- Jun 23, 2015
-
-
Rich Salz authored
Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jun 15, 2015
-
-
Rich Salz authored
When generating a private key, try to make the output file be readable only by the owner. Put it in CHANGES file since it might be noticeable. Add "int private" flag to apps that write private keys, and check that it's set whenever we do write a private key. Checked via assert so that this bug (security-related) gets fixed. Thanks to Viktor for help in tracing the code-paths where private keys are written. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-
- Jun 11, 2015
-
-
Matt Caswell authored
Updates to CHANGES and NEWS to take account of the latest security fixes. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Jun 10, 2015
-
-
Emilia Kasper authored
This is a workaround so old that nobody remembers what buggy clients it was for. It's also been broken in stable branches for two years and nobody noticed (see https://boringssl-review.googlesource.com/#/c/1694/ ). Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Matt Caswell authored
The return type of BIO_number_read() and BIO_number_written() as well as the corresponding num_read and num_write members in the BIO structure has been changed from unsigned long to uint64_t. On platforms where an unsigned long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is transferred. With thanks to the Open Crypto Audit Project for reporting this issue. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jun 04, 2015
-
-
Github User authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 22, 2015
-
-
Matt Caswell authored
Remove support for the two export grade static DH ciphersuites. These two ciphersuites were newly added (along with a number of other static DH ciphersuites) to 1.0.2. However the two export ones have *never* worked since they were introduced. It seems strange in any case to be adding new export ciphersuites, and given "logjam" it also does not seem correct to fix them. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- May 20, 2015
-
-
Emilia Kasper authored
Also reorder preferences to prefer prime curves to binary curves, and P-256 to everything else. The result: $ openssl s_server -named_curves "auto" This command will negotiate an ECDHE ciphersuite with P-256: $ openssl s_client This command will negotiate P-384: $ openssl s_client -curves "P-384" This command will not negotiate ECDHE because P-224 is disabled with "auto": $ openssl s_client -curves "P-224" Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- May 16, 2015
-
-
Matt Caswell authored
Update various documentation references to the new TLS_*_method names. Also add a CHANGES entry. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
-
- May 13, 2015
-
-
Matt Caswell authored
Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- May 03, 2015
-
-
Rich Salz authored
https://github.com/openssl/openssl/pull/176 (CHANGES) https://rt.openssl.org/Ticket/Display.html?id=3545 (objects.txt) https://rt.openssl.org/Ticket/Display.html?id=3796 (verify.pod) Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Apr 29, 2015
-
-
Rich Salz authored
Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Apr 08, 2015
-
-
Rich Salz authored
Remove CA.sh script and use CA.pl for testing, etc. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 25, 2015
-
-
Matt Caswell authored
The justification for RAND_pseudo_bytes is somewhat dubious, and the reality is that it is frequently being misused. RAND_bytes and RAND_pseudo_bytes in the default implementation both end up calling ssleay_rand_bytes. Both may return -1 in an error condition. If there is insufficient entropy then both will return 0, but RAND_bytes will additionally add an error to the error queue. They both return 1 on success. Therefore the fundamental difference between the two is that one will add an error to the error queue with insufficient entory whilst the other will not. Frequently there are constructions of this form: if(RAND_pseudo_bytes(...) <= 1) goto err; In the above form insufficient entropy is treated as an error anyway, so RAND_bytes is probably the better form to use. This form is also seen: if(!RAND_pseudo_bytes(...)) goto err; This is technically not correct at all since a -1 return value is incorrectly handled - but this form will also treat insufficient entropy as a...
-
- Mar 24, 2015
-
-
Rich Salz authored
Start ensuring all OpenSSL "free" routines allow NULL, and remove any if check before calling them. This gets ASN1_OBJECT_free and ASN1_STRING_free. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Mar 19, 2015
-
-
Matt Caswell authored
Resync CHANGES with the latest version from 1.0.2. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 11, 2015
-
-
Rich Salz authored
Suggested by John Foley <foleyj@cisco.com>. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Feb 03, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Feb 02, 2015
-
-
Rich Salz authored
Includes VMS fixes from Richard. Includes Kurt's destest fixes (RT 1290). Closes tickets 1290 and 1291 Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 31, 2015
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 24, 2015
-
-
Rich Salz authored
This removes all code surrounded by '#ifdef undef' One case is left: memmove() replaced by open-coded for loop, in crypto/stack/stack.c That needs further review. Also removed a couple of instances of /* dead code */ if I saw them while doing the main removal. Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jan 23, 2015
-
-
Andy Polyakov authored
If you examine changes, you are likely to wonder "but what about ILP64, elusive as they are, don't they fall victim to 16-bit rationalization?" No, the case was modeled and verified to work. Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Rich Salz authored
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx Remove MS_STATIC; it's a relic from platforms <32 bits. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
- Jan 22, 2015
-
-
Rich Salz authored
Use setbuf(fp, NULL) instead of setvbuf(). This removes some ifdef complexity because all of our platforms support setbuf. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 14, 2015
-
-
Rich Salz authored
OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO Two typo's on #endif comments fixed: OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 12, 2015
-
-
Rich Salz authored
This last one for this ticket. Removes WIN16. So long, MS_CALLBACK and MS_FAR. We won't miss you. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Rich Salz authored
This commit removes NCR, Tandem, Cray. Regenerates TABLE. Removes another missing BEOS fluff. The last platform remaining on this ticket is WIN16. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Jan 06, 2015
-
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
This is re-commit without unrelated modification. Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
This reverts commit 4fec9150 . Reviewed-by: Matt Caswell <matt@openssl.org>
-
Andy Polyakov authored
Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell <matt@openssl.org>
-
- Jan 05, 2015
-
-
Dr. Stephen Henson authored
Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell <matt@openssl.org>
-
Adam Langley authored
when its SSL_CTX is updated. From BoringSSL commit https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a Reviewed-by: Rich Salz <rsalz@openssl.org>
-
Dr. Stephen Henson authored
By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
- Dec 28, 2014
-
-
Rich Salz authored
This commit removes DG-UX. It also flushes out some left-behinds in config. And regenerates TABLE from Configure (hadn't been done in awhile). Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 25, 2014
-
-
Rich Salz authored
This commit removes Sinix/ReliantUNIX RM400 (And a missed piece of BEOS fluff) Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Dec 22, 2014
-
-
Rich Salz authored
This commit removes MPE/iX Reviewed-by: Andy Polyakov <appro@openssl.org>
-
Rich Salz authored
This commit removes SunOS (a sentimental favorite of mine). Reviewed-by: Richard Levitte <levitte@openssl.org>
-