Commits · 82182413a417fabd35a0a8eb9b6a76606eeb3502 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Oct 23, 2014

Parse custom extensions after SNI. · 82182413

Dr. Stephen Henson authored Oct 20, 2014



Since SNI will typically switch the SSL_CTX structure to the one
corresponding to the appopriate server we need to parse custom
extensions using the switched SSL_CTX not the original one. This
is done by parsing custom extensions *after* SNI.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

82182413

Oct 22, 2014

Add missing credit. · 0ce2dbfb

Andy Polyakov authored Oct 22, 2014



Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 9f4bd9d5)

0ce2dbfb

Oct 21, 2014

Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation. · 981545e1
Bodo Moeller authored Oct 21, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
981545e1
When processing ClientHello.cipher_suites, don't ignore cipher suites · d60de314
Bodo Moeller authored Oct 21, 2014
```
listed after TLS_FALLBACK_SCSV.

RT: 3575
Reviewed-by: Emilia Kasper <emilia@openssl.org>
```
d60de314

Keep old method in case of an unsupported protocol · b6ece4c1

Kurt Roeckx authored Oct 21, 2014

When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
the method to NULL.  We didn't used to do that, and it breaks things.  This is a
regression introduced in 62f45cc2

.  Keep the old
method since the code is not able to deal with a NULL method at this time.

CVE-2014-3569, PR#3571

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 392fa7a9)

b6ece4c1

Oct 20, 2014
- no-ssl2 with no-ssl3 does not mean drop the ssl lib · bb086221
  Tim Hudson authored Oct 20, 2014
```
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit c882abd5)
```
  bb086221
Oct 17, 2014
- RT3547: Add missing static qualifier · b4b8969d
  Kurt Cancemi authored Sep 28, 2014
```
Reviewed-by: Ben Laurie <ben@openssl.org>
(cherry picked from commit 87d388c9)
```
  b4b8969d
Oct 15, 2014

Updates to NEWS file · 010d3762
Matt Caswell authored Oct 15, 2014
```
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
```
010d3762
Updates to CHANGES file · 84d4f99d
Matt Caswell authored Oct 15, 2014
```
Reviewed-by: Bodo Möller <bodo@openssl.org>
```
84d4f99d

Fix no-ssl3 configuration option · 82180dcc

Geoff Thorpe authored Oct 15, 2014



CVE-2014-3568

Reviewed-by: Emilia Kasper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

82180dcc

Fix for session tickets memory leak. · c2b90b39

Dr. Stephen Henson authored Oct 15, 2014



CVE-2014-3567

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5dc6070a03779cd524f0e67f76c945cb0ac38320)

c2b90b39

Fix SRTP compile issues for windows · c2a2ff3f

Matt Caswell authored Oct 15, 2014



Related to CVE-2014-3513

This fix was developed by the OpenSSL Team

Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	util/mkdef.pl
	util/ssleay.num

Conflicts:
	util/mkdef.pl

c2a2ff3f

Fix for SRTP Memory Leak · d64b6c98

Matt Caswell authored Oct 15, 2014



CVE-2014-3513

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Reviewed-by: Tim Hudson <tjh@openssl.org>

d64b6c98

Fix SSL_R naming inconsistency. · 05df9b9a
Bodo Moeller authored Oct 15, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
05df9b9a
aesni-x86_64.pl: make ECB subroutine Windows ABI compliant. · 3e3cc471
Andy Polyakov authored Oct 15, 2014
```
RT: 3553
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 69d5747f)
```
3e3cc471
Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv · 80fb4820
Bodo Moeller authored Oct 15, 2014
```
handling out of #ifndef OPENSSL_NO_DTLS1 section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
```
80fb4820

Oop: revert unintentional change committed along with · 2229fe5b

Bodo Moeller authored Oct 15, 2014


TLS_FALLBACK_SCSV support, restoring a reviewed state instead.

