Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssl/dist merge for openssl 1.0.2j
details: https://anonhg.NetBSD.org/src/rev/24ce22195ef4
branches: trunk
changeset: 348311:24ce22195ef4
user: spz <spz%NetBSD.org@localhost>
date: Fri Oct 14 16:23:17 2016 +0000
description:
merge for openssl 1.0.2j
diffstat:
crypto/external/bsd/openssl/dist/CHANGES | 682 ++-
crypto/external/bsd/openssl/dist/Configure | 241 +-
crypto/external/bsd/openssl/dist/Makefile | 53 +-
crypto/external/bsd/openssl/dist/NEWS | 54 +-
crypto/external/bsd/openssl/dist/README | 2 +-
crypto/external/bsd/openssl/dist/apps/CA.pl | 3 +-
crypto/external/bsd/openssl/dist/apps/ca.c | 45 +-
crypto/external/bsd/openssl/dist/apps/makeapps.com | 4 +-
crypto/external/bsd/openssl/dist/apps/ocsp.c | 96 +-
crypto/external/bsd/openssl/dist/apps/openssl.cnf | 2 +-
crypto/external/bsd/openssl/dist/apps/s_client.c | 450 +-
crypto/external/bsd/openssl/dist/apps/s_server.c | 888 ++-
crypto/external/bsd/openssl/dist/apps/speed.c | 133 +
crypto/external/bsd/openssl/dist/crypto/Makefile | 8 +-
crypto/external/bsd/openssl/dist/crypto/aes/Makefile | 20 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-x86_64.pl | 256 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl | 1143 +++-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-x86_64.pl | 2995 ++++++---
crypto/external/bsd/openssl/dist/crypto/armcap.c | 97 +-
crypto/external/bsd/openssl/dist/crypto/asn1/a_set.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/asn1/a_strex.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h | 4 +-
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_mac.h | 64 +-
crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/asn1/asn_pack.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c | 22 +-
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_enc.c | 26 +-
crypto/external/bsd/openssl/dist/crypto/asn1/x_x509.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/bio/b_sock.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/bio/bio.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/bn/asm/mips3.s | 2201 +++++++
crypto/external/bsd/openssl/dist/crypto/bn/asm/modexp512-x86_64.pl | 1497 ----
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gcc.c | 110 +-
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gf2m.pl | 2 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn.h | 20 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c | 318 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_lcl.h | 27 +
crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/bn/bntest.c | 29 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_pwri.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/comp/c_zlib.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/cryptlib.c | 41 +-
crypto/external/bsd/openssl/dist/crypto/cryptlib.h | 4 +-
crypto/external/bsd/openssl/dist/crypto/crypto-lib.com | 30 +-
crypto/external/bsd/openssl/dist/crypto/crypto.h | 6 +-
crypto/external/bsd/openssl/dist/crypto/cversion.c | 4 +
crypto/external/bsd/openssl/dist/crypto/des/des.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/des/read_pwd.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/dh/dh.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/dh/dh_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/dh/dhtest.c | 402 +
crypto/external/bsd/openssl/dist/crypto/dsa/dsa.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_ameth.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec.h | 97 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec2_smpl.c | 1 +
