subject:"CVS import\: src\/crypto\/external\/bsd\/openssl\/dist"

CVS import: src/crypto/external/bsd/openssl/dist/test

2018-02-13 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Tue Feb 13 14:46:39 UTC 2018

Update of /cvsroot/src/crypto/external/bsd/openssl/dist/test
In directory ivanova.netbsd.org:/tmp/cvs-serv18120

Log Message:
add missing tests

Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-1-0g

U src/crypto/external/bsd/openssl/dist/test/constant_time_test.c
U src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c
U src/crypto/external/bsd/openssl/dist/test/heartbeat_test.c

No conflicts created by this import

CVS import: src/crypto/external/bsd/openssl/dist/test

2018-02-13 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Tue Feb 13 14:45:54 UTC 2018

Update of /cvsroot/src/crypto/external/bsd/openssl/dist/test
In directory ivanova.netbsd.org:/tmp/cvs-serv11416

Log Message:
add missing tests

Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-1-0g


No conflicts created by this import

CVS import: src/crypto/external/bsd/openssl/dist

2017-01-27 Thread S.P.Zeidler

Module Name:src
Committed By:   spz
Date:   Fri Jan 27 22:58:25 UTC 2017

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv18440

Log Message:
import of OpenSSL 1.0.2k

Upstream changelog:
Changes between 1.0.2j and 1.0.2k [26 Jan 2017]

 *) Truncated packet could crash via OOB read

If one side of an SSL/TLS path is running on a 32-bit host and a specific
cipher is being used, then a truncated packet can cause that host to
perform an out-of-bounds read, usually resulting in a crash.

This issue was reported to OpenSSL by Robert Święcki of Google.
(CVE-2017-3731)
[Andy Polyakov]

 *) BN_mod_exp may produce incorrect results on x86_64

There is a carry propagating bug in the x86_64 Montgomery squaring
procedure. No EC algorithms are affected. Analysis suggests that attacks
against RSA and DSA as a result of this defect would be very difficult to
perform and are not believed likely. Attacks against DH are considered just
feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount
of resources required for such an attack would be very significant and
likely only accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. For example this can occur by
default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
similar to CVE-2015-3193 but must be treated as a separate problem.

This issue was reported to OpenSSL by the OSS-Fuzz project.
(CVE-2017-3732)
[Andy Polyakov]

 *) Montgomery multiplication may produce incorrect results

There is a carry propagating bug in the Broadwell-specific Montgomery
multiplication procedure that handles input lengths divisible by, but
longer than 256 bits. Analysis suggests that attacks against RSA, DSA
and DH private keys are impossible. This is because the subroutine in
question is not used in operations with the private key itself and an input
of the attacker's direct choice. Otherwise the bug can manifest itself as
transient authentication and key negotiation failures or reproducible
erroneous outcome of public-key operations with specially crafted input.
Among EC algorithms only Brainpool P-512 curves are affected and one
presumably can attack ECDH key negotiation. Impact was not analyzed in
detail, because pre-requisites for attack are considered unlikely. Namely
multiple clients have to choose the curve in question and the server has to
share the private key among them, neither of which is default behaviour.
Even then only clients that chose the curve will be affected.

This issue was publicly reported as transient failures and was not
initially recognized as a security issue. Thanks to Richard Morgan for
providing reproducible case.
(CVE-2016-7055)
[Andy Polyakov]

 *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
prevent issues where no progress is being made and the peer continually
sends unrecognised record types, using up resources processing them.
[Matt Caswell]


Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-0-2k

U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS
U src/crypto/external/bsd/openssl/dist/appveyor.yml
U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay
C src/crypto/external/bsd/openssl/dist/CHANGES
C src/crypto/external/bsd/openssl/dist/Configure
U src/crypto/external/bsd/openssl/dist/config
U src/crypto/external/bsd/openssl/dist/FAQ
U src/crypto/external/bsd/openssl/dist/CONTRIBUTING
U src/crypto/external/bsd/openssl/dist/GitConfigure
U src/crypto/external/bsd/openssl/dist/e_os2.h
U src/crypto/external/bsd/openssl/dist/e_os.h
U src/crypto/external/bsd/openssl/dist/GitMake
U src/crypto/external/bsd/openssl/dist/install.com
U src/crypto/external/bsd/openssl/dist/INSTALL
U src/crypto/external/bsd/openssl/dist/INSTALL.NW
U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP
U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS
U src/crypto/external/bsd/openssl/dist/INSTALL.OS2
U src/crypto/external/bsd/openssl/dist/INSTALL.VMS
U src/crypto/external/bsd/openssl/dist/INSTALL.W32
U src/crypto/external/bsd/openssl/dist/INSTALL.W64
U src/crypto/external/bsd/openssl/dist/INSTALL.WCE
U src/crypto/external/bsd/openssl/dist/LICENSE
C src/crypto/external/bsd/openssl/dist/Makefile
U src/crypto/external/bsd/openssl/dist/Makefile.shared
U src/crypto/external/bsd/openssl/dist/Makefile.org
U src/crypto/external/bsd/openssl/dist/makevms.com
U src/crypto/external/bsd/openssl/dist/PROBLEMS
C

CVS import: src/crypto/external/bsd/openssl/dist

2016-10-14 Thread S.P.Zeidler

Module Name:src
Committed By:   spz
Date:   Fri Oct 14 16:07:29 UTC 2016

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv15362

Log Message:
Import of OpenSSL 1.0.2j.

The 1.0.2 branch of OpenSSL is the current long term support branch.

Differences between 1.0.1 and 1.0.2:
  o Suite B support for TLS 1.2 and DTLS 1.2
  o Support for DTLS 1.2
  o TLS automatic EC curve selection.
  o API to set TLS supported signature algorithms and curves
  o SSL_CONF configuration API.
  o TLS Brainpool support.
  o ALPN support.
  o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.