Reviewed-by: Stephen Henson <(steve@openssl.org)>

2229fe5b

Support TLS_FALLBACK_SCSV. · a46c7052
Bodo Moeller authored Oct 15, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
a46c7052

Oct 06, 2014

Removed duplicate definition of PKCS7_type_is_encrypted · dc7bca8b

Matt Caswell authored Oct 03, 2014



Patch supplied by Matthieu Patou <mat@matws.net>, and modified to also
remove duplicate definition of PKCS7_type_is_digest.

PR#3551

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e0fdea3e)

dc7bca8b

Fix single makefile. · f58cfe04
Ben Laurie authored Oct 04, 2014
```
Reviewed-by: Geoffrey Thorpe <geoff@geoffthorpe.net>
```
f58cfe04

Oct 03, 2014

RT3462: Document actions when data==NULL · 20d1c811

Rich Salz authored Sep 08, 2014



If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 5aed1693)

20d1c811

Oct 02, 2014
- DTLS 1.2 support has been added to 1.0.2. · c578fe37
  Bodo Moeller authored Oct 02, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  c578fe37
Sep 30, 2014
- RT2309: Fix podpage MMNNFFPPS->MNNFFPPS · a4ee5bbc
  Rich Salz authored Sep 30, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 9208640a)
```
  a4ee5bbc
- e_os.h: refine inline override logic (to address warnings in debug build). · 8ad90503
  Andy Polyakov authored Sep 30, 2014
```
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 55c7a4cf)
```
  8ad90503
Sep 29, 2014

Add additional DigestInfo checks. · 5df07a72

Dr. Stephen Henson authored Sep 25, 2014



Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>

5df07a72

Sep 25, 2014
- Prepare for 1.0.2-beta4-dev · 0853b2c5
  Matt Caswell authored Sep 25, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  0853b2c5
- Prepare for 1.0.2-beta3 release · 2c5db8da
  Matt Caswell authored Sep 25, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  OpenSSL_1_0_2-beta3
  
  2c5db8da
- make update · bffd5a7f
  Matt Caswell authored Sep 25, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  bffd5a7f
- Added 1.0.1i CHANGES and NEWS updates · 5e60396f
  Matt Caswell authored Sep 25, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
  5e60396f
- Add missing tests · 0d6a11a9
  Emilia Kasper authored Sep 25, 2014
```
Accidentally omitted from commit 455b65df



Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit fdc35a9d)
```
  0d6a11a9
- Add constant_time_locl.h to HEADERS, · f9fac616
  Tim Hudson authored Sep 25, 2014
```
so the Win32 compile picks it up correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  f9fac616
- Add the constant time test to the VMS build and tests · ef8055cb
  Richard Levitte authored Sep 25, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  ef8055cb
- Include "constant_time_locl.h" rather than "../constant_time_locl.h". · 3b7ab6f4
  Richard Levitte authored Sep 24, 2014
```
The different -I compiler parameters will take care of the rest...

Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  3b7ab6f4
Sep 24, 2014

Don't allow non-FIPS curves in FIPS mode. · 3b4a7618
Dr. Stephen Henson authored Sep 23, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3b4a7618
Use correct function name: CMS_add1_signer() · 25540175
Dr. Stephen Henson authored Sep 20, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5886354d)
```
25540175
crypto/bn/bn_nist.c: work around MSC ARM compiler bug. · ec65b83d
Andy Polyakov authored Sep 25, 2014
```
RT: 3541
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit 8b07c005)
```
ec65b83d
e_os.h: allow inline functions to be compiled by legacy compilers. · d169bf9c
Andy Polyakov authored Sep 25, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 40155f40)
```
d169bf9c

RT3425: constant-time evp_enc · 738911cd

Emilia Kasper authored Sep 05, 2014



Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f)

Conflicts:
	crypto/evp/evp_enc.c

738911cd

RT3067: simplify patch · e1080ea3

Emilia Kasper authored Sep 04, 2014

(Original commit adb46dbc

)

Use the new constant-time methods consistently in s3_srvr.c

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 455b65df)

e1080ea3

This change alters the processing of invalid, RSA pre-master secrets so · 941af48f

Adam Langley authored Apr 24, 2013

that bad encryptions are treated like random session keys in constant
time.

(cherry picked from commit adb46dbc

)

Reviewed-by: Rich Salz <rsalz@openssl.org>

941af48f