Rich Salz
59ff1ce061
RT3548: Remove some obsolete platforms
...
This commit removes Sony NEWS4
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-18 14:17:33 -05:00
Rich Salz
b317819b2e
RT3548: Remove some obsolete platforms
...
This commit removes BEOS.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-17 17:24:51 -05:00
Matt Caswell
0c1bd7f03f
Add CHANGES entry for OCB
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:29:11 +00:00
Kurt Roeckx
12478cc449
Update changes to indicate that SSLv2 support has been removed
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-04 15:51:28 +01:00
Annie Yousar
c56a50b229
RT2679: Fix error if keysize too short
...
In keygen, return KEY_SIZE_TOO_SMALL not INVALID_KEYBITS.
** I also increased the minimum from 256 to 512, which is now
documented in CHANGES file. **
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-20 13:45:25 -05:00
David Benjamin
9e189b9dc1
Do not resume a session if the negotiated protocol version does not match
...
the session's version (server).
See also BoringSSL's commit bdf5e72f50e25f0e45e825c156168766d8442dde.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-20 16:29:04 +01:00
Emilia Kasper
31832e8ff1
Clean up CHANGES
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-20 14:57:15 +01:00
Emilia Kasper
e94a6c0ede
Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset
...
once the ChangeCipherSpec message is received. Previously, the server would
set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED.
This would allow a second CCS to arrive and would corrupt the server state.
(Because the first CCS would latch the correct keys and subsequent CCS
messages would have to be encrypted, a MitM attacker cannot exploit this,
though.)
Thanks to Joeri de Ruiter for reporting this issue.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-20 14:57:15 +01:00
Emilia Kasper
de2c7504eb
Always require an advertised NewSessionTicket message.
...
The server must send a NewSessionTicket message if it advertised one
in the ServerHello, so make a missing ticket message an alert
in the client.
An equivalent change was independently made in BoringSSL, see commit
6444287806d801b9a45baf1f6f02a0e3a16e144c.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-20 14:57:15 +01:00
Emilia Kasper
d663df2399
Tighten session ticket handling
...
Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.
Reviewed-by: Bodo Moeller <bodo@openssl.org>
2014-10-28 17:35:59 +01:00
Emilia Kasper
49b0dfc502
Add missing CHANGES interval [1.0.1h, 1.0.1i]
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-27 19:53:21 +01:00
Emilia Kasper
18a2d293f1
Sync CHANGES
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-27 17:51:34 +01:00
Andy Polyakov
9f4bd9d5f9
Add missing credit.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-22 09:35:51 +02:00
Matt Caswell
53afbe12ba
Updates CHANGES file
...
Reviewed-by: Bodo Möller <bodo@openssl.org>
2014-10-15 08:56:16 -04:00
Bodo Moeller
cf6da05304
Support TLS_FALLBACK_SCSV.
...
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-10-15 04:03:28 +02:00
Bodo Moeller
429a25b97d
DTLS 1.2 support has been added to 1.0.2.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-02 17:56:40 +02:00
Dr. Stephen Henson
7c4776251e
Add additional explanation to CHANGES entry.
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-29 12:25:10 +01:00
Dr. Stephen Henson
1cfd255c91
Add additional DigestInfo checks.
...
Reencode DigestInto in DER and check against the original: this
will reject any improperly encoded DigestInfo structures.
Note: this is a precautionary measure, there is no known attack
which can exploit this.
Thanks to Brian Smith for reporting this issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-29 12:01:05 +01:00
Emilia Kasper
5f85f64f7e
Note i2d_re_X509_tbs and related changes in CHANGES
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit e9128d9401
)
2014-09-23 18:28:10 +02:00
Andy Polyakov
507efe7372
CHANGES: mention ECP_NISTZ256.
...
Reviewed-by: Bodo Moeller <bodo@openssl.org>
2014-09-23 14:54:34 +02:00
Dr. Stephen Henson
b2774f6e17
Add CHANGES entry for SCT viewer code.
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-09-05 13:44:18 +01:00
Claus Assmann
14e961921a
RT3268: Fix spelling errors in CHANGES file.
...
Fix a bunch of typo's and speling (sic) errors in the CHANGES file.
Reviewed-by: Tim Hudson <tjh@cryptsoft.com>
2014-08-15 10:41:13 -04:00
Bodo Moeller
bac6740746
Sync with clean-up 1.0.2 CHANGES file.
...
(If a change is already present in 1.0.1f or 1.0.1h,
don't list it again under changes between 1.0.1h and 1.0.2.)
2014-08-01 18:41:17 +02:00
Bodo Moeller
38c654819c
Sync with current 1.0.2 CHANGES file.
2014-08-01 18:18:52 +02:00
Bodo Moeller
0fe73d6c36
Simplify and fix ec_GFp_simple_points_make_affine
...
(which didn't always handle value 0 correctly).
Reviewed-by: emilia@openssl.org
2014-08-01 17:18:14 +02:00
Andy Polyakov
7a2b54509c
CHANGES: mention new platforms.
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-07-22 20:19:37 +02:00
Dr. Stephen Henson
b948ee27b0
Remove all RFC5878 code.
...
Remove RFC5878 code. It is no longer needed for CT and has numerous bugs
2014-07-04 13:26:35 +01:00
Ben Laurie
5fc3a5fe49
Credit to Felix.
...
Closes #116 .
2014-06-01 15:31:27 +01:00
Martin Kaiser
189ae368d9
Add an NSS output format to sess_id to export to export the session id and the master key in NSS keylog format. PR#3352
2014-05-24 00:02:24 +01:00
mancha
8acb953880
Fix version documentation.
...
Specify -f is for compilation flags. Add -d to synopsis section.
Closes #77 .
2014-04-26 08:09:53 +01:00
mancha
e14f14d36e
Fix eckey_priv_encode()
...
Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
2014-04-26 07:59:13 +01:00
Ben Laurie
4ba5e63bfd
Fix double frees.
2014-04-22 16:58:43 +01:00
Dr. Stephen Henson
731f431497
Add heartbeat extension bounds check.
...
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
(cherry picked from commit 96db9023b8
)
2014-04-07 19:44:38 +01:00
Dr. Stephen Henson
cd6bd5ffda
Set TLS padding extension value.
...
Enable TLS padding extension using official value from:
http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
2014-04-05 20:43:54 +01:00
Dr. Stephen Henson
b48310627d
Don't try and verify signatures if key is NULL (CVE-2013-0166)
...
Add additional check to catch this in ASN1_item_verify too.
(cherry picked from commit 66e8211c0b
)
2014-04-01 16:37:51 +01:00
Dr. Stephen Henson
f9b6c0ba4c
Fix for CVE-2014-0076
...
Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140
Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483
)
Conflicts:
CHANGES
2014-03-12 14:29:43 +00:00
Dr. Stephen Henson
a4339ea3ba
Use algorithm specific chains for certificates.
...
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm
specific chains instead of the shared chain.
Update docs.
2014-01-03 22:39:49 +00:00
Dr. Stephen Henson
20b82b514d
Fix DTLS retransmission from previous session.
...
For DTLS we might need to retransmit messages from the previous session
so keep a copy of write context in DTLS retransmission buffers instead
of replacing it after sending CCS. CVE-2013-6450.
(cherry picked from commit 34628967f1
)
2013-12-20 23:46:16 +00:00
Dr. Stephen Henson
4fcdd66fff
Update to pad extension.
...
Fix padding calculation for different SSL_METHOD types. Use the
standard name as used in draft-agl-tls-padding-02
2013-12-13 15:39:55 +00:00
Dr. Stephen Henson
0467ea6862
Experimental workaround TLS filler (WTF) extension.
...
Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771):
if the TLS Client Hello record length value would otherwise be > 255 and less
that 512 pad with a dummy extension containing zeroes so it is at least 512.
