generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,764 Commits 16 Branches 258 Tags 86 MiB
b4a57c4c41
Commit Graph

1691 Commits

Author SHA1 Message Date
Dr. Stephen Henson
d9c34505e5 prepare for next version 2012-05-10 16:02:30 +00:00
Dr. Stephen Henson
f9885acc8c prepare for 1.0.1c release 2012-05-10 15:16:37 +00:00
Dr. Stephen Henson
d414a5a0f0 Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and 
DTLS to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
 2012-05-10 15:10:15 +00:00
Dr. Stephen Henson
5b9d0995a1 Reported by: Solar Designer of Openwall 
Make sure tkeylen is initialised properly when encrypting CMS messages.
 2012-05-10 13:34:22 +00:00
Dr. Stephen Henson
c76b7a1a82 Don't try to use unvalidated composite ciphers in FIPS mode 2012-04-26 18:49:45 +00:00
Dr. Stephen Henson
c940e07014 prepare for next version 2012-04-26 12:01:38 +00:00
Dr. Stephen Henson
effa47b80a prepare for 1.0.1b release 2012-04-26 10:40:39 +00:00
Andy Polyakov
748628ced0 CHANGES: clarify. 2012-04-26 07:34:39 +00:00
Andy Polyakov
6791060eae CHANGEs: fix typos and clarify. 2012-04-26 07:25:04 +00:00
Dr. Stephen Henson
502dfeb8de Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and 
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
 2012-04-25 23:08:44 +00:00
Andy Polyakov
5bbed29518 s23_clnt.c: ensure interoperability by maitaining client "version capability" 
vector contiguous [from HEAD].
PR: 2802
 2012-04-25 22:07:23 +00:00
Dr. Stephen Henson
e7d2a37158 update for next version 2012-04-19 16:53:43 +00:00
Dr. Stephen Henson
531c6fc8f3 prepare for 1.0.1a release 2012-04-19 12:17:19 +00:00
Dr. Stephen Henson
8d5505d099 Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 12:13:59 +00:00
Bodo Möller
4d936ace08 Disable SHA-2 ciphersuites in < TLS 1.2 connections. 
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley
 2012-04-17 15:20:17 +00:00
Dr. Stephen Henson
89bd25eb26 Additional workaround for PR#2771 
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.
 2012-04-17 14:41:23 +00:00
Andy Polyakov
d2f950c984 CHANGES: mention vpaes fix and harmonize with 1.0.0. 
PR: 2775
 2012-03-31 18:55:41 +00:00
Dr. Stephen Henson
e733dea3ce update version to 1.0.1a-dev 2012-03-22 15:18:19 +00:00
Dr. Stephen Henson
f3dcae15ac prepare for 1.0.1 release 2012-03-14 12:04:40 +00:00
Dr. Stephen Henson
08e4c7a967 correct CHANGES 2012-02-23 22:13:59 +00:00
Dr. Stephen Henson
a8314df902 Fix bug in CVE-2011-4619: check we have really received a client hello 
before rejecting multiple SGC restarts.
 2012-02-16 15:25:39 +00:00
Dr. Stephen Henson
0cd7a0325f Additional compatibility fix for MDC2 signature format. 
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
 2012-02-15 14:14:01 +00:00
Dr. Stephen Henson
16b7c81d55 An incompatibility has always existed between the format used for RSA 
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
 2012-02-15 14:00:09 +00:00
Dr. Stephen Henson
fc6800d19f Modify client hello version when renegotiating to enhance interop with 
some servers.
 2012-02-09 15:41:44 +00:00
Dr. Stephen Henson
2dc4b0dbe8 Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. 
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
 2012-01-18 18:14:56 +00:00
Dr. Stephen Henson
25e3d2225a fix CHANGES entry 2012-01-17 14:19:09 +00:00
Bodo Möller
767d3e0054 Update for 0.9.8s and 1.0.0f. 
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)
 2012-01-05 13:46:27 +00:00
Dr. Stephen Henson
801e5ef840 update CHANGES 2012-01-04 23:53:52 +00:00
Dr. Stephen Henson
0044739ae5 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> 
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
 2012-01-04 23:52:05 +00:00
Dr. Stephen Henson
4e44bd3650 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 23:13:29 +00:00
Dr. Stephen Henson
0cffb0cd3e fix CHANGES 2012-01-04 23:11:43 +00:00
Dr. Stephen Henson
aaa3850ccd Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 23:07:54 +00:00
Dr. Stephen Henson
a17b5d5a4f Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 23:03:20 +00:00
Dr. Stephen Henson
2f97765bc3 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:19 +00:00
Dr. Stephen Henson
6e750fcb1e update CHANGES 2011-12-31 23:07:28 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
62308f3f4a PR: 2563 
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
 2011-12-19 17:02:35 +00:00
Andy Polyakov
cecafcce94 update CHANGES. 2011-12-19 14:49:05 +00:00
Dr. Stephen Henson
ca0efb7594 update CHANGES 2011-12-19 14:40:02 +00:00
Dr. Stephen Henson
8173960305 remove old -attime code, new version includes all old functionality 2011-12-10 00:42:48 +00:00
Bodo Möller
9f2b453338 Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:51:41 +00:00
Bodo Möller
a0dce9be76 Fix ecdsatest.c. 
Submitted by: Emilia Kasper
 2011-12-02 12:40:42 +00:00
Bodo Möller
cf2b938529 Fix BIO_f_buffer(). 
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
 2011-12-02 12:24:48 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0 Add DTLS-SRTP. 2011-11-15 23:02:16 +00:00
Ben Laurie
e2809bfb42 Next Protocol Negotiation. 2011-11-14 02:25:04 +00:00
Bodo Möller
2d95ceedc5 BN_BLINDING multi-threading fix. 
Submitted by: Emilia Kasper (Google)
 2011-10-19 14:58:59 +00:00
Bodo Möller
3d520f7c2d Fix warnings. 
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
 2011-10-19 08:58:35 +00:00
Bodo Möller
9c37519b55 Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and 
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.
 2011-10-18 19:43:54 +00:00
Bodo Möller
f72c1a58cb In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:05:35 +00:00
Dr. Stephen Henson
cb70355d87 Backport ossl_ssize_t type from HEAD. 2011-10-10 22:33:50 +00:00
Dr. Stephen Henson
9309ea6617 Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
05c9e3aea5 fix CHANGES entry 2011-10-09 23:11:09 +00:00
Dr. Stephen Henson
dc100d87b5 Backport of password based CMS support from HEAD. 2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
cd447875e6 Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past 
produce an error (CVE-2011-3207)
 2011-09-06 15:14:41 +00:00
Bodo Möller
3c3f025923 Fix session handling. 2011-09-05 13:36:55 +00:00
Bodo Möller
5ff6e2dfbb Fix d2i_SSL_SESSION. 2011-09-05 13:31:07 +00:00
Bodo Möller
61ac68f9f6 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:27 +00:00
Bodo Möller
7f1022a8b1 Fix memory leak on bad inputs. 2011-09-05 09:57:15 +00:00
Andy Polyakov
84e7485bfb Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD]. 2011-08-23 20:53:34 +00:00
Dr. Stephen Henson
cf199fec52 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:47:30 +00:00
Dr. Stephen Henson
aed53d6c5a Backport GCM support from HEAD. 2011-08-04 11:13:28 +00:00
Dr. Stephen Henson
c8c6e9ecd9 Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and 
prohibit use of these ciphersuites for TLS < 1.2
 2011-07-25 21:45:17 +00:00
Dr. Stephen Henson
3a5b97b7f1 Don't set default public key methods in FIPS mode so applications 
can switch between modes.
 2011-06-20 19:41:13 +00:00
Bodo Möller
5cacc82f61 Fix the version history: given that 1.0.1 has yet to be released, 
we should list "Changes between 1.0.0e and 1.0.1",
not "between 1.0.0d and 1.0.1".
 2011-06-15 14:23:44 +00:00
Dr. Stephen Henson
e8d23f7811 Redirect HMAC and CMAC operations to module. 2011-06-12 15:07:26 +00:00
Ben Laurie
be23b71e87 Add -attime. 2011-06-09 17:09:31 +00:00
Dr. Stephen Henson
752c1a0ce9 Redirect DSA operations to FIPS module in FIPS mode. 2011-06-09 13:54:09 +00:00
Dr. Stephen Henson
6342b6e332 Redirection of ECDSA, ECDH operations to FIPS module. 
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
 2011-06-06 15:39:17 +00:00
Dr. Stephen Henson
f610a516a0 Backport from HEAD: 
New option to disable characteristic two fields in EC code.

