Age | Commit message (Collapse) | Author |
|
Conflicts:
crypto/mem_dbg.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Conflicts:
ssl/s3_lib.c
Conflicts:
apps/cms.c
crypto/x509/x509_lu.c
crypto/x509/x509_vfy.h
ssl/s3_lib.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Conflicts:
crypto/cryptlib.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Conflicts:
crypto/bn/bntest.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Conflicts:
apps/speed.c
Conflicts:
apps/speed.c
Conflicts:
apps/speed.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
just can't handle it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Don't use double newline for headers.
Don't interpret ASN1_PCTX as start of an ASN.1 module.
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
available.
Script written by Tim Hudson, with amendments by Steve Henson, Rich Salz and
Matt Caswell
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Conflicts:
apps/ciphers.c
ssl/s3_pkt.c
Conflicts:
crypto/ec/ec_curve.c
Conflicts:
crypto/ec/ec_curve.c
ssl/s3_clnt.c
ssl/s3_srvr.c
ssl/ssl_sess.c
Conflicts:
apps/ciphers.c
crypto/bn/bn.h
crypto/ec/ec_curve.c
ssl/t1_enc.c
ssl/t1_lib.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
(cherry picked from commit 4a7fa26ffd65bf36beb8d1cb8f29fc0ae203f5c5)
Conflicts:
crypto/x509v3/pcy_tree.c
Conflicts:
apps/apps.c
ssl/ssltest.c
Conflicts:
apps/apps.c
crypto/ec/ec2_oct.c
crypto/ec/ecp_nistp224.c
crypto/ec/ecp_nistp256.c
crypto/ec/ecp_nistp521.c
ssl/s3_cbc.c
ssl/ssl_sess.c
ssl/t1_lib.c
Conflicts:
crypto/bio/b_sock.c
crypto/pem/pem.h
crypto/x509/x509_vfy.c
crypto/x509v3/pcy_tree.c
ssl/s3_both.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
indent will not alter them when reformatting comments
(cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960)
Conflicts:
crypto/bn/bn_lcl.h
crypto/bn/bn_prime.c
crypto/engine/eng_all.c
crypto/rc4/rc4_utl.c
crypto/sha/sha.h
ssl/kssl.c
ssl/t1_lib.c
Conflicts:
crypto/rc4/rc4_enc.c
crypto/x509v3/v3_scts.c
crypto/x509v3/v3nametest.c
ssl/d1_both.c
ssl/s3_srvr.c
ssl/ssl.h
ssl/ssl_locl.h
ssl/ssltest.c
ssl/t1_lib.c
Conflicts:
crypto/asn1/a_sign.c
crypto/bn/bn_div.c
crypto/dsa/dsa_asn1.c
crypto/ec/ecp_nistp224.c
crypto/ec/ecp_nistp256.c
crypto/ec/ecp_nistp521.c
crypto/ec/ecp_nistputil.c
crypto/modes/gcm128.c
crypto/opensslv.h
ssl/d1_both.c
ssl/heartbeat_test.c
ssl/s3_clnt.c
ssl/s3_srvr.c
ssl/ssl_sess.c
ssl/t1_lib.c
test/testutil.h
Conflicts:
apps/openssl.c
apps/ts.c
apps/vms_decc_init.c
crypto/aes/aes_core.c
crypto/aes/aes_x86core.c
crypto/dsa/dsa_ameth.c
crypto/ec/ec2_mult.c
crypto/evp/evp.h
crypto/objects/objects.h
crypto/rsa/rsa_pss.c
crypto/stack/safestack.h
crypto/ts/ts.h
crypto/ts/ts_rsp_verify.c
crypto/whrlpool/wp_dgst.c
crypto/x509v3/v3_ncons.c
e_os2.h
engines/ccgost/gost89.c
engines/ccgost/gost_ctl.c
engines/ccgost/gost_keywrap.c
engines/ccgost/gost_keywrap.h
engines/ccgost/gost_sign.c
ssl/kssl.c
ssl/s3_srvr.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
|
|
This warning breaks the build in 1.0.0 and 0.9.8
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit b1ffc6ca1c387efad0772c16dfe426afef45dc4f)
|
|
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 86d21d0b9577322ac5da0114c5fac16eb49b4cef)
Conflicts:
e_os.h
|
|
Windows 8 SDKs complain that GetVersion() is deprecated.
We only use GetVersion like this:
(GetVersion() < 0x80000000)
which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
(cherry picked from commit a4cc3c8041104896d51ae12ef7b678c31808ce52)
Conflicts:
apps/apps.c
crypto/bio/bss_log.c
Backported by Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openss.org>
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 41c9cfbc4ee7345547fb98cccb8511f082f0910b)
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Conflicts:
.gitignore
(cherry picked from commit 04f670cf3d8f22e0d197a071d2db536fb7ebd9c7)
Conflicts:
.gitignore
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
|
|
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Steve Henson <steve@openssl.org>
|
|
Fix typo in ssl3_get_cert_verify: we can only skip certificate verify
message if certificate is absent.
NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't
support DH certificates and this typo prohibits skipping of
certificate verify message for sign only certificates anyway.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
of the crash due to p being NULL. Steve's fix prevents this situation from
occuring - however this is by no means obvious by looking at the code for
dtls1_get_record. This fix just makes things look a bit more sane.
Conflicts:
ssl/d1_pkt.c
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
|
|
separate reads performed - one for the header and one for the body of the
handshake record.
CVE-2014-3571
Reviewed-by: Matt Caswell <matt@openssl.org>
Conflicts:
ssl/s3_pkt.c
|
|
Reviewed-by: Emilia Kasper <emilia@openssl.org>
(cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4a4d4158572fd8b3dc641851b8378e791df7972d)
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df)
Conflicts:
CHANGES
|
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit cb62ab4b17818fe66d2fed0a7fe71969131c811b)
|
|
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.
Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6)
Conflicts:
CHANGES
doc/ssl/SSL_CTX_set_options.pod
ssl/d1_srvr.c
ssl/s3_srvr.c
|
|
Fix bug where an OpenSSL client would accept a handshake using an
ephemeral ECDH ciphersuites with the server key exchange message omitted.
Thanks to Karthikeyan Bhargavan for reporting this issue.
CVE-2014-3572
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63)
Conflicts:
CHANGES
ssl/s3_clnt.c
|
|
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.
1. Reject signatures with non zero unused bits.
If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.
2. Check certificate algorithm consistency.
Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.
3. Check DSA/ECDSA signatures use DER.
Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.
This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).
CVE-2014-8275
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 208a6012be3077d83df4475f32dd1b1446f3a02e)
Conflicts:
crypto/dsa/dsa_vrf.c
|
|
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
(these are needed for certificate fingerprint fixes)
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 86edf13b1c97526c0cf63c37342aaa01f5442688)
|
|
According to X6.90 null, object identifier, boolean, integer and enumerated
types can only have primitive encodings: return an error if any of
these are received with a constructed encoding.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit f5e4b6b5b566320a8d774f9475540f7d0e6a704d)
Conflicts:
crypto/asn1/asn1_err.c
|
|
Causes more problems than it fixes: even though error codes
are not part of the stable API, several users rely on the
specific error code, and the change breaks them. Conversely,
we don't have any concrete use-cases for constant-time behaviour here.
This reverts commit 1bb01b1b5f27a7de33e7a67946b8c001b54e09e9.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit d45282fc7cd9b97ed1479f8b8af713337fce57f5)
|