- Mar 25, 2015
-
-
Matt Caswell authored
if CAfile or CApath were also supplied and successfully loaded first. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
create an HMAC Inspired by BoringSSL commit 2fe7f2d0d9a6fcc75b4e594eeec306cc55acd594 Reviewed-by: Richard Levitte <levitte@openssl.org> Conflicts: crypto/hmac/hmac.c
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Ensure all calls to RAND_bytes and RAND_pseudo_bytes have their return value checked correctly Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
In ssl3_send_new_session_ticket the message to be sent is constructed. We skip adding the length of the session ticket initially, then call ssl_set_handshake_header, and finally go back and add in the length of the ticket. Unfortunately, in DTLS, ssl_set_handshake_header also has the side effect of buffering the message for subsequent retransmission if required. By adding the ticket length after the call to ssl_set_handshake_header the message that is buffered is incomplete, causing an invalid message to be sent on retransmission. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 4f9fab6b) Conflicts: ssl/s3_srvr.c
-
Matt Caswell authored
In DTLS, immediately prior to epoch change, the write_sequence is supposed to be stored in s->d1->last_write_sequence. The write_sequence is then reset back to 00000000. In the event of retransmits of records from the previous epoch, the last_write_sequence is restored. This commit fixes a bug in DTLS1.2 where the write_sequence was being reset before last_write_sequence was saved, and therefore retransmits are sent with incorrect sequence numbers. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit d5d0a1cb)
-
- Mar 24, 2015
-
-
Kurt Roeckx authored
The certificate already contains the DH parameters in that case. ssl3_send_server_key_exchange() would fail in that case anyway. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 93f1c136)
-
Dr. Stephen Henson authored
OCSP verification changes mean the OCSP tests now need -trusted_first Reviewed-by: Matt Caswell <matt@openssl.org>
-
Dr. Stephen Henson authored
Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 7b68c30d)
-
Dr. Stephen Henson authored
If a set of certificates is supplied to OCSP_basic_verify use those in addition to any present in the OCSP response as untrusted CAs when verifying a certificate chain. PR#3668 Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 4ca5efc2)
-
Mike Frysinger authored
Fix compilation failure when SCTP is compiled due to incorrect define. Reported-by: Conrad Kostecki <ck+gentoobugzilla@bl4ckb0x.de> URL: https://bugs.gentoo.org/543828 RT#3758 Signed-off-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 7c82e339)
-
- Mar 23, 2015
-
-
Matt Caswell authored
Don't check that the curve appears in the list of acceptable curves for the peer, if they didn't send us such a list (RFC 4492 does not require that the extension be sent). Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit b79d2410)
-
Andy Polyakov authored
In cooperation with Ard Biesheuvel (Linaro) and Sami Tolvanen (Google). Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2ecd32a1)
-
- Mar 22, 2015
-
-
Matt Caswell authored
Fix builds config'd with no-ec and no-ec2m. Technically this combination is redundant - but the fix is straight forward. Fix from OpenWrt. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
-
- Mar 20, 2015
-
-
Matt Caswell authored
Updated test/testssl script to include the new DTLS capability in ssltest. Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 3c381e54)
-
David Woodhouse authored
Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 98b8cdd3) Conflicts: ssl/ssltest.c
-
David Woodhouse authored
Reviewed-by: Emilia Käsper <emilia@openssl.org> (cherry picked from commit 504e643e) Conflicts: ssl/ssl_lib.c
-
- Mar 19, 2015
-
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Fix some unsigned/signed warnings introduced as part of the fix for CVE-2015-0293 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Update the NEWS file with the latest entries from CHANGES ready for the release. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Update CHANGES file with all the latest fixes ready for the release. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
There was a discrepancy between the 1.0.2 version of NEWS and the 1.0.1 version. This fixes it. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
There were some discrepancies in the CHANGES file between the 1.0.1 version and 1.0.2. This corrects it. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
Remove entries from CHANGES and NEWS from letter releases that occur *after* the next point release. Without this we get duplicate entries for the same issue appearing multiple times. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Emilia Kasper authored
This assert is reachable for servers that support SSLv2 and export ciphers. Therefore, such servers can be DoSed by sending a specially crafted SSLv2 CLIENT-MASTER-KEY. Also fix s2_srvr.c to error out early if the key lengths are malformed. These lengths are sent unencrypted, so this does not introduce an oracle. CVE-2015-0293 This issue was discovered by Sean Burford (Google) and Emilia Käsper of the OpenSSL development team. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Emilia Kasper authored
In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson <steve@openssl.org>
-
Dr. Stephen Henson authored
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
If client auth is used then a server can seg fault in the event of a DHE cipher being used and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. CVE-2015-1787 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Dr. Stephen Henson authored
If a client renegotiates using an invalid signature algorithms extension it will crash a server with a NULL pointer dereference. Thanks to David Ramos of Stanford University for reporting this bug. CVE-2015-0291 Reviewed-by: Tim Hudson <tjh@openssl.org> Conflicts: ssl/t1_lib.c
-
Dr. Stephen Henson authored
Fix a bug where invalid PSS parameters are not rejected resulting in a NULL pointer exception. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Brian Carpenter for reporting this issues. CVE-2015-0208 Reviewed-by: Tim Hudson <tjh@openssl.org>
-
Dr. Stephen Henson authored
CVE-2015-0287 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
-
Matt Caswell authored
The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invokation to the next that can lead to a segmentation fault. Erorrs processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server. CVE-2015-0207 Reviewed-by: Richard Levitte <levitte@openssl.org>
-
Matt Caswell authored
OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack. CVE-2015-0290 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
-
- Mar 18, 2015
-
-
Dr. Stephen Henson authored
Add support for ServerInfo SSL_CONF option and update documentation. This was wrongly omitted from the 1.0.2 release. Reviewed-by: Richard Levitte <levitte@openssl.org>
-
- Mar 17, 2015
-
-
Matt Caswell authored
Some miscellaneous removal of dead code from apps. Also fix an issue with error handling with pkcs7. Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 11abf922)
-