To enable it use an unused extension number (for example 0x4242) using
e.g. -DTLSEXT_TYPE_wtf=0x4242
WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
2013-11-06 20:49:47 +00:00
Dr. Stephen Henson
5fdeb58ccd
Update test server details.
2013-10-22 07:38:25 +01:00
Dr. Stephen Henson
94c2f77a62
Add functions to set ECDSA_METHOD structure.
...
Add various functions to allocate and set the fields of an ECDSA_METHOD
structure.
2013-09-18 01:22:50 +01:00
Bodo Moeller
7d3ba88a98
Move change note for SSL_OP_SAFARI_ECDHE_ECDSA_BUG.
...
(This went into 1.0.2 too, so it's not actually a change
between 1.0.x and 1.1.0.)
2013-09-17 10:06:34 +02:00
Bodo Moeller
cdf84b719c
Move the change note for partial chain verification: this is code from
...
the main branch (http://cvs.openssl.org/chngview?cn=19322 ) later added
to the 1.0.2 branch (http://cvs.openssl.org/chngview?cn=23113 ), and
thus not a change "between 1.0.2 and 1.1.0".
2013-09-17 09:48:23 +02:00
Bodo Moeller
4dc836773e
Sync CHANGES and NEWS files.
...
(Various changes from the master branch are now in the 1.0.2 branch too.)
2013-09-16 14:55:03 +02:00
Rob Stradling
785da0e610
Update CHANGES.
2013-09-13 18:15:56 +01:00
Dr. Stephen Henson
a6e7d1c0e3
Document extension clash.
2013-09-08 15:10:46 +01:00
Dr. Stephen Henson
5e3ff62c34
Experimental encrypt-then-mac support.
...
Experimental support for encrypt then mac from
draft-gutmann-tls-encrypt-then-mac-02.txt
To enable it set the appropriate extension number (0x10 for the test server)
using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10
For non-compliant peers (i.e. just about everything) this should have no
effect.
2013-09-08 13:14:03 +01:00
Scott Deboy
36086186a9
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
...
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
2013-09-06 13:59:13 +01:00
Veres Lajos
478b50cf67
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
Dr. Stephen Henson
97cf1f6c28
EVP support for wrapping algorithms.
...
Add support for key wrap algorithms via EVP interface.
Generalise AES wrap algorithm and add to modes, making existing
AES wrap algorithm a special case.
Move test code to evptests.txt
2013-07-17 21:45:00 +01:00
Jeff Walton
3d7bf77f61
Fix multiple cosmetic typos.
2013-07-04 20:35:53 +01:00
Dr. Stephen Henson
5c84d2f560
Update CHANGES
2013-06-21 23:43:06 +01:00
Dr. Stephen Henson
271fef0ef3
Exetended OAEP support.
...
Extend OAEP support. Generalise the OAEP padding functions to support
arbitrary digests. Extend EVP_PKEY RSA method to handle the new OAEP
padding functions and add ctrls to set the additional parameters.
2013-06-12 18:48:17 +01:00
Trevor
a398f821fa
Add support for arbitrary TLS extensions.
...
Contributed by Trevor Perrin.
2013-06-12 17:01:13 +01:00
Dr. Stephen Henson
c6913eeb76
Dual DTLS version methods.
...
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and
pick the highest version the peer supports during negotiation.
As with SSL/TLS options can change this behaviour specifically
SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
2013-04-09 14:02:48 +01:00
Dr. Stephen Henson
b7d1a1af76
correct CHANGES
2012-12-19 14:34:39 +00:00
Ben Laurie
fefc111a2a
Make openssl verify return errors.
2012-12-11 16:05:14 +00:00
Ben Laurie
30c278aa6b
Fix OCSP checking.
2012-12-07 18:47:47 +00:00
Dr. Stephen Henson
0090a686c0
Add code to download CRLs based on CRLDP extension.
...
Just a sample, real world applications would have to be cleverer.
2012-12-06 18:43:40 +00:00
Dr. Stephen Henson
3bf15e2974
Integrate host, email and IP address checks into X509_verify.
...
Add new verify options to set checks.
Remove previous -check* commands from s_client and s_server.
2012-12-05 18:35:20 +00:00
Dr. Stephen Henson
2e8cb108dc
initial support for delta CRL generations by diffing two full CRLs
2012-12-04 18:35:36 +00:00
Dr. Stephen Henson
fdb78f3d88
New option to add CRLs for s_client and s_server.
2012-12-02 16:16:28 +00:00
Dr. Stephen Henson
6f9076ff37
Generalise OCSP I/O functions to support dowloading of other ASN1
...
structures using HTTP. Add wrapper function to handle CRL download.
2012-11-28 16:22:53 +00:00
Dr. Stephen Henson
2c340864be
New functions to set lookup_crls callback and to retrieve internal X509_STORE
...
from X509_STORE_CTX.
2012-11-27 23:47:48 +00:00
Dr. Stephen Henson
20b431e3a9
Add support for printing out and retrieving EC point formats extension.
2012-11-22 15:20:53 +00:00
Dr. Stephen Henson
1c455bc084
new function ASN1_TIME_diff to calculate difference between two ASN1_TIME structures
2012-11-19 15:12:07 +00:00
Dr. Stephen Henson
d88926f181
PR: 2909
...
Contributed by: Florian Weimer <fweimer@redhat.com>
Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
2012-11-18 15:13:55 +00:00
Dr. Stephen Henson
3db935a9e5
add SSL_CONF functions and documentation
2012-11-16 19:12:24 +00:00
Dr. Stephen Henson
a70da5b3ec
New functions to check a hostname email or IP address against a
...
certificate. Add options to s_client, s_server and x509 utilities
to print results of checks.
2012-10-08 15:10:07 +00:00
Andy Polyakov
b8c5929130
config: detect linux-mips* targets.
2012-09-19 20:58:07 +00:00
Dr. Stephen Henson
4f3df8bea2
Add -rev test option to s_server to just reverse order of characters received
...
by client and send back to server. Also prints an abbreviated summary of
the connection parameters.
2012-09-14 13:27:05 +00:00
Dr. Stephen Henson
2a7cbe77b3
Add -brief option to s_client and s_server to summarise connection details.
...
New option -verify_quiet to shut up the verify callback unless there is
an error.
2012-09-12 23:14:28 +00:00
Dr. Stephen Henson
94a209d8e1
Add ctrl and utility functions to retrieve raw cipher list sent by client in
...
client hello message. Previously this could only be retrieved on an initial
connection and it was impossible to determine the cipher IDs of any uknown
ciphersuites.
2012-09-12 13:57:48 +00:00
Dr. Stephen Henson
e5db9c3b67
Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate
...
change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.
2012-09-11 13:34:08 +00:00
Ben Laurie
2daceb0342
Call OCSP Stapling callback after ciphersuite has been chosen, so the
...
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent. See
http://rt.openssl.org/Ticket/Display.html?id=2836 .
2012-09-11 12:57:46 +00:00
Andy Polyakov
0e1f390bad
Harmonize CHANGES in HEAD.
2012-08-29 14:14:05 +00:00
Dr. Stephen Henson
2ea8035460
Add three Suite B modes to TLS code, supporting RFC6460.
2012-08-15 15:15:05 +00:00
Dr. Stephen Henson
3ad344a517
add suite B chain validation flags and associated verify errors
2012-08-03 13:51:43 +00:00
Dr. Stephen Henson
6dbb6219e7
Make tls1_check_chain return a set of flags indicating checks passed
...
by a certificate chain. Add additional tests to handle client
certificates: checks for matching certificate type and issuer name
comparison.
Print out results of checks for each candidate chain tested in
s_server/s_client.
2012-07-27 13:39:23 +00:00
Dr. Stephen Henson
ec4a50b3c3
Abort handshake if signature algorithm used not supported by peer.
