Commits · a2a2bbafdebdbcc65880c2fda1475b79de13b935 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Jan 22, 2015

Make the script a little more location agnostic · a2a2bbaf
Richard Levitte authored Jan 20, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
a2a2bbaf
Provide script for filtering data initialisers for structs/unions. indent just can't handle it. · b0727cd5
Matt Caswell authored Jan 20, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
b0727cd5

Dr. Stephen Henson authored Jan 20, 2015



Don't use double newline for headers.
Don't interpret ASN1_PCTX as start of an ASN.1 module.

Reviewed-by: Tim Hudson <tjh@openssl.org>

d808ebd3

Run expand before perl, to make sure things are properly aligned · 23f5f5b9
Richard Levitte authored Jan 20, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
23f5f5b9
Force the use of our indent profile · 5e121092
Richard Levitte authored Jan 20, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
5e121092

Provide source reformating script. Requires GNU indent to be · 7ef6c2b9

Tim Hudson authored Jan 05, 2015


available.

Script written by Tim Hudson, with amendments by Steve Henson, Rich Salz and
Matt Caswell

Reviewed-by: Matt Caswell <matt@openssl.org>

7ef6c2b9

Fix source where indent will not be able to cope · 00ea17f9

Matt Caswell authored Jan 19, 2015



Conflicts:
	apps/ciphers.c
	ssl/s3_pkt.c

Conflicts:
	crypto/ec/ec_curve.c

Conflicts:
	crypto/ec/ec_curve.c
	ssl/s3_clnt.c
	ssl/s3_srvr.c
	ssl/ssl_sess.c

Conflicts:
	apps/ciphers.c
	crypto/bn/bn.h
	crypto/ec/ec_curve.c
	ssl/t1_enc.c
	ssl/t1_lib.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

00ea17f9

Additional comment changes for reformat of 0.9.8 · 3e8042c3
Matt Caswell authored Jan 16, 2015
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
3e8042c3

Further comment amendments to preserve formatting prior to source reformat · 564ccc55

Matt Caswell authored Jan 05, 2015



(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)

Conflicts:
	crypto/x509v3/pcy_tree.c

Conflicts:
	apps/apps.c
	ssl/ssltest.c

Conflicts:
	apps/apps.c
	crypto/ec/ec2_oct.c
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	ssl/s3_cbc.c
	ssl/ssl_sess.c
	ssl/t1_lib.c

Conflicts:
	crypto/bio/b_sock.c
	crypto/pem/pem.h
	crypto/x509/x509_vfy.c
	crypto/x509v3/pcy_tree.c
	ssl/s3_both.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

564ccc55

mark all block comments that need format preserving so that · b558c8d5

Tim Hudson authored Dec 28, 2014

indent will not alter them when reformatting comments

(cherry picked from commit 1d97c843

)

Conflicts:
	crypto/bn/bn_lcl.h
	crypto/bn/bn_prime.c
	crypto/engine/eng_all.c
	crypto/rc4/rc4_utl.c
	crypto/sha/sha.h
	ssl/kssl.c
	ssl/t1_lib.c

Conflicts:
	crypto/rc4/rc4_enc.c
	crypto/x509v3/v3_scts.c
	crypto/x509v3/v3nametest.c
	ssl/d1_both.c
	ssl/s3_srvr.c
	ssl/ssl.h
	ssl/ssl_locl.h
	ssl/ssltest.c
	ssl/t1_lib.c

Conflicts:
	crypto/asn1/a_sign.c
	crypto/bn/bn_div.c
	crypto/dsa/dsa_asn1.c
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistputil.c
	crypto/modes/gcm128.c
	crypto/opensslv.h
	ssl/d1_both.c
	ssl/heartbeat_test.c
	ssl/s3_clnt.c
	ssl/s3_srvr.c
	ssl/ssl_sess.c
	ssl/t1_lib.c
	test/testutil.h

Conflicts:
	apps/openssl.c
	apps/ts.c
	apps/vms_decc_init.c
	crypto/aes/aes_core.c
	crypto/aes/aes_x86core.c
	crypto/dsa/dsa_ameth.c
	crypto/ec/ec2_mult.c
	crypto/evp/evp.h
	crypto/objects/objects.h
	crypto/rsa/rsa_pss.c
	crypto/stack/safestack.h
	crypto/ts/ts.h
	crypto/ts/ts_rsp_verify.c
	crypto/whrlpool/wp_dgst.c
	crypto/x509v3/v3_ncons.c
	e_os2.h
	engines/ccgost/gost89.c
	engines/ccgost/gost_ctl.c
	engines/ccgost/gost_keywrap.c
	engines/ccgost/gost_keywrap.h
	engines/ccgost/gost_sign.c
	ssl/kssl.c
	ssl/s3_srvr.c

Reviewed-by: Tim Hudson <tjh@openssl.org>

b558c8d5

Jan 15, 2015
- Prepare for 0.9.8zf-dev · ba442a7e
  Matt Caswell authored Jan 15, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  OpenSSL_0_9_8-pre-reformat
  
  ba442a7e
- Prepare for 0.9.8ze release · e8ccaee3
  Matt Caswell authored Jan 15, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  OpenSSL_0_9_8ze
  
  e8ccaee3
- make update · 60431d0d
  Matt Caswell authored Jan 15, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  60431d0d
- Updates to CHANGES and NEWS · 346a46f0
  Matt Caswell authored Jan 15, 2015
```
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
```
  346a46f0
Jan 13, 2015

Fix warning where BIO_FLAGS_UPLINK was being redefined. · 56abaa14

Matt Caswell authored Jan 10, 2015


This warning breaks the build in 1.0.0 and 0.9.8

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit b1ffc6ca)

