Commits · 44f4934bdeddfa2cc1533feaa636d5978476dc88 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

01 Nov, 2013 1 commit

DTLS/SCTP struct authchunks Bug · 44f4934b

Robin Seggelmann authored May 09, 2012

PR: 2809

DTLS/SCTP requires DATA and FORWARD-TSN chunks to be protected with
SCTP-AUTH.  It is checked if this has been activated successfully for
the local and remote peer. Due to a bug, however, the
gauth_number_of_chunks field of the authchunks struct is missing on
FreeBSD, and was therefore not considered in the OpenSSL implementation.
This patch sets the corresponding pointer for the check correctly
whether or not this bug is present.
(cherry picked from commit f596e3c4)
(cherry picked from commit b8140811)

44f4934b

20 Oct, 2013 2 commits

Fix another gmt_unix_time case in server_random · 453ca706
Nick Mathewson authored Oct 20, 2013

453ca706

Don't use RSA+MD5 with TLS 1.2 · 5e1ff664

Dr. Stephen Henson authored Oct 15, 2013

Since the TLS 1.2 supported signature algorithms extension is less
sophisticaed in OpenSSL 1.0.1 this has to be done in two stages.

RSA+MD5 is removed from supported signature algorithms extension:
any compliant implementation should never use RSA+MD5 as a result.

To cover the case of a broken implementation using RSA+MD5 anyway
disable lookup of MD5 algorithm in TLS 1.2.

5e1ff664

19 Oct, 2013 3 commits
- More cleanup. · 833a8966
  Ben Laurie authored Oct 19, 2013
  
  833a8966
- Cleanup. · 34e43b90
  Ben Laurie authored Oct 19, 2013
  
  34e43b90
- Merge branch 'no_gmt_unix_time' of git://github.com/nmathewson/openssl into OpenSSL_1_0_1-stable · 62036c6f
  Ben Laurie authored Oct 19, 2013
  
  62036c6f
13 Oct, 2013 1 commit

MIPS assembly pack: get rid of deprecated instructions. · 68dd8512

Andy Polyakov authored Oct 13, 2013

Latest MIPS ISA specification declared 'branch likely' instructions
obsolete. To makes code future-proof replace them with equivalent.
(cherry picked from commit 0c2adb0a)

68dd8512

12 Oct, 2013 1 commit

aes/asm/bsaes-x86_64.pl: update from master. · bbf9f3c6

Andy Polyakov authored Oct 12, 2013

Performance improvement and Windows-specific bugfix (PR#3139).
(cherry picked from commit 9ed6fba2)

bbf9f3c6

09 Oct, 2013 2 commits

Control sending time with SSL_SEND_{CLIENT,SERVER}RANDOM_MODE · 25832701

Nick Mathewson authored Oct 09, 2013

(I'd rather use an option, but it appears that the options field is
full.)

Now, we send the time in the gmt_unix_time field if the appropriate
one of these mode options is set, but randomize the field if the flag
is not set.

25832701

Refactor {client,server}_random to call an intermediate function · 3da721da
Nick Mathewson authored Oct 09, 2013
```
I'll be using this to make an option for randomizing the time.
```
3da721da

03 Oct, 2013 1 commit
- evp/e_des3.c: fix typo with potential integer overflow on 32-bit platforms. · eb22b7ec
  Andy Polyakov authored Oct 03, 2013
```
Submitted by: Yuriy Kaminskiy
(cherry picked from commit 524b00c0)

Resolved conflicts:

	crypto/evp/e_des3.c
```
  eb22b7ec
01 Oct, 2013 1 commit
- Constification. · b9391614
  Ben Laurie authored Oct 01, 2013
  
  b9391614
30 Sep, 2013 1 commit
- Typo. · 82f42a1d
  Dr. Stephen Henson authored Jul 17, 2013
```
(cherry picked from commit 415ece73)
```
  82f42a1d
22 Sep, 2013 2 commits
- Disable Dual EC DRBG. · a4870de5
  Dr. Stephen Henson authored Sep 16, 2013
```
Return an error if an attempt is made to enable the Dual EC DRBG: it
is not used by default.
```
  a4870de5
- Fix warning. · 39aabe59
  Dr. Stephen Henson authored Sep 16, 2013
  
  39aabe59
16 Sep, 2013 13 commits
- Do not include a timestamp in the ServerHello Random field. · f4c93b46
  Nick Mathewson authored Sep 16, 2013
```
Instead, send random bytes.
```
  f4c93b46
- Do not include a timestamp in the ClientHello Random field. · 4af79303
  Nick Mathewson authored Sep 07, 2013
```
Instead, send random bytes.

While the gmt_unix_time record was added in an ostensible attempt to
mitigate the dangers of a bad RNG, its presence leaks the host's view
of the current time in the clear.  This minor leak can help
fingerprint TLS instances across networks and protocols... and what's
worse, it's doubtful thet the gmt_unix_time record does any good at
all for its intended purpose, since:

    * It's quite possible to open two TLS connections in one second.
    * If the PRNG output is prone to repeat itself, ephemeral
    * handshakes (and who knows what else besides) are broken.
```
  4af79303
- Update CHANGES. · 13bca90a
  Rob Stradling authored Sep 12, 2013
  
  13bca90a
- Tidy up comments. · c9a6ddaf
  Rob Stradling authored Sep 10, 2013
  
  c9a6ddaf
- Use TLS version supplied by client when fingerprinting Safari. · f4a51970
  Rob Stradling authored Sep 10, 2013
  
  f4a51970
- Fix compilation with no-ec and/or no-tlsext. · 937f125e
  Rob Stradling authored Sep 10, 2013
  