2012-07-24 18:11:27 +00:00
Dr. Stephen Henson
d18b716d25
check EC tmp key matches preferences
2012-07-24 13:47:40 +00:00
Dr. Stephen Henson
74ecfab401
Add support for certificate stores in CERT structure. This makes it
...
possible to have different stores per SSL structure or one store in
the parent SSL_CTX. Include distint stores for certificate chain
verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
to build and store a certificate chain in CERT structure: returing
an error if the chain cannot be built: this will allow applications
to test if a chain is correctly configured.
Note: if the CERT based stores are not set then the parent SSL_CTX
store is used to retain compatibility with existing behaviour.
2012-07-23 23:34:28 +00:00
Dr. Stephen Henson
b7bfe69b66
New function ssl_set_client_disabled to set masks for any ciphersuites
...
that are disabled for this session (as opposed to always disabled by
configuration).
2012-07-18 14:09:46 +00:00
Dr. Stephen Henson
9f27b1eec3
Add new ctrl to retrieve client certificate types, print out
...
details in s_client.
Also add ctrl to set client certificate types. If not used sensible values
will be included based on supported signature algorithms: for example if
we don't include any DSA signing algorithms the DSA certificate type is
omitted.
Fix restriction in old code where certificate types would be truncated
if it exceeded TLS_CT_NUMBER.
2012-07-08 14:22:45 +00:00
Dr. Stephen Henson
3dbc46dfcd
Separate client and server permitted signature algorithm support: by default
...
the permitted signature algorithms for server and client authentication
are the same but it is now possible to set different algorithms for client
authentication only.
2012-07-03 12:51:14 +00:00
Dr. Stephen Henson
18d7158809
Add certificate callback. If set this is called whenever a certificate
...
is required by client or server. An application can decide which
certificate chain to present based on arbitrary criteria: for example
supported signature algorithms. Add very simple example to s_server.
This fixes many of the problems and restrictions of the existing client
certificate callback: for example you can now clear existing certificates
and specify the whole chain.
2012-06-29 14:24:42 +00:00
Dr. Stephen Henson
d61ff83be9
Add new "valid_flags" field to CERT_PKEY structure which determines what
...
the certificate can be used for (if anything). Set valid_flags field
in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
to have similar checks in it.
Add new "cert_flags" field to CERT structure and include a "strict mode".
This enforces some TLS certificate requirements (such as only permitting
certificate signature algorithms contained in the supported algorithms
extension) which some implementations ignore: this option should be used
with caution as it could cause interoperability issues.
2012-06-28 12:45:49 +00:00
Dr. Stephen Henson
4453cd8c73
Reorganise supported signature algorithm extension processing.
...
Only store encoded versions of peer and configured signature algorithms.
Determine shared signature algorithms and cache the result along with NID
equivalents of each algorithm.
2012-06-25 14:32:30 +00:00
Dr. Stephen Henson
0f229cce65
Add support for application defined signature algorithms for use with
...
TLS v1.2. These are sent as an extension for clients and during a certificate
request for servers.
TODO: add support for shared signature algorithms, respect shared algorithms
when deciding which ciphersuites and certificates to permit.
2012-06-22 14:03:31 +00:00
Dr. Stephen Henson
a5ee80b910
Make it possible to delete all certificates from an SSL structure.
2012-06-18 12:56:59 +00:00
Dr. Stephen Henson
93ab9e421e
Initial record tracing code. Print out all fields in SSL/TLS records
...
for debugging purposes. Needs "enable-ssl-trace" configuration option.
2012-06-15 12:46:09 +00:00
Dr. Stephen Henson
dfcf48f499
New functions to retrieve certificate signatures and signature OID NID.
2012-06-13 13:08:12 +00:00
Dr. Stephen Henson
4b9e0b5f74
print out issuer and subject unique identifier fields in certificates
2012-06-12 13:41:18 +00:00
Ben Laurie
a9e1c50bb0
RFC 5878 support.
2012-05-30 10:10:58 +00:00
Dr. Stephen Henson
4242a090c7
PR: 2813
...
Reported by: Constantine Sapuntzakis <csapuntz@gmail.com>
Fix possible deadlock when decoding public keys.
2012-05-11 13:53:37 +00:00
Dr. Stephen Henson
c3b1303387
PR: 2811
...
Reported by: Phil Pennock <openssl-dev@spodhuis.org>
Make renegotiation work for TLS 1.2, 1.1 by not using a lower record
version client hello workaround if renegotiating.
2012-05-11 13:34:29 +00:00
Dr. Stephen Henson
c46ecc3a55
Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and
...
DTLS to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
2012-05-10 16:03:52 +00:00
Dr. Stephen Henson
225055c30b
Reported by: Solar Designer of Openwall
...
Make sure tkeylen is initialised properly when encrypting CMS messages.
2012-05-10 13:46:09 +00:00
Dr. Stephen Henson
a708609945
Don't try to use unvalidated composite ciphers in FIPS mode
2012-04-26 18:55:01 +00:00
Andy Polyakov
a2b21191d9
CHANGES: clarify.
2012-04-26 07:33:26 +00:00
Andy Polyakov
396f8b71ac
CHANGES: fix typos and clarify.
2012-04-26 07:20:06 +00:00
Dr. Stephen Henson
43d5b4ff31
Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and
...
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
2012-04-25 23:04:42 +00:00
Andy Polyakov
f2ad35821c
s23_clnt.c: ensure interoperability by maitaining client "version capability"
...
vector contiguous.
PR: 2802
2012-04-25 22:06:32 +00:00
Dr. Stephen Henson
d9a9d10f4f
Check for potentially exploitable overflows in asn1_d2i_read_bio
...
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.
Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
2012-04-19 16:19:56 +00:00
Bodo Möller
d3ddf0228e
Disable SHA-2 ciphersuites in < TLS 1.2 connections.
...
(TLS 1.2 clients could end up negotiating these with an OpenSSL server
with TLS 1.2 disabled, which is problematic.)
Submitted by: Adam Langley
2012-04-17 15:23:03 +00:00
Dr. Stephen Henson
800e1cd969
Additional workaround for PR#2771
...
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
ciphersuites to this value. A value of 50 should be sufficient.
Document workarounds in CHANGES.
2012-04-17 15:12:09 +00:00
Dr. Stephen Henson
a43526302f
Add support for automatic ECDH temporary key parameter selection. When
...
enabled instead of requiring an application to hard code a (possibly
inappropriate) parameter set and delve into EC internals we just
automatically use the preferred curve.
2012-04-05 13:38:27 +00:00
Andy Polyakov
82c5ac4599
CHANGES: harmonize with 1.0.0 and 1.0.1.
2012-03-31 18:56:27 +00:00
Dr. Stephen Henson
d0595f170c
Initial revision of ECC extension handling.
...
Tidy some code up.
Don't allocate a structure to handle ECC extensions when it is used for
default values.
Make supported curves configurable.
Add ctrls to retrieve shared curves: not fully integrated with rest of
ECC code yet.
2012-03-28 15:05:04 +00:00
Dr. Stephen Henson
e7f8ff4382
New ctrls to retrieve supported signature algorithms and curves and
...
extensions to s_client and s_server to print out retrieved valued.
Extend CERT structure to cache supported signature algorithm data.
2012-03-06 14:28:21 +00:00
Dr. Stephen Henson
64095ce9d7
Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
...
between NIDs and the more common NIST names such as "P-256". Enhance
ecparam utility and ECC method to recognise the NIST names for curves.
2012-02-21 14:41:13 +00:00
Dr. Stephen Henson
206310c305
Fix bug in CVE-2011-4619: check we have really received a client hello
...
before rejecting multiple SGC restarts.
2012-02-16 15:26:04 +00:00
Dr. Stephen Henson
5863163732
Additional compatibility fix for MDC2 signature format.
...
Update RSA EVP_PKEY_METHOD to use the OCTET STRING form of MDC2 signature:
this will make all versions of MDC2 signature equivalent.