Security fixes from the previous version (1.0.1t) in NetBSD:
  o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
  o SWEET32 Mitigation (CVE-2016-2183)
  o OOB write in MDC2_Update() (CVE-2016-6303)
  o Malformed SHA512 ticket DoS (CVE-2016-6302)
  o OOB write in BN_bn2dec() (CVE-2016-2182)
  o OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
  o Pointer arithmetic undefined behaviour (CVE-2016-2177)
  o Constant time flag not preserved in DSA signing (CVE-2016-2178)
  o DTLS buffered message DoS (CVE-2016-2179)
  o DTLS replay protection DoS (CVE-2016-2181)
  o Certificate message OOB reads (CVE-2016-6306)

Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-0-2j

U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS
U src/crypto/external/bsd/openssl/dist/appveyor.yml
U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay
C src/crypto/external/bsd/openssl/dist/CHANGES
C src/crypto/external/bsd/openssl/dist/Configure
U src/crypto/external/bsd/openssl/dist/config
U src/crypto/external/bsd/openssl/dist/FAQ
U src/crypto/external/bsd/openssl/dist/CONTRIBUTING
N src/crypto/external/bsd/openssl/dist/GitConfigure
U src/crypto/external/bsd/openssl/dist/e_os2.h
C src/crypto/external/bsd/openssl/dist/e_os.h
N src/crypto/external/bsd/openssl/dist/GitMake
U src/crypto/external/bsd/openssl/dist/install.com
U src/crypto/external/bsd/openssl/dist/INSTALL
U src/crypto/external/bsd/openssl/dist/INSTALL.NW
U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP
U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS
U src/crypto/external/bsd/openssl/dist/INSTALL.OS2
U src/crypto/external/bsd/openssl/dist/INSTALL.VMS
U src/crypto/external/bsd/openssl/dist/INSTALL.W32
U src/crypto/external/bsd/openssl/dist/INSTALL.W64
U src/crypto/external/bsd/openssl/dist/INSTALL.WCE
U src/crypto/external/bsd/openssl/dist/LICENSE
C src/crypto/external/bsd/openssl/dist/Makefile
U src/crypto/external/bsd/openssl/dist/Makefile.shared
U src/crypto/external/bsd/openssl/dist/Makefile.org
C src/crypto/external/bsd/openssl/dist/makevms.com
U src/crypto/external/bsd/openssl/dist/PROBLEMS
C src/crypto/external/bsd/openssl/dist/NEWS
U src/crypto/external/bsd/openssl/dist/README.ENGINE
U src/crypto/external/bsd/openssl/dist/openssl.doxy
C src/crypto/external/bsd/openssl/dist/openssl.spec
C src/crypto/external/bsd/openssl/dist/README
U src/crypto/external/bsd/openssl/dist/README.ASN1
U src/crypto/external/bsd/openssl/dist/apps/app_rand.c
U src/crypto/external/bsd/openssl/dist/apps/apps.c
U src/crypto/external/bsd/openssl/dist/apps/apps.h
U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c
C src/crypto/external/bsd/openssl/dist/apps/ca.c
U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl
U src/crypto/external/bsd/openssl/dist/apps/CA.com
U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem
C src/crypto/external/bsd/openssl/dist/apps/CA.pl
U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in
U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem
U src/crypto/external/bsd/openssl/dist/apps/CA.sh
U src/crypto/external/bsd/openssl/dist/apps/cert.pem
U src/crypto/external/bsd/openssl/dist/apps/ciphers.c
U src/crypto/external/bsd/openssl/dist/apps/client.pem
U src/crypto/external/bsd/openssl/dist/apps/cms.c
U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c
U src/crypto/external/bsd/openssl/dist/apps/crl.c
U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem
U src/crypto/external/bsd/openssl/dist/apps/dgst.c
U src/crypto/external/bsd/openssl/dist/apps/install-apps.com
U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem
U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem
U src/crypto/external/bsd/openssl/dist/apps/dh512.pem
U src/crypto/external/bsd/openssl/dist/apps/dh.c
U src/crypto/external/bsd/openssl/dist/apps/dhparam.c
U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem
U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem
U src/crypto/external/bsd/openssl/dist/apps/dsa.c
U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem
U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c
U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem
U src/crypto/external/bsd/openssl/dist/apps/dsap.pem
U src/crypto/external/bsd/openssl/dist/apps/ec.c
U

CVS import: src/crypto/external/bsd/openssl/dist

2016-05-03 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Tue May  3 17:11:18 UTC 2016

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv21908

Log Message:
Security fixes:

  *) Prevent padding oracle in AES-NI CBC MAC check

 A MITM attacker can use a padding oracle attack to decrypt traffic
 when the connection uses an AES CBC cipher and the server support
 AES-NI.

 This issue was introduced as part of the fix for Lucky 13 padding
 attack (CVE-2013-0169). The padding check was rewritten to be in
 constant time by making sure that always the same bytes are read and
 compared against either the MAC or padding bytes. But it no longer
 checked that there was enough data to have both the MAC and padding
 bytes.

 This issue was reported by Juraj Somorovsky using TLS-Attacker.
 (CVE-2016-2107)
 [Kurt Roeckx]

  *) Fix EVP_EncodeUpdate overflow

 An overflow can occur in the EVP_EncodeUpdate() function which is used for
 Base64 encoding of binary data. If an attacker is able to supply very large
 amounts of input data then a length check can overflow resulting in a heap
 corruption.

 Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
 the PEM_write_bio* family of functions. These are mainly used within the
 OpenSSL command line applications, so any application which processes data
 from an untrusted source and outputs it as a PEM file should be considered
 vulnerable to this issue. User applications that call these APIs directly
 with large amounts of untrusted data may also be vulnerable.

 This issue was reported by Guido Vranken.
 (CVE-2016-2105)
 [Matt Caswell]

  *) Fix EVP_EncryptUpdate overflow

 An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
 is able to supply very large amounts of input data after a previous call to
 EVP_EncryptUpdate() with a partial block then a length check can overflow
 resulting in a heap corruption. Following an analysis of all OpenSSL
 internal usage of the EVP_EncryptUpdate() function all usage is one of two
 forms. The first form is where the EVP_EncryptUpdate() call is known to be
 the first called function after an EVP_EncryptInit(), and therefore that
 specific call must be safe. The second form is where the length passed to
 EVP_EncryptUpdate() can be seen from the code to be some small value and
 therefore there is no possibility of an overflow. Since all instances are
 one of these two forms, it is believed that there can be no overflows in
 internal code due to this problem. It should be noted that
 EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
 Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
 of these calls have also been analysed too and it is believed there are no
 instances in internal usage where an overflow could occur.

 This issue was reported by Guido Vranken.
 (CVE-2016-2106)
 [Matt Caswell]

  *) Prevent ASN.1 BIO excessive memory allocation

 When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
 a short invalid encoding can casuse allocation of large amounts of memory
 potentially consuming excessive resources or exhausting memory.

 Any application parsing untrusted data through d2i BIO functions is
 affected. The memory based functions such as d2i_X509() are *not* affected.
 Since the memory based functions are used by the TLS library, TLS
 applications are not affected.

 This issue was reported by Brian Carpenter.
 (CVE-2016-2109)
 [Stephen Henson]

  *) EBCDIC overread

 ASN1 Strings that are over 1024 bytes can cause an overread in applications
 using the X509_NAME_oneline() function on EBCDIC systems. This could result
 in arbitrary stack data being returned in the buffer.

