Include changes from 0.9.7-stable.

diff --git a/CHANGES b/CHANGES
index 4e53b4efe8dc554e4f7cc849c3c9e2a253f109e2..5df10ebc7bdbc9031198675a0f396ddf00e87e09 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -25,6 +25,20 @@
 
  Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]
 
+  *) Cleanse PEM buffers before freeing them since they may contain 
+     sensitive data.
+     [Benjamin Bennett <ben@psc.edu>]
+
+  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+     a ciphersuite string such as "DEFAULT:RSA" cannot enable
+     authentication-only ciphersuites.
+     [Bodo Moeller]
+
+  *) Since AES128 and AES256 share a single mask bit in the logic of
+     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+     kludge to work properly if AES128 is available and AES256 isn't.
+     [Victor Duchovni]
+
   *) Expand security boundary to match 1.1.1 module.
      [Steve Henson]
 

diff --git a/LICENSE b/LICENSE
index c21f132db5dd8485853954b88fac7827837815b0..ff99d9724177c7b133d4b391928cbd348572aab2 100644 (file)
--- a/LICENSE
+++ b/LICENSE
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

diff --git a/README b/README
index cf32b19b060c24fd9aaa0976641ac97ff19f8288..6e198b179cedda3a1bbd1c95ef8eac289626dfff 100644 (file)
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 
  OpenSSL 0.9.7m-dev xx XXX xxxx
 
- Copyright (c) 1998-2006 The OpenSSL Project
+ Copyright (c) 1998-2007 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 0dcbab6f3575fd6d5e414cc5a1ac7027e2d2f09d..54262cc8f0e0bff9bc3d9b3f812b4cd781b5dcdb 100644 (file)
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -577,6 +577,7 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                }
        EVP_EncodeFinal(&ctx,buf,&outl);
        if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
+       OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
        OPENSSL_free(buf);
        buf = NULL;
        if (    (BIO_write(bp,"-----END ",9) != 9) ||
@@ -585,8 +586,10 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                goto err;
        return(i+outl);
 err:
-       if (buf)
+       if (buf) {
+               OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
                OPENSSL_free(buf);
+       }
        PEMerr(PEM_F_PEM_WRITE_BIO,reason);
        return(0);
        }

diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 9ecdbd5419ee39db82447784fbc53287280de18e..69300ba5e1430cd7bca3e0293dd22cda380e3d89 100644 (file)
--- a/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
@@ -122,6 +122,7 @@ p8err:
                PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
 err:
        OPENSSL_free(nm);
+       OPENSSL_cleanse(data, len);
        OPENSSL_free(data);
        return(ret);
        }

diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 50343cd68543b3e941563067942ab55c801df852..d15d3a618d8f6d05e38946209e2e22425f1ac298 100644 (file)
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -394,13 +394,13 @@ B<sep_comma_plus>, B<dn_rev> and B<sname>.
 
 a oneline format which is more readable than RFC2253. It is equivalent to
 specifying the  B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
-B<dump_der>, B<use_quote>, B<sep_comma_plus_spc>, B<spc_eq> and B<sname>
+B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname>
 options.
 
 =item B<multiline>
 
 a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
-B<spc_eq>, B<lname> and B<align>.
+B<space_eq>, B<lname> and B<align>.
 
 =item B<esc_2253>
 
@@ -500,7 +500,7 @@ diagnostic purpose.
 align field values for a more readable output. Only usable with
 B<sep_multiline>.
 
-=item B<spc_eq>
+=item B<space_eq>
 
 places spaces round the B<=> character which follows the field
 name.
@@ -610,7 +610,7 @@ Display the certificate subject name in RFC2253 form:
 Display the certificate subject name in oneline form on a terminal
 supporting UTF8:
 
- openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb
+ openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
 
 Display the certificate MD5 fingerprint:
 

diff --git a/doc/crypto/ASN1_STRING_print_ex.pod b/doc/crypto/ASN1_STRING_print_ex.pod
index d662225b87ad1ff812f7a79b2193e26e99aa78c4..3891b88791dded041eec471e7c42c7a6a0e5e618 100644 (file)
--- a/doc/crypto/ASN1_STRING_print_ex.pod
+++ b/doc/crypto/ASN1_STRING_print_ex.pod
@@ -43,9 +43,9 @@ interprets UTF8 sequences.
 
 Escaping takes several forms.
 
-If the character being escaped is a 16 bit character then the form "\WXXXX" is used
+If the character being escaped is a 16 bit character then the form "\UXXXX" is used
 using exactly four characters for the hex representation. If it is 32 bits then
-"\UXXXXXXXX" is used using eight characters of its hex representation. These forms
+"\WXXXXXXXX" is used using eight characters of its hex representation. These forms
 will only be used if UTF8 conversion is not set (see below).
 
