8334b3f..b147201 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1124,10 +1124,10 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, crl = sk_X509_CRL_value(crls, i); reasons = *preasons; crl_score = get_crl_score(ctx, _issuer, , crl, x); -if (crl_score <
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 9702bf5fa269eea8eb3d8bad13cc11fc58fb7e8e (commit) from f6e43fee7060ec5c335724fea8097060a4359f2f (commit) - Log - commit 9702bf5fa269eea8eb3d8bad13cc11fc58fb7e8e Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 11:20:11 2016 +0100 Fix NEWS error The NEWS file referenced the wrong CVE for 1.0.2 Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: NEWS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 24a1317..d750fb5 100644 --- a/NEWS +++ b/NEWS @@ -11,7 +11,7 @@ Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] - o Fix Use After Free for large message sizes (CVE-2016-6309) + o Missing CRL sanity check (CVE-2016-7052) Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 6d223568b215ccb0c297a1ea8761f00b2b470473 (commit) from 50b169440002898052ea41e9a9393ed41a68e7b2 (commit) - Log - commit 6d223568b215ccb0c297a1ea8761f00b2b470473 Author: Matt Caswell <m...@openssl.org> Date: Mon Sep 26 11:01:35 2016 +0100 Update website for new release --- Summary of changes: news/newsflash.txt | 3 +++ news/secadv/20160926.txt | 60 news/vulnerabilities.xml | 37 - 3 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20160926.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 6eb393c..e10aef8 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,9 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +26-Sep-2016: Security Advisory: Two security fixes +26-Sep-2016: OpenSSL 1.1.0b is now available, including a security fix +26-Sep-2016: OpenSSL 1.0.2j is now available, including a security fix 22-Sep-2016: Security Advisory: several security fixes 22-Sep-2016: OpenSSL 1.1.0a is now available, including bug and security fixes 22-Sep-2016: OpenSSL 1.0.2i is now available, including bug and security fixes diff --git a/news/secadv/20160926.txt b/news/secadv/20160926.txt new file mode 100644 index 000..467a119 --- /dev/null +++ b/news/secadv/20160926.txt @@ -0,0 +1,60 @@ + +OpenSSL Security Advisory [26 Sep 2016] + + +This security update addresses issues that were caused by patches +included in our previous security update, released on 22nd September +2016. Given the Critical severity of one of these flaws we have +chosen to release this advisory immediately to prevent upgrades to the +affected version, rather than delaying in order to provide our usual +public pre-notification. + + +Fix Use After Free for large message sizes (CVE-2016-6309) +== + +Severity: Critical + +This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. + +The patch applied to address CVE-2016-6307 resulted in an issue where if a +message larger than approx 16k is received then the underlying buffer to store +the incoming message is reallocated and moved. Unfortunately a dangling pointer +to the old location is left which results in an attempt to write to the +previously freed location. This is likely to result in a crash, however it +could potentially lead to execution of arbitrary code. + +OpenSSL 1.1.0 users should upgrade to 1.1.0b + +This issue was reported to OpenSSL on 23rd September 2016 by Robert +Święcki (Google Security Team), and was found using honggfuzz. The fix +was developed by Matt Caswell of the OpenSSL development team. + +Missing CRL sanity check (CVE-2016-7052) + + +Severity: Moderate + +This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. + +A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 +but was omitted from OpenSSL 1.0.2i. As a result any attempt to use +CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. + +OpenSSL 1.0.2i users should upgrade to 1.0.2j + +The issue was reported to OpenSSL on 22nd September 2016 by Bruce Stephens and +Thomas Jakobi. The fix was developed by Matt Caswell of the OpenSSL development +team. + +References +== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv/20160926.txt + +Note: the online version of the advisory may be updated with additional details +over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/policies/secpolicy.html diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index f9b4a5d..e53c367 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -5,7 +5,42 @@ 1.0.0 on 20100329 --> - + + + + + + + + + This issue only affects OpenSSL 1.1.0a, released on 22nd September 2016. + + The patch applied to address CVE-2016-6307 resulted in an issue where if a + message larger than approx 16k is received then the underlying buffer to store + the incoming message is reallocated and moved. Unfortunately a dangling pointer + to the old location is left which results in an attempt to write to the + previously freed location. This is likely to result in a crash, however it + could potentially lead to execution of arbitrary code. + + + + + + + + + + + + This issue only affects OpenSSL 1.0.2i, released on 22nd September 2016. + + A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 + but was omitted fro
[openssl-commits] [openssl] OpenSSL_1_1_0b create
The annotated tag OpenSSL_1_1_0b has been created at 77d1fec0e1709f55967e50162e68a2046b6c1997 (tag) tagging 16c34d4f74e16443cfdc99f2a49ebb1ba3c37db3 (commit) replaces OpenSSL_1_1_0a tagged by Matt Caswell on Mon Sep 26 10:46:03 2016 +0100 - Log - OpenSSL 1.1.0b release tag -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJX6O5bAAoJENnE0m0OYESRM6MIAIqMH1rqHf048qh6kcmCf33G 7OATwozu8U0aeQV5XIkoO4ldSVuWAThGAetFJhpiIuJA7/PtqAWMR7RMdmEeqYEY ogRcawwwsTSVZxaXQVhecHab+xK2YURV/D+L5zyWhw2iGYuCoAUbKVgKM4I9eshh DHgqRg7yFhg0bz6P/MgYV0SCRsX51Edpd4NHzvyQ9lTPoYOEy2U/Wl2x2ZpL9qD1 8pazD7v5m3/3RijjsbEBWja3gMIfzJ5zPiErkwLfXM6ml+rt+k+xbtIB/x/xS/Vy /ZjqC6oeU/9z8wVym3qXnlIt7O72XhwN5HY2PmcyOv8BMBmn6NedCAEe57b3UPk= =bdjH -END PGP SIGNATURE- Matt Caswell (5): Prepare for 1.1.0b-dev Add a test for large messages Fix Use After Free for large message sizes Updates CHANGES and NEWS for new release Prepare for 1.1.0b release Robert Swiecki (1): Add to fuzz corpora for CVE-2016-6309 --- _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2j create
The annotated tag OpenSSL_1_0_2j has been created at 65d7fcd069380dc8f9033cb5f2b26e2f3422e5cc (tag) tagging e216bf9d7ca761718f34e8b3094fcb32c7a143e4 (commit) replaces OpenSSL_1_0_2i tagged by Matt Caswell on Mon Sep 26 10:49:49 2016 +0100 - Log - OpenSSL 1.0.2j release tag -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAABAgAGBQJX6O89AAoJENnE0m0OYESR758H/iXm06Pq/AKsDLrY2M8rvY2A hGMBhxRS9GuMywje7RxksN2Jxn0K1dFG98XuSOYTyQZnA2bYH11oX2DLnvkvQDt9 BGh/vhvXKTqBXFgBa9jqWVgzF8UXvJM/JrblkjtbMOj9LVdHgRJAPyLf1GzVQC1g kaaz/xknE63hQmHc3A77GD1zJyAmg20kI+yZggi80WYYySURiz1kObG1ocnEAE5r CCc7tYxbjycaq+kSYQjxw1BjtgeaU/51LmJ5Rx0FU1wBvO1Tf1ZIgZ+74YS4aJET jCm9nngc1Rko+eTEj7iUZJaO5u3p/HaLIgBPe1bZ3/xeZCJdg63gcSq4rFNS0ZQ= =BWLw -END PGP SIGNATURE- Dirk Feytons (1): Fix build with no-nextprotoneg Matt Caswell (4): Prepare for 1.0.2j-dev Add some sanity checks when checking CRL scores Update CHANGES and NEWS for the new release Prepare for 1.0.2j release Rich Salz (1): Fix typo introduced by a03f81f4 --- _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 98c1f5b429d036c0370de15f4d6851eed41fa5b3 (commit) from 3133c2d3067c6add91cf370b0b8342d891b8e97a (commit) - Log - commit 98c1f5b429d036c0370de15f4d6851eed41fa5b3 Author: Matt Caswell <m...@openssl.org> Date: Fri Sep 23 14:40:16 2016 +0100 Fix HelloVerifyRequest construction commit c536b6be1a introduced a bug that causes a reachable assert. This fixes it. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/statem/statem_srvr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 03d75d0..fbca5a1 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -885,6 +885,8 @@ int dtls_construct_hello_verify_request(SSL *s) } /* number of bytes to write */ +s->d1->w_msg_hdr.msg_len = msglen - DTLS1_HM_HEADER_LENGTH; +s->d1->w_msg_hdr.frag_len = msglen - DTLS1_HM_HEADER_LENGTH; s->init_num = (int)msglen; s->init_off = 0; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 35c2aca31f943bf35a425128fb7068d52309bc94 (commit) via 9e4a7023aa1d713969879110caa25338390ef68e (commit) via f53e42e518072597d02d3a32ff98ebea2d99214f (commit) via a905d13bbbd25c0976ba39a0f2e55033eeca26d7 (commit) via 384fd75ad822569a61fe43235df270b2948a8f7d (commit) from 7cac0558008a1f46218191e6f26fa7f08256f582 (commit) - Log - commit 35c2aca31f943bf35a425128fb7068d52309bc94 Author: David Benjamin <david...@google.com> Date: Thu Aug 25 01:55:48 2016 -0400 Add missing parameter. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit 243ecf19ddc0dc2366de1be5c404d66d483b196d) commit 9e4a7023aa1d713969879110caa25338390ef68e Author: David Benjamin <david...@google.com> Date: Thu Aug 18 00:43:05 2016 -0400 Switch back to assuming TLS 1.2. The TLSProxy::Record->new call hard-codes a version, like 70-test_sslrecords.t. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit f3ea8d77080580979be086d97879ebc8b72f970a) commit f53e42e518072597d02d3a32ff98ebea2d99214f Author: David Benjamin <david...@google.com> Date: Thu Aug 18 00:38:43 2016 -0400 Address review comments. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit 3058b742664287a30be77488c2ce3d8103bffd64) commit a905d13bbbd25c0976ba39a0f2e55033eeca26d7 Author: David Benjamin <david...@google.com> Date: Wed Aug 10 10:45:49 2016 -0400 Don't test quite so many of them. Avoid making the CI blow up. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit 5cf6d7c51f16fd78de7921dc441e24897c8b3cc6) commit 384fd75ad822569a61fe43235df270b2948a8f7d Author: David Benjamin <david...@google.com> Date: Wed Aug 10 00:45:51 2016 -0400 Test CBC mode padding. This is a regression test for https://github.com/openssl/openssl/pull/1431. It tests a maximally-padded record with each possible invalid offset. This required fixing a bug in Message.pm where the client sending a fatal alert followed by close_notify was still treated as success. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit 8523288e6d667f052bda092e01ab17986782fede) --- Summary of changes: test/recipes/70-test_sslcbcpadding.t | 110 +++ util/TLSProxy/Message.pm | 6 +- util/TLSProxy/Proxy.pm | 11 3 files changed, 124 insertions(+), 3 deletions(-) create mode 100644 test/recipes/70-test_sslcbcpadding.t diff --git a/test/recipes/70-test_sslcbcpadding.t b/test/recipes/70-test_sslcbcpadding.t new file mode 100644 index 000..fdaa466 --- /dev/null +++ b/test/recipes/70-test_sslcbcpadding.t @@ -0,0 +1,110 @@ +#! /usr/bin/env perl +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/; +use OpenSSL::Test::Utils; +use TLSProxy::Proxy; + +my $test_name = "test_sslcbcpadding"; +setup($test_name); + +plan skip_all => "TLSProxy isn't usable on $^O" +if $^O =~ /^(VMS|MSWin32)$/; + +plan skip_all => "$test_name needs the dynamic engine feature enabled" +if disabled("engine") || disabled("dynamic-engine"); + +plan skip_all => "$test_name needs the sock feature enabled" +if disabled("sock"); + +plan skip_all => "$test_name needs TLSv1.2 enabled" +if disabled("tls1_2"); + +$ENV{OPENSSL_ia32cap} = '~0x202'; +my $proxy = TLSProxy::Proxy->new( +\_maximal_padding_filter, +cmdstr(app(["openssl"]), display => 1), +srctop_file("apps", "server.pem"), +(!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) +); + +# TODO: We could test all 256 values, but then the log file gets too large for +# CI. See https://github.com/openssl/openssl/issues/1440. +my @test_offsets = (0, 128, 254, 255); + +# Test that maximally-padded records are accepted. +my $bad_padding_offset = -1; +$proxy->start() or plan skip_all => "Unable to start up Proxy for tes
[openssl-commits] [openssl] master update
The branch master has been updated via a00d75e1b21bc5c49817610b172bae440f526622 (commit) via b36017fe5f2ee0a2cbc1028d842a183e0ac22da7 (commit) from cc59ad1073c49cbb173708d7377df06ad3786f4c (commit) - Log - commit a00d75e1b21bc5c49817610b172bae440f526622 Author: Matt Caswell <m...@openssl.org> Date: Thu Sep 29 18:00:37 2016 +0100 Convert NewSessionTicket construction to WPACKET Reviewed-by: Rich Salz <rs...@openssl.org> commit b36017fe5f2ee0a2cbc1028d842a183e0ac22da7 Author: Matt Caswell <m...@openssl.org> Date: Thu Sep 29 18:00:01 2016 +0100 Fix an error in packet_locl.h A convenience macro was using the wrong underlying function. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/packet_locl.h| 2 +- ssl/statem/statem_srvr.c | 109 ++- 2 files changed, 52 insertions(+), 59 deletions(-) diff --git a/ssl/packet_locl.h b/ssl/packet_locl.h index 517c12d..55e41bb 100644 --- a/ssl/packet_locl.h +++ b/ssl/packet_locl.h @@ -758,7 +758,7 @@ int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t bytes); #define WPACKET_put_bytes_u24(pkt, val) \ WPACKET_put_bytes__((pkt), (val), 3) #define WPACKET_put_bytes_u32(pkt, val) \ -WPACKET_sub_allocate_bytes__((pkt), (val), 4) +WPACKET_put_bytes__((pkt), (val), 4) /* Set a maximum size that we will not allow the WPACKET to grow beyond */ int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 3fbc4ad..c7d77ae 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2956,15 +2956,17 @@ int tls_construct_new_session_ticket(SSL *s) unsigned char *senc = NULL; EVP_CIPHER_CTX *ctx = NULL; HMAC_CTX *hctx = NULL; -unsigned char *p, *macstart; +unsigned char *p, *encdata1, *encdata2, *macdata1, *macdata2; const unsigned char *const_p; -int len, slen_full, slen; +int len, slen_full, slen, lenfinal; SSL_SESSION *sess; unsigned int hlen; SSL_CTX *tctx = s->initial_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[TLSEXT_KEYNAME_LENGTH]; int iv_len; +size_t macoffset, macendoffset; +WPACKET pkt; /* get session encoding length */ slen_full = i2d_SSL_SESSION(s->session, NULL); @@ -2982,6 +2984,12 @@ int tls_construct_new_session_ticket(SSL *s) return 0; } +if (!WPACKET_init(, s->init_buf) +|| !ssl_set_handshake_header2(s, , SSL3_MT_NEWSESSION_TICKET)) { +SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_INTERNAL_ERROR); +goto err; +} + ctx = EVP_CIPHER_CTX_new(); hctx = HMAC_CTX_new(); if (ctx == NULL || hctx == NULL) { @@ -3014,21 +3022,6 @@ int tls_construct_new_session_ticket(SSL *s) } SSL_SESSION_free(sess); -/*- - * Grow buffer if need be: the length calculation is as - * follows handshake_header_length + - * 4 (ticket lifetime hint) + 2 (ticket length) + - * sizeof(keyname) + max_iv_len (iv length) + - * max_enc_block_size (max encrypted session * length) + - * max_md_size (HMAC) + session_length. - */ -if (!BUF_MEM_grow(s->init_buf, - SSL_HM_HEADER_LENGTH(s) + 6 + sizeof(key_name) + - EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH + - EVP_MAX_MD_SIZE + slen)) -goto err; - -p = ssl_handshake_start(s); /* * Initialize HMAC and cipher contexts. If callback present it does * all the work otherwise use generated values from parent ctx. @@ -3039,11 +3032,15 @@ int tls_construct_new_session_ticket(SSL *s) hctx, 1); if (ret == 0) { -l2n(0, p); /* timeout */ -s2n(0, p); /* length */ -if (!ssl_set_handshake_header -(s, SSL3_MT_NEWSESSION_TICKET, p - ssl_handshake_start(s))) + +/* Put timeout and length */ +if (!WPACKET_put_bytes_u32(, 0) +|| !WPACKET_put_bytes_u16(, 0) +|| !ssl_close_construct_packet(s, )) { +SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, + ERR_R_INTERNAL_ERROR); goto err; +} OPENSSL_free(senc); EVP_CIPHER_CTX_free(ctx); HMAC_CTX_free(hctx); @@ -3074,44 +3071,38 @@ int tls_construct_new_session_ticket(SSL *s) * for resumed session (for simplicity), and guess that tickets for * new sessions will live as long as their sessions. */ -l2n(s->hit ? 0 : s->session->timeout, p); - -/* Skip ticket length for now */ -p += 2;
[openssl-commits] [openssl] master update
The branch master has been updated via 11542af65a82242b47e97506695fa0d306d24fb6 (commit) from 2b687397fda5ebaa413a3f35b1c989c84114cefe (commit) - Log - commit 11542af65a82242b47e97506695fa0d306d24fb6 Author: FdaSilvaYY <fdasilv...@gmail.com> Date: Sat Oct 8 14:25:20 2016 +0200 Add some missing types to indent.pro Reviewed-by: Andy Polyakov <ap...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: util/indent.pro | 8 1 file changed, 8 insertions(+) diff --git a/util/indent.pro b/util/indent.pro index 932c9b0..3946e8e 100644 --- a/util/indent.pro +++ b/util/indent.pro @@ -732,3 +732,11 @@ -T uintmax_t -T pqueue -T danetls_record +-T CTLOG_STORE +-T OPENSSL_INIT_SETTINGS +-T OSSL_HANDSHAKE_STATE +-T OSSL_STATEM +-T ossl_intmax_t +-T ossl_intmax_t +-T ossl_uintmax_t +-T ossl_uintmax_t _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_1-stable update
The branch OpenSSL_1_0_1-stable has been updated via a100602d58b0a2cfba1c0419470e637bb5fd227d (commit) from 9d9e0535366b4e5cfb2eb4d74be6b3d546b98fe8 (commit) - Log - commit a100602d58b0a2cfba1c0419470e637bb5fd227d Author: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com> Date: Sun Oct 16 00:53:33 2016 +0200 Fix leak of secrecy in ecdh_compute_key() A temporary buffer containing g^xy was not cleared in ecdh_compute_key() before freeing it, so the shared secret was leaked in memory. Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit 0e4690165b4beb6777b747b0aeb1646a301f41d9) --- Summary of changes: crypto/ecdh/ech_ossl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index d448b19..2d14252 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -202,7 +202,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, BN_CTX_end(ctx); if (ctx) BN_CTX_free(ctx); -if (buf) +if (buf) { +OPENSSL_cleanse(buf, buflen); OPENSSL_free(buf); +} return (ret); } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 0e4690165b4beb6777b747b0aeb1646a301f41d9 (commit) from 3ade92e785bb3777c92332f88e23f6ce906ee260 (commit) - Log - commit 0e4690165b4beb6777b747b0aeb1646a301f41d9 Author: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com> Date: Sun Oct 16 00:53:33 2016 +0200 Fix leak of secrecy in ecdh_compute_key() A temporary buffer containing g^xy was not cleared in ecdh_compute_key() before freeing it, so the shared secret was leaked in memory. Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: crypto/ecdh/ech_ossl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index df115cc..d3b0524 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -212,7 +212,9 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, BN_CTX_end(ctx); if (ctx) BN_CTX_free(ctx); -if (buf) +if (buf) { +OPENSSL_cleanse(buf, buflen); OPENSSL_free(buf); +} return (ret); } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 875e3f934e8586039e79efb6ed1262c80803aa42 (commit) from 99d63d4662e16afbeff49f29b48f1c87d5558ed0 (commit) - Log - commit 875e3f934e8586039e79efb6ed1262c80803aa42 Author: Matt Caswell <m...@openssl.org> Date: Tue Oct 25 15:28:30 2016 +0100 Provide a cross-platform format specifier (OSSLzu) for printing size_t Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: include/openssl/e_os2.h | 11 +++ 1 file changed, 11 insertions(+) diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 99ea347..5bec684 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -276,6 +276,17 @@ typedef unsigned __int64 uint64_t; # endif # endif +/* Format specifier for printing size_t */ +# if (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) +# define OSSLzu "zu" +# else +# ifdef THIRTY_TWO_BIT +# define OSSLzu "u" +# else +# define OSSLzu PRIu64 +# endif +# endif + /* ossl_inline: portable inline definition usable in public headers */ # if !defined(inline) && !defined(__cplusplus) # if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 902aca09f3cfdf124dc92c7338635b8515eb8f39 (commit) via 3d33f3bbe4e6dfa5ae36a2ced644b623b345bd9e (commit) via fba7b84ca30dc809652e9f35f65e1d55c5b3c6e4 (commit) via 035b1e69d2b0ece62069aeafa47ed34bf9e707f5 (commit) via e2994cf09969166e9596a07eca91bcbe61524b30 (commit) via df7ce507fcc147d8319bcb55f07197a22f6acf59 (commit) via 58c9e32a3a4b187b9a4c14448edcf182e6754b64 (commit) via 6438632420cee9821409221ef6717edc5ee408c1 (commit) via 801cb720ade8a8fd312bc36f09f92c026e9340df (commit) via de7d61d5c264fd6883a1563d3d159d2591d9037b (commit) via b1b4b543ee531606cddb5df9d56b17b27d4ac60d (commit) via 6f8db4e669ffa178ec2a0ed1e367aaf2b94d4ec6 (commit) via 9529419d943c9c4cedd2397f78902c53b3091be1 (commit) via 4bfe1432c8d82ffaa99c01085da0520b6090567d (commit) via 1ab3836b3bb8ccfa4da7ce529d420e750cd56b32 (commit) from e3fb4d3d52e188b83ccb8506aa2f16cb686f4d6c (commit) - Log - commit 902aca09f3cfdf124dc92c7338635b8515eb8f39 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 8 13:43:12 2016 + Make some CLIENTHELLO_MSG function arguments const There were a few places where they could be declared const so this commit does that. Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit 3d33f3bbe4e6dfa5ae36a2ced644b623b345bd9e Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 15:15:06 2016 + Update a comment The name and type of the argument to ssl_check_for_safari() has changed. Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit fba7b84ca30dc809652e9f35f65e1d55c5b3c6e4 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 15:13:04 2016 + Swap back to using SSL3_RANDOM_SIZE instead of sizeof(clienthello.random) The size if fixed by the protocol and won't change even if sizeof(clienthello.random) does. Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit 035b1e69d2b0ece62069aeafa47ed34bf9e707f5 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 15:09:19 2016 + Move setting the session_id_len until after we filled the session_id Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit e2994cf09969166e9596a07eca91bcbe61524b30 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 15:07:56 2016 + Load the sessionid directly in SSLv2 compat ClientHello Don't use a sub-packet, just load it. Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit df7ce507fcc147d8319bcb55f07197a22f6acf59 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 14:59:12 2016 + Rename clienthello.version to clienthello.legacy_version For consistency with the TLSv1.3 spec. Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit 58c9e32a3a4b187b9a4c14448edcf182e6754b64 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 14:14:23 2016 + Fix some minor style issues Add a blank line, take one away - due to feedback received during review. Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit 6438632420cee9821409221ef6717edc5ee408c1 Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 31 16:36:30 2016 + Add some function documentation and update some existing comments Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit 801cb720ade8a8fd312bc36f09f92c026e9340df Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 31 14:52:22 2016 + Fix make update following extensions refactor Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit de7d61d5c264fd6883a1563d3d159d2591d9037b Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 31 13:20:03 2016 + Improve some comment documentation following the extensions refactor Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit b1b4b543ee531606cddb5df9d56b17b27d4ac60d Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 31 13:11:17 2016 + Fix various style issues in the extension parsing refactor Based on review feedback received. Reviewed-by: Kurt Roeckx <k...@openssl.org> Reviewed-by: Rich Salz <rs...@openssl.org> commit 6f8db4e669ffa178ec2a0ed1e367aaf
[openssl-commits] [openssl] master update