 This issue was reported by Guido Vranken.
 (CVE-2016-2176)
 [Matt Caswell]

  *) Modify behavior of ALPN to invoke callback after SNI/servername
 callback, such that updates to the SSL_CTX affect ALPN.
 [Todd Short]

  *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
 default.
 [Kurt Roeckx]

  *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
 methods are enabled and ssl2 is disabled the methods return NULL.
 [Kurt Roeckx]

Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-0-1t

U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS
U src/crypto/external/bsd/openssl/dist/appveyor.yml
U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay
C src/crypto/external/bsd/openssl/dist/CHANGES
U src/crypto/external/bsd/openssl/dist/Configure
U src/crypto/external/bsd/openssl/dist/config
U src/crypto/external/bsd/openssl/dist/FAQ
U

CVS import: src/crypto/external/bsd/openssl/dist

2016-03-01 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Tue Mar  1 21:01:07 UTC 2016

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv17290

Log Message:
OpenSSL Security Advisory [1st March 2016]
=

NOTE: With this update, OpenSSL is disabling the SSLv2 protocol by default, as
well as removing SSLv2 EXPORT ciphers.  We strongly advise against the use of
SSLv2 due not only to the issues described below, but to the other known
deficiencies in the protocol as described at
https://tools.ietf.org/html/rfc6176


Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)


Severity: High

A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle.  Note that traffic between clients and
non-vulnerable servers can be decrypted provided another server supporting
SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or
POP) shares the RSA keys of the non-vulnerable server. This vulnerability is
known as DROWN (CVE-2016-0800).

Recovering one session key requires the attacker to perform approximately 2^50
computation, as well as thousands of connections to the affected server. A more
efficient variant of the DROWN attack exists against unpatched OpenSSL servers
using versions that predate 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf released on
19/Mar/2015 (see CVE-2016-0703 below).

Users can avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS
servers, if they've not done so already. Disabling all SSLv2 ciphers is also
sufficient, provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and
1.0.2f) have been deployed.  Servers that have not disabled the SSLv2 protocol,
and are not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2
ciphers are nominally disabled, because malicious clients can force the use of
SSLv2 with EXPORT ciphers.

OpenSSL 1.0.2g and 1.0.1s deploy the following mitigation against DROWN:

SSLv2 is now by default disabled at build-time.  Builds that are not configured
with "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will
need to explicitly call either of:

   SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
   or
   SSL_clear_options(ssl, SSL_OP_NO_SSLv2);

as appropriate.  Even if either of those is used, or the application explicitly
uses the version-specific SSLv2_method() or its client or server variants,
SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed.
Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no
longer available.

In addition, weak ciphers in SSLv3 and up are now disabled in default builds of
OpenSSL.  Builds that are not configured with "enable-weak-ssl-ciphers" will
not provide any "EXPORT" or "LOW" strength ciphers.

OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s

This issue was reported to OpenSSL on December 29th 2015 by Nimrod Aviram and
Sebastian Schinzel. The fix was developed by Viktor Dukhovni and Matt Caswell
of OpenSSL.


Double-free in DSA code (CVE-2016-0705)
===

Severity: Low

A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources.  This scenario is considered
rare.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s

This issue was reported to OpenSSL on February 7th 2016 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr Stephen Henson
of OpenSSL.


Memory leak in SRP database lookups (CVE-2016-0798)
===

Severity: Low

The SRP user database lookup method SRP_VBASE_get_by_user had
confusing memory management semantics; the returned pointer was sometimes newly
allocated, and sometimes owned by the callee. The calling code has no way of
distinguishing these two cases.

Specifically, SRP servers that configure a secret seed to hide valid
login information are vulnerable to a memory leak: an attacker
connecting with an invalid username can cause a memory leak of around
300 bytes per connection.  Servers that do not configure SRP, or
configure SRP but do not configure a seed are not vulnerable.

In Apache, the seed directive is known as SSLSRPUnknownUserSeed.

To mitigate the memory leak, the seed handling in
SRP_VBASE_get_by_user is now disabled even if the user has configured
a seed.  Applications are advised to migrate to
SRP_VBASE_get1_by_user. However, note that OpenSSL makes no strong

CVS import: src/crypto/external/bsd/openssl/dist

2016-01-30 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Sat Jan 30 16:56:19 UTC 2016

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv16684

Log Message:

 OpenSSL CHANGES
 ___

 Changes between 1.0.1q and 1.0.1r [28 Jan 2016]

  *) Protection for DH small subgroup attacks

 As a precautionary measure the SSL_OP_SINGLE_DH_USE option has been
 switched on by default and cannot be disabled. This could have some
 performance impact.
 [Matt Caswell]

  *) SSLv2 doesn't block disabled ciphers

 A malicious client can negotiate SSLv2 ciphers that have been disabled on
 the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
 been disabled, provided that the SSLv2 protocol was not also disabled via
 SSL_OP_NO_SSLv2.

 This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
 and Sebastian Schinzel.
 (CVE-2015-3197)
 [Viktor Dukhovni]

  *) Reject DH handshakes with parameters shorter than 1024 bits.
 [Kurt Roeckx]


Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-0-1r

U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS
U src/crypto/external/bsd/openssl/dist/appveyor.yml
U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay
C src/crypto/external/bsd/openssl/dist/CHANGES
C src/crypto/external/bsd/openssl/dist/Configure
U src/crypto/external/bsd/openssl/dist/config
U src/crypto/external/bsd/openssl/dist/FAQ
U src/crypto/external/bsd/openssl/dist/CONTRIBUTING
U src/crypto/external/bsd/openssl/dist/e_os2.h
U src/crypto/external/bsd/openssl/dist/e_os.h
U src/crypto/external/bsd/openssl/dist/install.com
U src/crypto/external/bsd/openssl/dist/INSTALL
U src/crypto/external/bsd/openssl/dist/INSTALL.VMS
U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP
U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS
U src/crypto/external/bsd/openssl/dist/INSTALL.NW
U src/crypto/external/bsd/openssl/dist/INSTALL.OS2
U src/crypto/external/bsd/openssl/dist/INSTALL.W32
U src/crypto/external/bsd/openssl/dist/INSTALL.W64
U src/crypto/external/bsd/openssl/dist/INSTALL.WCE
U src/crypto/external/bsd/openssl/dist/LICENSE
C src/crypto/external/bsd/openssl/dist/Makefile
U src/crypto/external/bsd/openssl/dist/Makefile.shared
U src/crypto/external/bsd/openssl/dist/Makefile.org
U src/crypto/external/bsd/openssl/dist/makevms.com
U src/crypto/external/bsd/openssl/dist/PROBLEMS
C src/crypto/external/bsd/openssl/dist/NEWS
U src/crypto/external/bsd/openssl/dist/README.ENGINE
U src/crypto/external/bsd/openssl/dist/openssl.doxy
C src/crypto/external/bsd/openssl/dist/openssl.spec
C src/crypto/external/bsd/openssl/dist/README
U src/crypto/external/bsd/openssl/dist/README.ASN1
U src/crypto/external/bsd/openssl/dist/apps/app_rand.c
U src/crypto/external/bsd/openssl/dist/apps/apps.c
U src/crypto/external/bsd/openssl/dist/apps/apps.h
U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c
U src/crypto/external/bsd/openssl/dist/apps/ca.c
U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl
U src/crypto/external/bsd/openssl/dist/apps/CA.com
U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem
U src/crypto/external/bsd/openssl/dist/apps/CA.pl
U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in
U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem
U src/crypto/external/bsd/openssl/dist/apps/CA.sh
U src/crypto/external/bsd/openssl/dist/apps/cert.pem
U src/crypto/external/bsd/openssl/dist/apps/ciphers.c
U src/crypto/external/bsd/openssl/dist/apps/client.pem
U src/crypto/external/bsd/openssl/dist/apps/cms.c
U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c
U src/crypto/external/bsd/openssl/dist/apps/crl.c
U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem
U src/crypto/external/bsd/openssl/dist/apps/dgst.c
U src/crypto/external/bsd/openssl/dist/apps/install-apps.com
U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem
U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem
U src/crypto/external/bsd/openssl/dist/apps/dh512.pem
U src/crypto/external/bsd/openssl/dist/apps/dh.c
U src/crypto/external/bsd/openssl/dist/apps/dhparam.c
U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem
U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem
U src/crypto/external/bsd/openssl/dist/apps/dsa.c
U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem
U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c
U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem
U src/crypto/external/bsd/openssl/dist/apps/dsap.pem
U src/crypto/external/bsd/openssl/dist/apps/ec.c
U src/crypto/external/bsd/openssl/dist/apps/ecparam.c
U src/crypto/external/bsd/openssl/dist/apps/enc.c
U src/crypto/external/bsd/openssl/dist/apps/engine.c
U src/crypto/external/bsd/openssl/dist/apps/errstr.c
U src/crypto/external/bsd/openssl/dist/apps/gendh.c
U src/crypto/external/bsd/openssl/dist/apps/gendsa.c
U src/crypto/external/bsd/openssl/dist/apps/genpkey.c
U src/crypto/external/bsd/openssl/dist/apps/genrsa.c
U

