Commits · 1211e29c168afcbde0ee277fa92e8d816abc350e · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 12, 2015
- make update · 1211e29c
  Matt Caswell authored Jan 11, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  1211e29c
- Remove redundant DSO_METHOD_beos declaration in dso.h. BEOS support has been · 8e964419
  Matt Caswell authored Jan 11, 2015
```
removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  8e964419
Jan 10, 2015

Kurt Roeckx authored Jan 02, 2015



It contained a date on when it was build.

Reviewed-by: Rich Salz <rsalz@openssl.org>

264212b6

Jan 09, 2015
- Further windows specific .gitignore entries · 41c9cfbc
  Matt Caswell authored Jan 09, 2015
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  41c9cfbc
- Update .gitignore with windows files to be excluded from git · 448e6f06
  Matt Caswell authored Jan 09, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  448e6f06
Jan 08, 2015

Fix build failure on Windows due to undefined cflags identifier · 5c5e7e1a
Matt Caswell authored Jan 08, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
5c5e7e1a

A memory leak can occur in dtls1_buffer_record if either of the calls to · 103b171d

Matt Caswell authored Jan 07, 2015

ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a
malloc failure, whilst the latter will fail if attempting to add a duplicate
record to the queue. This should never happen because duplicate records should
be detected and dropped before any attempt to add them to the queue.
Unfortunately records that arrive that are for the next epoch are not being
recorded correctly, and therefore replays are not being detected.
Additionally, these "should not happen" failures that can occur in
dtls1_buffer_record are not being treated as fatal and therefore an attacker
could exploit this by sending repeated replay records for the next epoch,
eventually causing a DoS through memory exhaustion.

Thanks to Chris Mueller for reporting this issue and providing initial
analysis and a patch. Further analysis and the final patch was performed by
Matt Caswell from the OpenSSL development team.

CVE-2015-0206

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

103b171d

Unauthenticated DH client certificate fix. · 1421e0c5

Dr. Stephen Henson authored Oct 23, 2014



Fix to prevent use of DH client certificates without sending
certificate verify message.

If we've used a client certificate to generate the premaster secret
ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is
never called.

We can only skip the certificate verify message in
ssl3_get_cert_verify if the client didn't send a certificate.

Thanks to Karthikeyan Bhargavan for reporting this issue.
CVE-2015-0205
Reviewed-by: Matt Caswell <matt@openssl.org>

1421e0c5

Fix for CVE-2014-3570 (with minor bn_asm.c revamp). · a7a44ba5
Andy Polyakov authored Jan 05, 2015
```
Reviewed-by: Emilia Kasper <emilia@openssl.org>
```
a7a44ba5

Follow on from CVE-2014-3571. This fixes the code that was the original source · 248385c6

Matt Caswell authored Jan 03, 2015

of the crash due to p being NULL. Steve's fix prevents this situation from
occuring - however this is by no means obvious by looking at the code for
dtls1_get_record. This fix just makes things look a bit more sane.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

248385c6

Fix crash in dtls1_get_record whilst in the listen state where you get two · feba02f3

Dr. Stephen Henson authored Jan 03, 2015


separate reads performed - one for the header and one for the body of the
handshake record.

CVE-2014-3571

Reviewed-by: Matt Caswell <matt@openssl.org>

feba02f3

Jan 07, 2015
- fix error discrepancy · 4a4d4158
  Dr. Stephen Henson authored Jan 07, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  4a4d4158
- Fix irix-cc build. · e464403d
  Andy Polyakov authored Jan 05, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  e464403d
Jan 06, 2015

use correct credit in CHANGES · 4138e388
Dr. Stephen Henson authored Jan 06, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
4138e388
Only inherit the session ID context in SSL_set_SSL_CTX if the existing · ac8e9cbe
Emilia Kasper authored Jan 06, 2015
```
context was also inherited (matches that of the existing SSL_CTX).

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
ac8e9cbe

use correct function name · cb62ab4b

Dr. Stephen Henson authored Jan 06, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

cb62ab4b

RT3662: Allow leading . in nameConstraints · 77ff1f3b

Dr. Stephen Henson authored Jan 06, 2015



Change by SteveH from original by John Denker (in the RT)

Reviewed-by: Rich Salz <rsalz@openssl.org>

77ff1f3b

Some cleanup of L<> markup in pod files · a09474dd

Rich Salz authored Jan 06, 2015



Show only the #define, not the values, in BIO_f_buffer.  Data
abstraction and we can remove a "see also" entry.

Remove internal forward reference to NOTES in EVP_EncryptInit; just
say "see below" as we do in the other pages.

