Import OpenSSL-1.0.1h.
authorSascha Wildner <saw@online.de>
Fri, 6 Jun 2014 15:48:23 +0000 (17:48 +0200)
committerSascha Wildner <saw@online.de>
Fri, 6 Jun 2014 15:48:23 +0000 (17:48 +0200)
* Fixes for CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470
* Harmonize version and its documentation
* Fix eckey_priv_encode so it immediately returns an error upon a
    failure in i2d_ECPrivateKey
* Fix some double frees. These are not thought to be exploitable.

See also http://www.openssl.org/news/secadv_20140605.txt

Submitted-by: Robin Hahling <robin.hahling@gw-computing.net>
86 files changed:
crypto/openssl/CHANGES
crypto/openssl/NEWS
crypto/openssl/README
crypto/openssl/README.DELETED
crypto/openssl/apps/enc.c
crypto/openssl/apps/ocsp.c
crypto/openssl/apps/req.c
crypto/openssl/apps/s_cb.c
crypto/openssl/apps/s_socket.c
crypto/openssl/apps/smime.c
crypto/openssl/crypto/asn1/a_strnid.c
crypto/openssl/crypto/bio/bss_dgram.c
crypto/openssl/crypto/bn/asm/x86_64-mont5.pl [changed mode: 0755->0644]
crypto/openssl/crypto/bn/bn_mont.c
crypto/openssl/crypto/cms/cms_env.c
crypto/openssl/crypto/cms/cms_sd.c
crypto/openssl/crypto/cms/cms_smime.c
crypto/openssl/crypto/des/des_old.h
crypto/openssl/crypto/dso/dso_dlfcn.c
crypto/openssl/crypto/ec/ec_ameth.c
crypto/openssl/crypto/ec/ec_asn1.c
crypto/openssl/crypto/ec/ec_lcl.h
crypto/openssl/crypto/ec/ec_lib.c
crypto/openssl/crypto/engine/eng_cryptodev.c
crypto/openssl/crypto/evp/bio_b64.c
crypto/openssl/crypto/evp/encode.c
crypto/openssl/crypto/opensslv.h
crypto/openssl/crypto/pkcs12/p12_crt.c
crypto/openssl/crypto/pkcs12/p12_kiss.c
crypto/openssl/crypto/pkcs7/pk7_doit.c
crypto/openssl/crypto/pkcs7/pkcs7.h
crypto/openssl/crypto/pkcs7/pkcs7err.c
crypto/openssl/crypto/rsa/rsa_ameth.c
crypto/openssl/crypto/srp/srp_vfy.c
crypto/openssl/crypto/ts/ts_rsp_verify.c
crypto/openssl/crypto/uid.c
crypto/openssl/crypto/x509v3/v3_purp.c
crypto/openssl/doc/apps/cms.pod
crypto/openssl/doc/apps/enc.pod
crypto/openssl/doc/apps/s_server.pod
crypto/openssl/doc/apps/smime.pod
crypto/openssl/doc/apps/verify.pod
crypto/openssl/doc/apps/version.pod
crypto/openssl/doc/apps/x509v3_config.pod
crypto/openssl/doc/crypto/CMS_decrypt.pod
crypto/openssl/doc/crypto/CONF_modules_free.pod
crypto/openssl/doc/crypto/CONF_modules_load_file.pod
crypto/openssl/doc/crypto/OPENSSL_config.pod
crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
crypto/openssl/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod
crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
crypto/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
crypto/openssl/doc/ssl/SSL_accept.pod
crypto/openssl/doc/ssl/SSL_clear.pod
crypto/openssl/doc/ssl/SSL_connect.pod
crypto/openssl/doc/ssl/SSL_do_handshake.pod
crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod
crypto/openssl/doc/ssl/SSL_read.pod
crypto/openssl/doc/ssl/SSL_session_reused.pod
crypto/openssl/doc/ssl/SSL_set_fd.pod
crypto/openssl/doc/ssl/SSL_set_session.pod
crypto/openssl/doc/ssl/SSL_shutdown.pod
crypto/openssl/doc/ssl/SSL_write.pod
crypto/openssl/engines/ccgost/gost_ameth.c
crypto/openssl/ssl/d1_both.c
crypto/openssl/ssl/d1_lib.c
crypto/openssl/ssl/d1_pkt.c
crypto/openssl/ssl/d1_srvr.c
crypto/openssl/ssl/s3_clnt.c
crypto/openssl/ssl/s3_pkt.c
crypto/openssl/ssl/s3_srvr.c
crypto/openssl/ssl/srtp.h
crypto/openssl/ssl/ssl.h
crypto/openssl/ssl/ssl3.h
crypto/openssl/ssl/ssl_asn1.c
crypto/openssl/ssl/ssl_err.c
crypto/openssl/ssl/ssl_lib.c
crypto/openssl/ssl/t1_enc.c
crypto/openssl/ssl/t1_lib.c

index 4fcfd1d..d161eca 100644 (file)
@@ -2,6 +2,50 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
+
+  *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+     handshake can force the use of weak keying material in OpenSSL
+     SSL/TLS clients and servers.
+
+     Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
+     researching this issue. (CVE-2014-0224)
+     [KIKUCHI Masashi, Steve Henson]
+
+  *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+     OpenSSL DTLS client the code can be made to recurse eventually crashing
+     in a DoS attack.
+
+     Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+     (CVE-2014-0221)
+     [Imre Rad, Steve Henson]
+
+  *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
+     be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
+     client or server. This is potentially exploitable to run arbitrary
+     code on a vulnerable client or server.
+
+     Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
+     [Jüri Aedla, Steve Henson]
+
+  *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
+     are subject to a denial of service attack.
+
+     Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
+     this issue. (CVE-2014-3470)
+     [Felix Gröbert, Ivan Fratric, Steve Henson]
+
+  *) Harmonize version and its documentation. -f flag is used to display
+     compilation flags.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix eckey_priv_encode so it immediately returns an error upon a failure
+     in i2d_ECPrivateKey.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
+
  Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
 
   *) A missing bounds check in the handling of the TLS heartbeat extension
index ed486d1..d062041 100644 (file)
@@ -5,6 +5,14 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
+
+      o Fix for CVE-2014-0224
+      o Fix for CVE-2014-0221
+      o Fix for CVE-2014-0195
+      o Fix for CVE-2014-3470
+      o Fix for CVE-2010-5298
+
   Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
 
