Commits · b362ccab5c1d52086f19d29a32f4acc11073b86b · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

28 Mar, 2014 5 commits

Dr. Stephen Henson authored Dec 15, 2013

Security callback: selects which parameters are permitted including
sensible defaults based on bits of security.

The "parameters" which can be selected include: ciphersuites,
curves, key sizes, certificate signature algorithms, supported
signature algorithms, DH parameters, SSL/TLS version, session tickets
and compression.

In some cases prohibiting the use of a parameters will mean they are
not advertised to the peer: for example cipher suites and ECC curves.
In other cases it will abort the handshake: e.g DH parameters or the
peer key size.

Documentation to follow...

b362ccab

Check return value of ssl3_output_cert_chain · 66f96fe2
Dr. Stephen Henson authored Mar 18, 2014

66f96fe2

Allow return of supported ciphers. · 8b8e5bed

Dr. Stephen Henson authored Jan 14, 2014

New function ssl_cipher_disabled.

Check for disabled client ciphers using ssl_cipher_disabled.

New function to return only supported ciphers.

New option to ciphers utility to print only supported ciphers.

8b8e5bed

Auto DH support. · 09599b52

Dr. Stephen Henson authored Jan 22, 2014

Add auto DH parameter support. This is roughly equivalent to the
ECDH auto curve selection but for DH. An application can just call

SSL_CTX_set_auto_dh(ctx, 1);

and appropriate DH parameters will be used based on the size of the
server key.

Unlike ECDH there is no way a peer can indicate the range of DH parameters
it supports. Some peers cannot handle DH keys larger that 1024 bits for
example. In this case if you call:

SSL_CTX_set_auto_dh(ctx, 2);

Only 1024 bit DH parameters will be used.

If the server key is 7680 bits or more in size then 8192 bit DH parameters
will be used: these will be *very* slow.

The old export ciphersuites aren't supported but those are very
insecure anyway.

09599b52

Add functions returning security bits. · 2514fa79

Dr. Stephen Henson authored Jan 18, 2014

Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.

2514fa79

27 Mar, 2014 3 commits

Fix memory leak with client auth. · 4563da1d
Dr. Stephen Henson authored Mar 27, 2014
```
(cherry picked from commit bc5ec653ba65fedb1619c8182088497de8a97a70)
```
4563da1d
Add -no_resumption_on_reneg to SSL_CONF. · f0ef019d
Dr. Stephen Henson authored Mar 27, 2014
```
(cherry picked from commit 1f44dac2)
```
f0ef019d

Update chain building function. · e970f63d

Dr. Stephen Henson authored Mar 27, 2014

Don't clear verification errors from the error queue unless
SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR is set.

If errors occur during verification and SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR
is set return 2 so applications can issue warnings.
(cherry picked from commit 2dd6976f)

e970f63d

24 Mar, 2014 1 commit
- Allow duplicate certs in ssl_build_cert_chain · 7c5718be
  Emilia Kasper authored Mar 24, 2014
  
  7c5718be
19 Mar, 2014 1 commit

Workaround for some CMS signature formats. · 3a98f9cf

Dr. Stephen Henson authored Mar 19, 2014

Some CMS SignedData structure use a signature algorithm OID such
as SHA1WithRSA instead of the RSA algorithm OID. Workaround this
case by tolerating the signature if we recognise the OID.

3a98f9cf

18 Mar, 2014 1 commit
- Retry callback only after ClientHello received. · f04665a6
  Piotr Sikora authored Mar 18, 2014
  
  f04665a6
12 Mar, 2014 2 commits

Update ordinals. · 14c67a70

Dr. Stephen Henson authored Mar 12, 2014

Use a previously unused value as we will be updating multiple released
branches.
(cherry picked from commit 0737acd2a8cc688902b5151cab5dc6737b82fb96)

14c67a70

Fix for CVE-2014-0076 · f9b6c0ba

Dr. Stephen Henson authored Mar 12, 2014

Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29)

Conflicts:

	CHANGES

f9b6c0ba

10 Mar, 2014 2 commits
- typo · a029788b
  Dr. Stephen Henson authored Mar 10, 2014
  
  a029788b
- Simplify ssl_add_cert_chain logic. · d628885e
  Dr. Stephen Henson authored Mar 09, 2014
  
  d628885e
07 Mar, 2014 3 commits

Remove -WX option from debug-VC-WIN32 · ab0f8804
Dr. Stephen Henson authored Mar 07, 2014
```
(cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
```
ab0f8804
engines/ccgost/gosthash.c: simplify and avoid SEGV. · ea38f020
Andy Polyakov authored Mar 07, 2014
```
PR: 3275
```
ea38f020

SPARC T4 assembly pack: treat zero input length in CBC. · 5e44c144

Andy Polyakov authored Mar 07, 2014

The problem is that OpenSSH calls EVP_Cipher, which is not as
protective as EVP_CipherUpdate. Formally speaking we ought to
do more checks in *_cipher methods, including rejecting
lengths not divisible by block size (unless ciphertext stealing
is in place). But for now I implement check for zero length in
low-level based on precedent.

