Richard Levitte [Fri, 10 Jul 2015 16:29:17 +0000 (18:29 +0200)]
Set numeric IDs for tar as well
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
da24e6f8a05ea657684094e04c1a54efa04c2962)
Richard Levitte [Fri, 10 Jul 2015 13:40:53 +0000 (15:40 +0200)]
Stop using tardy
Instead of piping through tardy, and possibly suffering from bugs in certain
versions, use --transform, --owner and --group directly with GNU tar (we
already expect that tar variant).
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
27f98436b9a84b94fbdd8e32960504634ae44cc0)
Conflicts:
Makefile.org
Dr. Stephen Henson [Thu, 9 Jul 2015 15:56:45 +0000 (16:56 +0100)]
Sort @sstacklst correctly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
2a7059c56f885a3fa0842e886f5178def8e5481d)
Dr. Stephen Henson [Mon, 6 Jul 2015 13:17:49 +0000 (14:17 +0100)]
document -2 return value
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
5727582cf51e98e5e0faa435e7da2c8929533c0d)
Conflicts:
doc/crypto/X509_NAME_get_index_by_NID.pod
Dr. Stephen Henson [Wed, 1 Jul 2015 22:40:03 +0000 (23:40 +0100)]
Fix PSK handling.
The PSK identity hint should be stored in the SSL_SESSION structure
and not in the parent context (which will overwrite values used
by other SSL structures with the same SSL_CTX).
Use BUF_strndup when copying identity as it may not be null terminated.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
3c66a669dfc7b3792f7af0758ea26fe8502ce70c)
Dr. Stephen Henson [Wed, 24 Jun 2015 11:28:50 +0000 (12:28 +0100)]
Don't output bogus errors in PKCS12_parse
PR#3923
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
ffbf304d4832bd51bb0618f8ca5b7c26647ee664)
Richard Levitte [Mon, 15 Jun 2015 07:59:25 +0000 (09:59 +0200)]
Make preprocessor error into real preprocessor error
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit
b4f0d1a4a89b964dba80036a6348ca0a1913c526)
Richard Levitte [Sat, 13 Jun 2015 11:13:55 +0000 (13:13 +0200)]
Remove one extraneous parenthesis
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit
30cf91784bfde82622f79d87d17d20ce73329532)
Matt Caswell [Thu, 11 Jun 2015 14:16:43 +0000 (15:16 +0100)]
Prepare for 1.0.0t-dev
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Thu, 11 Jun 2015 14:13:36 +0000 (15:13 +0100)]
Prepare for 1.0.0s release
Reviewed-by: Stephen Henson <steve@openssl.org>
Matt Caswell [Wed, 10 Jun 2015 10:49:31 +0000 (11:49 +0100)]
Update CHANGES and NEWS
Updates to CHANGES and NEWS to take account of the latest security fixes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Tue, 12 May 2015 17:00:30 +0000 (19:00 +0200)]
PKCS#7: Fix NULL dereference with missing EncryptedContent.
CVE-2015-1790
Reviewed-by: Rich Salz <rsalz@openssl.org>
Emilia Kasper [Wed, 8 Apr 2015 14:56:43 +0000 (16:56 +0200)]
Fix length checks in X509_cmp_time to avoid out-of-bounds reads.
Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.
CVE-2015-1789
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Fri, 5 Jun 2015 11:11:25 +0000 (12:11 +0100)]
Fix infinite loop in CMS
Fix loop in do_free_upto if cmsbio is NULL: this will happen when attempting
to verify and a digest is not recognised. Reported by Johannes Bauer.
CVE-2015-1792
Reviewed-by: Matt Caswell <matt@openssl.org>
Richard Levitte [Thu, 11 Jun 2015 13:41:25 +0000 (15:41 +0200)]
Correction of make depend merge error
$(PROGS) was mistakenly removed, adding it back.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
5ef5b9ffa91ad6061c42291564a1dc786300ebdd)
Matt Caswell [Thu, 11 Jun 2015 00:30:06 +0000 (01:30 +0100)]
More ssl_session_dup fixes
Fix error handling in ssl_session_dup, as well as incorrect setting up of
the session ticket. Follow on from CVE-2015-1791.