       o Fix for CVE-2014-0160
index 10b74d1..95c5cd2 100644 (file)
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.1g 7 Apr 2014
+ OpenSSL 1.0.1h 5 Jun 2014
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
index 3b5b1d6..eb19860 100644 (file)
@@ -20,7 +20,6 @@ VMS/
 apps/CA.com
 apps/CA.pl.in
 apps/Makefile
-apps/Makefile.save
 apps/ca-cert.srl
 apps/ca-key.pem
 apps/ca-req.pem
@@ -70,9 +69,7 @@ crypto/LPdir_win.c
 crypto/LPdir_win32.c
 crypto/LPdir_wince.c
 crypto/Makefile
-crypto/Makefile.save
 crypto/aes/Makefile
-crypto/aes/Makefile.save
 crypto/aes/aes_x86core.c
 crypto/aes/asm/aes-armv4.pl
 crypto/aes/asm/aes-ia64.S
@@ -86,11 +83,9 @@ crypto/arm_arch.h
 crypto/armcap.c
 crypto/armv4cpuid.S
 crypto/asn1/Makefile
-crypto/asn1/Makefile.save
 crypto/asn1/charmap.pl
 crypto/bf/INSTALL
 crypto/bf/Makefile
-crypto/bf/Makefile.save
 crypto/bf/asm/bf-686.pl
 crypto/bf/asm/readme
 crypto/bf/bf_cbc.c
@@ -99,10 +94,8 @@ crypto/bf/bfs.cpp
 crypto/bf/bfspeed.c
 crypto/bf/bftest.c
 crypto/bio/Makefile
-crypto/bio/Makefile.save
 crypto/bio/bss_rtcp.c
 crypto/bn/Makefile
-crypto/bn/Makefile.save
 crypto/bn/asm/README
 crypto/bn/asm/alpha-mont.pl
 crypto/bn/asm/armv4-gf2m.pl
@@ -140,24 +133,17 @@ crypto/bn/expspeed.c
 crypto/bn/exptest.c
 crypto/bn/vms-helper.c
 crypto/buffer/Makefile
-crypto/buffer/Makefile.save
 crypto/camellia/Makefile
-crypto/camellia/Makefile.save
 crypto/cast/Makefile
-crypto/cast/Makefile.save
 crypto/cast/asm/
 crypto/cast/cast_spd.c
 crypto/cast/castopts.c
 crypto/cast/casts.cpp
 crypto/cast/casttest.c
 crypto/cmac/Makefile
-crypto/cmac/Makefile.save
 crypto/cms/Makefile
-crypto/cms/Makefile.save
 crypto/comp/Makefile
-crypto/comp/Makefile.save
 crypto/conf/Makefile
-crypto/conf/Makefile.save
 crypto/conf/cnf_save.c
 crypto/conf/keysets.pl
 crypto/conf/ssleay.cnf
@@ -170,7 +156,6 @@ crypto/des/INSTALL
 crypto/des/Imakefile
 crypto/des/KERBEROS
 crypto/des/Makefile
-crypto/des/Makefile.save
 crypto/des/asm/des_enc.m4
 crypto/des/asm/readme
 crypto/des/des-lib.com
@@ -189,7 +174,6 @@ crypto/des/t/
 crypto/des/times/
 crypto/des/typemap
 crypto/dh/Makefile
-crypto/dh/Makefile.save
 crypto/dh/dh1024.pem
 crypto/dh/dh192.pem
 crypto/dh/dh2048.pem
@@ -202,68 +186,52 @@ crypto/dh/p1024.c
 crypto/dh/p192.c
 crypto/dh/p512.c
 crypto/dsa/Makefile
-crypto/dsa/Makefile.save
 crypto/dsa/dsagen.c
 crypto/dsa/dsatest.c
 crypto/dso/Makefile
-crypto/dso/Makefile.save
 crypto/dso/dso_beos.c
 crypto/dso/dso_vms.c
 crypto/dso/dso_win32.c
 crypto/ec/Makefile
-crypto/ec/Makefile.save
 crypto/ec/ectest.c
 crypto/ecdh/Makefile
-crypto/ecdh/Makefile.save
 crypto/ecdh/ecdhtest.c
 crypto/ecdsa/Makefile
-crypto/ecdsa/Makefile.save
 crypto/ecdsa/ecdsatest.c
 crypto/engine/Makefile
-crypto/engine/Makefile.save
 crypto/engine/enginetest.c
 crypto/err/Makefile
-crypto/err/Makefile.save
 crypto/err/openssl.ec
 crypto/evp/Makefile
-crypto/evp/Makefile.save
 crypto/evp/e_dsa.c
 crypto/evp/evp_test.c
 crypto/evp/evptests.txt
 crypto/fips_err.h
 crypto/hmac/Makefile
-crypto/hmac/Makefile.save
 crypto/hmac/hmactest.c
 crypto/ia64cpuid.S
 crypto/idea/Makefile
-crypto/idea/Makefile.save
 crypto/idea/idea_spd.c
 crypto/idea/ideatest.c
 crypto/install-crypto.com
 crypto/jpake/
 crypto/krb5/Makefile
-crypto/krb5/Makefile.save
 crypto/lhash/Makefile
-crypto/lhash/Makefile.save
 crypto/lhash/lh_test.c
 crypto/lhash/num.pl
 crypto/md2/
 crypto/md4/Makefile
-crypto/md4/Makefile.save
 crypto/md4/md4.c
 crypto/md4/md4s.cpp
 crypto/md4/md4test.c
 crypto/md5/Makefile
-crypto/md5/Makefile.save
 crypto/md5/asm/md5-ia64.S
 crypto/md5/md5.c
 crypto/md5/md5s.cpp
 crypto/md5/md5test.c
 crypto/mdc2/Makefile
-crypto/mdc2/Makefile.save
 crypto/mdc2/mdc2test.c
 crypto/modes/Makefile
-crypto/modes/Makefile.save
 crypto/modes/asm/ghash-alpha.pl
 crypto/modes/asm/ghash-armv4.pl
 crypto/modes/asm/ghash-ia64.pl
@@ -274,7 +242,6 @@ crypto/o_dir_test.c
 crypto/o_str.c
 crypto/o_str.h
 crypto/objects/Makefile
-crypto/objects/Makefile.save
 crypto/objects/obj_dat.pl
 crypto/objects/obj_mac.num
 crypto/objects/obj_xref.txt
@@ -282,21 +249,17 @@ crypto/objects/objects.pl
 crypto/objects/objects.txt
 crypto/objects/objxref.pl
 crypto/ocsp/Makefile
-crypto/ocsp/Makefile.save
 crypto/opensslconf.h
 crypto/opensslconf.h.in
 crypto/pariscid.pl
 crypto/pem/Makefile
-crypto/pem/Makefile.save
 crypto/pem/pkcs7.lis
 crypto/perlasm/ppc-xlate.pl
 crypto/perlasm/readme
 crypto/perlasm/x86masm.pl
 crypto/perlasm/x86nasm.pl
 crypto/pkcs12/Makefile
-crypto/pkcs12/Makefile.save
 crypto/pkcs7/Makefile
-crypto/pkcs7/Makefile.save
 crypto/pkcs7/bio_ber.c
 crypto/pkcs7/dec.c
 crypto/pkcs7/des.pem
@@ -314,21 +277,17 @@ crypto/pkcs7/verify.c
 crypto/ppccap.c
 crypto/ppccpuid.pl
 crypto/pqueue/Makefile
-crypto/pqueue/Makefile.save
 crypto/rand/Makefile
-crypto/rand/Makefile.save
 crypto/rand/rand_os2.c
 crypto/rand/rand_vms.c
 crypto/rand/rand_win.c
 crypto/rand/randtest.c
 crypto/rc2/Makefile
-crypto/rc2/Makefile.save
 crypto/rc2/rc2speed.c
 crypto/rc2/rc2test.c
 crypto/rc2/rrc2.doc
 crypto/rc2/tab.c
 crypto/rc4/Makefile
-crypto/rc4/Makefile.save
 crypto/rc4/asm/rc4-ia64.pl
 crypto/rc4/asm/rc4-parisc.pl
 crypto/rc4/asm/rc4-s390x.pl
@@ -339,19 +298,15 @@ crypto/rc4/rc4test.c
 crypto/rc4/rrc4.doc
 crypto/rc5/
 crypto/ripemd/Makefile
-crypto/ripemd/Makefile.save
 crypto/ripemd/asm/rips.cpp
 crypto/ripemd/rmd160.c
 crypto/ripemd/rmdtest.c
 crypto/rsa/Makefile
-crypto/rsa/Makefile.save
 crypto/rsa/rsa_test.c
 crypto/s390xcap.c
 crypto/s390xcpuid.S
 crypto/seed/Makefile
-crypto/seed/Makefile.save
 crypto/sha/Makefile
-crypto/sha/Makefile.save
 crypto/sha/asm/README
 crypto/sha/asm/sha1-alpha.pl
 crypto/sha/asm/sha1-armv4-large.pl
@@ -380,10 +335,8 @@ crypto/sha/shatest.c
 crypto/sparccpuid.S
 crypto/sparcv9cap.c
 crypto/srp/Makefile
-crypto/srp/Makefile.save
 crypto/srp/srptest.c
 crypto/stack/Makefile
-crypto/stack/Makefile.save
 crypto/store/
 crypto/threads/mttest.c
 crypto/threads/netware.bat
@@ -396,19 +349,13 @@ crypto/threads/purify.sh
 crypto/threads/solaris.sh
 crypto/threads/win32.bat
 crypto/ts/Makefile
-crypto/ts/Makefile.save
 crypto/txt_db/Makefile
-crypto/txt_db/Makefile.save
 crypto/ui/Makefile
-crypto/ui/Makefile.save
 crypto/vms_rms.h
 crypto/whrlpool/Makefile
-crypto/whrlpool/Makefile.save
 crypto/whrlpool/wp_test.c
 crypto/x509/Makefile
-crypto/x509/Makefile.save
 crypto/x509v3/Makefile
-crypto/x509v3/Makefile.save
 crypto/x509v3/tabtest.c
 crypto/x509v3/v3conf.c
 crypto/x509v3/v3prin.c
@@ -424,12 +371,10 @@ doc/openssl_button.html
 doc/ssleay.txt
 doc/standards.txt
 engines/Makefile
-engines/Makefile.save
 engines/alpha.opt
 engines/axp.opt
 engines/capierr.bat
 engines/ccgost/Makefile
-engines/ccgost/Makefile.save
 engines/ccgost/e_gost_err.proto
 engines/ccgost/gost.ec
 engines/e_4758cca.ec
@@ -457,7 +402,7 @@ os2/
 perl/
 shlib/
 ssl/Makefile
-ssl/Makefile.save
+ssl/heartbeat_test.c
 ssl/install-ssl.com
 ssl/ssl-lib.com
 ssl/ssl_task.c
index 719acc3..19ea3df 100644 (file)
@@ -331,6 +331,12 @@ bad:
         setup_engine(bio_err, engine, 0);
 #endif
 