 Printable characters are normally escaped using the backslash '\' character. If

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 98e7630b0f56b7ffb9b1fd17ee82ec79707d0fad..bdb8923972ac6c42ac4b0c3f6619580aa574c2b6 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -557,7 +557,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        0,
-       112,
+       168,
        168,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
@@ -613,7 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
        SSL_NOT_EXP|SSL_HIGH,
        0,
-       112,
+       168,
        168,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
@@ -683,7 +683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
-       128,
+       40,
        128,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,
@@ -725,7 +725,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
        SSL_EXPORT|SSL_EXP40,
        0,
-       128,
+       40,
        128,
        SSL_ALL_CIPHERS,
        SSL_ALL_STRENGTHS,

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 99e188086b9af651ad8fd72fcdfa1ff1744105bf..37f8d0171b992de9b7aecc55ec85eb0d5e3ef3f5 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -303,7 +303,7 @@ extern "C" {
 /* The following cipher list is used by default.
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST        "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
+#define SSL_DEFAULT_CIPHER_LIST        "ALL:!aNULL:!eNULL+RC4:@STRENGTH" /* low priority for RC4 */
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 #define SSL_SENT_SHUTDOWN      1

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b6b727f3339481f8c1a56d231650030f103417e2..495b1ce0e5187d9ba70ddaab5f5d202e002f40bb 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -415,9 +415,18 @@ static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
        *tail=curr;
        }
 
-static unsigned long ssl_cipher_get_disabled(void)
+struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
+                         * where 128-bit and 256-bit algorithms simply will get
+                         * separate bits. */
+  unsigned long mask; /* everything except m256 */
+  unsigned long m256; /* applies to 256-bit algorithms only */
+};
+
+struct disabled_masks ssl_cipher_get_disabled(void)
        {
        unsigned long mask;
+       unsigned long m256;
+       struct disabled_masks ret;
 
        mask = SSL_kFZA;
 #ifdef OPENSSL_NO_RSA
@@ -443,17 +452,24 @@ static unsigned long ssl_cipher_get_disabled(void)
        mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
        mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
        mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
-       mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
 
        mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
        mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
 
-       return(mask);
+       /* finally consider algorithms where mask and m256 differ */
+       m256 = mask;
+       mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
+       m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
+
+       ret.mask = mask;
+       ret.m256 = m256;
+       return ret;
        }
 
 static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
-               int num_of_ciphers, unsigned long mask, CIPHER_ORDER *co_list,
-               CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
+               int num_of_ciphers, unsigned long mask, unsigned long m256,
+               CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
+               CIPHER_ORDER **tail_p)
        {
        int i, co_list_num;
        SSL_CIPHER *c;
@@ -471,11 +487,12 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                {
                c = ssl_method->get_cipher(i);
                /* drop those that use any of that is not available */
+#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
 #ifdef OPENSSL_FIPS
-               if ((c != NULL) && c->valid && !(c->algorithms & mask)
+               if ((c != NULL) && c->valid && !IS_MASKED(c))
                        && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
 #else
-               if ((c != NULL) && c->valid && !(c->algorithms & mask))
+               if ((c != NULL) && c->valid && !IS_MASKED(c))
 #endif
                        {
                        co_list[co_list_num].cipher = c;
@@ -869,7 +886,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         * rest of the command, if any left, until
                         * end or ':' is found.
                         */
-                       while ((*l != '\0') && ITEM_SEP(*l))
+                       while ((*l != '\0') && !ITEM_SEP(*l))
                                l++;
                        }
                else if (found)
@@ -880,7 +897,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                        }
                else
                        {
-                       while ((*l != '\0') && ITEM_SEP(*l))
+                       while ((*l != '\0') && !ITEM_SEP(*l))
                                l++;
                        }
                if (*l == '\0') break; /* done */
@@ -896,6 +913,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        {
        int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
        unsigned long disabled_mask;
+       unsigned long disabled_m256;
        STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
        const char *rule_p;
        CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
@@ -918,7 +936,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         * To reduce the work to do we only want to process the compiled
         * in algorithms, so we first get the mask of disabled ciphers.
         */
-       disabled_mask = ssl_cipher_get_disabled();
+       {
+               struct disabled_masks d;
+               d = ssl_cipher_get_disabled();
+               disabled_mask = d.mask;
+               disabled_m256 = d.m256;
+       }
 
        /*
         * Now we have to collect the available ciphers from the compiled
@@ -937,7 +960,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                }
 
        ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
-                                  co_list, &head, &tail);
+                                  disabled_m256, co_list, &head, &tail);
 
        /*
         * We also need cipher aliases for selecting based on the rule_str.
@@ -957,8 +980,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
                return(NULL);   /* Failure */
                }
-       ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,
-                                  head);
+       ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+                                  (disabled_mask & disabled_m256), head);
 
        /*
         * If the rule_string begins with DEFAULT, apply the default rule