generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
11,205 Commits 16 Branches 258 Tags 86 MiB
e961c7a201
Commit Graph

1717 Commits

Author SHA1 Message Date
mancha
f0816174d2 Fix eckey_priv_encode() 
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
 2014-04-24 19:32:17 +00:00
Ben Laurie
9c8dc84ac1 Fix double frees. 2014-04-22 17:02:37 +01:00
Dr. Stephen Henson
ebe221948d Prepare for 1.0.1h-dev 2014-04-07 17:58:39 +01:00
Dr. Stephen Henson
b2d951e423 Prepare for 1.0.1g release 2014-04-07 17:55:44 +01:00
Dr. Stephen Henson
96db9023b8 Add heartbeat extension bounds check. 
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
 2014-04-07 17:53:31 +01:00
Dr. Stephen Henson
51624dbdae Set TLS padding extension value. 
Enable TLS padding extension using official value from:

http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
(cherry picked from commit cd6bd5ffda)

Conflicts:

	CHANGES
	ssl/tls1.h
 2014-04-05 20:52:59 +01:00
Dr. Stephen Henson
4b7a4ba29c Fix for CVE-2014-0076 
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483)

Conflicts:

	CHANGES
 2014-03-12 14:19:54 +00:00
Dr. Stephen Henson
4a55631e4d Backport TLS padding extension from master. 
(cherry picked from commit 8c6d8c2a49)

Conflicts:

	CHANGES
	ssl/t1_lib.c
 2014-02-05 15:42:04 +00:00
Dr. Stephen Henson
a7304e4b98 Prepare for 1.0.1g-dev 2014-01-06 14:37:03 +00:00
Dr. Stephen Henson
0d8776344c Prepare for 1.0.1f release 2014-01-06 14:36:07 +00:00
Dr. Stephen Henson
197e0ea817 Fix for TLS record tampering bug CVE-2013-4353 2014-01-06 14:35:04 +00:00
Dr. Stephen Henson
34628967f1 Fix DTLS retransmission from previous session. 
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
 2013-12-20 23:12:18 +00:00
Rob Stradling
13bca90ac5 Update CHANGES. 2013-09-16 15:17:37 +01:00
Bodo Moeller
cc53b38574 Sync CHANGES and NEWS files. 2013-09-16 14:47:56 +02:00
Dr. Stephen Henson
625a55324f update CHANGES 2013-02-11 16:35:10 +00:00
Dr. Stephen Henson
3151e328e0 prepare for next version 2013-02-11 16:14:11 +00:00
Dr. Stephen Henson
f66db68e1f prepare for release 2013-02-11 11:57:46 +00:00
Dr. Stephen Henson
41cf07f0ec prepare for next version 2013-02-06 02:26:24 +00:00
Dr. Stephen Henson
62f4033381 typo 2013-02-04 23:12:58 +00:00
Dr. Stephen Henson
df0d93564e typo 2013-02-04 22:39:37 +00:00
Dr. Stephen Henson
f1ca56a69f Add CHANGES entries. 2013-02-04 20:37:46 +00:00
Dr. Stephen Henson
62e4506a7d Don't try and verify signatures if key is NULL (CVE-2013-0166) 
Add additional check to catch this in ASN1_item_verify too.
 2013-01-29 16:49:24 +00:00
Ben Laurie
5bb6d96558 Make verify return errors. 2012-12-13 15:48:42 +00:00
Ben Laurie
70d91d60bc Call OCSP Stapling callback after ciphersuite has been chosen, so the 
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.

See http://rt.openssl.org/Ticket/Display.html?id=2836.
 2012-09-17 14:39:38 +00:00
Dr. Stephen Henson
eeca72f71e PR: 2813 
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
 2012-05-11 13:52:46 +00:00
Dr. Stephen Henson
6e164e5c3d PR: 2811 
Reported by: Phil Pennock <openssl-dev@spodhuis.org>

Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.
 2012-05-11 13:32:26 +00:00
Dr. Stephen Henson
d9c34505e5 prepare for next version 2012-05-10 16:02:30 +00:00
Dr. Stephen Henson
f9885acc8c prepare for 1.0.1c release 2012-05-10 15:16:37 +00:00
Dr. Stephen Henson
d414a5a0f0 Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and 
DTLS to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
 2012-05-10 15:10:15 +00:00
Dr. Stephen Henson
5b9d0995a1 Reported by: Solar Designer of Openwall 
Make sure tkeylen is initialised properly when encrypting CMS messages.
 2012-05-10 13:34:22 +00:00
Dr. Stephen Henson
c76b7a1a82 Don't try to use unvalidated composite ciphers in FIPS mode 2012-04-26 18:49:45 +00:00
Dr. Stephen Henson
c940e07014 prepare for next version 2012-04-26 12:01:38 +00:00
Dr. Stephen Henson
effa47b80a prepare for 1.0.1b release 2012-04-26 10:40:39 +00:00
Andy Polyakov
748628ced0 CHANGES: clarify. 2012-04-26 07:34:39 +00:00
Andy Polyakov
6791060eae CHANGEs: fix typos and clarify. 2012-04-26 07:25:04 +00:00
Dr. Stephen Henson
502dfeb8de Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and 
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
 2012-04-25 23:08:44 +00:00
Andy Polyakov
5bbed29518 s23_clnt.c: ensure interoperability by maitaining client "version capability" 
vector contiguous [from HEAD].
PR: 2802
 2012-04-25 22:07:23 +00:00
Dr. Stephen Henson
e7d2a37158 update for next version 2012-04-19 16:53:43 +00:00
Dr. Stephen Henson
531c6fc8f3 prepare for 1.0.1a release 2012-04-19 12:17:19 +00:00
Dr. Stephen Henson
8d5505d099 Check for potentially exploitable overflows in asn1_d2i_read_bio 
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
 2012-04-19 12:13:59 +00:00
Bodo Möller
4d936ace08 Disable SHA-2 ciphersuites in < TLS 1.2 connections. 
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley
 2012-04-17 15:20:17 +00:00
Dr. Stephen Henson
89bd25eb26 Additional workaround for PR#2771 
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.
 2012-04-17 14:41:23 +00:00
Andy Polyakov
d2f950c984 CHANGES: mention vpaes fix and harmonize with 1.0.0. 
PR: 2775
 2012-03-31 18:55:41 +00:00
Dr. Stephen Henson
e733dea3ce update version to 1.0.1a-dev 2012-03-22 15:18:19 +00:00
Dr. Stephen Henson
f3dcae15ac prepare for 1.0.1 release 2012-03-14 12:04:40 +00:00
Dr. Stephen Henson
08e4c7a967 correct CHANGES 2012-02-23 22:13:59 +00:00
Dr. Stephen Henson
a8314df902 Fix bug in CVE-2011-4619: check we have really received a client hello 
before rejecting multiple SGC restarts.
 2012-02-16 15:25:39 +00:00
Dr. Stephen Henson
0cd7a0325f Additional compatibility fix for MDC2 signature format. 
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
 2012-02-15 14:14:01 +00:00
Dr. Stephen Henson
16b7c81d55 An incompatibility has always existed between the format used for RSA 
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
 2012-02-15 14:00:09 +00:00
Dr. Stephen Henson
fc6800d19f Modify client hello version when renegotiating to enhance interop with 
some servers.
 2012-02-09 15:41:44 +00:00
Dr. Stephen Henson
2dc4b0dbe8 Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. 
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
 2012-01-18 18:14:56 +00:00
Dr. Stephen Henson
25e3d2225a fix CHANGES entry 2012-01-17 14:19:09 +00:00
Bodo Möller
767d3e0054 Update for 0.9.8s and 1.0.0f. 
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)
 2012-01-05 13:46:27 +00:00
Dr. Stephen Henson
801e5ef840 update CHANGES 2012-01-04 23:53:52 +00:00
Dr. Stephen Henson
0044739ae5 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> 
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
 2012-01-04 23:52:05 +00:00
Dr. Stephen Henson
4e44bd3650 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 23:13:29 +00:00
Dr. Stephen Henson
0cffb0cd3e fix CHANGES 2012-01-04 23:11:43 +00:00
Dr. Stephen Henson
aaa3850ccd Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 23:07:54 +00:00
Dr. Stephen Henson
a17b5d5a4f Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 23:03:20 +00:00
Dr. Stephen Henson
2f97765bc3 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:19 +00:00
Dr. Stephen Henson
6e750fcb1e update CHANGES 2011-12-31 23:07:28 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
62308f3f4a PR: 2563 
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve

Improved PRNG seeding for VOS.
 2011-12-19 17:02:35 +00:00
Andy Polyakov
cecafcce94 update CHANGES. 2011-12-19 14:49:05 +00:00
Dr. Stephen Henson
ca0efb7594 update CHANGES 2011-12-19 14:40:02 +00:00
Dr. Stephen Henson
8173960305 remove old -attime code, new version includes all old functionality 2011-12-10 00:42:48 +00:00
Bodo Möller
9f2b453338 Resolve a stack set-up race condition (if the list of compression 
methods isn't presorted, it will be sorted on first read).