+       if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
+               {
+               BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n");
+               goto end;
+               }
+
        if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
                {
                BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
index 83c5a76..767f12c 100644 (file)
@@ -127,6 +127,7 @@ int MAIN(int argc, char **argv)
        ENGINE *e = NULL;
        char **args;
        char *host = NULL, *port = NULL, *path = "/";
+       char *thost = NULL, *tport = NULL, *tpath = NULL;
        char *reqin = NULL, *respin = NULL;
        char *reqout = NULL, *respout = NULL;
        char *signfile = NULL, *keyfile = NULL;
@@ -204,6 +205,12 @@ int MAIN(int argc, char **argv)
                        }
                else if (!strcmp(*args, "-url"))
                        {
+                       if (thost)
+                               OPENSSL_free(thost);
+                       if (tport)
+                               OPENSSL_free(tport);
+                       if (tpath)
+                               OPENSSL_free(tpath);
                        if (args[1])
                                {
                                args++;
@@ -212,6 +219,9 @@ int MAIN(int argc, char **argv)
                                        BIO_printf(bio_err, "Error parsing URL\n");
                                        badarg = 1;
                                        }
+                               thost = host;
+                               tport = port;
+                               tpath = path;
                                }
                        else badarg = 1;
                        }
@@ -920,12 +930,12 @@ end:
        sk_X509_pop_free(verify_other, X509_free);
        sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
 
-       if (use_ssl != -1)
-               {
-               OPENSSL_free(host);
-               OPENSSL_free(port);
-               OPENSSL_free(path);
-               }
+       if (thost)
+               OPENSSL_free(thost);
+       if (tport)
+               OPENSSL_free(tport);
+       if (tpath)
+               OPENSSL_free(tpath);
 
        OPENSSL_EXIT(ret);
 }
index 5e034a8..d41385d 100644 (file)
@@ -1489,7 +1489,13 @@ start:
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(buf, buf, i);
 #endif
-       if(!req_check_len(i, n_min, n_max)) goto start;
+       if(!req_check_len(i, n_min, n_max))
+               {
+               if (batch || value)
+                       return 0;
+               goto start;
+               }
+
        if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
                                (unsigned char *) buf, -1,-1,mval)) goto err;
        ret=1;
@@ -1548,7 +1554,12 @@ start:
 #ifdef CHARSET_EBCDIC
        ebcdic2ascii(buf, buf, i);
 #endif
-       if(!req_check_len(i, n_min, n_max)) goto start;
+       if(!req_check_len(i, n_min, n_max))
+               {
+               if (batch || value)
+                       return 0;
+               goto start;
+               }
 
        if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
                                        (unsigned char *)buf, -1)) {
index 84c3b44..146a960 100644 (file)
@@ -747,6 +747,10 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
                break;
 #endif
 
+               case TLSEXT_TYPE_padding:
+               extname = "TLS padding";
+               break;
+
                default:
                extname = "unknown";
                break;
index 380efdb..94eb40f 100644 (file)
@@ -274,7 +274,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
                {
                i=0;
                i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-               if (i < 0) { perror("keepalive"); return(0); }
+               if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
                }
 #endif
 
@@ -450,6 +450,7 @@ redoit:
                if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
                        {
                        perror("OPENSSL_malloc");
+                       closesocket(ret);
                        return(0);
                        }
                BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
@@ -458,11 +459,13 @@ redoit:
                if (h2 == NULL)
                        {
                        BIO_printf(bio_err,"gethostbyname failure\n");
+                       closesocket(ret);
                        return(0);
                        }
                if (h2->h_addrtype != AF_INET)
                        {
                        BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
+                       closesocket(ret);
                        return(0);
                        }
                }
index c583f8a..d1fe32d 100644 (file)
@@ -541,8 +541,8 @@ int MAIN(int argc, char **argv)
                {
                if (!cipher)
                        {
-#ifndef OPENSSL_NO_RC2                 
-                       cipher = EVP_rc2_40_cbc();
+#ifndef OPENSSL_NO_DES                 
+                       cipher = EVP_des_ede3_cbc();
 #else
                        BIO_printf(bio_err, "No cipher selected\n");
                        goto end;
index 2fc48c1..2afd5a4 100644 (file)
@@ -74,7 +74,7 @@ static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
  * certain software (e.g. Netscape) has problems with them.
  */
 
-static unsigned long global_mask = 0xFFFFFFFFL;
+static unsigned long global_mask = B_ASN1_UTF8STRING;
 
 void ASN1_STRING_set_default_mask(unsigned long mask)
 {
index 54c012c..d9967e7 100644 (file)
@@ -1333,7 +1333,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
        bio_dgram_sctp_data *data = NULL;
        socklen_t sockopt_len = 0;
        struct sctp_authkeyid authkeyid;
-       struct sctp_authkey *authkey;
+       struct sctp_authkey *authkey = NULL;
 
        data = (bio_dgram_sctp_data *)b->ptr;
 
@@ -1388,6 +1388,11 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
                /* Add new key */
                sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
                authkey = OPENSSL_malloc(sockopt_len);
+               if (authkey == NULL)
+                       {
+                       ret = -1;
+                       break;
+                       }
                memset(authkey, 0x00, sockopt_len);
                authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
 #ifndef __FreeBSD__
@@ -1399,6 +1404,8 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
                memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
 
                ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, sockopt_len);
+               OPENSSL_free(authkey);
+               authkey = NULL;
                if (ret < 0) break;
 
                /* Reset active key */
old mode 100755 (executable)
new mode 100644 (file)
index 427b5cf..ee8532c 100644 (file)
@@ -478,32 +478,38 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
                                        const BIGNUM *mod, BN_CTX *ctx)
        {
-       int got_write_lock = 0;
        BN_MONT_CTX *ret;
 
        CRYPTO_r_lock(lock);
-       if (!*pmont)
+       ret = *pmont;
+       CRYPTO_r_unlock(lock);
+       if (ret)
+               return ret;
+
+       /* We don't want to serialise globally while doing our lazy-init math in
+        * BN_MONT_CTX_set. That punishes threads that are doing independent
+        * things. Instead, punish the case where more than one thread tries to
+        * lazy-init the same 'pmont', by having each do the lazy-init math work
+        * independently and only use the one from the thread that wins the race
+        * (the losers throw away the work they've done). */
+       ret = BN_MONT_CTX_new();
+       if (!ret)
+               return NULL;
+       if (!BN_MONT_CTX_set(ret, mod, ctx))
                {
-               CRYPTO_r_unlock(lock);
-               CRYPTO_w_lock(lock);
-               got_write_lock = 1;
+               BN_MONT_CTX_free(ret);
+               return NULL;
+               }
 