Thanks to LibreSSL project for reporting these issues.
Conflicts:
ssl/ssl_sess.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 4 Jun 2015 13:22:00 +0000 (14:22 +0100)]
EC_POINT_is_on_curve does not return a boolean
The function EC_POINT_is_on_curve does not return a boolean value.
It returns 1 if the point is on the curve, 0 if it is not, and -1
on error. Many usages within OpenSSL were incorrectly using this
function and therefore not correctly handling error conditions.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit
68886be7e2cd395a759fcd41d2cede461b68843d)
Conflicts:
crypto/ec/ec2_oct.c
crypto/ec/ecp_oct.c
crypto/ec/ectest.c
Matt Caswell [Wed, 10 Jun 2015 08:32:34 +0000 (09:32 +0100)]
Fix Kerberos issue in ssl_session_dup
The fix for CVE-2015-1791 introduced an error in ssl_session_dup for
Kerberos.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
dcad51bc13c9b716d9a66248bcc4038c071ff158)
Dr. Stephen Henson [Mon, 8 Jun 2015 12:23:00 +0000 (13:23 +0100)]
return correct NID for undefined object
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
0fb9990480919163cc375a2b6c0df1d8d901a77b)
Matt Caswell [Thu, 4 Jun 2015 10:18:55 +0000 (11:18 +0100)]
Remove misleading comment
Remove a comment that suggested further clean up was required.
DH_free() performs the necessary cleanup.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
f3d889523ee84f1e87e4da0d59e2702a4bee7907)
Matt Caswell [Thu, 4 Jun 2015 10:16:16 +0000 (11:16 +0100)]
Clean premaster_secret for GOST
Ensure OPENSSL_cleanse() is called on the premaster secret value calculated for GOST.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
b7ee4815f2452c854cc859e8dda88f2673cdddea)
Conflicts:
ssl/s3_srvr.c
Matt Caswell [Thu, 4 Jun 2015 10:41:30 +0000 (11:41 +0100)]
Clean Kerberos pre-master secret
Ensure the Kerberos pre-master secret has OPENSSL_cleanse called on it.
With thanks to the Open Crypto Audit Project for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
4e3dbe37ca39fa68b6949fbde62f3ec0f0584f7e)
Matt Caswell [Tue, 19 May 2015 12:59:47 +0000 (13:59 +0100)]
Fix off-by-one error in BN_bn2hex
A BIGNUM can have the value of -0. The function BN_bn2hex fails to account
for this and can allocate a buffer one byte too short in the event of -0
being used, leading to a one byte buffer overrun. All usage within the
OpenSSL library is considered safe. Any security risk is considered
negligible.
With thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and
Filip Palian for discovering and reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
c56353071d9849220714d8a556806703771b9269)
Conflicts:
crypto/bn/bn_print.c
Richard Levitte [Sun, 31 May 2015 15:47:31 +0000 (17:47 +0200)]
Add the macro OPENSSL_SYS_WIN64
This is for consistency.
Additionally, have its presence define OPENSSL_SYS_WINDOWS as well.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
3f131556d6678bc3754f1e6d98a9a5bfc24e368c)
Conflicts:
e_os2.h
Matt Caswell [Mon, 18 May 2015 15:27:48 +0000 (16:27 +0100)]
Fix race condition in NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
CVE-2015-1791
This also fixes RT#3808 where a session ID is changed for a session already
in the client session cache. Since the session ID is the key to the cache
this breaks the cache access.
Parts of this patch were inspired by this Akamai change:
https://github.com/akamai/openssl/commit/
c0bf69a791239ceec64509f9f19fcafb2461b0d3
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
27c76b9b8010b536687318739c6f631ce4194688)
Conflicts:
ssl/ssl.h
ssl/ssl_err.c
Matt Caswell [Mon, 9 Mar 2015 16:09:04 +0000 (16:09 +0000)]
Clear state in DTLSv1_listen
This is a backport of commit
e83ee04bb7de800cdb71d522fa562e99328003a3 from
the master branch (and this has also been applied to 1.0.2). In 1.0.2 this
was CVE-2015-0207. For other branches there is no known security issue, but
this is being backported as a precautionary measure.
