| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Change-Id: I66af794c840748f1ab69486fbf344aceab0f8202
|
| |
|
|
|
|
|
|
| |
CVE-2015-0288
PR#3708
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9)
|
| |
|
|
|
|
|
|
| |
Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
CVE-2015-0209
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
| |
|
|
|
|
|
|
|
| |
This patch resolves RT ticket #2608.
Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.
This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.
Correcting all low-level API calls requires further work.
CVE-2015-0289
Thanks to Michal Zalewski (Google) for reporting this issue.
Reviewed-by: Steve Henson <steve@openssl.org>
|
| |
|
|
|
|
|
| |
CVE-2015-0287
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
|
| |
|
|
|
|
|
|
|
|
| |
Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.
CVE-2015-0286
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
| |
Reported by the LibreSSL project as a follow on to CVE-2015-0209
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
|
|
|
|
| |
Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.
CVE-2015-1789
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| |
|
|
|
|
| |
CVE-2015-1790
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| |
|
|
|
|
|
| |
CVE-2015-1788
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 4924b37ee01f71ae19c94a8934b80eeb2f677932)
|
| |
|
|
|
| |
PR#3286
(cherry picked from commit 71e95000afb2227fe5cac1c79ae884338bcd8d0b)
|
| |
|
|
|
|
|
|
|
| |
Breaks build on Replicant 4.2
Needs to be reverted again when Replicant moves to 4.4!
This reverts commit 32e8f93ccd0aad87b5570b88f3ce5f1ea7530be3.
Change-Id: Ied814982f2d33f7c9bd54e34a176fe8fcaac33c7
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cherry picked from OpenSSL git:
Only allow ephemeral RSA keys in export ciphersuites.
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.
Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6)
Conflicts:
CHANGES
doc/ssl/SSL_CTX_set_options.pod
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
ssl/s3_srvr.c
Change-Id: Iabd93ba630717b0920af35a638ef2a21dd87accd
Conflicts:
ssl/s3_srvr.c
Change-Id: Ia2a2ec60d89b45bbe68aa8ab31625dc71c11ebcc
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Includes changes to openssl.config not present in the original
commit.
Bug: 17750026
(cherry-picked from commit 9a68a8fb86e7440763286e3ea8578099abd598e7)
Change-Id: I89ed89b87b4f4eeeddb6de0c6ad1d48cb6d0ee7b
|
| | |\
| | |
| | |
| | |
| | |
| | | |
Android 4.4.4 Release 1
Change-Id: Ic9cc24af8c3b38bca4d44235245888a4761e144e
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
SSL/TLS MITM vulnerability (CVE-2014-0224)
Bug: 15442813
Change-Id: Ie52e8866fc9378d62f1d1fa6eb38b9423c138d64
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Fixed by adding consistency check for DTLS fragments.
Thanks to Jüri Aedla for reporting this issue.
(cherry picked from commit 1632ef744872edc2aa2a53d487d3e79c965a4ad3)
Change-Id: Ie0b8939a71a6772616822df643f2168954b991ad
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Only accept change cipher spec when it is expected instead of at any
time. This prevents premature setting of session keys before the master
secret is determined which an attacker could use as a MITM attack.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue
and providing the initial fix this patch is based on.
(cherry picked from commit bc8923b1ec9c467755cd86f7848c50ee8812e441)
Conflicts:
ssl/s3_srvr.c
Change-Id: I259216c5859b8c3a21bf9cf345d465a7ec905ce7
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Return a fatal error if an attempt is made to use a zero length
master secret.
(cherry picked from commit 006cd7083f76ed5cb0d9a914857e9231ef1bc317)
Change-Id: Ib8febeb063915563b86cee741bfea0125248abbd
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Unnecessary recursion when receiving a DTLS hello request can be used to
crash a DTLS client. Fixed by handling DTLS hello request without recursion.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
(cherry picked from commit d3152655d5319ce883c8e3ac4b99f8de4c59d846)
Change-Id: I88ea85e2f3e166bc9eba1fef2127e1e0bb8c13c2
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Check session_cert is not NULL before dereferencing it.
(cherry picked from commit 8011cd56e39a433b1837465259a9bd24a38727fb)
Change-Id: If19c9037d3fb086bb913704e5e440ec7bc6e1e22
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix (CVE-2014-0160)
Change-Id: I177a2d47857a6747d9462f868e4292ff347d6f82
|
| | |\ \
| | |/
| | |
| | | |
Android 4.4 Release 1.0
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Android has a custom certificate chain patch that didn't check whether
the cert_chain was already set when setting the new chain. This results
in a leak of all the X509 instances in the stack of certificates.