-               if (!*pmont)
-                       {
-                       ret = BN_MONT_CTX_new();
-                       if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
-                               BN_MONT_CTX_free(ret);
-                       else
-                               *pmont = ret;
-                       }
+       /* The locked compare-and-set, after the local work is done. */
+       CRYPTO_w_lock(lock);
+       if (*pmont)
+               {
+               BN_MONT_CTX_free(ret);
+               ret = *pmont;
                }
-       
-       ret = *pmont;
-       
-       if (got_write_lock)
-               CRYPTO_w_unlock(lock);
        else
-               CRYPTO_r_unlock(lock);
-               
+               *pmont = ret;
+       CRYPTO_w_unlock(lock);
        return ret;
        }
index be20b1c..add00bf 100644 (file)
@@ -185,6 +185,8 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
        if (flags & CMS_USE_KEYID)
                {
                ktri->version = 2;
+               if (env->version < 2)
+                       env->version = 2;
                type = CMS_RECIPINFO_KEYIDENTIFIER;
                }
        else
index 77fbd13..51dd33a 100644 (file)
@@ -158,8 +158,8 @@ static void cms_sd_set_version(CMS_SignedData *sd)
                        if (sd->version < 3)
                                sd->version = 3;
                        }
-               else
-                       sd->version = 1;
+               else if (si->version < 1)
+                       si->version = 1;
                }
 
        if (sd->version < 1)
index 8c56e3a..1af9f3a 100644 (file)
@@ -611,7 +611,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
        STACK_OF(CMS_RecipientInfo) *ris;
        CMS_RecipientInfo *ri;
        int i, r;
-       int debug = 0;
+       int debug = 0, ri_match = 0;
        ris = CMS_get0_RecipientInfos(cms);
        if (ris)
                debug = cms->d.envelopedData->encryptedContentInfo->debug;
@@ -620,6 +620,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
                ri = sk_CMS_RecipientInfo_value(ris, i);
                if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
                                continue;
+               ri_match = 1;
                /* If we have a cert try matching RecipientInfo
                 * otherwise try them all.
                 */
@@ -655,7 +656,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
                        }
                }
        /* If no cert and not debugging always return success */
-       if (!cert && !debug)
+       if (ri_match && !cert && !debug)
                {
                ERR_clear_error();
                return 1;
index 2b2c372..1fb9821 100644 (file)
@@ -178,7 +178,7 @@ typedef struct _ossl_old_des_ks_struct
 #if 0
 #define des_crypt(b,s)\
        DES_crypt((b),(s))
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) && !defined(__DragonFly__)
 #define crypt(b,s)\
        DES_crypt((b),(s))
 #endif
index 5f22548..4a56aac 100644 (file)
@@ -464,7 +464,7 @@ static int dlfcn_pathbyaddr(void *addr,char *path,int sz)
                return len;
                }
 
-       ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
+       ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror());
 #endif
        return -1;
        }
index 0ce4524..f715a23 100644 (file)
@@ -352,6 +352,7 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
                EC_KEY_set_enc_flags(ec_key, old_flags);
                OPENSSL_free(ep);
                ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+               return 0;
        }
        /* restore old encoding flags */
        EC_KEY_set_enc_flags(ec_key, old_flags);
index 145807b..e94f34e 100644 (file)
@@ -1435,8 +1435,11 @@ int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
                                *out, buf_len, NULL))
                {
                ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
-               OPENSSL_free(*out);
-               *out = NULL;
+               if (new_buffer)
+                       {
+                       OPENSSL_free(*out);
+                       *out = NULL;
+                       }
                return 0;
                }
        if (!new_buffer)
index da7967d..b0d48b6 100644 (file)
@@ -404,7 +404,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
 int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
 
-#ifndef OPENSSL_EC_NISTP_64_GCC_128
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
 /* method functions in ecp_nistp224.c */
 int ec_GFp_nistp224_group_init(EC_GROUP *group);
 int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
index de9a0cc..e2c4741 100644 (file)
@@ -942,7 +942,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *
 
 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
        {
-       if (group->meth->dbl == 0)
+       if (group->meth->invert == 0)
                {
                ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
index 5a715ac..0d12654 100644 (file)
@@ -32,9 +32,9 @@
 #include <openssl/bn.h>
 
 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
-       (defined(OpenBSD) || defined(__FreeBSD__))
+       (defined(OpenBSD) || defined(__FreeBSD__) || defined(__DragonFly__))
 #include <sys/param.h>
-# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
+# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) || (__DragonFly_version >= 200500)
 #  define HAVE_CRYPTODEV
 # endif
 # if (OpenBSD >= 200110)
index ac6d441..16863fe 100644 (file)
@@ -226,6 +226,7 @@ static int b64_read(BIO *b, char *out, int outl)
                else if (ctx->start)
                        {
                        q=p=(unsigned char *)ctx->tmp;
+                       num = 0;
                        for (j=0; j<i; j++)
                                {
                                if (*(q++) != '\n') continue;
index 28546a8..4654bdc 100644 (file)
@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                                v=EVP_DecodeBlock(out,d,n);
                                n=0;
                                if (v < 0) { rv=0; goto end; }
+                               if (eof > v) { rv=-1; goto end; }
                                ret+=(v-eof);
                                }
                        else
index ebe7180..c3b6ace 100644 (file)
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER 0x1000107fL
+#define OPENSSL_VERSION_NUMBER 0x1000108fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1g-fips 7 Apr 2014"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1h-fips 5 Jun 2014"
 #else
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1g 7 Apr 2014"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1h 5 Jun 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT  " part of " OPENSSL_VERSION_TEXT
 
index a34915d..35e8a4a 100644 (file)
@@ -96,7 +96,11 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
                else
 #endif
+#ifdef OPENSSL_NO_RC2
+               nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
                nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
                }
        if (!nid_key)
                nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
@@ -286,7 +290,11 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
                free_safes = 0;
 
        if (nid_safe == 0)
+#ifdef OPENSSL_NO_RC2
+               nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
                nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
 
        if (nid_safe == -1)
                p7 = PKCS12_pack_p7data(bags);
index 206b1b0..c9b7ab6 100644 (file)
@@ -269,7 +269,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
                        int len, r;
                        unsigned char *data;
                        len = ASN1_STRING_to_UTF8(&data, fname);
-                       if(len > 0) {
+                       if(len >= 0) {
                                r = X509_alias_set1(x509, data, len);
                                OPENSSL_free(data);
                                if (!r)
index 77fda3b..d91aa11 100644 (file)
@@ -440,6 +440,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                {
        case NID_pkcs7_signed:
                data_body=PKCS7_get_octet_string(p7->d.sign->contents);
+               if (!PKCS7_is_detached(p7) && data_body == NULL)
+                       {
+                       PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_INVALID_SIGNED_DATA_TYPE);
+                       goto err;
+                       }
                md_sk=p7->d.sign->md_algs;
                break;
        case NID_pkcs7_signedAndEnveloped:
@@ -928,6 +933,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
        if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
                goto err;
        OPENSSL_free(abuf);
+       abuf = NULL;
        if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
                goto err;
        abuf = OPENSSL_malloc(siglen);
index e4d4431..04f6037 100644 (file)
@@ -453,6 +453,7 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_ERROR_SETTING_CIPHER                    121
 #define PKCS7_R_INVALID_MIME_TYPE                       131
 #define PKCS7_R_INVALID_NULL_POINTER                    143
+#define PKCS7_R_INVALID_SIGNED_DATA_TYPE                155
 #define PKCS7_R_MIME_NO_CONTENT_TYPE                    132
 #define PKCS7_R_MIME_PARSE_ERROR                        133
 #define PKCS7_R_MIME_SIG_PARSE_ERROR                    134
index d0af32a..f3db08e 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/pkcs7/pkcs7err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -130,6 +130,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
 {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   ,"invalid mime type"},
 {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
+{ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE),"invalid signed data type"},
 {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
 {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR)    ,"mime parse error"},
 {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
index 5a2062f..4c8ecd9 100644 (file)
@@ -358,7 +358,7 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
                if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
                        goto err;
                }
-       else if (BIO_puts(bp, "0x14 (default)") <= 0)
+       else if (BIO_puts(bp, "14 (default)") <= 0)
                goto err;
        BIO_puts(bp, "\n");
 
