Commits · 129344a8fbecb681510bc87668b377535fb92032 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 06, 2015

RT3662: Allow leading . in nameConstraints · 129344a8

Dr. Stephen Henson authored Jan 06, 2015



Change by SteveH from original by John Denker (in the RT)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 77ff1f3b)

129344a8

Fix memory leak. · be6e7669

Martin Brejcha authored Nov 16, 2014



Fix memory leak by freeing up saved_message.data if it is not NULL.

PR#3489
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 41cd41c4)

be6e7669

Remove blank line from start of cflags character array in buildinf.h · 8dc461ec
Matt Caswell authored Jan 06, 2015
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit b691154e)
```
8dc461ec

Only allow ephemeral RSA keys in export ciphersuites. · 4b4c1fcc

Dr. Stephen Henson authored Oct 23, 2014



OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

4b4c1fcc

CHANGES: mention "universal" ARM support. · 1cfd7cf3

Andy Polyakov authored Jan 06, 2015



This is re-commit without unrelated modification.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 0548505f)

1cfd7cf3

Revert "CHANGES: mention "universal" ARM support." · 29961571
Andy Polyakov authored Jan 06, 2015
```
This reverts commit caeed719

.

Reviewed-by: Matt Caswell <matt@openssl.org>
```
29961571
CHANGES: mention "universal" ARM support. · caeed719
Andy Polyakov authored Jan 06, 2015
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4fec9150)
```
caeed719

Remove inconsistency in ARM support. · f4868c99

Andy Polyakov authored Nov 07, 2014


This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit c1669e1c)

f4868c99

Jan 05, 2015

ECDH downgrade bug fix. · 4aaf1e49

Dr. Stephen Henson authored Oct 24, 2014



Fix bug where an OpenSSL client would accept a handshake using an
ephemeral ECDH ciphersuites with the server key exchange message omitted.

Thanks to Karthikeyan Bhargavan for reporting this issue.

CVE-2014-3572
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit b15f8769)

4aaf1e49

update ordinals · d96c2492

Dr. Stephen Henson authored Jan 05, 2015



Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 31c65a7b)

d96c2492

Ensure that the session ID context of an SSL* is updated · d9b277e0

Adam Langley authored Jan 05, 2015

when its SSL_CTX is updated.

From BoringSSL commit
https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a



Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 61aa44ca)

d9b277e0

Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. · aace6dbc
Dr. Stephen Henson authored Dec 14, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 4c52816d)
```
aace6dbc

Fix various certificate fingerprint issues. · 85cfc188

Dr. Stephen Henson authored Dec 20, 2014



By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.

1. Reject signatures with non zero unused bits.

If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.

2. Check certificate algorithm consistency.

Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.

3. Check DSA/ECDSA signatures use DER.

Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.

This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).

CVE-2014-8275
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 684400ce)

85cfc188

Additional fix required for no-srtp to work · 6ee7de1e
Matt Caswell authored Dec 22, 2014
```
RT3638

Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
6ee7de1e

Fix building with no-srtp · 7b0194db

Piotr Sikora authored Dec 22, 2014



RT3638

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Conflicts:
	ssl/t1_lib.c

7b0194db

Add a clang build target for linux-x86_64 · bfaf7962

Emilia Kasper authored Jan 05, 2015



This change documents the world as-is, by turning all warnings on,
and then turning warnings that trigger off again.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>

bfaf7962

Jan 04, 2015

ecp_nistz256-x86_64.pl: fix occasional failures. · c02e2d6a

Andy Polyakov authored Jan 04, 2015



RT: 3607
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 9e557ab2)

c02e2d6a

RT2914: NULL check missing in X509_name_canon · 9f49067c

Rich Salz authored Jan 04, 2015



Check for NULL return from X509_NAME_ENTRY_new()

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 2c60925d)

9f49067c

Jan 02, 2015

Update SGC flag comment. · 5396c119

Dr. Stephen Henson authored Jan 02, 2015



Since SGC has been removed from OpenSSL 1.0.2 the
SSL3_FLAGS_SGC_RESTART_DONE is no longer used. However the #define is
retained for compatibility.
Reviewed-by: Matt Caswell <matt@openssl.org>

5396c119

Remove MS SGC · cf95b2d6

Dr. Stephen Henson authored Oct 24, 2014



MS Server gated cryptography is obsolete and dates from the time of export
restrictions on strong encryption and is only used by ancient versions of
MSIE.
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit 63eab8a6)

cf95b2d6

Clear existing extension state. · 47606dda

Dr. Stephen Henson authored Dec 05, 2014



When parsing ClientHello clear any existing extension state from
SRP login and SRTP profile.