The branch master has been updated via 234b8af4b748311b8856bfd30ae45d187a184465 (commit) from 902aca09f3cfdf124dc92c7338635b8515eb8f39 (commit) - Log - commit 234b8af4b748311b8856bfd30ae45d187a184465 Author: FdaSilvaYY <fdasilv...@gmail.com> Date: Thu Sep 15 21:42:53 2016 +0200 Simplify and clean X509_VERIFY_PARAM new/free code. Split x509_verify_param_zero code to the right place Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: crypto/x509/x509_vpm.c | 43 +-- 1 file changed, 13 insertions(+), 30 deletions(-) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 05c7852..386382d 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -79,33 +79,6 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, return 1; } -static void x509_verify_param_zero(X509_VERIFY_PARAM *param) -{ -if (!param) -return; -param->name = NULL; -param->purpose = 0; -param->trust = X509_TRUST_DEFAULT; -/* - * param->inh_flags = X509_VP_FLAG_DEFAULT; - */ -param->inh_flags = 0; -param->flags = 0; -param->depth = -1; -param->auth_level = -1; /* -1 means unset, 0 is explicit */ -sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); -param->policies = NULL; -sk_OPENSSL_STRING_pop_free(param->hosts, str_free); -param->hosts = NULL; -OPENSSL_free(param->peername); -param->peername = NULL; -OPENSSL_free(param->email); -param->email = NULL; -param->emaillen = 0; -OPENSSL_free(param->ip); -param->ip = NULL; -param->iplen = 0; -} X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { @@ -114,15 +87,25 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) param = OPENSSL_zalloc(sizeof(*param)); if (param == NULL) return NULL; -x509_verify_param_zero(param); +param->trust = X509_TRUST_DEFAULT; +/* + * param->inh_flags = X509_VP_FLAG_DEFAULT; + */ +param->inh_flags = 0; +param->depth = -1; +param->auth_level = -1; /* -1 means unset, 0 is explicit */ return param; } void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) { -if (!param) +if (param == NULL) return; -x509_verify_param_zero(param); +sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); +sk_OPENSSL_STRING_pop_free(param->hosts, str_free); +OPENSSL_free(param->peername); +OPENSSL_free(param->email); +OPENSSL_free(param->ip); OPENSSL_free(param); } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 6925a94839794a6712db181bd1a8ccf948deb4ff (commit) via 134bfe56c4fe9490ddcac070909252233ff82076 (commit) via 34574f193bf9961256d5b8bdb6950dcc890e0336 (commit) via 9b36b7d9bdb33d1edbc2bbfd8a773a0eb8645788 (commit) via 327c1627923288d3dbbfc34d1c7d8785552f6ad8 (commit) via ddd2c38917976da07ce0dfcd0bf3f3826c94051c (commit) via d2139cf8dffcfe4a936ef55d25f769b162a8c603 (commit) from 234b8af4b748311b8856bfd30ae45d187a184465 (commit) - Log - commit 6925a94839794a6712db181bd1a8ccf948deb4ff Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 8 23:22:11 2016 + Ensure the key and iv labels are declared as static Fixes a travis failure Reviewed-by: Rich Salz <rs...@openssl.org> commit 134bfe56c4fe9490ddcac070909252233ff82076 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 10:18:41 2016 + Add a test for the TLS1.3 secret generation Reviewed-by: Rich Salz <rs...@openssl.org> commit 34574f193bf9961256d5b8bdb6950dcc890e0336 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 8 10:34:28 2016 + Add support for TLS1.3 secret generation Nothing is using this yet, it just adds the underlying functions necesary for generating the TLS1.3 secrets. Reviewed-by: Rich Salz <rs...@openssl.org> commit 9b36b7d9bdb33d1edbc2bbfd8a773a0eb8645788 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 8 10:33:35 2016 + Add support for initialising WPACKETs from a static buffer Normally WPACKETs will use a BUF_MEM which can grow as required. Sometimes though that may be overkill for what is needed - a static buffer may be sufficient. This adds that capability. Reviewed-by: Rich Salz <rs...@openssl.org> commit 327c1627923288d3dbbfc34d1c7d8785552f6ad8 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 8 10:25:21 2016 + Add some documentation for the new HKDF modes Reviewed-by: Rich Salz <rs...@openssl.org> commit ddd2c38917976da07ce0dfcd0bf3f3826c94051c Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 8 11:48:33 2016 + Following the changes to HKDF to accept a mode, add some tests for this Reviewed-by: Rich Salz <rs...@openssl.org> commit d2139cf8dffcfe4a936ef55d25f769b162a8c603 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 10:16:57 2016 + Update HKDF to support separte Extract and Expand steps At the moment you can only do an HKDF Extract and Expand in one go. For TLS1.3 we need to be able to do an Extract first, and the subsequently do a number of Expand steps on the same PRK. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: crypto/kdf/hkdf.c | 52 ++- doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod | 62 +++- include/openssl/kdf.h | 23 +- ssl/build.info | 2 +- ssl/packet.c | 55 +++- ssl/packet_locl.h | 10 + ssl/ssl_locl.h | 21 ++ ssl/tls13_enc.c| 217 + test/build.info| 11 + test/evptests.txt | 106 +++ .../{80-test_dtls_mtu.t => 90-test_tls13secrets.t} | 9 +- test/tls13secretstest.c| 353 + test/wpackettest.c | 27 ++ 13 files changed, 902 insertions(+), 46 deletions(-) create mode 100644 ssl/tls13_enc.c copy test/recipes/{80-test_dtls_mtu.t => 90-test_tls13secrets.t} (67%) create mode 100644 test/tls13secretstest.c diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index 00b95b5..8b6eeb3 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -34,6 +34,7 @@ static unsigned char *HKDF_Expand(const EVP_MD *evp_md, unsigned char *okm, size_t okm_len); typedef struct { +int mode; const EVP_MD *md; unsigned char *salt; size_t salt_len; @@ -77,6 +78,10 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) kctx->md = p2; return 1; +case EVP_PKEY_CTRL_HKDF_MODE: +kctx->mode = p1; +return 1; + case EVP_PKEY_CTRL_HKDF_SALT: if (p1 == 0 || p2 == NULL) return 1; @@ -128,6 +133,21 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { +if (strcmp(type, "mode&qu
[openssl-commits] [openssl] master update
The branch master has been updated via f2342b7ac3c3fe5914235a692c22db1dae316af4 (commit) via 60e3b3c5506997084352710cd78c4723642936c4 (commit) via b97667ce679d439a5620c326e0e9fefea3186bdc (commit) via 54682aa3574b9830362a51c919b6aa1d5429074b (commit) via d2f42576c46ce84662134a68ccbf76bd1cf639ba (commit) via 17d01b420151d05edd347b584fa1942f5b914fc5 (commit) via bf0ba5e7040d59b0c8e2c5cf6922fdd0ccc11d1a (commit) via 7b21c00e1c8841a1efe654e0488d4fc9af47db4c (commit) via bf85ef1b60d03c76e85ec06be3999ead4533f092 (commit) via 16bce0e08b16b28a1953795bde3f913957b08ef2 (commit) via 203b1cdf73be98b2abfe00cc2c0347cf246ad80d (commit) via 619d8336d00fe19bc694e61e772b5838d7e422e5 (commit) via cd99883755f428ac47e8e2ccb21333b675ec22d9 (commit) via 5506e835a87f3ab8be77c96d3ccea8566bd42335 (commit) via b5b253b1bfe55d0d1be4c45dafed8d789ab97c17 (commit) from 7bb37cb5938a0cf76c12c8421950e72634d5f61c (commit) - Log - commit f2342b7ac3c3fe5914235a692c22db1dae316af4 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 9 14:43:05 2016 + Address some supported_versions review comments Added some TODOs, refactored a couple of things and added a SSL_IS_TLS13() macro. Reviewed-by: Rich Salz <rs...@openssl.org> commit 60e3b3c5506997084352710cd78c4723642936c4 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 9 09:52:37 2016 + Remove some redundant trace code No need to have a supported versions table and a versions table. They should be the same. Reviewed-by: Rich Salz <rs...@openssl.org> commit b97667ce679d439a5620c326e0e9fefea3186bdc Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 13:48:07 2016 + Fix some missing checks for TLS1_3_VERSION_DRAFT There were a few places where we weren't checking to see if we were using the draft TLS1.3 version or not. Reviewed-by: Rich Salz <rs...@openssl.org> commit 54682aa3574b9830362a51c919b6aa1d5429074b Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 15:36:00 2016 + Give the test with only TLS1.1 and TLS1.0 a better name Reviewed-by: Rich Salz <rs...@openssl.org> commit d2f42576c46ce84662134a68ccbf76bd1cf639ba Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 11:33:20 2016 + Add a TODO(TLS1.3) about renegotation Renegotiation does not exist in TLS1.3, so we need to disable it at some point. Reviewed-by: Rich Salz <rs...@openssl.org> commit 17d01b420151d05edd347b584fa1942f5b914fc5 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 09:09:02 2016 + Add some more version tests Send a TLS1.4 ClientHello with supported_versions and get TLS1.3 Send a TLS1.3 ClientHello without supported_versions and get TLS1.2 Reviewed-by: Rich Salz <rs...@openssl.org> commit bf0ba5e7040d59b0c8e2c5cf6922fdd0ccc11d1a Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 1 00:37:23 2016 + A style tweak based on feedback received Replace a bare ";" with "continue;" for the body of a for loop. Reviewed-by: Rich Salz <rs...@openssl.org> commit 7b21c00e1c8841a1efe654e0488d4fc9af47db4c Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 31 18:12:33 2016 + Look at the supported_versions extension even if the server commit bf85ef1b60d03c76e85ec06be3999ead4533f092 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 11:15:08 2016 + Ensure that vent->smeth != NULL before we call vent->smeth() We can end up with a NULL SSL_METHOD function if a method has been disabled. If that happens then we shouldn't call vent->smeth(). Reviewed-by: Rich Salz <rs...@openssl.org> commit 16bce0e08b16b28a1953795bde3f913957b08ef2 Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 31 17:05:20 2016 + Address some review feedback comments for supported_versions Reviewed-by: Rich Salz <rs...@openssl.org> commit 203b1cdf73be98b2abfe00cc2c0347cf246ad80d Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 27 18:32:19 2016 +0100 Add a test for the supported_versions extension Reviewed-by: Rich Salz <rs...@openssl.org> commit 619d8336d00fe19bc694e61e772b5838d7e422e5 Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 27 16:30:36 2016 +0100 Update TLS1.3 draft version numbers for latest draft Reviewed-by: Rich Salz <rs...@openssl.org> commit cd99883755f428ac47e8e2ccb21333b675ec22d9 Author: Matt Caswell <m...@openssl.org> Date: Sun Oct 23 00:41:11 2016 +0100 Add server side support for supported_versions extension Reviewed-
[openssl-commits] [openssl] master update
The branch master has been updated via 8e47ee18c8f7e59575effdd8dfcfbfff1a365ede (commit) via 3c9539d294b931bc430a01510753e10b7a201f11 (commit) via 185c29b14eafb9ddacffb82b10c4609e49686e66 (commit) from 5d71f7ea291761777a2b2a84f340ffb38b3ea14a (commit) - Log - commit 8e47ee18c8f7e59575effdd8dfcfbfff1a365ede Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 14:26:41 2016 + Add a test for the wrong version number in a record Prior to TLS1.3 we check that the received record version number is correct. In TLS1.3 we need to ignore the record version number. This adds a test to make sure we do it correctly. Reviewed-by: Rich Salz <rs...@openssl.org> commit 3c9539d294b931bc430a01510753e10b7a201f11 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 13:49:18 2016 + Ignore the record version in TLS1.3 The record layer version field must be ignored in TLSv1.3, so we remove the check when using that version. Reviewed-by: Rich Salz <rs...@openssl.org> commit 185c29b14eafb9ddacffb82b10c4609e49686e66 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 14:44:38 2016 + test_sslcbcpadding only makes sense --- Summary of changes: ssl/record/ssl3_record.c | 5 +++-- test/recipes/70-test_sslcbcpadding.t | 1 + test/recipes/70-test_sslrecords.t| 32 +++- util/TLSProxy/Record.pm | 13 - 4 files changed, 43 insertions(+), 8 deletions(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index f160c06..181ebbb 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -204,8 +204,9 @@ int ssl3_get_record(SSL *s) rr[num_recs].rec_version = version; n2s(p, rr[num_recs].length); -/* Lets check version */ -if (!s->first_packet && version != s->version) { +/* Lets check version. In TLSv1.3 we ignore this field */ +if (!s->first_packet && s->version != TLS1_3_VERSION +&& version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) { diff --git a/test/recipes/70-test_sslcbcpadding.t b/test/recipes/70-test_sslcbcpadding.t index 22825a0..8d3d6fc 100644 --- a/test/recipes/70-test_sslcbcpadding.t +++ b/test/recipes/70-test_sslcbcpadding.t @@ -48,6 +48,7 @@ ok(TLSProxy::Message->success(), "Maximally-padded record test"); # Test that invalid padding is rejected. foreach my $offset (@test_offsets) { $proxy->clear(); +$proxy->serverflags("-tls1_2"); $bad_padding_offset = $offset; $proxy->start(); ok(TLSProxy::Message->fail(), "Invalid padding byte $bad_padding_offset"); diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index b282dbd..cafa30c 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -39,10 +39,13 @@ my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; my $inject_recs_num = 1; $proxy->serverflags("-tls1_2"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -my $num_tests = 10; +my $num_tests = 11; if (!disabled("tls1_1")) { $num_tests++; } +if (!disabled("tls1_3")) { +$num_tests++; +} plan tests => $num_tests; ok(TLSProxy::Message->fail(), "Out of context empty records test"); @@ -137,6 +140,21 @@ if (!disabled("tls1_1")) { ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1"); } +#Test 12: Sending a different record version in TLS1.2 should fail +$proxy->clear(); +$proxy->clientflags("-tls1_2"); +$proxy->filter(\_version); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2"); + +#Test 13: Sending a different record version in TLS1.3 should succeed +if (!disabled("tls1_3")) { +$proxy->clear(); +$proxy->filter(\_version); +$proxy->start(); +ok(TLSProxy::Message->success(), "Changed record version in TLS1.3"); +} + sub add_empty_recs_filter { my $proxy = shift; @@ -388,3 +406,15 @@ sub add_unknown_record_type unshift @{$proxy->record_list}, $record; } + +sub change_version +{ +my $proxy = shift; + +# We'll change a version after the initial version neg has taken place +if ($proxy->flight != 2) { +return; +} + +(${$proxy-&g
[openssl-commits] [openssl] master update
The branch master has been updated via 5d71f7ea291761777a2b2a84f340ffb38b3ea14a (commit) from c437757466e7bef632b26eaaf429a9e693330999 (commit) - Log - commit 5d71f7ea291761777a2b2a84f340ffb38b3ea14a Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 7 13:44:56 2016 + Correct the Id for the TLS1.3 ciphersuite We have one TLS1.3 ciphersuite, but there is a typo in the id that should be corrected. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: include/openssl/tls1.h | 2 +- ssl/t1_trce.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 3f7e749..ba3c413 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -601,7 +601,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE /* TLS v1.3 ciphersuites */ -# define TLS1_3_CK_AES_128_GCM_SHA256 0x03000D01 +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 /* * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index ab5d2da..d8ad103 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -423,7 +423,7 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"}, {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"}, {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"}, -{0x0D01, "TLS_AES_128_GCM_SHA256"}, +{0x1301, "TLS_AES_128_GCM_SHA256"}, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, }; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via c437757466e7bef632b26eaaf429a9e693330999 (commit) from 475592e2419c5cb3098dfea4c9229d0c09ea7010 (commit) - Log - commit c437757466e7bef632b26eaaf429a9e693330999 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 3 13:21:28 2016 + Always ensure that init_msg is initialised for a CCS We read it later in grow_init_buf(). If CCS is the first thing received in a flight, then it will use the init_msg from the last flight we received. If the init_buf has been grown in the meantime then it will point to some arbitrary other memory location. This is likely to result in grow_init_buf() attempting to grow to some excessively large amount which is likely to fail. In practice this should never happen because the only time we receive a CCS as the first thing in a flight is in an abbreviated handshake. None of the preceding messages from the server flight would be large enough to trigger this. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/statem/statem_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 990510a..24159da 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -391,6 +391,7 @@ int tls_get_message_header(SSL *s, int *mt) } s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC; s->init_num = readbytes - 1; +s->init_msg = s->init_buf->data; s->s3->tmp.message_size = readbytes; return 1; } else if (recvd_type != SSL3_RT_HANDSHAKE) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 992b3740a1f7b24771ccf29a52b0141c51b95933 (commit) from 51d8e5ea866a7d606e4f2aa5e45c2f7df2270ace (commit) - Log - commit 992b3740a1f7b24771ccf29a52b0141c51b95933 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 3 13:21:28 2016 + Always ensure that init_msg is initialised for a CCS We read it later in grow_init_buf(). If CCS is the first thing received in a flight, then it will use the init_msg from the last flight we received. If the init_buf has been grown in the meantime then it will point to some arbitrary other memory location. This is likely to result in grow_init_buf() attempting to grow to some excessively large amount which is likely to fail. In practice this should never happen because the only time we receive a CCS as the first thing in a flight is in an abbreviated handshake. None of the preceding messages from the server flight would be large enough to trigger this. Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit c437757466e7bef632b26eaaf429a9e693330999) --- Summary of changes: ssl/statem/statem_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 31a84e4..637c610 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -370,6 +370,7 @@ int tls_get_message_header(SSL *s, int *mt) } s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC; s->init_num = i - 1; +s->init_msg = s->init_buf->data; s->s3->tmp.message_size = i; return 1; } else if (recvd_type != SSL3_RT_HANDSHAKE) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 929cc3fa6bceba1c6d9c362c56b89cbf2acf40bc (commit) from 992b3740a1f7b24771ccf29a52b0141c51b95933 (commit) - Log - commit 929cc3fa6bceba1c6d9c362c56b89cbf2acf40bc Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 27 10:46:25 2016 +0100 Partial revert of "Fix client verify mode to check SSL_VERIFY_PEER" This partially reverts commit c636c1c47. It also tweaks the documentation and comments in this area. On the client side the documented interface for SSL_CTX_set_verify()/SSL_set_verify() is that setting the flag SSL_VERIFY_PEER causes verfication of the server certificate to take place. Previously what was implemented was that if *any* flag was set then verification would take place. The above commit improved the semantics to be as per the documented interface. However, we have had a report of at least one application where an application was incorrectly using the interface and used *only* SSL_VERIFY_FAIL_IF_NO_PEER_CERT on the client side. In OpenSSL prior to the above commit this still caused verification of the server certificate to take place. After this commit the application silently failed to verify the server certificate. Ideally SSL_CTX_set_verify()/SSL_set_verify() could be modified to indicate if invalid flags were being used. However these are void functions! The simplest short term solution is to revert to the previous behaviour which at least means we "fail closed" rather than "fail open". Thanks to Cory Benfield for reporting this issue. Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit c8e2f98c97ff3327784843946c2d62761572e5d5) --- Summary of changes: doc/ssl/SSL_CTX_set_verify.pod | 7 +++ ssl/statem/statem_clnt.c | 16 +++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod index 96a98ac..d2d3d03 100644 --- a/doc/ssl/SSL_CTX_set_verify.pod +++ b/doc/ssl/SSL_CTX_set_verify.pod @@ -145,6 +145,13 @@ Its return value is identical to B, so that any verification failure will lead to a termination of the TLS/SSL handshake with an alert message, if SSL_VERIFY_PEER is set. +=head1 BUGS + +In client mode, it is not checked whether the SSL_VERIFY_PEER flag +is set, but whether any flags are set. This can lead to +unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as +required. + =head1 RETURN VALUES The SSL*_set_verify*() functions do not provide diagnostic information. diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 692544b..e90a63c 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1224,7 +1224,21 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) } i = ssl_verify_cert_chain(s, sk); -if ((s->verify_mode & SSL_VERIFY_PEER) && i <= 0) { +/* + * The documented interface is that SSL_VERIFY_PEER should be set in order + * for client side verification of the server certificate to take place. + * However, historically the code has only checked that *any* flag is set + * to cause server verification to take place. Use of the other flags makes + * no sense in client mode. An attempt to clean up the semantics was + * reverted because at least one application *only* set + * SSL_VERIFY_FAIL_IF_NO_PEER_CERT. Prior to the clean up this still caused + * server verification to take place, after the clean up it silently did + * nothing. SSL_CTX_set_verify()/SSL_set_verify() cannot validate the flags + * sent to them because they are void functions. Therefore, we now use the + * (less clean) historic behaviour of performing validation if any flag is + * set. The *documented* interface remains the same. + */ +if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { al = ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via c8e2f98c97ff3327784843946c2d62761572e5d5 (commit) from d836d71b2da026b4ed9a2233657b2289ab8e4be0 (commit) - Log - commit c8e2f98c97ff3327784843946c2d62761572e5d5 Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 27 10:46:25 2016 +0100 Partial revert of "Fix client verify mode to check SSL_VERIFY_PEER" This partially reverts commit c636c1c47. It also tweaks the documentation and comments in this area. On the client side the documented interface for SSL_CTX_set_verify()/SSL_set_verify() is that setting the flag SSL_VERIFY_PEER causes verfication of the server certificate to take place. Previously what was implemented was that if *any* flag was set then verification would take place. The above commit improved the semantics to be as per the documented interface. However, we have had a report of at least one application where an application was incorrectly using the interface and used *only* SSL_VERIFY_FAIL_IF_NO_PEER_CERT on the client side. In OpenSSL prior to the above commit this still caused verification of the server certificate to take place. After this commit the application silently failed to verify the server certificate. Ideally SSL_CTX_set_verify()/SSL_set_verify() could be modified to indicate if invalid flags were being used. However these are void functions! The simplest short term solution is to revert to the previous behaviour which at least means we "fail closed" rather than "fail open". Thanks to Cory Benfield for reporting this issue. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: doc/man3/SSL_CTX_set_verify.pod | 7 +++ ssl/statem/statem_clnt.c| 16 +++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/doc/man3/SSL_CTX_set_verify.pod b/doc/man3/SSL_CTX_set_verify.pod index 96a98ac..d2d3d03 100644 --- a/doc/man3/SSL_CTX_set_verify.pod +++ b/doc/man3/SSL_CTX_set_verify.pod @@ -145,6 +145,13 @@ Its return value is identical to B, so that any verification failure will lead to a termination of the TLS/SSL handshake with an alert message, if SSL_VERIFY_PEER is set. +=head1 BUGS + +In client mode, it is not checked whether the SSL_VERIFY_PEER flag +is set, but whether any flags are set. This can lead to +unexpected behaviour if SSL_VERIFY_PEER and other flags are not used as +required. + =head1 RETURN VALUES The SSL*_set_verify*() functions do not provide diagnostic information. diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index d8fbf58..6a05b9d 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1227,7 +1227,21 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) } i = ssl_verify_cert_chain(s, sk); -if ((s->verify_mode & SSL_VERIFY_PEER) && i <= 0) { +/* + * The documented interface is that SSL_VERIFY_PEER should be set in order + * for client side verification of the server certificate to take place. + * However, historically the code has only checked that *any* flag is set + * to cause server verification to take place. Use of the other flags makes + * no sense in client mode. An attempt to clean up the semantics was + * reverted because at least one application *only* set + * SSL_VERIFY_FAIL_IF_NO_PEER_CERT. Prior to the clean up this still caused + * server verification to take place, after the clean up it silently did + * nothing. SSL_CTX_set_verify()/SSL_set_verify() cannot validate the flags + * sent to them because they are void functions. Therefore, we now use the + * (less clean) historic behaviour of performing validation if any flag is + * set. The *documented* interface remains the same. + */ +if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { al = ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 513d76f495a256daf5c70f3c96f8fddc84c84c6a (commit) from b77b6127e8de38726f37697bbbc736ced7b49771 (commit) - Log - commit 513d76f495a256daf5c70f3c96f8fddc84c84c6a Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 8 13:52:30 2016 + Fix zlib BIO_METHOD for latest BIO_METHOD structure changes Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: crypto/comp/c_zlib.c | 4 1 file changed, 4 insertions(+) diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 2f38c2e..f0197b8 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -297,7 +297,11 @@ static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); static const BIO_METHOD bio_meth_zlib = { BIO_TYPE_COMP, "zlib", +/* TODO: Convert to new style write function */ +bwrite_conv, bio_zlib_write, +/* TODO: Convert to new style read function */ +bread_conv, bio_zlib_read, NULL, NULL, _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via a54aba531327285f64cf13a909bc129e9f9d5970 (commit) from 2fac86d9abeaa643677d1ffd0a139239fdf9406a (commit) - Log - commit a54aba531327285f64cf13a909bc129e9f9d5970 Author: Andy PolyakovDate: Tue Nov 8 20:25:09 2016 +0100 aes/asm/aesp8-ppc.pl: improve [backward] portability. Some of stone-age assembler can't cope with r0 in address. It's actually sensible thing to do, because r0 is shunted to 0 in address arithmetic and by refusing r0 assembler effectively makes you understand that. Reviewed-by: Rich Salz --- Summary of changes: crypto/aes/asm/aesp8-ppc.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl index 0497953..7463df6 100755 --- a/crypto/aes/asm/aesp8-ppc.pl +++ b/crypto/aes/asm/aesp8-ppc.pl @@ -3011,7 +3011,7 @@ _aesp8_xts_enc5x: vxor $twk0,$twk0,v31 vcipher $out0,$out0,v26 - lvsr$inpperm,r0,$taillen# $in5 is no more + lvsr$inpperm,0,$taillen # $in5 is no more vcipher $out1,$out1,v26 vcipher $out2,$out2,v26 vcipher $out3,$out3,v26 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 2a7dd548a6f5d6f7f84a89c98323b70a2822406e (commit) via 9ebcbbba81eba52282df9ad8902f047e2d501f51 (commit) from 3f7452e45a3c3ca4194edb0723f53465e0d788a1 (commit) - Log - commit 2a7dd548a6f5d6f7f84a89c98323b70a2822406e Author: Andy PolyakovDate: Sun Nov 6 18:33:17 2016 +0100 bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity). Reviewed-by: Rich Salz (cherry picked from commit 2fac86d9abeaa643677d1ffd0a139239fdf9406a) commit 9ebcbbba81eba52282df9ad8902f047e2d501f51 Author: Andy Polyakov Date: Sun Nov 6 18:31:14 2016 +0100 test/bntest.c: regression test for CVE-2016-7055. Reviewed-by: Rich Salz (cherry picked from commit dca2e0ee1745ed2d9cba8c29f334f881a58f85dc) --- Summary of changes: crypto/bn/asm/x86_64-mont.pl | 5 ++--- test/bntest.c| 26 ++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index 0451fef..df4cca5 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -1157,18 +1157,17 @@ $code.=<<___; mulx2*8($aptr),%r15,%r13# ... adox-3*8($tptr),%r11 adcx%r15,%r12 - adox$zero,%r12 + adox-2*8($tptr),%r12 adcx$zero,%r13 + adox$zero,%r13 mov $bptr,8(%rsp) # off-load [i] - .byte 0x67 mov $mi,%r15 imulq 24(%rsp),$mi# "t[0]"*n0 xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0 mulx3*8($aptr),%rax,%r14 mov$mi,%rdx - adox-2*8($tptr),%r12 adcx%rax,%r13 adox-1*8($tptr),%r13 adcx$zero,%r14 diff --git a/test/bntest.c b/test/bntest.c index 51b75d3..3af2b83 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -836,6 +836,32 @@ int test_mont(BIO *bp, BN_CTX *ctx) return 0; } } + +/* Regression test for carry bug in mulx4x_mont */ +BN_hex2bn(, +"7878787878787878787878787878787878787878787878787878787878787878" +"7878787878787878787878787878787878787878787878787878787878787878" +"7878787878787878787878787878787878787878787878787878787878787878" +"7878787878787878787878787878787878787878787878787878787878787878"); +BN_hex2bn(, +"095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744" +"E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593" +"9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03" +"9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81"); +BN_hex2bn(, +"D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B" +"91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5" +"D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4" +"2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF"); +BN_MONT_CTX_set(mont, n, ctx); +BN_mod_mul_montgomery(c, a, b, mont, ctx); +BN_mod_mul_montgomery(d, b, a, mont, ctx); +if (BN_cmp(c, d)) { +fprintf(stderr, "Montgomery multiplication test failed:" +" a*b != b*a.\n"); +return 0; +} + BN_MONT_CTX_free(mont); BN_free(a); BN_free(b); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 1ec574ae25a754d88f810304be3bfcb7b23101a8 (commit) via 91eaf079b7430cb4ebb7f3ccabe74aa383b27c4e (commit) via b263c106de0137d6f49fdf34cf4a3958c4d13c6a (commit) via 3ffb3406ce9d93756e15bf41fcfc86f9d582c452 (commit) via 6ca3e0f250b1b07557341b03141984f905761d19 (commit) via 59e92f2371d7bf1dfd3bcaffc69c53f5a6ac8b5d (commit) via 4e7a0fa104b0eb60a60f2d4cc4d7f8d9852a910c (commit) via e9fcdd2e69052412e67cbbf6e8b5bdc5b545d364 (commit) via 610b66267e41a32805ab54cbc580c5a6d5826cb4 (commit) via 99d97842ddb5fbbbfb5e9820a64ebd19afe569f6 (commit) from 53c6cbf6e9a6e4fe2433a89bf3c970355dd1e29a (commit) - Log - commit 1ec574ae25a754d88f810304be3bfcb7b23101a8 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 10 14:04:49 2016 + Prepare for 1.1.0d-dev Reviewed-by: Richard Levitte <levi...@openssl.org> commit 91eaf079b7430cb4ebb7f3ccabe74aa383b27c4e Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 10 14:03:42 2016 + Prepare for 1.1.0c release Reviewed-by: Richard Levitte <levi...@openssl.org> commit b263c106de0137d6f49fdf34cf4a3958c4d13c6a Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 10 11:49:06 2016 + Update CHANGES and NEWS Reviewed-by: Richard Levitte <levi...@openssl.org> commit 3ffb3406ce9d93756e15bf41fcfc86f9d582c452 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 10 11:27:07 2016 + Fix the no-tls option Reviewed-by: Richard Levitte <levi...@openssl.org> commit 6ca3e0f250b1b07557341b03141984f905761d19 Author: Richard Levitte <levi...@openssl.org> Date: Thu Nov 10 01:49:47 2016 +0100 Fix no-cms (CVE-2016-7053) Reviewed-by: Matt Caswell <m...@openssl.org> commit 59e92f2371d7bf1dfd3bcaffc69c53f5a6ac8b5d Author: Andy Polyakov <ap...@openssl.org> Date: Tue Nov 1 22:06:42 2016 +0100 test/evptests.txt: add negative tests for AEAD ciphers. This is done by taking one vector, "corrupting" last bit of the tag value and verifying that decrypt fails. Reviewed-by: Emilia Käsper <emi...@openssl.org> commit 4e7a0fa104b0eb60a60f2d4cc4d7f8d9852a910c Author: Andy Polyakov <ap...@openssl.org> Date: Mon Oct 31 21:50:26 2016 +0100 test: add TLS application data corruption test. Reviewed-by: Emilia Käsper <emi...@openssl.org> commit e9fcdd2e69052412e67cbbf6e8b5bdc5b545d364 Author: Dr. Stephen Henson <st...@openssl.org> Date: Fri Oct 14 12:02:12 2016 +0100 add test for CVE-2016-7053 Reviewed-by: Richard Levitte <levi...@openssl.org> commit 610b66267e41a32805ab54cbc580c5a6d5826cb4 Author: Dr. Stephen Henson <st...@openssl.org> Date: Fri Oct 14 11:51:43 2016 +0100 Don't set choice selector on parse failure. Don't set choice selector on parse failure: this can pass unexpected values to the choice callback. Instead free up partial structure directly. CVE-2016-7053 Thanks to Tyler Nighswander of ForAllSecure for reporting this issue. Reviewed-by: Richard Levitte <levi...@openssl.org> commit 99d97842ddb5fbbbfb5e9820a64ebd19afe569f6 Author: Richard Levitte <levi...@openssl.org> Date: Fri Nov 4 14:21:46 2016 +0100 chacha20/poly1305: make sure to clear the buffer at correct position The offset to the memory to clear was incorrect, causing a heap buffer overflow. CVE-2016-7054 Thanks to Robert Święcki for reporting this Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit b8e4011fb26364e44230946b87ab38cc1c719aae) --- Summary of changes: CHANGES| 52 +++- NEWS | 8 +- README | 2 +- crypto/asn1/tasn_dec.c | 14 +- crypto/evp/e_chacha20_poly1305.c | 2 +- include/openssl/opensslv.h | 6 +- test/build.info| 6 +- test/d2i-tests/bad-cms.der | 1 + test/d2i_test.c| 8 +- test/evptests.txt | 59 + test/recipes/25-test_d2i.t | 14 +- test/recipes/80-test_ssl_new.t | 2 +- .../{90-test_sslapi.t => 80-test_sslcorrupt.t} | 11 +- test/sslcorrupttest.c | 282 + test/ssltestlib.c | 4 + 15 files changed, 447 insertions(+), 24 deletions(-) create mode 100644 test/d2i-tests/
[openssl-commits] [openssl] master update
The branch master has been updated via 6a69e8694af23dae1d1927813932f4296d133416 (commit) via f07d639edf849413e24845301fd514ff4a606000 (commit) via 9d7ce8d42b80fda2566c70f0d4de4069bb34e72c (commit) via 70d8b304d01b9e0c4ec182db20c33aa0698cda51 (commit) via c5a569927fb7bcfa34dde76dbc021d4f8a5c8fb1 (commit) via a378a46985698bf2576b2990e7faf21f62dd176a (commit) via f962541d0be200055e508641ddf3a8ec8819e4df (commit) via bf52165bda53524a267c784696bd074111a2f178 (commit) from a54aba531327285f64cf13a909bc129e9f9d5970 (commit) - Log - commit 6a69e8694af23dae1d1927813932f4296d133416 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 10 11:49:06 2016 + Update CHANGES and NEWS Reviewed-by: Richard Levitte <levi...@openssl.org> commit f07d639edf849413e24845301fd514ff4a606000 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 10 11:27:07 2016 + Fix the no-tls option Reviewed-by: Richard Levitte <levi...@openssl.org> commit 9d7ce8d42b80fda2566c70f0d4de4069bb34e72c Author: Richard Levitte <levi...@openssl.org> Date: Thu Nov 10 01:49:47 2016 +0100 Fix no-cms (CVE-2016-7053) Reviewed-by: Matt Caswell <m...@openssl.org> commit 70d8b304d01b9e0c4ec182db20c33aa0698cda51 Author: Andy Polyakov <ap...@openssl.org> Date: Tue Nov 1 22:06:42 2016 +0100 test/evptests.txt: add negative tests for AEAD ciphers. This is done by taking one vector, "corrupting" last bit of the tag value and verifying that decrypt fails. Reviewed-by: Emilia Käsper <emi...@openssl.org> commit c5a569927fb7bcfa34dde76dbc021d4f8a5c8fb1 Author: Andy Polyakov <ap...@openssl.org> Date: Mon Oct 31 21:50:26 2016 +0100 test: add TLS application data corruption test. Reviewed-by: Emilia Käsper <emi...@openssl.org> commit a378a46985698bf2576b2990e7faf21f62dd176a Author: Dr. Stephen Henson <st...@openssl.org> Date: Fri Oct 14 12:02:12 2016 +0100 add test for CVE-2016-7053 Reviewed-by: Richard Levitte <levi...@openssl.org> commit f962541d0be200055e508641ddf3a8ec8819e4df Author: Dr. Stephen Henson <st...@openssl.org> Date: Fri Oct 14 11:51:43 2016 +0100 Don't set choice selector on parse failure. Don't set choice selector on parse failure: this can pass unexpected values to the choice callback. Instead free up partial structure directly. CVE-2016-7053 Thanks to Tyler Nighswander of ForAllSecure for reporting this issue. Reviewed-by: Richard Levitte <levi...@openssl.org> commit bf52165bda53524a267c784696bd074111a2f178 Author: Richard Levitte <levi...@openssl.org> Date: Fri Nov 4 14:21:46 2016 +0100 chacha20/poly1305: make sure to clear the buffer at correct position The offset to the memory to clear was incorrect, causing a heap buffer overflow. CVE-2016-7054 Thanks to Robert Święcki for reporting this Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: CHANGES| 46 NEWS | 3 + crypto/asn1/tasn_dec.c | 14 +- crypto/evp/e_chacha20_poly1305.c | 2 +- test/build.info| 6 +- test/d2i-tests/bad-cms.der | 1 + test/evptests.txt | 59 + test/recipes/25-test_d2i.t | 14 +- test/recipes/80-test_ssl_new.t | 2 +- .../{90-test_sslapi.t => 80-test_sslcorrupt.t} | 11 +- test/sslcorrupttest.c | 282 + test/ssltestlib.c | 4 + 12 files changed, 427 insertions(+), 17 deletions(-) create mode 100644 test/d2i-tests/bad-cms.der copy test/recipes/{90-test_sslapi.t => 80-test_sslcorrupt.t} (58%) create mode 100644 test/sslcorrupttest.c diff --git a/CHANGES b/CHANGES index ba661db..518a70b 100644 --- a/CHANGES +++ b/CHANGES @@ -17,6 +17,52 @@ Changes between 1.1.0b and 1.1.0c [xx XXX ] + *) ChaCha20/Poly1305 heap-buffer-overflow + + TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to + a DoS attack by corrupting larger payloads. This can result in an OpenSSL + crash. This issue is not considered to be exploitable beyond a DoS. + + This issue was reported to OpenSSL by Robert Święcki (Google Security Team) + (CVE-2016-7054) + [Richard Levitte] + + *) CMS Null dereference + + Applications parsing invalid CMS structures can crash with a NULL pointer + dereference. This is caused by a b
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 19e1de548eff0b08ba2878b3258aaceead32977b (commit) from 57c4b9f6a2f800b41ce2836986fe33640f6c3f8a (commit) - Log - commit 19e1de548eff0b08ba2878b3258aaceead32977b Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 10 11:49:06 2016 + Update CHANGES and NEWS Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: CHANGES | 23 +++ NEWS| 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 1fbe3b3..15c9277 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,29 @@ Changes between 1.0.2j and 1.0.2k [xx XXX ] + *) Montgomery multiplication may produce incorrect results + + There is a carry propagating bug in the Broadwell-specific Montgomery + multiplication procedure that handles input lengths divisible by, but + longer than 256 bits. Analysis suggests that attacks against RSA, DSA + and DH private keys are impossible. This is because the subroutine in + question is not used in operations with the private key itself and an input + of the attacker's direct choice. Otherwise the bug can manifest itself as + transient authentication and key negotiation failures or reproducible + erroneous outcome of public-key operations with specially crafted input. + Among EC algorithms only Brainpool P-512 curves are affected and one + presumably can attack ECDH key negotiation. Impact was not analyzed in + detail, because pre-requisites for attack are considered unlikely. Namely + multiple clients have to choose the curve in question and the server has to + share the private key among them, neither of which is default behaviour. + Even then only clients that chose the curve will be affected. + + This issue was publicly reported as transient failures and was not + initially recognized as a security issue. Thanks to Richard Morgan for + providing reproducible case. + (CVE-2016-7055) + [Andy Polyakov] + *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to prevent issues where no progress is being made and the peer continually diff --git a/NEWS b/NEWS index d750fb5..efd2dbf 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [under development] - o + o Montgomery multiplication may produce incorrect results (CVE-2016-7055) Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016] _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 1a14f11cca34636357f9c5e5b5c249257285ac99 (commit) from 183632aa1c2541118fe7b465c05db7d364b0 (commit) - Log - commit 1a14f11cca34636357f9c5e5b5c249257285ac99 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 10 14:08:54 2016 + Updates for new release --- Summary of changes: news/newsflash.txt | 2 + news/secadv/20161110.txt | 96 news/vulnerabilities.xml | 74 - 3 files changed, 171 insertions(+), 1 deletion(-) create mode 100644 news/secadv/20161110.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index 7cdd7aa..545bf1d 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,8 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +10-Nov-2016: Security Advisory: several security fixes +10-Nov-2016: OpenSSL 1.1.0c is now available, including bug and security fixes 07-Nov-2016: OpenSSL 1.1.0c https://mta.openssl.org/pipermail/openssl-announce/2016-November/85.html;>security release due on 10th November 2016 12-Oct-2016: New Blog post: https://www.openssl.org/blog/blog/2016/10/12/f2f-rt-github/;>Face to Face: Goodbye RT, Hello GitHub 26-Sep-2016: Security Advisory: Two security fixes diff --git a/news/secadv/20161110.txt b/news/secadv/20161110.txt new file mode 100644 index 000..50c8203 --- /dev/null +++ b/news/secadv/20161110.txt @@ -0,0 +1,96 @@ + +OpenSSL Security Advisory [10 Nov 2016] + + +ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054) +== + +Severity: High + +TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS +attack by corrupting larger payloads. This can result in an OpenSSL crash. This +issue is not considered to be exploitable beyond a DoS. + +OpenSSL 1.1.0 users should upgrade to 1.1.0c + +This issue does not affect OpenSSL versions prior to 1.1.0 + +This issue was reported to OpenSSL on 25th September 2016 by Robert +Święcki (Google Security Team), and was found using honggfuzz. The fix +was developed by Richard Levitte of the OpenSSL development team. + +CMS Null dereference (CVE-2016-7053) + + +Severity: Moderate + +Applications parsing invalid CMS structures can crash with a NULL pointer +dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type +in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure +callback if an attempt is made to free certain invalid encodings. Only CHOICE +structures using a callback which do not handle NULL value are affected. + +OpenSSL 1.1.0 users should upgrade to 1.1.0c + +This issue does not affect OpenSSL versions prior to 1.1.0 + +This issue was reported to OpenSSL on 12th October 2016 by Tyler Nighswander of +ForAllSecure. The fix was developed by Stephen Henson of the OpenSSL +development team. + +Montgomery multiplication may produce incorrect results (CVE-2016-7055) +=== + +Severity: Low + +There is a carry propagating bug in the Broadwell-specific Montgomery +multiplication procedure that handles input lengths divisible by, but +longer than 256 bits. Analysis suggests that attacks against RSA, DSA +and DH private keys are impossible. This is because the subroutine in +question is not used in operations with the private key itself and an input +of the attacker's direct choice. Otherwise the bug can manifest itself as +transient authentication and key negotiation failures or reproducible +erroneous outcome of public-key operations with specially crafted input. +Among EC algorithms only Brainpool P-512 curves are affected and one +presumably can attack ECDH key negotiation. Impact was not analyzed in +detail, because pre-requisites for attack are considered unlikely. Namely +multiple clients have to choose the curve in question and the server has to +share the private key among them, neither of which is default behaviour. +Even then only clients that chose the curve will be affected. + +OpenSSL 1.1.0 users should upgrade to 1.1.0c + +This issue does not affect OpenSSL versions prior to 1.0.2. Due to the low +severity of this defect we are not issuing a new 1.0.2 release at this time. +We recommend that 1.0.2 users wait for the next 1.0.2 release for the fix to +become available. The fix is also available in the OpenSSL git repository in +commit 57c4b9f6a2. + +This issue was publicly reported as transient failures and was not +initially recognized as a security issue. Thanks to Richard Morgan for +providing reproducible case. The fix was developed by Andy Polyakov of
