Age | Commit message (Collapse) | Author |
|
This assert is reachable for servers that support SSLv2 and export ciphers.
Therefore, such servers can be DoSed by sending a specially crafted
SSLv2 CLIENT-MASTER-KEY.
Also fix s2_srvr.c to error out early if the key lengths are malformed.
These lengths are sent unencrypted, so this does not introduce an oracle.
CVE-2015-0293
This issue was discovered by Sean Burford (Google) and Emilia Käsper of
the OpenSSL development team.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Fix strength_bits to 112 for 3DES.
(cherry picked from commit 837c203719205ab19b5609b2df7151be8df05687)
|
|
client hello message. Previously this could only be retrieved on an initial
connection and it was impossible to determine the cipher IDs of any uknown
ciphersuites.
(backport from HEAD)
|
|
|
|
test for them!
|
|
with the appropriate parameters which calls OBJ_bsearch(). A compiler will
typically inline this.
This avoids the need for cmp_xxx variables and fixes unchecked const issues
with CHECKED_PTR_OF()
|
|
Duplicate const.
Use of ; outside function.
|
|
|
|
ciphersuite selection code in HEAD
Submitted by: Victor Duchovni
|
|
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).
In some cases the ciphersuite list generated from a given string is
affected by this change. I hope this is just in those cases where the
previous behaviour did not make sense.
|
|
|
|
|
|
|
|
runtime, thus removing the need for a lock. Add a test to ssltest
to verify that the cipher lists are sorted.
|
|
|
|
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
|
|
|
|
|
|
|
|
tree. This further reduces header interdependencies, and makes some
associated cleanups.
|
|
Check if IDEA is being built or not.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
|
|
I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.
|
|
I've covered all the memset()s I felt safe modifying, but may have missed some.
|
|
|
|
Submitted by: "Patrick McCormick" <patrick@tellme.com>
PR: 262
PR: 291
|
|
|
|
|
|
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
|
|
not covered by the strength bit mask.
Submitted by:
Reviewed by:
PR: 130
|
|
Important SSL 2.0 bugfixes (bugs found while implementing msg_callback).
|
|
New macros SSL[_CTX]_set_msg_callback_arg().
Message callback imlementation for SSL 3.0/TLS 1.0 (no SSL 2.0 yet).
New '-msg' option for 'openssl s_client' and 'openssl s_server'
that enable a message callback that displays all protocol messages.
In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert if
client_version is smaller than the protocol version in use.
Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0
if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the
client will at least see that alert.
Fix SSL[_CTX]_ctrl prototype (void * instead of char * for generic
pointer).
Add/update some OpenSSL copyright notices.
|
|
with existing code.
Modify library to use digest *_ex() functions.
|
|
|
|
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().
Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.
|
|
missed any.
This compiles and runs on Linux, and external applications have no
problems with it. The definite test will be to build this on VMS.
|
|
|
|
|
|
|
|
|
|
This is mostly a work around for the old VC++ problem
that it treats func() as func(void).
Various prototypes had been added to 'compare' function
pointers that triggered this. This could be fixed by removing
the prototype, adding function pointer casts to every call or
changing the passed function to use the expected arguments.
I mostly did the latter.
The mkdef.pl script was modified to remove the typesafe
functions which no longer exist.
Oh and some functions called OPENSSL_freeLibrary() were
changed back to FreeLibrary(), wonder how that happened :-)
|
|
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
|
|
designed for that. This removes the potential error to mix data and
function pointers.
Please note that I'm a little unsure how incorrect calls to the old
ctrl functions should be handled, in som cases. I currently return 0
and that's it, but it may be more correct to generate a genuine error
in those cases.
|
|
|
|
|
|
minor changes.
Docs haven't been added at this stage. They are probably
best included in the 'ciphers' program docs.
|
|
as a shared library without RSA. Use #ifndef NO_SSL2 instead of
NO_RSA in ssl/s2*.c.
Submitted by: Kris Kennaway <kris@hub.freebsd.org>
Modified by Ulf Möller
|
|
|