Make no-ec2m work on Win32 build.
 2011-06-06 11:49:36 +00:00
Dr. Stephen Henson
24d7159abd Backport libcrypto audit: check return values of EVP functions instead 
of assuming they will always suceed.
 2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
53dd05d8f6 Redirect RSA keygen, sign, verify to FIPS module. 2011-06-03 13:16:16 +00:00
Dr. Stephen Henson
fbe7055370 Redirection of low level APIs to FIPS module. 
Digest sign, verify operations are not redirected at this stage.
 2011-06-02 18:22:42 +00:00
Dr. Stephen Henson
916bcab28e Prohibit low level cipher APIs in FIPS mode. 
Not complete: ciphers with assembly language key setup are not
covered yet.
 2011-06-01 16:54:06 +00:00
Dr. Stephen Henson
65300dcfb0 Prohibit use of low level digest APIs in FIPS mode. 2011-06-01 13:39:45 +00:00
Dr. Stephen Henson
55a47cd30f Output supported curves in preference order instead of numerically. 2011-05-30 17:58:29 +00:00
Dr. Stephen Henson
5792219d1d Redirect cipher operations to FIPS module for FIPS builds. 2011-05-29 16:18:38 +00:00
Dr. Stephen Henson
04dc5a9ca6 Redirect digests to FIPS module for FIPS builds. 
Use FIPS API when initialising digests.