index 4a3d13e..fdca19f 100644 (file)
@@ -93,6 +93,9 @@ static int t_fromb64(unsigned char *a, const char *src)
                else a[i] = loc - b64table;
                ++i;
                }
+       /* if nothing valid to process we have a zero length response */
+       if (i == 0)
+               return 0;
        size = i;
        i = size - 1;
        j = size;
index afe16af..b7d170a 100644 (file)
@@ -629,6 +629,7 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
        X509_ALGOR_free(*md_alg);
        OPENSSL_free(*imprint);
        *imprint_len = 0;
+       *imprint = NULL;
        return 0;
        }
 
index b1fd52b..1694a8a 100644 (file)
@@ -56,7 +56,7 @@
 #include <openssl/crypto.h>
 #include <openssl/opensslconf.h>
 
-#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
+#if defined(__OpenBSD__) || defined(__DragonFly__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
 
 #include OPENSSL_UNISTD
 
index ad68865..f59bfc1 100644 (file)
@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x)
        /* Handle proxy certificates */
        if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
                if (x->ex_flags & EXFLAG_CA
-                   || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
-                   || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
+                   || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
+                   || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
                        x->ex_flags |= EXFLAG_INVALID;
                }
                if (pci->pcPathLengthConstraint) {
@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
                return 0;
 
        /* Extended Key Usage MUST be critical */
-       i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0);
+       i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
        if (i_ext >= 0)
                {
                X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
index a09588a..a76b3e0 100644 (file)
@@ -90,6 +90,11 @@ decrypt mail using the supplied certificate and private key. Expects an
 encrypted mail message in MIME format for the input file. The decrypted mail
 is written to the output file.
 
+=item B<-debug_decrypt>
+
+this option sets the B<CMS_DEBUG_DECRYPT> flag. This option should be used
+with caution: see the notes section below.
+
 =item B<-sign>
 
 sign mail using the supplied certificate and private key. Input file is
@@ -446,32 +451,42 @@ Streaming is always used for the B<-sign> operation with detached data but
 since the content is no longer part of the CMS structure the encoding
 remains DER.
 
+If the B<-decrypt> option is used without a recipient certificate then an
+attempt is made to locate the recipient by trying each potential recipient
+in turn using the supplied private key. To thwart the MMA attack
+(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are
+tried whether they succeed or not and if no recipients match the message
+is "decrypted" using a random key which will typically output garbage. 
+The B<-debug_decrypt> option can be used to disable the MMA attack protection
+and return an error if no recipient can be found: this option should be used
+with caution. For a fuller description see L<CMS_decrypt(3)|CMS_decrypt(3)>).
+
 =head1 EXIT CODES
 
 =over 4
 
-=item 0
+=item Z<>0
 
 the operation was completely successfully.
 
-=item 
+=item Z<>1
 
 an error occurred parsing the command options.
 
-=item 2
+=item Z<>2
 
 one of the input files could not be read.
 
-=item 3
+=item Z<>3
 
 an error occurred creating the CMS file or when reading the MIME
 message.
 
-=item 4
+=item Z<>4
 
 an error occurred decrypting or verifying the message.
 
-=item 5
+=item Z<>5
 
 the message was verified correctly but an error occurred writing out
 the signers certificates.
index 3dee4ed..41791ad 100644 (file)
@@ -215,6 +215,10 @@ unsupported options (for example B<openssl enc -help>) includes a
 list of ciphers, supported by your versesion of OpenSSL, including
 ones provided by configured engines.
 
+The B<enc> program does not support authenticated encryption modes
+like CCM and GCM. The utility does not store or retrieve the
+authentication tag.
+
 
  base64             Base 64
 
index 6758ba3..f9b9ca5 100644 (file)
@@ -44,6 +44,7 @@ B<openssl> B<s_server>
 [B<-no_ssl3>]
 [B<-no_tls1>]
 [B<-no_dhe>]
+[B<-no_ecdhe>]
 [B<-bugs>]
 [B<-hack>]
 [B<-www>]
@@ -131,6 +132,11 @@ a static set of parameters hard coded into the s_server program will be used.
 if this option is set then no DH parameters will be loaded effectively
 disabling the ephemeral DH cipher suites.
 
+=item B<-no_ecdhe>
+
+if this option is set then no ECDH parameters will be loaded effectively
+disabling the ephemeral ECDH cipher suites.
+
 =item B<-no_tmp_rsa>
 
 certain export cipher suites sometimes use a temporary RSA key, this option
index e4e89af..d39a59a 100644 (file)
@@ -159,7 +159,7 @@ EVP_get_cipherbyname() function) can also be used preceded by a dash, for
 example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for list of ciphers
 supported by your version of OpenSSL.
 
-If not specified 40 bit RC2 is used. Only used with B<-encrypt>.
+If not specified triple DES is used. Only used with B<-encrypt>.
 
 =item B<-nointern>
 
@@ -308,28 +308,28 @@ remains DER.
 
 =over 4
 
-=item 0
+=item Z<>0
 
 the operation was completely successfully.
 
-=item 
+=item Z<>1
 
 an error occurred parsing the command options.
 
-=item 2
+=item Z<>2
 
 one of the input files could not be read.
 
-=item 3
+=item Z<>3
 
 an error occurred creating the PKCS#7 file or when reading the MIME
 message.
 
-=item 4
+=item Z<>4
 
 an error occurred decrypting or verifying the message.
 
-=item 5
+=item Z<>5
 
 the message was verified correctly but an error occurred writing out
 the signers certificates.
index da68300..f35d402 100644 (file)
@@ -25,6 +25,7 @@ B<openssl> B<verify>
 [B<-untrusted file>]
 [B<-help>]
 [B<-issuer_checks>]
+[B<-attime timestamp>]
 [B<-verbose>]
 [B<->]
 [certificates]
@@ -80,6 +81,12 @@ rejected. The presence of rejection messages does not itself imply that
 anything is wrong; during the normal verification process, several
 rejections may take place.
 
+=item B<-attime timestamp>
+
+Perform validation checks using time specified by B<timestamp> and not
+current system time. B<timestamp> is the number of seconds since
+01.01.1970 (UNIX time).
+
 =item B<-policy arg>
 
 Enable policy processing and add B<arg> to the user-initial-policy-set (see
@@ -386,7 +393,7 @@ an application specific error. Unused.
 
 =head1 BUGS
 
-Although the issuer checks are a considerably improvement over the old technique they still
+Although the issuer checks are a considerable improvement over the old technique they still
 suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
 trusted certificates with matching subject name must either appear in a file (as specified by the
 B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
index e00324c..58f543b 100644 (file)
@@ -13,6 +13,7 @@ B<openssl version>
 [B<-o>]
 [B<-f>]
 [B<-p>]
+[B<-d>]
 
 =head1 DESCRIPTION
 
@@ -38,7 +39,7 @@ the date the current version of OpenSSL was built.
 
 option information: various options set when the library was built.
 
-=item B<-c>
+=item B<-f>
 
 compilation flags.
 
index 0450067..13ff85b 100644 (file)
@@ -301,7 +301,7 @@ Example:
  O=Organisation
  CN=Some Name
 
+
 =head2 Certificate Policies.
 
 This is a I<raw> extension. All the fields of this extension can be set by
@@ -390,7 +390,7 @@ Examples:
  nameConstraints=permitted;email:.somedomain.com
 
  nameConstraints=excluded;email:.com
-issuingDistributionPoint = idp_section
+
 
 =head2 OCSP No Check
 
index d857e4f..3fa9212 100644 (file)
@@ -27,7 +27,21 @@ function or errors about unknown algorithms will occur.
 