The DTLSv1_listen function is intended to be stateless and processes
the initial ClientHello from many peers. It is common for user code to
loop over the call to DTLSv1_listen until a valid ClientHello is received
with an associated cookie. A defect in the implementation of DTLSv1_listen
means that state is preserved in the SSL object from one invokation to the
next.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
cce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615)
Dr. Stephen Henson [Thu, 28 May 2015 14:44:20 +0000 (15:44 +0100)]
check for error when creating PKCS#8 structure
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc)
Dr. Stephen Henson [Thu, 28 May 2015 14:45:57 +0000 (15:45 +0100)]
PEM doc fixes
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
f097f81c891bb1f479426d8ac9c9541390334983)
Richard Levitte [Wed, 8 Apr 2015 17:26:11 +0000 (19:26 +0200)]
Have mkerr.pl treat already existing multiline string defs properly
Since source reformat, we ended up with some error reason string
definitions that spanned two lines. That in itself is fine, but we
sometimes edited them to provide better strings than what could be
automatically determined from the reason macro, for example:
{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
"Peer haven't sent GOST certificate, required for selected ciphersuite"},
However, mkerr.pl didn't treat those two-line definitions right, and
they ended up being retranslated to whatever the macro name would
indicate, for example:
{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
"No gost certificate sent by peer"},
Clearly not what we wanted. This change fixes this problem.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
2cfdfe0918f03f8323c9523a2beb2b363ae86ca7)
Richard Levitte [Sat, 23 May 2015 04:33:41 +0000 (06:33 +0200)]
Fix update and depend in engines/
The update: target in engines/ didn't recurse into engines/ccgost.
The update: and depend: targets in engines/ccgost needed a fixup.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
8b822d2566853ee5e313c37529f71336209b28ab)
Richard Levitte [Fri, 22 May 2015 17:23:43 +0000 (19:23 +0200)]
Missed a couple of spots in the update change
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
6f45032f6730622e8d484d92e07c7fce7d1f88ac)
Conflicts:
apps/Makefile
Richard Levitte [Fri, 22 May 2015 15:54:06 +0000 (17:54 +0200)]
Fix the update target and remove duplicate file updates
We had updates of certain header files in both Makefile.org and the
Makefile in the directory the header file lived in. This is error
prone and also sometimes generates slightly different results (usually
just a comment that differs) depending on which way the update was
done.
This removes the file update targets from the top level Makefile, adds
an update: target in all Makefiles and has it depend on the depend: or
local_depend: targets, whichever is appropriate, so we don't get a
double run through the whole file tree.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
0f539dc1a2f45580435c39dada44dd276e79cb88)
Conflicts:
Makefile.org
apps/Makefile
test/Makefile
crypto/cmac/Makefile
crypto/srp/Makefile
Matt Caswell [Tue, 19 May 2015 15:03:02 +0000 (16:03 +0100)]
Fix off-by-one in BN_rand
If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.
Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Matt Caswell [Tue, 19 May 2015 14:19:30 +0000 (15:19 +0100)]
Reject negative shifts for BN_rshift and BN_lshift
The functions BN_rshift and BN_lshift shift their arguments to the right or
left by a specified number of bits. Unpredicatable results (including
crashes) can occur if a negative number is supplied for the shift value.
Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
for discovering and reporting this issue.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit
7cc18d8158b5fc2676393d99b51c30c135502107)
Conflicts:
crypto/bn/bn.h
crypto/bn/bn_err.c
StudioEtrange [Wed, 20 May 2015 08:36:44 +0000 (04:36 -0400)]
GitHub284: Fix typo in xx-32.pl scripts.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Robert Swiecki [Mon, 18 May 2015 23:08:02 +0000 (19:08 -0400)]
Don't add write errors into bytecounts
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
00d565cfbe90fab3b157e644caca4eb4a2ebec79)
Rich Salz [Tue, 12 May 2015 15:49:32 +0000 (11:49 -0400)]
Add NULL checks from master
The big "don't check for NULL" cleanup requires backporting some
of the lowest-level functions to actually do nothing if NULL is
given. This will make it easier to backport fixes to release
branches, where master assumes those lower-level functions are "safe"
This commit addresses those tickets: 3798 3799 3801.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
f34b095fab1569d093b639bfcc9a77d6020148ff)
Gilles Khouzam [Sat, 2 May 2015 02:20:42 +0000 (22:20 -0400)]
RT3820: Don't call GetDesktopWindow()
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
bed2edf1cb73f1fe2c11029acc694086bc14443e)
Dr. Stephen Henson [Wed, 15 Apr 2015 23:00:40 +0000 (00:00 +0100)]
Limit depth of nested sequences when generating ASN.1
Reported by Hanno Böck <hanno@hboeck.de>
PR#3800
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
c4137b5e828d8fab0b244defb79257619dad8fc7)
Conflicts:
crypto/asn1/asn1_gen.c
Loganaden Velvindron [Wed, 22 Apr 2015 15:16:30 +0000 (16:16 +0100)]
Fix CRYPTO_strdup
The function CRYPTO_strdup (aka OPENSSL_strdup) fails to check the return
value from CRYPTO_malloc to see if it is NULL before attempting to use it.
This patch adds a NULL check.
RT3786
Signed-off-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
37b0cf936744d9edb99b5dd82cae78a7eac6ad60)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
20d21389c8b6f5b754573ffb6a4dc4f3986f2ca4)
Dr. Stephen Henson [Thu, 16 Apr 2015 15:43:09 +0000 (16:43 +0100)]
Fix encoding bug in i2c_ASN1_INTEGER
Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.
Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and
Hanno Böck <hanno@hboeck.de> for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
a0eed48d37a4b7beea0c966caf09ad46f4a92a44)
Viktor Dukhovni [Thu, 16 Apr 2015 06:53:29 +0000 (02:53 -0400)]
Code style: space after 'if'
Reviewed-by: Matt Caswell <gitlab@openssl.org>
Dr. Stephen Henson [Wed, 15 Apr 2015 23:21:05 +0000 (00:21 +0100)]
Reject empty generation strings.
Reported by Hanno Böck <hanno@hboeck.de>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
111b60bea01d234b5873488c19ff2b9c5d4d58e9)
Conflicts:
crypto/asn1/asn1_gen.c
Matt Caswell [Fri, 10 Apr 2015 15:49:33 +0000 (16:49 +0100)]
Fix ssl_get_prev_session overrun
If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read
past the end of the ClientHello message if the session_id length in the
ClientHello is invalid. This should not cause any security issues since the
underlying buffer is 16k in size. It should never be possible to overrun by
that many bytes.
This is probably made redundant by the previous commit - but you can never be
too careful.
With thanks to Qinghao Tang for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
5e0a80c1c9b2b06c2d203ad89778ce1b98e0b5ad)
Conflicts:
ssl/ssl_sess.c
Matt Caswell [Fri, 10 Apr 2015 16:25:27 +0000 (17:25 +0100)]
Check for ClientHello message overruns
The ClientHello processing is insufficiently rigorous in its checks to make
sure that we don't read past the end of the message. This does not have
security implications due to the size of the underlying buffer - but still
needs to be fixed.
With thanks to Qinghao Tang for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
c9642eb1ff79a30e2c7632ef8267cc34cc2b0d79)
Dr. Stephen Henson [Thu, 2 Apr 2015 12:45:14 +0000 (13:45 +0100)]
Don't set *pval to NULL in ASN1_item_ex_new.
While *pval is usually a pointer in rare circumstances it can be a long
value. One some platforms (e.g. WIN64) where
sizeof(long) < sizeof(ASN1_VALUE *) this will write past the field.
*pval is initialised correctly in the rest of ASN1_item_ex_new so setting it
to NULL is unecessary anyway.
Thanks to Julien Kauffmann for reporting this issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
f617b4969a9261b9d7d381670aefbe2cf766a2cb)
Conflicts:
crypto/asn1/tasn_new.c
Dr. Stephen Henson [Sun, 22 Mar 2015 17:34:56 +0000 (17:34 +0000)]
Make OCSP response verification more flexible.
If a set of certificates is supplied to OCSP_basic_verify use those in
addition to any present in the OCSP response as untrusted CAs when
verifying a certificate chain.
PR#3668
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
4ca5efc2874e094d6382b30416824eda6dde52fe)
Matt Caswell [Thu, 19 Mar 2015 13:45:41 +0000 (13:45 +0000)]
Prepare for 1.0.0s-dev
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 19 Mar 2015 13:43:00 +0000 (13:43 +0000)]
Prepare for 1.0.0r release
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 19 Mar 2015 13:43:00 +0000 (13:43 +0000)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 19 Mar 2015 11:35:33 +0000 (11:35 +0000)]
Fix unsigned/signed warnings
Fix some unsigned/signed warnings introduced as part of the fix
for CVE-2015-0293
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Thu, 19 Mar 2015 10:16:32 +0000 (10:16 +0000)]
Fix a failure to NULL a pointer freed on error.
Reported by the LibreSSL project as a follow on to CVE-2015-0209
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 17 Mar 2015 17:01:09 +0000 (17:01 +0000)]
Update NEWS file
Update the NEWS file with the latest entries from CHANGES ready for the
release.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Tue, 17 Mar 2015 16:56:27 +0000 (16:56 +0000)]
Update CHANGES for release
Update CHANGES fiel with all the latest fixes ready for the release.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell [Wed, 18 Mar 2015 10:04:06 +0000 (10:04 +0000)]
Remove overlapping CHANGES/NEWS entries
Remove entries from CHANGES and NEWS from letter releases that occur *after*
the next point release. Without this we get duplicate entries for the same
issue appearing multiple times.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Emilia Kasper [Wed, 4 Mar 2015 17:05:02 +0000 (09:05 -0800)]
Fix reachable assert in SSLv2 servers.
This assert is reachable for servers that support SSLv2 and export ciphers.
Therefore, such servers can be DoSed by sending a specially crafted
SSLv2 CLIENT-MASTER-KEY.
Also fix s2_srvr.c to error out early if the key lengths are malformed.
These lengths are sent unencrypted, so this does not introduce an oracle.
CVE-2015-0293
This issue was discovered by Sean Burford (Google) and Emilia Käsper of
the OpenSSL development team.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Emilia Kasper [Fri, 27 Feb 2015 15:52:23 +0000 (16:52 +0100)]
PKCS#7: avoid NULL pointer dereferences with missing content
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.
This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.
Correcting all low-level API calls requires further work.
CVE-2015-0289
Thanks to Michal Zalewski (Google) for reporting this issue.
Reviewed-by: Steve Henson <steve@openssl.org>
Dr. Stephen Henson [Mon, 9 Mar 2015 23:11:45 +0000 (23:11 +0000)]
Fix ASN1_TYPE_cmp
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.
CVE-2015-0286
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Mon, 23 Feb 2015 02:32:44 +0000 (02:32 +0000)]
Free up ADB and CHOICE if already initialised.
CVE-2015-0287
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Dr. Stephen Henson [Wed, 11 Mar 2015 23:30:52 +0000 (23:30 +0000)]
ASN.1 print fix.
When printing out an ASN.1 structure if the type is an item template don't
fall thru and attempt to interpret as a primitive type.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
5dc1247a7494f50c88ce7492518bbe0ce6f124fa)
Matt Caswell [Mon, 9 Mar 2015 13:59:58 +0000 (13:59 +0000)]
Cleanse buffers
Cleanse various intermediate buffers used by the PRF (backported version
from master).