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 267d4fb1830ffd66fbc80a4e89e85ca67fdce3bb (commit) from 73a5150689571fb8374320a298c4082778d238f3 (commit) - Log - commit 267d4fb1830ffd66fbc80a4e89e85ca67fdce3bb Author: Richard Levitte <levi...@openssl.org> Date: Thu Nov 10 02:08:22 2016 +0100 Fix no-dso (shlibloadtest) Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit 586b79d8884b171eb3fae1ef230572921715ce1a) --- Summary of changes: test/shlibloadtest.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c index eea2e3a..6f220ba 100644 --- a/test/shlibloadtest.c +++ b/test/shlibloadtest.c @@ -12,6 +12,9 @@ #include #include +/* The test is only currently implemented for DSO_DLFCN and DSO_WIN32 */ +#if defined(DSO_DLFCN) || defined(DSO_WIN32) + #define SSL_CTX_NEW "SSL_CTX_new" #define SSL_CTX_FREE "SSL_CTX_free" #define TLS_METHOD "TLS_method" @@ -35,7 +38,6 @@ static SSL_CTX_free_t SSL_CTX_free; static ERR_get_error_t ERR_get_error; static OpenSSL_version_num_t OpenSSL_version_num; - #ifdef DSO_DLFCN # include @@ -103,9 +105,6 @@ static int shlib_close(SHLIB lib) #endif -/* The test is only currently implemented for DSO_DLFCN and DSO_WIN32 */ -#if defined(DSO_DLFCN) || defined(DSO_WIN32) - # define CRYPTO_FIRST_OPT"-crypto_first" # define SSL_FIRST_OPT "-ssl_first" # define JUST_CRYPTO_OPT "-just_crypto" _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 3f7452e45a3c3ca4194edb0723f53465e0d788a1 (commit) from 267d4fb1830ffd66fbc80a4e89e85ca67fdce3bb (commit) - Log - commit 3f7452e45a3c3ca4194edb0723f53465e0d788a1 Author: Richard Levitte <levi...@openssl.org> Date: Thu Nov 10 10:03:37 2016 +0100 Fix the evp_test Ctrl keyword processing Skip the test if the value after ":" is a disabled algorithm, rather than failing it Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit dfbdf4abb7c62156f36925db95728142c4223225) --- Summary of changes: test/evp_test.c | 16 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index a0dbffb..0c352d6 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1246,7 +1246,8 @@ static void pkey_test_cleanup(struct evp_test *t) EVP_PKEY_CTX_free(kdata->ctx); } -static int pkey_test_ctrl(EVP_PKEY_CTX *pctx, const char *value) +static int pkey_test_ctrl(struct evp_test *t, EVP_PKEY_CTX *pctx, + const char *value) { int rv; char *p, *tmpval; @@ -1258,6 +1259,13 @@ static int pkey_test_ctrl(EVP_PKEY_CTX *pctx, const char *value) if (p != NULL) *p++ = 0; rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); +if (p != NULL && rv <= 0 && rv != -2) { +/* If p has an OID assume disabled algorithm */ +if (OBJ_sn2nid(p) != NID_undef || OBJ_ln2nid(p) != NID_undef) { +t->skip = 1; +rv = 1; +} +} OPENSSL_free(tmpval); return rv > 0; } @@ -1271,7 +1279,7 @@ static int pkey_test_parse(struct evp_test *t, if (strcmp(keyword, "Output") == 0) return test_bin(value, >output, >output_len); if (strcmp(keyword, "Ctrl") == 0) -return pkey_test_ctrl(kdata->ctx, value); +return pkey_test_ctrl(t, kdata->ctx, value); return 0; } @@ -1391,7 +1399,7 @@ static int pderive_test_parse(struct evp_test *t, if (strcmp(keyword, "SharedSecret") == 0) return test_bin(value, >output, >output_len); if (strcmp(keyword, "Ctrl") == 0) -return pkey_test_ctrl(kdata->ctx, value); +return pkey_test_ctrl(t, kdata->ctx, value); return 0; } @@ -1812,7 +1820,7 @@ static int kdf_test_parse(struct evp_test *t, if (strcmp(keyword, "Output") == 0) return test_bin(value, >output, >output_len); if (strncmp(keyword, "Ctrl", 4) == 0) -return pkey_test_ctrl(kdata->ctx, value); +return pkey_test_ctrl(t, kdata->ctx, value); return 0; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via dfbdf4abb7c62156f36925db95728142c4223225 (commit) from 586b79d8884b171eb3fae1ef230572921715ce1a (commit) - Log - commit dfbdf4abb7c62156f36925db95728142c4223225 Author: Richard Levitte <levi...@openssl.org> Date: Thu Nov 10 10:03:37 2016 +0100 Fix the evp_test Ctrl keyword processing Skip the test if the value after ":" is a disabled algorithm, rather than failing it Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: test/evp_test.c | 16 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index a0dbffb..0c352d6 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1246,7 +1246,8 @@ static void pkey_test_cleanup(struct evp_test *t) EVP_PKEY_CTX_free(kdata->ctx); } -static int pkey_test_ctrl(EVP_PKEY_CTX *pctx, const char *value) +static int pkey_test_ctrl(struct evp_test *t, EVP_PKEY_CTX *pctx, + const char *value) { int rv; char *p, *tmpval; @@ -1258,6 +1259,13 @@ static int pkey_test_ctrl(EVP_PKEY_CTX *pctx, const char *value) if (p != NULL) *p++ = 0; rv = EVP_PKEY_CTX_ctrl_str(pctx, tmpval, p); +if (p != NULL && rv <= 0 && rv != -2) { +/* If p has an OID assume disabled algorithm */ +if (OBJ_sn2nid(p) != NID_undef || OBJ_ln2nid(p) != NID_undef) { +t->skip = 1; +rv = 1; +} +} OPENSSL_free(tmpval); return rv > 0; } @@ -1271,7 +1279,7 @@ static int pkey_test_parse(struct evp_test *t, if (strcmp(keyword, "Output") == 0) return test_bin(value, >output, >output_len); if (strcmp(keyword, "Ctrl") == 0) -return pkey_test_ctrl(kdata->ctx, value); +return pkey_test_ctrl(t, kdata->ctx, value); return 0; } @@ -1391,7 +1399,7 @@ static int pderive_test_parse(struct evp_test *t, if (strcmp(keyword, "SharedSecret") == 0) return test_bin(value, >output, >output_len); if (strcmp(keyword, "Ctrl") == 0) -return pkey_test_ctrl(kdata->ctx, value); +return pkey_test_ctrl(t, kdata->ctx, value); return 0; } @@ -1812,7 +1820,7 @@ static int kdf_test_parse(struct evp_test *t, if (strcmp(keyword, "Output") == 0) return test_bin(value, >output, >output_len); if (strncmp(keyword, "Ctrl", 4) == 0) -return pkey_test_ctrl(kdata->ctx, value); +return pkey_test_ctrl(t, kdata->ctx, value); return 0; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 586b79d8884b171eb3fae1ef230572921715ce1a (commit) from f2342b7ac3c3fe5914235a692c22db1dae316af4 (commit) - Log - commit 586b79d8884b171eb3fae1ef230572921715ce1a Author: Richard Levitte <levi...@openssl.org> Date: Thu Nov 10 02:08:22 2016 +0100 Fix no-dso (shlibloadtest) Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: test/shlibloadtest.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/test/shlibloadtest.c b/test/shlibloadtest.c index eea2e3a..6f220ba 100644 --- a/test/shlibloadtest.c +++ b/test/shlibloadtest.c @@ -12,6 +12,9 @@ #include #include +/* The test is only currently implemented for DSO_DLFCN and DSO_WIN32 */ +#if defined(DSO_DLFCN) || defined(DSO_WIN32) + #define SSL_CTX_NEW "SSL_CTX_new" #define SSL_CTX_FREE "SSL_CTX_free" #define TLS_METHOD "TLS_method" @@ -35,7 +38,6 @@ static SSL_CTX_free_t SSL_CTX_free; static ERR_get_error_t ERR_get_error; static OpenSSL_version_num_t OpenSSL_version_num; - #ifdef DSO_DLFCN # include @@ -103,9 +105,6 @@ static int shlib_close(SHLIB lib) #endif -/* The test is only currently implemented for DSO_DLFCN and DSO_WIN32 */ -#if defined(DSO_DLFCN) || defined(DSO_WIN32) - # define CRYPTO_FIRST_OPT"-crypto_first" # define SSL_FIRST_OPT "-ssl_first" # define JUST_CRYPTO_OPT "-just_crypto" _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 57c4b9f6a2f800b41ce2836986fe33640f6c3f8a (commit) from c210840d06bf9e72ad6e26a444b4a2dabfc505b4 (commit) - Log - commit 57c4b9f6a2f800b41ce2836986fe33640f6c3f8a Author: Andy PolyakovDate: Sun Nov 6 18:33:17 2016 +0100 bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity). Reviewed-by: Rich Salz (cherry picked from commit 2fac86d9abeaa643677d1ffd0a139239fdf9406a) --- Summary of changes: crypto/bn/asm/x86_64-mont.pl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index 044fd7e..80492d8 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -1148,18 +1148,17 @@ $code.=<<___; mulx2*8($aptr),%r15,%r13# ... adox-3*8($tptr),%r11 adcx%r15,%r12 - adox$zero,%r12 + adox-2*8($tptr),%r12 adcx$zero,%r13 + adox$zero,%r13 mov $bptr,8(%rsp) # off-load [i] - .byte 0x67 mov $mi,%r15 imulq 24(%rsp),$mi# "t[0]"*n0 xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0 mulx3*8($aptr),%rax,%r14 mov$mi,%rdx - adox-2*8($tptr),%r12 adcx%rax,%r13 adox-1*8($tptr),%r13 adcx$zero,%r14 _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 2fac86d9abeaa643677d1ffd0a139239fdf9406a (commit) via dca2e0ee1745ed2d9cba8c29f334f881a58f85dc (commit) from dfbdf4abb7c62156f36925db95728142c4223225 (commit) - Log - commit 2fac86d9abeaa643677d1ffd0a139239fdf9406a Author: Andy PolyakovDate: Sun Nov 6 18:33:17 2016 +0100 bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity). Reviewed-by: Rich Salz commit dca2e0ee1745ed2d9cba8c29f334f881a58f85dc Author: Andy Polyakov Date: Sun Nov 6 18:31:14 2016 +0100 test/bntest.c: regression test for CVE-2016-7055. Reviewed-by: Rich Salz --- Summary of changes: crypto/bn/asm/x86_64-mont.pl | 5 ++--- test/bntest.c| 26 ++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index 0451fef..df4cca5 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -1157,18 +1157,17 @@ $code.=<<___; mulx2*8($aptr),%r15,%r13# ... adox-3*8($tptr),%r11 adcx%r15,%r12 - adox$zero,%r12 + adox-2*8($tptr),%r12 adcx$zero,%r13 + adox$zero,%r13 mov $bptr,8(%rsp) # off-load [i] - .byte 0x67 mov $mi,%r15 imulq 24(%rsp),$mi# "t[0]"*n0 xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0 mulx3*8($aptr),%rax,%r14 mov$mi,%rdx - adox-2*8($tptr),%r12 adcx%rax,%r13 adox-1*8($tptr),%r13 adcx$zero,%r14 diff --git a/test/bntest.c b/test/bntest.c index 51b75d3..3af2b83 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -836,6 +836,32 @@ int test_mont(BIO *bp, BN_CTX *ctx) return 0; } } + +/* Regression test for carry bug in mulx4x_mont */ +BN_hex2bn(, +"7878787878787878787878787878787878787878787878787878787878787878" +"7878787878787878787878787878787878787878787878787878787878787878" +"7878787878787878787878787878787878787878787878787878787878787878" +"7878787878787878787878787878787878787878787878787878787878787878"); +BN_hex2bn(, +"095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744" +"E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593" +"9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03" +"9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81"); +BN_hex2bn(, +"D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B" +"91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5" +"D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4" +"2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF"); +BN_MONT_CTX_set(mont, n, ctx); +BN_mod_mul_montgomery(c, a, b, mont, ctx); +BN_mod_mul_montgomery(d, b, a, mont, ctx); +if (BN_cmp(c, d)) { +fprintf(stderr, "Montgomery multiplication test failed:" +" a*b != b*a.\n"); +return 0; +} + BN_MONT_CTX_free(mont); BN_free(a); BN_free(b); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b4eee58a5f9dfa493d6cc34b4af871415c67beda (commit) from 10b0b5ecd93097179a2b13a7d34e0ab580d23fa2 (commit) - Log - commit b4eee58a5f9dfa493d6cc34b4af871415c67beda Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 10 15:35:42 2016 + Fix test_sslcorrupt when using TLSv1.3 The test loops through all the ciphers, attempting to test each one in turn. However version negotiation happens before cipher selection, so with TLSv1.3 switched on if we use a non-TLSv1.3 compatible cipher suite we get "no share cipher". Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: test/sslcorrupttest.c | 26 ++ 1 file changed, 26 insertions(+) diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c index 34ac8f7..f07cfce 100644 --- a/test/sslcorrupttest.c +++ b/test/sslcorrupttest.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include "ssltestlib.h" #include "testutil.h" @@ -182,6 +183,8 @@ static int test_ssl_corrupt(int testidx) BIO *c_to_s_fbio; int testresult = 0; static unsigned char junk[16000] = { 0 }; +STACK_OF(SSL_CIPHER) *ciphers; +const SSL_CIPHER *currcipher; printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]); @@ -196,6 +199,29 @@ static int test_ssl_corrupt(int testidx) goto end; } +ciphers = SSL_CTX_get_ciphers(cctx); +if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) != 1) { +printf("Unexpected ciphers set\n"); +goto end; +} +currcipher = sk_SSL_CIPHER_value(ciphers, 0); +if (currcipher == NULL) { +printf("Failed getting the current cipher\n"); +goto end; +} + +/* + * If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use + * TLSv1.3. Version negotiation happens before cipher selection, so we will + * get a "no shared cipher" error. + */ +if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) { +if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) { +printf("Failed setting max protocol version\n"); +goto end; +} +} + c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter()); if (c_to_s_fbio == NULL) { printf("Failed to create filter BIO\n"); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via de4d764e3271ce09d28c0d6d7bce3dc9d8b85ab9 (commit) from cf551a51d2385f59536645f644f03a572cc232f9 (commit) - Log - commit de4d764e3271ce09d28c0d6d7bce3dc9d8b85ab9 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 9 14:51:06 2016 + Rename the Elliptic Curves extension to supported_groups This is a skin deep change, which simply renames most places where we talk about curves in a TLS context to groups. This is because TLS1.3 has renamed the extension, and it can now include DH groups too. We still only support curves, but this rename should pave the way for a future extension for DH groups. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: apps/s_apps.h| 2 +- apps/s_cb.c | 54 +++--- apps/s_server.c | 4 +-- doc/man3/SSL_CTX_set1_curves.pod | 71 --- include/openssl/ssl.h| 32 -- include/openssl/tls1.h | 8 - ssl/s3_lib.c | 43 ssl/ssl_conf.c | 13 ++-- ssl/ssl_lib.c| 22 ++-- ssl/ssl_locl.h | 18 +- ssl/ssl_sess.c | 16 - ssl/statem/statem_srvr.c | 2 +- ssl/t1_ext.c | 2 +- ssl/t1_lib.c | 72 +--- ssl/t1_trce.c| 10 +++--- 15 files changed, 209 insertions(+), 160 deletions(-) diff --git a/apps/s_apps.h b/apps/s_apps.h index c47932b..4c24b2e 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -59,7 +59,7 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, STACK_OF(X509) *chain, int build_chain); int ssl_print_sigalgs(BIO *out, SSL *s); int ssl_print_point_formats(BIO *out, SSL *s); -int ssl_print_curves(BIO *out, SSL *s, int noshared); +int ssl_print_groups(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); int init_client(int *sock, const char *host, const char *port, diff --git a/apps/s_cb.c b/apps/s_cb.c index c37b9a1..d5c308e 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -307,50 +307,52 @@ int ssl_print_point_formats(BIO *out, SSL *s) return 1; } -int ssl_print_curves(BIO *out, SSL *s, int noshared) +int ssl_print_groups(BIO *out, SSL *s, int noshared) { -int i, ncurves, *curves, nid; -const char *cname; +int i, ngroups, *groups, nid; +const char *gname; -ncurves = SSL_get1_curves(s, NULL); -if (ncurves <= 0) +ngroups = SSL_get1_groups(s, NULL); +if (ngroups <= 0) return 1; -curves = app_malloc(ncurves * sizeof(int), "curves to print"); -SSL_get1_curves(s, curves); +groups = app_malloc(ngroups * sizeof(int), "groups to print"); +SSL_get1_groups(s, groups); -BIO_puts(out, "Supported Elliptic Curves: "); -for (i = 0; i < ncurves; i++) { +BIO_puts(out, "Supported Elliptic Groups: "); +for (i = 0; i < ngroups; i++) { if (i) BIO_puts(out, ":"); -nid = curves[i]; +nid = groups[i]; /* If unrecognised print out hex version */ if (nid & TLSEXT_nid_unknown) BIO_printf(out, "0x%04X", nid & 0x); else { +/* TODO(TLS1.3): Get group name here */ /* Use NIST name for curve if it exists */ -cname = EC_curve_nid2nist(nid); -if (!cname) -cname = OBJ_nid2sn(nid); -BIO_printf(out, "%s", cname); +gname = EC_curve_nid2nist(nid); +if (!gname) +gname = OBJ_nid2sn(nid); +BIO_printf(out, "%s", gname); } } -OPENSSL_free(curves); +OPENSSL_free(groups); if (noshared) { BIO_puts(out, "\n"); return 1; } -BIO_puts(out, "\nShared Elliptic curves: "); -ncurves = SSL_get_shared_curve(s, -1); -for (i = 0; i < ncurves; i++) { +BIO_puts(out, "\nShared Elliptic groups: "); +ngroups = SSL_get_shared_group(s, -1); +for (i = 0; i < ngroups; i++) { if (i) BIO_puts(out, ":"); -nid = SSL_get_shared_curve(s, i); -cname = EC_curve_nid2nist(nid); -if (!cname) -cname = OBJ_nid2sn(nid); -BIO_printf(out, "%s", cname); +nid = SSL_get_shared_group(s, i); +/* TODO(TLS1.3): Convert for DH groups */ +gname = EC_curve_nid2nist(nid); +if (!gname) +gname = OBJ_nid2sn(nid); +BIO_
[openssl-commits] [openssl] OpenSSL_1_1_0c create
The annotated tag OpenSSL_1_1_0c has been created at 48a90131b4e70d8e4b125a64d6c99307c70d7a76 (tag) tagging 91eaf079b7430cb4ebb7f3ccabe74aa383b27c4e (commit) replaces OpenSSL_1_1_0b tagged by Matt Caswell on Thu Nov 10 14:03:42 2016 + - Log - OpenSSL 1.1.0c release tag -BEGIN PGP SIGNATURE- iQEuBAABCAAYBQJYJH4+ERxtYXR0QG9wZW5zc2wub3JnAAoJENnE0m0OYESRgJwH /RgVH3qdEBh3CxRn3tH2VNFHX7hKu+ixYXwlb6+HHjl+uomQWLrp1VjxqA2n6uqj UYeK/nId/wLV4BWMiwxzKQqqMkvh98ZKGrcCgyj4vipPJVeJ1kMX2Yf/elm9oe68 SelTJm4HaB3MvZUa6AvhpGxNoSeyx0ZFTka5TmKUrEJ/pwglpJoZ82UBWB6B1IK7 Fw2UByFfQn8nzXWoZq5zrcmD6qNn44Pauso7Tr4rY3Uy6+b6V6B0qrEEZhBNwbD/ QqysfFkFG54M7ZsJCD5O9k808IpxElSCBOmhAGdotsVsH8UAC5aM8YHObs9iVZAC I3YyAocpfF1sGzitcJI7F2I= =0q99 -END PGP SIGNATURE- Andrea Grandi (3): Add missing .pod extension to EVP_PKEY_CTX_set_tls1_prf_md Fix broken link to ASYNC_get_wait_ctx and rewrap the paragraph Improve PRF documentation Andy Polyakov (6): x86_64 assembly pack: add Goldmont performance results. test/bntest.c: regression test for CVE-2016-7055. bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity). aes/asm/aesp8-ppc.pl: improve [backward] portability. test: add TLS application data corruption test. test/evptests.txt: add negative tests for AEAD ciphers. Ben Laurie (5): Don't use des when disabled. Make dependencies if Makefile is new. Remove untrue comment. Fix no-ocsp. Remove blank line. Benjamin Kaduk (1): Fix grammar-o in CONTRIBUTING Claus Assmann (1): Fix grammar error in SSL_CTX_set_min_proto_version David Benjamin (9): Test CBC mode padding. Don't test quite so many of them. Address review comments. Switch back to assuming TLS 1.2. Add missing parameter. Add a basic test for BN_bn2dec. Implement RSASSA-PKCS1-v1_5 as specified. Make RSA_sign.pod less confusing. Improve RSA test coverage. David Woodhouse (2): Restore '-keyform engine' support for s_client Disable encrypt_then_mac negotiation for DTLS. Dr. Stephen Henson (8): Add SRP test vectors from RFC5054 SRP code tidy. fix memory leak Fix X509_NAME decode for malloc failures. Add memory leak detection to d2i_test Fix embedded string handling. Don't set choice selector on parse failure. add test for CVE-2016-7053 EasySec (1): When no SRP identity is found, no error was reported server side FdaSilvaYY (4): Fix copy-paste test labels Add error checking, small nit on ouput Allow null in X509_CRL_METHOD_free Missing BN_RECP_CTX field init. Kurt Roeckx (1): conf fuzzer: also check for an empty file Mat (1): Do not set load_crypto_strings_inited when OPENSSL_NO_ERR is defined Matt Caswell (32): Prepare for 1.1.0c-dev Fix some mem leaks in sslapitest Add support for testing renegotiation Update README.ssltest.md Extend the renegotiation tests Add DTLS renegotiation tests Fix no-dtls Fix an Uninit read in DTLS Fix missing NULL checks in NewSessionTicket construction Ensure we handle len == 0 in ERR_err_string_n A zero return from BIO_read()/BIO_write() could be retryable Add a test for BIO_read() returning 0 in SSL_read() (and also for write) Fix a double free in ca command line Fix length check writing status request extension Ensure we have length checks for all extensions Implement length checks as a macro Fix read_ahead Add a read_ahead test Fail if an unrecognised record type is received Add a test for unrecognised record types Add a CHANGES entry for the unrecognised record type change Partial revert of 3d8b2ec42 to add back DSO_pathbyaddr Add a DSO_dsobyaddr() function Ensure that libcrypto and libssl do not unload until the process exits Add a test to dynamically load and unload the libraries Link using -znodelete Implement GET_MODULE_HANDLE_EX_FLAG_PIN for windows Always ensure that init_msg is initialised for a CCS Partial revert of "Fix client verify mode to check SSL_VERIFY_PEER" Fix the no-tls option Update CHANGES and NEWS Prepare for 1.1.0c release Mike Aizatsky (1): [fuzzers] do not fail fuzzers with empty input Rich Salz (6): RT is put out to pasture GH1546: Fix old names in cryptodev code. Fix typo (reported by Matthias St. Pierre) Update CRYPTO_set_mem_debug() doc Missed a mention of RT Zero stack variable with DSA nonce Richard Levitte (34): apps/apps.c: initialize and de-initialize engine around key loading Remove automatic RPATH Remove automatic RPATH - add user rpath support Remove automatic RPATH - adapt shlib_wrap.sh
[openssl-commits] [openssl] master update
The branch master has been updated via efba60ca7ab72cae62baad2aaaf2da32d1093c38 (commit) from 10acff61e105b69623c54ade26a7a426a705f7b2 (commit) - Log - commit efba60ca7ab72cae62baad2aaaf2da32d1093c38 Author: Andrea Grandi <andrea.gra...@intel.com> Date: Tue Oct 18 10:26:38 2016 +0100 Add missing .pod extension to EVP_PKEY_CTX_set_tls1_prf_md Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: .../{EVP_PKEY_CTX_set_tls1_prf_md => EVP_PKEY_CTX_set_tls1_prf_md.pod}| 0 1 file changed, 0 insertions(+), 0 deletions(-) rename doc/crypto/{EVP_PKEY_CTX_set_tls1_prf_md => EVP_PKEY_CTX_set_tls1_prf_md.pod} (100%) diff --git a/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md b/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod similarity index 100% rename from doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md rename to doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via be118c3d574d340031ef3ad1fbffa171fdfee580 (commit) from e97afdad659b6523a8f172097bf4f10ca2ce0867 (commit) - Log - commit be118c3d574d340031ef3ad1fbffa171fdfee580 Author: Andrea Grandi <andrea.gra...@intel.com> Date: Tue Oct 18 10:26:38 2016 +0100 Add missing .pod extension to EVP_PKEY_CTX_set_tls1_prf_md Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (cherry picked from commit efba60ca7ab72cae62baad2aaaf2da32d1093c38) --- Summary of changes: .../{EVP_PKEY_CTX_set_tls1_prf_md => EVP_PKEY_CTX_set_tls1_prf_md.pod}| 0 1 file changed, 0 insertions(+), 0 deletions(-) rename doc/crypto/{EVP_PKEY_CTX_set_tls1_prf_md => EVP_PKEY_CTX_set_tls1_prf_md.pod} (100%) diff --git a/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md b/doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod similarity index 100% rename from doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md rename to doc/crypto/EVP_PKEY_CTX_set_tls1_prf_md.pod _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 8afb9742aedc07e26f9930c1f859f8c0f204e77f (commit) from ec7b16ddbb020b2f49ff7394901cd2b2bed5234b (commit) - Log - commit 8afb9742aedc07e26f9930c1f859f8c0f204e77f Author: David Woodhouse <david.woodho...@intel.com> Date: Wed Oct 12 23:10:37 2016 +0100 Disable encrypt_then_mac negotiation for DTLS. I use the word 'negotiation' advisedly. Because that's all we were doing. We negotiated it, set the TLS1_FLAGS_ENCRYPT_THEN_MAC flag in our data structure, and then utterly ignored it in both dtls_process_record() and do_dtls1_write(). Turn it off for 1.1.0; we'll fix it for 1.1.1 and by the time that's released, hopefully 1.1.0b will be ancient history. Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: ssl/t1_lib.c | 15 --- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 86833d8..a3fb28e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1358,8 +1358,17 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, /* Add custom TLS Extensions to ClientHello */ if (!custom_ext_add(s, 0, , limit, al)) return NULL; -s2n(TLSEXT_TYPE_encrypt_then_mac, ret); -s2n(0, ret); +/* + * In 1.1.0 before 1.1.0c we negotiated EtM with DTLS, then just + * silently failed to actually do it. It is fixed in 1.1.1 but to + * ease the transition especially from 1.1.0b to 1.1.0c, we just + * disable it in 1.1.0. + */ +if (!SSL_IS_DTLS(s)) { +s2n(TLSEXT_TYPE_encrypt_then_mac, ret); +s2n(0, ret); +} + #ifndef OPENSSL_NO_CT if (s->ct_validation_callback != NULL) { s2n(TLSEXT_TYPE_signed_certificate_timestamp, ret); @@ -1596,7 +1605,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, * Don't use encrypt_then_mac if AEAD or RC4 might want to disable * for other cases too. */ -if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD +if (SSL_IS_DTLS(s) || s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4 || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 1ee297e52f5df6673742130a20bcef1814f85db4 (commit) from bf4e64227da738f68ed0304e24177f1317171151 (commit) - Log - commit 1ee297e52f5df6673742130a20bcef1814f85db4 Author: Xiaoyin Liu <xiaoy...@users.noreply.github.com> Date: Sun Sep 25 21:28:02 2016 -0400 Fix typo I think the second "VC-WIN32" should be "VC-WIN64". Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> CLA: trivial --- Summary of changes: NOTES.WIN | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NOTES.WIN b/NOTES.WIN index 3a149fa..2a3c1e1 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -36,7 +36,7 @@ PREFIX: %ProgramFiles(86)%\OpenSSL OPENSSLDIR: %CommonProgramFiles(86)%\SSL - For VC-WIN32, the following defaults are use: + For VC-WIN64, the following defaults are use: PREFIX: %ProgramW6432%\OpenSSL OPENSSLDIR: %CommonProgramW6432%\SSL _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e7b69227ca35b7fa7ab7bc5308a354e690da (commit) from 35a498e431f81f94c4ee2dd451cdfe4d566fef3b (commit) - Log - commit e7b69227ca35b7fa7ab7bc5308a354e690da Author: Xiaoyin Liu <xiaoy...@users.noreply.github.com> Date: Sun Sep 25 21:28:02 2016 -0400 Fix typo I think the second "VC-WIN32" should be "VC-WIN64". Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> CLA: trivial --- Summary of changes: NOTES.WIN | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NOTES.WIN b/NOTES.WIN index 3a149fa..2a3c1e1 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -36,7 +36,7 @@ PREFIX: %ProgramFiles(86)%\OpenSSL OPENSSLDIR: %CommonProgramFiles(86)%\SSL - For VC-WIN32, the following defaults are use: + For VC-WIN64, the following defaults are use: PREFIX: %ProgramW6432%\OpenSSL OPENSSLDIR: %CommonProgramW6432%\SSL _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 02a02319ea6cde904e4bfa3a05fe128fd9b6675c (commit) from 6d69dc56de8f0535be9ccabea7a8d4e61c04c2f1 (commit) - Log - commit 02a02319ea6cde904e4bfa3a05fe128fd9b6675c Author: Matt Caswell <m...@openssl.org> Date: Wed Oct 12 16:43:03 2016 +0100 Ensure we handle len == 0 in ERR_err_string_n If len == 0 in a call to ERR_error_string_n() then we can read beyond the end of the buffer. Really applications should not be calling this function with len == 0, but we shouldn't be letting it through either! Thanks to Agostino Sarubbo for reporting this issue. Agostino's blog on this issue is available here: https://blogs.gentoo.org/ago/2016/10/14/openssl-libcrypto-stack-based-buffer-overflow-in-err_error_string_n-err-c/ Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit e5c1361580d8de79682958b04a5f0d262e680f8b) --- Summary of changes: crypto/err/err.