 Although the recipients certificate is not needed to decrypt the data it is
 needed to locate the appropriate (of possible several) recipients in the CMS
-structure. If B<cert> is set to NULL all possible recipients are tried.
+structure.
+
+If B<cert> is set to NULL all possible recipients are tried. This case however
+is problematic. To thwart the MMA attack (Bleichenbacher's attack on
+PKCS #1 v1.5 RSA padding) all recipients are tried whether they succeed or
+not. If no recipient succeeds then a random symmetric key is used to decrypt
+the content: this will typically output garbage and may (but is not guaranteed
+to) ultimately return a padding error only. If CMS_decrypt() just returned an
+error when all recipient encrypted keys failed to decrypt an attacker could
+use this in a timing attack. If the special flag B<CMS_DEBUG_DECRYPT> is set
+then the above behaviour is modified and an error B<is> returned if no
+recipient encrypted key can be decrypted B<without> generating a random
+content encryption key. Applications should use this flag with
+B<extreme caution> especially in automated gateways as it can leave them
+open to attack.
 
 It is possible to determine the correct recipient key by other means (for
 example looking them up in a database) and setting them in the CMS structure
index 87bc7b7..347020c 100644 (file)
@@ -37,7 +37,7 @@ None of the functions return a value.
 =head1 SEE ALSO
 
 L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
-L<CONF_modules_load_file(3)CONF_modules_load_file(3)>
+L<CONF_modules_load_file(3)|CONF_modules_load_file(3)>
 
 =head1 HISTORY
 
index 9965d69..0c4d926 100644 (file)
@@ -51,7 +51,7 @@ return value of the failing module (this will always be zero or negative).
 =head1 SEE ALSO
 
 L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
-L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)>
+L<CONF_free(3)|CONF_free(3)>, L<err(3)|err(3)>
 
 =head1 HISTORY
 
index e7bba2a..888de88 100644 (file)
@@ -73,7 +73,7 @@ Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
 =head1 SEE ALSO
 
 L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>,
-L<CONF_modules_free(3),CONF_modules_free(3)>
+L<CONF_modules_free(3)|CONF_modules_free(3)>
 
 =head1 HISTORY
 
index 41902c0..4716e7e 100644 (file)
@@ -65,7 +65,7 @@ set first so the relevant field information can be looked up internally.
 =head1 SEE ALSO
 
 L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
-L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
+L<OBJ_nid2obj(3)|OBJ_nid2obj(3)>
 
 =head1 HISTORY
 
index 8d6b9dd..8a9243d 100644 (file)
@@ -15,7 +15,7 @@ X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_
 
  int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg);
 
char *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx);
void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx);
 
 =head1 DESCRIPTION
 
index 42fa66b..f4d191c 100644 (file)
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The operation succeeded.
 
-=item 1
+=item Z<>1
 
 The operation failed. Check the error queue to find out the reason.
 
index 82676b2..8e0abd3 100644 (file)
@@ -52,13 +52,13 @@ The following values are returned by all functions:
 
 =over 4
 
-=item 0
+=item Z<>0
 
  The operation failed. In case of the add operation, it was tried to add
  the same (identical) session twice. In case of the remove operation, the
  session was not found in the cache.
 
-=item 1
+=item Z<>1
  
  The operation succeeded.
 
index 84a799f..d1d8977 100644 (file)
@@ -100,13 +100,13 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The operation failed because B<CAfile> and B<CApath> are NULL or the
 processing at one of the locations specified failed. Check the error
 stack to find out the reason.
 
-=item 1
+=item Z<>1
 
 The operation succeeded.
 
index 5e66133..5e97392 100644 (file)
@@ -66,13 +66,13 @@ values:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 A failure while manipulating the STACK_OF(X509_NAME) object occurred or
 the X509_NAME could not be extracted from B<cacert>. Check the error stack
 to find out the reason.
 
-=item 1
+=item Z<>1
 
 The operation succeeded.
 
index 0015e6e..8b82d94 100644 (file)
@@ -11,8 +11,8 @@ SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SS
  void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
  void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
 
- void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
- void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
 
 =head1 DESCRIPTION
 
index fded060..d886692 100644 (file)
@@ -112,6 +112,12 @@ vulnerability affecting CBC ciphers, which cannot be handled by some
 broken SSL implementations.  This option has no effect for connections
 using other ciphers.
 
+=item SSL_OP_TLSEXT_PADDING
+
+Adds a padding extension to ensure the ClientHello size is never between
+256 and 511 bytes in length. This is needed as a workaround for some
+implementations.
+
 =item SSL_OP_ALL
 
 All of the above bug workarounds.
index 58fc685..7c9e515 100644 (file)
@@ -64,13 +64,13 @@ return the following values:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
 the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
 is logged to the error stack.
 
-=item 1
+=item Z<>1
 
 The operation succeeded.
 
index 254f2b4..e254f96 100644 (file)
@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The new choice failed, check the error stack to find out the reason.
 
-=item 1
+=item Z<>1
 
 The operation succeeded.
 
index 7e60df5..9da7201 100644 (file)
@@ -96,7 +96,7 @@ data to B<psk> and return the length of the random data, so the
 connection will fail with decryption_error before it will be finished
 completely.
 
-=item 0
+=item Z<>0
 
 PSK identity was not found. An "unknown_psk_identity" alert message
 will be sent and the connection setup fails.
index b1c34d1..2239444 100644 (file)
@@ -44,13 +44,13 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
-=item 1
+=item Z<>1
 
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
index d4df1bf..ba192bd 100644 (file)
@@ -56,12 +56,12 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The SSL_clear() operation could not be performed. Check the error stack to
 find out the reason.
 
-=item 1
+=item Z<>1
 
 The SSL_clear() operation was successful.
 
index 946ca89..68e2b82 100644 (file)
@@ -41,13 +41,13 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
-=item 1
+=item Z<>1
 
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
index 7f8cf24..b35ddf5 100644 (file)
@@ -45,13 +45,13 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
-=item 1
+=item Z<>1
 
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
index 49fb88f..059376c 100644 (file)
@@ -8,11 +8,11 @@ SSL_get_peer_cert_chain - get the X509 certificate chain of the peer
 
  #include <openssl/ssl.h>
 
- STACKOF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
+ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
 
 =head1 DESCRIPTION
 
-SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates
+SSL_get_peer_cert_chain() returns a pointer to STACK_OF(X509) certificates
 forming the certificate chain of the peer. If called on the client side,
 the stack also contains the peer's certificate; if called on the server
 side, the peer's certificate must be obtained separately using
@@ -24,7 +24,7 @@ If the peer did not present a certificate, NULL is returned.
 The peer certificate chain is not necessarily available after reusing
 a session, in which case a NULL pointer is returned.
 
-The reference count of the STACKOF(X509) object is not incremented.
+The reference count of the STACK_OF(X509) object is not incremented.
 If the corresponding session is freed, the pointer must not be used
 any longer.
 
@@ -39,7 +39,7 @@ The following return values can occur:
 No certificate was presented by the peer or no connection was established
 or the certificate chain is no longer available when a session is reused.
 
-=item Pointer to a STACKOF(X509)
+=item Pointer to a STACK_OF(X509)
 
 The return value points to the certificate chain presented by the peer.
 
index 7038cd2..8ca0ce5 100644 (file)
@@ -86,7 +86,7 @@ The following return values can occur:
 The read operation was successful; the return value is the number of
 bytes actually read from the TLS/SSL connection.
 
-=item 0
+=item Z<>0
 
 The read operation was not successful. The reason may either be a clean
 shutdown due to a "close notify" alert sent by the peer (in which case
index da7d062..b09d8a7 100644 (file)
@@ -27,11 +27,11 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 A new session was negotiated.
 
-=item 1
+=item Z<>1
 
 A session was reused.
 
index 7029112..1480871 100644 (file)
@@ -35,11 +35,11 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The operation failed. Check the error stack to find out why.
 
