Commits · e03b29871b2b87af9a4ec21c49eb3e1826eb772a · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Dec 20, 2014

RT3548: Remove outdated platforms · e03b2987

Rich Salz authored Dec 19, 2014



This commit removes all mention of NeXT and NextStep.

Reviewed-by: Richard Levitte <levitte@openssl.org>

e03b2987

Dec 18, 2014
- Update CHANGES for deprecated updates · bd2bd374
  Matt Caswell authored Dec 17, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  bd2bd374
- RT3548: Remove some obsolete platforms · 59ff1ce0
  Rich Salz authored Dec 18, 2014
```
This commit removes Sony NEWS4

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  59ff1ce0
Dec 17, 2014
- RT3548: Remove some obsolete platforms · b317819b
  Rich Salz authored Dec 17, 2014
```
This commit removes BEOS.

Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  b317819b
Dec 08, 2014
- Add CHANGES entry for OCB · 0c1bd7f0
  Matt Caswell authored Dec 08, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
  0c1bd7f0
Dec 04, 2014
- Update changes to indicate that SSLv2 support has been removed · 12478cc4
  Kurt Roeckx authored Dec 04, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
  12478cc4
Nov 20, 2014

RT2679: Fix error if keysize too short · c56a50b2

Annie Yousar authored Sep 08, 2014



In keygen, return KEY_SIZE_TOO_SMALL not INVALID_KEYBITS.

** I also increased the minimum from 256 to 512, which is now
documented in CHANGES file. **

Reviewed-by: Matt Caswell <matt@openssl.org>

c56a50b2

Do not resume a session if the negotiated protocol version does not match · 9e189b9d

David Benjamin authored Nov 20, 2014


the session's version (server).

See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

9e189b9d

Clean up CHANGES · 31832e8f
Emilia Kasper authored Nov 20, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
```
31832e8f

Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset · e94a6c0e

Emilia Kasper authored Nov 19, 2014


once the ChangeCipherSpec message is received. Previously, the server would
set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED.
This would allow a second CCS to arrive and would corrupt the server state.

(Because the first CCS would latch the correct keys and subsequent CCS
messages would have to be encrypted, a MitM attacker cannot exploit this,
though.)

Thanks to Joeri de Ruiter for reporting this issue.

Reviewed-by: Matt Caswell <matt@openssl.org>

e94a6c0e

Always require an advertised NewSessionTicket message. · de2c7504

Emilia Kasper authored Nov 19, 2014



The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.

An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.

Reviewed-by: Matt Caswell <matt@openssl.org>

de2c7504

Oct 28, 2014

Tighten session ticket handling · d663df23

Emilia Kasper authored Oct 28, 2014



Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.

Reviewed-by: Bodo Moeller <bodo@openssl.org>

d663df23

Oct 27, 2014
- Add missing CHANGES interval [1.0.1h, 1.0.1i] · 49b0dfc5
  Emilia Kasper authored Oct 27, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  49b0dfc5
- Sync CHANGES · 18a2d293
  Emilia Kasper authored Oct 27, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  18a2d293
Oct 22, 2014
- Add missing credit. · 9f4bd9d5
  Andy Polyakov authored Oct 22, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  9f4bd9d5
Oct 15, 2014
- Updates CHANGES file · 53afbe12
  Matt Caswell authored Oct 15, 2014
```
Reviewed-by: Bodo Möller <bodo@openssl.org>
```
  53afbe12
- Support TLS_FALLBACK_SCSV. · cf6da053
  Bodo Moeller authored Oct 15, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  cf6da053
Oct 02, 2014
- DTLS 1.2 support has been added to 1.0.2. · 429a25b9
  Bodo Moeller authored Oct 02, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
  429a25b9
Sep 29, 2014

Add additional explanation to CHANGES entry. · 7c477625
Dr. Stephen Henson authored Sep 29, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
```
7c477625

Add additional DigestInfo checks. · 1cfd255c

Dr. Stephen Henson authored Sep 25, 2014



Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.

