Commits · e8ccaee31caa9376dd752b45a8f1a62259a69867 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

15 Jan, 2015 3 commits
- Prepare for 0.9.8ze release · e8ccaee3
  Matt Caswell authored Jan 15, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  OpenSSL_0_9_8ze
  
  e8ccaee3
- make update · 60431d0d
  Matt Caswell authored Jan 15, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
  60431d0d
- Updates to CHANGES and NEWS · 346a46f0
  Matt Caswell authored Jan 15, 2015
```
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
```
  346a46f0
13 Jan, 2015 3 commits

Fix warning where BIO_FLAGS_UPLINK was being redefined. · 56abaa14

Matt Caswell authored Jan 10, 2015


This warning breaks the build in 1.0.0 and 0.9.8

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit b1ffc6ca)

56abaa14

Avoid deprecation problems in Visual Studio 13 · 8b8a48d0

Matt Caswell authored Jan 09, 2015



Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 86d21d0b)

Conflicts:
	e_os.h

8b8a48d0

Avoid Windows 8 Getversion deprecated errors. · 09caf4ff

Dr. Stephen Henson authored Feb 25, 2014

Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c80

)

Conflicts:
	apps/apps.c
	crypto/bio/bss_log.c

Backported by Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openss.org>

09caf4ff

09 Jan, 2015 2 commits

Further windows specific .gitignore entries · 9793a071

Matt Caswell authored Jan 09, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 41c9cfbc)

9793a071

Update .gitignore with windows files to be excluded from git · aa9296e3

Matt Caswell authored Jan 09, 2015



Reviewed-by: Tim Hudson <tjh@openssl.org>

Conflicts:
	.gitignore

(cherry picked from commit 04f670cf)

Conflicts:
	.gitignore

aa9296e3

08 Jan, 2015 8 commits

Prepare for 0.9.8ze-dev · bc253b09
Matt Caswell authored Jan 08, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
bc253b09
Prepare for 0.9.8zd release · b873409e
Matt Caswell authored Jan 08, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
OpenSSL_0_9_8zd

b873409e
make update · f89250f2
Matt Caswell authored Jan 08, 2015
```
Reviewed-by: Stephen Henson <steve@openssl.org>
```
f89250f2

CHANGES and NEWS updates for release · 1dc6a544

Matt Caswell authored Jan 08, 2015



Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Steve Henson <steve@openssl.org>

1dc6a544

Fix typo. · a4aa1887

Dr. Stephen Henson authored Jan 06, 2015



Fix typo in ssl3_get_cert_verify: we can only skip certificate verify
message if certificate is absent.

NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't
support DH certificates and this typo prohibits skipping of
certificate verify message for sign only certificates anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>

a4aa1887

Follow on from CVE-2014-3571. This fixes the code that was the original source · 50befdb6

Matt Caswell authored Jan 03, 2015


of the crash due to p being NULL. Steve's fix prevents this situation from
occuring - however this is by no means obvious by looking at the code for
dtls1_get_record. This fix just makes things look a bit more sane.

Conflicts:
	ssl/d1_pkt.c

Reviewed-by: Dr Stephen Henson <steve@openssl.org>

50befdb6

Fix crash in dtls1_get_record whilst in the listen state where you get two · 46bf0ba8

Dr. Stephen Henson authored Jan 03, 2015


separate reads performed - one for the header and one for the body of the
handshake record.

CVE-2014-3571

Reviewed-by: Matt Caswell <matt@openssl.org>

Conflicts:
	ssl/s3_pkt.c

46bf0ba8

Fix for CVE-2014-3570. · 4b4c0a19

Andy Polyakov authored Jan 05, 2015



Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de)

4b4c0a19

07 Jan, 2015 1 commit

fix error discrepancy · df703024

Dr. Stephen Henson authored Jan 07, 2015



Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4a4d4158)

df703024

06 Jan, 2015 3 commits

use correct credit in CHANGES · 9c6c6640

Dr. Stephen Henson authored Jan 06, 2015



Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4138e388)

Conflicts:
	CHANGES

9c6c6640

use correct function name · 11f719da

Dr. Stephen Henson authored Jan 06, 2015



Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit cb62ab4b)

11f719da

Only allow ephemeral RSA keys in export ciphersuites. · 72f18153

Dr. Stephen Henson authored Oct 23, 2014



OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

(cherry picked from commit 4b4c1fcc)

Conflicts:
	CHANGES
	doc/ssl/SSL_CTX_set_options.pod
	ssl/d1_srvr.c
	ssl/s3_srvr.c

72f18153

05 Jan, 2015 6 commits

ECDH downgrade bug fix. · e42a2aba

Dr. Stephen Henson authored Oct 24, 2014



Fix bug where an OpenSSL client would accept a handshake using an
ephemeral ECDH ciphersuites with the server key exchange message omitted.

Thanks to Karthikeyan Bhargavan for reporting this issue.

CVE-2014-3572
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit b15f8769)

Conflicts:
	CHANGES
	ssl/s3_clnt.c

e42a2aba

Fix various certificate fingerprint issues. · ec2fede9

Dr. Stephen Henson authored Dec 20, 2014



By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.

1. Reject signatures with non zero unused bits.

If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.

2. Check certificate algorithm consistency.

Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.

3. Check DSA/ECDSA signatures use DER.

Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.

This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).

CVE-2014-8275
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit 208a6012)

Conflicts:
	crypto/dsa/dsa_vrf.c

ec2fede9

Update ordinals. · 63f3c9e7
Dr. Stephen Henson authored Jan 05, 2015
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
63f3c9e7

Add ASN1_TYPE_cmp and X509_ALGOR_cmp. · c22e2dd6

Dr. Stephen Henson authored Dec 14, 2014



(these are needed for certificate fingerprint fixes)
Reviewed-by: Emilia Käsper <emilia@openssl.org>

c22e2dd6

Return error when a bit string indicates an invalid amount of bits left · 7fae32f6
Kurt Roeckx authored Dec 15, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 86edf13b)
```
7fae32f6

Reject invalid constructed encodings. · 5260f1a4

Dr. Stephen Henson authored Dec 17, 2014



According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: Emilia Käsper <emilia@openssl.org>

(cherry picked from commit f5e4b6b5)

Conflicts:
	crypto/asn1/asn1_err.c

5260f1a4

17 Dec, 2014 1 commit

Revert "RT3425: constant-time evp_enc" · 1cb10d9c

Emilia Kasper authored Dec 17, 2014

Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.

This reverts commit 1bb01b1b

.

Reviewed-by: Andy Polyakov <appro@openssl.org>

1cb10d9c

11 Nov, 2014 1 commit
- Fix warning about negative unsigned intergers · 62abc805
  Kurt Roeckx authored Nov 10, 2014
```
Reviewed-by: Richard Levitte <levitte@openssl.org>
```
  62abc805
29 Oct, 2014 1 commit
- md32_common.h: address compiler warning in HOST_c2l. · 722fa142
  Andy Polyakov authored Oct 29, 2014
```
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d45282fc)
```
  722fa142
28 Oct, 2014 1 commit
- Use only unsigned arithmetic in constant-time operations · a2ca66f3
  Samuel Neves authored Oct 04, 2014
```
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
  a2ca66f3
21 Oct, 2014 4 commits

Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation. · 6a04b0d5
Bodo Moeller authored Oct 21, 2014
```
Reviewed-by: Rich Salz <rsalz@openssl.org>
```
6a04b0d5
When processing ClientHello.cipher_suites, don't ignore cipher suites · 1acca282
Bodo Moeller authored Oct 21, 2014
```
listed after TLS_FALLBACK_SCSV.

RT: 3575
Reviewed-by: Emilia Kasper <emilia@openssl.org>
```
1acca282
Fix warning · d510c648
Kurt Roeckx authored Oct 21, 2014
```
Reviewed-by: Emilia Käsper <emilia@openssl.org>
```
d510c648

Keep old method in case of an unsupported protocol · b8292474

Kurt Roeckx authored Oct 21, 2014

When we're configured with no-ssl3 and we receive an SSL v3 Client Hello, we set
the method to NULL.  We didn't used to do that, and it breaks things.  This is a
regression introduced in 62f45cc2

.  Keep the old
method since the code is not able to deal with a NULL method at this time.

CVE-2014-3569, PR#3571

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 392fa7a9)

b8292474

20 Oct, 2014 1 commit
- no-ssl2 with no-ssl3 does not mean drop the ssl lib · cbb6ccab
  Tim Hudson authored Oct 20, 2014
```
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
```
  cbb6ccab
17 Oct, 2014 5 commits

Add constant_time_locl.h to HEADERS, · e369af36

Tim Hudson authored Sep 25, 2014


so the Win32 compile picks it up correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e2e5326e)

e369af36

Include "constant_time_locl.h" rather than "../constant_time_locl.h". · 15b7f5bf

Richard Levitte authored Sep 24, 2014


The different -I compiler parameters will take care of the rest...

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 8202802f)

Conflicts:
	crypto/evp/evp_enc.c

15b7f5bf

e_os.h: refine inline override logic (to address warnings in debug build). · 9880f630
Andy Polyakov authored Sep 30, 2014
```
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 55c7a4cf)
```
9880f630
e_os.h: allow inline functions to be compiled by legacy compilers. · af32df0a
Andy Polyakov authored Sep 25, 2014
```
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 40155f40)

Conflicts:
	e_os.h
```
af32df0a
RT3547: Add missing static qualifier · bfb7bf1a
Kurt Cancemi authored Sep 28, 2014
```
Reviewed-by: Ben Laurie <ben@openssl.org>
(cherry picked from commit 87d388c9)
```
bfb7bf1a