crypto/external/bsd/openssl/dist/crypto/ec/ec_ameth.c | 372 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_key.c | 12 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_lcl.h | 10 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_lib.c | 24 +-
crypto/external/bsd/openssl/dist/crypto/ec/ectest.c | 9 +
crypto/external/bsd/openssl/dist/crypto/ecdh/ecdh.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/ecdh/ech_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/ecdsa/ecdsa.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/engine/Makefile | 18 +-
crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c | 3 -
crypto/external/bsd/openssl/dist/crypto/engine/eng_cryptodev.c | 99 +-
crypto/external/bsd/openssl/dist/crypto/engine/eng_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/engine/eng_rsax.c | 701 --
crypto/external/bsd/openssl/dist/crypto/engine/engine.h | 3 +-
crypto/external/bsd/openssl/dist/crypto/err/openssl.ec | 3 +-
crypto/external/bsd/openssl/dist/crypto/evp/Makefile | 51 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c | 968 ++-
crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c | 17 +-
crypto/external/bsd/openssl/dist/crypto/evp/evp_fips.c | 310 -
crypto/external/bsd/openssl/dist/crypto/evp/evp_test.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c | 28 +-
crypto/external/bsd/openssl/dist/crypto/evp/openbsd_hw.c | 22 +
crypto/external/bsd/openssl/dist/crypto/ex_data.c | 20 +-
crypto/external/bsd/openssl/dist/crypto/hmac/hmac.c | 12 +-
crypto/external/bsd/openssl/dist/crypto/hmac/hmactest.c | 3 +
crypto/external/bsd/openssl/dist/crypto/install-crypto.com | 5 +-
crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/md32_common.h | 48 +-
crypto/external/bsd/openssl/dist/crypto/md5/md5_locl.h | 2 +
crypto/external/bsd/openssl/dist/crypto/mem.c | 58 +-
crypto/external/bsd/openssl/dist/crypto/mem_clr.c | 24 +-
crypto/external/bsd/openssl/dist/crypto/modes/gcm128.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/modes/modes.h | 10 +
crypto/external/bsd/openssl/dist/crypto/objects/o_names.c | 21 +-
crypto/external/bsd/openssl/dist/crypto/objects/objects.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/opensslconf.h | 12 +
crypto/external/bsd/openssl/dist/crypto/opensslv.h | 6 +-
crypto/external/bsd/openssl/dist/crypto/ossl_typ.h | 4 +
crypto/external/bsd/openssl/dist/crypto/perlasm/x86gas.pl | 13 +-
crypto/external/bsd/openssl/dist/crypto/pkcs12/p12_decr.c | 12 +-
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/ppccap.c | 60 +-
crypto/external/bsd/openssl/dist/crypto/ppccpuid.pl | 22 +-
crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/rand/randfile.c | 53 +-
crypto/external/bsd/openssl/dist/crypto/rc4/Makefile | 4 +-
crypto/external/bsd/openssl/dist/crypto/rc4/asm/rc4-x86_64.pl | 8 +-
crypto/external/bsd/openssl/dist/crypto/rc5/rc5_locl.h | 5 +-
crypto/external/bsd/openssl/dist/crypto/rsa/Makefile | 15 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa.h | 60 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_err.c | 18 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c | 110 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_sign.c | 15 +-
crypto/external/bsd/openssl/dist/crypto/sha/asm/sha1-x86_64.pl | 1239 +++-
crypto/external/bsd/openssl/dist/crypto/sha/sha256.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/sparccpuid.S | 129 +
crypto/external/bsd/openssl/dist/crypto/stack/safestack.h | 546 +-