Note: this is a precautionary measure, there is no known attack
which can exploit this.

Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>

1cfd255c

Sep 23, 2014
- Note i2d_re_X509_tbs and related changes in CHANGES · 5f85f64f
  Emilia Kasper authored Sep 23, 2014
```
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9128d94)
```
  5f85f64f
- CHANGES: mention ECP_NISTZ256. · 507efe73
  Andy Polyakov authored Sep 23, 2014
```
Reviewed-by: Bodo Moeller <bodo@openssl.org>
```
  507efe73
Sep 05, 2014
- Add CHANGES entry for SCT viewer code. · b2774f6e
  Dr. Stephen Henson authored Sep 05, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  b2774f6e
Aug 15, 2014

RT3268: Fix spelling errors in CHANGES file. · 14e96192

Claus Assmann authored Aug 15, 2014



Fix a bunch of typo's and speling (sic) errors in the CHANGES file.

Reviewed-by: Tim Hudson <tjh@cryptsoft.com>

14e96192

Aug 01, 2014
- Sync with clean-up 1.0.2 CHANGES file. · bac67407
  Bodo Moeller authored Aug 01, 2014
```
(If a change is already present in 1.0.1f or 1.0.1h,
don't list it again under changes between 1.0.1h and 1.0.2.)
```
  bac67407
- Sync with current 1.0.2 CHANGES file. · 38c65481
  Bodo Moeller authored Aug 01, 2014
  
  38c65481
- Simplify and fix ec_GFp_simple_points_make_affine · 0fe73d6c
  Bodo Moeller authored Aug 01, 2014
```
(which didn't always handle value 0 correctly).

Reviewed-by:  <emilia@openssl.org>
```
  0fe73d6c
Jul 22, 2014
- CHANGES: mention new platforms. · 7a2b5450
  Andy Polyakov authored Jul 22, 2014
```
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
```
  7a2b5450
Jul 04, 2014
- Remove all RFC5878 code. · b948ee27
  Dr. Stephen Henson authored Jul 04, 2014
```
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
```
  b948ee27
Jun 01, 2014
- Credit to Felix. · 5fc3a5fe
  Ben Laurie authored Jun 01, 2014
```
Closes #116.
```
  5fc3a5fe
May 23, 2014
- Add an NSS output format to sess_id to export to export the session id and the... · 189ae368
  Martin Kaiser authored May 24, 2014
```
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
```
  189ae368
Apr 26, 2014

Fix version documentation. · 8acb9538

mancha authored Apr 25, 2014

Specify -f is for compilation flags. Add -d to synopsis section.

Closes #77.

8acb9538

Fix eckey_priv_encode() · e14f14d3

mancha authored Apr 24, 2014

Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.

e14f14d3

Apr 22, 2014
- Fix double frees. · 4ba5e63b
  Ben Laurie authored Apr 22, 2014
  
  4ba5e63b
Apr 07, 2014

Add heartbeat extension bounds check. · 731f4314

Dr. Stephen Henson authored Apr 06, 2014

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
(cherry picked from commit 96db9023)

731f4314

Apr 05, 2014

Set TLS padding extension value. · cd6bd5ff

Dr. Stephen Henson authored Apr 05, 2014

Enable TLS padding extension using official value from:

http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml

cd6bd5ff

Apr 01, 2014
- Don't try and verify signatures if key is NULL (CVE-2013-0166) · b4831062
  Dr. Stephen Henson authored Jan 24, 2013
```
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c)
```
  b4831062
Mar 12, 2014

Fix for CVE-2014-0076 · f9b6c0ba

Dr. Stephen Henson authored Mar 12, 2014

Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be34)

Conflicts:

	CHANGES

f9b6c0ba

Jan 03, 2014

Use algorithm specific chains for certificates. · a4339ea3

Dr. Stephen Henson authored Jan 03, 2014

Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.

Update docs.

a4339ea3

Dec 20, 2013

Fix DTLS retransmission from previous session. · 20b82b51

Dr. Stephen Henson authored Dec 20, 2013

For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967)

20b82b51