Sync header file evp.h and error codes with HEAD for necessary FIPS
definitions.
 2011-05-28 23:01:26 +00:00
Dr. Stephen Henson
6ea8d138d3 Fix the ECDSA timing attack mentioned in the paper at: 
http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
 2011-05-25 14:42:27 +00:00
Dr. Stephen Henson
b81fde02aa Add server client certificate support for TLS v1.2 . This is more complex 
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).
 2011-05-20 14:58:45 +00:00
Dr. Stephen Henson
7043fa702f add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support 2011-05-19 18:22:16 +00:00
Dr. Stephen Henson
f98d2e5cc1 Implement FIPS_mode and FIPS_mode_set 2011-05-19 18:19:07 +00:00
Dr. Stephen Henson
4fe4c00eca Provisional support for TLS v1.2 client authentication: client side only. 
Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.
 2011-05-12 17:49:15 +00:00
Dr. Stephen Henson
9472baae0d Backport TLS v1.2 support from HEAD. 
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
 2011-05-11 13:37:52 +00:00
Dr. Stephen Henson
74096890ba Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 
all ssl related structures are opaque and internals cannot be directly
accessed. Many applications will need some modification to support this and
most likely some additional functions added to OpenSSL.

The advantage of this option is that any application supporting it will still
be binary compatible if SSL structures change.

(backport from HEAD).
 2011-05-11 12:56:38 +00:00
Ben Laurie
a149b2466e Add SRP. 2011-03-16 11:26:40 +00:00
Bodo Möller
cd77b3e88b Sync with 1.0.0 branch. 
(CVE-2011-0014 OCSP stapling fix has been applied to the 1.0.1 branch as well.)
 2011-02-08 19:08:32 +00:00
Bodo Möller
346601bc32 CVE-2010-4180 fix (from OpenSSL_1_0_0-stable) 2011-02-03 10:42:00 +00:00
Dr. Stephen Henson
e501dbb658 Fix escaping code for string printing. If *any* escaping is enabled we 
must escape the escape character itself (backslash).
 2011-01-03 01:30:58 +00:00
Dr. Stephen Henson
2c5c4fca14 apply J-PKAKE fix to HEAD (original by Ben) 2010-11-29 18:33:28 +00:00
Dr. Stephen Henson
a618011ca1 add "missing" functions to copy EVP_PKEY_METHOD and examine info 2010-11-24 16:07:45 +00:00
Dr. Stephen Henson
6e21ce592e fix CVE-2010-3864 2010-11-17 17:36:29 +00:00
Dr. Stephen Henson
3fa29765fd PR: 2314 
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
 2010-10-10 12:27:19 +00:00
Dr. Stephen Henson
945ba0300d Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(), 
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.

Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
 2010-10-03 18:56:25 +00:00
Bodo Möller
9b0e97ae10 Update version numbers 2010-08-26 18:45:21 +00:00
Bodo Möller
48ce525d16 New 64-bit optimized implementation EC_GFp_nistp224_method(). 
Binary compatibility is not affected as this will only be
compiled in if explicitly requested (#ifdef EC_NISTP224_64_GCC_128).

Submitted by: Emilia Kasper (Google)
 2010-08-26 14:29:27 +00:00
Dr. Stephen Henson
48ae85b6ff PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.
 2010-08-26 14:22:40 +00:00
Bodo Möller
82281ce47d ECC library bugfixes. 
Submitted by: Emilia Kapser (Google)
 2010-08-26 12:10:57 +00:00
Bodo Möller
4ecd2bafbb Harmonize with OpenSSL_1_0_0-stable version of CHANGES. 2010-08-26 11:21:49 +00:00
Dr. Stephen Henson
f6c29ba3dc Fix WIN32 build system to correctly link ENGINE DLLs contained in a 
directory: currently the GOST ENGINE is the only case.
 2010-07-24 17:55:47 +00:00