crypto/external/bsd/openssl/dist/crypto/stack/stack.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/store/store.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/store/str_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/ui/ui.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c | 557 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.h | 2 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c | 6 +
crypto/external/bsd/openssl/dist/crypto/x86_64cpuid.pl | 29 +-
crypto/external/bsd/openssl/dist/doc/apps/genpkey.pod | 13 +
crypto/external/bsd/openssl/dist/doc/crypto/BIO_s_accept.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestInit.pod | 10 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod | 2 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_EncryptInit.pod | 106 +-
crypto/external/bsd/openssl/dist/doc/crypto/SSLeay_version.pod | 74 +
crypto/external/bsd/openssl/dist/doc/crypto/d2i_PrivateKey.pod | 59 +
crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod | 41 +-
crypto/external/bsd/openssl/dist/doc/openssl_button.gif | Bin
crypto/external/bsd/openssl/dist/doc/openssl_button.html | 7 -
crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 12 +-
crypto/external/bsd/openssl/dist/doc/ssl/SSL_accept.pod | 5 +-
crypto/external/bsd/openssl/dist/doc/ssl/SSL_do_handshake.pod | 5 +-
crypto/external/bsd/openssl/dist/doc/ssl/SSL_shutdown.pod | 2 +-
crypto/external/bsd/openssl/dist/e_os.h | 11 +-
crypto/external/bsd/openssl/dist/engines/ccgost/gost2001_keyx.c | 2 +
crypto/external/bsd/openssl/dist/engines/ccgost/gost94_keyx.c | 2 +
crypto/external/bsd/openssl/dist/engines/makeengines.com | 2 +-
crypto/external/bsd/openssl/dist/makevms.com | 15 +-
crypto/external/bsd/openssl/dist/openssl.spec | 24 +-
crypto/external/bsd/openssl/dist/ssl/Makefile | 103 +-
crypto/external/bsd/openssl/dist/ssl/d1_both.c | 189 +-
crypto/external/bsd/openssl/dist/ssl/d1_enc.c | 251 -
crypto/external/bsd/openssl/dist/ssl/d1_lib.c | 135 +-
crypto/external/bsd/openssl/dist/ssl/d1_pkt.c | 233 +-
crypto/external/bsd/openssl/dist/ssl/d1_srtp.c | 3 +-
crypto/external/bsd/openssl/dist/ssl/d1_srvr.c | 914 +--
crypto/external/bsd/openssl/dist/ssl/dtls1.h | 6 +-
crypto/external/bsd/openssl/dist/ssl/s23_clnt.c | 32 +-
crypto/external/bsd/openssl/dist/ssl/s23_srvr.c | 5 +
crypto/external/bsd/openssl/dist/ssl/s2_lib.c | 5 +-
crypto/external/bsd/openssl/dist/ssl/s2_srvr.c | 12 +-
crypto/external/bsd/openssl/dist/ssl/s3_cbc.c | 4 +-
crypto/external/bsd/openssl/dist/ssl/s3_clnt.c | 509 +-
crypto/external/bsd/openssl/dist/ssl/s3_enc.c | 48 +-
crypto/external/bsd/openssl/dist/ssl/s3_lib.c | 695 +-
crypto/external/bsd/openssl/dist/ssl/s3_pkt.c | 219 +-
crypto/external/bsd/openssl/dist/ssl/s3_srvr.c | 527 +-
crypto/external/bsd/openssl/dist/ssl/srtp.h | 1 -
crypto/external/bsd/openssl/dist/ssl/ssl-lib.com | 12 +-
crypto/external/bsd/openssl/dist/ssl/ssl.h | 439 +-
crypto/external/bsd/openssl/dist/ssl/ssl3.h | 62 +-
crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c | 203 +-
crypto/external/bsd/openssl/dist/ssl/ssl_err.c | 270 +-
crypto/external/bsd/openssl/dist/ssl/ssl_lib.c | 480 +-
crypto/external/bsd/openssl/dist/ssl/ssl_locl.h | 333 +-
crypto/external/bsd/openssl/dist/ssl/ssl_sess.c | 4 +-
crypto/external/bsd/openssl/dist/ssl/ssltest.c | 726 ++-
crypto/external/bsd/openssl/dist/ssl/t1_enc.c | 69 +-
crypto/external/bsd/openssl/dist/ssl/t1_lib.c | 2363 ++++++-
crypto/external/bsd/openssl/dist/ssl/tls1.h | 41 +-
