Commit graph

1655 commits

Author SHA1 Message Date
Dr. Stephen Henson
9d2006d8ed add -trusted_first option and verify flag (backport from HEAD) 2012-09-26 13:50:42 +00:00
Andy Polyakov
988037fe18 MIPS assembly pack: jumbo update from HEAD. 2012-09-19 20:59:18 +00:00
Dr. Stephen Henson
dc14441757 Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate
change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.
2012-09-11 13:35:14 +00:00
Ben Laurie
da8512aaff Call OCSP Stapling callback after ciphersuite has been chosen, so the
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.  See
http://rt.openssl.org/Ticket/Display.html?id=2836.
2012-09-11 12:00:25 +00:00
Andy Polyakov
0e05b51fe5 Add linux-x32 target [from HEAD]. 2012-08-29 14:12:10 +00:00
Ben Laurie
4e14996e8a Missing from previous commit. 2012-05-29 18:39:32 +00:00
Dr. Stephen Henson
1dded7f7e8 Experimental multi-implementation support for FIPS capable OpenSSL.
When in FIPS mode the approved implementations are used as normal,
when not in FIPS mode the internal unapproved versions are used instead.
This means that the FIPS capable OpenSSL isn't forced to use the
(often lower perfomance) FIPS implementations outside FIPS mode.
2012-05-13 18:40:12 +00:00
Dr. Stephen Henson
482f238069 PR: 2813
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>

Fix possible deadlock when decoding public keys.
2012-05-11 13:53:23 +00:00
Dr. Stephen Henson
5e145e54cc PR: 2811
Reported by: Phil Pennock <openssl-dev@spodhuis.org>

Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.
2012-05-11 13:33:34 +00:00
Dr. Stephen Henson
e7c8483891 Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
DTLS to fix DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
2012-05-10 16:03:36 +00:00
Dr. Stephen Henson
24547c23ca Reported by: Solar Designer of Openwall
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:44:24 +00:00
Dr. Stephen Henson
a56f9a612b Don't try to use unvalidated composite ciphers in FIPS mode 2012-04-26 18:51:26 +00:00
Andy Polyakov
0ae89cf32e CHANGES: clarify. 2012-04-26 07:34:09 +00:00
Andy Polyakov
7e0c9630a3 CHANGES: fix typos and clarify. 2012-04-26 07:24:28 +00:00
Dr. Stephen Henson
a6df6702c6 Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
2012-04-25 23:06:31 +00:00
Andy Polyakov
f69abd5321 s23_clnt.c: ensure interoperability by maitaining client "version capability"
vector contiguous [from HEAD].
PR: 2802
2012-04-25 22:07:03 +00:00
Dr. Stephen Henson
d6ef8165bb update date 2012-04-19 16:21:49 +00:00
Dr. Stephen Henson
564a503b1b Check for potentially exploitable overflows in asn1_d2i_read_bio
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 16:19:07 +00:00
Bodo Möller
bb3add20f3 Disable SHA-2 ciphersuites in < TLS 1.2 connections.
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)

Submitted by: Adam Langley
2012-04-17 15:21:29 +00:00
Dr. Stephen Henson
48e0f6667b Additional workaround for PR#2771
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.

Document workarounds in CHANGES.
2012-04-17 14:47:14 +00:00
Dr. Stephen Henson
c3cb069108 transparently handle X9.42 DH parameters
(backport from HEAD)
2012-04-07 20:42:44 +00:00
Dr. Stephen Henson
491734eb21 Initial experimental support for X9.42 DH parameter format to handle
RFC5114 parameters and X9.42 DH public and private keys.
(backport from HEAD)
2012-04-07 20:22:11 +00:00
Dr. Stephen Henson
e811eff5a9 Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
(backport from HEAD)
2012-04-07 12:19:50 +00:00
Dr. Stephen Henson
e46c807e4f Add support for automatic ECDH temporary key parameter selection. When
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
(backport from HEAD)
2012-04-06 20:15:50 +00:00
Dr. Stephen Henson
6b870763ac Initial revision of ECC extension handling.
Tidy some code up.

Don't allocate a structure to handle ECC extensions when it is used for
default values.

Make supported curves configurable.

Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
(backport from HEAD)
2012-04-06 20:12:35 +00:00
Dr. Stephen Henson
5505818199 New ctrls to retrieve supported signature algorithms and curves and
extensions to s_client and s_server to print out retrieved valued.

Extend CERT structure to cache supported signature algorithm data.
(backport from HEAD)
2012-04-06 19:29:49 +00:00
Dr. Stephen Henson
a068a1d0e3 Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
(backport from HEAD)
2012-04-06 17:35:01 +00:00
Dr. Stephen Henson
37b16c84bb Add support for distinct certificate chains per key type and per SSL
structure.

Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
(backport from HEAD)
2012-04-06 17:22:48 +00:00
Dr. Stephen Henson
c523eb98d1 Backport DH client certificate support (from HEAD) 2012-04-06 11:34:42 +00:00
Dr. Stephen Henson
0ffa49970b Backport support for fixed DH ciphersuites (from HEAD) 2012-04-06 11:33:12 +00:00
Andy Polyakov
54543b954c CHANGES: harmonize with 1.0.0 and 1.0.1. 2012-03-31 18:56:07 +00:00
Dr. Stephen Henson
b911523977 set version to 1.0.2-dev 2012-03-22 15:29:21 +00:00
Dr. Stephen Henson
f3dcae15ac prepare for 1.0.1 release 2012-03-14 12:04:40 +00:00
Dr. Stephen Henson
08e4c7a967 correct CHANGES 2012-02-23 22:13:59 +00:00
Dr. Stephen Henson
a8314df902 Fix bug in CVE-2011-4619: check we have really received a client hello
before rejecting multiple SGC restarts.
2012-02-16 15:25:39 +00:00
Dr. Stephen Henson
0cd7a0325f Additional compatibility fix for MDC2 signature format.
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
2012-02-15 14:14:01 +00:00
Dr. Stephen Henson
16b7c81d55 An incompatibility has always existed between the format used for RSA
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.

This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.

Add detection in RSA_verify so either format works.

Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
2012-02-15 14:00:09 +00:00
Dr. Stephen Henson
fc6800d19f Modify client hello version when renegotiating to enhance interop with
some servers.
2012-02-09 15:41:44 +00:00
Dr. Stephen Henson
2dc4b0dbe8 Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:14:56 +00:00
Dr. Stephen Henson
25e3d2225a fix CHANGES entry 2012-01-17 14:19:09 +00:00
Bodo Möller
767d3e0054 Update for 0.9.8s and 1.0.0f.
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in the 1.0.1 branch, the actual code is here already.)
2012-01-05 13:46:27 +00:00
Dr. Stephen Henson
801e5ef840 update CHANGES 2012-01-04 23:53:52 +00:00
Dr. Stephen Henson
0044739ae5 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve

Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:05 +00:00
Dr. Stephen Henson
4e44bd3650 Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) 2012-01-04 23:13:29 +00:00
Dr. Stephen Henson
0cffb0cd3e fix CHANGES 2012-01-04 23:11:43 +00:00
Dr. Stephen Henson
aaa3850ccd Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) 2012-01-04 23:07:54 +00:00
Dr. Stephen Henson
a17b5d5a4f Check GOST parameters are not NULL (CVE-2012-0027) 2012-01-04 23:03:20 +00:00
Dr. Stephen Henson
2f97765bc3 Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577) 2012-01-04 23:01:19 +00:00
Dr. Stephen Henson
6e750fcb1e update CHANGES 2011-12-31 23:07:28 +00:00
Dr. Stephen Henson
bd6941cfaa PR: 2658
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00