Commits · 1632ef744872edc2aa2a53d487d3e79c965a4ad3 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

05 Jun, 2014 2 commits

Fix for CVE-2014-0195 · 1632ef74

Dr. Stephen Henson authored May 13, 2014

A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.

Fixed by adding consistency check for DTLS fragments.

Thanks to Jüri Aedla for reporting this issue.

1632ef74

make update · f1f4fbde
Dr. Stephen Henson authored Jun 05, 2014

f1f4fbde

03 Jun, 2014 1 commit
- Corrected OPENSSL_NO_EC_NISTP_64_GCC_128 usage in ec_lcl.h. PR#3370 · 1854c480
  Libor Krystek authored Jun 03, 2014
  
  1854c480
02 Jun, 2014 3 commits
- Check there is enough room for extension. · ebda73f8
  David Benjamin authored Jun 02, 2014
```
(cherry picked from commit 7d89b3bf42e4b4067371ab33ef7631434e41d1e4)
```
  ebda73f8
- Free up s->d1->buffered_app_data.q properly. · bcc31166
  zhu qun-ying authored Jun 02, 2014
```
PR#3286
(cherry picked from commit 71e95000afb2227fe5cac1c79ae884338bcd8d0b)
```
  bcc31166
- Typo: set i to -1 before goto. · 1dd26414
  Sami Farin authored Jun 02, 2014
```
PR#3302
(cherry picked from commit 9717f01951f976f76dd40a38d9fc7307057fa4c4)
```
  1dd26414
01 Jun, 2014 7 commits
- Added SSLErr call for internal error in dtls1_buffer_record · 056389eb
  Matt Caswell authored Jun 01, 2014
  
  056389eb
- Delays the queue insertion until after the ssl3_setup_buffers() call due to... · a07856a0
  David Ramos authored Jun 01, 2014
```
Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362
```
  a07856a0
- Recognise padding extension. · 19ce768c
  Dr. Stephen Henson authored Jun 01, 2014
```
(cherry picked from commit ea2bb861f0daaa20819bf9ac8c146f7593feacd4)

Conflicts:

	apps/s_cb.c
(cherry picked from commit 14dc83ca779e91a267701a1fb05b2bbcf2cb63c4)
```
  19ce768c
- Option to disable padding extension. · aaed77c5
  Dr. Stephen Henson authored Jun 01, 2014
```
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.

This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.

PR#3336
```
  aaed77c5
- Set default global mask to UTF8 only. · 49270d04
  Dr. Stephen Henson authored Jun 01, 2014
```
(cherry picked from commit 3009244d)
```
  49270d04
- Allocate extra space when NETSCAPE_HANG_BUG defined. · 673c42b2
  David Ramos authored Jun 01, 2014
```
Make sure there is an extra 4 bytes for server done message when
NETSCAPE_HANG_BUG is defined.

PR#3361
```
  673c42b2
- Initialise alg. · 5541b18b
  David Ramos authored Jun 01, 2014
```
PR#3313
(cherry picked from commit 7e2c6f7e)
```
  5541b18b
31 May, 2014 2 commits
- Use correct digest when exporting keying material. · 28e117f4
  Dr. Stephen Henson authored May 30, 2014
```
PR#3319
(cherry picked from commit 84691390eae86befd33c83721dacedb539ae34e6)
```
  28e117f4
- Don't compile heartbeat test code on Windows (for now). · 46bfc054
  Dr. Stephen Henson authored May 30, 2014
```
(cherry picked from commit 2c575907d2c8601a18716f718ce309ed4e1f1783)
```
  46bfc054
30 May, 2014 2 commits

add description of -attime to man page · 427a37ca

Hubert Kario authored Sep 12, 2013

the verify app man page didn't describe the usage of attime option
even though it was listed as a valid option in the -help message.

This patch fixes this omission.

427a37ca

add description of -no_ecdhe option to s_server man page · 39ae3b33

Hubert Kario authored Sep 10, 2013

While the -help message references this option, the man page
doesn't mention the -no_ecdhe option.
This patch fixes this omission.