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/err/err.c b/crypto/err/err.c index e77d963..52dc9a5 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -868,6 +868,9 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len) const char *ls, *fs, *rs; unsigned long l, f, r; +if (len == 0) +return; + l = ERR_GET_LIB(e); f = ERR_GET_FUNC(e); r = ERR_GET_REASON(e); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e5c1361580d8de79682958b04a5f0d262e680f8b (commit) from 3ff3ee7a19e84076f67beeda1cf5e9d8b2380429 (commit) - Log - commit e5c1361580d8de79682958b04a5f0d262e680f8b Author: Matt Caswell <m...@openssl.org> Date: Wed Oct 12 16:43:03 2016 +0100 Ensure we handle len == 0 in ERR_err_string_n If len == 0 in a call to ERR_error_string_n() then we can read beyond the end of the buffer. Really applications should not be calling this function with len == 0, but we shouldn't be letting it through either! Thanks to Agostino Sarubbo for reporting this issue. Agostino's blog on this issue is available here: https://blogs.gentoo.org/ago/2016/10/14/openssl-libcrypto-stack-based-buffer-overflow-in-err_error_string_n-err-c/ Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: crypto/err/err.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/err/err.c b/crypto/err/err.c index c3f7212..29e5a03 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -500,6 +500,9 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len) const char *ls, *fs, *rs; unsigned long l, f, r; +if (len == 0) +return; + l = ERR_GET_LIB(e); f = ERR_GET_FUNC(e); r = ERR_GET_REASON(e); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 953ef2cbd0645a47b8d5c1af3fe8f77f2e56c133 (commit) from 5389388a2b327ab5d4353e98b4e258fb683cde15 (commit) - Log - commit 953ef2cbd0645a47b8d5c1af3fe8f77f2e56c133 Author: Matt Caswell <m...@openssl.org> Date: Wed Oct 12 16:43:03 2016 +0100 Ensure we handle len == 0 in ERR_err_string_n If len == 0 in a call to ERR_error_string_n() then we can read beyond the end of the buffer. Really applications should not be calling this function with len == 0, but we shouldn't be letting it through either! Thanks to Agostino Sarubbo for reporting this issue. Agostino's blog on this issue is available here: https://blogs.gentoo.org/ago/2016/10/14/openssl-libcrypto-stack-based-buffer-overflow-in-err_error_string_n-err-c/ Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit e5c1361580d8de79682958b04a5f0d262e680f8b) --- Summary of changes: crypto/err/err.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/err/err.c b/crypto/err/err.c index c3f7212..29e5a03 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -500,6 +500,9 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len) const char *ls, *fs, *rs; unsigned long l, f, r; +if (len == 0) +return; + l = ERR_GET_LIB(e); f = ERR_GET_FUNC(e); r = ERR_GET_REASON(e); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via c0dba2cca4d2bf3526d90a2050bdb17148ce803f (commit) via 96cce8205001b5801b10abf53e0ee81ee52d5d89 (commit) via 34657a8da2ead453460d668771984432cc767044 (commit) from cde6145ba19a2fce039cf054a89e49f67c623c59 (commit) - Log - commit c0dba2cca4d2bf3526d90a2050bdb17148ce803f Author: Patrick Steuer <pste...@mail.de> Date: Sat Oct 15 17:41:41 2016 +0200 Fix strict-warnings build crypto/s390xcap.c: internal/cryptlib.h needs to be included for OPENSSL_cpuid_setup function prototype is located there to avoid build error due to -Werror=missing-prototypes. Signed-off-by: Patrick Steuer <pste...@mail.de> Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> CLA: trivial commit 96cce8205001b5801b10abf53e0ee81ee52d5d89 Author: Patrick Steuer <pste...@mail.de> Date: Sat Oct 15 17:14:05 2016 +0200 Fix strict-warnings build crypto/evp/e_aes.c: Types of inp and out parameters of AES_xts_en/decrypt functions need to be changed from char to unsigned char to avoid build error due to '-Werror=incompatible-pointer-types'. crypto/aes/asm/aes-s390x.pl: Comments need to reflect the above change. Signed-off-by: Patrick Steuer <pste...@mail.de> Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> CLA: trivial commit 34657a8da2ead453460d668771984432cc767044 Author: Patrick Steuer <pste...@mail.de> Date: Sat Oct 15 16:54:52 2016 +0200 Fix strict-warnings build crypto/asn1/a_strex.c: Type of width variable in asn1_valid_host function needs to be changed from char to signed char to avoid build error due to '-Werror=type-limits'. Signed-off-by: Patrick Steuer <pste...@mail.de> Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> CLA: trivial --- Summary of changes: crypto/aes/asm/aes-s390x.pl | 8 crypto/asn1/a_strex.c | 2 +- crypto/evp/e_aes.c | 4 ++-- crypto/s390xcap.c | 1 + 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index 9c17f0e..af9d23d 100644 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl @@ -1575,8 +1575,8 @@ ___ } -# void AES_xts_encrypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2, +# void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, +# size_t len, const AES_KEY *key1, const AES_KEY *key2, # const unsigned char iv[16]); # { @@ -1944,8 +1944,8 @@ $code.=<<___; br $ra .size AES_xts_encrypt,.-AES_xts_encrypt ___ -# void AES_xts_decrypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2, +# void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, +# size_t len, const AES_KEY *key1, const AES_KEY *key2, # const unsigned char iv[16]); # $code.=<<___; diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 9839f5c..1bc0679 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -601,7 +601,7 @@ int asn1_valid_host(const ASN1_STRING *host) const unsigned char *hostptr = host->data; int type = host->type; int i; -char width = -1; +signed char width = -1; unsigned short chflags = 0, prevchflags; if (type > 0 && type < 31) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index f504c68..5810798 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -135,10 +135,10 @@ void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, const unsigned char ivec[AES_BLOCK_SIZE]); #endif #ifdef AES_XTS_ASM -void AES_xts_encrypt(const char *inp, char *out, size_t len, +void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); -void AES_xts_decrypt(const char *inp, char *out, size_t len, +void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); #endif diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index 675f2ec..93c5327 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 99c002b305705a3d1e092402bc092de1943fbc27 (commit) via b0161f6a8961b131c4dd43a4cc240b4a9ffda72d (commit) from 78ee64c237a8d73b8e92b2612f565db26c169ed5 (commit) - Log - commit 99c002b305705a3d1e092402bc092de1943fbc27 Author: Patrick Steuer <pste...@mail.de> Date: Mon Oct 17 10:30:33 2016 +0200 Fix strict-warnings build crypto/evp/e_aes.c: Types of inp and out parameters of AES_xts_en/decrypt functions need to be changed from char to unsigned char to avoid build error due to -Werror=incompatible-pointer-types. crypto/aes/asm/aes-s390x.pl: Comments need to reflect the above change. Signed-off-by: Patrick Steuer <pste...@mail.de> Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> CLA: trivial commit b0161f6a8961b131c4dd43a4cc240b4a9ffda72d Author: Patrick Steuer <pste...@mail.de> Date: Mon Oct 17 10:24:49 2016 +0200 Fix strict-warnings build crypto/s390xcap.c: cryptlib.h needs to be included for OPENSSL_cpuid_setup function prototype is located there to avoid build error due to -Werror=missing-prototypes. Signed-off-by: Patrick Steuer <pste...@mail.de> Reviewed-by: Rich Salz <rs...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> CLA: trivial --- Summary of changes: crypto/aes/asm/aes-s390x.pl | 8 crypto/evp/e_aes.c | 4 ++-- crypto/s390xcap.c | 1 + 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl index 76ca8e5..a8f4d29 100644 --- a/crypto/aes/asm/aes-s390x.pl +++ b/crypto/aes/asm/aes-s390x.pl @@ -1568,8 +1568,8 @@ ___ } -# void AES_xts_encrypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2, +# void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, +# size_t len, const AES_KEY *key1, const AES_KEY *key2, # const unsigned char iv[16]); # { @@ -1937,8 +1937,8 @@ $code.=<<___; br $ra .size AES_xts_encrypt,.-AES_xts_encrypt ___ -# void AES_xts_decrypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2, +# void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, +# size_t len, const AES_KEY *key1, const AES_KEY *key2, # const unsigned char iv[16]); # $code.=<<___; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 1734a82..7c62d32 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -155,10 +155,10 @@ void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, const unsigned char ivec[AES_BLOCK_SIZE]); # endif # ifdef AES_XTS_ASM -void AES_xts_encrypt(const char *inp, char *out, size_t len, +void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); -void AES_xts_decrypt(const char *inp, char *out, size_t len, +void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); # endif diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index 47d6b6f..cf8c372 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -3,6 +3,7 @@ #include #include #include +#include "cryptlib.h" extern unsigned long OPENSSL_s390xcap_P[]; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via b2e54eb834e2d5a79d03f12a818d68f82c0e3d13 (commit) from 6215f27a83c6b9089a217dd6deab1665e0ced516 (commit) - Log - commit b2e54eb834e2d5a79d03f12a818d68f82c0e3d13 Author: Valentin VidicDate: Mon Feb 15 15:28:41 2016 +0100 Add Postgres support to -starttls Reviewed-by: Rich Salz Reviewed-by: Tim Hudson --- Summary of changes: apps/s_client.c | 23 ++- doc/apps/s_client.pod | 2 +- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 0442aec..c2a00f5 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -739,7 +739,8 @@ typedef enum PROTOCOL_choice { PROTO_XMPP, PROTO_XMPP_SERVER, PROTO_CONNECT, -PROTO_IRC +PROTO_IRC, +PROTO_POSTGRES } PROTOCOL_CHOICE; static const OPT_PAIR services[] = { @@ -751,6 +752,7 @@ static const OPT_PAIR services[] = { {"xmpp-server", PROTO_XMPP_SERVER}, {"telnet", PROTO_TELNET}, {"irc", PROTO_IRC}, +{"postgres", PROTO_POSTGRES}, {NULL, 0} }; @@ -2084,6 +2086,25 @@ int s_client_main(int argc, char **argv) goto shut; } } +break; +case PROTO_POSTGRES: +{ +static const unsigned char ssl_request[] = { +/* LengthSSLRequest */ + 0, 0, 0, 8, 4, 210, 22, 47 +}; +int bytes; + +/* Send SSLRequest packet */ +BIO_write(sbio, ssl_request, 8); +(void)BIO_flush(sbio); + +/* Reply will be a single S if SSL is enabled */ +bytes = BIO_read(sbio, sbuf, BUFSIZZ); +if (bytes != 1 || sbuf[0] != 'S') +goto shut; +} +break; } for (;;) { diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 7ad9811..4a2a280 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -420,7 +420,7 @@ command for more information. send the protocol-specific message(s) to switch to TLS for communication. B is a keyword for the intended protocol. Currently, the only supported keywords are "smtp", "pop3", "imap", "ftp", "xmpp", "xmpp-server", -and "irc." +"irc" and "postgres." =item B<-xmpphost hostname> _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via cde6145ba19a2fce039cf054a89e49f67c623c59 (commit) via e23d5071ec4c7aa6bb2b0f2c3e0fc2182ed7e63f (commit) from b2e54eb834e2d5a79d03f12a818d68f82c0e3d13 (commit) - Log - commit cde6145ba19a2fce039cf054a89e49f67c623c59 Author: David Woodhouse <david.woodho...@intel.com> Date: Fri Oct 14 00:26:38 2016 +0100 Add SSL_OP_NO_ENCRYPT_THEN_MAC Reviewed-by: Tim Hudson <t...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> commit e23d5071ec4c7aa6bb2b0f2c3e0fc2182ed7e63f Author: David Woodhouse <david.woodho...@intel.com> Date: Wed Oct 12 23:12:04 2016 +0100 Fix encrypt-then-mac implementation for DTLS OpenSSL 1.1.0 will negotiate EtM on DTLS but will then not actually *do* it. If we use DTLSv1.2 that will hopefully be harmless since we'll tend to use an AEAD ciphersuite anyway. But if we're using DTLSv1, then we certainly will end up using CBC, so EtM is relevant — and we fail to interoperate with anything that implements EtM correctly. Fixing it in HEAD and 1.1.0c will mean that 1.1.0[ab] are incompatible with 1.1.0c+... for the limited case of non-AEAD ciphers, where they're *already* incompatible with other implementations due to this bug anyway. That seems reasonable enough, so let's do it. The only alternative is just to turn it off for ever... which *still* leaves 1.0.0[ab] failing to communicate with non-OpenSSL implementations anyway. Tested against itself as well as against GnuTLS both with and without EtM. Reviewed-by: Tim Hudson <t...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> --- Summary of changes: doc/ssl/SSL_CTX_set_options.pod | 8 include/openssl/ssl.h | 2 ++ ssl/record/rec_layer_d1.c | 10 +- ssl/record/ssl3_record.c| 22 +- ssl/t1_lib.c| 14 +- 5 files changed, 49 insertions(+), 7 deletions(-) diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 635b470..63609f3 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -189,6 +189,14 @@ Allow legacy insecure renegotiation between OpenSSL and unpatched servers B: this option is currently set by default. See the B section for more details. +=item SSL_OP_NO_ENCRYPT_THEN_MAC + +Normally clients and servers will transparently attempt to negotiate the +RFC7366 Encrypt-then-MAC option on TLS and DTLS connection. + +If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension. + =back =head1 SECURE RENEGOTIATION diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e0d82f2..7e626e0 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -318,6 +318,8 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_NO_COMPRESSION 0x0002U /* Permit unsafe legacy renegotiation */ # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION0x0004U +/* Disable encrypt-then-mac */ +# define SSL_OP_NO_ENCRYPT_THEN_MAC 0x0008U /* Does nothing: retained for compatibility */ # define SSL_OP_SINGLE_ECDH_USE 0x0 /* Does nothing: retained for compatibility */ diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 1d16319..c9fd066 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -1094,7 +1094,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, * wb->buf */ -if (mac_size != 0) { +if (!SSL_USE_ETM(s) && mac_size != 0) { if (s->method->ssl3_enc->mac(s, , &(p[SSL3_RECORD_get_length() + eivlen]), 1) < 0) @@ -1112,6 +1112,14 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, if (s->method->ssl3_enc->enc(s, , 1, 1) < 1) goto err; +if (SSL_USE_ETM(s) && mac_size != 0) { +if (s->method->ssl3_enc->mac(s, , + &(p[SSL3_RECORD_get_length()]), + 1) < 0) +goto err; +SSL3_RECORD_add_length(, mac_size); +} + /* record length after mac and block padding */ /* * if (type == SSL3_RT_APPLICATION_DATA || (type == SSL3_RT_ALERT && ! diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 32a97af..3236166 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1314,6 +1314,26 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) rr->data = rr-&g
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via c028052c4cfc39dc99f735f1743b18867547129f (commit) from edc18749bd5dfb7e12513d3978f78f9b56104fd6 (commit) - Log - commit c028052c4cfc39dc99f735f1743b18867547129f Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 14 12:00:45 2016 + Revert "Fixed deadlock in CRYPTO_THREAD_run_once for Windows" This reverts commit edc18749bd5dfb7e12513d3978f78f9b56104fd6. The proposed fix is incorrect. It marks the "run_once" code as having finished before it has. The intended semantics of run_once is that no threads should proceed until the code has run exactly once. With this change the "second" thread will think the run_once code has already been run and will continue, even though it is still in progress. This could result in a crash or other incorrect behaviour. Reviewed-by: Tim Hudson <t...@openssl.org> --- Summary of changes: crypto/threads_win.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/threads_win.c b/crypto/threads_win.c index 5347c9e..4e0de90 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -78,8 +78,8 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) do { result = InterlockedCompareExchange(lock, ONCE_ININIT, ONCE_UNINITED); if (result == ONCE_UNINITED) { -*lock = ONCE_DONE; init(); +*lock = ONCE_DONE; return 1; } } while (result == ONCE_ININIT); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 1fda5bc435ada1c70f2d3342bb9db98ac5840dc9 (commit) from e72040c1dcd61d6669762a60924b8fa3a48c37fc (commit) - Log - commit 1fda5bc435ada1c70f2d3342bb9db98ac5840dc9 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 14 11:55:13 2016 + Revert "Fixed deadlock in CRYPTO_THREAD_run_once for Windows" This reverts commit 349d1cfddcfa33d352240582a3803f2eba39d9a0. The proposed fix is incorrect. It marks the "run_once" code as having finished before it has. The intended semantics of run_once is that no threads should proceed until the code has run exactly once. With this change the "second" thread will think the run_once code has already been run and will continue, even though it is still in progress. This could result in a crash or other incorrect behaviour. Reviewed-by: Tim Hudson <t...@openssl.org> --- Summary of changes: crypto/threads_win.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/threads_win.c b/crypto/threads_win.c index 5347c9e..4e0de90 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -78,8 +78,8 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) do { result = InterlockedCompareExchange(lock, ONCE_ININIT, ONCE_UNINITED); if (result == ONCE_UNINITED) { -*lock = ONCE_DONE; init(); +*lock = ONCE_DONE; return 1; } } while (result == ONCE_ININIT); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via efbe126e3ebb9123ac9d058aa2bb044261342aaa (commit) from 793d9b79033c2fffc8e781dab2fd678661b348cd (commit) - Log - commit efbe126e3ebb9123ac9d058aa2bb044261342aaa Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 22:12:40 2016 + Fix missing NULL checks in CKE processing Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/statem/statem_clnt.c | 9 + 1 file changed, 9 insertions(+) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index e90a63c..5ea0919 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2258,6 +2258,11 @@ static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al) return 0; } ckey = ssl_generate_pkey(skey); +if (ckey == NULL) { +SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); +return 0; +} + dh_clnt = EVP_PKEY_get0_DH(ckey); if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) { @@ -2296,6 +2301,10 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) } ckey = ssl_generate_pkey(skey); +if (ckey == NULL) { +SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR); +goto err; +} if (ssl_derive(s, ckey, skey) == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 884a790e17a22eed42f1fe41ccaebd8c1fe18902 (commit) via b599ce3b64b695cc7430f731a33e0f5bb83ae62c (commit) from 7acb8b64c32617788959aee2733ac14fd7b97e5f (commit) - Log - commit 884a790e17a22eed42f1fe41ccaebd8c1fe18902 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 22:12:56 2016 + Fix missing NULL checks in key_share processing Reviewed-by: Rich Salz <rs...@openssl.org> commit b599ce3b64b695cc7430f731a33e0f5bb83ae62c Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 22:12:40 2016 + Fix missing NULL checks in CKE processing Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/statem/statem_clnt.c | 7 +++ ssl/t1_lib.c | 9 + 2 files changed, 16 insertions(+) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index ba873ee..287d8ab 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2459,6 +2459,9 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt, int *al) goto err; ckey = ssl_generate_pkey(skey); +if (ckey == NULL) +goto err; + dh_clnt = EVP_PKEY_get0_DH(ckey); if (dh_clnt == NULL || ssl_derive(s, ckey, skey, 0) == 0) @@ -2496,6 +2499,10 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt, int *al) } ckey = ssl_generate_pkey(skey); +if (ckey == NULL) { +SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_MALLOC_FAILURE); +goto err; +} if (ssl_derive(s, ckey, skey, 0) == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3e592be..ce728b0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1538,6 +1538,10 @@ static int add_client_key_share_ext(SSL *s, WPACKET *pkt, int *al) } skey = ssl_generate_pkey(ckey); +if (skey == NULL) { +SSLerr(SSL_F_ADD_CLIENT_KEY_SHARE_EXT, ERR_R_MALLOC_FAILURE); +return 0; +} /* Generate encoding of server key */ encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, ); @@ -2778,6 +2782,11 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) } skey = ssl_generate_pkey(ckey); +if (skey == NULL) { +*al = SSL_AD_INTERNAL_ERROR; +SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); +return 0; +} if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(_pt), PACKET_remaining(_pt))) { *al = SSL_AD_DECODE_ERROR; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via fb83f20c30784aa863a0611fda5f09f488af463a (commit) from 6530c4909ffbf4fd655416cbd765b1e7174b9b83 (commit) - Log - commit fb83f20c30784aa863a0611fda5f09f488af463a Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 17 11:12:20 2016 + Update tls13secretstest to use the new simpler test framework Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: test/build.info | 2 +- test/tls13secretstest.c | 24 ++-- 2 files changed, 3 insertions(+), 23 deletions(-) diff --git a/test/build.info b/test/build.info index 31fa67d..16c32ad 100644 --- a/test/build.info +++ b/test/build.info @@ -356,7 +356,7 @@ IF[{- !$disabled{tests} -}] # build IF[{- !$disabled{shared} -}] PROGRAMS_NO_INST=tls13secretstest -SOURCE[tls13secretstest]=tls13secretstest.c testutil.c +SOURCE[tls13secretstest]=tls13secretstest.c testutil.c test_main.c SOURCE[tls13secretstest]= ../ssl/tls13_enc.c ../ssl/packet.c INCLUDE[tls13secretstest]=.. ../include DEPEND[tls13secretstest]=../libcrypto ../libssl diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index ccb8a12..8734f2a 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -12,6 +12,7 @@ #include "../ssl/ssl_locl.h" #include "testutil.h" +#include "test_main.h" #define IVLEN 12 #define KEYLEN 16 @@ -342,28 +343,7 @@ static int test_handshake_secrets(void) return ret; } -int main(int argc, char *argv[]) +void register_tests() { -BIO *err = NULL; -int testresult = 1; - -err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - -CRYPTO_set_mem_debug(1); -CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - ADD_TEST(test_handshake_secrets); - -testresult = run_tests(argv[0]); - -#ifndef OPENSSL_NO_CRYPTO_MDEBUG -if (CRYPTO_mem_leaks(err) <= 0) -testresult = 1; -#endif -BIO_free(err); - -if (!testresult) -fprintf(stderr, "PASS\n"); - -return testresult; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 6530c4909ffbf4fd655416cbd765b1e7174b9b83 (commit) via f5ca0b04bbc98b5b8a41f5cd7b4ee35e345c1e6c (commit) via c805f6189e7384d8f27e82c09ee8cae202ade876 (commit) via cc24a22b83d8cc210b9c279f185b79f0875817c1 (commit) via acf65ae5c852c8d05b5d3af263f29dd5115f556b (commit) via c11237c23e9f60cecdb899580b7b9ffb88614a7e (commit) via 20b65c7bdd9ca34c497624d1d07edd433be88a83 (commit) via 5abeaf3596210d8cc0be1edf7a0a772b7e2c7e6f (commit) via 7776a36cfa5853175a858fa32983f22f36513171 (commit) via 9970290e1d984bf8cc1dce7093bca915062cfdd7 (commit) via 6484776f177b38dd668618a75bee58674ca42578 (commit) via 92760c21e62c6e5ef172fa110cf47a509cd50f2f (commit) via 0d9824c1712b6cacd9b0ecfba26fb66ae4badfb4 (commit) via 9362c93ebc5b14bf18e82cdebf380ccc52f3d92f (commit) from 82c9c030173898b9536a1c8da4e49b4b19251dbd (commit) - Log - commit 6530c4909ffbf4fd655416cbd765b1e7174b9b83 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 15:38:32 2016 + Fix some style issues with TLSv1.3 state machine PR Reviewed-by: Rich Salz <rs...@openssl.org> commit f5ca0b04bbc98b5b8a41f5cd7b4ee35e345c1e6c Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 21 12:10:35 2016 + Fix some style issues identified during review Reviewed-by: Rich Salz <rs...@openssl.org> commit c805f6189e7384d8f27e82c09ee8cae202ade876 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 21 13:24:50 2016 + Fix SSL_IS_TLS13(s) The SSL_IS_TLS13() macro wasn't quite right. It would come back with true in the case where we haven't yet negotiated TLSv1.3, but it could be negotiated. Reviewed-by: Rich Salz <rs...@openssl.org> commit cc24a22b83d8cc210b9c279f185b79f0875817c1 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 15 14:53:37 2016 + Extend test_tls13messages Add various different handshake types that are possible. Reviewed-by: Rich Salz <rs...@openssl.org> commit acf65ae5c852c8d05b5d3af263f29dd5115f556b Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 15 14:22:29 2016 + Add an s_server capability to read an OCSP Response from a file Current s_server can only get an OCSP Response from an OCSP responder. This provides the capability to instead get the OCSP Response from a DER encoded file. This should make testing of OCSP easier. Reviewed-by: Rich Salz <rs...@openssl.org> commit c11237c23e9f60cecdb899580b7b9ffb88614a7e Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 15 13:26:12 2016 + Add a test for the TLSv1.3 state machine Reviewed-by: Rich Salz <rs...@openssl.org> commit 20b65c7bdd9ca34c497624d1d07edd433be88a83 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 15 11:09:25 2016 + Fix some TLSProxy warnings After the client processes the server's initial flight in TLS1.3 it may respond with either an encrypted, or an unencrypted alert. We needed to teach TLSProxy about this so that it didn't issue spurious warnings. Reviewed-by: Rich Salz <rs...@openssl.org> commit 5abeaf3596210d8cc0be1edf7a0a772b7e2c7e6f Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 15 10:30:34 2016 + Ensure unexpected messages are handled consistently In one case we weren't always sending an unexpected message alert if we don't get what we expect. Reviewed-by: Rich Salz <rs...@openssl.org> commit 7776a36cfa5853175a858fa32983f22f36513171 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 15 10:13:09 2016 + Ensure the end of first server flight processing is done There is a set of miscellaneous processing for OCSP, CT etc at the end of the ServerDone processing. In TLS1.3 we don't have a ServerDone, so this needs to move elsewhere. Reviewed-by: Rich Salz <rs...@openssl.org> commit 9970290e1d984bf8cc1dce7093bca915062cfdd7 Author: Matt Caswell <m...@openssl.org> Date: Fri Nov 11 16:22:19 2016 + Fix the tests following the state machine changes for TLSv1.3 Reviewed-by: Rich Salz <rs...@openssl.org> commit 6484776f177b38dd668618a75bee58674ca42578 Author: Matt Caswell <m...@openssl.org> Date: Fri Nov 11 00:20:19 2016 + Create the Finished message payload The previous commit had a dummy payload for the Finished data. This commit fills it in with a real value. Reviewed-by: Rich Salz <rs...@openssl.org> commit 92760c21e62c6e5ef172fa110cf47a509cd50f2f Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 9 14:06:12 2016 + Update state machine to be closer to TLS1.3