Add missing (3) in pem.pod so the L<> entry is consistent.
Fix entry to point to the "master" page, not the symlink'd one.

Reviewed-by: Matt Caswell <matt@openssl.org>

a09474dd

Fix memory leak. · 41cd41c4

Martin Brejcha authored Nov 16, 2014



Fix memory leak by freeing up saved_message.data if it is not NULL.

PR#3489
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

41cd41c4

Further comment amendments to preserve formatting prior to source reformat · 3a83462d
Matt Caswell authored Jan 05, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3a83462d
Remove blank line from start of cflags character array in buildinf.h · b691154e
Matt Caswell authored Jan 06, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
b691154e

CHANGES: mention "universal" ARM support. · 0548505f

Andy Polyakov authored Jan 06, 2015



This is re-commit without unrelated modification.

Reviewed-by: Matt Caswell <matt@openssl.org>

0548505f

Revert "CHANGES: mention "universal" ARM support." · 21933811
Andy Polyakov authored Jan 06, 2015
```
This reverts commit 4fec9150

.

Reviewed-by: Matt Caswell <matt@openssl.org>
```
21933811
CHANGES: mention "universal" ARM support. · 4fec9150
Andy Polyakov authored Jan 06, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
4fec9150
fix compilation error · fb76ad8d
Dr. Stephen Henson authored Jan 06, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
fb76ad8d

Only allow ephemeral RSA keys in export ciphersuites. · ce325c60

Dr. Stephen Henson authored Oct 23, 2014



OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>

ce325c60

Jan 05, 2015

ECDH downgrade bug fix. · b15f8769

Dr. Stephen Henson authored Oct 24, 2014



Fix bug where an OpenSSL client would accept a handshake using an
ephemeral ECDH ciphersuites with the server key exchange message omitted.

Thanks to Karthikeyan Bhargavan for reporting this issue.

CVE-2014-3572
Reviewed-by: Matt Caswell <matt@openssl.org>

b15f8769

RT3546: Remove #define IRIX_CC_BUG · b5526482

Rich Salz authored Jan 05, 2015

Leftovers from commit 448155e9


Remove now-unused #define's

Reviewed-by: Matt Caswell <matt@openssl.org>

b5526482

update ordinals · c05febfa

Dr. Stephen Henson authored Jan 05, 2015



Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 31c65a7b)

c05febfa

Ensure that the session ID context of an SSL* is updated · 61aa44ca

Adam Langley authored Jan 05, 2015

when its SSL_CTX is updated.

From BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a



Reviewed-by: Rich Salz <rsalz@openssl.org>

61aa44ca

Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. · 4c52816d
Dr. Stephen Henson authored Dec 14, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
4c52816d

Fix various certificate fingerprint issues. · 684400ce

Dr. Stephen Henson authored Dec 20, 2014



By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.

1. Reject signatures with non zero unused bits.

If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.

2. Check certificate algorithm consistency.

Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.

3. Check DSA/ECDSA signatures use DER.

Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.

This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).

CVE-2014-8275
Reviewed-by: Emilia Käsper <emilia@openssl.org>

684400ce

Additional fix required for no-srtp to work · 32b07f5a
Matt Caswell authored Dec 22, 2014
```
RT3638

Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
32b07f5a
Fix building with no-srtp · e783bae2
Piotr Sikora authored Dec 22, 2014
```
RT3638

Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
e783bae2

Add a clang build target for linux-x86_64 · cb2bc054

Emilia Kasper authored Jan 05, 2015



This change documents the world as-is, by turning all warnings on,
and then turning warnings that trigger off again.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

cb2bc054

Jan 04, 2015

Remove inconsistency in ARM support. · c1669e1c

Andy Polyakov authored Nov 07, 2014


This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

c1669e1c

ecp_nistz256-x86_64.pl: fix occasional failures. · 9e557ab2

Andy Polyakov authored Jan 04, 2015



RT: 3607
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Emilia Kasper <emilia@openssl.org>

9e557ab2

RT2914: NULL check missing in X509_name_canon · 2c60925d

Rich Salz authored Jan 04, 2015



Check for NULL return from X509_NAME_ENTRY_new()

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

2c60925d

Jan 02, 2015

Remove SGC restart flag. · 95275599
Dr. Stephen Henson authored Jan 02, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
95275599

Remove MS SGC · 63eab8a6

Dr. Stephen Henson authored Oct 24, 2014



MS Server gated cryptography is obsolete and dates from the time of export
restrictions on strong encryption and is only used by ancient versions of
MSIE.
Reviewed-by: Matt Caswell <matt@openssl.org>

63eab8a6