crypto/external/bsd/openssl/dist/test/Makefile | 230 +-
crypto/external/bsd/openssl/dist/test/constant_time_test.c | 304 -
crypto/external/bsd/openssl/dist/test/evp_extra_test.c | 489 -
crypto/external/bsd/openssl/dist/test/heartbeat_test.c | 472 -
crypto/external/bsd/openssl/dist/test/maketests.com | 33 +-
crypto/external/bsd/openssl/dist/test/tests.com | 43 +-
crypto/external/bsd/openssl/dist/test/testssl | 82 +
crypto/external/bsd/openssl/dist/times/090/586-100.nt | 32 -
crypto/external/bsd/openssl/dist/times/091/486-50.nt | 30 -
crypto/external/bsd/openssl/dist/times/091/586-100.lnx | 32 -
crypto/external/bsd/openssl/dist/times/091/68000.bsd | 32 -
crypto/external/bsd/openssl/dist/times/091/686-200.lnx | 32 -
crypto/external/bsd/openssl/dist/times/091/alpha064.osf | 32 -
crypto/external/bsd/openssl/dist/times/091/alpha164.lnx | 32 -
crypto/external/bsd/openssl/dist/times/091/alpha164.osf | 31 -
crypto/external/bsd/openssl/dist/times/091/mips-rel.pl | 21 -
crypto/external/bsd/openssl/dist/times/091/r10000.irx | 37 -
crypto/external/bsd/openssl/dist/times/091/r3000.ult | 32 -
crypto/external/bsd/openssl/dist/times/091/r4400.irx | 32 -
crypto/external/bsd/openssl/dist/times/100.lnx | 32 -
crypto/external/bsd/openssl/dist/times/100.nt | 29 -
crypto/external/bsd/openssl/dist/times/200.lnx | 30 -
crypto/external/bsd/openssl/dist/times/486-66.dos | 22 -
crypto/external/bsd/openssl/dist/times/486-66.nt | 22 -
crypto/external/bsd/openssl/dist/times/486-66.w31 | 23 -
crypto/external/bsd/openssl/dist/times/5.lnx | 29 -
crypto/external/bsd/openssl/dist/times/586-085i.nt | 29 -
crypto/external/bsd/openssl/dist/times/586-100.LN3 | 26 -
crypto/external/bsd/openssl/dist/times/586-100.NT2 | 26 -
crypto/external/bsd/openssl/dist/times/586-100.dos | 24 -
crypto/external/bsd/openssl/dist/times/586-100.ln4 | 26 -
crypto/external/bsd/openssl/dist/times/586-100.lnx | 23 -
crypto/external/bsd/openssl/dist/times/586-100.nt | 23 -
crypto/external/bsd/openssl/dist/times/586-100.ntx | 30 -
crypto/external/bsd/openssl/dist/times/586-100.w31 | 27 -
crypto/external/bsd/openssl/dist/times/586-1002.lnx | 26 -
crypto/external/bsd/openssl/dist/times/586p-100.lnx | 26 -
crypto/external/bsd/openssl/dist/times/686-200.bsd | 25 -
crypto/external/bsd/openssl/dist/times/686-200.lnx | 26 -
crypto/external/bsd/openssl/dist/times/686-200.nt | 24 -
crypto/external/bsd/openssl/dist/times/L1 | 27 -
crypto/external/bsd/openssl/dist/times/R10000.t | 24 -
crypto/external/bsd/openssl/dist/times/R4400.t | 26 -
crypto/external/bsd/openssl/dist/times/aix.t | 34 -
crypto/external/bsd/openssl/dist/times/aixold.t | 23 -
crypto/external/bsd/openssl/dist/times/alpha.t | 81 -
crypto/external/bsd/openssl/dist/times/alpha400.t | 25 -
crypto/external/bsd/openssl/dist/times/cyrix100.lnx | 22 -
crypto/external/bsd/openssl/dist/times/dgux-x86.t | 23 -
crypto/external/bsd/openssl/dist/times/dgux.t | 17 -
crypto/external/bsd/openssl/dist/times/hpux-acc.t | 25 -
crypto/external/bsd/openssl/dist/times/hpux-kr.t | 23 -
crypto/external/bsd/openssl/dist/times/hpux.t | 86 -
crypto/external/bsd/openssl/dist/times/p2.w95 | 22 -
crypto/external/bsd/openssl/dist/times/pent2.t | 24 -
crypto/external/bsd/openssl/dist/times/readme | 11 -
crypto/external/bsd/openssl/dist/times/s586-100.lnx | 25 -
crypto/external/bsd/openssl/dist/times/s586-100.nt | 23 -
crypto/external/bsd/openssl/dist/times/sgi.t | 29 -
crypto/external/bsd/openssl/dist/times/sparc.t | 26 -