2012-02-15 14:27:25 +00:00
Dr. Stephen Henson
83cb7c4635
An incompatibility has always existed between the format used for RSA
...
signatures and MDC2 using EVP or RSA_sign. This has become more apparent
when the dgst utility in OpenSSL 1.0.0 and later switched to using the
EVP_DigestSign functions which call RSA_sign.
This means that the signature format OpenSSL 1.0.0 and later used with
dgst -sign and MDC2 is incompatible with previous versions.
Add detection in RSA_verify so either format works.
Note: MDC2 is disabled by default in OpenSSL and very rarely used in practice.
2012-02-15 14:04:00 +00:00
Dr. Stephen Henson
f4e1169341
Modify client hello version when renegotiating to enhance interop with
...
some servers.
2012-02-09 15:42:10 +00:00
Dr. Stephen Henson
f71c6e52f7
Add support for distinct certificate chains per key type and per SSL
...
structure.
Before this the only way to add a custom chain was in the parent SSL_CTX
(which is shared by all key types and SSL structures) or rely on auto
chain building (which is performed on each handshake) from the trust store.
2012-01-31 14:00:10 +00:00
Dr. Stephen Henson
0d60939515
add support for use of fixed DH client certificates
2012-01-25 14:51:49 +00:00
Dr. Stephen Henson
855d29184e
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
...
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
2012-01-18 18:15:27 +00:00
Dr. Stephen Henson
ac07bc8602
fix CHANGES entry
2012-01-17 14:20:32 +00:00
Dr. Stephen Henson
8e1dc4d7ca
Support for fixed DH ciphersuites.
...
The cipher definitions of these ciphersuites have been around since SSLeay
but were always disabled. Now OpenSSL supports DH certificates they can be
finally enabled.
Various additional changes were needed to make them work properly: many
unused fixed DH sections of code were untested.
2012-01-16 18:19:14 +00:00
Bodo Möller
8e85545284
Update for 0.9.8s and 1.0.0f, and for 1.0.1 branch.
...
(While the 1.0.0f CHANGES entry on VOS PRNG seeding was missing
in HEAD, the actual code is here already.)
2012-01-05 13:48:55 +00:00
Dr. Stephen Henson
4d0bafb4ae
update CHANGES
2012-01-04 23:54:17 +00:00
Dr. Stephen Henson
e745572493
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de>
...
Reviewed by: steve
Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and
Kenny Paterson.
2012-01-04 23:52:26 +00:00
Dr. Stephen Henson
27dfffd5b7
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
2012-01-04 23:16:15 +00:00
Dr. Stephen Henson
2ec0497f08
fix CHANGES
2012-01-04 23:10:44 +00:00
Dr. Stephen Henson
6bf896d9b1
Check GOST parameters are not NULL (CVE-2012-0027)
2012-01-04 23:03:40 +00:00
Dr. Stephen Henson
be71c37296
Prevent malformed RFC3779 data triggering an assertion failure (CVE-2011-4577)
2012-01-04 23:01:54 +00:00
Dr. Stephen Henson
0b9f5ef809
update CHANGES
2011-12-31 23:08:15 +00:00
Dr. Stephen Henson
4817504d06
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 22:59:57 +00:00
Dr. Stephen Henson
ad89bf7894
PR: 2563
...
Submitted by: Paul Green <Paul.Green@stratus.com>
Reviewed by: steve
Improved PRNG seeding for VOS.
2011-12-19 17:01:37 +00:00
Andy Polyakov
e75440d2c9
update CHANGES.
2011-12-19 14:48:49 +00:00
Dr. Stephen Henson
188c53f7e8
update CHANGES
2011-12-19 14:41:03 +00:00
Ben Laurie
9a436c0f89
Back out redundant verification time change.
2011-12-13 15:00:43 +00:00
Ben Laurie
7fd5df6b12
Make it possible to set a time for verification.
2011-12-13 14:38:12 +00:00
Dr. Stephen Henson
627b044536
update CHANGES
2011-12-10 00:49:05 +00:00
Dr. Stephen Henson
2ca873e8d8
transparently handle X9.42 DH parameters
2011-12-07 12:44:03 +00:00
Dr. Stephen Henson
afb14cda8c
Initial experimental support for X9.42 DH parameter format to handle
...
RFC5114 parameters and X9.42 DH public and private keys.
2011-12-07 00:32:34 +00:00
Bodo Möller
19b0d0e75b
Resolve a stack set-up race condition (if the list of compression
...
methods isn't presorted, it will be sorted on first read).
Submitted by: Adam Langley
2011-12-02 12:52:00 +00:00
Bodo Möller
ea8c77a55b
Fix ecdsatest.c.
...
Submitted by: Emilia Kasper
2011-12-02 12:41:17 +00:00
Bodo Möller
a7c71d8955
Update HEAD CHANGES file.
2011-12-02 12:28:20 +00:00
Bodo Möller
390c579568
Fix BIO_f_buffer().
...
Submitted by: Adam Langley
Reviewed by: Bodo Moeller
2011-12-02 12:25:03 +00:00
Ben Laurie
e0af04056c
Add TLS exporter.
2011-11-15 23:50:52 +00:00
Ben Laurie
333f926d67
Add DTLS-SRTP.
2011-11-15 22:59:20 +00:00
Dr. Stephen Henson
20bee9684d
Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.
2011-11-13 14:07:36 +00:00
Dr. Stephen Henson
a98b8ce652
Update fips_test_suite to take multiple command line options and
...
an induced error checking function.
2011-11-06 12:53:13 +00:00
Dr. Stephen Henson
f4324e51dd
Add single call public key sign and verify functions.
2011-11-05 01:34:36 +00:00
Dr. Stephen Henson
3ec9dceb15
Add fips_algvs utility (from FIPS 2.0 stable branch).
2011-11-02 00:57:22 +00:00
Dr. Stephen Henson
5e4eb9954b
add authentication parameter to FIPS_module_mode_set
2011-10-19 22:34:53 +00:00
Bodo Möller
e5641d7f05
BN_BLINDING multi-threading fix.
...
Submitted by: Emilia Kasper (Google)
2011-10-19 14:59:27 +00:00
Bodo Möller
e0d6132b8c
Fix warnings.
...
Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.
2011-10-19 08:59:53 +00:00
Bodo Möller
3e00b4c9db
Improve optional 64-bit NIST-P224 implementation, and add NIST-P256 and
...
NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)
Submitted by: Google Inc.
2011-10-18 19:43:16 +00:00
Bodo Möller
8b37d33a94
typo
2011-10-13 13:20:33 +00:00
Bodo Möller
3ddc06f082
In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
...
Submitted by: Bob Buckholz <bbuckholz@google.com>
2011-10-13 13:05:58 +00:00
Dr. Stephen Henson
ccbb9badba
fix CHANGES entry
2011-10-09 23:11:55 +00:00
Dr. Stephen Henson
2bfeb7dc83
Add FIPS selftests for ECDH algorithm.
2011-09-29 23:08:23 +00:00
Dr. Stephen Henson
cb71870dfa
Use function name FIPS_drbg_health_check() for health check function.
...
Add explanatory comments to health check code.
2011-09-22 14:01:25 +00:00
Dr. Stephen Henson
4420b3b17a
Revise DRBG to split between internal and external flags.
...
One demand health check function.
Perform generation test in fips_test_suite.
Option to skip dh test if fips_test_suite.
2011-09-21 17:04:56 +00:00
Dr. Stephen Henson
15094852de
new function to lookup FIPS supported ciphers by NID
2011-09-14 13:25:48 +00:00
Dr. Stephen Henson
a11f06b2dc
More extensive DRBG health check. New function to call health check
...
for all DRBG combinations.
2011-09-12 18:47:39 +00:00
Dr. Stephen Henson
7fdcb45745
Add support for Dual EC DRBG from SP800-90. Include updates to algorithm
...
tests and POST code.