CVS import: src/crypto/external/bsd/openssl/dist

2015-12-06 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Sun Dec  6 21:45:59 UTC 2015

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv25079

Log Message:
Import openssl-1.0.1q

OpenSSL Security Advisory [3 Dec 2015] - Updated [4 Dec 2015]
=

[Updated 4 Dec 2015]: This advisory has been updated to include the details of
CVE-2015-1794, a Low severity issue affecting OpenSSL 1.0.2 which had a fix
included in the released packages but was missed from the advisory text.

NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE
0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
==

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
as a result of this defect would be very difficult to perform and are not
believed likely. Attacks against DH are considered just feasible (although very
difficult) because most of the work necessary to deduce information
about a private key may be performed offline. The amount of resources
required for such an attack would be very significant and likely only
accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. For example this can occur by
default in OpenSSL DHE based SSL/TLS ciphersuites.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 13 2015 by Hanno
B�ck. The fix was developed by Andy Polyakov of the OpenSSL
development team.

Certificate verify crash with missing PSS parameter (CVE-2015-3194)
===

Severity: Moderate

The signature verification routines will crash with a NULL pointer dereference
if presented with an ASN.1 signature using the RSA PSS algorithm and absent
mask generation function parameter. Since these routines are used to verify
certificate signature algorithms this can be used to crash any certificate
verification operation and exploited in a DoS attack. Any application which
performs certificate verification is vulnerable including OpenSSL clients and
servers which enable client authentication.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q

This issue was reported to OpenSSL on August 27 2015 by Lo�c Jonas Etienne
(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL
development team.

X509_ATTRIBUTE memory leak (CVE-2015-3195)
==

Severity: Moderate

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q
OpenSSL 1.0.0 users should upgrade to 1.0.0t
OpenSSL 0.9.8 users should upgrade to 0.9.8zh

This issue was reported to OpenSSL on November 9 2015 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen
Henson of the OpenSSL development team.

Race condition handling PSK identify hint (CVE-2015-3196)
=

Severity: Low

If PSK identity hints are received by a multi-threaded client then
the values are wrongly updated in the parent SSL_CTX structure. This can
result in a race condition potentially leading to a double free of the
identify hint data.

This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously
listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0
and has not been previously fixed in an OpenSSL 1.0.0 release.

OpenSSL 1.0.2 users should upgrade to 1.0.2d
OpenSSL 1.0.1 users should upgrade to 1.0.1p
OpenSSL 1.0.0 users should upgrade to 1.0.0t

The fix for this issue can be identified in the OpenSSL git repository by commit
ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0).

The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)


Severity: Low

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with

CVS import: src/crypto/external/bsd/openssl/dist

2015-07-09 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Thu Jul  9 14:15:45 UTC 2015

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv16998

Log Message:
Import 1.0.1p to fix:

  *) Alternate chains certificate forgery

 During certificate verfification, OpenSSL will attempt to find an
 alternative certificate chain if the first attempt to build such a chain
 fails. An error in the implementation of this logic can mean that an
 attacker could cause certain checks on untrusted certificates to be
 bypassed, such as the CA flag, enabling them to use a valid leaf
 certificate to act as a CA and issue an invalid certificate.

 This issue was reported to OpenSSL by Adam Langley/David Benjamin
 (Google/BoringSSL).
 [Matt Caswell]


Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-0-1p

U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS
U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay
C src/crypto/external/bsd/openssl/dist/CHANGES
U src/crypto/external/bsd/openssl/dist/Configure
U src/crypto/external/bsd/openssl/dist/config
U src/crypto/external/bsd/openssl/dist/e_os2.h
U src/crypto/external/bsd/openssl/dist/e_os.h
U src/crypto/external/bsd/openssl/dist/FAQ
U src/crypto/external/bsd/openssl/dist/install.com
U src/crypto/external/bsd/openssl/dist/INSTALL
U src/crypto/external/bsd/openssl/dist/INSTALL.W64
U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP
U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS
U src/crypto/external/bsd/openssl/dist/INSTALL.NW
U src/crypto/external/bsd/openssl/dist/INSTALL.OS2
U src/crypto/external/bsd/openssl/dist/INSTALL.VMS
U src/crypto/external/bsd/openssl/dist/INSTALL.W32
U src/crypto/external/bsd/openssl/dist/INSTALL.WCE
U src/crypto/external/bsd/openssl/dist/LICENSE
C src/crypto/external/bsd/openssl/dist/Makefile
U src/crypto/external/bsd/openssl/dist/Makefile.shared
U src/crypto/external/bsd/openssl/dist/Makefile.org
U src/crypto/external/bsd/openssl/dist/makevms.com
C src/crypto/external/bsd/openssl/dist/NEWS
U src/crypto/external/bsd/openssl/dist/README.ENGINE
U src/crypto/external/bsd/openssl/dist/openssl.doxy
C src/crypto/external/bsd/openssl/dist/openssl.spec
U src/crypto/external/bsd/openssl/dist/PROBLEMS
C src/crypto/external/bsd/openssl/dist/README
U src/crypto/external/bsd/openssl/dist/README.ASN1
U src/crypto/external/bsd/openssl/dist/apps/app_rand.c
U src/crypto/external/bsd/openssl/dist/apps/apps.c
U src/crypto/external/bsd/openssl/dist/apps/apps.h
U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c
U src/crypto/external/bsd/openssl/dist/apps/ca.c
U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl
U src/crypto/external/bsd/openssl/dist/apps/CA.com
U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem
U src/crypto/external/bsd/openssl/dist/apps/CA.pl
U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in
U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem
U src/crypto/external/bsd/openssl/dist/apps/CA.sh
U src/crypto/external/bsd/openssl/dist/apps/cert.pem
U src/crypto/external/bsd/openssl/dist/apps/ciphers.c
U src/crypto/external/bsd/openssl/dist/apps/client.pem
U src/crypto/external/bsd/openssl/dist/apps/cms.c
U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c
U src/crypto/external/bsd/openssl/dist/apps/crl.c
U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem
U src/crypto/external/bsd/openssl/dist/apps/dgst.c
U src/crypto/external/bsd/openssl/dist/apps/install-apps.com
U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem
U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem
U src/crypto/external/bsd/openssl/dist/apps/dh512.pem
U src/crypto/external/bsd/openssl/dist/apps/dh.c
U src/crypto/external/bsd/openssl/dist/apps/dhparam.c
U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem
U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem
U src/crypto/external/bsd/openssl/dist/apps/dsa.c
U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem
U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c
U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem
U src/crypto/external/bsd/openssl/dist/apps/dsap.pem
U src/crypto/external/bsd/openssl/dist/apps/ec.c
U src/crypto/external/bsd/openssl/dist/apps/ecparam.c
U src/crypto/external/bsd/openssl/dist/apps/enc.c
U src/crypto/external/bsd/openssl/dist/apps/engine.c
U src/crypto/external/bsd/openssl/dist/apps/errstr.c
U src/crypto/external/bsd/openssl/dist/apps/gendh.c
U src/crypto/external/bsd/openssl/dist/apps/gendsa.c
U src/crypto/external/bsd/openssl/dist/apps/genpkey.c
U src/crypto/external/bsd/openssl/dist/apps/genrsa.c
U src/crypto/external/bsd/openssl/dist/apps/makeapps.com
U src/crypto/external/bsd/openssl/dist/apps/Makefile
U src/crypto/external/bsd/openssl/dist/apps/openssl.c
U src/crypto/external/bsd/openssl/dist/apps/nseq.c
U src/crypto/external/bsd/openssl/dist/apps/ocsp.c
U src/crypto/external/bsd/openssl/dist/apps/oid.cnf
U

CVS import: src/crypto/external/bsd/openssl/dist

2015-06-16 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Tue Jun 16 19:55:47 UTC 2015

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv17683

Log Message:
 Changes between 1.0.1n and 1.0.1o [12 Jun 2015]

  *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
 incompatibility in the handling of HMAC. The previous ABI has now been
 restored.

Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-0-1o

U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS
U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay
C src/crypto/external/bsd/openssl/dist/CHANGES
U src/crypto/external/bsd/openssl/dist/Configure
U src/crypto/external/bsd/openssl/dist/config
U src/crypto/external/bsd/openssl/dist/e_os2.h
U src/crypto/external/bsd/openssl/dist/e_os.h
U src/crypto/external/bsd/openssl/dist/FAQ
U src/crypto/external/bsd/openssl/dist/install.com
U src/crypto/external/bsd/openssl/dist/INSTALL
U src/crypto/external/bsd/openssl/dist/INSTALL.W64
U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP
U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS
U src/crypto/external/bsd/openssl/dist/INSTALL.NW
U src/crypto/external/bsd/openssl/dist/INSTALL.OS2
U src/crypto/external/bsd/openssl/dist/INSTALL.VMS
U src/crypto/external/bsd/openssl/dist/INSTALL.W32
U src/crypto/external/bsd/openssl/dist/INSTALL.WCE
U src/crypto/external/bsd/openssl/dist/LICENSE
C src/crypto/external/bsd/openssl/dist/Makefile
U src/crypto/external/bsd/openssl/dist/Makefile.shared
U src/crypto/external/bsd/openssl/dist/Makefile.org
U src/crypto/external/bsd/openssl/dist/makevms.com
C src/crypto/external/bsd/openssl/dist/NEWS
U src/crypto/external/bsd/openssl/dist/README.ENGINE
U src/crypto/external/bsd/openssl/dist/openssl.doxy
C src/crypto/external/bsd/openssl/dist/openssl.spec
U src/crypto/external/bsd/openssl/dist/PROBLEMS
C src/crypto/external/bsd/openssl/dist/README
U src/crypto/external/bsd/openssl/dist/README.ASN1
U src/crypto/external/bsd/openssl/dist/apps/app_rand.c
U src/crypto/external/bsd/openssl/dist/apps/apps.c
U src/crypto/external/bsd/openssl/dist/apps/apps.h
U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c
U src/crypto/external/bsd/openssl/dist/apps/ca.c
U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl
U src/crypto/external/bsd/openssl/dist/apps/CA.com
U src/crypto/external/bsd/openssl/dist/apps/ca-key.pem
U src/crypto/external/bsd/openssl/dist/apps/CA.pl
U src/crypto/external/bsd/openssl/dist/apps/CA.pl.in
U src/crypto/external/bsd/openssl/dist/apps/ca-req.pem
U src/crypto/external/bsd/openssl/dist/apps/CA.sh
U src/crypto/external/bsd/openssl/dist/apps/cert.pem
U src/crypto/external/bsd/openssl/dist/apps/ciphers.c
U src/crypto/external/bsd/openssl/dist/apps/client.pem
U src/crypto/external/bsd/openssl/dist/apps/cms.c
U src/crypto/external/bsd/openssl/dist/apps/crl2p7.c
U src/crypto/external/bsd/openssl/dist/apps/crl.c
U src/crypto/external/bsd/openssl/dist/apps/dh1024.pem
U src/crypto/external/bsd/openssl/dist/apps/dgst.c
U src/crypto/external/bsd/openssl/dist/apps/install-apps.com
U src/crypto/external/bsd/openssl/dist/apps/dh2048.pem
U src/crypto/external/bsd/openssl/dist/apps/dh4096.pem
U src/crypto/external/bsd/openssl/dist/apps/dh512.pem
U src/crypto/external/bsd/openssl/dist/apps/dh.c
U src/crypto/external/bsd/openssl/dist/apps/dhparam.c
U src/crypto/external/bsd/openssl/dist/apps/dsa1024.pem
U src/crypto/external/bsd/openssl/dist/apps/dsa512.pem
U src/crypto/external/bsd/openssl/dist/apps/dsa.c
U src/crypto/external/bsd/openssl/dist/apps/dsa-ca.pem
U src/crypto/external/bsd/openssl/dist/apps/dsaparam.c
U src/crypto/external/bsd/openssl/dist/apps/dsa-pca.pem
U src/crypto/external/bsd/openssl/dist/apps/dsap.pem
U src/crypto/external/bsd/openssl/dist/apps/ec.c
U src/crypto/external/bsd/openssl/dist/apps/ecparam.c
U src/crypto/external/bsd/openssl/dist/apps/enc.c
U src/crypto/external/bsd/openssl/dist/apps/engine.c
U src/crypto/external/bsd/openssl/dist/apps/errstr.c
U src/crypto/external/bsd/openssl/dist/apps/gendh.c
U src/crypto/external/bsd/openssl/dist/apps/gendsa.c
U src/crypto/external/bsd/openssl/dist/apps/genpkey.c
U src/crypto/external/bsd/openssl/dist/apps/genrsa.c
U src/crypto/external/bsd/openssl/dist/apps/makeapps.com
U src/crypto/external/bsd/openssl/dist/apps/Makefile
U src/crypto/external/bsd/openssl/dist/apps/openssl.c
U src/crypto/external/bsd/openssl/dist/apps/nseq.c
U src/crypto/external/bsd/openssl/dist/apps/ocsp.c
U src/crypto/external/bsd/openssl/dist/apps/oid.cnf
U src/crypto/external/bsd/openssl/dist/apps/openssl-vms.cnf
U src/crypto/external/bsd/openssl/dist/apps/s_apps.h
U src/crypto/external/bsd/openssl/dist/apps/openssl.cnf
U src/crypto/external/bsd/openssl/dist/apps/pca-cert.srl
U src/crypto/external/bsd/openssl/dist/apps/passwd.c
U src/crypto/external/bsd/openssl/dist/apps/smime.c
U src/crypto/external/bsd/openssl/dist/apps/pca-key.pem
U src/crypto/external/bsd/openssl/dist/apps/pca-req.pem
U