56abaa14

Avoid deprecation problems in Visual Studio 13 · 8b8a48d0

Matt Caswell authored Jan 09, 2015



Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 86d21d0b)

Conflicts:
	e_os.h

8b8a48d0

Avoid Windows 8 Getversion deprecated errors. · 09caf4ff

Dr. Stephen Henson authored Feb 25, 2014

Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c80

)

Conflicts:
	apps/apps.c
	crypto/bio/bss_log.c

Backported by Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openss.org>

09caf4ff

Jan 09, 2015

Further windows specific .gitignore entries · 9793a071

Matt Caswell authored Jan 09, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 41c9cfbc)

9793a071

Update .gitignore with windows files to be excluded from git · aa9296e3

Matt Caswell authored Jan 09, 2015



Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	.gitignore

(cherry picked from commit 04f670cf)

Conflicts:
	.gitignore

aa9296e3

Jan 08, 2015

Prepare for 0.9.8ze-dev · bc253b09
Matt Caswell authored Jan 08, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
bc253b09
Prepare for 0.9.8zd release · b873409e
Matt Caswell authored Jan 08, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
OpenSSL_0_9_8zd

b873409e
make update · f89250f2
Matt Caswell authored Jan 08, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
f89250f2

CHANGES and NEWS updates for release · 1dc6a544

Matt Caswell authored Jan 08, 2015



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Steve Henson <steve@openssl.org>

1dc6a544

Fix typo. · a4aa1887

Dr. Stephen Henson authored Jan 06, 2015



Fix typo in ssl3_get_cert_verify: we can only skip certificate verify
message if certificate is absent.

NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't
support DH certificates and this typo prohibits skipping of
certificate verify message for sign only certificates anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>

a4aa1887

Follow on from CVE-2014-3571. This fixes the code that was the original source · 50befdb6

Matt Caswell authored Jan 03, 2015


of the crash due to p being NULL. Steve's fix prevents this situation from
occuring - however this is by no means obvious by looking at the code for
dtls1_get_record. This fix just makes things look a bit more sane.

Conflicts:
	ssl/d1_pkt.c

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

50befdb6

Fix crash in dtls1_get_record whilst in the listen state where you get two · 46bf0ba8

Dr. Stephen Henson authored Jan 03, 2015


separate reads performed - one for the header and one for the body of the
handshake record.

CVE-2014-3571

Reviewed-by: Matt Caswell <matt@openssl.org>

Conflicts:
	ssl/s3_pkt.c

46bf0ba8

Fix for CVE-2014-3570. · 4b4c0a19

Andy Polyakov authored Jan 05, 2015



Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de)

4b4c0a19

Jan 07, 2015

fix error discrepancy · df703024

Dr. Stephen Henson authored Jan 07, 2015



Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4a4d4158)

df703024

Jan 06, 2015

use correct credit in CHANGES · 9c6c6640

Dr. Stephen Henson authored Jan 06, 2015



Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4138e388)

Conflicts:
	CHANGES

9c6c6640

use correct function name · 11f719da

Dr. Stephen Henson authored Jan 06, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit cb62ab4b)

11f719da

Only allow ephemeral RSA keys in export ciphersuites. · 72f18153

Dr. Stephen Henson authored Oct 23, 2014



OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc)

Conflicts:
	CHANGES
	doc/ssl/SSL_CTX_set_options.pod
	ssl/d1_srvr.c
	ssl/s3_srvr.c

72f18153

Jan 05, 2015

ECDH downgrade bug fix. · e42a2aba

Dr. Stephen Henson authored Oct 24, 2014



Fix bug where an OpenSSL client would accept a handshake using an
ephemeral ECDH ciphersuites with the server key exchange message omitted.

Thanks to Karthikeyan Bhargavan for reporting this issue.

CVE-2014-3572
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit b15f8769)

Conflicts:
	CHANGES
	ssl/s3_clnt.c

e42a2aba

Fix various certificate fingerprint issues. · ec2fede9

Dr. Stephen Henson authored Dec 20, 2014



By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.

1. Reject signatures with non zero unused bits.

If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.

2. Check certificate algorithm consistency.

Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.

3. Check DSA/ECDSA signatures use DER.

Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.

This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).

CVE-2014-8275
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 208a6012)

Conflicts:
	crypto/dsa/dsa_vrf.c

ec2fede9

Update ordinals. · 63f3c9e7
Dr. Stephen Henson authored Jan 05, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
63f3c9e7

Add ASN1_TYPE_cmp and X509_ALGOR_cmp. · c22e2dd6

Dr. Stephen Henson authored Dec 14, 2014



(these are needed for certificate fingerprint fixes)
Reviewed-by: Emilia Käsper <emilia@openssl.org>

c22e2dd6

Return error when a bit string indicates an invalid amount of bits left · 7fae32f6
Kurt Roeckx authored Dec 15, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 86edf13b)
```
7fae32f6

Reject invalid constructed encodings. · 5260f1a4

Dr. Stephen Henson authored Dec 17, 2014



According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit f5e4b6b5)

Conflicts:
	crypto/asn1/asn1_err.c

5260f1a4

Dec 17, 2014

Revert "RT3425: constant-time evp_enc" · 1cb10d9c

Emilia Kasper authored Dec 17, 2014

Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.

This reverts commit 1bb01b1b

.

Reviewed-by: Andy Polyakov <appro@openssl.org>

1cb10d9c

Nov 11, 2014
- Fix warning about negative unsigned intergers · 62abc805
  Kurt Roeckx authored Nov 10, 2014
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  62abc805
Oct 29, 2014
- md32_common.h: address compiler warning in HOST_c2l. · 722fa142
  Andy Polyakov authored Oct 29, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d45282fc)
```
  722fa142