crypto/external/bsd/openssl/dist/times/sparc2 | 21 -
crypto/external/bsd/openssl/dist/times/sparcLX.t | 22 -
crypto/external/bsd/openssl/dist/times/usparc.t | 25 -
crypto/external/bsd/openssl/dist/times/x86/bfs.cpp | 67 -
crypto/external/bsd/openssl/dist/times/x86/casts.cpp | 67 -
crypto/external/bsd/openssl/dist/times/x86/des3s.cpp | 67 -
crypto/external/bsd/openssl/dist/times/x86/dess.cpp | 67 -
crypto/external/bsd/openssl/dist/times/x86/md4s.cpp | 78 -
crypto/external/bsd/openssl/dist/times/x86/md5s.cpp | 78 -
crypto/external/bsd/openssl/dist/times/x86/rc4s.cpp | 73 -
crypto/external/bsd/openssl/dist/times/x86/sha1s.cpp | 79 -
crypto/external/bsd/openssl/dist/util/mk1mf.pl | 139 +-
crypto/external/bsd/openssl/dist/util/mkdef.pl | 9 +-
crypto/external/bsd/openssl/dist/util/ssleay.num | 61 +-
254 files changed, 19486 insertions(+), 11823 deletions(-)
diffs (truncated from 46231 to 300 lines):
diff -r 547f8e334f72 -r 24ce22195ef4 crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES Fri Oct 14 16:19:23 2016 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES Fri Oct 14 16:23:17 2016 +0000
@@ -2,7 +2,179 @@
OpenSSL CHANGES
_______________
- Changes between 1.0.1s and 1.0.1t [3 May 2016]
+ Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
+
+ *) Missing CRL sanity check
+
+ A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+ but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+ CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+
+ This issue only affects the OpenSSL 1.0.2i
+ (CVE-2016-7052)
+ [Matt Caswell]
+
+ Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
+
+ *) OCSP Status Request extension unbounded memory growth
+
+ A malicious client can send an excessively large OCSP Status Request
+ extension. If that client continually requests renegotiation, sending a
+ large OCSP Status Request extension each time, then there will be unbounded
+ memory growth on the server. This will eventually lead to a Denial Of
+ Service attack through memory exhaustion. Servers with a default
+ configuration are vulnerable even if they do not support OCSP. Builds using
+ the "no-ocsp" build time option are not affected.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-6304)
+ [Matt Caswell]
+
+ *) In order to mitigate the SWEET32 attack, the DES ciphers were moved from
+ HIGH to MEDIUM.
+
+ This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan
+ Leurent (INRIA)
+ (CVE-2016-2183)
+ [Rich Salz]
+
+ *) OOB write in MDC2_Update()
+
+ An overflow can occur in MDC2_Update() either if called directly or
+ through the EVP_DigestUpdate() function using MDC2. If an attacker
+ is able to supply very large amounts of input data after a previous
+ call to EVP_EncryptUpdate() with a partial block then a length check
+ can overflow resulting in a heap corruption.
+
+ The amount of data needed is comparable to SIZE_MAX which is impractical
+ on most platforms.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-6303)
+ [Stephen Henson]
+
+ *) Malformed SHA512 ticket DoS
+
+ If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a
+ DoS attack where a malformed ticket will result in an OOB read which will
+ ultimately crash.
+
+ The use of SHA512 in TLS session tickets is comparatively rare as it requires
+ a custom server callback and ticket lookup mechanism.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-6302)
+ [Stephen Henson]
+
+ *) OOB write in BN_bn2dec()
+
+ The function BN_bn2dec() does not check the return value of BN_div_word().