CVS import: src/crypto/external/bsd/openssl/dist

2015-06-12 Thread Christos Zoulas

Module Name:src
Committed By:   christos
Date:   Fri Jun 12 16:35:24 UTC 2015

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv12552

Log Message:
 Changes between 1.0.1m and 1.0.1n [11 Jun 2015]

  *) Malformed ECParameters causes infinite loop

 When processing an ECParameters structure OpenSSL enters an infinite loop
 if the curve specified is over a specially malformed binary polynomial
 field.

 This can be used to perform denial of service against any
 system which processes public keys, certificate requests or
 certificates.  This includes TLS clients and TLS servers with
 client authentication enabled.

 This issue was reported to OpenSSL by Joseph Barr-Pixton.
 (CVE-2015-1788)
 [Andy Polyakov]

  *) Exploitable out-of-bounds read in X509_cmp_time

 X509_cmp_time does not properly check the length of the ASN1_TIME
 string and can read a few bytes out of bounds. In addition,
 X509_cmp_time accepts an arbitrary number of fractional seconds in the
 time string.

 An attacker can use this to craft malformed certificates and CRLs of
 various sizes and potentially cause a segmentation fault, resulting in
 a DoS on applications that verify certificates or CRLs. TLS clients
 that verify CRLs are affected. TLS clients and servers with client
 authentication enabled may be affected if they use custom verification
 callbacks.

 This issue was reported to OpenSSL by Robert Swiecki (Google), and
 independently by Hanno B�ck.
 (CVE-2015-1789)
 [Emilia K�sper]

  *) PKCS7 crash with missing EnvelopedContent

 The PKCS#7 parsing code does not handle missing inner EncryptedContent
 correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
 with missing content and trigger a NULL pointer dereference on parsing.

 Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
 structures from untrusted sources are affected. OpenSSL clients and
 servers are not affected.

 This issue was reported to OpenSSL by Michal Zalewski (Google).
 (CVE-2015-1790)
 [Emilia K�sper]

  *) CMS verify infinite loop with unknown hash function

 When verifying a signedData message the CMS code can enter an infinite loop
 if presented with an unknown hash function OID. This can be used to perform
 denial of service against any system which verifies signedData messages 
using
 the CMS code.
 This issue was reported to OpenSSL by Johannes Bauer.
 (CVE-2015-1792)
 [Stephen Henson]

  *) Race condition handling NewSessionTicket

 If a NewSessionTicket is received by a multi-threaded client when 
attempting to
 reuse a previous ticket then a race condition can occur potentially 
leading to
 a double free of the ticket data.
 (CVE-2015-1791)
 [Matt Caswell]

  *) Reject DH handshakes with parameters shorter than 768 bits.
 [Kurt Roeckx and Emilia Kasper]


Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-0-1n

U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS
U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay
C src/crypto/external/bsd/openssl/dist/CHANGES
C src/crypto/external/bsd/openssl/dist/Configure
U src/crypto/external/bsd/openssl/dist/config
U src/crypto/external/bsd/openssl/dist/e_os2.h
U src/crypto/external/bsd/openssl/dist/e_os.h
U src/crypto/external/bsd/openssl/dist/FAQ
U src/crypto/external/bsd/openssl/dist/install.com
U src/crypto/external/bsd/openssl/dist/INSTALL
U src/crypto/external/bsd/openssl/dist/INSTALL.W64
U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP
U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS
U src/crypto/external/bsd/openssl/dist/INSTALL.NW
U src/crypto/external/bsd/openssl/dist/INSTALL.OS2
U src/crypto/external/bsd/openssl/dist/INSTALL.VMS
U src/crypto/external/bsd/openssl/dist/INSTALL.W32
U src/crypto/external/bsd/openssl/dist/INSTALL.WCE
U src/crypto/external/bsd/openssl/dist/LICENSE
C src/crypto/external/bsd/openssl/dist/Makefile
U src/crypto/external/bsd/openssl/dist/Makefile.shared
U src/crypto/external/bsd/openssl/dist/Makefile.org
U src/crypto/external/bsd/openssl/dist/makevms.com
C src/crypto/external/bsd/openssl/dist/NEWS
U src/crypto/external/bsd/openssl/dist/README.ENGINE
U src/crypto/external/bsd/openssl/dist/openssl.doxy
C src/crypto/external/bsd/openssl/dist/openssl.spec
U src/crypto/external/bsd/openssl/dist/PROBLEMS
C src/crypto/external/bsd/openssl/dist/README
U src/crypto/external/bsd/openssl/dist/README.ASN1
U src/crypto/external/bsd/openssl/dist/apps/app_rand.c
U src/crypto/external/bsd/openssl/dist/apps/apps.c
U src/crypto/external/bsd/openssl/dist/apps/apps.h
U src/crypto/external/bsd/openssl/dist/apps/asn1pars.c
C src/crypto/external/bsd/openssl/dist/apps/ca.c
U src/crypto/external/bsd/openssl/dist/apps/ca-cert.srl
U src/crypto/external/bsd/openssl/dist/apps/CA.com
U

CVS import: src/crypto/external/bsd/openssl/dist

2015-03-23 Thread S.P.Zeidler

Module Name:src
Committed By:   spz
Date:   Mon Mar 23 08:31:52 UTC 2015

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv27726

Log Message:
This is an import of OpenSSL 1.0.1m.