2011-09-09 17:16:43 +00:00
Dr. Stephen Henson
0486cce653
Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past
...
produce an error (CVE-2011-3207)
2011-09-06 15:15:09 +00:00
Bodo Möller
c519e89f5c
Fix session handling.
2011-09-05 13:36:23 +00:00
Bodo Möller
612fcfbd29
Fix d2i_SSL_SESSION.
2011-09-05 13:31:17 +00:00
Bodo Möller
e7928282d0
(EC)DH memory handling fixes.
...
Submitted by: Adam Langley
2011-09-05 10:25:31 +00:00
Bodo Möller
837e1b6812
Fix memory leak on bad inputs.
2011-09-05 09:57:20 +00:00
Bodo Möller
acb4ab34a4
Synchronize with 1.0.1 CHANGES file.
2011-09-05 09:30:50 +00:00
Dr. Stephen Henson
f55f5f775e
Add support for canonical generation of DSA parameter g.
...
Modify fips_dssvs to support appropriate file format.
2011-08-26 14:51:49 +00:00
Andy Polyakov
c608171d9c
Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
2011-08-23 20:51:38 +00:00
Dr. Stephen Henson
1f59a84308
Remove hard coded ecdsaWithSHA1 hack in ssl routines and check for RSA
...
using OBJ xref utilities instead of string comparison with OID name.
This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.
2011-08-14 13:45:19 +00:00
Dr. Stephen Henson
20f12e63ff
Add HMAC DRBG from SP800-90
2011-08-08 22:07:38 +00:00
Dr. Stephen Henson
28dd49faec
Expand range of ctrls for AES GCM to support retrieval and setting of
...
invocation field.
Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.
2011-08-03 15:37:22 +00:00
Dr. Stephen Henson
fe8aeffa92
Update CHANGES.
2011-07-25 21:43:57 +00:00
Dr. Stephen Henson
01a9a7592e
Add functions to return FIPS module version.
2011-07-04 23:38:16 +00:00
Bodo Möller
e66cb363d6
Fix the version history: changes going into 1.1.0 that are also going
...
into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0".
This makes the OpenSSL_1_0_1-stable and HEAD versions of this file
consistent with each other (the HEAD version has the additional 1.1.0
section, but doesn't otherwise differ).
2011-06-15 14:49:17 +00:00
Dr. Stephen Henson
eda3766b53
Output supported curves in preference order instead of numerically.
2011-05-30 17:58:13 +00:00
Dr. Stephen Henson
992bdde62d
Fix the ECDSA timing attack mentioned in the paper at:
...
http://eprint.iacr.org/2011/232.pdf
Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.
2011-05-25 14:41:56 +00:00
Dr. Stephen Henson
f37f20ffd3
PR: 2295
...
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
2011-05-20 14:56:29 +00:00
Dr. Stephen Henson
101e6e19f2
Add CHANGES entry: add FIPS support to ssl
2011-05-19 18:10:25 +00:00
Dr. Stephen Henson
086e32a6c7
Implement FIPS_mode and FIPS_mode_set
2011-05-19 18:09:02 +00:00
Dr. Stephen Henson
855a54a9a5
Provisional support for TLS v1.2 client authentication: client side only.
...
Parse certificate request message and set digests appropriately.
Generate new TLS v1.2 format certificate verify message.
Keep handshake caches around for longer as they are needed for client auth.
2011-05-12 17:35:03 +00:00
Dr. Stephen Henson
c2fd598994
Rename FIPS_mode_set and FIPS_mode. Theses symbols will be defined in
...
the FIPS capable OpenSSL.
2011-05-11 14:43:38 +00:00
Dr. Stephen Henson
a2f9200fba
Initial TLS v1.2 client support. Include a default supported signature
...
algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.
Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.
2011-05-09 15:44:01 +00:00
Dr. Stephen Henson
6b7be581e5
Continuing TLS v1.2 support: add support for server parsing of
...
signature algorithms extension and correct signature format for
server key exchange.
All ciphersuites should now work on the server but no client support and
no client certificate support yet.
2011-05-06 13:00:07 +00:00
Dr. Stephen Henson
7409d7ad51
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
...
checking added, SHA256 PRF support added.
At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.
2011-04-29 22:56:51 +00:00
Dr. Stephen Henson
08557cf22c
Initial "opaque SSL" framework. If an application defines
...
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.
The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
2011-04-29 22:37:12 +00:00
Dr. Stephen Henson
e0d1a2f80a
Always return multiple of block length bytes from default DRBG seed
...
callback.
Handle case where no multiple of the block size is in the interval
[min_len, max_len].
2011-04-23 20:05:19 +00:00
Dr. Stephen Henson
cac4fb58e0
Add PRNG security strength checking.
2011-04-23 19:55:55 +00:00
Dr. Stephen Henson
b5dd178740
Fix EVP CCM decrypt. Add decrypt support to algorithm test program.
2011-04-18 22:48:40 +00:00
Dr. Stephen Henson
2391681082
Initial untested CCM support via EVP.
2011-04-18 14:25:11 +00:00
Dr. Stephen Henson
06b7e5a0e4
Add algorithm driver for XTS mode. Fix several bugs in EVP XTS implementation.
2011-04-15 02:49:30 +00:00
Dr. Stephen Henson
ac892b7aa6
Initial incomplete POST overhaul: add support for POST callback to
...
allow status of POST to be monitored and/or failures induced.
2011-04-14 11:15:10 +00:00
Dr. Stephen Henson
32a2d8ddfe
Provisional AES XTS support.
2011-04-12 23:21:33 +00:00
Dr. Stephen Henson
d7a3ce989c
Update CHANGES.
2011-04-06 23:41:19 +00:00
Dr. Stephen Henson
05e24c87dd
Extensive reorganisation of PRNG handling in FIPS module: all calls
...
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
2011-04-05 15:24:10 +00:00
Dr. Stephen Henson
cab0595c14
Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be
...
used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.
2011-04-05 12:42:31 +00:00
Dr. Stephen Henson
96ec46f7c0
Implement health checks needed by SP800-90.
...
Fix warnings.
Instantiate DRBGs at maximum strength.
2011-03-17 16:55:24 +00:00
Ben Laurie
d4f3dd5fb6
Fix Tom Wu's email.
2011-03-16 11:28:43 +00:00
Ben Laurie
0deea0e03c
Note SRP support.
2011-03-12 17:04:07 +00:00
Dr. Stephen Henson
8857b380e2
Add ECDH to validated module.
2011-03-09 23:44:06 +00:00
Dr. Stephen Henson
11e80de3ee
New initial DH algorithm test driver.
2011-03-08 19:10:17 +00:00
Dr. Stephen Henson
591cbfae3c
Initial, provisional, subject to wholesale change, untested, probably
...
not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.
Did I say this was untested?
2011-03-04 18:00:21 +00:00
Dr. Stephen Henson
eead69f5ed
Make fipscanisteronly build only required files.
2011-02-21 14:07:15 +00:00
Dr. Stephen Henson
5d439d6955
Make -DOPENSSL_FIPSSYMS work for assembly language builds.
2011-02-17 19:03:52 +00:00
Dr. Stephen Henson
017bc57bf9
Experimental FIPS symbol renaming.
...
Fixups under fips/ to make symbol renaming work.
2011-02-16 14:49:50 +00:00
Dr. Stephen Henson
25c6542944
Add non-FIPS algorithm blocking and selftest checking.
2011-02-15 16:03:47 +00:00
Dr. Stephen Henson
fe26d066ff
Add ECDSA functionality to fips module. Initial very incomplete version
...
of algorithm test program.
2011-02-14 17:14:55 +00:00
Dr. Stephen Henson
b331016124
New option to disable characteristic two fields in EC code.
2011-02-12 17:23:32 +00:00
Dr. Stephen Henson
30b56225cc
New "fispcanisteronly" build option: only build fipscanister.o and
...
associated utilities. This functionality will be used by the validated
tarball.
2011-02-11 19:02:34 +00:00
Dr. Stephen Henson
b3d8022edd
Add GCM IV generator. Add some FIPS restrictions to GCM. Update fips_gcmtest.
2011-02-09 16:21:43 +00:00
Bodo Möller
c415adc26f
Sync with 1.0.1 branch.
...
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
2011-02-08 19:09:08 +00:00
Dr. Stephen Henson
bdaa54155c
Initial *very* experimental EVP support for AES-GCM. Note: probably very
...
broken and subject to change.
2011-02-07 18:16:33 +00:00
Dr. Stephen Henson
d45087c672
Use 0 not -1 (since type is size_t) for finalisation argument to do_cipher:
...
the NULL value for the input buffer is sufficient to notice this case.
2011-02-07 18:04:27 +00:00
Dr. Stephen Henson
3da0ca796c
New flags EVP_CIPH_FLAG_CUSTOM_CIPHER in cipher structures if an underlying
...
cipher handles all cipher symantics itself.
2011-02-07 14:36:08 +00:00
Bodo Möller
9bda745876
fix omissions
2011-02-03 11:13:29 +00:00
Bodo Möller
88f2a4cf9c
CVE-2010-4180 fix (from OpenSSL_1_0_0-stable)
2011-02-03 10:43:00 +00:00
Dr. Stephen Henson
968062b7d3
Fix escaping code for string printing. If *any* escaping is enabled we
...
must escape the escape character itself (backslash).
2011-01-03 01:31:24 +00:00
Dr. Stephen Henson
2b3936e882
avoid verification loops in trusted store when path building
2010-12-25 20:45:59 +00:00
Dr. Stephen Henson
300b1d76fe
apply J-PKAKE fix to HEAD (original by Ben)
2010-11-29 18:32:05 +00:00
Dr. Stephen Henson
f830c68f4d
add "missing" functions to copy EVP_PKEY_METHOD and examine info
2010-11-24 16:08:20 +00:00
Dr. Stephen Henson
732d31beee
bring HEAD up to date, add CVE-2010-3864 fix, update NEWS files
2010-11-16 14:18:51 +00:00
Dr. Stephen Henson
e49af2ac38
move CHANGES entry to correct place
2010-10-10 12:24:13 +00:00
Dr. Stephen Henson
5759425810
PR: 2314
...
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve
Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
2010-10-10 12:15:47 +00:00
Dr. Stephen Henson
39239280f3
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-10-03 18:58:09 +00:00
Bodo Möller
7b3a9b0099
Update version numbers
2010-08-26 18:45:45 +00:00
Bodo Möller
7c2d4fee25
For better forward-security support, add functions
...
SSL_[CTX_]set_not_resumable_session_callback.
Submitted by: Emilia Kasper (Google)
[A part of this change affecting ssl/s3_lib.c was accidentally commited
separately, together with a compilation fix for that file;
see s3_lib.c CVS revision 1.133 (http://cvs.openssl.org/chngview?cn=19855 ).]
2010-08-26 15:15:47 +00:00
Bodo Möller
04daec862c
New 64-bit optimized implementation EC_GFp_nistp224_method().
...
This will only be compiled in if explicitly requested
(#ifdef EC_NISTP224_64_GCC_128).
Submitted by: Emilia Kasper (Google)
2010-08-26 14:29:55 +00:00
Dr. Stephen Henson
44959ee456
PR: 1833
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Support for abbreviated handshakes when renegotiating.
2010-08-26 14:23:52 +00:00
Bodo Möller
c94f7f657b
ECC library bugfixes.
...
Submitted by: Emilia Kasper (Google)
2010-08-26 12:11:01 +00:00
Bodo Möller
173350bcca
Harmonize with OpenSSL_1_0_1-stable version of CHANGES.
2010-08-26 11:22:33 +00:00
Ben Laurie
ee2ffc2794
Add Next Protocol Negotiation.
2010-07-28 10:06:55 +00:00
Dr. Stephen Henson
eb1c48be6f
Add new type ossl_ssize_t instead of ssize_t and move definitions to
...
e_os2.h, this should fix WIN32 compilation issues and hopefully avoid
conflicts with other headers which may workaround ssize_t in different ways.
2010-07-26 18:15:59 +00:00
Dr. Stephen Henson
223c59eae5
Fix WIN32 build system to correctly link ENGINE DLLs contained in a
...
directory: currently the GOST ENGINE is the only case.
2010-07-24 17:52:43 +00:00
Dr. Stephen Henson
7bbd0de88d
Add call to ENGINE_register_all_complete() to ENGINE_load_builtin_engines(),
...
this means that some implementations will be used automatically, e.g. aesni,
we do this for cryptodev anyway.
Setup cpuid in ENGINE_load_builtin_engines() too as some ENGINEs use it.
2010-07-21 16:14:48 +00:00
Dr. Stephen Henson
f96ccf36ff
PR: 1830
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson
Support for RFC5705 key extractor.
2010-07-18 17:43:18 +00:00
Dr. Stephen Henson
b9e7793dd7
oops, revert wrong patch..
2010-07-18 17:43:01 +00:00
Dr. Stephen Henson
d135da5192
Fix warnings (From HEAD, original patch by Ben).
2010-07-18 16:52:47 +00:00
Dr. Stephen Henson
3cbb15ee81
add CVE-2010-0742 and CVS-2010-1633 fixes
2010-06-01 14:39:01 +00:00
Andy Polyakov
3efe51a407
Revert previous Linux-specific/centric commit#19629. If it really has to
...
be done, it's definitely not the way to do it. So far answer to the
question was to ./config -Wa,--noexecstack (adopted by RedHat).
2010-05-05 22:05:39 +00:00
Ben Laurie
0e3ef596e5
Non-executable stack in asm.
2010-05-05 15:50:13 +00:00
Dr. Stephen Henson
1bf508c9cf
new function to diff tm structures
2010-04-15 13:25:26 +00:00
Dr. Stephen Henson
c0b8eb606f
Add SHA2 algorithms to SSL_library_init(). Although these aren't used
...
directly by SSL/TLS SHA2 certificates are becoming more common and
applications that only call SSL_library_init() and not
OpenSSL_add_all_alrgorithms() will fail when verifying certificates.
Update docs.
2010-04-07 13:18:07 +00:00
Bodo Möller
3e8b6485b3
Fix for "Record of death" vulnerability CVE-2010-0740.
...
Also, add missing CHANGES entry for CVE-2009-3245 (code changes submitted to this branch on 23 Feb 2010),
and further harmonize this version of CHANGES with the versions in the current branches.
2010-03-25 11:25:30 +00:00
Dr. Stephen Henson
be449448dc
update CHANGES
2010-03-14 12:55:15 +00:00
Dr. Stephen Henson
4c623cddbe
add -sigopt option to ca utility
2010-03-14 12:54:45 +00:00
Mark J. Cox
fb75f349b7
This entry was in 0.9.8m changelog but missing from here, since it's
...
security relevent we'd better list it.
2010-03-12 08:36:44 +00:00
Dr. Stephen Henson
f26cf9957f
typo
2010-03-11 14:19:46 +00:00
Dr. Stephen Henson
17c63d1cca
RSA PSS ASN1 signing method
2010-03-11 14:06:46 +00:00
Dr. Stephen Henson
85522a074c
Algorithm specific ASN1 signing functions.
2010-03-11 13:32:38 +00:00
Dr. Stephen Henson
31904ecdf3
RSA PSS verification support including certificates and certificate
...
requests. Add new ASN1 signature initialisation function to handle this
case.
2010-03-08 18:10:35 +00:00
Dr. Stephen Henson
ff04bbe363
Add PSS algorithm printing. This is an initial step towards full PSS support.
...
Uses ASN1 module in Martin Kaiser's PSS patch.