+ This can cause an OOB write if an application uses this function with an
+ overly large BIGNUM. This could be a problem if an overly large certificate
+ or CRL is printed out from an untrusted source. TLS is not affected because
+ record limits will reject an oversized certificate before it is parsed.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-2182)
+ [Stephen Henson]
+
+ *) OOB read in TS_OBJ_print_bio()
+
+ The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is
+ the total length the OID text representation would use and not the amount
+ of data written. This will result in OOB reads when large OIDs are
+ presented.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-2180)
+ [Stephen Henson]
+
+ *) Pointer arithmetic undefined behaviour
+
+ Avoid some undefined pointer arithmetic
+
+ A common idiom in the codebase is to check limits in the following manner:
+ "p + len > limit"
+
+ Where "p" points to some malloc'd data of SIZE bytes and
+ limit == p + SIZE
+
+ "len" here could be from some externally supplied data (e.g. from a TLS
+ message).
+
+ The rules of C pointer arithmetic are such that "p + len" is only well
+ defined where len <= SIZE. Therefore the above idiom is actually
+ undefined behaviour.
+
+ For example this could cause problems if some malloc implementation
+ provides an address for "p" such that "p + len" actually overflows for
+ values of len that are too big and therefore p + len < limit.
+
+ This issue was reported to OpenSSL by Guido Vranken
+ (CVE-2016-2177)
+ [Matt Caswell]
+
+ *) Constant time flag not preserved in DSA signing
+
+ Operations in the DSA signing algorithm should run in constant time in
+ order to avoid side channel attacks. A flaw in the OpenSSL DSA
+ implementation means that a non-constant time codepath is followed for
+ certain operations. This has been demonstrated through a cache-timing
+ attack to be sufficient for an attacker to recover the private DSA key.
+
+ This issue was reported by César Pereida (Aalto University), Billy Brumley
+ (Tampere University of Technology), and Yuval Yarom (The University of
+ Adelaide and NICTA).
+ (CVE-2016-2178)
+ [César Pereida]
+
+ *) DTLS buffered message DoS
+
+ In a DTLS connection where handshake messages are delivered out-of-order
+ those messages that OpenSSL is not yet ready to process will be buffered
+ for later use. Under certain circumstances, a flaw in the logic means that
+ those messages do not get removed from the buffer even though the handshake
+ has been completed. An attacker could force up to approx. 15 messages to
+ remain in the buffer when they are no longer required. These messages will
+ be cleared when the DTLS connection is closed. The default maximum size for
+ a message is 100k. Therefore the attacker could force an additional 1500k
+ to be consumed per connection. By opening many simulataneous connections an
+ attacker could cause a DoS attack through memory exhaustion.
+
+ This issue was reported to OpenSSL by Quan Luo.
+ (CVE-2016-2179)
+ [Matt Caswell]
+
+ *) DTLS replay protection DoS
+
+ A flaw in the DTLS replay attack protection mechanism means that records
+ that arrive for future epochs update the replay protection "window" before
+ the MAC for the record has been validated. This could be exploited by an
+ attacker by sending a record for the next epoch (which does not have to
+ decrypt or have a valid MAC), with a very large sequence number. This means
+ that all subsequent legitimate packets are dropped causing a denial of
+ service for a specific DTLS connection.
+
+ This issue was reported to OpenSSL by the OCAP audit team.
+ (CVE-2016-2181)
+ [Matt Caswell]
+
+ *) Certificate message OOB reads
+
+ In OpenSSL 1.0.2 and earlier some missing message length checks can result
+ in OOB reads of up to 2 bytes beyond an allocated buffer. There is a
+ theoretical DoS risk but this has not been observed in practice on common
+ platforms.
+
+ The messages affected are client certificate, client certificate request
+ and server certificate. As a result the attack can only be performed
+ against a client or a server which enables client authentication.
+
+ This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+ (CVE-2016-6306)
+ [Stephen Henson]
+
+ Changes between 1.0.2g and 1.0.2h [3 May 2016]
*) Prevent padding oracle in AES-NI CBC MAC check
@@ -99,7 +271,7 @@
methods are enabled and ssl2 is disabled the methods return NULL.