-=item 1
+=item Z<>1
 
 The operation succeeded.
 
index 5f54714..197b521 100644 (file)
@@ -37,11 +37,11 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The operation failed; check the error stack to find out the reason.
 
-=item 1
+=item Z<>1
 
 The operation succeeded.
 
index 42a89b7..85d4a64 100644 (file)
@@ -92,14 +92,14 @@ The following return values can occur:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 The shutdown is not yet finished. Call SSL_shutdown() for a second time,
 if a bidirectional shutdown shall be performed.
 The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
 erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
 
-=item 1
+=item Z<>1
 
 The shutdown was successfully completed. The "close notify" alert was sent
 and the peer's "close notify" alert was received.
index e013c12..a57617f 100644 (file)
@@ -79,7 +79,7 @@ The following return values can occur:
 The write operation was successful, the return value is the number of
 bytes actually written to the TLS/SSL connection.
 
-=item 0
+=item Z<>0
 
 The write operation was not successful. Probably the underlying connection
 was closed. Call SSL_get_error() with the return value B<ret> to find out,
index 2cde1fc..8b9230b 100644 (file)
@@ -269,7 +269,7 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op,
                case ASN1_PKEY_CTRL_CMS_ENVELOPE:
                        if (arg1 == 0)
                                {
-                               X509_ALGOR *alg;
+                               X509_ALGOR *alg = NULL;
                                ASN1_STRING * params = encode_gost_algor_params(pkey);
                                if (!params) 
                                        {
index 2e8cf68..04aa231 100644 (file)
@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
                frag->msg_header.frag_off = 0;
                }
        else
+               {
                frag = (hm_fragment*) item->data;
+               if (frag->msg_header.msg_len != msg_hdr->msg_len)
+                       {
+                       item = NULL;
+                       frag = NULL;
+                       goto err;
+                       }
+               }
+
 
        /* If message is already reassembled, this must be a
         * retransmit and can be dropped.
@@ -674,8 +683,8 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
                item = pitem_new(seq64be, frag);
                if (item == NULL)
                        {
-                       goto err;
                        i = -1;
+                       goto err;
                        }
 
                pqueue_insert(s->d1->buffered_messages, item);
@@ -784,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
        int i,al;
        struct hm_header_st msg_hdr;
 
+       redo:
        /* see if we have the required fragment already */
        if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
                {
@@ -842,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
                                        s->msg_callback_arg);
                        
                        s->init_num = 0;
-                       return dtls1_get_message_fragment(s, st1, stn,
-                               max, ok);
+                       goto redo;
                        }
                else /* Incorrectly formated Hello request */
                        {
index 106939f..6bde16f 100644 (file)
@@ -176,9 +176,12 @@ static void dtls1_clear_queues(SSL *s)
 
        while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
                {
-               frag = (hm_fragment *)item->data;
-               OPENSSL_free(frag->fragment);
-               OPENSSL_free(frag);
+               rdata = (DTLS1_RECORD_DATA *) item->data;
+               if (rdata->rbuf.buf)
+                       {
+                       OPENSSL_free(rdata->rbuf.buf);
+                       }
+               OPENSSL_free(item->data);
                pitem_free(item);
                }
        }
index 8186462..438c091 100644 (file)
@@ -239,14 +239,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        }
 #endif
 
-       /* insert should not fail, since duplicates are dropped */
-       if (pqueue_insert(queue->q, item) == NULL)
-               {
-               OPENSSL_free(rdata);
-               pitem_free(item);
-               return(0);
-               }
-
        s->packet = NULL;
        s->packet_length = 0;
        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
@@ -259,7 +251,16 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
                pitem_free(item);
                return(0);
                }
-       
+
+       /* insert should not fail, since duplicates are dropped */
+       if (pqueue_insert(queue->q, item) == NULL)
+               {
+               SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+               OPENSSL_free(rdata);
+               pitem_free(item);
+               return(0);
+               }
+
        return(1);
        }
 
index 9975e20..1384ab0 100644 (file)
@@ -1356,6 +1356,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                            (unsigned char *)encodedPoint, 
                            encodedlen);
                        OPENSSL_free(encodedPoint);
+                       encodedPoint = NULL;
                        p += encodedlen;
                        }
 #endif
index a6b3c01..0457af8 100644 (file)
@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s)
                case SSL3_ST_CR_FINISHED_A:
                case SSL3_ST_CR_FINISHED_B:
 
+                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
                        ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
                                SSL3_ST_CR_FINISHED_B);
                        if (ret <= 0) goto end;
@@ -915,6 +916,7 @@ int ssl3_get_server_hello(SSL *s)
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
                goto f_err;
                }
+           s->s3->flags |= SSL3_FLAGS_CCS_OK;
            s->hit=1;
            }
        else    /* a miss or crap from the other end */
@@ -2510,6 +2512,13 @@ int ssl3_send_client_key_exchange(SSL *s)
                        int ecdh_clnt_cert = 0;
                        int field_size = 0;
 
+                       if (s->session->sess_cert == NULL) 
+                               {
+                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+                               goto err;
+                               }
+
                        /* Did we send out the client's
                         * ECDH share for use in premaster
                         * computation as part of client certificate?
index 96ba632..59011e3 100644 (file)
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include <errno.h>
 #define USE_SOCKETS
 #include "ssl_locl.h"
@@ -580,10 +581,11 @@ int ssl3_do_compress(SSL *ssl)
 int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
        {
        const unsigned char *buf=buf_;
-       unsigned int tot,n,nw;
-       int i;
+       unsigned int n,nw;
+       int i,tot;
 
        s->rwstate=SSL_NOTHING;
+       OPENSSL_assert(s->s3->wnum <= INT_MAX);
        tot=s->s3->wnum;
        s->s3->wnum=0;
 
@@ -598,6 +600,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                        }
                }
 
+       /* ensure that if we end up with a smaller value of data to write 
+        * out than the the original len from a write which didn't complete 
+        * for non-blocking I/O and also somehow ended up avoiding 
+        * the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as
+        * it must never be possible to end up with (len-tot) as a large
+        * number that will then promptly send beyond the end of the users
+        * buffer ... so we trap and report the error in a way the user
+        * will notice
+        */
+       if (len < tot)
+               {
+               SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
+               return(-1);
+               }
+
+
        n=(len-tot);
        for (;;)
                {
@@ -641,9 +659,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        SSL3_BUFFER *wb=&(s->s3->wbuf);
        SSL_SESSION *sess;
 
-       if (wb->buf == NULL)
-               if (!ssl3_setup_write_buffer(s))
-                       return -1;
 
        /* first check if there is a SSL3_BUFFER still being written
         * out.  This will happen with non blocking IO */
@@ -659,6 +674,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                /* if it went, fall through and send more stuff */
                }
 
+       if (wb->buf == NULL)
+               if (!ssl3_setup_write_buffer(s))
+                       return -1;
+
        if (len == 0 && !create_empty_fragment)
                return 0;
 
@@ -1055,7 +1074,7 @@ start:
                                {
                                s->rstate=SSL_ST_READ_HEADER;
                                rr->off=0;
-                               if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+                               if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
                                        ssl3_release_read_buffer(s);
                                }
                        }
@@ -1297,6 +1316,15 @@ start:
                        goto f_err;
                        }
 
+               if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
+                       {
+                       al=SSL_AD_UNEXPECTED_MESSAGE;
+                       SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
+                       goto f_err;
+                       }
+
+               s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+
                rr->length=0;
 
                if (s->msg_callback)
@@ -1431,7 +1459,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
 
        if (s->s3->tmp.key_block == NULL)
                {
-               if (s->session == NULL
+               if (s->session == NULL || s->session->master_key_length == 0)
                        {
                        /* might happen if dtls1_read_bytes() calls this */
                        SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
index 9ac19c0..503bed3 100644 (file)
@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SR_CERT_VRFY_A:
                case SSL3_ST_SR_CERT_VRFY_B:
 