[openssl-commits] [openssl] master update
The branch master has been updated via 902d036c149c4d723b501bf09b327b2b4e2182af (commit) via 5d8ce306349aabcf40da0324242025aac3cc56e4 (commit) from fb83f20c30784aa863a0611fda5f09f488af463a (commit) - Log - commit 902d036c149c4d723b501bf09b327b2b4e2182af Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 16:09:30 2016 + Fix a double ;; causing a travis failure Reviewed-by: Rich Salz <rs...@openssl.org> commit 5d8ce306349aabcf40da0324242025aac3cc56e4 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 16:06:46 2016 + Fix an uninit variable usage Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/tls13_enc.c| 2 +- test/asynciotest.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index f8ccdec..b5306eb 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -289,7 +289,7 @@ int tls13_change_cipher_state(SSL *s, int which) unsigned char *insecret; unsigned char *finsecret = NULL; EVP_CIPHER_CTX *ciph_ctx; -const EVP_CIPHER *ciph = s->s3->tmp.new_sym_enc;; +const EVP_CIPHER *ciph = s->s3->tmp.new_sym_enc; size_t ivlen, keylen, finsecretlen; const unsigned char *label; size_t labellen; diff --git a/test/asynciotest.c b/test/asynciotest.c index d7b1dd3..e147472 100644 --- a/test/asynciotest.c +++ b/test/asynciotest.c @@ -144,7 +144,7 @@ static int async_write(BIO *bio, const char *in, int inl) while (PACKET_remaining() > 0) { PACKET payload, wholebody; unsigned int contenttype, versionhi, versionlo, data; -unsigned int msgtype = 0, negversion; +unsigned int msgtype = 0, negversion = 0; if ( !PACKET_get_1(, ) || !PACKET_get_1(, ) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7acb8b64c32617788959aee2733ac14fd7b97e5f (commit) via 66889e43997d5eaa6a0b66db23adae6d0ee5ba53 (commit) from 902d036c149c4d723b501bf09b327b2b4e2182af (commit) - Log - commit 7acb8b64c32617788959aee2733ac14fd7b97e5f Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 13:56:15 2016 + Use ClientHello.legacy_version for the RSA pre-master no matter what Don't use what is in supported_versions for the RSA pre-master Reviewed-by: Emilia Käsper <emi...@openssl.org> commit 66889e43997d5eaa6a0b66db23adae6d0ee5ba53 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 13:55:35 2016 + Fix some defines in ossl_shim ossl_shim had some TLS1.3 defines that are now in ssl.h so need to be removed. Reviewed-by: Emilia Käsper <emi...@openssl.org> --- Summary of changes: ssl/ssl_locl.h| 5 - ssl/statem/statem_clnt.c | 4 +--- ssl/statem/statem_lib.c | 12 test/ossl_shim/include/openssl/base.h | 4 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index d269595..e909cad 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1020,7 +1020,10 @@ struct ssl_st { int max_proto_version; size_t max_cert_list; int first_packet; -/* what was passed, used for SSLv3/TLS rollback check */ +/* + * What was passed in ClientHello.legacy_version. Used for RSA pre-master + * secret and SSLv3/TLS (<=1.2) rollback check + */ int client_version; /* * If we're using more than one pipeline how should we divide the data diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 1f4e630..ba873ee 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -849,7 +849,6 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) SSL_COMP *comp; #endif SSL_SESSION *sess = s->session; -int client_version; if (!WPACKET_set_max_size(pkt, SSL3_RT_MAX_PLAIN_LENGTH)) { /* Should not happen */ @@ -930,8 +929,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) * For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the * supported_versions extension for the real supported versions. */ -client_version = SSL_IS_TLS13(s) ? TLS1_2_VERSION : s->client_version; -if (!WPACKET_put_bytes_u16(pkt, client_version) +if (!WPACKET_put_bytes_u16(pkt, s->client_version) || !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) { SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); return 0; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index a971c51..a736a09 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1077,8 +1077,6 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello) * wheter to ignore versions s->client_version) -s->client_version = candidate_vers; if (version_cmp(s, candidate_vers, best_vers) <= 0) continue; for (vent = table; @@ -1299,7 +1297,7 @@ int ssl_get_client_min_max_version(const SSL *s, int *min_version, /* * ssl_set_client_hello_version - Work out what version we should be using for - * the initial ClientHello. + * the initial ClientHello.legacy_version field. * * @s: client SSL handle. * @@ -1314,6 +1312,12 @@ int ssl_set_client_hello_version(SSL *s) if (ret != 0) return ret; -s->client_version = s->version = ver_max; +s->version = ver_max; + +/* TLS1.3 always uses TLS1.2 in the legacy_version field */ +if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION) +ver_max = TLS1_2_VERSION; + +s->client_version = ver_max; return 0; } diff --git a/test/ossl_shim/include/openssl/base.h b/test/ossl_shim/include/openssl/base.h index 755d520..7349273 100644 --- a/test/ossl_shim/include/openssl/base.h +++ b/test/ossl_shim/include/openssl/base.h @@ -62,10 +62,6 @@ # define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) -/* Temporary TLS1.3 defines until OpenSSL supports these */ -# define TLS1_3_VERSION 0x0304 -# define SSL_OP_NO_TLSv1_3 0 - extern "C++" { #include _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via e15c45fb22eca69d0faffb91d4c501e11837d376 (commit) from efbe126e3ebb9123ac9d058aa2bb044261342aaa (commit) - Log - commit e15c45fb22eca69d0faffb91d4c501e11837d376 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 22:55:13 2016 + Fix a missing function prototype in AFALG engine Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit a1fd1fb241069cc987d0d2cf13880bd16cada3c9) --- Summary of changes: engines/afalg/e_afalg.c | 1 + 1 file changed, 1 insertion(+) diff --git a/engines/afalg/e_afalg.c b/engines/afalg/e_afalg.c index 658de42..8e019d4 100644 --- a/engines/afalg/e_afalg.c +++ b/engines/afalg/e_afalg.c @@ -28,6 +28,7 @@ !defined(AF_ALG) # warning "AFALG ENGINE requires Kernel Headers >= 4.1.0" # warning "Skipping Compilation of AFALG engine" +void engine_load_afalg_int(void); void engine_load_afalg_int(void) { } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via a1fd1fb241069cc987d0d2cf13880bd16cada3c9 (commit) from 884a790e17a22eed42f1fe41ccaebd8c1fe18902 (commit) - Log - commit a1fd1fb241069cc987d0d2cf13880bd16cada3c9 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 22:55:13 2016 + Fix a missing function prototype in AFALG engine Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: engines/afalg/e_afalg.c | 1 + 1 file changed, 1 insertion(+) diff --git a/engines/afalg/e_afalg.c b/engines/afalg/e_afalg.c index 658de42..8e019d4 100644 --- a/engines/afalg/e_afalg.c +++ b/engines/afalg/e_afalg.c @@ -28,6 +28,7 @@ !defined(AF_ALG) # warning "AFALG ENGINE requires Kernel Headers >= 4.1.0" # warning "Skipping Compilation of AFALG engine" +void engine_load_afalg_int(void); void engine_load_afalg_int(void) { } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 0528f253c7eaaaca59870acf07249a726b89f7e5 (commit) via f231b4e7a651713c2a792c71b30aa0398d14b9f1 (commit) from ab29eca645cdb38ffe73d141bbd7c6879b602860 (commit) - Log - commit 0528f253c7eaaaca59870acf07249a726b89f7e5 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 24 09:22:49 2016 + Fix a bogus uninit var warning Reviewed-by: Richard Levitte <levi...@openssl.org> commit f231b4e7a651713c2a792c71b30aa0398d14b9f1 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 24 09:19:04 2016 + Fix a warning about an uninit var Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: ssl/tls13_enc.c| 2 +- test/clienthellotest.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index b5306eb..698b9be 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -290,7 +290,7 @@ int tls13_change_cipher_state(SSL *s, int which) unsigned char *finsecret = NULL; EVP_CIPHER_CTX *ciph_ctx; const EVP_CIPHER *ciph = s->s3->tmp.new_sym_enc; -size_t ivlen, keylen, finsecretlen; +size_t ivlen, keylen, finsecretlen = 0; const unsigned char *label; size_t labellen; int ret = 0; diff --git a/test/clienthellotest.c b/test/clienthellotest.c index 61e81c3..718b582 100644 --- a/test/clienthellotest.c +++ b/test/clienthellotest.c @@ -32,7 +32,7 @@ int main(int argc, char *argv[]) { SSL_CTX *ctx; -SSL *con; +SSL *con = NULL; BIO *rbio; BIO *wbio; BIO *err; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 657a43f6629cf5296a55731af5fd80f6602679cf (commit) from 86ff6cc6b2f2718fadbdc2a2c7add51949bcd4a4 (commit) - Log - commit 657a43f6629cf5296a55731af5fd80f6602679cf Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 16 10:22:38 2016 + Fix missing SSL_IS_TLS13(s) usage We should use the macro for testing if we are using TLSv1.3 rather than checking s->version directly. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/record/ssl3_record.c | 2 +- ssl/statem/statem_srvr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 181ebbb..d106e38 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -205,7 +205,7 @@ int ssl3_get_record(SSL *s) n2s(p, rr[num_recs].length); /* Lets check version. In TLSv1.3 we ignore this field */ -if (!s->first_packet && s->version != TLS1_3_VERSION +if (!s->first_packet && !SSL_IS_TLS13(s) && version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 3c4d6ee..97ecbcd 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1445,7 +1445,7 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) } /* Check we've got a key_share for TLSv1.3 */ -if (s->version == TLS1_3_VERSION && s->s3->peer_tmp == NULL && !s->hit) { +if (SSL_IS_TLS13(s) && s->s3->peer_tmp == NULL && !s->hit) { /* No suitable share */ /* TODO(TLS1.3): Send a HelloRetryRequest */ al = SSL_AD_HANDSHAKE_FAILURE; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 395cc5cdbef001c9886719bd31dbe48bad839b5c (commit) via 9a5198808ae0dffd4459039bd3fc96fcfc3eeaf1 (commit) via 94ed2c6739754d13306fe510bb8bc19c2ad42749 (commit) via 5a8e54d9dc99dcc54b10e78ba0901e185fd2f77d (commit) via 323f212aa792904b7312d22f6107e9546a41faa4 (commit) via 2ee1271d8ff95d6a5036b37f7f03e1ae14436eeb (commit) via ef7daaf915d7e0b7b48027f9ac4d47493adef0bb (commit) via 0f1e51ea115beef8a5fdd80d5a6c13ee289f980a (commit) via c87386a2cd586368a61d86ede03319f910d050f4 (commit) via d7c42d71ba407a4b3c26ed58263ae225976bbac3 (commit) via bcec335856233cbcea4d96e3d43e1b43b8fe4182 (commit) via d6d0bcddd9e7e16f413b307df4256f349e1d02cf (commit) via b1834ad781ee445f5f580e5dcf4792b96ae08d1d (commit) via d2c27a28c068188c1bda5109d228d94f868d06af (commit) from 78e09b53a40729f5e99829ccc733b592bd22fea1 (commit) - Log - commit 395cc5cdbef001c9886719bd31dbe48bad839b5c Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 15 17:50:48 2016 + Fix a typo in a comment Reviewed-by: Rich Salz <rs...@openssl.org> commit 9a5198808ae0dffd4459039bd3fc96fcfc3eeaf1 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 15 17:50:08 2016 + Move getting the curvelist for client and server out of the loop No need to continually get the list of supported curves for the client and server. Just do it once. Reviewed-by: Rich Salz <rs...@openssl.org> commit 94ed2c6739754d13306fe510bb8bc19c2ad42749 Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 14 14:53:31 2016 + Fixed various style issues in the key_share code Numerous style issues as well as references to TLS1_3_VERSION instead of SSL_IS_TLS13(s) Reviewed-by: Rich Salz <rs...@openssl.org> commit 5a8e54d9dc99dcc54b10e78ba0901e185fd2f77d Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 3 18:51:28 2016 + Add some tests for the key_share extension Reviewed-by: Rich Salz <rs...@openssl.org> commit 323f212aa792904b7312d22f6107e9546a41faa4 Author: Matt Caswell <m...@openssl.org> Date: Fri Nov 4 09:49:16 2016 + Check key_exchange data length is not 0 Reviewed-by: Rich Salz <rs...@openssl.org> commit 2ee1271d8ff95d6a5036b37f7f03e1ae14436eeb Author: Matt Caswell <m...@openssl.org> Date: Fri Nov 4 00:07:50 2016 + Ensure the whole key_share extension is well formatted Reviewed-by: Rich Salz <rs...@openssl.org> commit ef7daaf915d7e0b7b48027f9ac4d47493adef0bb Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 3 18:50:41 2016 + Validate that the provided key_share is in supported_groups Reviewed-by: Rich Salz <rs...@openssl.org> commit 0f1e51ea115beef8a5fdd80d5a6c13ee289f980a Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 15:03:56 2016 + Start using the key_share data to derive the PMS The previous commits put in place the logic to exchange key_share data. We now need to do something with that information. In <= TLSv1.2 the equivalent of the key_share extension is the ServerKeyExchange and ClientKeyExchange messages. With key_share those two messages are no longer necessary. The commit removes the SKE and CKE messages from the TLSv1.3 state machine. TLSv1.3 is completely different to TLSv1.2 in the messages that it sends and the transitions that are allowed. Therefore, rather than extend the existing <=TLS1.2 state transition functions, we create a whole new set for TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time they will be amended. The new TLSv1.3 transitions remove SKE and CKE completely. There's also some cleanup for some stuff which is not relevant to TLSv1.3 and is easy to remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN. I also disable EXTMS for TLSv1.3. Using it was causing some added complexity, so rather than fix it I removed it, since eventually it will not be needed anyway. Reviewed-by: Rich Salz <rs...@openssl.org> commit c87386a2cd586368a61d86ede03319f910d050f4 Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 3 15:05:27 2016 + Add a TLS version consistency check during session resumption This is a temporary fix for while we are still using the old session resumption logic in the TLSv1.3 code. Due to differences in EXTMS support we can't resume a <=TLSv1.2 session in a TLSv1.3 connection (the EXTMS consistency check causes the connection to abort). This causes test failures. Ultimately we will rewrite the session resumption logic for TLSv1.3 so this problem wi
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via b5c8f42c9b9fce5d1b14866306e7a11e16275942 (commit) from d18afb5bf29dc3b81b5f7a9eda2abde35041a441 (commit) - Log - commit b5c8f42c9b9fce5d1b14866306e7a11e16275942 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 15 16:31:26 2016 + Remove a hack from ssl_test_old ssl_test_old was reaching inside the SSL structure and changing the internal BIO values. This is completely unneccessary, and was causing an abort in the test when enabling TLSv1.3. I also removed the need for ssl_test_old to include ssl_locl.h. This required the addition of some missing accessors for SSL_COMP name and id fields. Reviewed-by: Rich Salz <rs...@openssl.org> (cherry picked from commit e304d3e20f45243f9e643607edfe4db49c329596) --- Summary of changes: doc/ssl/SSL_COMP_add_compression_method.pod | 22 ++- include/openssl/ssl.h | 2 ++ ssl/ssl_ciph.c | 18 + test/ssltest_old.c | 42 +++-- util/libssl.num | 2 ++ 5 files changed, 65 insertions(+), 21 deletions(-) diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod index c455832..15929df 100644 --- a/doc/ssl/SSL_COMP_add_compression_method.pod +++ b/doc/ssl/SSL_COMP_add_compression_method.pod @@ -2,13 +2,18 @@ =head1 NAME -SSL_COMP_add_compression_method, SSL_COMP_free_compression_methods - handle SSL/TLS integrated compression methods +SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, +SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods +- handle SSL/TLS integrated compression methods =head1 SYNOPSIS #include int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); + const char *SSL_COMP_get0_name(const SSL_COMP *comp); + int SSL_COMP_get_id(const SSL_COMP *comp); Deprecated: @@ -23,6 +28,13 @@ the identifier B to the list of available compression methods. This list is globally maintained for all SSL operations within this application. It cannot be set for specific SSL_CTX or SSL objects. +SSL_COMP_get_compression_methods() returns a stack of all of the available +compression methods or NULL on error. + +SSL_COMP_get0_name() returns the name of the compression method B. + +SSL_COMP_get_id() returns the id of the compression method B. + In versions of OpenSSL prior to 1.1.0 SSL_COMP_free_compression_methods() freed the internal table of compression methods that were built internally, and possibly augmented by adding SSL_COMP_add_compression_method(). However this is @@ -76,6 +88,13 @@ The operation failed. Check the error queue to find out the reason. =back +SSL_COMP_get_compression_methods() returns the stack of compressions methods or +NULL on error. + +SSL_COMP_get0_name() returns the name of the compression method or NULL on error. + +SSL_COMP_get_id() returns the name of the compression method or -1 on error. + =head1 SEE ALSO L<ssl(3)> @@ -83,6 +102,7 @@ L<ssl(3)> =head1 HISTORY SSL_COMP_free_compression_methods() was deprecated in OpenSSL 1.1.0. +SSL_COMP_get0_name() and SSL_comp_get_id() were added in OpenSSL 1.1.0d. =head1 COPYRIGHT diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 86ab912..ccb2d35 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1777,6 +1777,8 @@ void SSL_set_tmp_dh_callback(SSL *ssl, __owur const COMP_METHOD *SSL_get_current_compression(SSL *s); __owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); __owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); +__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); +__owur int SSL_COMP_get_id(const SSL_COMP *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 0d46509..99b64bb 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1868,6 +1868,24 @@ const char *SSL_COMP_get_name(const COMP_METHOD *comp) #endif } +const char *SSL_COMP_get0_name(const SSL_COMP *comp) +{ +#ifndef OPENSSL_NO_COMP +return comp->name; +#else +return NULL; +#endif +} + +int SSL_COMP_get_id(const SSL_COMP *comp) +{ +#ifndef OPENSSL_NO_COMP +return comp->id; +#else +return -1; +#endif +} + /* For a cipher return the index corresponding to the certificate type */ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) { diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 6a5cd70..ccb2edb 100644 --- a/test/ssltest_
[openssl-commits] [openssl] master update