Thanks to Karthikeyan Bhargavan for reporting this issue.
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit 4f605ccb)

Conflicts:
	ssl/t1_lib.c

47606dda

Dec 31, 2014

typo in s_client · c30c8761

Dominik Neubauer authored Mar 04, 2014



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Geoff Thorpe <geoff@openssl.org>

c30c8761

Dec 30, 2014

Make "run" volatile · 73bda31b
Kurt Roeckx authored Dec 16, 2014
```
RT#3629

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
73bda31b

Document openssl dgst -hmac option · dc00fb9d

Thorsten Glaser authored May 22, 2009



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>

dc00fb9d

dlfcn: always define _GNU_SOURCE · 06c3e65d

Kurt Roeckx authored Dec 23, 2013

We need this for the freebsd kernel with glibc as used in the Debian kfreebsd
ports. There shouldn't be a problem defining this on systems not using glibc.

Reviewed-by: Richard Levitte <levitte@openssl.org>

06c3e65d

Fix memory leak in the apps · 5984c7e3

Kurt Roeckx authored Dec 07, 2014



The BIO_free() allocated ex_data again that we already freed.

Reviewed-by: Richard Levitte <levitte@openssl.org>

5984c7e3

Dec 22, 2014

Improves certificates HOWTO · beef278b

Alok Menghrajani authored Nov 30, 2014



* adds links to various related documents.
* fixes a few typos.
* rewords a few sentences.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 67472bd8)

beef278b

Small typo · 58191465

Richard Levitte authored Dec 22, 2014



Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit 7cfab40f)

58191465

Dec 20, 2014

Fix incorrect OPENSSL_assert() usage. · 5760c8b8

Michael Tuexen authored Nov 16, 2014



Return an error code for I/O errors instead of an assertion failure.

PR#3470
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 2521fcd8)

5760c8b8

Dec 19, 2014
- Fix a problem if CFLAGS is too long cversion.c fails to compile when config · b6514072
  Matt Caswell authored Dec 19, 2014
```
is run with --strict-warnings.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 488f16e3)
```
  b6514072
Dec 18, 2014
- Return error when a bit string indicates an invalid amount of bits left · a760dde6
  Kurt Roeckx authored Dec 15, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  a760dde6
Dec 17, 2014

Reject invalid constructed encodings. · f5e4b6b5

Dr. Stephen Henson authored Dec 17, 2014



According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

f5e4b6b5

Add a comment noting the padding oracle. · 9ca2cc78
Emilia Kasper authored Dec 17, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 03af8430)
```
9ca2cc78

Revert "RT3425: constant-time evp_enc" · 0cf55223

Emilia Kasper authored Dec 17, 2014

Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.

This reverts commit 738911cd

.

Reviewed-by: Andy Polyakov <appro@openssl.org>

0cf55223

Build fixes · 0e1c318e

Emilia Kasper authored Dec 15, 2014



Various build fixes, mostly uncovered by clang's unused-const-variable
and unused-function errors.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

0e1c318e

Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed) · 8bc8450a
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
8bc8450a
Clear warnings/errors within TLS_DEBUG code sections · bf68456f
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
bf68456f
Clear warnings/errors within KSSL_DEBUG code sections · 53332a75
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
53332a75
Clear warnings/errors within CIPHER_DEBUG code sections · cd387d21
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
cd387d21
Clear warnings/errors within CIPHER_DEBUG code sections · 0c403e80
Richard Levitte authored Dec 16, 2014
```
Reviewed-by: Andy Polyakov <appro@openssl.org>
```
0c403e80