2010-03-06 19:55:25 +00:00
Dr. Stephen Henson
fa1ba589f3
Add algorithm specific signature printing. An individual ASN1 method can
...
now print out signatures instead of the standard hex dump.
More complex signatures (e.g. PSS) can print out more meaningful information.
Sample DSA version included that prints out the signature parameters r, s.
[Note EVP_PKEY_ASN1_METHOD is an application opaque structure so adding
new fields in the middle has no compatibility issues]
2010-03-06 18:05:05 +00:00
Dr. Stephen Henson
cca1cd9a34
Submitted by: Tomas Hoger <thoger@redhat.com>
...
Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
2010-03-03 15:41:18 +00:00
Dr. Stephen Henson
0f776277bc
oops, use correct date
2010-02-26 12:13:36 +00:00
Dr. Stephen Henson
db28aa86e0
add -trusted_first option and verify flag
2010-02-25 12:21:48 +00:00
Dr. Stephen Henson
fbd2164044
Experimental support for partial chain verification: if an intermediate
...
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
2010-02-25 00:17:22 +00:00
Bodo Möller
a839755329
Fix X509_STORE locking
2010-02-19 18:27:07 +00:00
Dr. Stephen Henson
c2c49969e2
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
...
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:38:31 +00:00
Dr. Stephen Henson
47e0a1c335
PR: 2100
...
Submitted by: James Baker <jbaker@tableausoftware.com> et al.
Workaround for slow Heap32Next on some versions of Windows.
2010-02-17 14:32:41 +00:00
Dr. Stephen Henson
f959598866
update references to new RI RFC
2010-02-12 21:59:31 +00:00
Dr. Stephen Henson
c8ef656df2
Make CMAC API similar to HMAC API. Add methods for CMAC.
2010-02-08 15:31:35 +00:00
Dr. Stephen Henson
8c968e0355
Initial experimental CMAC implementation.
2010-02-07 18:01:07 +00:00
Dr. Stephen Henson
c2bf720842
Add missing function EVP_CIPHER_CTX_copy(). Current code uses memcpy() to copy
...
an EVP_CIPHER_CTX structure which may have problems with external ENGINEs
who need to duplicate internal handles etc.
2010-02-07 13:39:39 +00:00
Dr. Stephen Henson
da454e4c67
typo
2010-01-29 00:09:33 +00:00
Dr. Stephen Henson
08c239701b
Experimental renegotiation support in s_server test -www server.
2010-01-28 19:48:36 +00:00
Dr. Stephen Henson
4ba1aa393b
typo
2010-01-27 14:05:39 +00:00
Dr. Stephen Henson
d5e7f2f2c3
PR: 1949
...
Submitted by: steve@openssl.org
More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
2010-01-26 19:47:37 +00:00
Dr. Stephen Henson
58c0da84dd
Typo
2010-01-26 12:30:00 +00:00
Dr. Stephen Henson
ba64ae6cd1
Tolerate PKCS#8 DSA format with negative private key.
2010-01-22 20:17:12 +00:00
Dr. Stephen Henson
bd5f21a4ae
Fix version handling so it can cope with a major version >3.
...
Although it will be many years before TLS v2.0 or later appears old versions
of servers have a habit of hanging around for a considerable time so best
if we handle this properly now.
2010-01-13 19:08:02 +00:00
Dr. Stephen Henson
1b31b5ad56
Modify compression code so it avoids using ex_data free functions. This
...
stops applications that call CRYPTO_free_all_ex_data() prematurely leaking
memory.
2010-01-13 18:57:40 +00:00
Dr. Stephen Henson
0e0c6821fa
PR: 2136
...
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>
Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
2010-01-12 17:29:34 +00:00
Dr. Stephen Henson
76998a71bc
Updates to conform with draft-ietf-tls-renegotiation-03.txt:
...
1. Add provisional SCSV value.
2. Don't send SCSV and RI at same time.
3. Fatal error is SCSV received when renegotiating.
2010-01-06 17:37:09 +00:00
Dr. Stephen Henson
e6f418bcb7
Compression handling on session resume was badly broken: it always
...
used compression algorithms in client hello (a legacy from when
the compression algorithm wasn't serialized with SSL_SESSION).
2009-12-31 14:13:30 +00:00
Dr. Stephen Henson
5e63121758
Include CHANGES entry for external cache
2009-12-31 13:58:57 +00:00
Bodo Möller
7427379e9b
Constify crypto/cast.
2009-12-22 10:58:33 +00:00
Dr. Stephen Henson
ef51b4b9b4
New option to enable/disable connection to unpatched servers
2009-12-16 20:25:59 +00:00
Dr. Stephen Henson
7661ccadf0
Add ctrls to clear options and mode.
...
Change RI ctrl so it doesn't clash.
2009-12-09 13:25:16 +00:00
Dr. Stephen Henson
82e610e2cf
Send no_renegotiation alert as required by spec.
2009-12-08 19:06:26 +00:00
Dr. Stephen Henson
5430200b8b
Add ctrl and macro so we can determine if peer support secure renegotiation.
2009-12-08 13:42:08 +00:00
Dr. Stephen Henson
13f6d57b1e
Add support for magic cipher suite value (MCSV). Make secure renegotiation
...
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:14:03 +00:00
Dr. Stephen Henson
637f374ad4
Initial experimental TLSv1.1 support
2009-12-07 13:31:02 +00:00
Dr. Stephen Henson
9d9530255b
Update CHANGES.
2009-12-02 15:28:27 +00:00
Dr. Stephen Henson
d2a53c2238
Experimental CMS password based recipient Info support.
2009-11-26 18:57:39 +00:00
Bodo Möller
480af99ef4
Make CHANGES in CVS head consistent with the CHANGES files in the
...
branches.
This means that http://www.openssl.org/news/changelog.html will
finally describe 0.9.8l.
2009-11-26 18:43:17 +00:00
Dr. Stephen Henson
3d63b3966f
Split PBES2 into cipher and PBKDF2 versions. This tidies the code somewhat
...
and is a pre-requisite to adding password based CMS support.
2009-11-25 22:01:06 +00:00
Dr. Stephen Henson
e0e7997212
First cut of renegotiation extension. (port to HEAD)
2009-11-09 19:03:34 +00:00
Dr. Stephen Henson
befbd0619b
update CHANGES
2009-11-09 17:33:32 +00:00
Dr. Stephen Henson
245d2ee3d0
Add option to allow in-band CRL loading in verify utility. Add function
...
load_crls and tidy up load_certs. Remove useless purpose variable from
verify utility: now done with args_verify.
2009-10-31 13:33:57 +00:00
Dr. Stephen Henson
bb4060c5b5
Move CHANGES entry to 0.9.8l section
2009-10-30 13:29:30 +00:00
Dr. Stephen Henson
661dc1431f
Fix statless session resumption so it can coexist with SNI
2009-10-30 13:22:24 +00:00
Dr. Stephen Henson
18e503f30f
PR: 2064, 728
...
Submitted by: steve@openssl.org
Add support for custom headers in OCSP requests.
2009-09-30 21:40:55 +00:00
Dr. Stephen Henson
b6dcdbfc94
Audit libcrypto for unchecked return values: fix all cases enountered
2009-09-23 23:43:49 +00:00
Dr. Stephen Henson
acf20c7dbd
Add attribute to check if return value of certain functions is incorrectly
...
ignored.
2009-09-23 16:27:10 +00:00
Dr. Stephen Henson
a25f33d28a
Submitted by: Julia Lawall <julia@diku.dk>
...
The functions ENGINE_ctrl(), OPENSSL_isservice(), EVP_PKEY_sign(),
CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error fix
so the return code is checked correctly.
2009-09-13 11:29:29 +00:00
Dr. Stephen Henson
0c28f277d1
Add new option --strict-warnings to Configure script. This is used to add
...
in devteam warnings into other configurations.