The vulnerabilities listed below were previously fixed by patches
supplied by the OpenSSL project.

Thus, this import is not about vulnerabilities, but about the change
in source style OpenSSL applied before 1.0.1m (as well as small fixes
not listed in the changelog that make us have a 'proper' 1.0.1m).

Upstream Changelog:

 Changes between 1.0.1l and 1.0.1m [19 Mar 2015]

  *) Segmentation fault in ASN1_TYPE_cmp fix

 The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
 made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
 certificate signature algorithm consistency this can be used to crash any
 certificate verification operation and exploited in a DoS attack. Any
 application which performs certificate verification is vulnerable including
 OpenSSL clients and servers which enable client authentication.
 (CVE-2015-0286)
 [Stephen Henson]

  *) ASN.1 structure reuse memory corruption fix

 Reusing a structure in ASN.1 parsing may allow an attacker to cause
 memory corruption via an invalid write. Such reuse is and has been
 strongly discouraged and is believed to be rare.

 Applications that parse structures containing CHOICE or ANY DEFINED BY
 components may be affected. Certificate parsing (d2i_X509 and related
 functions) are however not affected. OpenSSL clients and servers are
 not affected.
 (CVE-2015-0287)
 [Stephen Henson]

  *) PKCS7 NULL pointer dereferences fix

 The PKCS#7 parsing code does not handle missing outer ContentInfo
 correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
 missing content and trigger a NULL pointer dereference on parsing.

 Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
 otherwise parse PKCS#7 structures from untrusted sources are
 affected. OpenSSL clients and servers are not affected.

 This issue was reported to OpenSSL by Michal Zalewski (Google).
 (CVE-2015-0289)
 [Emilia K�sper]

  *) DoS via reachable assert in SSLv2 servers fix

 A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
 servers that both support SSLv2 and enable export cipher suites by sending
 a specially crafted SSLv2 CLIENT-MASTER-KEY message.

 This issue was discovered by Sean Burford (Google) and Emilia K�sper
 (OpenSSL development team).
 (CVE-2015-0293)
 [Emilia K�sper]

  *) Use After Free following d2i_ECPrivatekey error fix

 A malformed EC private key file consumed via the d2i_ECPrivateKey function
 could cause a use after free condition. This, in turn, could cause a double
 free in several private key parsing functions (such as d2i_PrivateKey
 or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
 for applications that receive EC private keys from untrusted
 sources. This scenario is considered rare.

 This issue was discovered by the BoringSSL project and fixed in their
 commit 517073cd4b.
 (CVE-2015-0209)
 [Matt Caswell]

  *) X509_to_X509_REQ NULL pointer deref fix

 The function X509_to_X509_REQ will crash with a NULL pointer dereference if
 the certificate key is invalid. This function is rarely used in practice.

 This issue was discovered by Brian Carpenter.
 (CVE-2015-0288)
 [Stephen Henson]

  *) Removed the export ciphers from the DEFAULT ciphers
 [Kurt Roeckx]

 Changes between 1.0.1k and 1.0.1l [15 Jan 2015]

  *) Build fixes for the Windows and OpenVMS platforms
 [Matt Caswell and Richard Levitte]


Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-0-1m

U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS
U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay
C src/crypto/external/bsd/openssl/dist/CHANGES
C src/crypto/external/bsd/openssl/dist/Configure
U src/crypto/external/bsd/openssl/dist/config
U src/crypto/external/bsd/openssl/dist/e_os2.h
C src/crypto/external/bsd/openssl/dist/e_os.h
U src/crypto/external/bsd/openssl/dist/FAQ
U src/crypto/external/bsd/openssl/dist/install.com
U src/crypto/external/bsd/openssl/dist/INSTALL
U src/crypto/external/bsd/openssl/dist/INSTALL.W64
U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP
U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS
U src/crypto/external/bsd/openssl/dist/INSTALL.NW
U src/crypto/external/bsd/openssl/dist/INSTALL.OS2
U src/crypto/external/bsd/openssl/dist/INSTALL.VMS
U src/crypto/external/bsd/openssl/dist/INSTALL.W32
U src/crypto/external/bsd/openssl/dist/INSTALL.WCE
U src/crypto/external/bsd/openssl/dist/LICENSE
C src/crypto/external/bsd/openssl/dist/Makefile
U src/crypto/external/bsd/openssl/dist/Makefile.shared
U

CVS import: src/crypto/external/bsd/openssl/dist

2015-01-13 Thread S.P.Zeidler

Module Name:src
Committed By:   spz
Date:   Tue Jan 13 08:02:20 UTC 2015

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv14297

Log Message:
Import of OpenSSL 1.0.1k. Upstream log:

 Changes between 1.0.1j and 1.0.1k [8 Jan 2015]

  *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
 message can cause a segmentation fault in OpenSSL due to a NULL pointer
 dereference. This could lead to a Denial Of Service attack. Thanks to
 Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
 (CVE-2014-3571)
 [Steve Henson]

  *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
 dtls1_buffer_record function under certain conditions. In particular this
 could occur if an attacker sent repeated DTLS records with the same
 sequence number but for the next epoch. The memory leak could be exploited
 by an attacker in a Denial of Service attack through memory exhaustion.
 Thanks to Chris Mueller for reporting this issue.
 (CVE-2015-0206)
 [Matt Caswell]

  *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
 built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
 method would be set to NULL which could later result in a NULL pointer
 dereference. Thanks to Frank Schmirler for reporting this issue.
 (CVE-2014-3569)
 [Kurt Roeckx]

  *) Abort handshake if server key exchange message is omitted for ephemeral
 ECDH ciphersuites.

 Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
 reporting this issue.
 (CVE-2014-3572)
 [Steve Henson]

  *) Remove non-export ephemeral RSA code on client and server. This code
 violated the TLS standard by allowing the use of temporary RSA keys in
 non-export ciphersuites and could be used by a server to effectively
 downgrade the RSA key length used to a value smaller than the server
 certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
 INRIA or reporting this issue.
 (CVE-2015-0204)
 [Steve Henson]

  *) Fixed issue where DH client certificates are accepted without verification.
 An OpenSSL server will accept a DH certificate for client authentication
 without the certificate verify message. This effectively allows a client to
 authenticate without the use of a private key. This only affects servers
 which trust a client certificate authority which issues certificates
 containing DH keys: these are extremely rare and hardly ever encountered.
 Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
 this issue.
 (CVE-2015-0205)
 [Steve Henson]

  *) Ensure that the session ID context of an SSL is updated when its
 SSL_CTX is updated via SSL_set_SSL_CTX.

