Commits · 42af669ff2754dfbe1dd55a0ab56664f82284dc4 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Oct 28, 2014

Use only unsigned arithmetic in constant-time operations · 42af669f
Samuel Neves authored Oct 04, 2014
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
42af669f

Tighten session ticket handling · 4c75f4e5

Emilia Kasper authored Oct 28, 2014



Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.

Reviewed-by: Bodo Moeller <bodo@openssl.org>
(cherry picked from commit d663df23)

4c75f4e5

Oct 27, 2014

Sync CHANGES · 13803174
Emilia Kasper authored Oct 27, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
13803174

Fix ssltest logic when some protocols are compiled out. · a35f7adf

Emilia Kasper authored Oct 27, 2014



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit fd28a41e)

Conflicts:
	ssl/ssltest.c

a35f7adf

Oct 24, 2014

Copy negotiated parameters in SSL_set_SSL_CTX. · 1ce95f19

Dr. Stephen Henson authored Oct 09, 2014



SSL_set_SSL_CTX is used to change the SSL_CTX for SNI, keep the
supported signature algorithms and raw cipherlist.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 14e14bf6)

1ce95f19

Process signature algorithms in ClientHello late. · 51695b98

Dr. Stephen Henson authored Oct 09, 2014



Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit c800c27a)

Conflicts:

	ssl/ssl.h
	ssl/ssl_err.c
	ssl/ssl_locl.h

51695b98

Oct 23, 2014

Parse custom extensions after SNI. · 82182413

Dr. Stephen Henson authored Oct 20, 2014



Since SNI will typically switch the SSL_CTX structure to the one
corresponding to the appopriate server we need to parse custom
extensions using the switched SSL_CTX not the original one. This
is done by parsing custom extensions *after* SNI.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

82182413

Oct 22, 2014

Add missing credit. · 0ce2dbfb

Andy Polyakov authored Oct 22, 2014



Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 9f4bd9d5)

0ce2dbfb

Oct 21, 2014

Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation. · 981545e1
Bodo Moeller authored Oct 21, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
981545e1
When processing ClientHello.cipher_suites, don't ignore cipher suites · d60de314
Bodo Moeller authored Oct 21, 2014
```
listed after TLS_FALLBACK_SCSV.

RT: 3575
Reviewed-by: Emilia Kasper <emilia@openssl.org>
```
d60de314

Keep old method in case of an unsupported protocol · b6ece4c1

Kurt Roeckx authored Oct 21, 2014

When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
the method to NULL.  We didn't used to do that, and it breaks things.  This is a
regression introduced in 62f45cc2

.  Keep the old
method since the code is not able to deal with a NULL method at this time.

CVE-2014-3569, PR#3571

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 392fa7a9)

b6ece4c1

Oct 20, 2014
- no-ssl2 with no-ssl3 does not mean drop the ssl lib · bb086221
  Tim Hudson authored Oct 20, 2014
```
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit c882abd5)
```
  bb086221
Oct 17, 2014
- RT3547: Add missing static qualifier · b4b8969d
  Kurt Cancemi authored Sep 28, 2014
```
Reviewed-by: Ben Laurie <ben@openssl.org>
(cherry picked from commit 87d388c9)
```
  b4b8969d
Oct 15, 2014

Updates to NEWS file · 010d3762
Matt Caswell authored Oct 15, 2014
```
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
```
010d3762
Updates to CHANGES file · 84d4f99d
Matt Caswell authored Oct 15, 2014
```
Reviewed-by: Bodo Möller <bodo@openssl.org>
```
84d4f99d

Fix no-ssl3 configuration option · 82180dcc

Geoff Thorpe authored Oct 15, 2014



CVE-2014-3568

Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

82180dcc

Fix for session tickets memory leak. · c2b90b39

Dr. Stephen Henson authored Oct 15, 2014



CVE-2014-3567

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5dc6070a03779cd524f0e67f76c945cb0ac38320)

c2b90b39

Fix SRTP compile issues for windows · c2a2ff3f

Matt Caswell authored Oct 15, 2014



Related to CVE-2014-3513

This fix was developed by the OpenSSL Team

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	util/mkdef.pl
	util/ssleay.num