+                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
                        /* we should decide if we expected this one */
                        ret=ssl3_get_cert_verify(s);
                        if (ret <= 0) goto end;
@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s)
 
                case SSL3_ST_SR_FINISHED_A:
                case SSL3_ST_SR_FINISHED_B:
+                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
                                SSL3_ST_SR_FINISHED_B);
                        if (ret <= 0) goto end;
@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s)
                                s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
 #else
                                if (s->s3->next_proto_neg_seen)
+                                       {
+                                       s->s3->flags |= SSL3_FLAGS_CCS_OK;
                                        s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
+                                       }
                                else
                                        s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
 #endif
@@ -2097,6 +2102,11 @@ int ssl3_send_certificate_request(SSL *s)
                s->init_num=n+4;
                s->init_off=0;
 #ifdef NETSCAPE_HANG_BUG
+               if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
+                       {
+                       SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+                       goto err;
+                       }
                p=(unsigned char *)s->init_buf->data + s->init_num;
 
                /* do the header */
@@ -2813,6 +2823,8 @@ int ssl3_get_client_key_exchange(SSL *s)
                        unsigned char premaster_secret[32], *start;
                        size_t outlen=32, inlen;
                        unsigned long alg_a;
+                       int Ttag, Tclass;
+                       long Tlen;
 
                        /* Get our certificate private key*/
                        alg_a = s->s3->tmp.new_cipher->algorithm_auth;
@@ -2834,26 +2846,15 @@ int ssl3_get_client_key_exchange(SSL *s)
                                        ERR_clear_error();
                                }
                        /* Decrypt session key */
-                       if ((*p!=( V_ASN1_SEQUENCE| V_ASN1_CONSTRUCTED))) 
-                               {
-                               SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-                               goto gerr;
-                               }
-                       if (p[1] == 0x81)
-                               {
-                               start = p+3;
-                               inlen = p[2];
-                               }
-                       else if (p[1] < 0x80)
-                               {
-                               start = p+2;
-                               inlen = p[1];
-                               }
-                       else
+                       if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, &Tclass, n) != V_ASN1_CONSTRUCTED || 
+                               Ttag != V_ASN1_SEQUENCE ||
+                               Tclass != V_ASN1_UNIVERSAL) 
                                {
                                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
                                goto gerr;
                                }
+                       start = p;
+                       inlen = Tlen;
                        if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) 
 
                                {
index c0cf33e..ae364d0 100644 (file)
@@ -132,7 +132,6 @@ extern "C" {
 
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
 int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 
 STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
 SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
index 7219a0e..4c1242c 100644 (file)
@@ -553,7 +553,7 @@ struct ssl_session_st
 /* Allow initial connection to servers that don't support RI */
 #define SSL_OP_LEGACY_SERVER_CONNECT                   0x00000004L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG                0x00000008L
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG             0x00000010L
+#define SSL_OP_TLSEXT_PADDING                          0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER              0x00000020L
 #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                  0x00000040L
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                        0x00000080L
@@ -562,6 +562,8 @@ struct ssl_session_st
 
 /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
 #define SSL_OP_MSIE_SSLV2_RSA_PADDING                  0x0
+/* Refers to ancient SSLREF and SSLv2, retained for compatibility */
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG             0x0
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
index cb8b249..37f19e3 100644 (file)
@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st
 #define TLS1_FLAGS_TLS_PADDING_BUG             0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010
 #define TLS1_FLAGS_KEEP_HANDSHAKE              0x0020
+#define SSL3_FLAGS_CCS_OK                      0x0080
  
 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
  * restart a handshake because of MS SGC and so prevents us
index 38540be..4775003 100644 (file)
@@ -408,6 +408,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                if (os.length != 3)
                        {
                        c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
+                       c.line=__LINE__;
                        goto err;
                        }
                id=0x02000000L|
@@ -420,6 +421,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                if (os.length != 2)
                        {
                        c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
+                       c.line=__LINE__;
                        goto err;
                        }
                id=0x03000000L|
@@ -429,6 +431,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
        else
                {
                c.error=SSL_R_UNKNOWN_SSL_VERSION;
+               c.line=__LINE__;
                goto err;
                }
        
@@ -521,6 +524,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
            if (os.length > SSL_MAX_SID_CTX_LENGTH)
                {
                c.error=SSL_R_BAD_LENGTH;
+               c.line=__LINE__;
                goto err;
                }
            else
index 370fb57..49ab43e 100644 (file)
@@ -541,7 +541,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
 {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
 {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
-{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"},
+{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbeats"},
 {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"},
 {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"},
 {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
index 6dbc3c1..ef6258c 100644 (file)
@@ -1349,6 +1349,10 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 
        p=buf;
        sk=s->session->ciphers;
+
+       if (sk_SSL_CIPHER_num(sk) == 0)
+               return NULL;
+
        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                {
                int n;
index 0c4cdde..ac8c153 100644 (file)
@@ -1048,14 +1048,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
        if (!stream_mac)
                EVP_MD_CTX_cleanup(&hmac);
 #ifdef TLS_DEBUG
-printf("sec=");
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
 printf("seq=");
 {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("buf=");
-{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
 printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",rec->data[z]); printf("\n"); }
 #endif
 
        if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
@@ -1185,7 +1181,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
        if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
                 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
 
-       rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+       rv = tls1_PRF(ssl_get_algorithm2(s),
                      val, vallen,
                      NULL, 0,
                      NULL, 0,
index bddffd9..3b8d515 100644 (file)
@@ -617,6 +617,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 
 #ifndef OPENSSL_NO_HEARTBEATS
        /* Add Heartbeat extension */
+       if ((limit - ret - 4 - 1) < 0)
+               return NULL;
        s2n(TLSEXT_TYPE_heartbeat,ret);
        s2n(1,ret);
        /* Set mode:
@@ -661,36 +663,35 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                 ret += el;
                 }
 #endif
-
-#ifdef TLSEXT_TYPE_padding
        /* Add padding to workaround bugs in F5 terminators.
         * See https://tools.ietf.org/html/draft-agl-tls-padding-03
         *
         * NB: because this code works out the length of all existing
         * extensions it MUST always appear last.
         */
-       {
-       int hlen = ret - (unsigned char *)s->init_buf->data;
-       /* The code in s23_clnt.c to build ClientHello messages includes the
-        * 5-byte record header in the buffer, while the code in s3_clnt.c does
-        * not. */
-       if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
-               hlen -= 5;
-       if (hlen > 0xff && hlen < 0x200)
+       if (s->options & SSL_OP_TLSEXT_PADDING)
                {
-               hlen = 0x200 - hlen;
-               if (hlen >= 4)
-                       hlen -= 4;
-               else
-                       hlen = 0;
+               int hlen = ret - (unsigned char *)s->init_buf->data;
+               /* The code in s23_clnt.c to build ClientHello messages
+                * includes the 5-byte record header in the buffer, while
+                * the code in s3_clnt.c does not.
+                */
+               if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+                       hlen -= 5;
+               if (hlen > 0xff && hlen < 0x200)
+                       {
+                       hlen = 0x200 - hlen;
+                       if (hlen >= 4)
+                               hlen -= 4;
+                       else
+                               hlen = 0;
 
-               s2n(TLSEXT_TYPE_padding, ret);
-               s2n(hlen, ret);
-               memset(ret, 0, hlen);
-               ret += hlen;
+                       s2n(TLSEXT_TYPE_padding, ret);
+                       s2n(hlen, ret);
+                       memset(ret, 0, hlen);
+                       ret += hlen;
+                       }
                }
-       }
-#endif
 
        if ((extdatalen = ret-p-2)== 0) 
                return p;
@@ -845,6 +846,8 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
        /* Add Heartbeat extension if we've received one */
        if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
                {
+               if ((limit - ret - 4 - 1) < 0)
+                       return NULL;
                s2n(TLSEXT_TYPE_heartbeat,ret);
                s2n(1,ret);
                /* Set mode: