Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 158e5207a794603f5d64ffa95e0247c7808ab445)
Conflicts:
crypto/asn1/asn1_par.c
For all release branches. It adds travis build support. If you don't
have a config file it uses the default (because we enabled travis for the
project), which uses ruby/rake/rakefiles, and you get confusing "build
still failing" messages.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit db9defdfe306e1adf0af7188b187d535eb0268da)
In master we have the function OPENSSL_clear_free(x,y), which immediately
returns if x == NULL. In <=1.0.2 this function does not exist so we have to
do:
OPENSSL_cleanse(x, y);
OPENSSL_free(x);
However, previously, OPENSSL_cleanse did not check that if x == NULL, so
the real equivalent check would have to be:
if (x != NULL)
OPENSSL_cleanse(x, y);
OPENSSL_free(x);
It would be easy to get this wrong during cherry-picking to other branches
and therefore, for safety, it is best to just ensure OPENSSL_cleanse also
checks for NULL.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 020d8fc83fe1a94232db1ee1166309e2458a8a18)
If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.
PR#2397
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 03706afa30aeb4407287171a9d6f9a765395d0a2)
Builds using no-tlsext in 1.0.0 and 0.9.8 are broken. This commit fixes the
issue. The same commit is applied to 1.0.1 and 1.0.2 branches for code
consistency. However this commit will not fix no-tlsext in those branches
which have always been broken for other reasons. The commit is not applied
to master at all, because no-tlsext has been completely removed from that
branch.
Based on a patch by Marc Branchaud <marcnarc@xiplink.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 9a931208d7fc8a3596dda005cdbd6439938f01b0)
Conflicts:
ssl/ssl_sess.c
Because we recently encourage people to have a .dir-locals.el, it's a good
idea to ignore it on a git level.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d7c02691a5e6f2716759eacb6f48c39f15ee57c8)
Apparently, emacs sees changes to auto-fill-mode as insecure
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6dc08048d93ff35de882878f190ae49aa698b5d2)
This file, when copied to .dir-locals.el in the OpenSSL source top,
will make sure that the CC mode style "OpenSSL-II" will be used for
all C files.
Additionally, I makes sure that tabs are never used as indentation
character, regardless of the emacs mode, and that the fill column is
78.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0927f0d822b1e0f55cb7d8bacf9004ad3495514b)
This hopefully conforms closely enough to the current code style.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d9b3554b2d9724bc2d1621a026ddaf0223e2d191)
Instead of piping through tardy, and possibly suffering from bugs in certain
versions, use --transform, --owner and --group directly with GNU tar (we
already expect that tar variant).
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 27f98436b9a84b94fbdd8e32960504634ae44cc0)
Conflicts:
Makefile.org
The PSK identity hint should be stored in the SSL_SESSION structure
and not in the parent context (which will overwrite values used
by other SSL structures with the same SSL_CTX).
Use BUF_strndup when copying identity as it may not be null terminated.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3c66a669dfc7b3792f7af0758ea26fe8502ce70c)
Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.
CVE-2015-1789
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
to verify and a digest is not recognised. Reported by Johannes Bauer.
CVE-2015-1792
Reviewed-by: Matt Caswell <matt@openssl.org>
$(PROGS) was mistakenly removed, adding it back.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 5ef5b9ffa91ad6061c42291564a1dc786300ebdd)
Fix error handling in ssl_session_dup, as well as incorrect setting up of
the session ticket. Follow on from CVE-2015-1791.
Thanks to LibreSSL project for reporting these issues.
Conflicts:
ssl/ssl_sess.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 68886be7e2cd395a759fcd41d2cede461b68843d)
Conflicts:
crypto/ec/ec2_oct.c
crypto/ec/ecp_oct.c
crypto/ec/ectest.c
The fix for CVE-2015-1791 introduced an error in ssl_session_dup for
Kerberos.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit dcad51bc13c9b716d9a66248bcc4038c071ff158)
Remove a comment that suggested further clean up was required.
DH_free() performs the necessary cleanup.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f3d889523ee84f1e87e4da0d59e2702a4bee7907)
Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit b7ee4815f2452c854cc859e8dda88f2673cdddea)
Conflicts:
ssl/s3_srvr.c
Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e)
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
for this and can allocate a buffer one byte too short in the event of -0
being used, leading to a one byte buffer overrun. All usage within the
OpenSSL library is considered safe. Any security risk is considered
negligible.
With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
Filip Palian for discovering and reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit c56353071d9849220714d8a556806703771b9269)
Conflicts:
crypto/bn/bn_print.c
This is for consistency.
Additionally, have its presence define OPENSSL_SYS_WINDOWS as well.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 3f131556d6678bc3754f1e6d98a9a5bfc24e368c)
Conflicts:
e_os2.h
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
CVE-2015-1791
This also fixes RT#3808 where a session ID is changed for a session already
in the client session cache. Since the session ID is the key to the cache
this breaks the cache access.
Parts of this patch were inspired by this Akamai change:
c0bf69a791
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688)
Conflicts:
ssl/ssl.h
ssl/ssl_err.c
This is a backport of commit e83ee04bb7de800cdb71d522fa562e99328003a3 from
the master branch (and this has also been applied to 1.0.2). In 1.0.2 this
was CVE-2015-0207. For other branches there is no known security issue, but
this is being backported as a precautionary measure.
The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615)