Conflicts:
	util/mkdef.pl

c2a2ff3f

Fix for SRTP Memory Leak · d64b6c98

Matt Caswell authored Oct 15, 2014



CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Reviewed-by: Tim Hudson <tjh@openssl.org>

d64b6c98

Fix SSL_R naming inconsistency. · 05df9b9a
Bodo Moeller authored Oct 15, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
05df9b9a
aesni-x86_64.pl: make ECB subroutine Windows ABI compliant. · 3e3cc471
Andy Polyakov authored Oct 15, 2014
```
RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 69d5747f)
```
3e3cc471
Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv · 80fb4820
Bodo Moeller authored Oct 15, 2014
```
handling out of #ifndef OPENSSL_NO_DTLS1 section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
80fb4820

Oop: revert unintentional change committed along with · 2229fe5b

Bodo Moeller authored Oct 15, 2014


TLS_FALLBACK_SCSV support, restoring a reviewed state instead.

Reviewed-by: Stephen Henson <(steve@openssl.org)>

2229fe5b

Support TLS_FALLBACK_SCSV. · a46c7052
Bodo Moeller authored Oct 15, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
a46c7052

Oct 06, 2014

Removed duplicate definition of PKCS7_type_is_encrypted · dc7bca8b

Matt Caswell authored Oct 03, 2014



Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.

PR#3551

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e0fdea3e)

dc7bca8b

Fix single makefile. · f58cfe04
Ben Laurie authored Oct 04, 2014
```
Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>
```
f58cfe04

Oct 03, 2014

RT3462: Document actions when data==NULL · 20d1c811

Rich Salz authored Sep 08, 2014



If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 5aed1693)

20d1c811

Oct 02, 2014
- DTLS 1.2 support has been added to 1.0.2. · c578fe37
  Bodo Moeller authored Oct 02, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  c578fe37
Sep 30, 2014
- RT2309: Fix podpage MMNNFFPPS->MNNFFPPS · a4ee5bbc
  Rich Salz authored Sep 30, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 9208640a)
```
  a4ee5bbc
- e_os.h: refine inline override logic (to address warnings in debug build). · 8ad90503
  Andy Polyakov authored Sep 30, 2014
```
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 55c7a4cf)
```
  8ad90503
Sep 29, 2014

Add additional DigestInfo checks. · 5df07a72

Dr. Stephen Henson authored Sep 25, 2014



Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>

5df07a72

Sep 25, 2014
- Prepare for 1.0.2-beta4-dev · 0853b2c5
  Matt Caswell authored Sep 25, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  0853b2c5
- Prepare for 1.0.2-beta3 release · 2c5db8da
  Matt Caswell authored Sep 25, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  OpenSSL_1_0_2-beta3
  
  2c5db8da
- make update · bffd5a7f
  Matt Caswell authored Sep 25, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  bffd5a7f
- Added 1.0.1i CHANGES and NEWS updates · 5e60396f
  Matt Caswell authored Sep 25, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
  5e60396f
- Add missing tests · 0d6a11a9
  Emilia Kasper authored Sep 25, 2014
```
Accidentally omitted from commit 455b65df



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit fdc35a9d)
```
  0d6a11a9
- Add constant_time_locl.h to HEADERS, · f9fac616
  Tim Hudson authored Sep 25, 2014
```
so the Win32 compile picks it up correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  f9fac616
- Add the constant time test to the VMS build and tests · ef8055cb
  Richard Levitte authored Sep 25, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  ef8055cb
- Include "constant_time_locl.h" rather than "../constant_time_locl.h". · 3b7ab6f4
  Richard Levitte authored Sep 24, 2014
```
The different -I compiler parameters will take care of the rest...

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  3b7ab6f4
Sep 24, 2014
- Don't allow non-FIPS curves in FIPS mode. · 3b4a7618
  Dr. Stephen Henson authored Sep 23, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  3b4a7618