2009-09-09 16:31:32 +00:00
Dr. Stephen Henson
1771668096
Tidy up and fix verify callbacks to avoid structure dereference, use of
...
obsolete functions and enhance to handle new conditions such as policy printing.
2009-09-02 12:47:28 +00:00
Dr. Stephen Henson
6727565a84
PR: 2003
...
Make it possible to install OpenSSL in directories with name other
than "lib" for example "lib64". Based on patch from Jeremy Utley.
2009-08-10 14:48:40 +00:00
Dr. Stephen Henson
d9d0f1b52c
Reject leading 0x80 in OID subidentifiers.
2009-08-06 16:32:54 +00:00
Dr. Stephen Henson
0e4bc56347
Document MD2 deprecation.
2009-07-13 11:58:05 +00:00
Dr. Stephen Henson
9de014a7f8
Update from 0.9.8-stable
2009-06-30 22:27:33 +00:00
Dr. Stephen Henson
d2f6d28298
Update from 0.9.8-stable.
2009-06-28 16:24:37 +00:00
Dr. Stephen Henson
f3be6c7b7d
Update from 1.0.0-stable.
2009-06-26 11:29:26 +00:00
Dr. Stephen Henson
e30dd20c0e
Update from 1.0.0-stable
2009-06-25 11:29:30 +00:00
Dr. Stephen Henson
c05353c50a
Rename asc2uni and uni2asc functions to avoid clashes.
2009-06-17 12:04:56 +00:00
Dr. Stephen Henson
31db43df08
Update from 0.9.8-stable.
2009-06-15 15:01:00 +00:00
Dr. Stephen Henson
d741ccadb5
Oops, update CHANGES entry.
2009-05-31 17:13:55 +00:00
Dr. Stephen Henson
d0b72cf45b
Add CHANGES entries from 0.9.8-stable.
2009-05-18 17:37:33 +00:00
Dr. Stephen Henson
5f8f94a661
Update from 1.0.0-stable.
2009-04-28 22:10:54 +00:00
Dr. Stephen Henson
e5fa864f62
Updates from 1.0.0-stable.
2009-04-15 15:27:03 +00:00
Dr. Stephen Henson
22c98d4aad
Update from 1.0.0-stable
2009-04-08 16:16:35 +00:00
Dr. Stephen Henson
cc7399e79c
Changes from 1.0.0-stable.
2009-04-07 16:33:26 +00:00
Dr. Stephen Henson
14023fe352
Merge from 1.0.0-stable branch.
2009-04-03 11:45:19 +00:00
Dr. Stephen Henson
aaf35f11d7
Allow use of algorithm and cipher names for dgsts and enc utilities instead
...
of having to manually include each one.
2009-03-30 11:31:50 +00:00
Dr. Stephen Henson
77ea8c3002
Fix typo in CHANGES.
2009-03-25 22:21:12 +00:00
Dr. Stephen Henson
ddcfc25a6d
Update from stable branch.
2009-03-25 19:02:22 +00:00
Dr. Stephen Henson
4d7b7c62c3
Update CHANGES.
2009-03-25 12:57:50 +00:00
Dr. Stephen Henson
73ba116e96
Update from stable branch.
2009-03-25 12:54:14 +00:00
Dr. Stephen Henson
80b2ff978d
Update from stable branch.
2009-03-25 12:53:50 +00:00
Dr. Stephen Henson
7ce8c95d58
Update from stable branch.
2009-03-25 12:53:26 +00:00
Dr. Stephen Henson
b6af2c7e3e
Submitted by: "Victor B. Wagner" <vitus@cryptocom.ru>
...
Reviewed by: steve@openssl.org
Update ccgost engine to support parameter files.
2009-03-17 15:38:34 +00:00
Dr. Stephen Henson
237d7b6cae
Fix from stable branch.
2009-03-15 13:37:34 +00:00
Dr. Stephen Henson
854a225a27
Update from stable branch.
2009-03-14 18:33:49 +00:00
Dr. Stephen Henson
33ab2e31f3
PR: 1854
...
Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org
Support GeneralizedTime in ca utility.
2009-03-09 13:59:07 +00:00
Dr. Stephen Henson
77202a85a0
Update from stable branch.
2009-03-07 17:00:23 +00:00
Bodo Möller
7ca1cfbac3
-hex option for openssl rand
...
PR: 1831
Submitted by: Damien Miller
2009-02-02 00:01:28 +00:00
Dr. Stephen Henson
57f39cc826
Print out UTF8 and NumericString types in ASN1 parsing utility.
2009-01-28 12:54:52 +00:00
Dr. Stephen Henson
6489573224
Update from stable branch.
2009-01-28 12:36:14 +00:00
Ben Laurie
7f62532030
Allow CC to be overridden.
2009-01-18 12:06:37 +00:00
Dr. Stephen Henson
c2c99e2860
Update certificate hash line format to handle canonical format
...
and avoid MD5 dependency.
2009-01-15 13:22:39 +00:00
Dr. Stephen Henson
8125d9f99c
Make PKCS#8 the standard write format for private keys, replacing the
...
ancient SSLeay format.
2009-01-15 12:52:38 +00:00
Dr. Stephen Henson
363bd0b48e
Add a set of standard gcc warning options which are designed to be the
...
minimum requirement for committed code. Added to debug-steve* config targets
for now.
2009-01-11 15:56:32 +00:00
Ben Laurie
60aee6ce15
Add missing entry.
2009-01-09 12:48:02 +00:00
Dr. Stephen Henson
bab534057b
Updatde from stable branch.
2009-01-07 23:44:27 +00:00
Bodo Möller
7a76219774
Implement Configure option pattern "experimental-foo"
...
(specifically, "experimental-jpake").
2008-12-02 01:21:39 +00:00
Dr. Stephen Henson
79bd20fd17
Update from stable-branch.
2008-11-24 17:27:08 +00:00
Geoff Thorpe
31636a3ed1
Allow the CHIL engine to load even if dynamic locks aren't registered.
...
Submitted by: Sander Temme
2008-11-19 14:21:27 +00:00
Dr. Stephen Henson
12bf56c017
PR: 1574
...
Submitted by: Jouni Malinen <j@w1.fi>
Approved by: steve@openssl.org
Ticket override support for EAP-FAST.
2008-11-15 17:18:12 +00:00
Dr. Stephen Henson
ed551cddf7
Update from stable branch.
2008-11-12 17:28:18 +00:00
Dr. Stephen Henson
87d52468aa
Update HMAC functions to return an error where relevant.
2008-11-02 16:00:39 +00:00
Ben Laurie
6caa4edd3e
Add JPAKE.
2008-10-26 18:40:52 +00:00
Ben Laurie
28b6d5020e
Set comparison function in v3_add_canonize().
2008-10-14 19:27:07 +00:00
Ben Laurie
d5bbead449
Add XMPP STARTTLS support.
2008-10-14 19:11:26 +00:00
Ben Laurie
1ea6472e60
Type-safe OBJ_bsearch_ex.
2008-10-14 08:10:52 +00:00
Ben Laurie
babb379849
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
Dr. Stephen Henson
87d3a0cd90
Experimental new date handling routines. These fix issues with X509_time_adj()
...
and should avoid any OS date limitations such as the year 2038 bug.
2008-10-07 22:55:27 +00:00
Bodo Möller
837f2fc7a4
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
...
enable disabled ciphersuites.
2008-09-22 21:22:47 +00:00
Bodo Möller
1a489c9af1
From branch OpenSSL_0_9_8-stable: Allow soft-loading engines.
...
Also, fix CHANGES (consistency with stable branch).
2008-09-15 20:41:24 +00:00
Dr. Stephen Henson
8c864e5466
Add missing CHANGES entry.
2008-09-15 20:30:58 +00:00
Bodo Möller
e65bcbcef0
Fix SSL state transitions.
...
Submitted by: Nagendra Modadugu
2008-09-14 14:02:07 +00:00