The branch master has been updated via 5a2443aee4c1bf583d19a2c5f68b87b52dcece7f (commit) from 395cc5cdbef001c9886719bd31dbe48bad839b5c (commit) - Log - commit 5a2443aee4c1bf583d19a2c5f68b87b52dcece7f Author: Matt Caswell <m...@openssl.org> Date: Mon Nov 14 11:37:36 2016 + Add SSL_peek() and SSL_peek_ex() to NAME section Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: doc/man3/SSL_read.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index f1c898a..e2490d4 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -2,7 +2,8 @@ =head1 NAME -SSL_read_ex, SSL_read - read bytes from a TLS/SSL connection +SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek +- read bytes from a TLS/SSL connection =head1 SYNOPSIS _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f43cb3f809b88c847a98b45676a8cf6d80388776 (commit) from e304d3e20f45243f9e643607edfe4db49c329596 (commit) - Log - commit f43cb3f809b88c847a98b45676a8cf6d80388776 Author: Matt Caswell <m...@openssl.org> Date: Tue Nov 15 16:49:37 2016 + Fix a "defined but not used" warning when enabling ssl-trace Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/t1_trce.c | 5 - 1 file changed, 5 deletions(-) diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 42cf2be..421d90d 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -528,11 +528,6 @@ static ssl_trace_tbl ssl_sig_tbl[] = { {TLSEXT_signature_gostr34102012_512, "gost2012_512"} }; -static ssl_trace_tbl ssl_hb_tbl[] = { -{1, "peer_allowed_to_send"}, -{2, "peer_not_allowed_to_send"} -}; - static ssl_trace_tbl ssl_ctype_tbl[] = { {1, "rsa_sign"}, {2, "dss_sign"}, _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via ad69a30323cbc6723c2387d6ce546a51b10c42d0 (commit) from ba2bf831c0f0b3468acbd433957f4c46c20cf43d (commit) - Log - commit ad69a30323cbc6723c2387d6ce546a51b10c42d0 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 15:36:06 2016 + Fix heartbeat_test The heartbeat_test reaches into the internals of libssl and calls some internal functions. It then checks the return value to check its what it expected. However commit fa4c37457 changed the return value of these internal functions, and now the test is failing. The solution is to update the test to look for the new return value. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: ssl/heartbeat_test.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl/heartbeat_test.c b/ssl/heartbeat_test.c index 7623c36..493bf0c 100644 --- a/ssl/heartbeat_test.c +++ b/ssl/heartbeat_test.c @@ -278,7 +278,7 @@ static int test_dtls1_not_bleeding() fixture.payload = _buf[0]; fixture.sent_payload_len = payload_buf_len; -fixture.expected_return_value = 0; +fixture.expected_return_value = -1; fixture.expected_payload_len = payload_buf_len; fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding"; @@ -301,7 +301,7 @@ static int test_dtls1_not_bleeding_empty_payload() fixture.payload = _buf[0]; fixture.sent_payload_len = payload_buf_len; -fixture.expected_return_value = 0; +fixture.expected_return_value = -1; fixture.expected_payload_len = payload_buf_len; fixture.expected_return_payload = ""; EXECUTE_HEARTBEAT_TEST(); @@ -370,7 +370,7 @@ static int test_tls1_not_bleeding() fixture.payload = _buf[0]; fixture.sent_payload_len = payload_buf_len; -fixture.expected_return_value = 0; +fixture.expected_return_value = -1; fixture.expected_payload_len = payload_buf_len; fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding"; @@ -393,7 +393,7 @@ static int test_tls1_not_bleeding_empty_payload() fixture.payload = _buf[0]; fixture.sent_payload_len = payload_buf_len; -fixture.expected_return_value = 0; +fixture.expected_return_value = -1; fixture.expected_payload_len = payload_buf_len; fixture.expected_return_payload = ""; EXECUTE_HEARTBEAT_TEST(); _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7856332e8c14fd1da1811a9d0afde243dd0f4669 (commit) via a7faa6da317887e14e8e28254a83555983ed6ca7 (commit) from 8aefa08cfbc7db7cc10765ee9684090e37983f45 (commit) - Log - commit 7856332e8c14fd1da1811a9d0afde243dd0f4669 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 10:44:15 2016 + Add a read_ahead test This test checks that read_ahead works correctly when dealing with large records. Reviewed-by: Richard Levitte <levi...@openssl.org> commit a7faa6da317887e14e8e28254a83555983ed6ca7 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 10:34:12 2016 + Fix read_ahead The function ssl3_read_n() takes a parameter |clearold| which, if set, causes any old data in the read buffer to be forgotten, and any unread data to be moved to the start of the buffer. This is supposed to happen when we first read the record header. However, the data move was only taking place if there was not already sufficient data in the buffer to satisfy the request. If read_ahead is set then the record header could be in the buffer already from when we read the preceding record. So with read_ahead we can get into a situation where even though |clearold| is set, the data does not get moved to the start of the read buffer when we read the record header. This means there is insufficient room in the read buffer to consume the rest of the record body, resulting in an internal error. This commit moves the |clearold| processing to earlier in ssl3_read_n() to ensure that it always takes place. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: ssl/record/rec_layer_s3.c | 24 test/sslapitest.c | 26 +++--- 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 9c8c23c..4535f89 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -241,6 +241,18 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) /* ... now we can act as if 'extend' was set */ } +len = s->rlayer.packet_length; +pkt = rb->buf + align; +/* + * Move any available bytes to front of buffer: 'len' bytes already + * pointed to by 'packet', 'left' extra ones at the end + */ +if (s->rlayer.packet != pkt && clearold == 1) { +memmove(pkt, s->rlayer.packet, len + left); +s->rlayer.packet = pkt; +rb->offset = len + align; +} + /* * For DTLS/UDP reads should not span multiple packets because the read * operation returns the whole packet at once (as long as it fits into @@ -263,18 +275,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) /* else we need to read more data */ -len = s->rlayer.packet_length; -pkt = rb->buf + align; -/* - * Move any available bytes to front of buffer: 'len' bytes already - * pointed to by 'packet', 'left' extra ones at the end - */ -if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */ -memmove(pkt, s->rlayer.packet, len + left); -s->rlayer.packet = pkt; -rb->offset = len + align; -} - if (n > (int)(rb->len - rb->offset)) { /* does not happen */ SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); return -1; diff --git a/test/sslapitest.c b/test/sslapitest.c index 4d22d8e..a78b060 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -31,7 +31,7 @@ static X509 *ocspcert = NULL; #define NUM_EXTRA_CERTS 40 static int execute_test_large_message(const SSL_METHOD *smeth, - const SSL_METHOD *cmeth) + const SSL_METHOD *cmeth, int read_ahead) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -59,6 +59,14 @@ static int execute_test_large_message(const SSL_METHOD *smeth, goto end; } +if(read_ahead) { +/* + * Test that read_ahead works correctly when dealing with large + * records + */ +SSL_CTX_set_read_ahead(cctx, 1); +} + /* * We assume the supplied certificate is big enough so that if we add * NUM_EXTRA_CERTS it will make the overall message large enough. The @@ -105,14 +113,25 @@ static int execute_test_large_message(const SSL_METHOD *smeth, static int test_large_message_tls(void) { -return execute_test_large_message(TLS_server_method(), TLS_client_method()); +return execute_test_large_message(TLS_server_method(), TLS_client_method(), +
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 3f99bfed678b09110fda82bc6896fd45eb0b376c (commit) via 0f6c9d73cb1e1027c67d993a669719e351c25cfc (commit) from a95a0219a887611ad8e246e33c086255df771072 (commit) - Log - commit 3f99bfed678b09110fda82bc6896fd45eb0b376c Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 10:44:15 2016 + Add a read_ahead test This test checks that read_ahead works correctly when dealing with large records. Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit 7856332e8c14fd1da1811a9d0afde243dd0f4669) commit 0f6c9d73cb1e1027c67d993a669719e351c25cfc Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 10:34:12 2016 + Fix read_ahead The function ssl3_read_n() takes a parameter |clearold| which, if set, causes any old data in the read buffer to be forgotten, and any unread data to be moved to the start of the buffer. This is supposed to happen when we first read the record header. However, the data move was only taking place if there was not already sufficient data in the buffer to satisfy the request. If read_ahead is set then the record header could be in the buffer already from when we read the preceding record. So with read_ahead we can get into a situation where even though |clearold| is set, the data does not get moved to the start of the read buffer when we read the record header. This means there is insufficient room in the read buffer to consume the rest of the record body, resulting in an internal error. This commit moves the |clearold| processing to earlier in ssl3_read_n() to ensure that it always takes place. Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit a7faa6da317887e14e8e28254a83555983ed6ca7) --- Summary of changes: ssl/record/rec_layer_s3.c | 24 test/sslapitest.c | 26 +++--- 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 9c8c23c..4535f89 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -241,6 +241,18 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) /* ... now we can act as if 'extend' was set */ } +len = s->rlayer.packet_length; +pkt = rb->buf + align; +/* + * Move any available bytes to front of buffer: 'len' bytes already + * pointed to by 'packet', 'left' extra ones at the end + */ +if (s->rlayer.packet != pkt && clearold == 1) { +memmove(pkt, s->rlayer.packet, len + left); +s->rlayer.packet = pkt; +rb->offset = len + align; +} + /* * For DTLS/UDP reads should not span multiple packets because the read * operation returns the whole packet at once (as long as it fits into @@ -263,18 +275,6 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) /* else we need to read more data */ -len = s->rlayer.packet_length; -pkt = rb->buf + align; -/* - * Move any available bytes to front of buffer: 'len' bytes already - * pointed to by 'packet', 'left' extra ones at the end - */ -if (s->rlayer.packet != pkt && clearold == 1) { /* len > 0 */ -memmove(pkt, s->rlayer.packet, len + left); -s->rlayer.packet = pkt; -rb->offset = len + align; -} - if (n > (int)(rb->len - rb->offset)) { /* does not happen */ SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR); return -1; diff --git a/test/sslapitest.c b/test/sslapitest.c index 495bf26..90326d9 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -33,7 +33,7 @@ static X509 *ocspcert = NULL; #define NUM_EXTRA_CERTS 40 static int execute_test_large_message(const SSL_METHOD *smeth, - const SSL_METHOD *cmeth) + const SSL_METHOD *cmeth, int read_ahead) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -61,6 +61,14 @@ static int execute_test_large_message(const SSL_METHOD *smeth, goto end; } +if(read_ahead) { +/* + * Test that read_ahead works correctly when dealing with large + * records + */ +SSL_CTX_set_read_ahead(cctx, 1); +} + /* * We assume the supplied certificate is big enough so that if we add * NUM_EXTRA_CERTS it will make the overall message large enough. The @@ -107,14 +115,25 @@ static int execute_test_large_message(const SSL_METHOD *smeth, static int test_large_message_tls(void) { -return execute_test_large_me
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 0b9c5da0fd9c53a9a6193f9d48da86c83a4935d6 (commit) via a520723f29aac6598ff0d69e34f5e9b88213e511 (commit) via 83a1d4b2011ff3a7798250902bdacbca6e1766c0 (commit) from 57aa2f154e3e0f427be59497f58092dd3ec0528a (commit) - Log - commit 0b9c5da0fd9c53a9a6193f9d48da86c83a4935d6 Author: Matt Caswell <m...@openssl.org> Date: Tue Oct 25 11:10:56 2016 +0100 Implement length checks as a macro Replace the various length checks in the extension code with a macro to simplify the logic. Reviewed-by: Rich Salz <rs...@openssl.org> commit a520723f29aac6598ff0d69e34f5e9b88213e511 Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 14 13:07:00 2016 +0100 Ensure we have length checks for all extensions The previous commit inspired a review of all the length checks for the extension adding code. This adds more robust checks and adds checks where some were missing previously. The real solution for this is to use WPACKET which is currently in master - but that cannot be applied to release branches. Reviewed-by: Rich Salz <rs...@openssl.org> commit 83a1d4b2011ff3a7798250902bdacbca6e1766c0 Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 14 11:49:06 2016 +0100 Fix length check writing status request extension The status request extension did not correctly check its length, meaning that writing the extension could go 2 bytes beyond the buffer size. In practice this makes little difference because, due to logic in buffer.c the buffer is actually over allocated by approximately 5k! Issue reported by Guido Vranken. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/t1_lib.c | 206 --- 1 file changed, 154 insertions(+), 52 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 7831046..69706be 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -132,6 +132,9 @@ static int ssl_check_clienthello_tlsext_early(SSL *s); int ssl_check_serverhello_tlsext(SSL *s); #endif +#define CHECKLEN(curr, val, limit) \ +(((curr) >= (limit)) || (size_t)((limit) - (curr)) < (size_t)(val)) + SSL3_ENC_METHOD TLSv1_enc_data = { tls1_enc, tls1_mac, @@ -1263,8 +1266,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, if (s->tlsext_hostname != NULL) { /* Add TLS extension servername to the Client Hello message */ -unsigned long size_str; -long lenmax; +size_t size_str; /*- * check for enough space. @@ -1274,10 +1276,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, * 2 for hostname length * + hostname length */ - -if ((lenmax = limit - ret - 9) < 0 -|| (size_str = -strlen(s->tlsext_hostname)) > (unsigned long)lenmax) +size_str = strlen(s->tlsext_hostname); +if (CHECKLEN(ret, 9 + size_str, limit)) return NULL; /* extension type and length */ @@ -1321,7 +1321,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the * Client Hello message */ -int login_len = strlen(s->srp_ctx.login); +size_t login_len = strlen(s->srp_ctx.login); if (login_len > 255 || login_len == 0) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return NULL; @@ -1333,7 +1333,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, * 1 for the srp user identity * + srp user identity length */ -if ((limit - ret - 5 - login_len) < 0) +if (CHECKLEN(ret, 5 + login_len, limit)) return NULL; /* fill in the extension */ @@ -1350,20 +1350,23 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, /* * Add TLS extension ECPointFormats to the ClientHello message */ -long lenmax; const unsigned char *pcurves, *pformats; size_t num_curves, num_formats, curves_list_len; tls1_get_formatlist(s, , _formats); -if ((lenmax = limit - ret - 5) < 0) -return NULL; -if (num_formats > (size_t)lenmax) -return NULL; if (num_formats > 255) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return NULL; } +/*- + * check for enough space. + * 4 bytes for the ec point formats type and extension len
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 5af2ad682e809c04bdc79357ac8cb6571139e098 (commit) via 3ab5f981ed17adf0b804909d9aeac7419a432f01 (commit) via 8c9365a690e2d5f0c49f3d9a3d41973ed9dcedcc (commit) from 3bceb47a272cc930c48b88743c4734a891b1c09a (commit) - Log - commit 5af2ad682e809c04bdc79357ac8cb6571139e098 Author: Matt Caswell <m...@openssl.org> Date: Tue Oct 25 11:10:56 2016 +0100 Implement length checks as a macro Replace the various length checks in the extension code with a macro to simplify the logic. Reviewed-by: Rich Salz <rs...@openssl.org> commit 3ab5f981ed17adf0b804909d9aeac7419a432f01 Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 14 13:07:00 2016 +0100 Ensure we have length checks for all extensions The previous commit inspired a review of all the length checks for the extension adding code. This adds more robust checks and adds checks where some were missing previously. The real solution for this is to use WPACKET which is currently in master - but that cannot be applied to release branches. Reviewed-by: Rich Salz <rs...@openssl.org> commit 8c9365a690e2d5f0c49f3d9a3d41973ed9dcedcc Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 14 11:49:06 2016 +0100 Fix length check writing status request extension The status request extension did not correctly check its length, meaning that writing the extension could go 2 bytes beyond the buffer size. In practice this makes little difference because, due to logic in buffer.c the buffer is actually over allocated by approximately 5k! Issue reported by Guido Vranken. Reviewed-by: Rich Salz <rs...@openssl.org> --- Summary of changes: ssl/t1_lib.c | 245 ++- 1 file changed, 192 insertions(+), 53 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a3fb28e..a9fe445 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -20,6 +20,10 @@ #include "ssl_locl.h" #include + +#define CHECKLEN(curr, val, limit) \ +(((curr) >= (limit)) || (size_t)((limit) - (curr)) < (size_t)(val)) + static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, const unsigned char *sess_id, int sesslen, SSL_SESSION **psess); @@ -1049,7 +1053,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, return NULL; } -if ((limit - ret - 4 - el) < 0) +if (CHECKLEN(ret, 4 + el, limit)) return NULL; s2n(TLSEXT_TYPE_renegotiate, ret); @@ -1068,8 +1072,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, if (s->tlsext_hostname != NULL) { /* Add TLS extension servername to the Client Hello message */ -unsigned long size_str; -long lenmax; +size_t size_str; /*- * check for enough space. @@ -1079,9 +1082,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, * 2 for hostname length * + hostname length */ - -if ((lenmax = limit - ret - 9) < 0 -|| (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) +size_str = strlen(s->tlsext_hostname); +if (CHECKLEN(ret, 9 + size_str, limit)) return NULL; /* extension type and length */ @@ -1102,7 +1104,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the * Client Hello message */ -int login_len = strlen(s->srp_ctx.login); +size_t login_len = strlen(s->srp_ctx.login); if (login_len > 255 || login_len == 0) { SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); return NULL; @@ -1114,7 +1116,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, * 1 for the srp user identity * + srp user identity length */ -if ((limit - ret - 5 - login_len) < 0) +if (CHECKLEN(ret, 5 + login_len, limit)) return NULL; /* fill in the extension */ @@ -1131,7 +1133,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, /* * Add TLS extension ECPointFormats to the ClientHello message */ -long lenmax; const unsigned char *pcurves, *pformats; size_t num_curves, num_formats, curves_list_len; size_t i; @@ -1139,14 +1140,18 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
[openssl-commits] [openssl] master update
The branch master has been updated via a34ac5b8b9c1a3281b4ee545c46177f485fb4949 (commit) via 4880672a9b41a09a0984b55e219f02a2de7ab75e (commit) from 875e3f934e8586039e79efb6ed1262c80803aa42 (commit) - Log - commit a34ac5b8b9c1a3281b4ee545c46177f485fb4949 Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 27 13:46:57 2016 +0100 Add a test for BIO_read() returning 0 in SSL_read() (and also for write) A BIO_read() 0 return indicates that a failure occurred that may be retryable. An SSL_read() 0 return indicates a non-retryable failure. Check that if BIO_read() returns 0, SSL_read() returns <0. Same for SSL_write(). The asyncio test filter BIO already returns 0 on a retryable failure so we build on that. Reviewed-by: Richard Levitte <levi...@openssl.org> commit 4880672a9b41a09a0984b55e219f02a2de7ab75e Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 21 13:25:19 2016 +0100 A zero return from BIO_read()/BIO_write() could be retryable A zero return from BIO_read()/BIO_write() could mean that an IO operation is retryable. A zero return from SSL_read()/SSL_write() means that the connection has been closed down (either cleanly or not). Therefore we should not propagate a zero return value from BIO_read()/BIO_write() back up the stack to SSL_read()/SSL_write(). This could result in a retryable failure being treated as fatal. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: ssl/record/rec_layer_s3.c | 18 +++--- test/asynciotest.c| 43 ++- 2 files changed, 57 insertions(+), 4 deletions(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 0775095..9c8c23c 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -177,6 +177,12 @@ const char *SSL_rstate_string(const SSL *s) } } +/* + * Return values are as per SSL_read(), i.e. + * >0 The number of read bytes + * 0 Failure (not retryable) + * <0 Failure (may be retryable) + */ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) { /* @@ -306,7 +312,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) if (len + left == 0) ssl3_release_read_buffer(s); -return (i); +return -1; } left += i; /* @@ -874,7 +880,13 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, return -1; } -/* if s->s3->wbuf.left != 0, we need to call this */ +/* if s->s3->wbuf.left != 0, we need to call this + * + * Return values are as per SSL_read(), i.e. + * >0 The number of read bytes + * 0 Failure (not retryable) + * <0 Failure (may be retryable) + */ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) { @@ -924,7 +936,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, */ SSL3_BUFFER_set_left([currbuf], 0); } -return (i); +return -1; } SSL3_BUFFER_add_offset([currbuf], i); SSL3_BUFFER_add_left([currbuf], -i); diff --git a/test/asynciotest.c b/test/asynciotest.c index 720cc7c..23d0907 100644 --- a/test/asynciotest.c +++ b/test/asynciotest.c @@ -234,12 +234,17 @@ static int async_puts(BIO *bio, const char *str) return async_write(bio, str, strlen(str)); } +#define MAX_ATTEMPTS100 + int main(int argc, char *argv[]) { SSL_CTX *serverctx = NULL, *clientctx = NULL; SSL *serverssl = NULL, *clientssl = NULL; BIO *s_to_c_fbio = NULL, *c_to_s_fbio = NULL; -int test, err = 1; +int test, err = 1, ret; +size_t i, j; +const char testdata[] = "Test data"; +char buf[sizeof(testdata)]; CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); @@ -287,6 +292,42 @@ int main(int argc, char *argv[]) goto end; } +/* + * Send and receive some test data. Do the whole thing twice to ensure + * we hit at least one async event in both reading and writing + */ +for (j = 0; j < 2; j++) { +/* + * Write some test data. It should never take more than 2 attempts + * (the first one might be a retryable fail). A zero return from + * SSL_write() is a non-retryable failure, so fail immediately if + * we get that. + */ +for (ret = -1, i = 0; ret < 0 && i < 2 * sizeof(testdata); i++) +ret = SSL_write(clientssl, testdata, sizeof(testdata
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via dafa1c85b9bbd8ed3ff1911d00ad7f4e890bafa3 (commit) via 122580ef71e4e5f355a1a104c9bfb36feee43759 (commit) from 207a9cb3522882d1e9dc764c921425ba47a6def6 (commit) - Log - commit dafa1c85b9bbd8ed3ff1911d00ad7f4e890bafa3 Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 27 13:46:57 2016 +0100 Add a test for BIO_read() returning 0 in SSL_read() (and also for write) A BIO_read() 0 return indicates that a failure occurred that may be retryable. An SSL_read() 0 return indicates a non-retryable failure. Check that if BIO_read() returns 0, SSL_read() returns <0. Same for SSL_write(). The asyncio test filter BIO already returns 0 on a retryable failure so we build on that. Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit a34ac5b8b9c1a3281b4ee545c46177f485fb4949) commit 122580ef71e4e5f355a1a104c9bfb36feee43759 Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 21 13:25:19 2016 +0100 A zero return from BIO_read()/BIO_write() could be retryable A zero return from BIO_read()/BIO_write() could mean that an IO operation is retryable. A zero return from SSL_read()/SSL_write() means that the connection has been closed down (either cleanly or not). Therefore we should not propagate a zero return value from BIO_read()/BIO_write() back up the stack to SSL_read()/SSL_write(). This could result in a retryable failure being treated as fatal. Reviewed-by: Richard Levitte <levi...@openssl.org> (cherry picked from commit 4880672a9b41a09a0984b55e219f02a2de7ab75e) --- Summary of changes: ssl/record/rec_layer_s3.c | 18 +++--- test/asynciotest.c| 43 ++- 2 files changed, 57 insertions(+), 4 deletions(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 0775095..9c8c23c 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -177,6 +177,12 @@ const char *SSL_rstate_string(const SSL *s) } } +/* + * Return values are as per SSL_read(), i.e. + * >0 The number of read bytes + * 0 Failure (not retryable) + * <0 Failure (may be retryable) + */ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) { /* @@ -306,7 +312,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend, int clearold) if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) if (len + left == 0) ssl3_release_read_buffer(s); -return (i); +return -1; } left += i; /* @@ -874,7 +880,13 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, return -1; } -/* if s->s3->wbuf.left != 0, we need to call this */ +/* if s->s3->wbuf.left != 0, we need to call this + * + * Return values are as per SSL_read(), i.e. + * >0 The number of read bytes + * 0 Failure (not retryable) + * <0 Failure (may be retryable) + */ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len) { @@ -924,7 +936,7 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, */ SSL3_BUFFER_set_left([currbuf], 0); } -return (i); +return -1; } SSL3_BUFFER_add_offset([currbuf], i); SSL3_BUFFER_add_left([currbuf], -i); diff --git a/test/asynciotest.c b/test/asynciotest.c index 720cc7c..23d0907 100644 --- a/test/asynciotest.c +++ b/test/asynciotest.c @@ -234,12 +234,17 @@ static int async_puts(BIO *bio, const char *str) return async_write(bio, str, strlen(str)); } +#define MAX_ATTEMPTS100 + int main(int argc, char *argv[]) { SSL_CTX *serverctx = NULL, *clientctx = NULL; SSL *serverssl = NULL, *clientssl = NULL; BIO *s_to_c_fbio = NULL, *c_to_s_fbio = NULL; -int test, err = 1; +int test, err = 1, ret; +size_t i, j; +const char testdata[] = "Test data"; +char buf[sizeof(testdata)]; CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); @@ -287,6 +292,42 @@ int main(int argc, char *argv[]) goto end; } +/* + * Send and receive some test data. Do the whole thing twice to ensure + * we hit at least one async event in both reading and writing + */ +for (j = 0; j < 2; j++) { +/* + * Write some test data. It should never take more than 2 attempts + * (the first one might be a retryable fail). A zero return from + * SSL_write() is a non-retryable failure, so fail immediately if + * we get that. +
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via fa4c374572e94f467900f5820cd1d00af2470a17 (commit) from 31bf65c89a43b4a1b3dd942c3e71d4573a0d4d66 (commit) - Log - commit fa4c374572e94f467900f5820cd1d00af2470a17 Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 21 14:49:33 2016 +0100 A zero return from BIO_read/BIO_write() could be retryable A zero return from BIO_read()/BIO_write() could mean that an IO operation is retryable. A zero return from SSL_read()/SSL_write() means that the connection has been closed down (either cleanly or not). Therefore we should not propagate a zero return value from BIO_read()/BIO_write() back up the stack to SSL_read()/SSL_write(). This could result in a retryable failure being treated as fatal. Reviewed-by: Richard Levitte <levi...@openssl.org> --- Summary of changes: ssl/s23_pkt.c | 18 +++--- ssl/s2_pkt.c | 16 ++-- ssl/s3_pkt.c | 18 +++--- 3 files changed, 44 insertions(+), 8 deletions(-) diff --git a/ssl/s23_pkt.c b/ssl/s23_pkt.c index efc8647..5a63eff 100644 --- a/ssl/s23_pkt.c +++ b/ssl/s23_pkt.c @@ -63,6 +63,12 @@ #include #include +/* + * Return values are as per SSL_write(), i.e. + * >0 The number of read bytes + * 0 Failure (not retryable) + * <0 Failure (may be retryable) + */ int ssl23_write_bytes(SSL *s) { int i, num, tot; @@ -77,7 +83,7 @@ int ssl23_write_bytes(SSL *s) if (i <= 0) { s->init_off = tot; s->init_num = num; -return (i); +return -1; } s->rwstate = SSL_NOTHING; if (i == num) @@ -88,7 +94,13 @@ int ssl23_write_bytes(SSL *s) } } -/* return regularly only when we have read (at least) 'n' bytes */ +/* return regularly only when we have read (at least) 'n' bytes + * + * Return values are as per SSL_read(), i.e. + * >0 The number of read bytes + * 0 Failure (not retryable) + * <0 Failure (may be retryable) + */ int ssl23_read_bytes(SSL *s, int n) { unsigned char *p; @@ -102,7 +114,7 @@ int ssl23_read_bytes(SSL *s, int n) j = BIO_read(s->rbio, (char *)&(p[s->packet_length]), n - s->packet_length); if (j <= 0) -return (j); +return -1; s->rwstate = SSL_NOTHING; s->packet_length += j; if (s->packet_length >= (unsigned int)n) diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 7a61888..394b433 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -307,6 +307,12 @@ int ssl2_peek(SSL *s, void *buf, int len) return ssl2_read_internal(s, buf, len, 1); } +/* + * Return values are as per SSL_read(), i.e. + * >0 The number of read bytes + * 0 Failure (not retryable) + * <0 Failure (may be retryable) + */ static int read_n(SSL *s, unsigned int n, unsigned int max, unsigned int extend) { @@ -374,7 +380,7 @@ static int read_n(SSL *s, unsigned int n, unsigned int max, # endif if (i <= 0) { s->s2->rbuf_left += newb; -return (i); +return -1; } newb += i; } @@ -441,6 +447,12 @@ int ssl2_write(SSL *s, const void *_buf, int len) } } +/* + * Return values are as per SSL_write(), i.e. + * >0 The number of read bytes + * 0 Failure (not retryable) + * <0 Failure (may be retryable) + */ static int write_pending(SSL *s, const unsigned char *buf, unsigned int len) { int i; @@ -477,7 +489,7 @@ static int write_pending(SSL *s, const unsigned char *buf, unsigned int len) s->rwstate = SSL_NOTHING; return (s->s2->wpend_ret); } else if (i <= 0) -return (i); +return -1; s->s2->wpend_off += i; s->s2->wpend_len -= i; } diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index be37ef0..7e3a7b4 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -136,6 +136,12 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment); static int ssl3_get_record(SSL *s); +/* + * Return values are as per SSL_read(), i.e. + * >0 The number of read bytes + * 0 Failure (not retryable) + * <0 Failure (may be retryable) + */ int ssl3_read_n(SSL *s, int n, int max, int extend) { /* @@ -263,7 +269,7 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s)) if (len + left == 0) ssl3_release_read_buffer(s); -return (i); +return -1; } left += i; /* @@ -1082,7 +1088,13 @@ static int do_ssl3_write(SS
[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 57aa2f154e3e0f427be59497f58092dd3ec0528a (commit) from fa4c374572e94f467900f5820cd1d00af2470a17 (commit) - Log - commit 57aa2f154e3e0f427be59497f58092dd3ec0528a Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 10 16:53:11 2016 +0100 Fix a double free in ca command line Providing a spkac file with no default section causes a double free. Thanks to Brian Carpenter for reporting this issue. Reviewed-by: Kurt Roeckx <k...@openssl.org> (cherry picked from commit 229bd12487f8576fc088dc4f641950ac33c62033) --- Summary of changes: apps/ca.c | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/ca.c b/apps/ca.c index 20c4ebb..4cea3cb 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2224,7 +2224,6 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, sk = CONF_get_section(parms, "default"); if (sk_CONF_VALUE_num(sk) == 0) { BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); -CONF_free(parms); goto err; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via f7970f303f849f0d0c8eb1717efd35b559c47964 (commit) via d62bf89cbba8df21c317fbf3fbefadeb0ca5a7f4 (commit) via 7bf79e33c94545eb3d67f142ce2dcc974c4dc79b (commit) via fbba62f6c9671b151df648f06afdf6af14518ab4 (commit) via 42c6046064d2ee45d59baec53bedde4ea434294f (commit) via f42fd819d60c5ebbcfd7bff6173b89664ab2fde1 (commit) via bb5310bed5ab14747cad1f6a57aa3b075ca4af65 (commit) via 7f5f01cf538a01879805d22cb9a92047d1d97b19 (commit) via ac0edec108804c383e1f7c48dd2fe72deecf6f9c (commit) via 47263ace13c47a3e2c4c9c4439884cf1ff8e6866 (commit) via b055fceb9bd8f613f39dab9df4d77b2a95231755 (commit) via 98e553d2ce31e2179be68d6a60b5bec765cd9768 (commit) via 3befffa39dbaf2688d823fcf2bdfc07d2487be48 (commit) via d07aee2c7a33e77d97d8e13811af3637e3849cb2 (commit) from 229bd12487f8576fc088dc4f641950ac33c62033 (commit) - Log - commit f7970f303f849f0d0c8eb1717efd35b559c47964 Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 27 12:59:26 2016 +0100 Fix stdio build following BIO size_t work Reviewed-by: Richard Levitte <levi...@openssl.org> commit d62bf89cbba8df21c317fbf3fbefadeb0ca5a7f4 Author: Matt Caswell <m...@openssl.org> Date: Wed Oct 26 00:05:25 2016 +0100 Fix more shadowed variable warnings Reviewed-by: Richard Levitte <levi...@openssl.org> commit 7bf79e33c94545eb3d67f142ce2dcc974c4dc79b Author: Matt Caswell <m...@openssl.org> Date: Tue Oct 25 13:19:59 2016 +0100 Fix some feedback issues for BIO size_t-ify Rename some parameters; add some error codes; fix a comment; etc Reviewed-by: Richard Levitte <levi...@openssl.org> commit fbba62f6c9671b151df648f06afdf6af14518ab4 Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 21 15:21:55 2016 +0100 Add some sanity checks for BIO_read* and BIO_gets Make sure the return value isn't bigger than the buffer len Reviewed-by: Richard Levitte <levi...@openssl.org> commit 42c6046064d2ee45d59baec53bedde4ea434294f Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 21 15:15:51 2016 +0100 More parameter naming of BIO_read*/BIO_write* related functions Based on feedback received. Reviewed-by: Richard Levitte <levi...@openssl.org> commit f42fd819d60c5ebbcfd7bff6173b89664ab2fde1 Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 21 14:35:26 2016 +0100 Tweaks based on review feedback of BIO size_t work Rename some parameters. Also change handling of buffer sizes >INT_MAX in length. Reviewed-by: Richard Levitte <levi...@openssl.org> commit bb5310bed5ab14747cad1f6a57aa3b075ca4af65 Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 21 13:07:06 2016 +0100 Ensure that BIO_read_ex() and BIO_write_ex() only return 0 or 1 They should return 0 for a failure (retryable or not), and 1 for a success. Reviewed-by: Richard Levitte <levi...@openssl.org> commit 7f5f01cf538a01879805d22cb9a92047d1d97b19 Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 21 00:09:02 2016 +0100 Read up to INT_MAX when calling legacy BIO_read() implementations In converting a new style BIO_read() call into an old one, read as much data as we can (INT_MAX), if the size of the buffer is >INT_MAX. Reviewed-by: Richard Levitte <levi...@openssl.org> commit ac0edec108804c383e1f7c48dd2fe72deecf6f9c Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 21 00:00:40 2016 +0100 Fix a shadowed variable declaration warning Reviewed-by: Richard Levitte <levi...@openssl.org> commit 47263ace13c47a3e2c4c9c4439884cf1ff8e6866 Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 21 00:00:19 2016 +0100 Fix some bogus uninit variable warnings Reviewed-by: Richard Levitte <levi...@openssl.org> commit b055fceb9bd8f613f39dab9df4d77b2a95231755 Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 20 09:56:18 2016 +0100 Document the new BIO functions introduced as part of the size_t work Reviewed-by: Richard Levitte <levi...@openssl.org> commit 98e553d2ce31e2179be68d6a60b5bec765cd9768 Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 20 13:48:31 2016 +0100 Ensure all BIO functions call the new style callback Reviewed-by: Richard Levitte <levi...@openssl.org> commit 3befffa39dbaf2688d823fcf2bdfc07d2487be48 Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 20 15:18:39 2016 +0100 Create BIO_write_ex() which handles size_t arguments Also extend BIO_METHOD to be able to supply an implementation for the new BIO_write_ex function. Reviewed-by: Richard Levitte <levi...@open
[openssl-commits] [openssl] master update
The branch master has been updated via 229bd12487f8576fc088dc4f641950ac33c62033 (commit) from a34ac5b8b9c1a3281b4ee545c46177f485fb4949 (commit) - Log - commit 229bd12487f8576fc088dc4f641950ac33c62033 Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 10 16:53:11 2016 +0100 Fix a double free in ca command line Providing a spkac file with no default section causes a double free. Thanks to Brian Carpenter for reporting this issue. Reviewed-by: Kurt Roeckx <k...@openssl.org> --- Summary of changes: apps/ca.c | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/ca.c b/apps/ca.c index b95f2ef..b6ab00a 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1912,7 +1912,6 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, sk = CONF_get_section(parms, "default"); if (sk_CONF_VALUE_num(sk) == 0) { BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); -CONF_free(parms); goto end; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 3bceb47a272cc930c48b88743c4734a891b1c09a (commit) from dafa1c85b9bbd8ed3ff1911d00ad7f4e890bafa3 (commit) - Log - commit 3bceb47a272cc930c48b88743c4734a891b1c09a Author: Matt Caswell <m...@openssl.org> Date: Mon Oct 10 16:53:11 2016 +0100 Fix a double free in ca command line Providing a spkac file with no default section causes a double free. Thanks to Brian Carpenter for reporting this issue. Reviewed-by: Kurt Roeckx <k...@openssl.org> (cherry picked from commit 229bd12487f8576fc088dc4f641950ac33c62033) --- Summary of changes: apps/ca.c | 1 - 1 file changed, 1 deletion(-) diff --git a/apps/ca.c b/apps/ca.c index 03e08b4..af7bb72 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1917,7 +1917,6 @@ static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, sk = CONF_get_section(parms, "default"); if (sk_CONF_VALUE_num(sk) == 0) { BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); -CONF_free(parms); goto end; } _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via ce95f3b724f71f42dd57af4a0a8e2f571deaf94d (commit) via 1f3e70a450364e3152973380ea4d3bb6694f3980 (commit) via 436a2a0179416d2cc22b678b63e50c2638384d5f (commit) from 2c4a3f938ca378d2017275d299f02512b232ceaf (commit) - Log - commit ce95f3b724f71f42dd57af4a0a8e2f571deaf94d Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 22:23:16 2016 + Add a CHANGES entry for the unrecognised record type change Reviewed-by: Tim Hudson <t...@openssl.org> commit 1f3e70a450364e3152973380ea4d3bb6694f3980 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 09:41:37 2016 + Add a test for unrecognised record types We should fail if we receive an unrecognised record type Reviewed-by: Tim Hudson <t...@openssl.org> commit 436a2a0179416d2cc22b678b63e50c2638384d5f Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 09:14:51 2016 + Fail if an unrecognised record type is received TLS1.0 and TLS1.1 say you SHOULD ignore unrecognised record types, but TLS 1.2 says you MUST send an unexpected message alert. We swap to the TLS 1.2 behaviour for all protocol versions to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. Issue reported by 郭志攀 Reviewed-by: Tim Hudson <t...@openssl.org> --- Summary of changes: CHANGES | 6 - ssl/record/rec_layer_s3.c | 12 -- test/recipes/70-test_sslrecords.t | 48 ++- util/TLSProxy/Record.pm | 6 +++-- 4 files changed, 61 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index dfff36f..ba661db 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,11 @@ Changes between 1.1.0a and 1.1.1 [xx XXX ] - *) + *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 + or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to + prevent issues where no progress is being made and the peer continually + sends unrecognised record types, using up resources processing them. + [Matt Caswell] *) 'openssl passwd' can now produce SHA256 and SHA512 based output, using the algorithm defined in diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 4535f89..28de7c3 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1463,14 +1463,12 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, switch (SSL3_RECORD_get_type(rr)) { default: /* - * TLS up to v1.1 just ignores unknown message types: TLS v1.2 give - * an unexpected message alert. + * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but + * TLS 1.2 says you MUST send an unexpected message alert. We use the + * TLS 1.2 behaviour for all protocol versions to prevent issues where + * no progress is being made and the peer continually sends unrecognised + * record types, using up resources processing them. */ -if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) { -SSL3_RECORD_set_length(rr, 0); -SSL3_RECORD_set_read(rr); -goto start; -} al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index fc9b59f..b282dbd 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -39,7 +39,11 @@ my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; my $inject_recs_num = 1; $proxy->serverflags("-tls1_2"); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 9; +my $num_tests = 10; +if (!disabled("tls1_1")) { +$num_tests++; +} +plan tests => $num_tests; ok(TLSProxy::Message->fail(), "Out of context empty records test"); #Test 2: Injecting in context empty records should succeed @@ -116,6 +120,23 @@ $proxy->clear(); $proxy->serverflags("-tls1_2"); $proxy->start(); ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test"); + +#Unregcognised record type tests + +#Test 10: Sending an unrecognised record type in TLS1.2 should fail +$proxy->clear(); +$proxy->filter(\_unknown_record_type); +$proxy->start(); +ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.2"); + +#Test 11: Sending an unrecognised record type in TLS1.1 should fail +if (!disabled("tls
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 717f4026d593119cf493b3c1e045462c540f4cb3 (commit) via e4815a0bd2bcb00abea63f651284100028e3436c (commit) via 77cd04bd27397161faa4ad0b211727bfd97e6a67 (commit) from bfca0515b6977cba7b50215fc6d7d88250c9ca38 (commit) - Log - commit 717f4026d593119cf493b3c1e045462c540f4cb3 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 22:23:16 2016 + Add a CHANGES entry for the unrecognised record type change Reviewed-by: Tim Hudson <t...@openssl.org> (cherry picked from commit ce95f3b724f71f42dd57af4a0a8e2f571deaf94d) commit e4815a0bd2bcb00abea63f651284100028e3436c Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 09:41:37 2016 + Add a test for unrecognised record types We should fail if we receive an unrecognised record type Reviewed-by: Tim Hudson <t...@openssl.org> (cherry picked from commit 1f3e70a450364e3152973380ea4d3bb6694f3980) commit 77cd04bd27397161faa4ad0b211727bfd97e6a67 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 2 09:14:51 2016 + Fail if an unrecognised record type is received TLS1.0 and TLS1.1 say you SHOULD ignore unrecognised record types, but TLS 1.2 says you MUST send an unexpected message alert. We swap to the TLS 1.2 behaviour for all protocol versions to prevent issues where no progress is being made and the peer continually sends unrecognised record types, using up resources processing them. Issue reported by 郭志攀 Reviewed-by: Tim Hudson <t...@openssl.org> (cherry picked from commit 436a2a0179416d2cc22b678b63e50c2638384d5f) --- Summary of changes: CHANGES | 6 - ssl/record/rec_layer_s3.c | 12 -- test/recipes/70-test_sslrecords.t | 48 ++- util/TLSProxy/Record.pm | 6 +++-- 4 files changed, 61 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 9fc2b99..b04cf9c 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,11 @@ Changes between 1.1.0b and 1.1.0c [xx XXX ] - *) + *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 + or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to + prevent issues where no progress is being made and the peer continually + sends unrecognised record types, using up resources processing them. + [Matt Caswell] *) Removed automatic addition of RPATH in shared libraries and executables, as this was a remainder from OpenSSL 1.0.x and isn't needed any more. diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 4535f89..28de7c3 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1463,14 +1463,12 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, switch (SSL3_RECORD_get_type(rr)) { default: /* - * TLS up to v1.1 just ignores unknown message types: TLS v1.2 give - * an unexpected message alert. + * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but + * TLS 1.2 says you MUST send an unexpected message alert. We use the + * TLS 1.2 behaviour for all protocol versions to prevent issues where + * no progress is being made and the peer continually sends unrecognised + * record types, using up resources processing them. */ -if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) { -SSL3_RECORD_set_length(rr, 0); -SSL3_RECORD_set_read(rr); -goto start; -} al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index d1c8d3a..d3702f2 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -38,7 +38,11 @@ my $proxy = TLSProxy::Proxy->new( my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; my $inject_recs_num = 1; $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 9; +my $num_tests = 10; +if (!disabled("tls1_1")) { +$num_tests++; +} +plan tests => $num_tests; ok(TLSProxy::Message->fail(), "Out of context empty records test"); #Test 2: Injecting in context empty records should succeed @@ -107,6 +111,23 @@ $sslv2testtype = ALERT_BEFORE_SSLV2; $proxy->clear(); $proxy->start(); ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test"); + +#Unregcognised record type tests + +#Test 10: Sending an unrecognised record type in TLS1.2 should fail +$proxy->clear()
[openssl-commits] [openssl] master update
The branch master has been updated via 2b59d1beaad43d9cf8eb916a437db63bc8ce1d3a (commit) via b6d5ba1a9f004d637acac18ae3519fe063b6b5e1 (commit) via b987d748e46d4ec19a45e5ec9e890a9003a361d6 (commit) via 5836780f436e03be231ff245f04f2f9f2f0ede91 (commit) via b39eda7ee69a9277c722f8789736e00dc680cda6 (commit) via cb6ea61c161e88aa0268c77f308469a67b2ec063 (commit) from ce95f3b724f71f42dd57af4a0a8e2f571deaf94d (commit) - Log - commit 2b59d1beaad43d9cf8eb916a437db63bc8ce1d3a Author: Matt Caswell <m...@openssl.org> Date: Fri Oct 28 11:03:22 2016 +0100 Implement GET_MODULE_HANDLE_EX_FLAG_PIN for windows Rather than leaking a reference, just call GetModuleHandleEx and pin the module on Windows. Reviewed-by: Tim Hudson <t...@openssl.org> commit b6d5ba1a9f004d637acac18ae3519fe063b6b5e1 Author: Matt Caswell <m...@openssl.org> Date: Tue Oct 18 15:11:57 2016 +0100 Link using -znodelete Instead of deliberately leaking a reference to ourselves, use nodelete which does this more neatly. Only for Linux at the moment. Reviewed-by: Tim Hudson <t...@openssl.org> commit b987d748e46d4ec19a45e5ec9e890a9003a361d6 Author: Matt Caswell <m...@openssl.org> Date: Tue Oct 18 14:16:35 2016 +0100 Add a test to dynamically load and unload the libraries This should demonstrate that the atexit() handling is working properly (or at least not crashing) on process exit. Reviewed-by: Tim Hudson <t...@openssl.org> commit 5836780f436e03be231ff245f04f2f9f2f0ede91 Author: Matt Caswell <m...@openssl.org> Date: Tue Oct 18 14:13:25 2016 +0100 Ensure that libcrypto and libssl do not unload until the process exits Because we use atexit() to cleanup after ourselves, this will cause a problem if we have been dynamically loaded and then unloaded again: the atexit() handler may no longer be there. Most modern atexit() implementations can handle this, however there are still difficulties if libssl gets unloaded before libcrypto, because of the atexit() callback that libcrypto makes to libssl. The most robust solution seems to be to ensure that libcrypto and libssl never unload. This is done by simply deliberately leaking a dlopen() reference to them. Reviewed-by: Tim Hudson <t...@openssl.org> commit b39eda7ee69a9277c722f8789736e00dc680cda6 Author: Matt Caswell <m...@openssl.org> Date: Sat Oct 15 16:01:40 2016 +0100 Add a DSO_dsobyaddr() function This works the same way as DSO_pathbyaddr() but instead returns a ptr to the DSO that contains the provided symbol. Reviewed-by: Tim Hudson <t...@openssl.org> commit cb6ea61c161e88aa0268c77f308469a67b2ec063 Author: Matt Caswell <m...@openssl.org> Date: Sat Oct 15 15:23:03 2016 +0100 Partial revert of 3d8b2ec42 to add back DSO_pathbyaddr Commit 3d8b2ec42 removed various unused functions. However now we need to use one of them! This commit resurrects DSO_pathbyaddr(). We're not going to resurrect the Windows version though because what we need to achieve can be done a different way on Windows. Reviewed-by: Tim Hudson <t...@openssl.org> --- Summary of changes: Configurations/10-main.conf | 25 ++-- crypto/dso/dso_dl.c | 34 ++ crypto/dso/dso_dlfcn.c | 34 ++ crypto/dso/dso_err.c | 2 + crypto/dso/dso_lib.c | 35 +- crypto/dso/dso_locl.h| 2 + crypto/dso/dso_vms.c | 4 +- crypto/dso/dso_win32.c | 1 + crypto/init.c| 70 +++ include/internal/dso.h | 24 test/build.info | 6 + test/recipes/90-test_shlibload.t | 37 ++ test/shlibloadtest.c | 243 +++ util/libcrypto.num | 2 + 14 files changed, 503 insertions(+), 16 deletions(-) create mode 100644 test/recipes/90-test_shlibload.t create mode 100644 test/shlibloadtest.c diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 9b4c78f..b77efbf 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -632,7 +632,8 @@ sub vms_info { thread_scheme=> "pthreads", dso_scheme => "dlfcn", shared_target=> "linux-shared", -shared_cflag => "-fPIC", +shared_cflag => "-fPIC -DOPENSSL_USE_NODELETE", +shared_ldflag=> "-znodelete", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "linux-generic64" => { @@ -648,14 +649,14 @@