39ae3b33

29 May, 2014 3 commits
- Set version number correctly. · 48f5b3ef
  Dr. Stephen Henson authored May 29, 2014
```
PR#3249
(cherry picked from commit 8909bf20269035d295743fca559207ef2eb84eb3)
```
  48f5b3ef
- Fix memory leak. · f8dc0006
  František Bořánek authored May 29, 2014
```
PR#3278
(cherry picked from commit de56fe797081fc09ebd1add06d6e2df42a324fd5)
```
  f8dc0006
- remove duplicate 0x for default RSASSA-PSS salt len · bf8d6f9a
  Martin Kaiser authored May 28, 2014
```
(cherry picked from commit 3820fec3a09faecba7fe9912aa20ef7fcda8337b)
```
  bf8d6f9a
27 May, 2014 1 commit
- Fix for test_bn regular expression to work on Windows using MSYS. PR#3346 · 17e844a4
  Peter Mosmans authored May 27, 2014
  
  17e844a4
26 May, 2014 1 commit
- Fixed Windows compilation failure · 8ca7d124
  Matt Caswell authored May 27, 2014
  
  8ca7d124
25 May, 2014 1 commit
- Fixed error in args for SSL_set_msg_callback and SSL_set_msg_callback_arg · 67b9c82e
  Matt Caswell authored May 25, 2014
  
  67b9c82e
24 May, 2014 1 commit
- Fix for non compilation with TLS_DEBUG defined · a6f5b991
  Matt Caswell authored May 24, 2014
  
  a6f5b991
22 May, 2014 1 commit
- Fix heartbeat_test for -DOPENSSL_NO_HEARTBEATS · 756587dc
  Mike Bland authored May 22, 2014
```
Replaces the entire test with a trivial implementation when
OPENSSL_NO_HEARTBEATS is defined.
```
  756587dc
21 May, 2014 3 commits
- Fixed minor copy&paste error, and stray space causing rendering problem · 0a084f7b
  Matt Caswell authored May 22, 2014
  
  0a084f7b
- Fix for PKCS12_create if no-rc2 specified. · da0a95b2
  Dr. Stephen Henson authored May 21, 2014
```
Use triple DES for certificate encryption if no-rc2 is
specified.

PR#3357
(cherry picked from commit 4689c08453e95eeefcc88c9f32dc6e509f95caff)
```
  da0a95b2
- Change default cipher in smime app to des3. · 599fe418
  Dr. Stephen Henson authored May 21, 2014
```
PR#3357
(cherry picked from commit ca3ffd9670f2b589bf8cc04923f953e06d6fbc58)
```
  599fe418
20 May, 2014 1 commit
- For portability use BUF_strndup instead of strndup. · 4519e7b8
  Dr. Stephen Henson authored May 20, 2014
```
(cherry picked from commit dcca7b13)
```
  4519e7b8
19 May, 2014 5 commits
- Fix a wrong parameter count ERR_add_error_data · 4659b53e
  Janpopan authored May 04, 2014
  
  4659b53e
- Merge branch 'mbland-heartbeat-test-1.0.1' into OpenSSL_1_0_1-stable · dc22495d
  Ben Laurie authored May 19, 2014
  
  dc22495d
- Unit/regression test for TLS heartbeats. · ab0d9642
  Mike Bland authored Apr 16, 2014
```
Regression test against CVE-2014-0160 (Heartbleed).

More info: http://mike-bland.com/tags/heartbleed.html

(based on commit 35cb55988b75573105eefd00d27d0138eebe40b1)
```
  ab0d9642
- Allow the maximum value. · dac3654e
  Ben Laurie authored May 19, 2014
  
  dac3654e
- Fix signed/unsigned warning. · 989d87cb
  Ben Laurie authored May 19, 2014
  
  989d87cb
15 May, 2014 2 commits
- Moved note about lack of support for AEAD modes out of BUGS section to... · d6934a02
  Matt Caswell authored May 15, 2014
```
Moved note about lack of support for AEAD modes out of BUGS section to SUPPORTED CIPHERS section (bug has been fixed, but still no support for AEAD)
```
  d6934a02
- Enc doesn't support AEAD ciphers. · f9986e9a
  Dr. Stephen Henson authored May 15, 2014
  
  f9986e9a
14 May, 2014 3 commits
- Fix grammar error in verify pod. PR#3355 · 1f5e321e
  Jeffrey Walton authored May 14, 2014
  
  1f5e321e
- Add information to BUGS section of enc documentation. PR#3354 · b6adb6ef
  Jeffrey Walton authored May 14, 2014
  
  b6adb6ef
- Corrected POD syntax errors. PR#3353 · bfdaf451
  Michal Bozon authored May 14, 2014
  
  bfdaf451
12 May, 2014 1 commit
- Check sk_SSL_CIPHER_num() after assigning sk. · 69526a35
  Kurt Roeckx authored May 12, 2014
  
  69526a35