PR: 3087, 2775

5e44c144

06 Mar, 2014 3 commits
- dh_check.c: check BN_CTX_get's return value. · 53e51612
  Andy Polyakov authored Mar 06, 2014
  
  53e51612
- test/Makefile: allow emulated test (e.g. under wine). · 687403fb
  Andy Polyakov authored Mar 06, 2014
```
Submitted by: Roumen Petrov
```
  687403fb
- bss_dgram.c,d1_lib.c: make it compile with mingw. · 972b0dc3
  Andy Polyakov authored Mar 06, 2014
```
Submitted by: Roumen Petrov
```
  972b0dc3
03 Mar, 2014 1 commit
- For self signed root only indicate one error. · 315cd871
  Dr. Stephen Henson authored Mar 03, 2014
```
(cherry picked from commit bdfc0e284c89dd5781259cc19aa264aded538492)
```
  315cd871
01 Mar, 2014 3 commits

PKCS#8 support for alternative PRFs. · 5693a308

Dr. Stephen Henson authored Feb 28, 2014

Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.

Add option to pkcs8 utility.

Update docs.
(cherry picked from commit b60272b01fcb4f69201b3e1659b4f7e9e9298dfb)

5693a308

Fix memory leak. · 01757858
Dr. Stephen Henson authored Feb 28, 2014
```
(cherry picked from commit 124d218889dfca33d277404612f1319afe04107e)
```
01757858

Add function to free compression methods. · db7b5e0d

Dr. Stephen Henson authored Feb 28, 2014

Although the memory allocated by compression methods is fixed and
cannot grow over time it can cause warnings in some leak checking
tools. The function SSL_COMP_free_compression_methods() will free
and zero the list of supported compression methods. This should
*only* be called in a single threaded context when an application
is shutting down to avoid interfering with existing contexts
attempting to look up compression methods.
(cherry picked from commit 976c58302b13d085edb3ab822f5eac4b2f1bff95)

db7b5e0d

28 Feb, 2014 1 commit
- Makefile.org: fix syntax error on Solaris. · 65370f9b
  Andy Polyakov authored Feb 28, 2014
```
PR: 3271
```
  65370f9b
27 Feb, 2014 5 commits
- Configure: mark unixware target as elf-1. · 4ca02656
  Andy Polyakov authored Feb 27, 2014
  
  4ca02656
- perlasm/x86asm.pl: recognize elf-1 denoting old ELF platforms. · b62a4a1c
  Andy Polyakov authored Feb 27, 2014
  
  b62a4a1c
- perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF. · ce876d83
  Andy Polyakov authored Feb 27, 2014
  
  ce876d83
- rc4/asm/rc4-586.pl: allow for 386-only build. · f861b1d4
  Andy Polyakov authored Feb 27, 2014
  
  f861b1d4
- des/asm/des-586.pl: shortcut reference to DES_SPtrans. · fd361a67
  Andy Polyakov authored Feb 27, 2014
  
  fd361a67
26 Feb, 2014 5 commits
- CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration. · 52f71f81
  Rob Stradling authored Feb 25, 2014
  
  52f71f81
- Fix for WIN32 builds with KRB5 · 031ea2d1
  Dr. Stephen Henson authored Feb 26, 2014
```
(cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
```
  031ea2d1
- sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2. · d49135e7
  Andy Polyakov authored Feb 26, 2014
  
  d49135e7
- sha/asm/sha512-x86_64.pl: fix compilation error on Solaris. · 147cca8f
  Andy Polyakov authored Feb 26, 2014
  
  147cca8f
- Configure: blended processor target in solaris-x86-cc. · 7bb9d84e
  Andy Polyakov authored Feb 26, 2014
  
  7bb9d84e
25 Feb, 2014 4 commits
- ssl/t1_enc.c: check EVP_MD_CTX_copy return value. · 03da57fe
  Andy Polyakov authored Feb 25, 2014
```
PR: 3201
```
  03da57fe
- aes/asm/vpaes-ppc.pl: fix traceback info. · e704741b
  Andy Polyakov authored Feb 25, 2014
  
  e704741b
- Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP. · e0520c65
  Dr. Stephen Henson authored Feb 25, 2014
```
(cherry picked from commit 3678161d717d0f46c5b5b052a6d6a33438b1df00)
```
  e0520c65
- Fix for v3_scts.c · 3a325c60
  Dr. Stephen Henson authored Feb 25, 2014
```
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
(cherry picked from commit 6634416732b94627eba1c47de3c3a6321a5458f0)
```
  3a325c60