Submitted by: Adam Langley
 2011-12-02 12:51:41 +00:00
Bodo Möller
a0dce9be76 Fix ecdsatest.c. 
Submitted by: Emilia Kasper
 2011-12-02 12:40:42 +00:00
Bodo Möller
cf2b938529 Fix BIO_f_buffer(). 
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
 2011-12-02 12:24:48 +00:00
Ben Laurie
b1d7429186 Add TLS exporter. 2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0 Add DTLS-SRTP. 2011-11-15 23:02:16 +00:00
Ben Laurie
e2809bfb42 Next Protocol Negotiation. 2011-11-14 02:25:04 +00:00
Bodo Möller
2d95ceedc5 BN_BLINDING multi-threading fix. 
Submitted by: Emilia Kasper (Google)
 2011-10-19 14:58:59 +00:00
Bodo Möller
3d520f7c2d Fix warnings. 
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
 2011-10-19 08:58:35 +00:00
Bodo Möller
9c37519b55 Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and 
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.
 2011-10-18 19:43:54 +00:00
Bodo Möller
f72c1a58cb In ssl3_clear, preserve s3->init_extra along with s3->rbuf. 
Submitted by: Bob Buckholz <bbuckholz@google.com>
 2011-10-13 13:05:35 +00:00
Dr. Stephen Henson
cb70355d87 Backport ossl_ssize_t type from HEAD. 2011-10-10 22:33:50 +00:00
Dr. Stephen Henson
9309ea6617 Backport PSS signature support from HEAD. 2011-10-09 23:13:50 +00:00
Dr. Stephen Henson
05c9e3aea5 fix CHANGES entry 2011-10-09 23:11:09 +00:00
Dr. Stephen Henson
dc100d87b5 Backport of password based CMS support from HEAD. 2011-10-09 15:28:02 +00:00
Dr. Stephen Henson
cd447875e6 Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past 
produce an error (CVE-2011-3207)
 2011-09-06 15:14:41 +00:00
Bodo Möller
3c3f025923 Fix session handling. 2011-09-05 13:36:55 +00:00
Bodo Möller
5ff6e2dfbb Fix d2i_SSL_SESSION. 2011-09-05 13:31:07 +00:00
Bodo Möller
61ac68f9f6 (EC)DH memory handling fixes. 
Submitted by: Adam Langley
 2011-09-05 10:25:27 +00:00
Bodo Möller
7f1022a8b1 Fix memory leak on bad inputs. 2011-09-05 09:57:15 +00:00
Andy Polyakov
84e7485bfb Add RC4-MD5 and AESNI-SHA1 "stitched" implementations [from HEAD]. 2011-08-23 20:53:34 +00:00
Dr. Stephen Henson
cf199fec52 Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA 
using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
 2011-08-14 13:47:30 +00:00
Dr. Stephen Henson
aed53d6c5a Backport GCM support from HEAD. 2011-08-04 11:13:28 +00:00
Dr. Stephen Henson
c8c6e9ecd9 Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support and 
prohibit use of these ciphersuites for TLS < 1.2
 2011-07-25 21:45:17 +00:00
Dr. Stephen Henson
3a5b97b7f1 Don't set default public key methods in FIPS mode so applications 
can switch between modes.
 2011-06-20 19:41:13 +00:00
Bodo Möller
5cacc82f61 Fix the version history: given that 1.0.1 has yet to be released, 
we should list "Changes between 1.0.0e and 1.0.1",
not "between 1.0.0d and 1.0.1".
 2011-06-15 14:23:44 +00:00
Dr. Stephen Henson
e8d23f7811 Redirect HMAC and CMAC operations to module. 2011-06-12 15:07:26 +00:00
Ben Laurie
be23b71e87 Add -attime. 2011-06-09 17:09:31 +00:00
Dr. Stephen Henson
752c1a0ce9 Redirect DSA operations to FIPS module in FIPS mode. 2011-06-09 13:54:09 +00:00
Dr. Stephen Henson
6342b6e332 Redirection of ECDSA, ECDH operations to FIPS module. 
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
 2011-06-06 15:39:17 +00:00
Dr. Stephen Henson
f610a516a0 Backport from HEAD: 
New option to disable characteristic two fields in EC code.

Make no-ec2m work on Win32 build.
 2011-06-06 11:49:36 +00:00
Dr. Stephen Henson
24d7159abd Backport libcrypto audit: check return values of EVP functions instead 
of assuming they will always suceed.
 2011-06-03 20:53:00 +00:00
Dr. Stephen Henson
53dd05d8f6 Redirect RSA keygen, sign, verify to FIPS module. 2011-06-03 13:16:16 +00:00
Dr. Stephen Henson
fbe7055370 Redirection of low level APIs to FIPS module. 
Digest sign, verify operations are not redirected at this stage.
 2011-06-02 18:22:42 +00:00
Dr. Stephen Henson
916bcab28e Prohibit low level cipher APIs in FIPS mode. 
Not complete: ciphers with assembly language key setup are not
covered yet.
 2011-06-01 16:54:06 +00:00