  937f125e
- Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. · 4b61f6d2
  Rob Stradling authored Sep 09, 2013
```
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
```
  4b61f6d2
- Remove AVX and VIS3 support. · d5bff726
  Ben Laurie authored Sep 16, 2013
  
  d5bff726
- gcm128.c: update from master (add AVX and VIS3 support). · 3b4be001
  Andy Polyakov authored May 19, 2013
  
  3b4be001
- crypto/modes: even more strict aliasing fixes [and fix bug in cbc128.c from · 125c2ed8
  Andy Polyakov authored Nov 05, 2012
```
previous cbc128.c commit].
```
  125c2ed8
- cbc128.c: fix strict aliasing warning. · 09da9554
  Andy Polyakov authored Nov 05, 2012
  
  09da9554
- Sync CHANGES and NEWS files. · cc53b385
  Bodo Moeller authored Sep 16, 2013
  
  cc53b385
- Fix overly lenient comparisons: · 0aeeae0c
  Bodo Moeller authored Sep 16, 2013
```
    - EC_GROUP_cmp shouldn't consider curves equal just because
      the curve name is the same. (They really *should* be the same
      in this case, but there's an EC_GROUP_set_curve_name API,
      which could be misused.)

    - EC_POINT_cmp shouldn't return 0 for ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED
      or EC_R_INCOMPATIBLE_OBJECTS errors because in a cmp API, 0 indicates
      equality (not an error).

    Reported by: king cope

(cherry picked from commit 312a46791ab465cfa3bf26764361faed0e5df014)
```
  0aeeae0c
15 Sep, 2013 1 commit
- crypto/armcap.c: fix typo in rdtsc subroutine. · 00c991f0
  Andy Polyakov authored Sep 15, 2013
```
PR: 3125
Submitted by: Kyle McMartin
(cherry picked from commit 8e52a906)
```
  00c991f0
20 Aug, 2013 1 commit
- Correct ECDSA example. · 55856a7b
  Dr. Stephen Henson authored Aug 20, 2013
```
(cherry picked from commit 3a918ea2bbf4175d9461f81be1403d3781b2c0dc)
```
  55856a7b
13 Aug, 2013 1 commit

DTLS message_sequence number wrong in rehandshake ServerHello · 83a3af9f

Michael Tuexen authored Aug 13, 2013

This fix ensures that
* A HelloRequest is retransmitted if not responded by a ClientHello
* The HelloRequest "consumes" the sequence number 0. The subsequent
ServerHello uses the sequence number 1.
* The client also expects the sequence number of the ServerHello to
be 1 if a HelloRequest was received earlier.
This patch fixes the RFC violation.
(cherry picked from commit b62f4daa)

83a3af9f

08 Aug, 2013 1 commit

DTLS handshake fix. · 76bf0cf2

Michael Tuexen authored Aug 08, 2013

Reported by: Prashant Jaikumar <rmstar@gmail.com>

Fix handling of application data received before a handshake.
(cherry picked from commit 0c75eeac)

76bf0cf2

06 Aug, 2013 2 commits

Fix verify loop with CRL checking. · 7cf0529b

Dr. Stephen Henson authored Jul 12, 2013

PR #3090
Reported by: Franck Youssef <fry@open.ch>

If no new reason codes are obtained after checking a CRL exit with an
error to avoid repeatedly checking the same CRL.

This will only happen if verify errors such as invalid CRL scope are
overridden in a callback.
(cherry picked from commit 4b26645c)

7cf0529b

Fix for PEM_X509_INFO_read_bio. · 6c03af13

Kaspar Brand authored Aug 06, 2013

PR: 3028
Fix bug introduced in PEM_X509_INFO_bio which wouldn't process RSA keys
correctly if they appeared first.
(cherry picked from commit 5ae8d6bc)

6c03af13

03 Aug, 2013 1 commit

crypto/evp/e_aes.c: fix logical pre-processor bug and formatting. · 5cd1aa4f

Andy Polyakov authored Aug 03, 2013

Bug would emerge when XTS is added to bsaes-armv7.pl. Pointed out by
Ard Biesheuvel of Linaro.
(cherry picked from commit 044f63086051d7542fa9485a1432498c39c4d8fa)

5cd1aa4f

31 Jul, 2013 1 commit
- crypto/sha/asm/sha1-x86_64.pl: comply with Win64 ABI. · 04b80f40
  Andy Polyakov authored Jul 31, 2013
  
  04b80f40
30 Jun, 2013 2 commits
- config: fix executable format detection on latest FreeBSD. · 591c55a9
  Andy Polyakov authored Jun 30, 2013
```
Submitted by: Bryan Drewery
PR: 3075
(cherry picked from commit c256e69d)
```
  591c55a9
- PA-RISC assembler pack: switch to bve in 64-bit builds. · cd269386
  Andy Polyakov authored Jun 18, 2013
```
PR: 3074
(cherry picked from commit 02450ec6)
```
  cd269386
12 Jun, 2013 1 commit
- Typo: don't call RAND_cleanup during app startup. · 25370e93
  Dr. Stephen Henson authored Jun 12, 2013
```
(cherry picked from commit 90e7f983)
```
  25370e93
30 May, 2013 1 commit
- Don't use RC2 with PKCS#12 files in FIPS mode. · cdb6c484
  Dr. Stephen Henson authored May 30, 2013
  
  cdb6c484