[Kurt Roeckx]
- Changes between 1.0.1r and 1.0.1s [1 Mar 2016]
+ Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
Builds that are not configured with "enable-weak-ssl-ciphers" will not
@@ -231,13 +403,37 @@
apps to use 2048 bits by default.
[Emilia Käsper]
- Changes between 1.0.1q and 1.0.1r [28 Jan 2016]
-
- *) Protection for DH small subgroup attacks
-
- As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been
- switched on by default and cannot be disabled. This could have some
- performance impact.
+ Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
+
+ *) DH small subgroups
+
+ Historically OpenSSL only ever generated DH parameters based on "safe"
+ primes. More recently (in version 1.0.2) support was provided for
+ generating X9.42 style parameter files such as those required for RFC 5114
+ support. The primes used in such files may not be "safe". Where an
+ application is using DH configured with parameters based on primes that are
+ not "safe" then an attacker could use this fact to find a peer's private
+ DH exponent. This attack requires that the attacker complete multiple
+ handshakes in which the peer uses the same private DH exponent. For example
+ this could be used to discover a TLS server's private DH exponent if it's
+ reusing the private DH exponent or it's using a static DH ciphersuite.
+
+ OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
+ TLS. It is not on by default. If the option is not set then the server
+ reuses the same private DH exponent for the life of the server process and
+ would be vulnerable to this attack. It is believed that many popular
+ applications do set this option and would therefore not be at risk.
+
+ The fix for this issue adds an additional check where a "q" parameter is
+ available (as is the case in X9.42 based parameters). This detects the
+ only known attack, and is the only possible defense for static DH
+ ciphersuites. This could have some performance impact.
+
+ Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
+ default and cannot be disabled. This could have some performance impact.
+
+ This issue was reported to OpenSSL by Antonio Sanso (Adobe).
+ (CVE-2016-0701)
[Matt Caswell]
*) SSLv2 doesn't block disabled ciphers
@@ -255,7 +451,26 @@
*) Reject DH handshakes with parameters shorter than 1024 bits.
[Kurt Roeckx]
- Changes between 1.0.1p and 1.0.1q [3 Dec 2015]
+ Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
+
+ *) BN_mod_exp may produce incorrect results on x86_64
+
+ There is a carry propagating bug in the x86_64 Montgomery squaring
+ procedure. No EC algorithms are affected. Analysis suggests that attacks
+ against RSA and DSA as a result of this defect would be very difficult to
+ perform and are not believed likely. Attacks against DH are considered just
+ feasible (although very difficult) because most of the work necessary to
+ deduce information about a private key may be performed offline. The amount
+ of resources required for such an attack would be very significant and
+ likely only accessible to a limited number of attackers. An attacker would
+ additionally need online access to an unpatched system using the target
+ private key in a scenario with persistent DH parameters and a private
+ key that is shared between multiple clients. For example this can occur by
+ default in OpenSSL DHE based SSL/TLS ciphersuites.
+
+ This issue was reported to OpenSSL by Hanno Böck.
+ (CVE-2015-3193)
+ [Andy Polyakov]
*) Certificate verify crash with missing PSS parameter
@@ -294,7 +509,7 @@
use a random seed, as already documented.
[Rich Salz and Ismo Puustinen <ismo.puustinen%intel.com@localhost>]
- Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
+ Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
*) Alternate chains certificate forgery
@@ -319,12 +534,13 @@
(CVE-2015-3196)
[Stephen Henson]
- Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
+ Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
+
*) Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
- Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
+ Changes between 1.0.2a and 1.0.2b [11 Jun 2015]
*) Malformed ECParameters causes infinite loop
@@ -392,13 +608,65 @@
(CVE-2015-1791)
[Matt Caswell]
+ *) Removed support for the two export grade static DH ciphersuites
+ EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
+ were newly added (along with a number of other static DH ciphersuites) to
+ 1.0.2. However the two export ones have *never* worked since they were
+ introduced. It seems strange in any case to be adding new export
Home |
Main Index |
Thread Index |
Old Index