 The session ID context is typically set from the parent SSL_CTX,
 and can vary with the CTX.
 [Adam Langley]

  *) Fix various certificate fingerprint issues.

 By using non-DER or invalid encodings outside the signed portion of a
 certificate the fingerprint can be changed without breaking the signature.
 Although no details of the signed portion of the certificate can be changed
 this can cause problems with some applications: e.g. those using the
 certificate fingerprint for blacklists.

 1. Reject signatures with non zero unused bits.

 If the BIT STRING containing the signature has non zero unused bits reject
 the signature. All current signature algorithms require zero unused bits.

 2. Check certificate algorithm consistency.

 Check the AlgorithmIdentifier inside TBS matches the one in the
 certificate signature. NB: this will result in signature failure
 errors for some broken certificates.

 Thanks to Konrad Kraszewski from Google for reporting this issue.

 3. Check DSA/ECDSA signatures use DER.

 Reencode DSA/ECDSA signatures and compare with the original received
 signature. Return an error if there is a mismatch.

 This will reject various cases including garbage after signature
 (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
 program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
 (negative or with leading zeroes).

 Further analysis was conducted and fixes were developed by Stephen Henson
 of the OpenSSL core team.

 (CVE-2014-8275)
 [Steve Henson]

   *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
  results on some platforms, including x86_64. This bug occurs at random
  with a very low probability, and is not known to be exploitable in any
  way, though its exact impact is difficult to determine. Thanks to Pieter
  Wuille (Blockstream) who reported this issue and also suggested an initial
  fix. Further analysis was conducted by the OpenSSL

CVS import: src/crypto/external/bsd/openssl/dist

2014-08-10 Thread S.P.Zeidler

Module Name:src
Committed By:   spz
Date:   Sun Aug 10 07:36:33 UTC 2014

Update of /cvsroot/src/crypto/external/bsd/openssl/dist
In directory ivanova.netbsd.org:/tmp/cvs-serv23227

Log Message:
Upstream changelog:

 Changes between 1.0.1h and 1.0.1i [6 Aug 2014]

  *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
 SRP code can be overrun an internal buffer. Add sanity check that
 g, A, B  N to SRP code.

 Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
 Group for discovering this issue.
 (CVE-2014-3512)
 [Steve Henson]

  *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
 TLS 1.0 instead of higher protocol versions when the ClientHello message
 is badly fragmented. This allows a man-in-the-middle attacker to force a
 downgrade to TLS 1.0 even if both the server and the client support a
 higher protocol version, by modifying the client's TLS records.

 Thanks to David Benjamin and Adam Langley (Google) for discovering and
 researching this issue.
 (CVE-2014-3511)
 [David Benjamin]

  *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
 to a denial of service attack. A malicious server can crash the client
 with a null pointer dereference (read) by specifying an anonymous (EC)DH
 ciphersuite and sending carefully crafted handshake messages.

 Thanks to Felix Gröbert (Google) for discovering and researching this
 issue.
 (CVE-2014-3510)
 [Emilia Käsper]

  *) By sending carefully crafted DTLS packets an attacker could cause openssl
 to leak memory. This can be exploited through a Denial of Service attack.
 Thanks to Adam Langley for discovering and researching this issue.
 (CVE-2014-3507)
 [Adam Langley]

  *) An attacker can force openssl to consume large amounts of memory whilst
 processing DTLS handshake messages. This can be exploited through a
 Denial of Service attack.
 Thanks to Adam Langley for discovering and researching this issue.
 (CVE-2014-3506)
 [Adam Langley]

  *) An attacker can force an error condition which causes openssl to crash
 whilst processing DTLS packets due to memory being freed twice. This
 can be exploited through a Denial of Service attack.
 Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
 this issue.
 (CVE-2014-3505)
 [Adam Langley]

  *) If a multithreaded client connects to a malicious server using a resumed
 session and the server sends an ec point format extension it could write
 up to 255 bytes to freed memory.

 Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
 issue.
 (CVE-2014-3509)
 [Gabor Tyukasz]

  *) A malicious server can crash an OpenSSL client with a null pointer
 dereference (read) by specifying an SRP ciphersuite even though it was not
 properly negotiated with the client. This can be exploited through a
 Denial of Service attack.

 Thanks to Joonas Kuorilehto and Riku Hietam�ki (Codenomicon) for
 discovering and researching this issue.
 (CVE-2014-5139)
 [Steve Henson]

  *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
 X509_name_oneline, X509_name_print_ex et al. to leak some information
 from the stack. Applications may be affected if they echo pretty printing
 output to the attacker.

 Thanks to Ivan Fratric (Google) for discovering this issue.
 (CVE-2014-3508)
 [Emilia Käsper, and Steve Henson]

  *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
 for corner cases. (Certain input points at infinity could lead to
 bogus results, with non-infinity inputs mapped to infinity too.)
 [Bodo Moeller]

Status:

Vendor Tag: OPENSSL
Release Tags:   openssl-1-0-1i

U src/crypto/external/bsd/openssl/dist/ACKNOWLEDGMENTS
U src/crypto/external/bsd/openssl/dist/CHANGES.SSLeay
U src/crypto/external/bsd/openssl/dist/CHANGES
C src/crypto/external/bsd/openssl/dist/Configure
U src/crypto/external/bsd/openssl/dist/config
U src/crypto/external/bsd/openssl/dist/e_os2.h
U src/crypto/external/bsd/openssl/dist/e_os.h
U src/crypto/external/bsd/openssl/dist/FAQ
U src/crypto/external/bsd/openssl/dist/install.com
U src/crypto/external/bsd/openssl/dist/INSTALL
U src/crypto/external/bsd/openssl/dist/INSTALL.W64
U src/crypto/external/bsd/openssl/dist/INSTALL.DJGPP
U src/crypto/external/bsd/openssl/dist/INSTALL.MacOS
U src/crypto/external/bsd/openssl/dist/INSTALL.NW
U src/crypto/external/bsd/openssl/dist/INSTALL.OS2
U src/crypto/external/bsd/openssl/dist/INSTALL.VMS
U src/crypto/external/bsd/openssl/dist/INSTALL.W32
U src/crypto/external/bsd/openssl/dist/INSTALL.WCE
U src/crypto/external/bsd/openssl/dist/LICENSE
U src/crypto/external/bsd/openssl/dist/Makefile
U src/crypto/external/bsd/openssl/dist/Makefile.shared
U

CVS import: src/crypto/external/bsd/openssl/dist/test

CVS import: src/crypto/external/bsd/openssl/dist/test

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

CVS import: src/crypto/external/bsd/openssl/dist

14 matches

Site Navigation

Mail list logo

Footer information