Bug: 10610037
Change-Id: I62433671ef18b06cafa5ec18e7b2e6190ce4504d
|
| | | |\
| | | |
| | | |
| | | |
| | | | |
* commit 'b0a80d3cc10bc3783bb3cb26cebbd343e8710408':
Fix typo in OPENSSL_DIR_ORIG variable name.
|
| | | | |\ |
|
| | | | |/
| | | |
| | | |
| | | | |
Change-Id: I7d8b77d77979f69cbb5e63f1fcab802e9dcccfe0
|
| | | |\ \
| | | |/
| | | |
| | | |
| | | |
| | | | |
* commit '0613b7a7a289f883d9d1f7465fea8d024a82a55b':
Add ALPN support patch
Add TLS 1.2 digests patch
|
| | | | |\
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* commit '7b972f1aa23172c4430ada7f3236fa1fd9b31756':
Add ALPN support patch
Add TLS 1.2 digests patch
|
| | | | | |\
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* changes:
Add ALPN support patch
Add TLS 1.2 digests patch
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.
[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
Patch from Adam Langley <agl@chromium.org>
Change-Id: I556b1ee877f398ae8b7f1d4abbaddc44611e5f51
|
| | | | | |/
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA
keys.
Patch from Adam Langley <agl@chromium.org>
Change-Id: I11b74472c0df16eca8de3aa36413686603814243
|
| | | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit 6caea2d2fbc53be14f7eff513c97dd25ebd0396d.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I1fc78fe80a1b54e8fc1fc10be627e6e28e09f8e8
|
| | | |\ \ \
| | | |/ /
| | | | |
| | | | |
| | | | | |
* commit 'd1175680fa9036ea776aaa4134b337e4c57c5b79':
Don't use clang for unbundled build target
|
| | | | |\ \
| | | | |/
| | | | |
| | | | |
| | | | | |
* commit 'a417d05adc329e0cda1768aed67f207bc4168998':
Don't use clang for unbundled build target
|
| | | | | |\ |
|
| | | | | |/
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Clang is not in the NDK, so don't try to use it for unbundled builds.
When clang is in the NDK, we can revert this change.
Change-Id: I8afbdee24673c4af7021703b0cece2e2139d2d35
|
| | | |\ \ \
| | | |/ /
| | | | |
| | | | |
| | | | | |
* commit '0306b8084ff855932f3bde69401bf1bbe3241b94':
Remove clang as compiler for static versions
|
| | | | |\ \
| | | | |/
| | | | |
| | | | |
| | | | | |
* commit '4768d150edb4ad27fb32161acd071356600d8d49':
Remove clang as compiler for static versions
|
| | | | | |\ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
There appears to be a problem with the way openssl is built for static
libraries and clang currently. Revert that until it works.
Change-Id: I2650ecbfbfa2efd23a77a455f40dc05a27802cde
|
| | | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
There appears to be a problem with the way openssl is built for static
libraries and clang currently. Revert that until it works.
(cherry picked from commit f264be4610fd389595966f888df2f7eb41122706)
Change-Id: I2650ecbfbfa2efd23a77a455f40dc05a27802cde
|
| | | |\ \ \
| | | |/ /
| | | | |
| | | | |
| | | | | |
* commit '1cd04072fc7c86297474402859cf13c08c40d578':
Switch compiler to clang
|
| | | | |\ \
| | | | |/ |
|
| | | | |/
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Clang now is performant enough to use instead of GCC. We can later
switch on ftrapv to better deal with potential problems. Clang was
having problems with BN multiply operations, but it appears to not
affect RSA speeds anymore.
gcc:
openssl speed -elapsed rsa
sign verify sign/s verify/s
rsa 512 bits 0.000759s 0.000073s 1317.5 13621.0
rsa 1024 bits 0.004109s 0.000234s 243.4 4276.1
rsa 2048 bits 0.027652s 0.000842s 36.2 1188.3
rsa 4096 bits 0.198824s 0.003204s 5.0 312.1
clang:
openssl speed -elapsed rsa
sign verify sign/s verify/s
rsa 512 bits 0.000784s 0.000074s 1274.9 13522.6
rsa 1024 bits 0.004132s 0.000235s 242.0 4256.9
rsa 2048 bits 0.027680s 0.000851s 36.1 1175.5
rsa 4096 bits 0.198824s 0.003245s 5.0 308.2
Change-Id: Iadad4739cf925a552158463047bdf1e19f9d0e83
|
| | | |\ \
| | | |/
| | | |
| | | |
| | | | |
* commit '7f01ddce5984e5555cb3315289af0d18530d9c3b':
Give unique name to host build shared libraries
|
| | | | |\ |
|