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
35fafc4dbc0b3a717ad1b208fe2867e8c64867de)
Conflicts:
ssl/s3_enc.c
Conflicts:
ssl/t1_enc.c
Dr. Stephen Henson [Mon, 9 Mar 2015 16:40:22 +0000 (16:40 +0000)]
update ordinals
Reviewed-by: Matt Caswell <matt@openssl.org>
Dr. Stephen Henson [Sun, 8 Mar 2015 17:31:48 +0000 (17:31 +0000)]
fix warning
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
d6ca1cee8b6efac5906ac66443d1ca67fe689ff8)
Conflicts:
ssl/ssl_locl.h
Dr. Stephen Henson [Sun, 8 Mar 2015 16:57:46 +0000 (16:57 +0000)]
Fix warnings.
Fix compiler warnings (similar to commit
25012d5e79)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Tue, 3 Mar 2015 14:20:23 +0000 (14:20 +0000)]
Cleanse PKCS#8 private key components.
New function ASN1_STRING_clear_free which cleanses an ASN1_STRING
structure before freeing it.
Call ASN1_STRING_clear_free on PKCS#8 private key components.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
a8ae0891d4bfd18f224777aed1fbb172504421f1)
Conflicts:
crypto/dh/dh_ameth.c
Kurt Roeckx [Wed, 4 Mar 2015 20:57:52 +0000 (21:57 +0100)]
Remove export ciphers from the DEFAULT cipher list
They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
bc2e18a3c818ae7e2d8c996b6648aa4ae8e3ee28)
Matt Caswell [Fri, 6 Mar 2015 13:00:47 +0000 (13:00 +0000)]
Update mkerr.pl for new format
Make the output from mkerr.pl consistent with the newly reformatted code.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Dr. Stephen Henson [Wed, 18 Feb 2015 00:34:59 +0000 (00:34 +0000)]
Check public key is not NULL.
CVE-2015-0288
PR#3708
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
28a00bcd8e318da18031b2ac8778c64147cd54f9)
Dr. Stephen Henson [Mon, 2 Mar 2015 13:26:29 +0000 (13:26 +0000)]
Fix format script.
The format script didn't correctly recognise some ASN.1 macros and
didn't reformat some files as a result. Fix script and reformat
affected files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
437b14b533fe7f7408e3ebca6d5569f1d3347b1a)
Matt Caswell [Mon, 9 Feb 2015 11:38:41 +0000 (11:38 +0000)]
Fix a failure to NULL a pointer freed on error.
Inspired by BoringSSL commit
517073cd4b by Eric Roman <eroman@chromium.org>
CVE-2015-0209
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Dr. Stephen Henson [Tue, 24 Feb 2015 13:52:21 +0000 (13:52 +0000)]
Document -no_explicit
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit
384dee51242e950c56b3bac32145957bfbf3cd4b)
Andy Polyakov [Mon, 9 Feb 2015 14:59:09 +0000 (15:59 +0100)]
Bring objects.pl output even closer to new format.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit
849037169d98d070c27d094ac341fc6aca1ed2ca)
Andy Polyakov [Sat, 7 Feb 2015 09:15:32 +0000 (10:15 +0100)]
Harmonize objects.pl output with new format.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
7ce38623194f6df6a846cd01753b63f361c88e57)
Matt Caswell [Thu, 5 Feb 2015 10:19:55 +0000 (10:19 +0000)]
Fix error handling in ssltest
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit
ae632974f905c59176fa5f312826f8f692890b67)
Rich Salz [Thu, 5 Feb 2015 14:44:30 +0000 (09:44 -0500)]
Fixed bad formatting in crypto/des/spr.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
7e35f06ea908e47f87b723b5e951ffc55463eb8b)
Dr. Stephen Henson [Wed, 4 Feb 2015 03:31:34 +0000 (03:31 +0000)]
Make objxref.pl output in correct format
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434)
Dr. Stephen Henson [Sun, 1 Feb 2015 13:06:32 +0000 (13:06 +0000)]
Check PKCS#8 pkey field is valid before cleansing.
PR:3683
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit
52e028b9de371da62c1e51b46592517b1068d770)
Matt Caswell [Thu, 22 Jan 2015 11:44:18 +0000 (11:44 +0000)]
Fix for reformat problems with e_padlock.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit
d3b7cac41b957704932a0cdbc74d4d48ed507cd0)
Matt Caswell [Thu, 22 Jan 2015 10:42:48 +0000 (10:42 +0000)]
Fix formatting error in pem.h
Reviewed-by: Andy Polyakov <appro@openssl.org>
Conflicts:
crypto/pem/pem.h
Matt Caswell [Mon, 5 Jan 2015 11:30:03 +0000 (11:30 +0000)]
Re-align some comments after running the reformat script.
This should be a one off operation (subsequent invokation of the
script should not move them)
This commit is for the 1.0.0 changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 01:02:03 +0000 (01:02 +0000)]
Rerun util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 01:01:16 +0000 (01:01 +0000)]
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Thu, 22 Jan 2015 00:57:19 +0000 (00:57 +0000)]
Yet more changes to comments
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 23:54:59 +0000 (23:54 +0000)]
More tweaks for comments due indent issues
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 22:38:06 +0000 (22:38 +0000)]
Fix modes.h so that indent doesn't complain
Conflicts:
crypto/modes/modes.h
Conflicts:
crypto/modes/modes.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 22:03:55 +0000 (22:03 +0000)]
Backport hw_ibmca.c from master due to failed merge
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 21:22:49 +0000 (21:22 +0000)]
Tweaks for comments due to indent's inability to handle them
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 19:18:47 +0000 (19:18 +0000)]
Move more comments that confuse indent
Conflicts:
crypto/dsa/dsa.h
demos/engines/ibmca/hw_ibmca.c
ssl/ssl_locl.h
Conflicts:
crypto/bn/rsaz_exp.c
crypto/evp/e_aes_cbc_hmac_sha1.c
crypto/evp/e_aes_cbc_hmac_sha256.c
ssl/ssl_locl.h
Conflicts:
crypto/ec/ec2_oct.c
crypto/ec/ecp_nistp256.c
crypto/ec/ecp_nistp521.c
crypto/ec/ecp_nistputil.c
crypto/ec/ecp_oct.c
crypto/modes/gcm128.c
ssl/ssl_locl.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Wed, 21 Jan 2015 15:32:54 +0000 (15:32 +0000)]
Delete trailing whitespace from output.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Tue, 20 Jan 2015 18:53:56 +0000 (18:53 +0000)]
Add -d debug option to save preprocessed files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Dr. Stephen Henson [Tue, 20 Jan 2015 18:49:04 +0000 (18:49 +0000)]
Test option -nc
Add option -nc which sets COMMENTS=true but disables all indent comment
reformatting options.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 16:37:58 +0000 (16:37 +0000)]
Add ecp_nistz256.c to list of files skipped by openssl-format-source
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 16:34:27 +0000 (16:34 +0000)]
Manually reformat aes_x86core.c and add it to the list of files skipped by
openssl-format-source
Conflicts:
crypto/aes/aes_x86core.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 15:51:06 +0000 (16:51 +0100)]
crypto/ofb128.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 15:49:27 +0000 (16:49 +0100)]
modes/ctr128.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 15:47:51 +0000 (16:47 +0100)]
modes/cfb128.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 16:12:59 +0000 (16:12 +0000)]
Fix indent comment corruption issue
Reviewed-by: Tim Hudson <tjh@openssl.org>
Matt Caswell [Wed, 21 Jan 2015 15:28:57 +0000 (15:28 +0000)]
Amend openssl-format-source so that it give more repeatable output
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 12:18:42 +0000 (13:18 +0100)]
bn/bn_const.c: make it indent-friendly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Andy Polyakov [Wed, 21 Jan 2015 10:54:03 +0000 (11:54 +0100)]
bn/asm/x86_64-gcc.cL make it indent-friendly.
Conflicts:
crypto/bn/asm/x86_64-gcc.c
Reviewed-by: Tim Hudson <tjh@openssl.org>